The purposes of the Standards include all of the following except part, Establishing the basis for the measurement of internal A. audit “Internal auditing is an independent, objective assurance and performance. consulting activity B. Guiding the ethical conduct of internal auditors. designed to add value and improve an organization’s operations.” C. Stating basic principles that represent the practice of internal [3] Gleim #: 1.1.3 auditing. One of the purposes of the International Standards for the D. Fostering improved organizational processes and operations. Professional Practice of Answer (A) is incorrect. Establishing the basis for the evaluation of Internal Auditing (“the Standards”) is to internal audit A. Encourage the professionalization of internal auditing. performance is one of The IIA’s stated purposes of the Standards. Establish the independence of the internal audit activity and Answer (B) is correct. Guiding the ethical conduct of internal emphasize the auditors is the objectivity of internal auditing. purpose of the Code of Ethics, not the Standards. B. Answer (C) is incorrect. Delineating basic principles that represent Encourage external auditors to make more extensive use of the work the practice of of internal internal auditing is one of The IIA’s stated purposes of the Standards. auditors. Answer (D) is incorrect. Fostering improved organizational C. processes and D. Establish the basis for evaluating internal auditing performance. operations is one of The IIA’s stated purposes of the Standards. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [2] Gleim #: 1.1.2 (720 questions) The proper organizational role of internal auditing is to Copyright 2013 Gleim Publications Inc. Page 1 A. Assist the external auditor to reduce external audit fees. Printed for Sanja Knezevic B. Perform studies to assist in the attainment of more efficient Answer (A) is incorrect. The professionalization of internal auditing operations. is important but C. Serve as the investigative arm of the board. is not a direct purpose of the Standards. Serve as an independent, objective assurance and consulting activity Answer (B) is incorrect. Independence and objectivity are but two that adds aspects of the value to operations. practice of internal auditing as it should be. D. Answer (C) is incorrect. The Standards do not formally encourage Answer (A) is incorrect. Reducing external audit fees may be a external auditors to direct result of make more extensive use of the work of internal auditors. internal audit work, but it is not a reason for staffing an internal audit Answer (D) is correct. The IIA provides the following purposes of the activity. Standards: Answer (B) is incorrect. The primary role of internal auditing Delineate basic principles that represent the practice of 1. internal includes, but is not auditing. limited to, assessing the efficiency of operations. Provide a framework for performing and promoting a broad range of Answer (C) is incorrect. Internal auditors serve management as well value-added as the board. internal audit activities. 2. 3. Establish the basis for evaluating internal auditing performance. Answer (D) is correct. The internal audit activity helps an 4. Foster improved organizational processes and operations. organization [4] Gleim #: 1.1.4 accomplish its objectives by bringing a systematic, disciplined Which Standards expand upon the other categories of Standards? approach to A. Performance Standards. evaluate and improve the effectiveness of risk management, control, B. Attribute Standards. and C. Implementation Standards. governance processes (Definition of Internal Auditing). D. All of the choices are correct. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Performance Standards apply to all internal (720 questions) audit Copyright 2013 Gleim Publications Inc. Page 2 services. Printed for Sanja Knezevic Answer (B) is incorrect. Attribute Standards apply to all internal fb.com/ciaaofficial audit services. [6] Gleim #: 1.1.6 Answer (C) is correct. Implementation Standards expand upon the An internal auditor often faces special problems when performing an Attribute and engagement at a Performance Standards. They provide requirements applicable to foreign subsidiary. Which of the following statements is false with specific respect to the engagements. conduct of international engagements? Answer (D) is incorrect. Only Implementation Standards expand The IIA Standards do not apply outside of A. the United States. upon the The internal auditor should determine whether managers are in standards in other categories. compliance with [5] Gleim #: 1.1.5 local laws. A major reason for establishing an internal audit activity is to B. Relieve overburdened management of the responsibility for There may be justification for having different organizational policies establishing effective in force in controls. foreign branches. A. C. B. Safeguard resources entrusted to the organization. It is preferable to have multilingual internal auditors conduct C. Ensure the reliability and integrity of financial and operational engagements at information. branches in foreign nations. D. Evaluate and improve the effectiveness of control processes. D. Answer (A) is incorrect. Management is responsible for the Answer (A) is correct. Pronouncements by The IIA have no establishment of geographic limits. internal control. Compliance with the concepts in the Standards is essential for the Answer (B) is incorrect. Governance, risk management, and control responsibilities processes of internal auditors to be met, regardless of the national environment. ultimately serve to safeguard the organization’s resources. Answer (B) is incorrect. The internal audit activity must evaluate the Answer (C) is incorrect. Ensuring the reliability and integrity of adequacy financial and and effectiveness of controls, including those relating to compliance operational information is a management responsibility. with laws, regulations, policies, procedures, and contracts. Printed for Sanja Knezevic Answer (C) is incorrect. Varying laws and customs and other [8] Gleim #: 1.1.8 environmental Which of the following best describes the purpose of the internal factors justify policy differences. audit activity? Answer (D) is incorrect. The internal audit activity collectively must To add value and improve an organization’s A. operations. possess the To assist management with the design and implementation of risk knowledge, skills, and other competencies needed to perform its management responsibilities. and control systems. [7] Gleim #: 1.1.7 B. The purpose of the internal audit activity can be best described as To examine and evaluate an organization’s accounting system as a A. Adding value to the organization. service to B. Providing additional assurance regarding fair presentation of management. financial statements. C. Expressing an opinion on the adequate design and functioning of the D. To monitor the organization’s internal control system for the system of external auditors. internal control. Answer (A) is correct. The Definition of Internal Auditing states, in C. part, Assuring the absence of any fraud that would materially affect the “Internal auditing is an independent, objective assurance and financial consulting activity statements. designed to add value and improve an organization’s operations.” D. Answer (B) is incorrect. Performing the functions of design and Answer (A) is correct. Internal auditing is an independent, objective implementation assurance of risk management and control systems would impair the objectivity and consulting activity designed to add value and improve an of the organization’s internal auditors. An internal auditor may, however, recommend operations (Definition of Internal Auditing). control standards Answer (B) is incorrect. Assisting the external auditors in their audit and review procedures prior to their implementation. of the Answer (C) is incorrect. Internal auditing is much broader than financial statements is one of many possible tasks of the internal examining and audit activity, but evaluating an organization’s accounting system. it is not its primary purpose. Answer (D) is incorrect. Internal auditing serves the organization, Answer (C) is incorrect. Assessing internal control is one of many not the external tasks of the auditors. internal audit activity, but it is not its primary purpose. [9] Gleim #: 1.1.9 Answer (D) is incorrect. Detecting fraud is one of many possible The internal audit activity’s scope of responsibilities includes tasks of the A. Eliminating risk. internal audit activity, but it is not its primary purpose. B. Managing risk. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Evaluating risk. (720 questions) D. Controlling risk. Copyright 2013 Gleim Publications Inc. Page 3 Answer (A) is incorrect. Eliminating risks is a responsibility of [11] Gleim #: 1.1.11 management. According to The IIA’s International Professional Practices Answer (B) is incorrect. Managing risk is a responsibility of Framework, which of the management. following constitute mandatory guidance for implementing the Answer (C) is correct. The internal audit activity helps an Standards? organization A. Development Aids. accomplish its objectives by bringing a systematic, disciplined B. Practice Aids. approach to C. Performance Standards. evaluate and improve the effectiveness of risk management, control, D. Practice Advisories. and Answer (A) is incorrect. Development Aids are not part of the IPPF. governance processes (Definition of Internal Auditing). Managing, Answer (B) is incorrect. Practice Aids are not part of the IPPF. controlling, Answer (C) is correct. The mandatory guidance portion of the IPPF and eliminating risk are responsibilities of management. consists of Answer (D) is incorrect. Controlling risk is a responsibility of the Definition of Internal Auditing, the Code of Ethics, Attribute management. Standards, [10] Gleim #: 1.1.10 Performance Standards, and Implementation Standards. The Standards consist of three types of Standards. Which Standards Answer (D) is incorrect. Practice Advisories are strongly apply to the recommended guidance. characteristics of providers of internal auditing services? [12] Gleim #: 1.1.12 A. Implementation Standards. Under the Sarbanes-Oxley Act of 2002 (SOX), B. Performance Standards. A. At least one member of the audit committee must be a financial C. Attribute Standards. expert. D. Independence Standards. B. The chairman of the board of directors must be a financial expert. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. The audit committee must rotate at least one seat on an annual (720 questions) basis. Copyright 2013 Gleim Publications Inc. Page 4 D. All members of the audit committee must be financial experts. Printed for Sanja Knezevic Answer (A) is correct. Under the terms of SOX, at least one member fb.com/ciaaofficial of the audit Answer (A) is incorrect. Implementation Standards apply to specific committee must be a financial expert. types of Answer (B) is incorrect. The SOX requirement regarding a financial engagements. expert does Answer (B) is incorrect. Performance Standards describe the nature not refer to the chairman of the board. of internal Answer (C) is incorrect. SOX imposes no requirements regarding auditing and provide quality criteria for evaluation of internal audit membership performance. rotation of the audit committee. Answer (C) is correct. Attribute Standards concern the Answer (D) is incorrect. Under the terms of SOX, only one member characteristics of organizations of the audit and parties providing internal auditing services. committee need be a financial expert. Answer (D) is incorrect. The IPPF does not contain Independence Gleim CIA Test Prep: Part 1 - Internal Audit Basics Standards. (720 questions) Copyright 2013 Gleim Publications Inc. Page 5 [14] Gleim #: 1.1.14 Printed for Sanja Knezevic Which one of the following must be included in the internal audit [13] Gleim #: 1.1.13 charter? The Sarbanes-Oxley Act of 2002 (SOX) imposes which of the A. Internal audit scope. following B. Internal audit responsibility. requirements? C. Chief audit executive’s compensation plan. The board of directors must be composed entirely of independent A. Number of full-time internal audit employees deemed to be the shareholders. necessary At least one member of the audit committee must be a former partner minimum. of the D. independent public accounting firm. Answer (A) is incorrect. Scope is an aspect of individual internal B. audit The audit committee must be composed entirely of independent engagements. members of the Answer (B) is correct. The purpose, authority, and responsibility of board. the internal C. audit activity must be formally defined in an internal audit charter. Once the audit committee has selected the independent public Answer (C) is incorrect. The CAE’s compensation plan is not an accounting firm, the appropriate committee must not interfere with the firm’s conduct of the financial matter to include in the internal audit charter. statement Answer (D) is incorrect. The staffing of the internal audit activity is audit. determined D. by the CAE and the board; it is not an appropriate matter to include Answer (A) is incorrect. The SOX requirement regarding in the internal independent members audit charter. refers to the audit committee, not the entire board. [15] Gleim #: 1.1.15 Answer (B) is incorrect. SOX does not impose a requirement Which one of the following is not included in the internal audit regarding charter? mandatory former employment with the independent public A. Risk assessment of the internal audit activity. accounting firm. B. Responsibility of the internal audit activity. Answer (C) is correct. Under the terms of SOX, each member of the C. Purpose of the internal audit activity. issuer’s D. Authority of the internal audit activity. audit committee must be an independent member of the board of Gleim CIA Test Prep: Part 1 - Internal Audit Basics directors. To be (720 questions) independent, a director must not be affiliated with, or receive any Copyright 2013 Gleim Publications Inc. Page 6 compensation Printed for Sanja Knezevic (other than for service on the board) from, the issuer. fb.com/ciaaofficial Answer (D) is incorrect. The audit committee must be directly Answer (A) is correct. A risk assessment is not appropriate for responsible for inclusion in the appointing, compensating, and overseeing the work of the internal audit charter. independent auditor. Answer (B) is incorrect. The appropriate contents of the internal Answer (C) is incorrect. Internal audit engagements are scheduled audit charter are the based on a risk purpose, authority, and responsibility of the internal audit activity. assessment, not simply time elapsed since the last engagement. Answer (C) is incorrect. The appropriate contents of the internal Answer (D) is incorrect. Internal audit engagements are scheduled audit charter are the based on a risk purpose, authority, and responsibility of the internal audit activity. assessment, only one of the elements of which is monetary Answer (D) is incorrect. The appropriate contents of the internal materiality. audit charter are the [17] Gleim #: 1.1.17 purpose, authority, and responsibility of the internal audit activity. The purpose, authority, and responsibility of the internal audit activity [16] Gleim #: 1.1.16 are formally The transportation department of a publicly held company has asked defined in the internal audit The records of the proceedings of the A. board of directors. activity to review the design specifications for a proposed new B. The corporate bylaws. warehouse and repair C. The memorandum of understanding. facility. The best reason for the internal audit activity to decline the D. A formal, written charter. request is Gleim CIA Test Prep: Part 1 - Internal Audit Basics Such a review does not fall within the authority granted in the internal (720 questions) audit Copyright 2013 Gleim Publications Inc. Page 7 charter. Printed for Sanja Knezevic A. Answer (A) is incorrect. While the records of board meetings do The CEO and the head of the transportation department are reflect discussions neighbors and belong related to the internal audit charter, they are no substitute for an to the same social clubs. actual formal charter. B. Answer (B) is incorrect. The corporate bylaws are not the The internal audit activity performed a thorough review of the appropriate place to define transportation the purpose, authority, and responsibility of the internal audit activity. department the previous year. Answer (C) is incorrect. A memorandum of understanding is an C. agreement between The transportation department’s budget is immaterial to the parties expressing their common will that does not necessarily organization’s total contain the elements of budget. a contract. D. Answer (D) is correct. The purpose, authority, and responsibility of Answer (A) is correct. The internal audit activity’s purpose, authority, the internal audit and activity must be formally defined in a written charter, consistent with responsibility are specifically granted in the form of a written charter the Definition of approved by Internal Auditing, the Code of Ethics, and the Standards. the board. [18] Gleim #: 1.1.18 Answer (B) is incorrect. An attitude of independence is required for The types of services provided by the internal audit activity can best internal be described as auditors, not for auditees and management. Auditing A. and engagement. B. Auditing and consulting. inevitable conflicts arise between the internal audit activity and the C. Assurance and consulting. department or D. Auditing and assurance. function under review. Answer (A) is incorrect. Engagement is not a type of internal audit Answer (D) is incorrect. The support of management and the board service. is crucial Answer (B) is incorrect. The IIA Glossary defines assurance and when inevitable conflicts arise between the internal audit activity and consulting, not the auditing and consulting, as the types of services provided by the department or function under review. internal audit Gleim CIA Test Prep: Part 1 - Internal Audit Basics activity. (720 questions) Answer (C) is correct. The internal audit activity provides Copyright 2013 Gleim Publications Inc. Page 8 independent, objective Printed for Sanja Knezevic assurance and consulting services designed to add value and fb.com/ciaaofficial improve an [20] Gleim #: 1.1.20 organization’s operations (Definition of Internal Auditing). Which of the following is not appropriate for inclusion in the internal Answer (D) is incorrect. The IIA Glossary defines assurance and audit charter? consulting, not The nature of the chief audit executive’s functional reporting auditing and assurance, as the types of services provided by the relationship with the internal audit board. activity. A. [19] Gleim #: 1.1.19 Authorization of internal audit access to records, personnel, and Support from which persons or combination of persons listed below physical is most important properties. to the success of the internal audit activity? B. A. The chief executive officer and chief financial officer. Definition of the scope of internal C. audit activities. B. The chief executive officer. D. Authorization of the board to approve the charter. C. Management and the board. Answer (A) is incorrect. The nature of the chief audit executive’s D. The audit committee. functional Answer (A) is incorrect. The support of management and the board reporting relationship with the board is one of the elements to be is crucial included in the when inevitable conflicts arise between the internal audit activity and internal audit charter. the Answer (B) is incorrect. Authorization of internal audit access to department or function under review. records, Answer (B) is incorrect. The support of management and the board personnel, and physical properties is one of the elements to be is crucial included in the when inevitable conflicts arise between the internal audit activity and internal audit charter. the Answer (C) is incorrect. Definition of the scope of internal audit department or function under review. activities is one Answer (C) is correct. The support of management and the board is of the elements to be included in the internal audit charter. crucial when Answer (D) is correct. Final approval of the internal audit charter Accordingly, internal auditors are professionals who serve others by resides with the providing board. The board has this power inherently. assurance and consulting services. [21] Gleim #: 1.2.21 Answer (D) is incorrect. In some situations, responsibility to the A primary purpose of establishing a code of conduct within a public at large professional may conflict with and be more important than loyalty to one’s organization is to organization. Reduce the likelihood that members of the profession will be sued for Gleim CIA Test Prep: Part 1 - Internal Audit Basics substandard (720 questions) work. Copyright 2013 Gleim Publications Inc. Page 9 A. Printed for Sanja Knezevic Ensure that all members of the profession perform at approximately [22] Gleim #: 1.2.22 the same An accounting association established a code of ethics for all level of competence. members. What is one of B. the association’s primary purposes of establishing the code of C. Promote an ethical culture among professionals who serve others. ethics? Require members of the profession to exhibit loyalty in all matters To outline criteria for professional behavior to maintain standards of pertaining to integrity and the affairs of their organization. objectivity. D. A. Answer (A) is incorrect. Although this result may follow from To establish standards to follow for effective accounting B. practice. establishing a code To provide a framework within which accounting policies could be of conduct, it is not the primary purpose. To consider it so would be effectively self-serving. developed and executed. Answer (B) is incorrect. A code of conduct can help to establish C. minimum To outline criteria that can be used in conducting interviews of standards of competence, but it would be impossible to ensure potential new equality of accountants. competence by all members of a profession. D. Answer (C) is correct. The IIA’s Code of Ethics is typical. Its purpose Answer (A) is correct. The primary purpose of a code of ethical is “to behavior for a promote an ethical culture in the profession of internal auditing.” The professional organization is to promote an ethical culture among definition professionals of internal auditing states that it is “an independent, objective who serve others. assurance and Answer (B) is incorrect. National standards-setting bodies, not a consulting activity.” Moreover, internal auditing is founded on “the code of ethics, trust placed provide guidance for effective accounting practice. in its objective assurance about governance, risk management, and Answer (C) is incorrect. A code of ethics does not provide the control.” framework within which accounting policies are developed. Answer (D) is incorrect. The primary purpose is not for interviewing (720 questions) new Copyright 2013 Gleim Publications Inc. Page 10 accountants. Printed for Sanja Knezevic [23] Gleim #: 1.2.23 fb.com/ciaaofficial The best reason for establishing a code of conduct within an Answer (A) is correct. An organization’s code of ethical conduct is organization is that such the established codes general value system the organization wishes to apply to its A. Are typically required by governments. members’ activities by B. Express standards of individual behavior for members of the communicating organizational purposes and beliefs and establishing organization. uniform ethical C. Provide a quantifiable basis for personnel evaluations. guidelines for members, which include guidance on behavior for D. Have tremendous public relations potential. members in making Answer (A) is incorrect. Governments typically lack the power to decisions. impose ethical Answer (B) is incorrect. The organizational details of the codes on nongovernment personnel (the Sarbanes-Oxley Act of profession’s governing body 2002 contains a are stated in the by-laws of a professional organization. partial exception to this general rule). Answer (C) is incorrect. Certain actions may be legal, but contrary Answer (B) is correct. An organization’s code of ethical conduct is to an the organization’s code of ethics. For example, an internal auditor may established general value system the organization wishes to apply to not perform a its members’ service for which (s)he does not possess the necessary knowledge, activities. It communicates organizational purposes and beliefs and skills, and establishes experience. uniform ethical guidelines for members, which include guidance on Answer (D) is incorrect. The Standards establish a basis for the behavior for measurement of members in making decisions. internal audit performance. Answer (C) is incorrect. Codes of conduct provide qualitative, not [25] Gleim #: 1.2.25 quantitative, In analyzing the differences between two recently merged standards. businesses, the chief audit Answer (D) is incorrect. Other purposes of a code of conduct are executive of Organization A notes that it has a formal code of ethics much more and Organization significant. B does not. The code of ethics covers such things as purchase [24] Gleim #: 1.2.24 agreements, The code of ethics of a professional organization sets forth relationships with vendors, and other issues. Its purpose is to guide A. Broad standards of conduct for the members of the organization. individual B. The organizational details of the profession’s governing body. behavior within the firm. Which of the following statements regarding C. A list of illegal activities that are proscribed to the members of the the existence of profession. the code of ethics in A can be logically inferred? D. A basis for the measurement of internal audit performance. A exhibits a higher standard of ethical behavior I. than does B. Gleim CIA Test Prep: Part 1 - Internal Audit Basics A has established objective criteria by which an individual’s actions Copyright 2013 Gleim Publications Inc. Page 11 can be Printed for Sanja Knezevic evaluated. [26] Gleim #: 1.2.26 II. A review of an organization’s code of conduct revealed that it The absence of a formal code of ethics in B would prevent a contained successful review of comprehensive guidelines designed to inspire high levels of ethical ethical behavior in that organization. behavior. The III. review also revealed that employees were knowledgeable of its A. I and II. provisions. However, B. II only. some employees still did not comply with the code. What element C. III only. should a code of D. II and III. conduct contain to enhance its effectiveness? Answer (A) is incorrect. The mere existence of A’s code of ethics Periodic review and acknowledgment A. by all employees. does not B. Employee involvement in its development. ensure that its principles are followed. C. Public knowledge of its contents and purpose. Answer (B) is correct. A formal code of ethics effectively (1) D. Provisions for disciplinary action in the event of violations. communicates Answer (A) is incorrect. Periodic review and acknowledgment would acceptable values to all members, (2) provides a method of policing ensure and employee knowledge and acceptance of the code, which are not at disciplining members for violations, (3) establishes objective issue. standards against Answer (B) is incorrect. Employee involvement in development which individuals can measure their own performance, and (4) would encourage communicates the employee acceptance, which is not at issue. organization’s value system to outsiders. Answer (C) is incorrect. Public knowledge might affect the behavior Answer (C) is incorrect. The absence of a formal code of ethics of some does not preclude individuals but not to the same extent as the perceived likelihood of a successful review of ethical behavior in an organization. Policies sanctions for and procedures wrongdoing. may provide the criteria for such an engagement. Answer (D) is correct. Penalties for violations of a code of conduct Answer (D) is incorrect. The existence of a code of ethics does should establish enhance its effectiveness. Some individuals will be deterred from objective criteria by which individual actions can be evaluated. misconduct if However, the they expect it to be detected and punished. absence of a formal code of ethics does not preclude a successful [27] Gleim #: 1.2.27 review of ethical A formal code of ethics should do all of the following except behavior in an organization. Policies and procedures may provide the A. Effectively communicate acceptable values to all members. criteria for B. Communicate the organization’s value system to outsiders. such an engagement. C. Reflect only legal standards of conduct for individuals and the Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization. (720 questions) Provide a method of policing and disciplining members of the management accountants requires independence from conflicts of organization for economic interest. violations. Answer (C) is incorrect. A typical code of ethical conduct for D. financial managers or Answer (A) is incorrect. A code of ethics should effectively management accountants requires independence from conflicts of communicate professional interest. acceptable values to all organization members. Answer (D) is correct. The code of ethical conduct for financial Answer (B) is incorrect. A code of ethics should communicate the managers or organization’s management accountants in an organization should require value system to those outside the organization. credibility in presenting Answer (C) is correct. An ethical organization aspires to a higher information, preparing reports, and making analyses. standard of [29] Gleim #: 1.2.29 behavior than mere legality. Objectivity is an ethical requirement for all persons engaged in the Answer (D) is incorrect. A code of ethics should indeed provide a professional method of practice of internal auditing. One aspect of objectivity requires policing and disciplining members for violations. Performance of professional duties in accordance A. with relevant [28] Gleim #: 1.2.28 laws. A typical code of ethical conduct for financial managers or B. Avoidance of conflict of interest. management accountants C. Refraining from using confidential information for unethical or in an organization requires all of the following except illegal advantage. Integrity and a refusal to compromise professional values for the D. Maintenance of an appropriate level of professional expertise. sake of personal Answer (A) is incorrect. Observing the law is a component of goals. integrity. A. Answer (B) is correct. Commitment to independence from conflicts B. Independence from conflicts of economic interest. of economic C. Independence from conflicts of professional interest. or professional interest is an aspect of objectivity. D. Subjectivity in presenting information, preparing reports, and Answer (C) is incorrect. Refraining from using confidential making analyses. information for Gleim CIA Test Prep: Part 1 - Internal Audit Basics unethical or illegal advantage is an aspect of confidentiality. (720 questions) Answer (D) is incorrect. Maintenance of an appropriate level of Copyright 2013 Gleim Publications Inc. Page 12 professional Printed for Sanja Knezevic expertise is an aspect of competency. fb.com/ciaaofficial [30] Gleim #: 1.3.30 Answer (A) is incorrect. A typical code of ethical conduct for The IIA Rules of Conduct set forth in The IIA’s Code of Ethics financial managers or A. Describe behavior norms expected of internal auditors. management accountants in an organization requires integrity and a B. Are guidelines to assist internal auditors in dealing with refusal to engagement clients. compromise professional values for the sake of personal goals. C. Are interpreted by the Principles. Answer (B) is incorrect. A typical code of ethical conduct for D. Apply only to particular conduct specifically mentioned. financial managers or Answer (A) is correct. The IIA’s Code of Ethics extends beyond the action is not consistent with The IIA’s Code of Ethics. definition of D. internal auditing to include two essential components: (1) Principles Answer (A) is incorrect. Seeking the advice of legal counsel on all that are ethical relevant to the profession and practice of internal auditing and (2) decisions is impracticable. Rules of Answer (B) is correct. The Code includes Principles (integrity, Conduct that describe behavior norms expected of internal auditors objectivity, (Introduction). confidentiality, and competency) relevant to the profession and Answer (B) is incorrect. The Rules of Conduct provide guidance to practice of internal internal auditing and Rules of Conduct that describe behavioral norms for auditors in the discharge of their responsibility to all those whom they internal auditors serve. and that interpret the Principles. Internal auditors are expected to Engagement clients are not the only parties served by internal apply and auditing. uphold the Principles. Furthermore, that a particular conduct is not Answer (C) is incorrect. The Rules of Conduct are an aid in mentioned in interpreting the the Rules does not prevent it from being unacceptable or Principles. discreditable. Answer (D) is incorrect. The conduct may be unacceptable or Answer (C) is incorrect. Seeking the advice of the board on all discreditable ethical decisions although not mentioned in the Rules of Conduct. is impracticable. Furthermore, the advice might not be consistent Gleim CIA Test Prep: Part 1 - Internal Audit Basics with the (720 questions) profession’s standards. Copyright 2013 Gleim Publications Inc. Page 13 Answer (D) is incorrect. If the organization’s standards are not Printed for Sanja Knezevic consistent with, or [31] Gleim #: 1.3.31 as high as, the profession’s standards, the internal auditor is held to Today’s internal auditor will often encounter a wide range of potential the standards ethical of the profession. dilemmas, not all of which are explicitly addressed by The IIA’s Code [32] Gleim #: 1.3.32 of Ethics. If the In complying with The IIA’s Code of Ethics, an internal auditor should internal auditor encounters such a dilemma, the internal auditor A. Use individual judgment in the application of the principles set should always forth in the Code. Seek counsel from an independent attorney to determine the Respect and contribute to the objectives of the organization even if it personal is engaged consequences of potential actions. in illegal activities. A. B. Apply and uphold the principles embodied in The IIA’s B. Code of Go beyond the limitation of personal technical skills to advance the Ethics. interest of the C. Seek the counsel of the board before deciding on an action. organization. Act consistently with the code of ethics adopted by the organization C. even if such D. Primarily apply the competency principle in establishing trust. Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal auditor’s former employer in determining priorities in the new (720 questions) job. Copyright 2013 Gleim Publications Inc. Page 14 A. Printed for Sanja Knezevic The new internal audit activity does not use PPS sampling, and the fb.com/ciaaofficial internal Answer (A) is correct. The IIA’s Code of Ethics includes principles auditor believes PPS sampling has advantages for many of the that internal engagements auditors are expected to apply and uphold. They are interpreted by conducted by the new employer. The internal auditor conducts the Rules of training sessions Conduct, behavior norms expected of internal auditors. That a and develops forms to implement sampling in the same manner as particular conduct is not the previous mentioned in the Rules of Conduct does not prevent it from being employer. unacceptable or B. discreditable. Consequently, a reasonable inference is that individual While at the previous firm, the internal auditor conducted a great deal judgment is of research necessary in the application of the principles and the Rules of to identify “best practices” for the management of the treasury Conduct. function. Because Answer (B) is incorrect. An internal auditor “shall not knowingly be a most of the research was done at home and during non-office hours, party to any the internal illegal activity.” Furthermore, an internal auditor is bound to respect auditor retained much of the research and plans to use it in and contribute conducting a review of only to the legitimate and ethical objectives of the organization. the treasury function at the new employer. Answer (C) is incorrect. Internal auditors “shall engage only in those C. services for None of the answers represent a violation D. of the Code. which they have the necessary knowledge, skills, and experience.” Answer (A) is incorrect. Disclosing the former employer’s risk Answer (D) is incorrect. Applying and upholding the integrity assessment principle is the means approach does not violate the Code. by which an internal auditor establishes trust as a basis for reliance Answer (B) is incorrect. Disclosing sampling methods does not on his/her violate the Code. judgment. Answer (C) is incorrect. Disclosing information about best practices [33] Gleim #: 1.3.33 of other An internal auditor, recently terminated by an organization due to organizations does not violate the Code. downsizing, has Answer (D) is correct. The former employer’s risk assessment found a job with another organization in the same industry. Which of approach may be the following viewed as general information about “best practices.” Hence, disclosures made by the internal auditor to the new organization applying this would constitute a approach on behalf of a new employer is acceptable. With regard to violation of The IIA’s Code of Ethics? the former The internal auditor used the risk assessment approach that was employer’s sampling methods, the internal auditor is applying used by the knowledge of a commonly used engagement procedure. It is not confidential discreditable even if it is not mentioned in the Rules of Conduct. information. Answer (C) is incorrect. It is not feasible to seek the audit Moreover, gathering information about best practices of other committee’s advice for organizations is part all potential dilemmas. Furthermore, the advice might not be of the continuing education of the internal auditor. Thus, the listed consistent with the responses are profession’s standards. not violations of the Code. Answer (D) is incorrect. If the organization’s standards are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics consistent with, or (720 questions) as high as, the profession’s standards, the internal auditor should Copyright 2013 Gleim Publications Inc. Page 15 abide by the Printed for Sanja Knezevic latter. [34] Gleim #: 1.3.34 [35] Gleim #: 1.3.35 An internal auditor who encounters an ethical dilemma not explicitly The IIA’s Code of Ethics does not require addressed by A. Contribution to the legitimate and ethical objectives of the The IIA’s Code of Ethics should always organization. Seek counsel from an independent attorney to determine the B. Objectivity, honesty, and diligence. personal C. Continual improvement in proficiency. consequences of potential actions. D. A report on each engagement. A. Answer (A) is incorrect. Rule of Conduct 1.4 states, “Internal Take action consistent with the principles embodied in The IIA’s B. auditors shall Code of Ethics. respect and contribute to the legitimate and ethical objectives of the C. Seek the counsel of the audit committee before deciding on an organization.” action. Answer (B) is incorrect. Rule of Conduct 1.1 imposes an obligation Act consistently with the employing organization’s code of ethics of honesty, even if such diligence, and responsibility. Moreover, objectivity is one of the four action would not be consistent with The IIA’s Code of Ethics. Principles D. stated in the Code. Answer (A) is incorrect. The auditor must act consistently with the Answer (C) is incorrect. Continual improvement in proficiency and in spirit of The the IIA’s Code of Ethics. It is not practical to seek the advice of legal effectiveness and quality of services is required by Rule of Conduct counsel for all 4.3. ethical decisions. Moreover, unethical behavior may not be illegal. Answer (D) is correct. The Standards, not the Code of Ethics, Answer (B) is correct. The IIA’s Code of Ethics is based on require internal principles relevant to auditors to communicate the engagement results. the profession and practice of internal auditing that internal auditors Gleim CIA Test Prep: Part 1 - Internal Audit Basics are expected (720 questions) to apply and uphold: integrity, objectivity, confidentiality, and Copyright 2013 Gleim Publications Inc. Page 16 competency. Printed for Sanja Knezevic Furthermore, the Code states that particular conduct may be fb.com/ciaaofficial unacceptable or [36] Gleim #: 1.4.36 An internal auditor working for a chemical manufacturer believed that confidential, audit-related information that could potentially damage toxic waste was the auditor’s being dumped in violation of the law. Out of loyalty to the organization. organization, no A. information regarding the dumping was collected. The internal An auditor used audit-related information in a decision to buy stock auditor issued by the Violated the Code of Ethics by knowingly becoming a party A. to an employer corporation. illegal act. B. Violated the Code of Ethics by failing to protect the well-being of the After praising an employee in a recent audit engagement general communication, an public. auditor accepted a gift from the employee. B. C. Did not violate the Code of Ethics. Loyalty to the employer in all An auditor did not report significant observations about illegal activity matters is to the required. board because management indicated that it would resolve the C. issue. Did not violate the Code of Ethics. Conclusive information about D. wrongdoing was Answer (A) is correct. Rule of Conduct 1.2 under the integrity not gathered. principal states, D. “Internal auditors shall observe the law and make disclosures Answer (A) is correct. Rule of Conduct 1.3 under the integrity expected by the law principle prohibits and the profession.” Thus, auditors must comply with subpoenas. knowingly being a party to any illegal activity. By failing to collect Answer (B) is incorrect. Rule of Conduct 3.2 prohibits auditors from information using audit about a known violation of law, the auditor became party to the illegal information for personal gain. act. Answer (C) is incorrect. Rule of Conduct 2.2 prohibits an auditor Answer (B) is incorrect. The IIA’s Code of Ethics does not impose a from accepting duty to the anything that might be presumed to impair the auditor’s professional general public. judgment. Answer (C) is incorrect. The IIA’s Code of Ethics does not impose Answer (D) is incorrect. Rule of Conduct 1.3 prohibits auditors from an overriding knowingly duty of loyalty to the employer. being a party to any illegal or improper activity. Significant Answer (D) is incorrect. The internal auditor should have collected observations of illegal and reported activity should be reported to the board. such information in accordance with the Standards. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [37] Gleim #: 1.4.37 (720 questions) Which of the following is permissible under The IIA’s Code of Ethics? Copyright 2013 Gleim Publications Inc. Page 17 In response to a subpoena, an auditor appeared in a court of law and Printed for Sanja Knezevic disclosed [38] Gleim #: 1.4.38 The IIA’s Code of Ethics requires internal auditors to perform their under review (Rule of Conduct 2.3). An internal auditor also must work with respect and Honesty, diligence, A. and responsibility. contribute to the legitimate and ethical objectives of the organization B. Timeliness, sobriety, and clarity. (Rule of C. Knowledge, skills, and competencies. Conduct 1.4). Thus, when apparent violations of antitrust statutes by D. Punctuality, objectivity, and responsibility. officers Answer (A) is correct. Rule of Conduct 1.1 under the integrity come to the internal auditor’s attention, (s)he should report to the principle states, board of “Internal auditors shall perform their work with honesty, diligence, directors rather than directly to the government regulators. An and internal auditor responsibility.” must also observe the law and make any disclosures required by the Answer (B) is incorrect. Timeliness, sobriety, and clarity are not law or by the mentioned in the profession (Rule of Conduct 1.2). Code. Answer (B) is incorrect. Everyone has a legal obligation to Answer (C) is incorrect. Knowledge, skills, and competencies are cooperate with a mentioned in criminal investigation. An internal auditor must observe the law and the Standards. make any Answer (D) is incorrect. Punctuality is not mentioned in the Code. disclosures required by the law or by the profession (Rule of Conduct [39] Gleim #: 1.4.39 1.2). Which situation is most likely a violation of The IIA’s Code of Ethics? Answer (C) is incorrect. An internal auditor should report apparent Reporting apparent violations of antitrust statutes by officers to improprieties government to the board. regulators. Answer (D) is incorrect. Everyone has a legal and moral obligation A. to report B. Cooperating with the government’s criminal investigation of the violent crimes immediately. organization. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Reporting apparent violations of antitrust statutes by officers to the (720 questions) board of Copyright 2013 Gleim Publications Inc. Page 18 directors. Printed for Sanja Knezevic C. fb.com/ciaaofficial Immediately reporting a violent crime observed at work to local law [40] Gleim #: 1.5.40 enforcement In applying the Rules of Conduct set forth in The IIA’s Code of agencies. Ethics, internal D. auditors are expected to Answer (A) is correct. An internal auditor must not knowingly be a Not be unduly influenced by their own interests in A. forming party to any judgments. illegal activity (Rule of Conduct 1.3), and (s)he must disclose all B. Compare them with standards of other professions. material facts C. Be guided by the desires of the engagement client. known to him/her that, if not disclosed, might distort the reporting of D. Use discretion in deciding whether to use them. activities Answer (A) is correct. The objectivity principle contained in The IIA’s Copyright 2013 Gleim Publications Inc. Page 19 Code of Printed for Sanja Knezevic Ethics states, in part, “Internal auditors make a balanced assessment [42] Gleim #: 1.5.42 of all the A CIA is working in a noninternal-auditing position as the director of relevant circumstances and are not unduly influenced by their own purchasing. The interests or by CIA signed a contract to procure a large order from the supplier with others in forming judgments.” the best price, Answer (B) is incorrect. Standards of other professions are not quality, and performance. Shortly after signing the contract, the intended to supplier presented the provide guidance to internal auditors. CIA with a gift of significant monetary value. Which of the following Answer (C) is incorrect. Auditors should be independent of the statements engagement regarding the acceptance of the gift is true? client. Acceptance of the gift is prohibited only if it A. is not customary. Answer (D) is incorrect. Internal auditors must follow The IIA’s Code Acceptance of the gift violates The IIA’s Code of Ethics and is of Ethics. prohibited for a [41] Gleim #: 1.5.41 CIA. Which of the following statements is not appropriate to include in a B. manufacturer’s Because the CIA is no longer acting as an internal auditor, conflict of interest policy? An employee shall not acceptance of the gift is A. Accept money, gifts, or services from a customer. governed only by the organization’s code of conduct. B. Participate (directly or indirectly) in the management of a public C. agency. Because the contract was signed before the gift was offered, C. Borrow from or lend money to vendors. acceptance of the gift D. Use organizational information for private purposes. does not violate either The IIA’s Code of Ethics or the organization’s Answer (A) is incorrect. A conflict of interest policy should prohibit code of the transfer conduct. of benefits between an employee and those with whom the D. organization deals. Answer (A) is incorrect. Acceptance of the gift could easily be Answer (B) is correct. A prohibition on public service is ordinarily presumed to have inappropriate. impaired the CIA’s professional judgment. Public service is a right, if not a duty, of all citizens. Answer (B) is correct. Members of The Institute of Internal Auditors Answer (C) is incorrect. A conflict of interest policy should prohibit and financial recipients of, or candidates for, IIA professional certifications are dealings between an employee and those with whom the subject to organization deals. disciplinary action for breaches of The IIA’s Code of Ethics. Rule of Answer (D) is incorrect. A conflict of interest policy should prohibit Conduct 2.2 the use of under the objectivity principle states, “Internal auditors shall not organization information for private gain. accept anything Gleim CIA Test Prep: Part 1 - Internal Audit Basics that may impair or be presumed to impair their professional (720 questions) judgment.” Answer (C) is incorrect. The CIA is still governed by The IIA’s code (720 questions) of conduct. Copyright 2013 Gleim Publications Inc. Page 20 Answer (D) is incorrect. The timing of signing the contract is Printed for Sanja Knezevic irrelevant. fb.com/ciaaofficial [43] Gleim #: 1.5.43 [44] Gleim #: 1.5.44 The chief audit executive (CAE) has been appointed to a committee In a review of travel and entertainment expenses, a certified internal to evaluate the auditor appointment of the external auditors. The engagement partner for questioned the business purposes of an officer’s reimbursed travel the external expenses. The accounting firm wants the CAE to join her for a week of hunting at officer promised to compensate for the questioned amounts by not her private lodge. claiming legitimate The CAE should expenses in the future. If the officer makes good on the promise, the A. Accept, assuming both their schedules allow it. internal auditor B. Refuse on the grounds of conflict of interest. Can ignore the original charging of the nonbusiness A. expenses. C. Accept as long as it is not charged to employer time. B. Should inform the tax authorities in any event. Ask the comptroller whether accepting the invitation is a violation of C. Should still include the finding in the final engagement the communication. organization’s code of ethics. Should recommend that the officer forfeit any frequent flyer miles D. received as part Answer (A) is incorrect. The auditor should not accept. of the questionable travel. Answer (B) is correct. Rule of Conduct 2.1 under the objectivity D. principle states, Answer (A) is incorrect. The possibly fraudulent behavior of the “Internal auditors shall not participate in any activity or relationship officer is a that may material fact that should be reported regardless of whether the impair or be presumed to impair their unbiased assessment. This questioned participation expenses are reimbursed. includes those activities or relationships that may be in conflict with Answer (B) is incorrect. Communication of results to parties outside the interests the of the organization.” Furthermore, under Rule of Conduct 2.2, organization is not required in the absence of a legal mandate. “Internal auditors Answer (C) is correct. Rule of Conduct 2.3 under the objectivity shall not accept anything that may impair or be presumed to impair principle states, their “Internal auditors shall disclose all material facts known to them that, professional judgment.” if not Answer (C) is incorrect. Not charging the time to the company is not disclosed, may distort the reporting of activities under review.” sufficient to Answer (D) is incorrect. Management should determine what eliminate conflict-of-interest concerns. constitutes just Answer (D) is incorrect. The auditor should know that accepting the compensation. invitation [45] Gleim #: 1.5.45 raises conflict of interest issues. During an engagement performed at a manufacturing division of a Gleim CIA Test Prep: Part 1 - Internal Audit Basics defense contractor, the internal auditor discovered that the organization apparently was Answer (A) is correct. Although an argument can be made that the inappropriately internal auditor adding costs to a cost-plus governmental contract. The internal should report the matter to the board and senior management, there auditor discussed the is no indication matter with senior management, who suggested that the internal that the internal auditor is deliberately withholding material facts that, auditor seek an if not disclosed, opinion from legal counsel. Upon review, legal counsel indicated that may distort reports of activities under review (Rule of Conduct 2.3). the practice was Hence, no questionable but was not technically in violation of the government violation of the Code occurred. contract. Based on Answer (B) is incorrect. Material fraud, if suspected, should be legal counsel’s decision, the internal auditor decided to omit any brought to the discussion of the attention of management. However, in this case, the internal auditor practice in the final engagement communication sent to senior gathered sufficient management and the information to dispel the suspicion of fraud. board. However, the internal auditor did informally communicate Answer (C) is incorrect. The internal auditor did not deliberately legal counsel’s withhold important decision to senior management. Did the internal auditor violate The information. IIA’s Code of Answer (D) is incorrect. The internal auditor has gathered sufficient Ethics? information. No. The internal auditor followed up the matter with appropriate Internal legal counsel’s opinion appears to be sufficient. personnel within [46] Gleim #: 1.5.46 the organization and reached a conclusion that no fraud was An internal auditor discovered some material inefficiencies in a involved. purchasing function. A. The purchasing manager is the internal auditor’s next-door neighbor No. If a fraud is suspected, it should be resolved at the divisional and best friend. In level where it is accordance with The IIA’s Code of Ethics, the internal auditor should taking place. Objectively include the facts of the case in the engagement A. B. communications. Yes. It is a violation because all important information, even if B. Not report the incident because of loyalty to the friend. resolved, should Include the facts of the case in a special communication submitted be reported to the board. only to the C. friend. Yes. Internal legal counsel’s opinion is not sufficient. The internal C. auditor should D. Not report the friend unless the activity is illegal. have sought advice from outside legal counsel. Answer (A) is correct. Rule of Conduct 2.3 under the objectivity D. principle states, Gleim CIA Test Prep: Part 1 - Internal Audit Basics “Internal auditors shall disclose all material facts known to them that, (720 questions) if not Copyright 2013 Gleim Publications Inc. Page 21 disclosed, may distort the reporting of activities under review.” Printed for Sanja Knezevic Answer (B) is incorrect. This action is at variance with the internal Answer (B) is incorrect. Serving on the board of the local bank may auditor’s also be in conflict duties. with the best interests of the auditor’s employer. Answer (C) is incorrect. This action is at variance with the internal Answer (C) is correct. Rule of Conduct 2.1 under the objectivity auditor’s principle states, duties. “Internal auditors shall not participate in any activity or relationship Answer (D) is incorrect. This action is at variance with the internal that may impair or auditor’s be presumed to impair their unbiased assessment. This participation duties. includes those [47] Gleim #: 1.5.47 activities or relationships that may be in conflict with the interests of An internal auditor for a large regional bank was asked to serve on the the board of organization.” Accordingly, service on the board of the local bank directors of a local bank. The bank competes in many of the same constitutes a markets as the conflict of interest and may prejudice the internal auditor’s ability to regional bank but focuses more on consumer financing than on carry out business financing. objectively his/her duties regarding potential acquisitions. In accepting this position, the internal auditor Answer (D) is incorrect. Serving on the board of the local bank Violates The IIA’s Code of Ethics because serving on the board may creates a conflict of be in conflict interest and may prejudice the internal auditor’s ability to perform with the best interests of the internal auditor’s employer his/her duties. I. [48] Gleim #: 1.5.48 Violates The IIA’s Code of Ethics because the information gained Which of the following concurrent occupations could appear to while serving subvert the ethical on the board of directors of the local bank may influence behavior of an internal auditor? recommendations Internal auditor and a well-known charitable organization’s local in- regarding potential acquisitions house II. chairperson. A. I only. A. B. II only. Internal auditor and part-time business B. insurance broker. C. I and II. Internal auditor and adjunct faculty member of a local business D. Neither I nor II. college that Gleim CIA Test Prep: Part 1 - Internal Audit Basics educates potential employees. (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 22 Internal auditor and landlord of multiple housing that publicly Printed for Sanja Knezevic advertises for fb.com/ciaaofficial tenants in a local community newspaper listing monthly rental fees. Answer (A) is incorrect. Serving on the board of the local bank D. creates a conflict of Answer (A) is incorrect. The activities of a charity are unlikely to be interest and may prejudice the internal auditor’s ability to perform contrary to his/her duties. the interests of the organization. Answer (B) is correct. Rule of Conduct 2.1 under the objectivity professional judgment (Rule of Conduct 2.2). Moreover, relationships principle states, with “Internal auditors shall not participate in any activity or relationship professional organizations are not likely to create a conflict of interest that may or impair or be impair or be presumed to impair their unbiased assessment. This presumed to impair internal auditors’ unbiased judgment (Rule of participation Conduct 2.1). Also, includes those activities or relationships that may be in conflict with the consulting engagement should not result in the improper use of the interests information (Rule of the organization.” As a business insurance broker, the internal of Conduct 3.2). auditor may lose Answer (B) is incorrect. Serving as a consultant to competitors his/her objectivity because (s)he might benefit from a change in the might create a conflict employer’s of interest. insurance coverage. Answer (C) is incorrect. Serving as a consultant to suppliers might Answer (C) is incorrect. Teaching is compatible with internal create a conflict of auditing. interest. Answer (D) is incorrect. Whereas dealing in commercial properties Answer (D) is incorrect. Internal auditors should “be prudent in the might involve use and protection a conflict, renting residential units most likely does not. of information acquired in the course of their duties” (Rule of Conduct [49] Gleim #: 1.5.49 3.1). Internal auditors should be prudent in their relationships with persons Furthermore, such discussion might be “detrimental to the legitimate and and ethical organizations external to their employers. Which of the following objectives of the organization” (Rule of Conduct 3.2). activities will most [50] Gleim #: 1.5.50 likely not adversely affect internal auditors’ ethical behavior? An internal auditor has been assigned to an engagement at a foreign A. Accepting compensation from professional organizations for subsidiary. The consulting work. internal auditor is aware that the social climate of the country is such B. Serving as consultants to competitor organizations. that “facilitating C. Serving as consultants to suppliers. payments” (bribes) are an accepted part of doing business. The D. Discussing engagement plans or results with external parties. internal auditor has Gleim CIA Test Prep: Part 1 - Internal Audit Basics completed the engagement and has found significant weaknesses (720 questions) relating to important Copyright 2013 Gleim Publications Inc. Page 23 controls. The subsidiary’s manager offers the internal auditor a Printed for Sanja Knezevic substantial “facilitating Answer (A) is correct. Professional organizations are unlikely to be payment” to omit the observations from the final engagement employees, communication with a clients, customers, suppliers, or business associates of the provision that the internal auditor could revisit the subsidiary in 6 organization. Hence, the months to verify that consulting fees are not likely to impair or be presumed to impair the the problem areas have been properly addressed. The internal internal auditors’ auditor should Not accept the payment because such acceptance is in conflict with fb.com/ciaaofficial the Code of [51] Gleim #: 1.5.51 Ethics. An internal auditor engages in the preparation of income tax forms A. during the tax Not accept the payment, but omit the observations as long as a season. For which of the following activities will the internal auditor verification visit is most likely be in made in 6 months. violation of The IIA’s Code of Ethics? B. Writing a tax guide intended for publication and sale to A. the general Accept the offer because it is consistent with the ethical concepts of public. the country in Preparing the personal tax return, for a fee, for one of the which the subsidiary is doing business. organization’s division C. managers. Accept the payment because it has the effect of doing the greatest B. good for the C. Teaching an evening tax seminar, for a fee, at a local university. greatest number; the internal auditor is better off, the subsidiary is Preparing tax returns for elderly citizens, regardless of their better off, and associations, as a the organization is better off because there is strong motivation to public service. correct the D. deficiencies. Answer (A) is incorrect. Writing a tax guide for sale to the general D. public is Answer (A) is correct. Rule of Conduct 2.2 under the objectivity unlikely to impair the internal auditor’s professional judgment. principle states, Answer (B) is correct. Rule of Conduct 2.2 under the objectivity “Internal auditors shall not accept anything that may impair or be principle states, presumed to “Internal auditors shall not accept anything that may impair or be impair their professional judgment.” presumed to Answer (B) is incorrect. Rule of Conduct 2.3 requires internal impair their professional judgment.” Preparing a personal tax return auditors to for a division “disclose all material facts known to them that, if not disclosed, may manager for a fee falls under this prohibition. distort the Answer (C) is incorrect. Teaching an evening tax seminar is unlikely reporting of activities under review.” to impair Answer (C) is incorrect. The profession’s standards, not the the internal auditor’s professional judgment. customs of Answer (D) is incorrect. Engaging in a public service separate from individual countries or regions, should guide the internal auditor’s the interests conduct. and activities of the organization is unlikely to impair professional Answer (D) is incorrect. The action is explicitly prohibited by the judgment. Code of Ethics. [52] Gleim #: 1.5.52 Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditing team has made observations and (720 questions) recommendations that should Copyright 2013 Gleim Publications Inc. Page 24 significantly improve a division’s operating efficiency. Out of Printed for Sanja Knezevic appreciation of this work, and because it is the holiday season, the division manager organization’s charter. All the grants, however, were approved and presents the in-charge documented by the internal auditor with a gift of moderate value. Which of the following president. The chair of the grant authorization committee, who is also best describes a member of the the action prescribed by The IIA’s Code of Ethics? board of directors, proposes that the committee meet and A. Not accept it prior to submission of the final engagement retroactively approve all the communication. grants before the engagement communication is issued. If the B. Not accept it if the gift is presumed to impair the internal auditor’s committee meets and judgment. approves the grants before such issuance, the internal auditor C. Not accept it, regardless of other circumstances, because its should value is significant. Not report the grants in question because they were approved before D. Accept it, regardless of other circumstances, because its value is the issuance insignificant. of the engagement communication. Answer (A) is incorrect. The timing of the gift is irrelevant. A. Answer (B) is correct. Rule of Conduct 2.2 under the objectivity Discuss the matter with the chair of the grant committee to determine principle states, the rationale “Internal auditors shall not accept anything that may impair or be for not approving the grants earlier. If the grants are routine, presumed to discussion of the impair their professional judgment.” grant committee’s inaction should be omitted from the engagement Answer (C) is incorrect. According to Rule of Conduct 2.2, the communication. decision whether B. to accept a gift should be based on the potential impairment of the Include the items in the communication as an override of the auditor’s organization’s judgment. controls. Details about each grant should be reported, and the Answer (D) is incorrect. The decision to accept or reject the gift internal auditor should be based should investigate further for fraud. on whether the internal auditor’s professional judgment will be C. impaired or be Report the override of control D. to the board. presumed to be impaired. Answer (A) is incorrect. The control override should be reported. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. The routine nature of the grants is irrelevant (720 questions) to the issue Copyright 2013 Gleim Publications Inc. Page 25 of the violation of the charter. Printed for Sanja Knezevic Answer (C) is incorrect. Details about each grant need not be [53] Gleim #: 1.5.53 included unless the During an examination of grants awarded by a not-for-profit internal auditor believes that fraud may have occurred. Moreover, the organization, an internal appropriate auditor discovered a number of grants made without the approval of organizational authorities should be informed if wrongdoing is the grant suspected. authorization committee (which includes outside representatives), as Answer (D) is correct. Rule of Conduct 2.3 under the objectivity required by the principle states, “Internal auditors shall disclose all material facts known to them that, Answer (A) is incorrect. The internal auditor did not withhold if not information but disclosed, may distort the reporting of activities under review.” The properly followed up upon learning of the information. management Answer (B) is incorrect. The internal auditor did not withhold override of an important control over approval of grants created a information but material risk properly followed up upon learning of the information. exposure. The internal auditor is ethically obligated to report the Answer (C) is correct. There is no violation of either The IIA’s Code matter to senior of Ethics or the officials charged with performing the governance function. Standards. The internal auditor did not withhold information and [54] Gleim #: 1.5.54 properly followed up An internal auditor, nearly finished with an engagement, discovers upon learning of the information. that the director of Answer (D) is incorrect. The internal auditor did not withhold marketing has a gambling habit. The gambling issue is not directly information but related to the properly followed up upon learning of the information. existing engagement, and the internal auditor is under pressure to [55] Gleim #: 1.5.55 complete it quickly. An engagement at a foreign subsidiary disclosed payments to local The internal auditor notes the problem and passes the information on government to the chief audit officials in return for orders. What action does The IIA’s Code of executive but does no further follow-up. The internal auditor’s actions Ethics suggest for an Are in violation of The IIA’s Code of Ethics for withholding meaningful internal auditor in such a case? information. Refrain from any action that might be detrimental to A. the A. organization. Are in violation of the Standards because the internal auditor did not B. Report the incident to appropriate regulatory authorities. properly C. Inform appropriate organizational officials. follow up on a red flag that might indicate the existence of fraud. D. Report the practice to the board of The Institute of Internal B. Auditors. C. Are not in violation of either The IIA’s Code of Ethics or the Answer (A) is incorrect. Informing organizational officials is not Standards. detrimental to Are in violation of The IIA’s Code of Ethics for withholding meaningful the organization. information and are in violation of the Standards because the internal Answer (B) is incorrect. The Code does not require that the incident auditor did be reported not properly follow up on a red flag that might indicate the existence to regulatory authorities. of fraud. Answer (C) is correct. Such payments may be illegal. Rule of D. Conduct 2.3 under Gleim CIA Test Prep: Part 1 - Internal Audit Basics the objectivity principle states, “Internal auditors shall disclose all (720 questions) material facts Copyright 2013 Gleim Publications Inc. Page 26 known to them that, if not disclosed, may distort the reporting of Printed for Sanja Knezevic activities under fb.com/ciaaofficial review.” Answer (D) is incorrect. The Code does not require reporting to The Answer (D) is incorrect. The employee could be directed to other IIA. methods of [56] Gleim #: 1.5.56 communicating the information in order to maintain her anonymity. During an engagement, an employee with whom you have [57] Gleim #: 1.5.57 developed a good working The chief audit executive is aware of a material inventory shortage relationship informs you that she has some information about senior caused by internal management that control deficiencies at one manufacturing plant. The shortage and is damaging to the organization and may concern illegal activities. related causes are of The employee does sufficient magnitude to affect the external auditor’s report. Based on not want her name associated with the release of the information. The IIA’s Code Which of the of Ethics, what is the CAE’s most appropriate course of action? following actions is considered to be inconsistent with The IIA’s Code Say nothing; guard against interfering with the independence of the of Ethics and external the Standards? auditors. Assure the employee that you can maintain her anonymity and listen A. to the Discuss the issue with management and take appropriate action to information. ensure that the A. external auditors are informed. B. Suggest that the employee consider talking to legal counsel. B. Inform the employee that you will attempt to keep the source of the Inform the external auditors of the possibility of a shortage but allow information them to confidential and will look into the matter further. make an independent assessment of the amount. C. C. D. Inform the employee of other methods of communicating this type Communicate the shortages to the board and allow them to of information. communicate it to the Gleim CIA Test Prep: Part 1 - Internal Audit Basics external auditor. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 27 Answer (A) is incorrect. The shortage is a material fact that could Printed for Sanja Knezevic distort a report Answer (A) is correct. An internal auditor cannot guarantee of activities under review if not revealed. anonymity. Information Answer (B) is correct. All material facts known by the internal communicated to an internal auditor is not deemed to be privileged. auditors should be Answer (B) is incorrect. Suggesting that the person seek expert disclosed (Rule of Conduct 2.3). The CAE should share information legal advice from a and qualified individual is appropriate. coordinate activities with other internal and external providers of Answer (C) is incorrect. Promising merely to attempt to keep the relevant source of the assurance and consulting services (Perf. Std. 2050). information confidential is allowable. This promise is not a guarantee Answer (C) is incorrect. The condition is known and the external of auditors should confidentiality. be told more than that a possibility of a shortage exists. Answer (D) is incorrect. Information should be shared and activities Answer (B) is incorrect. The CAE should share information and coordinated coordinate with the external auditor. activities with the external auditors. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Although the internal audit activity’s main (720 questions) focus may be Copyright 2013 Gleim Publications Inc. Page 28 on risk management, control, and governance processes, a material Printed for Sanja Knezevic misstatement fb.com/ciaaofficial must be communicated. [58] Gleim #: 1.5.58 Answer (D) is incorrect. When performing an audit, the external Through an engagement performed at the credit department, the auditors should chief audit executive determine what work should be performed by the internal auditor. (CAE) became aware of a material misstatement of the year-end [59] Gleim #: 1.5.59 accounts receivable An internal auditor has uncovered facts that could be interpreted as balance. The external auditors have completed their engagement indicating without detecting the unlawful activity on the part of an engagement client. The internal misstatement. What should the CAE do in this situation? auditor decides not Inform the external auditors of A. the misstatement. to inform senior management and the board of these facts because Report the misstatement to management when the external auditors of lack of proof. present a The internal auditor, however, decides that, if questions are raised report. regarding the B. omitted facts, they will be answered fully and truthfully. In taking this Exclude the misstatement from the final engagement communication action, the because the internal auditor external auditors are responsible for expressing an opinion on the Has not violated The IIA’s Code of Ethics or the Standards because financial confidentiality takes precedence over all other standards. statements. A. C. Has not violated The IIA’s Code of Ethics or the Standards because Perform additional engagement procedures on accounts receivable the internal balances to auditor is committed to answering all questions fully and truthfully. benefit the external auditors. B. D. Has violated The IIA’s Code of Ethics because unlawful acts should Answer (A) is correct. Rule of Conduct 2.3 under the objectivity have been principle states, reported to the appropriate regulatory agency to avoid potential “Internal auditors shall disclose all material facts known to them that, “aiding and if not abetting” by the internal auditor. disclosed, may distort the reporting of activities under review.” C. Additionally, the Has violated the Standards because the internal auditor should CAE should share information and coordinate activities with the inform the external auditors appropriate authorities in the organization if fraud may be indicated. (Perf. Std. 2050). D. Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. (720 questions) Acquaint the chief audit executive with the situation and offer Copyright 2013 Gleim Publications Inc. Page 29 assurance that it Printed for Sanja Knezevic will have no impact on objectivity. Answer (A) is incorrect. Reporting a possible irregularity to the B. appropriate Proceed with the audit because the personal investments C. are not organizational authorities is not a breach of the duty of confidentiality an issue. owed to the Proceed with the audit because the investment is insignificant organization. relative to the Answer (B) is incorrect. The internal auditor has an affirmative duty whole of the target company’s stock. to report the D. results of his/her work. Answer (A) is correct. Rule of Conduct 2.1 under the objectivity Answer (C) is incorrect. The possibility of unlawful activities should principle states, be reported to “Internal auditors shall not participate in any activity or relationship the appropriate personnel within the organization. that may Answer (D) is correct. The internal auditor should inform the impair or be presumed to impair their unbiased assessment. This appropriate authorities participation in the organization if the indicators of the commission of a fraud are includes those activities or relationships that may be in conflict with sufficient to the interests recommend an investigation. Hence, the internal auditor has a duty of the organization.” In these circumstances, the internal auditor to act even though lacks the the available facts do not prove that an irregularity has occurred. appearance of objectivity because the outcome of the engagement Moreover, Rule of could directly Conduct 2.3 states, “Internal auditors shall disclose all material facts affect the acquisition decision and the price of the stock. The use of known to them the that, if not disclosed, may distort the reporting of activities under information also would be a violation of the Code and possibly of review.” insider trading [60] Gleim #: 1.5.60 rules as well. Rule of Conduct 3.2 under the confidentiality principle An internal auditor has been assigned to an engagement to evaluate states, a possible “Internal auditors shall not use information for any personal gain or in acquisition. Coincidentally, a significant portion of this internal any manner auditor’s personal that would be contrary to the law or detrimental to the legitimate and investment portfolio is composed of the target organization’s stock. ethical What is the objectives of the organization.” internal auditor’s preferable course of action in this situation based Answer (B) is incorrect. The appearance as well as the reality of on The IIA’s Code loss of of Ethics? independence must be considered. Acquaint the chief audit executive with the situation and ask to be Answer (C) is incorrect. The internal auditor might be deemed to assigned to have a personal another audit. stake in the results of the engagement. Answer (D) is incorrect. The investment is significant to the internal contrary to the Standards. auditor. Answer (C) is incorrect. The employee’s patenting of new Gleim CIA Test Prep: Part 1 - Internal Audit Basics developments violates (720 questions) the general policy that all important new discoveries are the property Copyright 2013 Gleim Publications Inc. Page 30 of the Printed for Sanja Knezevic organization. Furthermore, if the practice is an alternative way to fb.com/ciaaofficial provide benefits [61] Gleim #: 1.5.61 to an employee, it may violate employee compensation rules. It may During the course of an engagement, an internal auditor discovered also need to that a research and be reported to various taxing authorities. development employee has been patenting new developments that Answer (D) is correct. Under the Standards, internal auditors should are unrelated to the communicate engagement results. Rule of Conduct 4.2 states, basic business of the organization. The organization does not have a “Internal auditors specific policy shall perform internal auditing services in accordance with the addressing patents on developments that are not related to its basic International business, but it has Standards for the Professional Practice of Internal Auditing.” Rule of a general policy that all important new discoveries by employees are Conduct the property of 2.3 under the objectivity principle states, “Internal auditors shall the organization. The employee is considered one of the most disclose all prestigious in the field. material facts known to them that, if not disclosed, may distort the The employee’s actions have been condoned by local management reporting of as an extra activities under review.” Hence, the failure to report violates The IIA’s incentive to keep the employee at the lab. A decision not to report Code of the employee’s Ethics and the Standards. action is [62] Gleim #: 1.5.62 A violation of The IIA’s A. Code of Ethics. Which of the following actions could be construed as a violation of B. A violation of the reporting requirements in the Standards. The IIA’s Code of Justified because divisional management is aware of the practice, Ethics? and it is not in Failing to report to management information that would be material to violation of organizational policies. management’s judgment. C. A. Both a violation of The IIA’s Code of Ethics AND a violation of the B. Expressing an opinion on internal financial statements. reporting Turning a case over to the security department when an internal requirements in the Standards. auditor suspects D. fraud but has no proof. Answer (A) is incorrect. Failing to report the violation of C. organizational policy is Including an internal control problem in a final engagement contrary to The IIA’s Code of Ethics. communication when Answer (B) is incorrect. Failing to report the violation of it has been corrected prior to completion of the engagement. organizational policy is D. Gleim CIA Test Prep: Part 1 - Internal Audit Basics disclosed, may distort the reporting of activities under review.” (720 questions) Moreover, Rule Copyright 2013 Gleim Publications Inc. Page 31 of Conduct 1.3 under the integrity principle states, “Internal auditors Printed for Sanja Knezevic shall not Answer (A) is correct. Rule of Conduct 2.3 under the objectivity knowingly be a party to any illegal activity, or engage in acts that are principle states, discreditable “Internal auditors shall disclose all material facts known to them that, to the profession of internal auditing or to the organization.” if not disclosed, Answer (B) is incorrect. Internal auditors must report material facts may distort the reporting of activities under review.” that, if not Answer (B) is incorrect. Expressing an opinion on internal financial disclosed, could distort the reporting of activities. They also may not statements is knowingly acceptable since it is for internal use only. be a party to an illegal activity. Answer (C) is incorrect. Turning a case over to the security Answer (C) is incorrect. Internal auditors may not knowingly be a department is acceptable party to an as long as the internal auditor is careful not to state any final illegal activity. conclusions that are not Answer (D) is incorrect. Internal auditors ordinarily are not required supported by factual information. to disclose Answer (D) is incorrect. Such reporting is routine. voluntarily any illegal or improper acts to outside individuals or [63] Gleim #: 1.5.63 organizations. During an engagement, an internal auditor learned that certain They should try to work within their organizations. However, under individuals in the Rule of organization were involved in industrial espionage for the benefit of Conduct 1.2, they should make any disclosures expected by the law the organization. or by the According to The IIA’s Code of Ethics, what is the internal auditor’s profession. proper course of [64] Gleim #: 1.5.64 action? Which of the following activities of an internal auditor is most likely to Report the facts to the appropriate individuals within A. the be acceptable organization. under The IIA’s Code of Ethics? B. No action is required because this condition is not detrimental to Late arrivals and early departures from work because this practice is the organization. common in Note the condition in the working papers but refrain from reporting it the organization. because it A. benefits the organization. Frequent luncheons and other socializing with major suppliers of the C. organization D. Report the condition to the appropriate governmental regulatory without the consent of senior management. agency. B. Answer (A) is correct. Rule of Conduct 2.3 under the objectivity C. Conducting an unrelated business outside of office hours. principle states, D. Acceptance of a material gift from a supplier. “Internal auditors shall disclose all material facts known to them that, Gleim CIA Test Prep: Part 1 - Internal Audit Basics if not (720 questions) Copyright 2013 Gleim Publications Inc. Page 32 removed by internal audit management. Printed for Sanja Knezevic B. fb.com/ciaaofficial To keep the engagement effort within the budgeted time, the internal Answer (A) is incorrect. Internal auditors should exercise diligence auditor was in performing directed to and did curtail testing in an area that looked suspicious their duties. and later was Answer (B) is incorrect. Rule of Conduct 2.1 under the objectivity proved to contain massive irregularities. principle states, C. “Internal auditors shall not participate in any activity or relationship A control system that had been recommended by the internal audit that may impair or staff during the be presumed to impair their unbiased assessment. This participation previous engagement was found to be defective. The internal auditor includes those reported the activities or relationships that may be in conflict with the interests of defective function as an engagement client failure. the organization.” D. Answer (C) is correct. Nothing in The IIA’s Code of Ethics prohibits Answer (A) is incorrect. Immaterial facts need not be included. operating an Answer (B) is incorrect. The ethical transgression, if any, was not unrelated business outside of regular office hours. The activity does made by the not, in itself, internal auditor but by internal audit management. constitute a conflict of interest, a use of information for personal gain, Answer (C) is incorrect. The ethical transgression, if any, was not or an made by the impairment of the internal auditor’s unbiased assessment. internal auditor but by internal audit management. Answer (D) is incorrect. Rule of Conduct 2.2 under the objectivity Answer (D) is correct. Reporting the defective function as an principle states, engagement client “Internal auditors shall not accept anything that may impair or be failure is a violation of the internal auditor’s ethical obligation to presumed to impair disclose all their professional judgment.” material facts known to him/her that, if not disclosed, may distort the [65] Gleim #: 1.5.65 reporting of Which of the following items is a violation by an internal auditor of activities under review (Rule of Conduct 2.3). The IIA’s Code of Gleim CIA Test Prep: Part 1 - Internal Audit Basics Ethics? (720 questions) Certain facts recorded in the internal auditor’s working papers that Copyright 2013 Gleim Publications Inc. Page 33 helped to Printed for Sanja Knezevic support the basic allegations made by the internal auditor regarding [66] Gleim #: 1.5.66 a case of fraud Which of the following actions by an internal auditor would violate were not included in the final engagement communication. The IIA’s Code of A. Ethics? Information in the internal auditor’s working papers that proved a Attendance at an educational program offered by an engagement criminal act was client to all included in the internal auditor’s draft communication. The comments employees. were later A. Acceptance of airline tickets from an B. engagement client. been reviewed and for which there are no plans for a future Disclosure, in an engagement communication, of all material facts engagement. The relevant to the tickets are usually made available to employees of that department. area reviewed. C. C. D. A bottle of whiskey from the organization’s treasurer. Disposal of a small ownership interest in the organization prior to Answer (A) is correct. Rule of Conduct 2.2 under the objectivity learning of a principle states, business downturn. “Internal auditors shall not accept anything that may impair or be D. presumed to Answer (A) is incorrect. Continuing education is consistent with the impair their professional judgment.” A small promotional item, such duty to as a pen of continually improve proficiency and the effectiveness and quality of minimal value, is unlikely to affect an auditor’s judgment. services Answer (B) is incorrect. A gift from an employee whose department (Rule of Conduct 4.3). may be Answer (B) is correct. Rule of Conduct 2.2 under the objectivity reviewed most likely violates Rule of Conduct 2.2. principle states, Answer (C) is incorrect. A gift from an employee whose department “Internal auditors shall not accept anything that may impair or be may be presumed to reviewed most likely violates Rule of Conduct 2.2. impair their professional judgment.” Answer (D) is incorrect. A gift from an employee whose department Answer (C) is incorrect. Rule of Conduct 2.3 requires full disclosure may be of material reviewed most likely violates Rule of Conduct 2.2. facts when reporting on activities. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. A stock transaction not based on insider (720 questions) information is Copyright 2013 Gleim Publications Inc. Page 34 not an impropriety. Printed for Sanja Knezevic [67] Gleim #: 1.5.67 fb.com/ciaaofficial An internal auditor may receive which of the following without [68] Gleim #: 1.5.68 violating The IIA’s In their reporting, internal auditors are required by The IIA’s Code of Code of Ethics? Ethics to A pen received from the sales manager of a subsidiary with the Present sufficient factual information without revealing confidential imprinted name of matters that the organization’s product and a phone number. could be detrimental to the organization. A. A. A dinner and baseball tickets from the manager of a department Disclose all material information obtained by the auditor as of the being reviewed. date of the final The tickets are usually made available to employees of that engagement communication. department. B. B. Obtain factual information within the established time and C. budget A dinner and baseball tickets from the manager of a department that parameters. has never Disclose material facts known to the internal auditor that could distort “Internal auditors shall not accept anything that may impair or be the final presumed to engagement communication if not revealed. impair their professional judgment.” D. Answer (D) is incorrect. The IIA’s Code of Ethics does not Answer (A) is incorrect. The Code requires only that internal specifically mention auditors be prudent use of the CIA designation. Acts discreditable to the profession or the in the use and protection of information. organization are prohibited, but use of the CIA designation outside Answer (B) is incorrect. The Code does not address disclosure this the specifically. employment context is not per se discreditable. Answer (C) is incorrect. Time and budget parameters are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics addressed in the (720 questions) Code. Copyright 2013 Gleim Publications Inc. Page 35 Answer (D) is correct. Rule of Conduct 2.3 under the objectivity Printed for Sanja Knezevic principle states, [70] Gleim #: 1.5.70 “Internal auditors shall disclose all material facts known to them that, In their communication of results, internal auditors are required by if not The IIA’s Code of disclosed, may distort the reporting of activities under review.” Ethics to [69] Gleim #: 1.5.69 Obtain factual information within the established time and A. budget Which of the following actions by an internal auditor is most likely a parameters. violation of The B. Reveal material facts that could distort communications if not IIA’s Code of Ethics? revealed. A. Accepting payment for teaching auditing at a local university. Present sufficient factual information without revealing confidential B. Having a material ownership interest in a competitor. information C. Accepting a moderate gift from a customer of his/her organization. that could be detrimental to the organization. Allowing use of the Certified Internal Auditor designation in a context C. not Disclose all material information obtained as of the date of the final involving his/her employment. engagement D. communication. Answer (A) is incorrect. Teaching is compatible with internal D. auditing. Answer (A) is incorrect. Obtaining information pertains to performing Answer (B) is incorrect. Having a material ownership interest in a the competitor is engagement, not communicating results. more likely to cause a conflict for a director or officer than an internal Answer (B) is correct. Internal auditors should disclose all material auditor. An facts known internal auditor would seldom be able during the course of his/her to them that, if not disclosed, may distort the reporting of activities employment to under review take action that would enhance the value of the ownership interest. (Rule of Conduct 2.3). Answer (C) is correct. Rule of Conduct 2.2 under the objectivity Answer (C) is incorrect. The Code of Ethics does not prohibit principle states, communicating confidential information to appropriate parties within the organization, disclosed, may distort the reporting of activities under review.” e.g., senior Moreover, Rule of management and the board. Conduct 1.3 under the integrity principle states, “Internal auditors Answer (D) is incorrect. Disclosures by the internal auditors are not shall not limited to knowingly be a party to any illegal activity, or engage in acts that are information obtained as of the date of the final engagement discreditable communication. to the profession of internal auditing or to the organization.” [71] Gleim #: 1.5.71 Answer (C) is incorrect. Rule of Conduct 4.3 under the competency Which of the following situations is a violation of The IIA’s Code of principle Ethics? states, “Internal auditors shall continually improve their proficiency An internal auditor, with the knowledge and consent of management, and the accepted a effectiveness and quality of their services.” token gift from a customer of the organization that was not presumed Answer (D) is incorrect. Although an internal auditor is prohibited to impair from using and did not impair judgment. confidential information for personal gain, and an investment in the A. organization’s Knowing that management was aware of the situation, an internal stock would be questionable, an investment in a mutual fund is auditor acceptable. purposely left a description of an unlawful practice out of the final Gleim CIA Test Prep: Part 1 - Internal Audit Basics engagement (720 questions) communication. Copyright 2013 Gleim Publications Inc. Page 36 B. Printed for Sanja Knezevic An internal auditor shared techniques with internal auditors from fb.com/ciaaofficial another [72] Gleim #: 1.5.72 organization. The chief audit executive (CAE) of a mid-sized internal audit activity C. was concerned Based upon knowledge of the probable success of the employer’s that management might outsource the internal auditing function. business, an Thus, the CAE internal auditor invested in a mutual fund that specialized in the same adopted a very aggressive program to promote the internal audit industry. activity within the D. organization. The CAE planned to present the results to senior Answer (A) is incorrect. Acceptance of anything from a customer is management and the prohibited board and recommend modification of the internal audit activity’s but only if it would impair or be presumed to impair professional charter after using judgment. the new program. The following lists six actions the CAE took to Answer (B) is correct. Rule of Conduct 2.3 under the objectivity promote a positive principle states, image within the organization: “Internal auditors shall disclose all material facts known to them that, Engagement assignments concentrated on efficiency. The if not engagements focused solely on cost savings, and each engagement communication negotiation took place until acceptable criteria could be agreed upon. highlighted potential The costs to be saved. Negative observations were omitted. The focus on engagement communication commented on the engagement client’s efficiency operations in was new, but the engagement clients seemed very happy. conjunction with the agreed-upon criteria. 1. 6. Drafts of all engagement communications were carefully reviewed Which of the following elements of Action 1 taken by the CAE would with the be considered engagement clients to get their input. Their comments were carefully inappropriate? considered The type of engagements was changed before modifying the internal when developing the final engagement communication. audit 2. activity’s charter and going to the audit committee. The information technology internal auditor participated as part of a I. development Negative observations were omitted from the engagement II. team to review the control procedures to be incorporated into a major communications. computer Cost savings and recommendations were highlighted in the application under development. engagement 3. communication. Given limited resources, the engagement manager performed a risk III. assessment to A. I and II. establish engagement work schedule priorities. This was a marked B. I and III. departure from C. I only. the previous approach of ensuring that all operations are evaluated D. II and III. on at least a 3- Gleim CIA Test Prep: Part 1 - Internal Audit Basics year interval. (720 questions) 4. Copyright 2013 Gleim Publications Inc. Page 37 To save time, the CAE no longer required that a standard internal Printed for Sanja Knezevic control Answer (A) is correct. The CAE dramatically changed internal questionnaire be completed for each engagement. audit’s scope of work 5. without consulting with the board. A second violation is the omission When the internal auditors found that the engagement client had not of negative developed observations. Under The IIA’s Code of Ethics, the auditors must specific criteria or data to evaluate operations, the internal auditors disclose all material were facts known to them that, if not disclosed, may distort the reporting of instructed to perform research, develop specific criteria, review the activities under criteria with review (Rule of Conduct 2.3). the engagement client, and, if acceptable, use them to evaluate the Answer (B) is incorrect. Highlighting potential cost savings is engagement appropriate for an client’s operations. If the engagement client disagreed with the engagement communication, and material negative observations criteria, a must not be omitted. Answer (C) is incorrect. Omitting negative observations is also a requires internal auditors to disclose all material facts known to them violation. that, if not Answer (D) is incorrect. The CAE dramatically changed internal disclosed, might distort the reporting of activities under review. audit’s scope of Gleim CIA Test Prep: Part 1 - Internal Audit Basics work without consulting with the board. Moreover, highlighting (720 questions) potential cost savings Copyright 2013 Gleim Publications Inc. Page 38 is appropriate for an engagement communication. Printed for Sanja Knezevic [73] Gleim #: 1.6.73 fb.com/ciaaofficial Which of the following is permissible under The IIA’s Code of Ethics? [74] Gleim #: 1.6.74 Disclosing confidential, engagement-related information that is Which situation most likely violates The IIA’s Code of Ethics and the potentially Standards? damaging to the organization in response to a court order. The chief audit executive (CAE) disagrees with the engagement A. client about the Using engagement-related information in a decision to buy an observations and recommendations in a sensitive area. The CAE ownership interest discusses the in the employer organization. detail of the observations and the proposed recommendations with a B. fellow CAE Accepting an unexpected gift from an employee whom the internal from another organization. auditor has A. praised in a recent engagement communication. An organization’s charter for the internal audit activity requires the C. chief audit Not reporting significant observations and recommendations about executive (CAE) to present the yearly engagement work schedule to illegal activity the board for to the board because management has indicated it will address the its approval and suggestions. issue. B. D. The engagement manager has removed the most significant Answer (A) is correct. The principle of confidentiality permits the observations and disclosure of recommendations from the final engagement communication. The in- confidential information if there is a legal or professional obligation to charge do so. internal auditor opposed the removal, explaining that (s)he knows the Answer (B) is incorrect. Rule of Conduct 3.2 prohibits internal reported auditors from conditions exist. The in-charge internal auditor agrees that, using information for personal gain. technically, Answer (C) is incorrect. Rule of Conduct 2.2 prohibits internal information is not sufficient to support the observations, but auditors from management cannot accepting anything that may impair, or be presumed to impair, their explain the conditions, and the observations are the only reasonable professional conclusions. judgment. C. Answer (D) is incorrect. Rule of Conduct 2.3 under the objectivity Because the internal audit activity lacks skill and knowledge in a principle specialty area, the chief audit executive (CAE) has hired an expert. The occurred. engagement manager has C. been asked to review the expert’s approach to the assignment. The CAE refuses to provide information about organizational Although operations to his knowledgeable about the area under review, the manager is hesitant father, who is a part owner. to accept the D. assignment because of lack of expertise. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. (720 questions) Answer (A) is correct. Rule of Conduct 3.1 under the confidentiality Copyright 2013 Gleim Publications Inc. Page 39 principle Printed for Sanja Knezevic states, “Internal auditors shall be prudent in the use and protection of Answer (A) is incorrect. According to Rule of Conduct 1.1, “Internal information auditors shall acquired in the course of their duties.” Discussion of sensitive perform their work with honesty, diligence, and responsibility.” matters with an Answer (B) is incorrect. According to Rule of Conduct 4.3, “Internal unauthorized party is the situation most likely to be considered a auditors shall Code violation. continually improve their proficiency and the effectiveness and Answer (B) is incorrect. Approval of the engagement work schedule quality of their by the board services.” and senior management is required. Answer (C) is incorrect. According to Rule of Conduct 4.2, “Internal Answer (C) is incorrect. Information must be sufficient to achieve auditors shall engagement perform internal audit services in accordance with the International objectives. Standards for the Answer (D) is incorrect. The Standards allow use of experts when Professional Practice of Internal Auditing (Standards).” The needed. Standards require [75] Gleim #: 1.6.75 supporting information to be sufficient, reliable, relevant, and useful. Which of the following actions taken by a chief audit executive (CAE) Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality could be principle states, considered professionally ethical under The IIA’s Code of Ethics? “Internal auditors shall be prudent in the use and protection of The CAE decides to delay an engagement at a branch so that his information acquired in nephew, the the course of their duties.” Additionally, Rule of Conduct 3.2 states, branch manager, will have time to “clean things up.” “Internal auditors A. shall not use information for any personal gain or in any manner that To save organizational resources, the CAE cancels all staff training would be contrary for the next 2 to the law or detrimental to the legitimate and ethical objectives of the years on the basis that all staff are too new to benefit from training. organization.” B. Thus, such use of information by the CAE might be illegal under To save organizational resources, the CAE limits procedures at insider trading rules. foreign branches [76] Gleim #: 1.6.76 to confirmations from branch managers that no major personnel A chief audit executive (CAE) learned that a staff internal auditor changes have provided confidential information to a relative. Both the CAE and staff internal Printed for Sanja Knezevic auditor are fb.com/ciaaofficial CIAs. Although the internal auditor did not benefit from the [77] Gleim #: 1.6.77 transaction, the relative Which of the following situations is a violation of The IIA’s Code of used the information to make a significant profit. The most Ethics? appropriate way for the An internal auditor was ordered to testify in a court case in which a CAE to deal with this problem is to merger partner Verbally reprimand the A. internal auditor. claimed to have been defrauded by the internal auditor’s B. Summarily discharge the internal auditor and notify The IIA. organization. The C. Take no action because the internal auditor did not benefit from internal auditor divulged confidential information to the court. the transaction. A. Inform The IIA’s Board of Directors and take the personnel action An internal auditor for a manufacturer of office products recently required by completed an organizational policy. engagement to evaluate the marketing function. Based on this D. experience, the Answer (A) is incorrect. The internal auditor has violated Rule of internal auditor spent several hours one Saturday working as a paid Conduct 3.2 consultant to a regarding use of information. The IIA should be notified. hospital in the local area that intended to conduct an engagement to Answer (B) is incorrect. Summary discharge may not be in evaluate its accordance with marketing function. company personnel policies. B. Answer (C) is incorrect. The auditor improperly used information An internal auditor gave a speech at a local IIA chapter meeting and violated outlining the The IIA’s Code of Ethics. Some action is warranted. contents of a program the internal auditor had developed for Answer (D) is correct. The staff internal auditor has violated Rule of engagements relating Conduct 3.2 to electronic data interchange (EDI) connections. Several internal regarding use of information. A violation of The IIA’s Code of Ethics auditors from is the basis major competitors were in the audience. for a complaint to the International Ethics Committee, which is C. responsible for During an engagement, an internal auditor learned that the receiving, interpreting, and investigating all complaints against organization was about members or CIAs to introduce a new product that would revolutionize the industry. on behalf of the Board of Directors of The IIA and making Because of the recommendations to probable success of the new product, the product manager the Board on actions to be taken (Administrative Directive 5). In suggested that the addition, internal auditor buy an additional interest in the organization, which organizational policy must be followed. the internal Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditor did. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 40 Answer (A) is incorrect. The principle of confidentiality permits the Answer (A) is incorrect. Disclosure of information technology disclosure of controls is not confidential information if there is a legal or professional obligation to detrimental to the objectives of the organization. They are not likely do so. to be trade secrets. Answer (B) is incorrect. The hospital is not a competitor or supplier Answer (B) is correct. Rule of Conduct 3.2 under the confidentiality of the principle states, internal auditor’s employer. Hence, no conflict of interest is involved. “Internal auditors shall not use information for any personal gain or in Answer (C) is incorrect. Giving a speech is not a violation of The any manner that IIA’s Code of would be contrary to the law or detrimental to the legitimate and Ethics. In fact, The IIA’s motto is “progress through sharing.” ethical objectives of Answer (D) is correct. Rule of Conduct 3.2 under the confidentiality the organization.” principle Answer (C) is incorrect. If senior management permits the omission, states, “Internal auditors shall not use information for any personal the internal gain or in any auditor is not guilty of failing to disclose material facts. manner that would be contrary to the law or detrimental to the Answer (D) is incorrect. An investigation of expense accounts is legitimate and within the internal ethical objectives of the organization.” auditor’s normal responsibilities, but further investigation of fraud [78] Gleim #: 1.6.78 should ordinarily be Which of the following most likely constitutes a violation of The IIA’s made by investigative specialists. Code of Ethics [79] Gleim #: 1.6.79 by an internal auditor? An internal auditor is performing services in a division in which the Discussing at a trade convention the organization’s controls over its chief financial computer officer is a close personal friend, and the internal auditor learns that networks. the friend is to be A. replaced after a series of critical labor negotiations. The internal Purchasing stock in a target entity after overhearing an executive’s auditor relays this discussion of a information to the friend. Has a violation of The IIA’s Code of Ethics possible acquisition. occurred? B. No. The use of the confidential information resulted in no personal Deleting sensitive information from a final engagement gain to the communication at the internal auditor. request of senior management. A. C. No. The internal auditor was just being honest with B. his/her friend. Investigating executive expense reports based completely on D. C. Yes. The internal auditor had a conflict of interest with the rumors of padding. organization. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Yes. The internal auditor was not prudent in the use of information (720 questions) acquired in the Copyright 2013 Gleim Publications Inc. Page 41 course of his/her duties. Printed for Sanja Knezevic D. Answer (A) is incorrect. The Rules of Conduct specifically prohibit During the course of an engagement, an internal auditor discovers using that a clerk is information in a manner that would be detrimental to the legitimate embezzling funds from the organization. Although this is the first and ethical embezzlement ever objectives of the organization. encountered and the organization has a security department, the Answer (B) is incorrect. The Rules of Conduct specifically prohibit internal auditor using decides to interrogate the suspect. If the internal auditor is violating information in a manner that would be detrimental to the legitimate The IIA’s Code of and ethical Ethics, the rule violated is most likely objectives of the organization. Failing to exercise A. due diligence. Answer (C) is incorrect. The facts do not suggest that a conflict of B. Lack of loyalty to the organization. interest C. Lack of competence in this area. existed. However, such a conflict would be present, for example, if D. Failing to comply with the law. the internal Answer (A) is incorrect. The requirement to perform work with auditor used confidential information to seize a business opportunity diligence does that not override the competency Rules of Conduct or the need to use rightfully belonged to the organization. good judgment. Answer (D) is correct. These facts constitute a violation of The IIA’s Answer (B) is incorrect. Loyalty is better exhibited by consulting with Code of professionals and knowing the limits of competence. Ethics. Rule of Conduct 3.1 under the confidentiality principle states, Answer (C) is correct. Rule of Conduct 4.1 under the competency “Internal principle auditors shall be prudent in the use and protection of information states, “Internal auditors shall engage only in those services for acquired in the which they have course of their duties.” Further, Rule of Conduct 3.2 states, “Internal the necessary knowledge, skills, and experience.” Internal auditors auditors may not have, shall not use information for any personal gain or in any manner that and are not expected to have, knowledge equivalent to that of a would be person whose contrary to the law or detrimental to the legitimate and ethical primary responsibility is to detect and investigate fraud (Impl. Std. objectives of the 1210.A2). organization.” In this case, the decision whether to notify the financial Answer (D) is incorrect. The internal auditor may violate the officer of suspect’s civil rights his/her replacement was properly the organization’s. Accordingly, the as a result of inexperience. internal [81] Gleim #: 1.7.81 auditor was bound not to tell his/her friend. Internal auditors who fail to maintain their proficiency through Gleim CIA Test Prep: Part 1 - Internal Audit Basics continuing education (720 questions) could be found to be in violation of Copyright 2013 Gleim Publications Inc. Page 42 A. The International Standards for the Professional Practice of Printed for Sanja Knezevic Internal Auditing. fb.com/ciaaofficial B. The IIA’s Code of Ethics. [80] Gleim #: 1.7.80 Both the International Standards for the Professional Practice of chief audit executive (CAE). The new CAE is not a member of The Internal IIA and is not a Auditing and The IIA’s Code of Ethics. CIA. Henceforth, the internal audit activity will be run strictly by the C. CAE’s standards, D. None of the answers are correct. not The IIA’s. All four staff internal auditors are members of The IIA, Answer (A) is incorrect. The IIA’s Code of Ethics also is violated. but they are not Rule of CIAs. According to The IIA’s Code of Ethics, what is the best course Conduct 4.3 under the competency principle states, “Internal auditors of action for the shall staff internal auditors? continually improve their proficiency and the effectiveness and The Code does not apply because A. they are not CIAs. quality of their They should comply with the International Standards for the services.” Professional Answer (B) is incorrect. The Standards also are violated because Practice of Internal Auditing. they require B. auditors to enhance their knowledge, skills, and other competencies They must respect the legitimate and ethical objectives of the through organization and continuing professional development. ignore the Standards. Answer (C) is correct. Rule of Conduct 4.3 under the competency C. principle D. They must resign their jobs to avoid improper activities. states, “Internal auditors shall continually improve their proficiency Answer (A) is incorrect. The IIA’s Code of Ethics may be enforced and the against IIA effectiveness and quality of their services.” Furthermore, Attr. Std. members and recipients of, or candidates for, IIA professional 1230 states, certifications. “Internal auditors must enhance their knowledge, skills, and other Answer (B) is correct. Rule of Conduct 4.2 under the competency competencies principle through continuing professional development.” Hence, both The IIA’s states, “Internal auditors shall perform internal audit services in Code of accordance with Ethics and the Standards are violated by failing to earn continuing the International Standards for the Professional Practice of Internal education Auditing.” credits. Because the internal auditors are members of The Institute, The IIA’s Answer (D) is incorrect. Both the Code and the Standards would be Code of violated. Ethics is enforceable against them even though they are not CIAs. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Internal auditors should respect and (720 questions) contribute to the Copyright 2013 Gleim Publications Inc. Page 43 legitimate and ethical objectives of the organization, but an IIA Printed for Sanja Knezevic member, a holder [82] Gleim #: 1.7.82 of an IIA professional certification, or a candidate for certification may An organization has recently placed a former operating manager in be liable the position of for disciplinary action for failure to adhere to the Standards. Answer (D) is incorrect. The IIA’s Code of Ethics says nothing about Answer (B) is correct. Rule of Conduct 4.2 under the competency resignation principle requires to avoid improper activities. internal auditing services to be performed in accordance with the [83] Gleim #: 1.7.83 Standards. A new staff internal auditor was told to perform an engagement in an Attr. Std. 1200 requires engagements to be performed with area with which proficiency and due the internal auditor was not familiar. Because of time constraints, no professional care. They also should be properly supervised to ensure supervision was that objectives are provided. The assignment represented a good learning experience, achieved, quality is assured, and staff is developed (Perf. Std. 2340). but the area was Answer (C) is incorrect. The Code requires compliance with the clearly beyond the internal auditor’s competence. Nonetheless, the Standards, and the internal auditor Standards require proper supervision. prepared comprehensive working papers and communicated the Answer (D) is incorrect. The Standards and the Code were not results to followed. management. In this situation, [84] Gleim #: 1.7.84 The internal audit activity violated the Standards by hiring an internal Which of the following most likely constitutes a violation of The IIA’s auditor Code of without proficiency in the area. Ethics? A. Auditor A has accepted an assignment to perform an engagement at The internal audit activity violated the Standards by not providing the adequate electronics manufacturing division. Auditor A has recently joined the supervision. internal B. audit activity. But Auditor A was senior auditor for the external audit The chief audit executive has not violated The IIA’s Code of Ethics of that because it division and has audited many electronics organizations during the does not address supervision. past 2 years. C. A. The Standards and The IIA’s Code of Ethics were followed by the Auditor B has been assigned to perform an engagement at the internal audit warehousing activity. function 6 months from now. Auditor B has no expertise in that area D. but accepted Gleim CIA Test Prep: Part 1 - Internal Audit Basics the assignment anyway. Auditor B has signed up for continuing (720 questions) professional Copyright 2013 Gleim Publications Inc. Page 44 education courses in warehousing that will be completed before the Printed for Sanja Knezevic assignment fb.com/ciaaofficial begins. Answer (A) is incorrect. All internal auditors need not be proficient in B. all areas. The Auditor C is content as an internal auditor and has come to look at it internal audit activity as a whole should have an appropriate mix of as a regular skills. 9-to-5 job. Auditor C has not engaged in continuing professional [85] Gleim #: 1.7.85 education or Under The IIA’s Code of Ethics, an entity that provides internal other activities to improve effectiveness during the last 3 years. auditing services is However, Auditor specifically required to C feels performance of quality work is the same as before. Maintain certain predetermined staffing requirements A. for C. engagements. Auditor D discovered an internal financial fraud during the year. The Comply with the International Standards for the Professional Practice books were of Internal adjusted to properly reflect the loss associated with the fraud. Auditor Auditing. D discussed B. the fraud with the external auditor when the external auditor reviewed C. Comply with organizational policy. working D. Participate in a formal continuing education program. papers detailing the incident. Answer (A) is incorrect. Staffing requirements must be determined D. based on the Answer (A) is incorrect. No professional conflict of interest exists per circumstances of each engagement. se, Answer (B) is correct. The IIA’s Code of Ethics applies not only to especially given that the internal auditor was previously in public individuals accounting. but also to entities that provide internal auditing services. Rule of However, the internal auditor should be aware of potential conflicts. Conduct 4.2 Answer (B) is incorrect. An internal auditor must possess the under the competency principle states, “Internal auditors shall necessary perform internal knowledge, skills, and competencies at the time an engagement is audit services in accordance with the International Standards for the conducted, not Professional the time it is accepted. Practice of Internal Auditing.” Answer (C) is correct. Rule of Conduct 4.3 under the competency Answer (C) is incorrect. The Code requires internal auditors to principle respect and states, “Internal auditors shall continually improve their proficiency contribute to the legitimate and ethical objectives of the organization and the and not effectiveness and quality of their services.” engage in acts discreditable to the organization. However, the Code Answer (D) is incorrect. The information was disclosed as part of does not the normal specifically mention compliance with organizational policy. process of cooperation between the internal and external auditor. Answer (D) is incorrect. The Code requires compliance with the Because the Standards, and books were adjusted, the external auditor was expected to inquire as the Standards require internal auditors to enhance their knowledge, to the nature skills, and of the adjustment. other competencies through continuing professional development, Gleim CIA Test Prep: Part 1 - Internal Audit Basics but neither the (720 questions) Code nor the Standards require formal continuing education. Copyright 2013 Gleim Publications Inc. Page 45 [86] Gleim #: 1.7.86 Printed for Sanja Knezevic The IIA’s Code of Ethics incorporates by reference which of the [87] Gleim #: 1.7.87 following rules? Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require A. Duty to disclose all material facts when reporting on activities. that due B. Performance with proficiency and due professional care. professional care be used in obtaining information to support an C. Prudent and lawful use of information. engagement opinion? D. No acceptance of anything that may impair professional judgment. Sufficient, reliable, relevant, and useful information lends credibility to Answer (A) is incorrect. Rule of Conduct 2.3 states, “Internal the auditors shall opinion. disclose all material facts known to them that, if not disclosed, may A. distort the To preclude any conflict B. of interest. reporting of activities under review.” C. To require honesty in performing work. Answer (B) is correct. Rule of Conduct 4.2 under the competency If internal auditors were permitted to communicate engagement principle results without states, “Internal auditors shall perform internal audit services in obtaining sufficient information, they would be in a position to accept accordance with fees or gifts the International Standards for the Professional Practice of Internal from engagement clients. Auditing.” D. Attribute Standard 1200 requires engagements to be performed with Answer (A) is correct. Engagements must be performed with proficiency proficiency and due and due professional care. professional care (Attr. Std. 1200), and the engagement results must Answer (C) is incorrect. Rule of Conduct 3.1 states, “Internal be auditors shall be communicated (Perf. Std. 2400). Engagement results include prudent in the use and protection of information acquired in the observations, course of their conclusions, opinions, recommendations, and action plans (PA 2410- duties.” Rule of Conduct 3.2 states, “Internal auditors shall not use 1). If internal information auditors expressed opinions or otherwise communicated for any personal gain or in any manner that would be contrary to the engagement results law or without substantive investigation and compliance with the Standards, detrimental to the legitimate and ethical objectives of the such organization.” communications would be meaningless. The Standards are therefore Answer (D) is incorrect. Rule of Conduct 2.2 states, “Internal incorporated auditors shall not by reference into The IIA’s Code of Ethics by Rule of Conduct 4.2. accept anything that may impair or be presumed to impair their Thus, internal professional auditors must identify sufficient, reliable, relevant, and useful judgment.” information to Gleim CIA Test Prep: Part 1 - Internal Audit Basics achieve the engagement’s objectives (Perf. Std. 2310). (720 questions) Answer (B) is incorrect. A separate ethics rule prohibits conflicts of Copyright 2013 Gleim Publications Inc. Page 46 interest. Rule Printed for Sanja Knezevic of Conduct 2.1 states, “Internal auditors shall not participate in any fb.com/ciaaofficial activity or relationship that may impair or be presumed to impair their unbiased within the organization, including the nature of the chief audit assessment. executive’s functional This participation includes those activities or relationships that may reporting relationship with the board; authorizes access to records, be in conflict personnel, and with the interests of the organization.” physical properties relevant to the performance of engagements; and Answer (C) is incorrect. Rule of Conduct 1.1 requires honesty, defines the scope diligence, and of internal audit activities (Inter. Std. 1000). Thus, the charter responsibility in the performance of work. prescribes the internal Answer (D) is incorrect. Rule of Conduct 2.2 prohibits accepting audit activity’s relationships with other units within the organization anything that and with those may impair or be presumed to impair the professional judgment of an outside. internal [89] Gleim #: 1.8.89 auditor. The board of an organization has charged the chief audit executive [88] Gleim #: 1.8.88 (CAE) with During an engagement to evaluate the organization’s accounts upgrading the internal audit activity. The CAE’s first task is to payable function, an develop a charter. What internal auditor plans to confirm balances with suppliers. What is the item should be included in the statement of objectives? source of Report all engagement results to the board A. every quarter. authority for such contacts with units outside the organization? Notify governmental regulatory agencies of unethical business A. Internal audit activity policies and procedures. practices by B. The Standards. organization management. C. The Code of Ethics. B. D. The internal audit activity’s charter. C. Evaluate the adequacy and effectiveness of the organization’s Gleim CIA Test Prep: Part 1 - Internal Audit Basics controls. (720 questions) D. Submit budget variance reports to management every month. Copyright 2013 Gleim Publications Inc. Page 47 Answer (A) is incorrect. Only significant engagement results are Printed for Sanja Knezevic discussed with Answer (A) is incorrect. Policies and procedures guide the internal the board. auditors in their Answer (B) is incorrect. Internal auditors ordinarily are not required consistent compliance with the internal audit activity’s standards of to report performance. deficiencies in regulatory compliance to the appropriate agencies. Answer (B) is incorrect. The internal audit activity’s authority is However, they defined in a charter must observe the law and make disclosures expected by the law and approved by the board. profession Answer (C) is incorrect. The purpose of the Code of Ethics is to (Rule of Conduct 1.2). promote an ethical Answer (C) is correct. The charter establishes the internal audit culture in the profession of internal auditing. activity’s position Answer (D) is correct. The charter establishes the internal audit within the organization, including the nature of the chief audit activity’s position executive’s functional reporting relationship with the board; authorizes access to Answer (B) is incorrect. Disclosure to the board is an obligation, not records, an element personnel, and physical properties relevant to the performance of of authority. engagements; Answer (C) is correct. The charter establishes the internal audit and defines the scope of internal audit activities (Inter. Std. 1000). activity’s position Internal within the organization, including the nature of the chief audit auditing brings a systematic, disciplined approach to evaluating and executive’s improving functional reporting relationship with the board; authorizes access to risk management, control, and governance processes (Definition of records, Internal personnel, and physical properties relevant to the performance of Auditing). engagements; Answer (D) is incorrect. Submission of budgetary variance reports is and defines the scope of internal audit activities (Inter. Attr. Std. not a 1000). primary objective of internal auditing. It is a budgetary control that Answer (D) is incorrect. Access to the external auditor’s management engagement records may require on a periodic basis. cannot be guaranteed. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [91] Gleim #: 1.8.91 (720 questions) The authority of the internal audit activity is limited to that granted by Copyright 2013 Gleim Publications Inc. Page 48 A. The board and the controller. Printed for Sanja Knezevic B. Senior management and the Standards. fb.com/ciaaofficial C. Management and the board. [90] Gleim #: 1.8.90 D. The board and the chief financial officer. An element of authority that must be included in the charter of the Answer (A) is incorrect. The controller is not the only member of internal audit management. activity is Answer (B) is incorrect. The Standards cannot provide actual Identification of the organizational units where engagements are A. authority to an to be performed. internal audit activity. B. Identification of the types of disclosures that should be made to Answer (C) is correct. The purpose, authority, and responsibility of the board. the internal Access to records, personnel, and physical properties relevant to the audit activity must be formally defined in a charter. The CAE must performance periodically of engagements. review and present the charter to senior management and the board C. for approval D. Access to the external auditor’s engagement records. (Attr. Std. 1000). Answer (A) is incorrect. The audit schedule is based on a risk Answer (D) is incorrect. Management and the board, not a particular assessment; it is manager, thus inappropriate to designate specific engagement areas in the give the internal audit activity its authority. internal audit [92] Gleim #: 1.8.92 charter. A charter is one of the more important factors positively affecting the internal audit activity’s independence. Which of the following is least likely to be A. part of the Because quality assurance is a new function, seek the approval of charter? management as A. Access to records within the organization. a mediator to set the scope of the engagement. B. The scope of internal audit activities. B. C. The length of tenure of the chief audit executive. Indicate that the engagement will evaluate the function only in D. Access to personnel within the organization. accordance with Gleim CIA Test Prep: Part 1 - Internal Audit Basics the standards set by, and approved by, the quality assurance (720 questions) function before Copyright 2013 Gleim Publications Inc. Page 49 beginning the engagement. Printed for Sanja Knezevic C. Answer (A) is incorrect. The charter establishes the internal audit Terminate the engagement because it will not be productive without activity’s position the client’s within the organization and authorizes access to records. cooperation. Answer (B) is incorrect. The charter establishes the internal audit D. activity’s position Answer (A) is correct. The written charter, approved by the board, within the organization and defines the scope of internal audit defines the activities. scope of internal audit activities (Inter. Std. 1000). Answer (C) is correct. The length of the CAE’s employment should Answer (B) is incorrect. The engagement client does not determine not be codified in the scope of the charter; it is a matter of ongoing judgment for the board. this type of assurance engagement. A scope limitation imposed by Answer (D) is incorrect. The charter establishes the internal audit the client might activity’s position prevent the internal audit activity from achieving its objectives. within the organization and authorizes access to personnel. Answer (C) is incorrect. Other objectives may be established by [93] Gleim #: 1.8.93 management and Internal auditing has planned an engagement to evaluate the the internal auditors. The engagement is not limited to the specific effectiveness of the standards set quality assurance function as it affects the receipt of goods, the by the quality assurance department. It considers such standards in transfer of the goods the into production, and the scrap costs related to defective items. The development of the engagement program. engagement client Answer (D) is incorrect. The internal auditors must conduct the argues that such an engagement is not within the scope of the engagement and internal audit activity communicate any scope limitations to management and the board. and should come under the purview of the quality assurance Gleim CIA Test Prep: Part 1 - Internal Audit Basics department only. What is (720 questions) the most appropriate response? Copyright 2013 Gleim Publications Inc. Page 50 Refer to the internal audit activity’s charter and the approved Printed for Sanja Knezevic engagement plan fb.com/ciaaofficial that includes the area designated for evaluation in the current time [94] Gleim #: 1.8.94 period. The chief audit executive has assigned an internal auditor to perform of irresponsible policy changes by management. The most effective a year-end way to ensure that engagement to evaluate payroll records. The internal auditor has freedom is to contacted the director A. Have the internal audit charter approved by the board. of compensation and has been refused access to necessary B. Adopt policies for the functioning of the internal audit activity. documents. To avoid this C. Establish an audit committee within the board. problem, Develop written policies and procedures to serve as standards of Access to records relevant to performance of engagements should performance for be specified in the internal audit activity. the internal audit activity’s charter. D. A. Answer (A) is correct. The internal audit charter is a formal Internal auditing should be required to report to the CEO of B. the document that organization. defines the internal audit activity’s purpose, authority, and By following the long-range planning process, access to all relevant responsibility. Final records approval of the internal audit charter resides with the board (Inter. should be guaranteed. Attr. Std. C. 1000). D. Board approval should be required for all scope limitations. Answer (B) is incorrect. Adoption of policies for the functioning of Answer (A) is correct. Specific guidelines are written in the internal the internal audit audit activity does not protect its organizational position. activity’s charter authorizing access to records, personnel, and Answer (C) is incorrect. The establishment of an audit committee physical properties alone does not relevant to the performance of engagements (Inter. Attr. Std. 1000). ensure the status of the internal audit activity. Such Answer (D) is incorrect. Written policies and procedures serve to provisions reduce the likelihood of scope limitations. guide the Answer (B) is incorrect. The internal audit activity need not report to internal auditor but have little effect on management. a specific Gleim CIA Test Prep: Part 1 - Internal Audit Basics individual in the organization, although reporting administratively to (720 questions) the CEO is Copyright 2013 Gleim Publications Inc. Page 51 desirable. Printed for Sanja Knezevic Answer (C) is incorrect. Following the long-range planning process [96] Gleim #: 1.8.96 provides no Which of the following is not true with regard to the internal audit guarantee of access. charter? Answer (D) is incorrect. The internal audit activity must inform the It defines the authorities and responsibilities for the internal A. audit board of any activity. scope limitations, but the board’s approval is not required. B. It specifies the minimum resources needed for the internal audit [95] Gleim #: 1.8.95 activity. The organizational position of the internal audit activity should be C. It provides a basis for evaluating the internal audit activity. free from the effects D. It should be approved by the board. Answer (A) is incorrect. The charter formally defines the purpose, many different titles are used in practice. authority, and [98] Gleim #: 1.8.98 responsibilities of the internal audit activity. After the chief audit executive receives approval from the board to Answer (B) is correct. The charter formally defines the purpose, offer consulting authority, and services, what should be done? responsibility of the internal audit activity. Resource requirements are A. The CAE should begin performing consulting services. based on B. The CAE should get approval from the internal auditors. risk-based plans that are consistent with organizational objectives; C. The internal audit charter should be amended. they are not an The board should develop appropriate policies and procedures for appropriate topic to codify in the internal audit charter. conducting Answer (C) is incorrect. The board can use the written charter as a such engagements. basis for D. evaluating the internal audit activity. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Final approval of the internal audit charter (720 questions) resides with Copyright 2013 Gleim Publications Inc. Page 52 the board. Printed for Sanja Knezevic [97] Gleim #: 1.8.97 fb.com/ciaaofficial The chief audit executive (CAE) is best defined as the Answer (A) is incorrect. After the CAE receives board approval, the A. Inspector general. internal audit B. Person responsible for the internal audit function. charter must be amended and the CAE must establish policies and C. Outside provider of internal audit services. procedures. Person responsible for overseeing the contract with the outside Answer (B) is incorrect. The CAE does not need to get additional provider of approval from the internal audit services. internal auditors. Only board approval is required. D. Answer (C) is correct. The purpose, authority, and responsibility of Answer (A) is incorrect. The specific job title of the chief audit the internal audit executive may activity must be formally defined in an internal audit charter (Attr. Std. vary across organizations (The IIA Glossary). 1000). The Answer (B) is correct. The CAE is a person in a senior position nature of consulting services must be defined in the internal audit responsible for charter (Impl. Std. effectively managing the internal audit activity in accordance with the 1000.C1). internal Answer (D) is incorrect. The CAE must establish policies and audit charter and the Definition of Internal Auditing, the Code of procedures to guide the Ethics, and the internal audit activity. Standards (The IIA Glossary). [99] Gleim #: 1.8.99 Answer (C) is incorrect. The internal audit activity may be insourced. Staff members should be afforded an appropriate means through Answer (D) is incorrect. The term “chief audit executive” is defined which they can broadly discuss problems and receive updates regarding the internal audit because (1) the internal audit activity may be insourced or activity’s policies. outsourced and (2) The most appropriate forum for this objective is The internal audit activity’s informal communication A. lines. Answer (A) is incorrect. Management of the internal audit activity B. Internal memoranda. should develop C. Staff meetings. engagement work schedules. D. Employee evaluation conferences. Answer (B) is incorrect. Management of the internal audit activity Answer (A) is incorrect. Informal communication is not the most should revise appropriate travel, promotion, and compensation policies. forum. Answer (C) is correct. In The Practice of Modern Internal Auditing, Answer (B) is incorrect. Memoranda are usually impersonal and do Sawyer states not afford a that one reason for staff meetings is to explain “routine administrative good opportunity for maximum exchange of ideas. matters, to teach Answer (C) is correct. Formal staff meetings provide the best new techniques, and even to let off steam.” For example, staff opportunity for members should be able ensuring that issues are addressed timely and efficiently. In The to raise questions about ineffective procedures, promotions, salaries, Practice of or other Modern Internal Auditing, Sawyer states that one reason for staff problems. meetings is to Answer (D) is incorrect. Developing long-range training programs explain “routine administrative matters, to teach new techniques, and that will meet the even to let staff’s needs should be done by management of the internal audit off steam.” For example, staff members should be able to raise activity. questions about [101] Gleim #: 1.8.101 ineffective procedures, promotions, salaries, or other problems. Any program for selecting and developing the human resources of Answer (D) is incorrect. The employee evaluation conference is not the internal audit a timely activity will fail unless compensation is adequate at all levels of place to discuss problems and receive updates. responsibility. [100] Gleim #: 1.8.100 Policies concerning compensation should The chief audit executive meets with the members of the internal Link internal auditors’ compensation to the pay for comparable audit activity at positions in the scheduled staff meetings. Which of the following is the most controller’s department. appropriate function of A. such a staff meeting? Provide for cost-of-living, longevity, and merit B. increases annually. A. Developing the engagement work schedule. Be informal and as flexible as possible to allow the chief audit B. Revising travel, promotion, and compensation policies. executive to C. Explaining administrative policies and obtaining suggestions from respond to unusual situations. the staff. C. D. Developing long-range training programs that will meet the staff’s Be clearly stated and based on evaluations of position requirements needs. and individual Gleim CIA Test Prep: Part 1 - Internal Audit Basics performance. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 53 Answer (A) is incorrect. No necessary correlation exists between Printed for Sanja Knezevic the work of internal auditors and of the controller’s staff. internal audit activity’s position. Answer (B) is incorrect. Increases need not necessarily be annual. Answer (C) is incorrect. Lack of support by the CEO weakens the Answer (C) is incorrect. Formal, well-defined policies are preferable internal audit to avoid activity’s position. misunderstandings. Answer (D) is correct. The CEO’s statement suggests that the Answer (D) is correct. Internal auditing job descriptions are internal audit activity important because, lacks the support of senior management and the board. Furthermore, among other things, they may be used to justify adequate salaries. the lack of As part of an outside audit committee members may contribute to a loss of overall personnel management and development program, they independence. The should be used board’s failure to approve the charter may have the same effect. The together with periodic, formal performance appraisals as a basis for charter enhances compensation the independence of the internal audit activity. By specifying the adjustments and promotions. purpose, authority, [102] Gleim #: 2.1.1 and responsibility of the internal audit activity, it establishes the Which of the following facts, by themselves, could contribute to a position of internal lack of audit in the organization, including the nature of the chief audit independence of the internal audit activity? executive’s functional The CEO accused the new auditor of not operating “in the best reporting relationship with the board (Inter. Std. 1000). interests of the [103] Gleim #: 2.1.2 organization.” To avoid being the apparent cause of conflict between an I. organization’s senior II. The majority of audit committee members come from within the management and the board, the chief audit executive should organization. Communicate all engagement results to both senior management A. III. The internal audit activity’s charter has not been approved by the and the board. board. Strengthen the independence of the internal audit activity through A. I only. organizational B. II only. position. C. II and III only. B. D. I, II, and III. C. Discuss all reports to senior management with the board first. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Request board approval of policies that include internal audit activity (720 questions) relationships Copyright 2013 Gleim Publications Inc. Page 54 with the board. Printed for Sanja Knezevic D. fb.com/ciaaofficial Answer (A) is incorrect. Receipt of all engagement results by senior Answer (A) is incorrect. The other facts listed could also contribute management to a lack of and the board is unnecessary and inefficient. independence. Answer (B) is incorrect. Organizational position helps the internal Answer (B) is incorrect. Lack of support by the CEO and lack of a audit activity charter weaken the to achieve independence but is not, by itself, enough to avoid Answer (A) is incorrect. Under this arrangement, the internal audit conflict. activity will Answer (C) is incorrect. The board essentially has an oversight not have direct access to the board; the access will be indirect via rather than an the controller. operational role. Answer (B) is correct. To achieve the degree of independence Answer (D) is correct. To achieve the degree of independence necessary to necessary to effectively carry out the responsibilities of the internal audit activity, effectively carry out the responsibilities of the internal audit activity, the CAE has the chief direct and unrestricted access to senior management and the board audit executive has direct and unrestricted access to senior (Inter. Std. 1100). Also, the CAE must communicate and interact management and the directly with the board. This can be achieved through a dual-reporting relationship board (Attr. Std. 1111). (Inter. Std. 1100). Answer (C) is incorrect. Whether the controller has experience with Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal (720 questions) auditors does not affect the internal audit activity’s independence. Copyright 2013 Gleim Publications Inc. Page 55 Answer (D) is incorrect. Although desirable, the CIA designation is Printed for Sanja Knezevic not [104] Gleim #: 2.1.3 mandatory for a person to become an internal auditor. A CIA should An organization is in the process of establishing its new internal audit insist on activity. The independence for the internal audit activity. controller has no previous experience with internal auditors. Due to [105] Gleim #: 2.1.4 this lack of A medium-sized publicly owned organization operating in Country X experience, the controller advised the applicants that the CAE will be has grown to a reporting to the size that the governing authority believes warrants the establishment external auditors. However, the new chief audit executive will have of an internal free access to the audit activity. Country X has legislated internal audit requirements for controller to report anything important. The controller will then convey governmentowned the CAE’s organizations. The organization changed the bylaws to reflect the concerns to the board of directors. The internal audit activity will establishment Be independent because the CAE has direct access A. to the board. of the internal audit activity. The governing authority decided that the B. Not be independent because the CAE reports to the external chief audit auditors. executive (CAE) must be a certified internal auditor and will report Not be independent because the controller has no experience with directly to the internal newly established audit committee. Which of the items discussed auditors. above will C. contribute the most to the new CAE’s independence? Not be independent because the organization did not specify that the A. The establishment of the internal audit activity is documented in applicants the bylaws. must be certified internal auditors. B. Country X has legislated internal auditing requirements. D. C. The CAE will report to the audit committee. D. The CAE is to be a certified internal auditor. role of ethics advocate does not impair the internal auditor’s Gleim CIA Test Prep: Part 1 - Internal Audit Basics independence. (720 questions) Answer (D) is incorrect. The internal and external audit functions Copyright 2013 Gleim Publications Inc. Page 56 share Printed for Sanja Knezevic information and work collaboratively outside of the influence of fb.com/ciaaofficial management. Answer (A) is incorrect. Documentation in the bylaws does little to This role does not conflict with the independence standard. promote [107] Gleim #: 2.1.6 independence. The reporting relationship within the organization’s management Answer (B) is incorrect. Legislated internal audit requirements in structure that Country X do not facilitates the day-to-day operations of the internal audit activity is promote independence. A. Administrative reporting. Answer (C) is correct. Independence is effectively achieved when B. Financial reporting. the CAE reports C. Management reporting. functionally to the board (Inter. Std. 1110). The audit committee is a D. Functional reporting. subset of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics board. (720 questions) Answer (D) is incorrect. Independence requires support from senior Copyright 2013 Gleim Publications Inc. Page 57 management and Printed for Sanja Knezevic the board. Answer (A) is correct. Administrative reporting is the reporting [106] Gleim #: 2.1.5 relationship within Which of the following activities undertaken by the internal auditor the organization’s management structure that facilitates the day-to- might be in day operations of conflict with the standard of independence? the internal audit activity. Administrative reporting typically includes Risk management A. consultant. (1) budgeting B. Product development team leader. and management accounting; (2) human resource administration, C. Ethics advocate. including personnel D. External audit liaison. evaluations and compensation; (3) internal communications and Answer (A) is incorrect. An internal auditor’s acting as a risk information flows; management and (4) administration of the organization’s internal policies and consultant does not impair the independence of the internal audit procedures (PA 1110- activity. 1, para. 4). Answer (B) is correct. Independence precludes internal auditors Answer (B) is incorrect. Financial reporting focuses primarily on from assuming reporting management roles. Product development team leader is a information about performance provided by measures of earnings management role. and its components. Answer (C) is incorrect. Internal auditors and the internal audit Answer (C) is incorrect. A form of management reporting is activity should issuance of financial take an active role in support of an organization’s ethical culture, statements, which report on the organization’s performance to assuming the external parties. Answer (D) is incorrect. Functional reporting involves reporting to of the following activities? the board to I. Internal communication and information flows facilitate the internal audit activity’s independence. II. Approval of the internal audit risk assessment and related audit [108] Gleim #: 2.1.7 plan An external quality assessment team was evaluating the III. Approval of annual compensation and salary adjustments for the independence of an internal CAE audit activity. The internal audit activity performs engagements A. I and II. concerning all of the B. II and III. elements included in its scope. Which of the following reporting C. I and III. responsibilities is D. I, II, and III. most likely to threaten the internal audit activity’s independence? Gleim CIA Test Prep: Part 1 - Internal Audit Basics Reporting to the (720 questions) A. President. Copyright 2013 Gleim Publications Inc. Page 58 B. Treasurer. Printed for Sanja Knezevic C. Executive vice president. fb.com/ciaaofficial D. Audit committee. Answer (A) is incorrect. Internal communication and information Answer (A) is incorrect. Being responsible to the president helps flows are preserve the administrative reporting items. Administrative reporting is the internal audit activity’s independence by enhancing its position in the reporting relationship organization. within the management structure. Furthermore, functional reporting Answer (B) is correct. The CAE must report to a level within the also involves the organization board’s approval of annual compensation and salary adjustments for that allows the internal audit activity to fulfill its responsibilities (Attr. the CAE. Std. 1110). Answer (B) is correct. Organizational independence is effectively The higher the level to which the internal audit activity reports, the achieved when the more likely CAE reports functionally to the board. Examples of functional that independence will be assured. Reporting to the treasurer limits reporting to the board the influence involve the board and independence of the internal audit activity. Approving the internal audit charter Answer (C) is incorrect. The executive vice president is higher Approving the risk-based internal audit plan ranking than the Receiving communications from the CAE on the internal audit treasurer. activity’s Answer (D) is incorrect. Because the audit committee is a subset of performance the board, Approving decisions regarding the appointment and removal of the independence is enhanced when the internal audit activity reports to CAE the audit Making appropriate inquiries of management and the CAE to committee. determine whether [109] Gleim #: 2.1.8 there are inappropriate scope or resource limitations (Inter. Attr. Std. The CAE should report functionally to the board. The board is 1110) responsible for which Answer (C) is incorrect. Internal communication and information Printed for Sanja Knezevic flows are [111] Gleim #: 2.1.10 administrative reporting items. Moreover, functional reporting also When evaluating the independence of an internal audit activity, a involves the quality assurance board’s approval of the internal audit risk assessment and related review team performing an external assessment considers several audit plan. factors. Which of the Answer (D) is incorrect. Internal communication and information following factors has the least amount of influence when judging an flows are internal audit administrative reporting items. activity’s independence? [110] Gleim #: 2.1.9 Criteria used in making internal auditors’ A. assignments. Independence permits internal auditors to render impartial and B. The extent of internal auditor training in communications skills. unbiased judgments. C. Relationship between engagement records and engagement The best way to achieve independence is through communications. Individual knowledge A. and skills. D. Impartial and unbiased judgments. B. A dual-reporting relationship. Answer (A) is incorrect. How individual internal auditors are C. Supervision within the organization. assigned relates to D. Organizational knowledge and skills. independence. The auditor’s personal relationships with operating Answer (A) is incorrect. Individual knowledge and skills allow personnel, individual work experience with the engagement client, etc., affect auditors to achieve professional proficiency. independence. Answer (B) is correct. Independence is the freedom from conditions Answer (B) is correct. Training in communication relates to the that threaten knowledge, the ability of the internal audit activity to carry out internal audit skills, and other competencies needed to perform engagements, not responsibilities to in an unbiased manner. To achieve the degree of independence independence. necessary to Answer (C) is incorrect. If significant engagement observations effectively carry out the responsibilities of the internal audit activity, found in the the CAE has engagement records are omitted from the engagement direct and unrestricted access to senior management and the board. communications, This can be independence becomes an issue. achieved through a dual-reporting relationship (Inter. Std. 1100). Answer (D) is incorrect. Unbiased judgment is an aspect of Answer (C) is incorrect. Supervision ensures that engagement independence. objectives are [112] Gleim #: 2.1.11 achieved, quality is assured, and staff is developed. The optimal administrative reporting line of the CAE is to Answer (D) is incorrect. Organizational knowledge and skills allow A. The audit committee. the internal B. Line management. audit activity collectively to achieve professional proficiency. C. Board of directors. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. CEO or equivalent. (720 questions) Answer (A) is incorrect. Functional reporting is to the board. Copyright 2013 Gleim Publications Inc. Page 59 Answer (B) is incorrect. Administrative reporting preferably is to the B. CEO. The board should have the final authority to approve the internal Answer (C) is incorrect. The CAE must communicate and interact audit risk directly with assessment. the board. Functional reporting needs to be to the board. C. Answer (D) is correct. Administrative reporting is the reporting The board should approve the CAE’s performance D. evaluation. relationship Answer (A) is incorrect. Functional reporting to the board facilitates within the organization’s management structure that facilitates the the day-to-day independence of the internal audit activity. operations of the internal audit activity. Administrative reporting Answer (B) is correct. Private meetings between the CAE and the typically board without includes (1) budgeting and management accounting; (2) human management present are an essential part of the functional reporting resource relationship administration, including personnel evaluations and compensation; (PA 1110-1, para. 3). (3) internal Answer (C) is incorrect. The board approves all decisions regarding communications and information flows; and (4) administration of the the organization’s internal policies and procedures (PA 1110-1, para. 4). performance evaluation, appointment, or removal of the CAE. Reporting Answer (D) is incorrect. The board approves the internal audit risk functionally to the board and administratively to the CEO facilitates assessment organizational independence (PA 1110-1, para. 2). and the related audit plan. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [114] Gleim #: 2.1.13 (720 questions) A formal document (charter) approved by the board that defines the Copyright 2013 Gleim Publications Inc. Page 60 internal audit Printed for Sanja Knezevic activity’s purpose, authority, and responsibility enhances its fb.com/ciaaofficial A. Exercise of due professional care. [113] Gleim #: 2.1.12 B. Proficiency. Regardless of which reporting relationship the organization chooses, C. Relationship with management. several key D. Independence. actions can help ensure that the reporting lines support and enable Answer (A) is incorrect. Due professional care is an attribute of work the effectiveness performed. and independence of the internal auditing activity. Which key action Answer (B) is incorrect. Proficiency results from possessing the will not achieve knowledge, its functional reporting purpose? skills, and other competencies required for internal auditors to Organizational independence is effectively achieved when the CAE perform their reports individual responsibilities. functionally to the board (Interpretation of Standard 1110). Answer (C) is incorrect. The internal audit activity’s relationship with A. management is a function of professionalism. The charter The CAE should meet with the board, with management present, to establishes reinforce the independence, not a working relationship. independence of the internal audit activity. Answer (D) is correct. The charter establishes the internal audit A. Must be sufficient to permit the accomplishment of the activity’s activity’s responsibilities. position within the organization, including the nature of the chief audit B. Is best when the reporting relationship is direct to the board of executive’s functional reporting relationship with the board (Inter. directors. Attr. Std. Requires only the board’s annual approval of the engagement work 1000). To achieve the degree of independence necessary to schedule, effectively carry out staffing plan, and financial budget. the responsibilities of the internal audit activity, the CAE has direct C. and D. Is guaranteed when the charter specifically defines the activity’s unrestricted access to senior management and the board (Inter. Attr. independence. Std. 1100). Answer (A) is correct. The CAE must report to a level within the Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization (720 questions) that allows the internal audit activity to fulfill its responsibilities (Attr. Copyright 2013 Gleim Publications Inc. Page 61 Std. 1110). Printed for Sanja Knezevic Answer (B) is incorrect. The internal audit activity requires day-to- [115] Gleim #: 2.1.14 day support The reporting structure that is most likely to allow the internal audit that cannot be provided by the board. For this reason, the internal activity to audit activity accomplish its responsibilities is to report administratively to the should report administratively to the CEO of the organization. Board and functionally to the chief A. executive officer. Answer (C) is incorrect. Independence requires reporting to a level B. Controller and functionally to the chief financial officer. that can deal C. Chief executive officer and functionally to the board of directors. with more than simple administrative concerns. D. Chief executive officer and functionally to the external auditor. Answer (D) is incorrect. A statement in the charter does not Answer (A) is incorrect. The reverse arrangement is appropriate. guarantee The board is not independence. involved in the routine management of the firm. [117] Gleim #: 2.1.16 Answer (B) is incorrect. Reporting administratively to the controller The board is most likely to participate in approving and A. Staff promotions and salary increases. functionally to the chief financial officer would result in insufficient B. Engagement communication observations, conclusions, and organizational status for internal auditing. recommendations. Answer (C) is correct. Reporting functionally to the board and C. Engagement work programs. administratively to D. Appointment of the chief audit executive. the organization’s CEO facilitates organizational independence (PA Gleim CIA Test Prep: Part 1 - Internal Audit Basics 1110-1, (720 questions) para. 2). Copyright 2013 Gleim Publications Inc. Page 62 Answer (D) is incorrect. The external auditor is not part of the Printed for Sanja Knezevic organizational fb.com/ciaaofficial hierarchy. Answer (A) is incorrect. The organization’s CAE is responsible for [116] Gleim #: 2.1.15 staff promotions. The organizational level to which the internal audit activity reports Answer (B) is incorrect. The organization’s CAE is responsible for Answer (C) is incorrect. The CAE optimally reports to the CEO for approving administrative purposes. engagement communication observations, conclusions, and Answer (D) is correct. Organizational independence is effectively recommendations. achieved when Answer (C) is incorrect. The CAE or designee provides appropriate the CAE reports functionally to the board (Inter. Attr. Std. 1110). engagement Gleim CIA Test Prep: Part 1 - Internal Audit Basics supervision, which includes providing appropriate instructions during (720 questions) the planning of Copyright 2013 Gleim Publications Inc. Page 63 the engagement and approving the engagement program. Printed for Sanja Knezevic Answer (D) is correct. Organizational independence is effectively [119] Gleim #: 2.1.18 achieved when the A service organization is currently experiencing a significant CAE reports functionally to the board. Examples of functional downsizing and process reporting to the board reengineering. Its board of directors has redefined the business involve the board goals and established Approving the internal audit charter initiatives using in-house developed technology to meet these goals. Approving the risk-based internal audit plan As a result, a Receiving communications from the CAE on the internal audit more decentralized approach has been adopted to run the business activity’s functions by performance empowering the business branch managers to make decisions and Approving decisions regarding the appointment and removal of the perform functions CAE traditionally done at a higher level. The internal auditing staff is made Making appropriate inquiries of management and the CAE to up of the chief determine whether audit executive, two managers, and five staff auditors, all with there are inappropriate scope or resource limitations (Inter. Attr. Std. financial background. 1110) In the past, the primary focus of successful internal audit activities [118] Gleim #: 2.1.17 has been the service The IIA has indicated that to achieve necessary independence, the branches and the six regional division headquarters that support the CAE should report branches. These functionally to whom? division headquarters are the primary targets for possible elimination. A. Senior management. The support B. Shareholders. functions such as human resources, accounting, and purchasing will C. Chief executive officer. be brought into D. The board. the national headquarters, and technology will be enhanced to Answer (A) is incorrect. Organizational independence is facilitated enable and augment when the these operations. Up to this point, the internal audit activity has CAE reports functionally to the board and administratively to the reported to the chief CEO. operating officer. Due to the significant changes, there has been Answer (B) is incorrect. The CAE should report to the audit some discussion as to committee (i.e., the changing this reporting relationship. What would be the best board). reporting relationship? Administratively and functionally A. to the president. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Administratively to the president and functionally to the board. (720 questions) C. Administratively to the chief financial officer and functionally to the Copyright 2013 Gleim Publications Inc. Page 64 president. Printed for Sanja Knezevic D. Administratively and functionally to the chief operating officer. fb.com/ciaaofficial Answer (A) is incorrect. Organizational independence is effectively Answer (A) is correct. The CAE, reporting functionally to the board achieved and when the CAE reports functionally to the board. administratively to the organization’s CEO, facilitates organizational Answer (B) is correct. The chief audit executive must report to a independence level within the (PA 1110-1, para. 2). The CAE must communicate and interact organization that allows the internal audit activity to fulfill its directly with the board responsibilities (Attr. Std. 1111). (Attr. Std. 1110). The chief audit executive (CAE), reporting Answer (B) is incorrect. Placing the CAE in a governance position functionally to the impairs his/her board and administratively to the organization’s chief executive objectivity. officer, facilitates Answer (C) is incorrect. Serving as a staff officer and reporting to organizational independence (PA 1110-1, para. 2). the CFO limit the Answer (C) is incorrect. The CAE, reporting functionally to the board influence and independence of the internal audit activity. and Answer (D) is incorrect. Reporting to an administrative vice administratively to the organization’s chief executive officer, president limits the facilitates influence and independence of the internal audit activity. organizational independence. [121] Gleim #: 2.1.20 Answer (D) is incorrect. The best reporting relationship is According to the International Professional Practices Framework, the administratively to the independence of president, functionally to the board. the internal audit activity is achieved through [120] Gleim #: 2.1.19 Staffing A. and supervision. A charter is being drafted for a newly formed internal audit activity. B. Continuing professional development and due professional care. Which of the C. Human relations and communications. following best describes an appropriate organizational position to be D. Organizational status and objectivity. incorporated into Answer (A) is incorrect. Staffing and supervision relate to the charter? proficiency rather than The chief audit executive reports to the chief executive officer but independence. has access to Answer (B) is incorrect. Continuing professional development and the board. due A. professional care relate to proficiency rather than independence. B. The chief audit executive is a member of the board. Answer (C) is incorrect. Human relations and communications relate C. The chief audit executive is a staff officer reporting to the chief to to financial officer. proficiency rather than independence. D. The chief audit executive reports to an administrative vice Answer (D) is correct. The organizational status most conducive to president. this degree of independence is a dual-reporting relationship. Objectivity is an management attitude will most probably have an adverse effect on individual attribute the internal audit of each internal auditor. Objectivity requires that internal auditors do activity’s not Operating A. budget variance. subordinate their judgment on audit matters to others (Inter. Attr. Std. B. Effectiveness. 1100, para. C. Performance appraisals. 2). D. Policies and procedures. [122] Gleim #: 2.1.21 Answer (A) is incorrect. An operating budget variance report is a Freedom from conditions that threaten internal auditors’ ability to do control device unbiased work is used to monitor actual performance. Lack of management A. Control. cooperation could cause B. Compliance. unfavorable variances, but favorable variances also could occur if C. Independence. many D. Avoidance of conflicts of interest. engagements were subject to scope impairments. Answer (A) is incorrect. Control is “any action taken by Answer (B) is correct. In this situation, management is highly averse management, the board, to analysis or other parties to manage risk and increase the likelihood that or possible criticism of its actions. Consequently, the internal audit established activity will objectives and goals will be achieved” (The IIA Glossary). most likely not report to an organizational level that will allow it to Answer (B) is incorrect. Compliance is “adherence to policies, plans, fulfill its procedures, responsibilities (Attr. Std. 1110). Furthermore, engagement laws, regulations, contracts, or other requirements” (The IIA communications are Glossary). unlikely to receive adequate consideration, and appropriate action is Answer (C) is correct. Independence is “the freedom from conditions unlikely to be that taken on engagement recommendations (PA 1110-1, para. 2). threaten the ability of the internal audit activity to carry out internal Answer (C) is incorrect. Evaluation of the internal auditing staff audit should not be responsibilities in an unbiased manner” (The IIA Glossary). affected by lack of cooperation on the part of noninternal auditing Answer (D) is incorrect. Conditions other than conflicts of interest management. may create Answer (D) is incorrect. Policies and procedures of the internal audit bias or the appearance of bias. activity are Gleim CIA Test Prep: Part 1 - Internal Audit Basics developed by the internal audit activity. They should not be affected (720 questions) by Copyright 2013 Gleim Publications Inc. Page 65 noninternal auditing management. Printed for Sanja Knezevic [124] Gleim #: 2.2.23 [123] Gleim #: 2.1.22 During the performance of an engagement to evaluate a division’s In some cultures and organizations, managers insist that an internal controls over audit activity is not purchasing, the chief purchasing agent asked why the internal needed to provide a critical assessment of the organization’s auditor had requested operations. This kind of documents pertaining to transactions with a particular supplier. The irregularities may dictate a less open environment than would internal auditor’s normally contribute to a proper response is to cooperative engagement. However, that is a judgment that should be A. Treat the inquiry as a scope limitation. made by the chief Explain the reasons for the information request to promote audit executive in light of the specific circumstances. Moreover, the cooperation with the internal audit engagement client. activity must be free from interference in determining the scope of B. internal auditing, Refuse to explain the information request to preserve the integrity of performing work, and communicating results (Impl. Std. 1110.A1). the [125] Gleim #: 2.2.24 engagement process. An appropriate internal auditing role in a feasibility study is to C. Serve on the task force for the A. preliminary survey. Consider the specific circumstances before deciding whether to B. Ascertain if the feasibility study addresses cost-benefit disclose the relationships. reasons for the information request. C. Determine the requirements for preparing a manual of D. specifications. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Participate in the drafting of recommendations for the computer (720 questions) acquisition and Copyright 2013 Gleim Publications Inc. Page 66 implementation. Printed for Sanja Knezevic D. fb.com/ciaaofficial Answer (A) is incorrect. Serving on the task force for the preliminary Answer (A) is incorrect. A scope limitation is a restriction placed survey is upon the internal appropriate for users and functional management. audit activity that precludes it from accomplishing its objectives and Answer (B) is correct. Assessing the adequacy of a feasibility study plans. is properly Answer (B) is incorrect. The CAE should consider the specific within the scope of work of internal audit. The other three choices circumstances before involve internal deciding whether to disclose the reasons for the information request. audit participation in decisions that are properly those of Answer (C) is incorrect. It is not always necessary or desirable to management. refuse to explain an Answer (C) is incorrect. Determining the requirements for preparing information request. a manual of Answer (D) is correct. At times, an internal auditor may be asked by specifications is appropriate for users and functional management. the engagement Answer (D) is incorrect. Computer experts should participate in the client or other parties to explain why a document that has been drafting of requested is relevant to recommendations for the computer acquisition and implementation. an engagement. Disclosure or nondisclosure during the engagement [126] Gleim #: 2.2.25 of the reasons Internal auditors must be objective in performing their work. Assume documents are needed should be determined based on the that the chief circumstances. Significant audit executive received an annual bonus as part of that individual’s compensation package. The bonus may impair the CAE’s objectivity if account balances. The bonus is administered by the board of directors or its salary [127] Gleim #: 2.2.26 administration Objectivity is most likely impaired by an internal auditor’s committee. Continuation on an engagement at a division for which (s)he will A. soon be The bonus is based on monetary amounts recovered or responsible as the result of a promotion. recommended future A. savings as a result of engagements. Reduction of the scope of an engagement due to budget B. B. restrictions. C. The scope of internal auditing is evaluating control rather than Participation on a task force that recommends standards for control account balances. of a new D. All of the answers are correct. distribution system. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. (720 questions) D. Review of a purchasing agent’s contract drafts prior to their Copyright 2013 Gleim Publications Inc. Page 67 execution. Printed for Sanja Knezevic Answer (A) is correct. Internal auditors must have an impartial, Answer (A) is incorrect. The board of directors needs to determine unbiased attitude the CAE’s and avoid any conflict of interest (Attr. Std. 1120). Conflict of interest compensation. is a Answer (B) is correct. Internal auditors must have an impartial, situation in which an internal auditor, who is in a position of trust, has unbiased attitude and a avoid any conflict of interest (Attr. Std. 1120). Conflict of interest is a competing professional or personal interest (Inter. Std. 1120). The situation in internal which an internal auditor, who is in a position of trust, has a auditor’s promotion may create a bias. competing professional or Answer (B) is incorrect. Budget restrictions do not constitute an personal interest (Inter. Std. 1120). In this case, the CAE’s objectivity impairment of could be independence or objectivity. impaired if the bonus, a competing personal interest, is based on Answer (C) is incorrect. An internal auditor may recommend, but not monetary amounts implement, recovered or recommended future savings as a result of standards of control and still maintain objectivity. engagements. Answer (D) is incorrect. An internal auditor may review contracts Answer (C) is incorrect. The internal audit activity’s scope of work prior to their includes execution. evaluating and contributing to the improvement of risk management, [128] Gleim #: 2.2.27 control, and In which of the following scenarios does the auditor most likely have governance processes. organizational Answer (D) is incorrect. Objectivity is not impaired if the board independence but lack objectivity? determines the Reports to the audit client but does not report fully about the reason director’s compensation or if the scope of work is evaluating control for corrective rather than action taken. A. B. B. Reports to the board and reports fully about corrective action Data processing center for which the internal auditor had performed taken. the service C. Reports to the audit client and reports fully about corrective action three times previously. taken. C. Reports to the board but does not report fully about the reason for Computer system for which the internal auditor had been the internal corrective audit action taken. activity’s representative on the design team. D. D. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Objectivity is presumed to be impaired if an (720 questions) internal Copyright 2013 Gleim Publications Inc. Page 68 auditor provides assurance services for an activity for which the Printed for Sanja Knezevic internal auditor fb.com/ciaaofficial had responsibility within the previous year. Thus, 5 years is a Answer (A) is incorrect. Reporting to the audit client does not allow reasonable lapse of the internal audit time to safeguard the employee from a charge of conflict of interest. activity to fulfill its responsibilities. Answer (B) is correct. The CAE makes staff assignments so that Answer (B) is incorrect. When the auditor reports to the board and potential and reports fully about actual conflicts of interest and bias are avoided (PA 1120-1, para. 2). the corrective action taken, no apparent independence or objectivity A close issue arises. relative’s involvement with a supplier of an engagement client is an Answer (C) is incorrect. Reporting to the client indicates a lack of apparent independence. conflict of interest. Answer (D) is correct. Organizational independence is effectively Answer (C) is incorrect. Although rotation of assignments is achieved when the preferable, no CAE reports functionally to the board (Inter. Attr. Std. 1110). Failing conflict of interest is involved in performing an assurance service for to report fully the same about the reason for corrective action may imply bias (a loss of activity repeatedly. objectivity) with regard Answer (D) is incorrect. Objectivity is not impaired if the internal to the audit client. auditor’s [129] Gleim #: 2.2.28 responsibility was limited to recommending standards of control for An internal auditor most likely will have a conflict of interest by systems or providing an reviewing procedures before implementation. assurance service with regard to a [130] Gleim #: 2.2.29 Financial activity in which the internal auditor had been a key Management has requested the internal audit activity to perform an employee 5 years engagement to previously. recommend procedures and policies for improving management A. control over the Purchasing activity if a major supplier is owned by the internal telephone marketing operations of a major division. The chief audit auditor’s sister-inlaw. executive should Not accept the engagement because recommending controls would Recommendations prior to implementation will affect independence, impair future and the objectivity regarding this operation. internal auditors will not be able to perform an objective evaluation A. after the Not accept the engagement because internal audit activities are system is implemented. presumed to have A. expertise regarding accounting controls, not marketing controls. Participation will delay implementation B. of the project. B. Participation will cause the internal auditors to be labeled as partial Accept the engagement, but indicate to management that, because owners of the recommending application, and they will then have to share the blame for any controls impairs independence, future engagements in the area will problems that be impaired. remain in the system. C. C. Accept the engagement because objectivity will D. not be impaired. D. None of the answers are correct. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Internal audit activity independence is not (720 questions) affected by Copyright 2013 Gleim Publications Inc. Page 69 recommending control standards or reviewing procedures before Printed for Sanja Knezevic implementation. Answer (A) is incorrect. The CAE should accept the engagement. Answer (B) is incorrect. Internal audit activity participation will not Recommending delay the controls is not considered to impair independence or objectivity. project unless needed controls were absent. Answer (B) is incorrect. The engagement should be accepted. The Answer (C) is incorrect. The internal auditors may participate in internal audit systems activity must have or obtain the knowledge, skills, and competencies development but must not draft procedures or design, install, or to evaluate and operate the improve all of the organization’s risk management, control, and system. governance processes. Answer (D) is correct. Objectivity is not adversely affected when the Answer (C) is incorrect. Independence is not impaired by making internal control auditors recommend standards of control for systems or review recommendations. procedures before Answer (D) is correct. The CAE should accept the engagement. they are implemented. Designing, installing, drafting procedures for, Recommending or operating standards of control for systems or reviewing procedures prior to systems is presumed to impair objectivity (PA 1120-1, para. 4). implementation does [132] Gleim #: 2.2.31 not impair objectivity (PA 1120-1, para. 4). Assessing individual objectivity of internal auditors is the [131] Gleim #: 2.2.30 responsibility of Which of the following statements is an appropriate reason for the A. The chief executive officer. internal audit B. The board. activity not to participate in the systems development process? C. The audit committee. D. The chief audit executive. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Recommending standards of control is (720 questions) presumed not to Copyright 2013 Gleim Publications Inc. Page 70 impair objectivity. Printed for Sanja Knezevic Answer (D) is correct. The internal auditor’s objectivity is not fb.com/ciaaofficial adversely affected Answer (A) is incorrect. Assessing individual objectivity of internal when the auditor recommends standards of control for systems or auditors is the reviews responsibility of the chief audit executive. procedures before they are implemented. Designing, installing, or Answer (B) is incorrect. Assessing individual objectivity of internal drafting auditors is the procedures for operating systems is presumed to impair objectivity responsibility of the chief audit executive. (PA 1120-1, Answer (C) is incorrect. Assessing individual objectivity of internal para. 4). auditors is the [134] Gleim #: 2.2.33 responsibility of the chief audit executive. Reengineering is the thorough analysis, fundamental rethinking, and Answer (D) is correct. The CAE must establish policies and complete procedures to assess the redesign of essential business processes. The intended result is a objectivity of individual internal auditors. dramatic [133] Gleim #: 2.2.32 improvement in service, quality, speed, and cost. An internal Which of the following activities is not presumed to impair the auditor’s involvement in objectivity of an reengineering should include all of the following except internal auditor? A. Determining whether the process has senior management’s Recommending standards of control for a new information I. system support. application B. Recommending areas for consideration. Drafting procedures for running a new computer application to C. Developing audit plans for the new system. ensure that proper D. Directing the implementation of the redesigned process. controls are installed Gleim CIA Test Prep: Part 1 - Internal Audit Basics II. (720 questions) Performing reviews of procedures for a new computer application Copyright 2013 Gleim Publications Inc. Page 71 before it is Printed for Sanja Knezevic installed Answer (A) is incorrect. Internal auditors may perform the function III. of determining A. I only. whether the process has senior management’s support. B. II only. Answer (B) is incorrect. Internal auditors may perform the function C. III only. of recommending D. I and III. areas for consideration. Answer (A) is incorrect. Performing reviews of procedures is Answer (C) is incorrect. Internal auditors may perform the function presumed not to of developing impair objectivity. audit plans for the new system. Answer (B) is incorrect. Drafting procedures is presumed to impair Answer (D) is correct. Designing, installing, or drafting procedures objectivity. for operating systems is presumed to impair objectivity (PA 1120-1, para. 4). D. [135] Gleim #: 2.2.34 Gleim CIA Test Prep: Part 1 - Internal Audit Basics An activity appropriately performed by the internal audit activity is (720 questions) Designing A. systems of control. Copyright 2013 Gleim Publications Inc. Page 72 B. Drafting procedures for systems of control. Printed for Sanja Knezevic C. Reviewing systems of control before implementation. fb.com/ciaaofficial D. Installing systems of control. Answer (A) is correct. Confidence in the internal audit activity Answer (A) is incorrect. Designing systems is presumed to impair derives from objectivity. independence (an attribute of the internal audit activity as a whole), Answer (B) is incorrect. Drafting procedures for systems is and objectivity (an presumed to impair attribute of individual internal auditors). Because designing, installing, objectivity. drafting Answer (C) is correct. The internal auditor’s objectivity is not procedures for, or operating systems impairs the objectivity of adversely affected internal auditors (PA when the auditor recommends standards of control for systems or 1120-1, para. 4), such services may create a conflict of interest, a reviews situation in which procedures before they are implemented (PA 1120-1, para. 4). internal auditors have a competing professional or personal interest. Answer (D) is incorrect. Installing systems of control is presumed to This may create an impair appearance of impropriety that undermines confidence in the internal objectivity. audit activity [136] Gleim #: 2.2.35 (Inter. Attr. Std. 1120). Which of the following most seriously compromises confidence in the Answer (B) is incorrect. Dual reporting to the CEO and the board of internal audit directors is ideal. activity? Answer (C) is incorrect. The CAE should share information and Internal auditors frequently draft revised procedures for departments coordinate activities whose with other internal and external providers to ensure proper coverage procedures have been criticized in an engagement communication. and minimize A. duplication of efforts. The chief audit executive has dual reporting responsibility to the Answer (D) is incorrect. Including the internal audit activity in the organization’s review cycle of the chief executive officer and the board of directors. organization’s contracts is appropriate. B. [137] Gleim #: 2.2.36 The internal audit activity and the organization’s external auditors An organization is planning to develop and implement a new engage in joint computerized purchase planning of total engagement coverage to avoid duplicating each order system in one of its manufacturing subsidiaries. The vice other’s work. president of C. manufacturing has requested that internal auditors participate on a The internal audit activity is included in the review cycle of the team consisting of organization’s representatives from finance, manufacturing, purchasing, and contracts with other organizations before the contracts are executed. marketing. This team will be responsible for the implementation effort. Eager to take on this development is for the internal auditor to high profile Gain familiarity with systems for use in A. subsequent reviews. project, the chief audit executive assigns a senior internal auditor to B. Help assure that systems have adequate control procedures. the project to C. Help minimize the cost and development time for new systems. assist “as needed.” Assuming the senior internal auditor performed D. Propose enhancements for subsequent development and all of the implementation. following activities, which one will impair objectivity if the internal Answer (A) is incorrect. Gaining familiarity with systems for use in auditor is asked to subsequent review the purchase order system on a post-engagement basis? reviews is not the major reason for the internal auditor’s involvement Helping to identify and define A. control objectives. in B. Testing for compliance with system development standards. information systems development. C. Evaluate risk exposures of systems and programming standards. Answer (B) is correct. The internal audit activity evaluates and D. Drafting operating procedures for the new system. improves risk Answer (A) is incorrect. Helping to identify and define control management, control, and governance processes. The internal objectives is an auditor’s objectivity appropriate internal audit function. is not adversely affected when the auditor recommends standards of Answer (B) is incorrect. Internal auditors should evaluate risk control for exposures and the systems or reviews procedures before they are implemented. The controls relating to compliance with laws, regulations, and contracts. auditor’s Answer (C) is incorrect. Internal auditors evaluate risk exposures of objectivity is considered to be impaired if the auditor designs, installs, information drafts systems. They may also recommend standards of control or review procedures for, or operates such systems (PA 1120-1, para. 4). procedures Answer (C) is incorrect. Minimizing the cost and development time before implementation without adversely affecting their objectivity. for new Answer (D) is correct. An internal auditor’s objectivity is not systems is not the major reason for the internal auditor’s involvement adversely affected in when the auditor recommends standards of control for systems or information systems development. reviews Answer (D) is incorrect. Proposing enhancements for subsequent procedures before they are implemented. Designing, installing, development drafting and implementation is a managerial, not an internal auditing, procedures for, or operating systems, however, are presumed to function. impair the internal [139] Gleim #: 2.2.38 auditor’s objectivity (PA 1120-1, para. 4). Assuming that the internal auditing staff possesses the necessary Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience and (720 questions) training, which of the following services is most appropriate for a staff Copyright 2013 Gleim Publications Inc. Page 73 internal auditor Printed for Sanja Knezevic to undertake? [138] Gleim #: 2.2.37 A. Substitute for the accounts payable supervisor while (s)he is on The major reason for the internal auditor’s involvement in information sick leave. systems Determine the profitability of alternative investment acquisitions and C. Is freedom from threats to the ability to perform audit work without select the bias. best alternative. Prohibits internal auditors from providing consulting services relating B. to As part of an evaluation team, review vendor accounting software operations for which they had previous responsibility. internal D. controls and rank according to exposures. Answer (A) is correct. Objectivity is “an unbiased mental attitude that C. allows Participate in an internal audit of the accounting department shortly internal auditors to perform engagements in such a manner that they after believe in transferring from the accounting department. their work product and that no quality compromises are made. D. Objectivity requires Answer (A) is incorrect. An internal auditor’s objectivity is presumed that internal auditors do not subordinate their judgment on audit to be matters to others” impaired for at least 1 year with respect to activities (s)he previously (The IIA Glossary). performed. Answer (B) is incorrect. Objectivity also is required in a consulting Answer (B) is incorrect. Investment decisions are management’s engagement. responsibility. Answer (C) is incorrect. Independence is freedom from threats to Answer (C) is correct. An internal auditor’s objectivity is not impaired the ability to when the perform audit work without bias. auditor recommends standards of control for systems or reviews Answer (D) is incorrect. Internal auditors may provide consulting procedures before services they are implemented (PA 1120-1, para. 4). relating to operations for which they had previous responsibility. Answer (D) is incorrect. An internal auditor should not be assigned [141] Gleim #: 2.2.40 to The CAE bears the responsibility to do which of the following? engagements concerning activities (s)he previously performed until A. Assess the level of independence of the board. at least 1 year Assess the level of knowledge, skills, and competencies of the chief has elapsed. financial Gleim CIA Test Prep: Part 1 - Internal Audit Basics officer. (720 questions) B. Copyright 2013 Gleim Publications Inc. Page 74 C. Foster collective objectivity. Printed for Sanja Knezevic D. Foster individual objectivity. fb.com/ciaaofficial Answer (A) is incorrect. Independence is a quality of the internal [140] Gleim #: 2.2.39 audit activity, Internal auditors should be objective. Objectivity not the board. Requires internal auditors not to subordinate their judgment on audit Answer (B) is incorrect. The concept of knowledge, skills, and matters to competencies that of others. applies to individual internal auditors. A. Answer (C) is incorrect. Objectivity is an individual, not a collective, Is required only in assurance B. engagements. quality. Answer (D) is correct. The CAE must establish policies and Answer (A) is incorrect. The CAE’s responsibility with regard to the procedures to assess objectivity the objectivity of individual internal auditors. of internal auditors is to assess and maintain. [142] Gleim #: 2.2.41 Answer (B) is incorrect. The CAE’s responsibility with regard to the Which of the following is a true statement regarding the timing of objectivity assessments of of internal auditors is to assess and maintain. individual objectivity on the part of internal auditors? Answer (C) is incorrect. The CAE’s responsibility with regard to the A. It must be performed annually. objectivity B. It must be performed in conjunction with the audit risk of internal auditors is to assess and maintain. assessment. Answer (D) is correct. The CAE must establish policies and C. It is performed at the discretion of the board. procedures to assess D. It is performed at the discretion of the CAE. the objectivity of individual internal auditors. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [144] Gleim #: 2.2.43 (720 questions) The CAE bears the responsibility to do which of the following? Copyright 2013 Gleim Publications Inc. Page 75 A. Encourage the objectivity of the board. Printed for Sanja Knezevic B. Encourage the objectivity of the CEO. Answer (A) is incorrect. The CAE determines the appropriate time C. Foster an attitude of professional skepticism among members of frame for the board. assessing the objectivity of internal audit staff. D. Maintain individual objectivity. Answer (B) is incorrect. The CAE determines the appropriate time Answer (A) is incorrect. Objectivity is a quality of individual internal frame for assessing auditors, the objectivity of internal audit staff. not the board. Answer (C) is incorrect. The CAE determines the appropriate time Answer (B) is incorrect. Objectivity is a quality of individual internal frame for assessing auditors, the objectivity of internal audit staff. not the CEO. Answer (D) is correct. The CAE must establish policies and Answer (C) is incorrect. The CAE must establish policies and procedures to assess the procedures to objectivity of individual internal auditors. These can take the form of assess the objectivity of individual internal auditors. periodic reviews Answer (D) is correct. The CAE must establish policies and of conflicts of interest or as-needed assessments during the staffing procedures to assess requirements phase the objectivity of individual internal auditors. of each engagement. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [143] Gleim #: 2.2.42 (720 questions) Which of the following actions is required of the CAE in regard to the Copyright 2013 Gleim Publications Inc. Page 76 objectivity of Printed for Sanja Knezevic internal auditors? fb.com/ciaaofficial A. Maximize. [145] Gleim #: 2.2.44 B. Prioritize. Maintaining individual objectivity of internal auditors is the C. Manage. responsibility of D. Assess. The chairperson of the A. board of directors. B. The chairperson of the audit committee. [147] Gleim #: 2.2.46 C. The external assessment team. Which of the following actions is required of the CAE and internal D. The chief audit executive. auditors Answer (A) is incorrect. The responsibility rests with the CAE and themselves in regard to the objectivity of internal auditors? with internal A. Maintain. auditors themselves to maintain a sense of objectivity. B. Delegate. Answer (B) is incorrect. The responsibility rests with the CAE and C. Enhance. with internal D. Promote. auditors themselves to maintain a sense of objectivity. The factor Gleim CIA Test Prep: Part 1 - Internal Audit Basics most important (720 questions) to the maintenance of individual objectivity. Copyright 2013 Gleim Publications Inc. Page 77 Answer (C) is incorrect. The responsibility rests with the CAE and Printed for Sanja Knezevic with internal Answer (A) is correct. The responsibility rests with the CAE and with auditors themselves to maintain a sense of objectivity. internal Answer (D) is correct. The responsibility rests with the CAE and with auditors themselves to maintain a sense of objectivity. internal Answer (B) is incorrect. The responsibility rests with the CAE and auditors themselves to maintain a sense of objectivity. with internal [146] Gleim #: 2.2.45 auditors themselves to maintain a sense of objectivity. Maintaining individual objectivity is most dependent on Answer (C) is incorrect. The responsibility rests with the CAE and Clearly informing auditee departments and functions of The IIA with internal definition of auditors themselves to maintain a sense of objectivity. conflict of interest. Answer (D) is incorrect. The responsibility rests with the CAE and A. with internal B. An annual evaluation by the board. auditors themselves to maintain a sense of objectivity. C. An annual evaluation by an external assessment team. [148] Gleim #: 2.3.47 D. Internal auditors avoiding conflicts of interest. When faced with an imposed scope limitation, the chief audit Answer (A) is incorrect. The responsibility rests with the CAE and executive needs to with internal Refuse to perform the engagement until the scope limitation A. is auditors themselves to maintain a sense of objectivity. removed. Answer (B) is incorrect. The responsibility rests with the CAE and B. Communicate the potential effects of the scope limitation to the with internal board. auditors themselves to maintain a sense of objectivity. C. Increase the frequency of engagements concerning the activity in Answer (C) is incorrect. The responsibility rests with the CAE and question. with internal D. Assign more experienced personnel to the engagement. auditors themselves to maintain a sense of objectivity. Answer (A) is incorrect. The engagement may be conducted under Answer (D) is correct. Internal auditors should be aware of the a scope possibility of new limitation. conflicts of interest that may arise owing to changes in personal Answer (B) is correct. A scope limitation, along with its potential circumstances or effect, needs to the particular auditees to which an auditor may be assigned. be communicated, preferably in writing, to the board (PA 1130-1, they are implemented. para. 3). Answer (B) is correct. Persons transferred to or temporarily engaged Answer (C) is incorrect. A scope limitation does not necessarily by the internal require more audit activity should not be assigned to audit those activities they frequent engagements. previously performed Answer (D) is incorrect. A scope limitation does not necessarily until at least 1 year has elapsed. Such assignments are presumed to require more impair objectivity experienced personnel. (PA 1130.A1-1, para. 1). [149] Gleim #: 2.3.48 Answer (C) is incorrect. Objectivity is not adversely affected when In which of the following situations does an internal auditor potentially the internal auditor lack recommends standards of control for systems or reviews procedures objectivity? before they are An internal auditor reviews the procedures for a new electronic data implemented. interchange Answer (D) is incorrect. Use of staff from other areas to assist the (EDI) connection to a major customer before it is implemented. internal auditor A. does not impair objectivity, especially when the staff is from outside A former purchasing assistant performs a review of internal controls of the area where over the engagement is being performed. purchasing 4 months after being transferred to the internal auditing [150] Gleim #: 2.3.49 department. The internal auditors must be able to distinguish carefully between a B. scope limitation An internal auditor recommends standards of control and and other limitations. Which of the following is not considered a performance measures scope limitation? for a contract with a service organization for the processing of payroll The divisional management of an engagement client has indicated and that the employee benefits. division is in the process of converting a major computer system and C. has indicated A payroll accounting employee assists an internal auditor in verifying that the information systems portion of the planned engagement will the physical have to be inventory of small motors. postponed until next year. D. A. Gleim CIA Test Prep: Part 1 - Internal Audit Basics The board reviews the engagement work schedule for the year and (720 questions) deletes an Copyright 2013 Gleim Publications Inc. Page 78 engagement that the chief audit executive thought was important to Printed for Sanja Knezevic conduct. fb.com/ciaaofficial B. Answer (A) is incorrect. Objectivity is not adversely affected when The engagement client has indicated that certain customers cannot the internal be contacted auditor recommends standards of control for systems or reviews because the organization is in the process of negotiating a long-term procedures before contract with the customers and they do not want to upset the customers. account classification dealing with research and development C. expense. We are aware None of the answers D. are correct. of the issue. You are directed to discontinue any further investigation Answer (A) is incorrect. Postponing the portion of an engagement of this matter concerning a until informed by me to proceed. Under the confidentiality standard of major computer system is a scope limitation. This delay restricts the your performance profession, I also direct you not to communicate with the outside of engagement procedures. auditors regarding Answer (B) is correct. The board’s decision to delete an this issue.” engagement from the Which of the following is an appropriate action for the CAE to take annual engagement work schedule is not a scope limitation. The regarding the board’s approval questionable item? of the internal audit plan is part of the functional reporting Immediately report the communication to The IIA and ask for an relationship of the ethical internal audit activity to the board (PA 1110-1, para. 3). interpretation and guidance. Answer (C) is incorrect. Prohibiting contact with certain customers is A. a scope Inform the president that this scope limitation will need to be reported limitation. This prohibition restricts the performance of specific to the procedures. board. Answer (D) is incorrect. Other answer choices state scope B. limitations. Continue to investigate the area until all the facts are determined and Gleim CIA Test Prep: Part 1 - Internal Audit Basics document all (720 questions) the relevant facts in the engagement records. Copyright 2013 Gleim Publications Inc. Page 79 C. Printed for Sanja Knezevic Immediately notify the external auditors of the problem to avoid [151] Gleim #: 2.3.50 aiding and During the course of an engagement, an internal auditor makes a abetting a potential crime by the organization. preliminary D. determination that a major division has been inappropriately Answer (A) is incorrect. The IIA has no authority in this matter. capitalizing research and Answer (B) is correct. A scope limitation along with its potential development expense. The engagement is not yet completed, and effect need to the internal auditor be communicated, preferably in writing, to the board (PA 1130-1, has not documented the problem or determined that it really is a para. 3). problem. However, Answer (C) is incorrect. The CAE needs first to consult the board. the internal auditor is informed that the chief audit executive has The CAE adds received the value by serving the organization, and the board may, in fact, be fully following communication from the president of the organization: aware of the “The controller of Division B informs me that you have discovered a problem and may not want to incur additional costs. questionable Answer (D) is incorrect. The engagement work is preliminary, and the internal auditor has not yet formed a basis for an opinion. Thus, contacting properties relevant to the performance of engagements (PA 1130-1, the external para. 2). A scope auditors is premature. However, if an inquiry is made by the external limitation and its potential effect need to be communicated, auditors, the preferably in writing, to the board internal auditors should share the work done to date. (PA 1130-1, para. 3). Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Merely delaying the engagement to permit (720 questions) closing the books is not Copyright 2013 Gleim Publications Inc. Page 80 usually considered a scope limitation. Printed for Sanja Knezevic Answer (D) is incorrect. Reporting is necessary. fb.com/ciaaofficial [153] Gleim #: 2.3.52 [152] Gleim #: 2.3.51 An internal auditor who had been supervisor of the accounts payable Which of the following combinations best illustrates a scope limitation section should and the appropriate not perform an assurance review of that section response by the CAE? Because a reasonable period of time in which to establish Nature of Internal independence cannot be Limitation Audit Action determined. A. Engagement client limits scope based upon A. proprietary information Until at least B. 1 year has elapsed. Report only to the controller C. Until after the next annual review by the external auditors. B. Engagement client will not provide access to records D. Until it is clear that the new supervisor has assumed the needed for approved work schedule responsibilities. Report to the board Answer (A) is incorrect. The issues are whether (1) objectivity (not C. Engagement client requests that the engagement be independence) has been restored and (2) at least 1 year has delayed for 2 weeks to allow it to close its books elapsed. Report directly to the CEO and controller Answer (B) is correct. Persons transferred to, or temporarily D. Engagement client will not allow internal auditor to engaged by, the contact major customers as part of an engagement to internal audit activity should not be assigned to audit activities they evaluate the efficiency of operations previously No reporting needed because the performed until at least 1 year has elapsed. Such assignments are operational engagement concerns presumed to operational efficiency impair objectivity (PA 1130.A1-1, para. 1). Answer (A) is incorrect. A scope limitation needs to be reported to Answer (C) is incorrect. The external review does not bear any the board. relation to Answer (B) is correct. A scope limitation is a restriction placed on restoring the internal auditor’s objectivity. the internal audit activity Answer (D) is incorrect. The new supervisor presumably would have that precludes it from accomplishing its objectives and plans. Among assumed other things, a scope his/her responsibilities immediately. Hence, 1 year could not have limitation may restrict the internal audit activity’s access to records, elapsed. personnel, and physical Gleim CIA Test Prep: Part 1 - Internal Audit Basics (720 questions) Copyright 2013 Gleim Publications Inc. Page 81 has elapsed. Such assignments are presumed to impair objectivity, Printed for Sanja Knezevic and additional [154] Gleim #: 2.3.53 consideration should be exercised when supervising the A treasury department employee transferred to the internal audit engagement work and activity of the same communicating engagement results (PA 1130.A1-1, para. 1). organization last month. The chief financial officer of the organization Answer (D) is incorrect. The preparation of the engagement work has suggested program offers that, because of the employee’s significant knowledge in this area, it significant opportunities for bias. would be a good [155] Gleim #: 2.3.54 idea for the employee to immediately begin an engagement to The internal audit activity encounters a scope limitation from senior evaluate the treasury management that department. In this circumstance, the employee should will affect the activity’s ability to meet its goals and objectives for a Accept the engagement and begin A. work immediately. potential Discuss the need for such an engagement with the employee’s engagement client. The nature of the scope limitation needs to be former superior, the Noted in the engagement working papers, but the engagement treasurer. should be carried B. out as scheduled and the scope limitation worked around, if possible. Suggest that the engagement be performed by another member of A. the internal Communicated to the external auditors, so they can investigate the audit staff. area in more C. detail. Offer to prepare an engagement work program but suggest that B. interviews with the C. Communicated, preferably in writing, to the board. employee’s former co-workers be conducted by other members of Communicated to management stating that the limitation will not be the internal accepted audit staff. because it would impair the internal audit activity’s independence. D. D. Answer (A) is incorrect. The proposed engagement is presumed to Answer (A) is incorrect. The limitation needs to be communicated impair first to the objectivity. board. Answer (B) is incorrect. Internal auditors are not to subordinate their Answer (B) is incorrect. No requirement or need to communicate the judgment limitation to on engagement matters to that of others. the external auditor exists. Answer (C) is correct. Another internal auditor should be assigned. Answer (C) is correct. A scope limitation, along with its potential Persons effect, needs to transferred to or temporarily engaged by the internal audit activity be communicated, preferably in writing, to the board (PA 1130-1, should not be para. 3). assigned to audit those activities they previously performed until at Answer (D) is incorrect. The internal audit activity exists to help the least 1 year organization achieve its objectives. Thus, the internal auditors must communicate were occupied. This scope limitation, along with its potential effect, with the must be board about conflicts with management. communicated to which one of the following? Gleim CIA Test Prep: Part 1 - Internal Audit Basics The organization’s A. board of directors. (720 questions) B. The board of directors of the VAN. Copyright 2013 Gleim Publications Inc. Page 82 C. The board of directors of both the organization and the VAN. Printed for Sanja Knezevic D. The limitation does not need to be communicated at the board of fb.com/ciaaofficial directors level. [156] Gleim #: 2.3.55 Answer (A) is correct. The scope limitation and its potential effect A multinational organization has an agreement with a value-added should be network (VAN) communicated, preferably in writing, to the board. However, the chief that provides the encoding and communications transfer for the audit organization’s executive needs to consider whether it is appropriate to inform the electronic data interchange (EDI) and electronic funds transfer (EFT) board transactions. regarding scope limitations that were previously communicated to Before transfer of data to the VAN, the organization performs online and accepted preprocessing of by the board (PA 1130-1, para. 3). the transactions. The internal auditor is responsible for assessing Answer (B) is incorrect. The internal auditor should not preprocessing communicate directly controls. In addition, the agreement between the organization and with the board of the VAN. the VAN states that Answer (C) is incorrect. The internal auditor should not the internal auditor is allowed to examine and report on the controls communicate directly in place at the with the board of the VAN. VAN on an annual basis. The contract specifies that access to the Answer (D) is incorrect. A scope limitation must be communicated VAN can occur on a to the board. surprise basis during the second or third quarter of the fiscal year. [157] Gleim #: 2.3.56 This period was An internal auditor assigned to audit a vendor’s compliance with chosen so it would not interfere with processing during the VAN’s product quality peak transaction standards is the brother of the vendor’s controller. The auditor should periods. This provision was not reviewed with internal auditing. The A. Accept the assignment but avoid contact with the controller during annual fieldwork. engagement work schedule approved by the board of directors Accept the assignment but disclose the relationship in the specifies that a full engagement final review would be done during the current year. communication. When the internal auditor called to arrange the annual control review B. during the third C. Notify the vendor of the potential conflict of interest. quarter, the VAN stated that it could not accommodate the internal D. Notify the chief audit executive of the potential conflict of interest. auditor because the Gleim CIA Test Prep: Part 1 - Internal Audit Basics peak processing period started earlier than normal this year and all (720 questions) VAN personnel Copyright 2013 Gleim Publications Inc. Page 83 Printed for Sanja Knezevic may be responsible for it. Answer (A) is incorrect. Given a family connection with the auditee, Answer (C) is incorrect. The external auditor should not be notified even if the unless the auditor avoids contact with the controller, the appearance of a board believes it is necessary. conflict of interest Answer (D) is correct. A scope limitation, along with its potential exists. effect needs to Answer (B) is incorrect. Situations of potential conflict of interest or be communicated, preferably in writing, to the board (PA 1130-1, bias should be para. 3). avoided, not merely disclosed. [159] Gleim #: 2.3.58 Answer (C) is incorrect. Conflicts of interest are to be reported to the Independence is freedom from conditions that threaten the ability of chief audit the internal audit executive, not the vendor or engagement client. activity to carry out internal audit responsibilities in an unbiased Answer (D) is correct. Internal auditors are to report to the chief manner. Which audit executive policy best promotes independence? (CAE) any situations in which an actual or potential impairment to Requiring internal auditors to report to the chief audit executive any independence or conflicts of objectivity may reasonably be inferred, or if they have questions interest or bias. about whether a A. situation constitutes an impairment to objectivity or independence Preventing the internal audit activity from recommending standards (PA 1130-1, of control for para. 1). systems that it evaluates. [158] Gleim #: 2.3.57 B. The internal audit activity should be free to audit and report on any C. Allowing engagements concerning sensitive operations to be activity that also outsourced. reports to its administrative head if it considers such coverage to be Preventing personnel transfers from operating activities to the appropriate for its internal audit audit plan. Any limitation in scope or reporting of results of these activity. activities needs to be D. brought to the attention of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics Chief A. executive officer. (720 questions) B. Chief financial officer. Copyright 2013 Gleim Publications Inc. Page 84 C. External auditor. Printed for Sanja Knezevic D. Board. fb.com/ciaaofficial Answer (A) is incorrect. The CEO may be the administrative head of Answer (A) is correct. Internal auditors are to report to the chief the internal audit executive audit activity. (CAE) any situation in which (1) an actual or potential impairment of Answer (B) is incorrect. The CFO is also responsible for the independence or organization’s objectivity may reasonably be inferred or (2) they have questions accounting functions. Thus, when a scope or reporting limitation about whether the exists, the CFO situation constitutes an impairment of objectivity or independence. If time, a future engagement may result in the appearance of the CAE impairment of determines that impairment exists or may be inferred, (s)he needs to objectivity. Thus, no consideration should be given to the reassign the engagement status as auditor(s) (PA 1130-1, para. 1). justification for receiving fees or gifts. The receipt of promotional Answer (B) is incorrect. Internal auditing may recommend standards items (such as of control for pens, calendars, or samples) that are available to the general public systems that it evaluates. and have Answer (C) is incorrect. Outsourcing certain engagements does not minimal value do not hinder internal auditors’ professional judgments promote the (PA 1130- independence of the internal audit activity. 1, para. 4). Impairment of independence or objectivity, in fact or Answer (D) is incorrect. Transfers from operating activities to the appearance, must internal audit be disclosed to appropriate parties (Attr. Std. 1130). activity usually are permitted. However, transferees should not be Answer (B) is incorrect. The value of a weekend vacation is not assigned to immaterial. engagements concerning activities they previously performed until at Answer (C) is incorrect. The status of engagements is not a least 1 year has justification for elapsed. receiving fees or gifts. [160] Gleim #: 2.3.59 Answer (D) is incorrect. A supervisor may not approve unethical An internal auditor has recently received an offer from the manager behavior. of the marketing Gleim CIA Test Prep: Part 1 - Internal Audit Basics department of a weekend’s free use of his beachfront condominium. (720 questions) No engagement is Copyright 2013 Gleim Publications Inc. Page 85 currently being conducted in the marketing department, and none is Printed for Sanja Knezevic scheduled. The [161] Gleim #: 2.3.60 internal auditor As part of a company-sponsored award program, an internal auditor Should reject the offer and report it to the appropriate A. supervisor. was offered an B. May accept the offer because its value is immaterial. award of significant monetary value by a division in recognition of the C. May accept the offer because no engagement is being conducted cost savings or planned. that resulted from the auditor’s recommendations. According to the D. May accept the offer if approved by the appropriate supervisor. International Answer (A) is correct. An internal auditor is not to accept fees, gifts, Professional Practices Framework, what is the most appropriate or action for the auditor entertainment from an employee, client, customer, supplier, or to take? business associate. Accept the gift because the engagement is already concluded and Accepting a fee or gift may imply that the auditor’s objectivity has the report been impaired. issued. Even though an engagement is not being conducted in the A. applicable area at that Accept the award under the condition that any proceeds B. go to charity. C. Inform audit management and ask for direction on whether to of the internal auditors? accept the gift. One internal auditor told the review team that, during an engagement D. Decline the gift and advise the division manager’s superior. to review the Answer (A) is incorrect. The auditor should not accept the gift, payroll function, the payroll manager approached the auditor. The despite the manager previous completion of the engagement and issuance of the report. indicated the need for an accountant to prepare financial statements Answer (B) is incorrect. The auditor should not accept the award for the without first manager’s part-time business. The internal auditor agreed to perform informing and consulting audit management. this work for Answer (C) is correct. Internal auditors are not to accept fees, gifts, a reduced fee during non-work hours. or A. entertainment from an employee, client, customer, supplier, or During an engagement to review the construction of a building business associate addition to the that may create the appearance that the auditor’s objectivity has organization’s headquarters, the vice president of facilities been impaired. management gave the The status of engagements is not to be considered as justification for internal auditor a commemorative mug with the organization’s logo. receiving These mugs fees, gifts, or entertainment. Internal auditors are to report were distributed to all employees present at the ground-breaking immediately the offer ceremony. of all material fees or gifts to their supervisors. (PA 1130-1, para. 4). B. Answer (D) is incorrect. Declining the gift and advising the division After reviewing the installation of a data processing system, the manager’s internal auditor superior could erode the audit function’s relationship with the division made recommendations on standards of control. Three months after in completion of question. The auditor should inform and consult audit management the engagement, the engagement client requested the internal for guidance. auditor’s review of Gleim CIA Test Prep: Part 1 - Internal Audit Basics certain procedures for adequacy. The internal auditor agreed and (720 questions) performed this Copyright 2013 Gleim Publications Inc. Page 86 review. Printed for Sanja Knezevic C. fb.com/ciaaofficial An internal auditor’s participation was requested on a task force to [162] Gleim #: 2.3.61 reduce the An internal audit activity is currently undergoing its first external organization’s inventory losses from theft and shrinkage. This is the quality assurance first review since its formation 3 years ago. From interviews, the review consulting assignment undertaken by the internal audit activity. The team is informed internal of certain internal auditor activities over the past year. Which of the auditor’s role is to advise the task force on appropriate control following procedures. activities could affect the quality assurance review team’s evaluation D. of the objectivity Answer (A) is correct. An internal auditor is not to accept a fee, gift, provides assurance services for an activity for which the internal or auditor had entertainment from an employee, client, customer, supplier, or responsibility within the previous year (PA 1130.A1-1, para. 1). Thus, business associate if George that may create the appearance that the auditor’s objectivity has provides assurance services for payroll, his objectivity is presumed to been impaired be impaired. (PA 1130-1, para. 4). However, internal auditors may provide consulting services relating Answer (B) is incorrect. The receipt of promotional items with to operations for minimal value which they had previous responsibilities (Impl. Std. 1130.C1). does not impair objectivity. Answer (C) is incorrect. Providing assurance services regarding Answer (C) is incorrect. Recommending standards of control before payroll will impair implementation does not impair the internal auditor’s objectivity as the independence or objectivity of George. long as (s)he Answer (D) is incorrect. Providing consulting services regarding does not assume operating responsibilities. payroll will not Answer (D) is incorrect. Reviewing procedures before impair the objectivity of George. implementation does not [164] Gleim #: 2.4.63 impair the internal auditor’s objectivity as long as (s)he does not An organization has two manufacturing facilities. Each facility has assume operating two manufacturing responsibilities. processes and a separate packaging process. The processes are [163] Gleim #: 2.3.62 similar at both George is the new internal auditor for XYZ Corporation. George was facilities. Raw materials used include aluminum, materials to make in charge of plastic, various payroll for XYZ just 10 months ago. Performing what services in chemicals, and solvents. Pollution occurs at several operational regard to payroll is stages, including raw considered an impairment of independence or objectivity if performed materials handling and storage, process chemical use, finished by George? goods handling, and A. Consulting services. disposal. Waste products produced during the manufacturing B. Assurance services. processes include several C. Assurance or consulting services. that are considered hazardous. The nonhazardous waste is D. Neither assurance nor consulting services. transported to the local Gleim CIA Test Prep: Part 1 - Internal Audit Basics landfill. An outside waste vendor is used for the treatment, storage, (720 questions) and disposal of all Copyright 2013 Gleim Publications Inc. Page 87 hazardous waste. Printed for Sanja Knezevic Management is aware of the need for compliance with environmental Answer (A) is incorrect. Providing assurance services but not laws. The consulting services organization recently developed an environmental policy including a regarding payroll will impair the independence or objectivity of statement that George. each employee is responsible for compliance with environmental Answer (B) is correct. Objectivity is presumed to be impaired if an laws. internal auditor If the internal audit activity is assigned the responsibility of Grade point average on college A. accounting courses. conducting an B. Ability to fit well socially into a group. environmental audit, which of the following actions should be C. Ability to organize and express thoughts well. performed first? D. Level of detailed knowledge of the organization. Conduct risk assessments A. for each site. Answer (A) is incorrect. Although accounting educational B. Review organizational policies and procedures and verify performance is compliance. undoubtedly one criterion that must be examined, performance in C. Provide the assigned staff with technical training. one subject area D. Review the environmental management system. is much too limited a basis for predicting an applicant’s success Answer (A) is incorrect. The internal auditors should conduct risk given the broad assessments scope of internal auditing work. for each site only after qualified people have been assigned to the Answer (B) is incorrect. Social skills are a benefit to any internal project. auditor but Answer (B) is incorrect. Audit procedures to verify compliance with cannot be considered the most important characteristic of a good company candidate. policies and procedures are performed only after an audit staff with Answer (C) is correct. Internal auditors must have skills in oral and the needed written knowledge, skills, and other competencies is assigned to the audit. communications to clearly and effectively convey such matters as Answer (C) is correct. The internal audit activity collectively must engagement possess or objectives, evaluations, conclusions, and recommendations (PA obtain the necessary knowledge, skills, and other competencies 1210-1, para. 1). needed to conduct Answer (D) is incorrect. Entry-level internal auditors typically have the audit properly (Attr. Std. 1210). Thus, providing the assigned staff relatively with little knowledge of the organization. Applicants should demonstrate a adequate training or employing qualified external service providers is general a first step knowledge of the organization, but this factor is not the most reliable in an environmental audit. predictor of Answer (D) is incorrect. Internal auditors should review the successful performance as an internal auditor. environmental [166] Gleim #: 2.4.65 management system only after qualified people have been assigned A chief audit executive (CAE) for a very small internal audit to the project. department has just Gleim CIA Test Prep: Part 1 - Internal Audit Basics received a request from management to perform an audit of an (720 questions) extremely complex area Copyright 2013 Gleim Publications Inc. Page 88 in which the CAE and the department have no expertise. The nature Printed for Sanja Knezevic of the audit fb.com/ciaaofficial engagement is within the scope of internal audit activities. [165] Gleim #: 2.4.64 Management has expressed When hiring entry-level internal auditing staff, which of the following a desire to have the engagement conducted in the very near future will most likely because of the high predict the applicant’s success as an internal auditor? level of risk involved. Which of the following responses by the CAE skills is a violation of this standard. would be in Answer (D) is incorrect. Determining whether time is sufficient to violation of the Standards? develop necessary Discuss with management the possibility of outsourcing the audit of expertise is an appropriate response. Internal auditors should be this complex committed to life-long area. learning. Thus, it is not unreasonable to require them to expand their A. knowledge, skills, Add an outside consultant to the audit staff to assist in the and other competencies. performance of the [167] Gleim #: 2.4.66 audit engagement. Your organization has selected you to develop an internal audit B. activity. Your C. Accept the audit engagement and begin immediately, since it is a approach will most likely be to hire high-risk area. Internal auditors, each of whom possesses all the skills required to Discuss the timeline of the audit engagement with management to handle all determine if engagements. sufficient time exists in which to develop appropriate expertise. A. D. Inexperienced personnel and train them the way the organization Gleim CIA Test Prep: Part 1 - Internal Audit Basics wants them (720 questions) trained. Copyright 2013 Gleim Publications Inc. Page 89 B. Printed for Sanja Knezevic Degreed accountants because most internal audit work is C. Answer (A) is incorrect. Outsourcing (delegating the engagement to accounting related. an outside service Internal auditors who collectively have the knowledge and skills provider) is an appropriate response when auditors do not possess needed to the needed perform the responsibilities of the internal audit activity. background or skills and cannot develop such skills in a timely D. fashion. Answer (A) is incorrect. The scope of internal auditing is so broad Answer (B) is incorrect. Adding a consultant (cosourcing) is an that one appropriate response individual cannot have the requisite expertise in all areas. when auditors do not possess the needed background or skills and Answer (B) is incorrect. The internal audit activity should have cannot develop such personnel with skills in a timely fashion. various skill levels to permit appropriate matching of internal auditors Answer (C) is correct. The internal audit activity collectively must with possess or obtain varying engagement complexities. Furthermore, experienced internal the knowledge, skills, and other competencies needed to perform its auditors responsibilities should be available to train and supervise less experienced staff (Attr. Std. 1210). The auditors in this situation do not have such members. expertise. Thus, Answer (C) is incorrect. Many skills are needed in internal auditing. planning and executing the audit engagement without the For example, appropriate background and computer skills are needed in engagements involving information [169] Gleim #: 2.4.68 technology. The internal audit activity collectively must possess or obtain certain Answer (D) is correct. The internal audit activity collectively must competencies, possess or including an understanding of obtain the knowledge, skills, and other competencies needed to Internal audit procedures A. and techniques. perform its B. Accounting principles and techniques. responsibilities (Attr. Std. 1210). C. Management principles. [168] Gleim #: 2.4.67 D. Marketing techniques. The internal audit activity collectively must possess or obtain certain Answer (A) is incorrect. The required competencies include competencies, proficiency in, not an including proficiency in understanding of, internal audit standards, procedures, and A. Internal audit procedures and techniques. techniques. B. Accounting principles and techniques. Answer (B) is incorrect. The internal audit activity collectively must C. Management principles. have D. Marketing techniques. proficiency in, not merely an understanding of, accounting principles Gleim CIA Test Prep: Part 1 - Internal Audit Basics and (720 questions) techniques. Copyright 2013 Gleim Publications Inc. Page 90 Answer (C) is correct. An understanding means the ability to apply Printed for Sanja Knezevic broad fb.com/ciaaofficial knowledge to situations likely to be encountered, to recognize Answer (A) is correct. Proficiency means the ability to apply significant knowledge to situations deviations, and to be able to carry out the research necessary to likely to be encountered and to deal with them without extensive arrive at recourse to technical reasonable solutions. The required competencies include an research and assistance. Internal auditors must be proficient in understanding of applying internal audit management principles to recognize and evaluate the materiality and standards, procedures, and techniques in performing engagements significance (PA 1210-1, of deviations from good business practice (PA 1210-1, para. 1). para. 1). Answer (D) is incorrect. Internal auditors ordinarily need not be Answer (B) is incorrect. Only if internal auditors work extensively proficient in, or with financial have an understanding or appreciation of, marketing techniques. records and reports must they have proficiency in accounting [170] Gleim #: 2.4.69 principles and Internal auditing is unique in that its scope often encompasses all techniques. areas of an Answer (C) is incorrect. The required competencies include an organization. Thus, it is not possible for each internal auditor to understanding of, not possess detailed proficiency in, management principles. competence in all areas that might be the subject of engagements. Answer (D) is incorrect. Internal auditors ordinarily need not be Which of the proficient in following competencies must the internal audit activity possess marketing techniques. collectively? A. Understanding of taxation and law as it applies to operation of the Answer (B) is correct. An appreciation means the ability to recognize organization. the B. Proficiency in accounting principles. existence of problems or potential problems and to identify the C. Understanding of management principles. additional research D. Proficiency in information technology. to be undertaken or the assistance to be obtained. Internal auditors Gleim CIA Test Prep: Part 1 - Internal Audit Basics must have an (720 questions) appreciation of the fundamentals of business subjects, such as Copyright 2013 Gleim Publications Inc. Page 91 accounting, Printed for Sanja Knezevic economics, commercial law, taxation, finance, quantitative methods, Answer (A) is incorrect. Internal auditors are required to have only information an appreciation of technology, risk management, and fraud (PA 1210-1, para. 1). taxation and law. Answer (C) is incorrect. The required competencies include an Answer (B) is incorrect. Only if internal auditors work extensively understanding, with financial not an appreciation, of management principles. records and reports must they have proficiency in accounting Answer (D) is incorrect. Internal auditors ordinarily need not be principles. proficient in, or Answer (C) is correct. An understanding is the ability to apply broad have an understanding or appreciation of, marketing techniques. knowledge to [172] Gleim #: 2.4.71 situations likely to be encountered, to recognize significant The internal audit activity collectively must possess or obtain certain deviations, and to be able competencies, to carry out the research necessary to arrive at reasonable solutions. excluding The required A. Proficiency in applying internal audit standards. competencies include an understanding of management principles to B. An understanding of management principles. recognize and C. The ability to maintain good interpersonal relations. evaluate the materiality and significance of deviations from good D. The ability to conduct training sessions in quantitative methods. business practice. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Only a knowledge of key IT risks and (720 questions) controls and available Copyright 2013 Gleim Publications Inc. Page 92 technology-based audit techniques is required of internal auditors. Printed for Sanja Knezevic [171] Gleim #: 2.4.70 fb.com/ciaaofficial The internal audit activity collectively must possess or obtain certain Answer (A) is incorrect. Proficiency in applying internal audit competencies, standards, procedures, including an appreciation of and techniques is among the required competencies. Internal audit procedures A. and techniques. Answer (B) is incorrect. An understanding of management principles B. Accounting principles and techniques. sufficient to C. Management principles. recognize and evaluate the materiality and significance of deviations D. Marketing techniques. from good Answer (A) is incorrect. The required competencies include business practices is among the required competencies. proficiency in Answer (C) is incorrect. Skills in dealing with people, understanding applying internal audit standards, procedures, and techniques. human relations, and maintaining satisfactory relationships with engagement clients economics, commercial law, taxation, finance, quantitative methods, are among the information required competencies. technology, risk management, and fraud. Answer (D) is correct. The ability to conduct training sessions in Gleim CIA Test Prep: Part 1 - Internal Audit Basics specific areas is not (720 questions) among the required competencies. Copyright 2013 Gleim Publications Inc. Page 93 [173] Gleim #: 2.4.72 Printed for Sanja Knezevic Internal auditors must possess the knowledge, skills, and other [174] Gleim #: 2.4.73 competencies essential The Standards require that internal auditors possess which of the to the performance of their individual responsibilities. Consequently, following skills? all internal Internal auditors should understand human relations and be skilled in auditors should be proficient in applying dealing with Internal A. auditing standards. people. B. Quantitative methods. I. C. Management principles. Internal auditors should be able to recognize and evaluate the D. Structured systems analysis. materiality and Answer (A) is correct. All internal auditors should be proficient in significance of deviations from good business practices. applying II. internal auditing standards, procedures, and techniques required in Internal auditors should be experts on subjects such as economics, performing commercial engagements. Proficiency means the ability to apply knowledge to law, taxation, finance, and information technology. situations likely III. to be encountered and to deal with them without extensive recourse Internal auditors should be skilled in oral and written IV. to technical communication. research and assistance (PA 1210-1, para. 1). A. II only. Answer (B) is incorrect. Internal auditors must have an appreciation B. I and III only. of, not C. III and IV only. proficiency in, the fundamentals of business subjects such as D. I, II, and IV only. quantitative Answer (A) is incorrect. Internal auditors also should understand methods. human relations Answer (C) is incorrect. Internal auditors must have an and be skilled in dealing with people and in oral and written understanding of, not communication. proficiency in, management principles to recognize and evaluate the Answer (B) is incorrect. Internal auditors are expected to have an materiality appreciation of and significance of deviations from good business practices. (not be experts in) fields related to their audit responsibilities. Answer (D) is incorrect. Internal auditors must have an appreciation Moreover, internal of, not auditors should be able to recognize and evaluate the materiality and proficiency in, the fundamentals of business subjects such as significance accounting, of deviations from good business practices. Answer (C) is incorrect. Internal auditors must have an appreciation D. of, not Gleim CIA Test Prep: Part 1 - Internal Audit Basics expertise in, the fundamentals of fields related to their audit (720 questions) responsibilities. They Copyright 2013 Gleim Publications Inc. Page 94 also should understand human relations and be skilled in dealing Printed for Sanja Knezevic with people. fb.com/ciaaofficial Furthermore, they should be able to recognize and evaluate the Answer (A) is incorrect. The internal auditors should be able to materiality and convey effectively significance of deviations from good business practices. engagement objectives. Answer (D) is correct. Skills required by the Standards for internal Answer (B) is incorrect. The internal auditors should be able to auditors convey effectively include engagement evaluations. Skills in dealing with people, understanding human relations, and Answer (C) is correct. Internal auditors must be skilled in oral and maintaining written satisfactory relationships with engagement clients. communications so that they can clearly and effectively convey such Skills in oral and written communications to clearly and effectively matters as convey engagement objectives, evaluations, conclusions, and such matters as engagement objectives, evaluations, conclusions, recommendations (PA 1210-1, and para. 1). The risk assessment used in selecting the area for recommendations. investigation is not An understanding of management principles to recognize and necessarily a matter that must be communicated to an engagement evaluate the client. materiality and significance of deviations from good business Answer (D) is incorrect. The internal auditors should be able to practices. convey effectively An appreciation of (not expertise in) of the fundamentals of business engagement recommendations. subjects [176] Gleim #: 2.4.75 such as accounting, economics, commercial law, taxation, finance, Internal auditors must have the knowledge, skills, and other quantitative methods, information technology, risk management, and competencies needed to fraud perform their individual responsibilities. Which of the following (PA 1210-1, para. 1). properly describes [175] Gleim #: 2.4.74 the level of knowledge, skill, or other competency required? Internal Communication skills are important to internal auditors. They should auditors must be able to have convey effectively all of the following to engagement clients except Proficiency in applying internal auditing standards and procedures A. The objectives designed for a specific engagement. without B. The engagement evaluations based on a survey. extensive recourse to technical research and assistance. C. The risk assessment used in selecting the area for investigation. A. Recommendations that are generated in relationship to a specific Proficiency in applying knowledge of accounting and information engagement technology to client. specific or potential problems. B. What is the most appropriate preventive measure for staff An understanding of broad techniques used in supporting and communication problems developing with engagement clients? engagement observations and the ability to research the proper Provide staff with sufficient training to enhance communication A. procedures to be skills. used in any engagement situation. B. Avoid unnecessary communication with engagement clients. C. C. Discuss communication problems with staff auditors. A broad appreciation of accounting principles and techniques during D. Meet with engagement clients to resolve communication engagements problems. involving the financial records and reports of the organization. Answer (A) is correct. Internal auditors must be skilled in oral and D. written Answer (A) is correct. Proficiency means the ability to apply communications so that they can clearly and effectively convey such knowledge to matters as situations likely to be encountered and to deal with them without engagement objectives, evaluations, conclusions, and extensive recommendations (PA recourse to technical research and assistance. An internal auditor 1210-1, para. 1). must be Answer (B) is incorrect. The issue is the quality rather than the proficient in applying internal auditing standards, procedures, and quantity of techniques in communication. performing engagements (PA 1210-1, para. 1). Answer (C) is incorrect. Communication problems should be Answer (B) is incorrect. An appreciation of the fundamentals of, not resolved through proficiency effective training. in, information technology is required. Proficiency in accounting Answer (D) is incorrect. Meeting with engagement clients will not principles and resolve techniques is required only if the internal auditor works extensively problems caused by poor staff communication skills. with financial [178] Gleim #: 2.5.77 records and reports. As part of the process to improve internal auditor-engagement client Answer (C) is incorrect. Proficiency in, not an understanding of, relations, it is internal auditing very important to deal with how the internal audit activity is standards, procedures, and techniques is required. perceived. Certain types Answer (D) is incorrect. Proficiency in, not an appreciation of, of attitudes in the work performed will help create these perceptions. accounting From a principles and techniques is required when the internal auditor works management perspective, which attitude is likely to be the most extensively conducive to a with financial records and reports. positive perception? Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. Objective. (720 questions) B. Investigative. Copyright 2013 Gleim Publications Inc. Page 95 C. Interrogatory. Printed for Sanja Knezevic D. Consultative. [177] Gleim #: 2.4.76 Answer (A) is incorrect. Objectivity is desirable but, by itself, will not Answer (D) is incorrect. Internal auditors are not independent if they lead to a implement more positive relationship. policies and procedures. Answer (B) is incorrect. An investigative attitude is not likely to [180] Gleim #: 2.5.79 enhance the Which one of the following is responsible for determining the relationship. appropriate levels of Answer (C) is incorrect. An interrogatory attitude is not likely to education and experience needed for the internal audit staff? enhance the Human A. resource manager. relationship. B. Chief audit executive. Answer (D) is correct. A consultative attitude leads to two-way C. Chief executive officer. communication. D. Treasurer. Consultation considers the client’s viewpoint, helps to dispel fear and Answer (A) is incorrect. Hiring practices are an essential part of mistrust, understanding and demonstrates the value of internal auditing to the client. the internal audit staff’s background, but the human resource [179] Gleim #: 2.5.78 manager is not The consultative approach to internal auditing emphasizes responsible for determining the appropriate levels of education and A. Imposition of corrective measures. experience B. Participation with engagement clients to improve methods. needed for the internal audit staff. C. Fraud investigation. Answer (B) is correct. The CAE must ensure that the internal audit D. Implementation of policies and procedures. activity is Gleim CIA Test Prep: Part 1 - Internal Audit Basics able to fulfill its responsibilities. The CAE must determine the (720 questions) appropriate levels Copyright 2013 Gleim Publications Inc. Page 96 of education and experience needed for the internal audit staff to Printed for Sanja Knezevic fulfill that fb.com/ciaaofficial responsibility. Answer (A) is incorrect. Imposition of changes implies an Answer (C) is incorrect. The chief executive officer is not directly adversarial relationship. responsible for Answer (B) is correct. Consultation with the engagement client not determining the appropriate levels of education and experience only facilitates the needed for the planning and performance of the engagement but is a courtesy that internal audit staff. enhances the Answer (D) is incorrect. The treasurer is not responsible for internal auditor-client relationship. Developing a positive relationship determining the produces a more appropriate levels of education and experience needed for the favorable environment for the engagement effort. Moreover, involving internal audit staff. the client in the [181] Gleim #: 2.5.80 engagement process is likely to increase acceptance of All of the following will help the CAE identify the available knowledge, recommended changes. skills, and Answer (C) is incorrect. Consultation is less likely when the client is competencies of the internal audit staff except suspected of A. Hiring practices. fraud. B. Periodic skills assessment. C. External service provider. Answer (A) is incorrect. Use of external service providers with D. Staff performance appraisals. expertise in Gleim CIA Test Prep: Part 1 - Internal Audit Basics healthcare benefits is also appropriate when comparing healthcare (720 questions) costs with those Copyright 2013 Gleim Publications Inc. Page 97 of other programs and training staff to conduct healthcare audits. Printed for Sanja Knezevic Answer (B) is incorrect. Use of external service providers with Answer (A) is incorrect. Hiring practices are an essential part of expertise in understanding the healthcare benefits is also appropriate when evaluating the background of the internal audit staff. estimated liability for Answer (B) is incorrect. The CAE should conduct periodic skills postretirement benefits and training staff to conduct healthcare assessments to audits. determine the specific resources available. Answer (C) is incorrect. Use of external service providers with Answer (C) is correct. External service providers are used when the expertise in internal audit staff healthcare benefits is also appropriate when comparing healthcare does not have the necessary knowledge, skills, and competencies to costs with those fulfill the of other programs and evaluating the estimated liability for responsibilities of the internal audit activity. postretirement Answer (D) is incorrect. Staff performance appraisals are completed benefits. at the end of any Answer (D) is correct. If the internal auditors lack the necessary major internal audit engagement. These appraisals help the CAE expertise, assess future training external service providers should be employed who can provide the needs and current staff abilities. requisite [182] Gleim #: 2.5.81 knowledge, skills, and other competencies. Thus, external service Use of external service providers with expertise in healthcare providers may benefits is appropriate provide assistance in (1) estimating the liability for postretirement when the internal audit activity is benefits, Evaluating the organization’s estimate of its liability for postretirement (2) developing a comparative analysis of healthcare costs, and (3) benefits, training the staff which include healthcare benefits. to audit healthcare costs. A. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Comparing the cost of the organization’s healthcare program with (720 questions) other programs Copyright 2013 Gleim Publications Inc. Page 98 offered in the industry. Printed for Sanja Knezevic B. fb.com/ciaaofficial Training its staff to conduct an audit of healthcare costs in a major [183] Gleim #: 2.5.82 division of the A chief audit executive has reviewed credentials, checked organization. references, and interviewed C. a candidate for a staff position. The CAE concludes that the All of the answers D. are correct. candidate has a thorough understanding of internal audit techniques, accounting, and finance. A. Delete the engagement from the schedule. However, the B. Perform the entire engagement using current staff. candidate has limited knowledge of economics and information C. Engage an engineering consultant to perform the comparison. technology. Which D. Accept the contractor’s written representations. action is most appropriate? Answer (A) is incorrect. The engagement is within the scope of the Reject the candidate because of the lack of knowledge required A. internal audit by the Standards. activity. B. Offer the candidate a position despite lack of knowledge in certain Answer (B) is incorrect. Performing the engagement using the essential areas. current Encourage the candidate to obtain additional training in economics (unqualified) staff is inappropriate. and Answer (C) is correct. If the internal auditors lack the necessary information technology and then reapply. expertise, C. external service providers should be employed who can provide the Offer the candidate a position if other staff members possess requisite sufficient knowledge knowledge, skills, and other competencies. in economics and information technology. Answer (D) is incorrect. Accepting the contractor’s representations D. without Answer (A) is incorrect. The Standards do not require each internal adequate testing is inappropriate. auditor to Gleim CIA Test Prep: Part 1 - Internal Audit Basics possess a knowledge of all relevant subjects. (720 questions) Answer (B) is incorrect. The internal audit activity’s needs may be Copyright 2013 Gleim Publications Inc. Page 99 for additional Printed for Sanja Knezevic expertise in economics or information technology. [185] Gleim #: 2.5.84 Answer (C) is incorrect. Encouraging the candidate to obtain If the internal audit activity of a nonpublic company does not have additional training the skills to does not adequately address the internal audit activity’s current perform a particular task, an external service provider (ESP) could be needs. brought in from Answer (D) is correct. Each member of the internal audit activity The organization’s I. external audit firm need not be II. An external consulting firm qualified in all disciplines (PA 1210.A1-1, para. 1). III. The engagement client [184] Gleim #: 2.5.83 IV. A college or university An internal audit activity has scheduled an engagement relating to a A. I and II only. construction B. II and IV only. contract. One portion of this engagement will include comparing C. I, II, and III only. materials purchased D. I, II, and IV only. with those specified in the engineering drawings. The internal audit Answer (A) is incorrect. An ESP from a college or university is also activity does not acceptable. have anyone on staff with sufficient expertise to complete this Answer (B) is incorrect. An ESP from a nonpublic organization’s procedure. The chief external audit audit executive should firm is also acceptable. Answer (C) is incorrect. An ESP from the engagement client is not professionalism. independent. Answer (C) is incorrect. This requirement does not affect use of Answer (D) is correct. Qualified ESPs may be recruited from many external service sources. providers. However, an ESP associated with the engagement client is Answer (D) is correct. Each member of the internal audit activity unacceptable because need not be the person would not be independent or objective. qualified in all disciplines (PA 1210.A1-1, para. 1). The internal audit [186] Gleim #: 2.5.85 activity A chief audit executive for a large manufacturer is considering should have an appropriate balance of experience, training, and revising the internal skills to permit the audit activity’s charter with respect to the minimum educational and performance of a wide range of services. Requiring certain experience professional qualifications required. The CAE wants to require all staff auditors to certifications could limit the range of services offered by the internal possess audit specialized training in accounting and a professional auditing activity. certification such as the Gleim CIA Test Prep: Part 1 - Internal Audit Basics Certified Internal Auditor or the Chartered Accountant. One of the (720 questions) disadvantages of Copyright 2013 Gleim Publications Inc. Page 100 imposing this requirement is that the policy Printed for Sanja Knezevic Might negatively affect the internal audit activity’s ability to perform fb.com/ciaaofficial quality [187] Gleim #: 2.5.86 engagements relating to the organization’s financial and accounting A professional engineer applied for a position in the internal audit systems. activity of a high A. technology firm. The engineer became interested in the position after B. Does not promote the professionalism of the internal audit activity. observing Would prevent the internal audit activity from using external service several internal auditors while they were performing an engagement providers in the engineering when it did not have the knowledge, skills, and other competencies department. The chief audit executive required in Should not hire the engineer because of the lack of knowledge of certain engagements. internal audit C. standards. Could limit the range of services that could be performed due to the A. internal audit May hire the engineer despite the lack of knowledge of internal B. activity’s narrow expertise and backgrounds. audit standards. D. Should not hire the engineer because of the lack of knowledge of Answer (A) is incorrect. The policy might result in better accounting and engagements relating to taxes. financial and accounting systems. C. Answer (B) is incorrect. Setting minimum professional standards May hire the engineer because of the knowledge of internal auditing promotes gained in the previous position. Answer (C) is incorrect. Checking an applicant’s references is an D. appropriate Answer (A) is incorrect. Each new employee of an internal audit procedure to determine a prospective auditor’s qualifications. activity is not Answer (D) is incorrect. Determining previous job experience is required to have knowledge of internal audit standards. However, the appropriate internal during the hiring process. audit activity collectively must have this knowledge. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is correct. Each member of the internal audit activity (720 questions) need not be Copyright 2013 Gleim Publications Inc. Page 101 qualified in all disciplines (PA 1210.A1-1, para. 1). Printed for Sanja Knezevic Answer (C) is incorrect. Each individual internal auditor is not [189] Gleim #: 2.5.88 required to have A chief audit executive (CAE) has been requested by the audit knowledge of accounting or taxes. committee to conduct Answer (D) is incorrect. The knowledge acquired by observation is an engagement at a chemical factory as soon as possible. The irrelevant to engagement will include the skills necessary for internal auditing. reviews of health, safety, and environmental (HSE) management and [188] Gleim #: 2.5.87 processes. The Reasonable assurance should be obtained as to each prospective CAE knows that the internal audit activity does not possess the HSE internal auditor’s knowledge qualifications and proficiency. Which of the following is the least necessary to conduct such an engagement. The CAE must useful application Begin the engagement and incorporate HSE training into next year’s of this principle? planning to A. Determining that all applicants have an accounting degree. prepare for a follow-up engagement. B. Obtaining college transcripts. A. C. Checking an applicant’s references. Suggest to the audit committee that the factory’s own HSE staff D. Determining previous job experience. conduct the Answer (A) is correct. Internal auditors must possess the engagement. knowledge, skills, and B. other competencies needed to perform their individual Seek permission from the audit committee to obtain appropriate responsibilities. The support from an internal audit activity collectively must possess or obtain the HSE professional. knowledge, skills, C. and other competencies needed to perform its responsibilities (Attr. Defer the engagement and tell the audit committee that it will take Std. 1210). several months Each member of the internal audit activity, however, need not be to train internal audit staff for such an engagement. qualified in all D. disciplines (PA 1210.A1-1, para. 1). Answer (A) is incorrect. The CAE should not begin the audit without Answer (B) is incorrect. Obtaining college transcripts is an notifying appropriate procedure the audit committee of the knowledge issue and attempting to to determine a prospective auditor’s qualifications. resolve it. Answer (B) is incorrect. A review by the factory’s HSE staff will not Copyright 2013 Gleim Publications Inc. Page 102 provide the Printed for Sanja Knezevic audit committee with an independent review. fb.com/ciaaofficial Answer (C) is correct. The chief audit executive must obtain Answer (A) is incorrect. Assessing self-insurance controls is outside competent advice the normal scope and assistance if the internal auditors lack the knowledge, skills, or of the internal audit activity. The internal auditor may need to engage other an actuary. competencies needed to perform all or part of the engagement Answer (B) is incorrect. Assessing self-insurance risks is outside the (Impl. Std. 1210.A1). normal scope of Answer (D) is incorrect. Delaying the engagement may have serious the internal audit activity. The internal auditor may need to engage consequences given the nature of the HSE issues involved. an actuary. [190] Gleim #: 2.5.89 Answer (C) is incorrect. An internal auditor might be able to When the engagement was assigned, management asked the determine whether the internal auditor to healthcare costs are reasonable. evaluate the appropriateness of using self-insurance to minimize risk Answer (D) is correct. The internal audit activity may use external to the service providers organization. Given the scope of the engagement requested by or internal sources that are qualified in disciplines such as management, should accounting, auditing, the internal auditor engage an actuarial consultant to assist in the economics, finance, statistics, information technology, engineering, engagement if these taxation, law, skills do not exist on staff? environmental affairs, and other areas as needed to meet the internal No. The internal audit activity is skilled in assessing controls, and the audit activity’s insurance responsibilities (PA 1210.A1-1, para. 1). Thus, unless the internal control concepts are not distinctly different from other control audit activity has an concepts. employee with actuarial skills, an actuarial consultant should be hired A. to assess selfinsurance No. It is a normal internal auditor function to assess risk; this risks. engagement is [191] Gleim #: 2.5.90 therefore not unique. The internal audit activity is considering hiring a person who has a B. thorough Yes. An actuary is essential to determine whether the healthcare understanding of internal auditing techniques, accounting, and costs are principles of reasonable. management but has nonspecialized knowledge of economics and C. information Yes. The actuary has skills not usually found among internal auditors technology. Hiring the person is most appropriate if to identify A professional development program is agreed to in advance A. of and quantify self-insurance risks. actual hiring. D. A mentor is assigned to ensure completion of an individually Gleim CIA Test Prep: Part 1 - Internal Audit Basics designed (720 questions) professional development program. B. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Other internal auditors possess sufficient knowledge of economics (720 questions) and Copyright 2013 Gleim Publications Inc. Page 103 information technology. Printed for Sanja Knezevic C. Answer (A) is correct. The CAE should conduct periodic skills The prospective employee could reasonably be expected to gain assessments to sufficient determine the specific resources available. Assessments should be knowledge of these competencies in the long run. performed at least D. annually. Answer (A) is incorrect. Regardless of their backgrounds, all internal Answer (B) is incorrect. Periodic skills assessments should be auditors performed more must enhance their knowledge, skills, and other competencies frequently than every 5 years. through continuing Answer (C) is incorrect. Periodic skills assessments do not need to professional development. be performed Answer (B) is incorrect. The use of a mentor is encouraged quarterly. regardless of the new Answer (D) is incorrect. Periodic skills assessments do not need to internal auditor’s background. be performed Answer (C) is correct. Internal auditors must possess the semiannually. knowledge, skills, and [193] Gleim #: 2.5.92 other competencies needed to perform their individual An internal auditor’s objectivity could be compromised in all of the responsibilities. The following internal audit activity collectively must possess or obtain the situations except knowledge, skills, A conflict A. of interest. and other competencies needed to perform its responsibilities (Attr. An engagement client’s familiarity with the internal auditor due to lack Std. 1210). of rotation However, each member of the internal audit activity need not be in assignments. qualified in all B. disciplines (PA 1210.A1-1, para. 1). C. The internal auditor’s assumption of operational duties on a Answer (D) is incorrect. Unless other internal auditors possess temporary basis. sufficient D. Reliance on an outside service provider when appropriate. knowledge of these competencies, hiring this person would Answer (A) is incorrect. By definition, a conflict of interest can accentuate staffing compromise an deficiencies. internal auditor’s objectivity. [192] Gleim #: 2.5.91 Answer (B) is incorrect. The CAE can prevent potential and actual At a minimum, how often should the skills of the internal audit staff conflicts of be assessed? interest by, when practicable, rotating internal audit staff assignments A. Annually. periodically. B. Every 5 years. Answer (C) is incorrect. Persons transferred to, or temporarily C. Quarterly. engaged by, the D. Semi-annually. internal audit activity should not be assigned to audit those activities independent sources. Previous customers or clients who are familiar they with the ESP’s previously performed until at least 1 year has elapsed. work can provide feedback based on their direct experience. The Answer (D) is correct. The CAE must obtain competent advice and consensus of these assistance if opinions is likely to be reliable. the internal auditors lack the knowledge, skills, or other Answer (D) is incorrect. Determining the financial interest the ESP competencies needed to may have in the perform all or part of the engagement (Impl. Std. 1210.A1). organization relates to assessing independence and objectivity. Consulting an outside [195] Gleim #: 2.5.94 service provider is therefore appropriate in these circumstances. In some organizations, internal audit functions are outsourced. [194] Gleim #: 2.5.93 Management in a large The CAE determines that an external service provider (ESP) organization should recognize that the external auditor may have an possesses the necessary advantage, knowledge, skills, and other competencies to perform the compared with the internal auditor, because of the external auditor’s engagement. The most Familiarity with the organization. Its annual audits provide an in- effective procedure to evaluate the ESP is depth knowledge A. Considering the current compensation of the potential ESP. of the organization. Verifying that no financial, organizational, or personal relationships A. will prevent Size. It can hire experienced, knowledgeable, and B. certified staff. the ESP from rendering impartial and unbiased judgments. Size. It is able to offer continuous availability of staff unaffected by B. other C. Contacting others familiar with the ESP’s work. priorities. D. Determining the financial interest the ESP may have in the C. organization. Structure. It may more easily accommodate engagement Gleim CIA Test Prep: Part 1 - Internal Audit Basics requirements in distant (720 questions) locations. Copyright 2013 Gleim Publications Inc. Page 104 D. Printed for Sanja Knezevic Answer (A) is incorrect. The internal auditors are likely to be more fb.com/ciaaofficial familiar with Answer (A) is incorrect. Considering the current compensation of the organization than the external auditors, given the continuous the potential ESP nature of their relates to assessing independence and objectivity. responsibilities. Answer (B) is incorrect. Verifying that no financial, organizational, or Answer (B) is incorrect. The internal auditor also can hire personal experienced, relationships will prevent the ESP from rendering impartial and knowledgeable, and certified staff. unbiased judgments Answer (C) is incorrect. The internal auditor is more likely to be relates to assessing independence and objectivity. continuously Answer (C) is correct. To evaluate the ESP’s reputation, the CAE available. The external auditor has responsibilities to many other should interview clients. Answer (D) is correct. Large organizations that are geographically auditors cannot give absolute assurance that noncompliance or dispersed may irregularities do not find outsourcing internal audit functions to external auditors to be exist (PA 1220-1, para. 2). effective. A Answer (D) is incorrect. An internal auditor must recommend major public accounting firm ordinarily has operations that are improvements to national or promote conformance with acceptable procedures and practices. worldwide in scope. [197] Gleim #: 2.6.96 [196] Gleim #: 2.6.95 An internal auditor observes that a receivables clerk has physical Which of the following statements is true with respect to due access to and control professional care? of cash receipts. The auditor worked with the clerk several years An internal auditor should perform detailed tests of all transactions before and has a high before level of trust in the individual. Accordingly, the auditor notes in the communicating results. engagement A. working papers that controls over receipts are adequate. Has the An item should not be mentioned in an engagement communication auditor exercised due unless the professional care? internal auditor is absolutely certain of the item. Yes, reasonable care A. has been taken. B. B. No, irregularities were not noted. An engagement communication should never be viewed as providing C. No, alertness to conditions most likely indicative of irregularities an infallible was not shown. truth about a subject. D. Yes, the engagement working papers were annotated. C. Answer (A) is incorrect. The auditor’s engagement observation is D. An internal auditor has no responsibility to recommend inappropriate improvements. given the lack of segregation of functions. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. No indication is given that irregularities have (720 questions) occurred. Copyright 2013 Gleim Publications Inc. Page 105 Answer (C) is correct. Internal auditors must be alert to those Printed for Sanja Knezevic conditions and Answer (A) is incorrect. An internal auditor must conduct reasonable activities where irregularities are most likely to occur and must examinations identify and verifications, but detailed tests of all transactions are not inadequate controls (PA 1220-1, para. 1). Thus, the internal auditor required. did not Answer (B) is incorrect. Absolute assurance need not, and cannot, exercise due professional care. Cash has a high degree of inherent be given. risk and should Answer (C) is correct. Due professional care implies reasonable therefore be subject to strict controls. Access to cash and the care and competence, recordkeeping not infallibility or extraordinary performance. Thus, it requires the functions should be separated regardless of the personal qualities of internal auditor to the conduct examinations and verifications to a reasonable extent. individuals involved. That the internal auditor trusts the clerk is Accordingly, internal irrelevant. Management still needs to be aware that internal control over engagement. However, the assurance engagement may still include receivables is the item if it is inadequate. subsequently determined that Answer (D) is incorrect. Annotating the working papers does not Sufficient A. staff is available. indicate that the B. Adverse effects related to the item are likely to occur. auditor exercised due professional care. Cash has a high inherent C. Related information is reliable. risk of D. Miscellaneous income is affected. irregularities, and professional judgment and alertness are Answer (A) is incorrect. In the absence of other considerations, necessary. devoting [198] Gleim #: 2.6.97 additional engagement effort to an immaterial item is inefficient. Due professional care implies reasonable care and competence, not Answer (B) is correct. Internal auditors must exercise due infallibility or professional care by extraordinary performance. Thus, which of the following is considering the relative complexity, materiality, or significance of unnecessary? matters to A. The conduct of examinations and verifications to a reasonable which assurance procedures are applied (Impl. Std. 1220.A1). extent. Materiality B. The conduct of extensive examinations. judgments are made in the light of all the circumstances and involve C. The reasonable assurance that compliance does exist. qualitative as D. The consideration of the possibility of material irregularities. well as quantitative considerations. Moreover, internal auditors also Gleim CIA Test Prep: Part 1 - Internal Audit Basics must consider (720 questions) the interplay of risk with materiality. Consequently, engagement effort Copyright 2013 Gleim Publications Inc. Page 106 may be Printed for Sanja Knezevic required for a quantitatively immaterial item if adverse effects are fb.com/ciaaofficial likely to occur, Answer (A) is incorrect. Examination and verification need only be for example, a material contingent liability arising from an illegal undertaken to a payment that is reasonable extent. otherwise immaterial. Answer (B) is correct. Due professional care implies reasonable Answer (C) is incorrect. Additional engagement procedures might care and competence, not be needed not infallibility or extraordinary performance. It requires the internal if related information is reliable. auditor to conduct Answer (D) is incorrect. The item is more likely to be included if it examinations and verifications to a reasonable extent (PA 1220-1, affects para. 2). recurring income items rather than miscellaneous income. Answer (C) is incorrect. An internal auditor cannot give absolute [200] Gleim #: 2.6.99 assurance. With regard to the exercise of due professional care, an internal Answer (D) is incorrect. The possibility of material irregularities must auditor should be considered. Consider the relative materiality or significance of matters to which [199] Gleim #: 2.6.98 assurance An internal auditor judged an item to be immaterial when planning an procedures are applied. assurance A. B. Emphasize the potential benefits of an engagement without significant fraud by being assigned all but which one of the following regard to the cost. tasks? Consider whether criteria have been established to determine Review large, abnormal, or unexplained A. expenditures. whether goals are Review sensitive expenses, such as legal fees, consultant fees, and achieved, not whether those criteria are adequate. foreign sales C. commissions. Select procedures that are likely to provide absolute assurance that B. irregularities C. Review every control feature pertaining to petty cash receipts. do not exist. D. Review contributions by the organization that appear to be D. unusual. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. To prevent or detect significant fraud, the (720 questions) internal Copyright 2013 Gleim Publications Inc. Page 107 auditor should review large, abnormal, or unexplained expenditures. Printed for Sanja Knezevic Answer (B) is incorrect. To prevent or detect significant fraud, the Answer (A) is correct. Exercising due professional care means internal applying the care and auditor should review sensitive expenses. skill expected of a reasonably prudent and competent internal auditor Answer (C) is correct. The internal auditor must exercise due (Attr. Std. 1220). professional care by Internal auditors must exercise due professional care by considering, considering the relative complexity, materiality, or significance of among other matters to things, the relative complexity, materiality, or significance of matters which assurance procedures are applied. The cost of assurance in to which relation to its assurance procedures are applied (Impl. Std. 1220.A1). benefits also should be considered (Impl. Std. 1220.A1). Hence, an Answer (B) is incorrect. The internal auditor should consider the exhaustive cost in relation to the review of petty cash is not an efficient and effective use of limited potential benefits before beginning an engagement. internal audit Answer (C) is incorrect. Adequate criteria are needed to evaluate resources because it will not prevent or detect significant fraud. The controls. If amount of determined to be adequate, internal auditors must use such criteria any theft of petty cash will not be substantial. in their evaluation. Answer (D) is incorrect. To prevent or detect significant fraud, the If inadequate, internal auditors must work with management to internal develop appropriate auditor should review unusual contributions. evaluation criteria. [202] Gleim #: 2.6.101 Answer (D) is incorrect. Internal auditors cannot give absolute To ensure that due professional care has been taken at all times assurance that during an engagement, noncompliance or irregularities do not exist. the internal auditor should always [201] Gleim #: 2.6.100 Ensure that all financial information related to the audit is included in The internal audit activity can perform an important role in preventing the audit and detecting plan and examined for nonconformance or irregularities. A. B. Ensure that all audit tests are fully documented. assignment. Consider the possibility of nonconformance or irregularities at all Answer (D) is incorrect. Due professional care does not require that times during an immaterial engagement. instances of noncompliance or irregularity be reported to the audit C. committee. Communicate any noncompliance or irregularity discovered during Gleim CIA Test Prep: Part 1 - Internal Audit Basics an (720 questions) engagement promptly to the audit committee. Copyright 2013 Gleim Publications Inc. Page 109 D. Printed for Sanja Knezevic Gleim CIA Test Prep: Part 1 - Internal Audit Basics [203] Gleim #: 2.6.102 (720 questions) A staff internal auditor performed a portion of an engagement to Copyright 2013 Gleim Publications Inc. Page 108 review an Printed for Sanja Knezevic organization’s marketing function. In particular, the internal auditor fb.com/ciaaofficial evaluated the Answer (A) is incorrect. The automatic inclusion of relevant financial function’s effective and efficient use of resources to identify information in I. Underused facilities an audit plan does not guarantee that due professional care has II. Overstaffing or understaffing been exercised over the III. Nonproductive work audit as a whole. IV. Procedures that were not cost justified Answer (B) is incorrect. Keeping detailed working papers does not To test for underused facilities, the internal auditor performed a ensure that due complete walkthrough professional care has been exercised during the tests. of all spaces assigned to the marketing function and evaluated the Answer (C) is correct. Due professional care implies reasonable use of both care and competence, space and capital equipment. The internal auditor analyzed reports not infallibility or extraordinary performance. Thus, due professional on space usage for care requires the the last year and concluded that facilities were neither underused nor internal auditor to conduct examinations and verifications to a used at maximum reasonable extent. capacity. Accordingly, internal auditors cannot give absolute assurance that To test for overstaffing or understaffing, the internal auditor noncompliance or compared current staffing irregularities do not exist. Nevertheless, the possibility of material levels with a staffing analysis recently completed by an independent irregularities or contractor. noncompliance needs to be considered whenever the internal auditor Because the staffing analysis used work standards and service undertakes an demands to provide internal auditing assignment (PA 1220-1, para. 2). Thus, considering factual and reliable information on staffing requirements, the internal the possibility of auditor was able nonconformance or material irregularities at all times during an to conclude that staffing levels were optimal. engagement is the only To test for nonproductive work, the internal auditor interviewed an way of demonstrating that due professional care has been taken in employee from an internal audit each level and, based upon their responses, concluded that no noncompliance needs to be considered whenever the internal auditor significant amount of undertakes an nonproductive work was being performed. Thus, the internal auditor internal audit assignment (PA 1220-1, para. 2). Accordingly, the work concluded that performed with additional engagement work to search for procedures that were not regard to facilities usage and staffing was adequate and would cost-justified withstand normal would not be necessary. scrutiny. In reference to requirements I and II, due professional care Answer (B) is incorrect. The work performed in both areas was Was exercised because the internal auditor applied reasonable care adequate and would and withstand normal scrutiny. competence in both areas. Answer (C) is incorrect. The work performed in both areas was A. adequate and would Was not exercised because the internal auditor failed to apply withstand normal scrutiny. reasonable care Answer (D) is incorrect. The work performed in both areas was regarding requirement II. adequate and would B. withstand normal scrutiny. Was not exercised because the internal auditor failed to apply Gleim CIA Test Prep: Part 1 - Internal Audit Basics reasonable care (720 questions) regarding requirements I and II. Copyright 2013 Gleim Publications Inc. Page 111 C. Printed for Sanja Knezevic Was not exercised because the internal auditor failed to apply [204] Gleim #: 2.6.103 reasonable care A staff internal auditor performed a portion of an engagement to regarding requirement I. review an D. organization’s marketing function. In particular, the internal auditor Gleim CIA Test Prep: Part 1 - Internal Audit Basics evaluated the (720 questions) function’s effective and efficient use of resources to identify Copyright 2013 Gleim Publications Inc. Page 110 I. Underused facilities Printed for Sanja Knezevic II. Overstaffing or understaffing fb.com/ciaaofficial III. Nonproductive work Answer (A) is correct. Due professional care implies reasonable IV. Procedures that were not cost justified care and competence, To test for underused facilities, the internal auditor performed a not infallibility or extraordinary performance. Thus, due professional complete walkthrough care requires the of all spaces assigned to the marketing function and evaluated the internal auditor to conduct examinations and verifications to a use of both reasonable extent. space and capital equipment. The internal auditor analyzed reports Accordingly, internal auditors cannot give absolute assurance that on space usage for noncompliance or the last year and concluded that facilities were neither underused nor irregularities do not exist. Nevertheless, the possibility of material used at maximum irregularities or capacity. To test for overstaffing or understaffing, the internal auditor requirements III and IV. compared current staffing Answer (C) is correct. The procedures performed as a basis for levels with a staffing analysis recently completed by an independent concluding that contractor. no nonproductive work was accomplished resulted in a failure to Because the staffing analysis used work standards and service identify demands to provide sufficient, reliable, relevant, and useful information to achieve the factual and reliable information on staffing requirements, the internal engagement’s auditor was able objectives (Perf. Std. 2310). The opinions of individuals whose work to conclude that staffing levels were optimal. was in To test for nonproductive work, the internal auditor interviewed an question lacks reliability. Given that the information regarding area IV employee from was based each level and, based upon their responses, concluded that no on that for area III, it also is suspect. significant amount of Answer (D) is incorrect. Due professional care was not exercised in nonproductive work was being performed. Thus, the internal auditor regard to concluded that requirements III and IV. additional engagement work to search for procedures that were not Gleim CIA Test Prep: Part 1 - Internal Audit Basics cost-justified (720 questions) would not be necessary. Copyright 2013 Gleim Publications Inc. Page 112 In reference to requirements III and IV, due professional care Printed for Sanja Knezevic Was exercised because the internal auditor applied reasonable care fb.com/ciaaofficial and [205] Gleim #: 2.6.104 competence in both areas. Due professional care calls for A. Detailed reviews of all transactions related to a particular A. function. Was not exercised because the internal auditor failed to apply Infallibility and extraordinary performance when the system of reasonable care and internal control is competence regarding requirement III. known to be weak. B. B. Was not exercised because the internal auditor failed to apply Consideration of the possibility of material irregularities during every reasonable care and engagement. competence regarding both requirements III and IV. C. C. Testing in sufficient detail to give absolute assurance that Was not exercised because the internal auditor failed to apply noncompliance does not reasonable care and exist. competence regarding requirement IV. D. D. Answer (A) is incorrect. Detailed reviews of all transactions are not Answer (A) is incorrect. Due professional care was not exercised in required. regard to Answer (B) is incorrect. Reasonable care and skill, not infallibility or requirements III and IV. extraordinary performance, are necessary. Answer (B) is incorrect. Due professional care was not exercised in Answer (C) is correct. Due care implies reasonable care and regard to competence, not infallibility or extraordinary performance. Due care requires the D. internal auditor to Answer (A) is incorrect. This review is a standard procedure. conduct examinations and verifications to a reasonable extent, but Answer (B) is incorrect. Sampling is permissible. Detailed reviews of does not all require detailed reviews of all transactions. Accordingly, internal transactions are often not required or feasible. auditors cannot Answer (C) is incorrect. In exercising due professional care, internal give absolute assurance that noncompliance or irregularities do not auditors exist. should be alert to inefficiency. Nevertheless, the possibility of material irregularities or Answer (D) is correct. Internal auditors cannot give absolute noncompliance should be assurance that considered whenever an internal auditor undertakes an internal noncompliance or irregularities do not exist (PA 1220-1, para. 2). auditing Gleim CIA Test Prep: Part 1 - Internal Audit Basics assignment (PA 1220-1, para. 2). (720 questions) Answer (D) is incorrect. Only reasonable, not absolute, assurance Copyright 2013 Gleim Publications Inc. Page 113 can be given. Printed for Sanja Knezevic [206] Gleim #: 2.6.105 [207] Gleim #: 2.6.106 A certified internal auditor performed an assurance engagement to In exercising due professional care, internal auditors must consider review a which of the department store’s cash function. Which of the following actions will following? be deemed The relative complexity, materiality, or significance of matters to lacking in due professional care? which assurance Organizational records were reviewed to determine whether all procedures are applied employees who I. handle cash receipts and disbursements were bonded. The extent of assurance procedures necessary to ensure that all A. significant risks A flowchart of the entire cash function was developed, but only a will be identified sample of II. transactions was tested. The probability of significant errors, irregularities, III. or B. noncompliance The final engagement communication included a well-supported A. I and II only. recommendation B. II and III only. for the reduction in staff, although it was known that such a reduction C. I and III only. would D. I, II, and III. adversely affect morale. Answer (A) is incorrect. The internal auditors need not consider the C. extent of Because of a highly developed system of internal control over the assurance procedures necessary to ensure that all significant risks cash function, will be the final engagement communication assured senior management identified when exercising due professional care. But the internal that no auditors must irregularities existed. consider the probability of significant errors, irregularities, or care. Accordingly, the Standards require internal auditors to noncompliance. Consider the probability of significant I. noncompliance Answer (B) is incorrect. The internal auditors need not consider the Perform assurance procedures with due professional care so that all extent of significant assurance procedures necessary to ensure that all significant risks risks are identified will be II. identified when exercising due professional care. But the internal III. Weigh the cost of assurance against the benefits auditors must A. I and II only. consider the relative complexity, materiality, or significance of B. I and III only. matters to which C. II and III only. assurance procedures are applied. D. I, II, and III. Answer (C) is correct. Internal auditors must exercise due Answer (A) is incorrect. Assurance procedures alone, even when professional care by performed with considering the due professional care, do not guarantee that all significant risks will Extent of work needed to achieve the engagement’s objectives be identified. Relative complexity, materiality, or significance of matters to which Moreover, internal auditors must weigh the cost of assurance against assurance procedures are applied the benefits. Adequacy and effectiveness of governance, risk management, and Answer (B) is correct. Internal auditors must exercise due control professional care by processes considering the Probability of significant errors, fraud, or noncompliance Extent of work needed to achieve the engagement’s objectives Cost of assurance in relation to potential benefits (Impl. Std. Relative complexity, materiality, or significance of matters to which 1220.A1) assurance procedures are applied Assurance procedures alone, even when performed with due Adequacy and effectiveness of governance, risk management, and professional care, do control not guarantee that all significant risks will be identified (Impl. Std. processes 1220.A3). Probability of significant errors, fraud, or noncompliance Answer (D) is incorrect. The internal auditors need not consider the Cost of assurance in relation to potential benefits (Impl. Std. extent of 1220.A1) assurance procedures necessary to ensure that all significant risks Assurance procedures alone, even when performed with due will be professional care, do identified when exercising due professional care. not guarantee that all significant risks will be identified (Impl. Std. Gleim CIA Test Prep: Part 1 - Internal Audit Basics 1220.A3). (720 questions) Answer (C) is incorrect. Assurance procedures alone, even when Copyright 2013 Gleim Publications Inc. Page 114 performed with Printed for Sanja Knezevic due professional care, do not guarantee that all significant risks will fb.com/ciaaofficial be identified. [208] Gleim #: 2.6.107 Furthermore, internal auditors must consider the probability of Assurance engagements must be performed with proficiency and significant due professional noncompliance. Answer (D) is incorrect. Assurance procedures alone, even when professional development and report to the Certification Department performed with of The IIA. due professional care, do not guarantee that all significant risks will Answer (C) is incorrect. Continuing education may be obtained by be identified. participation in [209] Gleim #: 2.6.108 professional organizations. Internal auditors are responsible for continuing their education to Answer (D) is incorrect. Prior approval by The IIA is not necessary maintain their for CPE courses. proficiency. Which of the following is true regarding the continuing [210] Gleim #: 2.6.109 education During a consulting engagement, an internal auditor should exercise requirements of the practicing internal auditor? due professional Internal auditors are required to obtain 40 hours of continuing care by considering which of the following? professional Needs and expectations of I. engagement clients education each year and a minimum of 120 hours over a 3-year II. Relative complexity and extent of work needed period. III. Cost of the consulting engagement A. A. I and II. B. CIAs have formal requirements that must be met in order to B. II and III. continue as CIAs. C. I and III. Attendance, as an officer or committee member, at formal IIA D. I, II, and III. meetings does not Answer (A) is incorrect. The internal auditor also must consider the meet the criteria of continuing professional development. cost of the C. consulting engagement in relation to the potential benefits when In-house programs meet continuing professional education exercising due requirements only if professional care on a consulting engagement. they have been preapproved by The IIA. Answer (B) is incorrect. The internal auditor also must consider the D. needs and Gleim CIA Test Prep: Part 1 - Internal Audit Basics expectations of engagement clients, including the nature, timing, and (720 questions) communication of engagement results, when exercising due Copyright 2013 Gleim Publications Inc. Page 115 professional care on a Printed for Sanja Knezevic consulting engagement. Answer (A) is incorrect. The Standards do not state formal hour Answer (C) is incorrect. The internal auditor also must consider the requirements for relative internal auditors. The intent of the Standards is to provide flexibility in complexity and extent of work needed to achieve the engagement’s meeting the objectives requirements. when exercising due professional care on a consulting engagement. Answer (B) is correct. Internal auditors must enhance their Answer (D) is correct. The internal auditor must exercise due knowledge, skills, and professional care other competencies through continuing professional development during a consulting engagement by considering the (Attr. Std. 1230). To Needs and expectations of engagement clients, including the nature, maintain the CIA designation, the CIA must commit to a formal timing, program of continuing and communication of engagement results. Relative complexity and extent of work needed to achieve the adequate operating standards is a governance process. engagement’s Answer (C) is incorrect. Internal auditors cannot provide absolute objectives. assurance Cost of the consulting engagement in relation to potential benefits regarding irregularities. (Impl. Std. Answer (D) is incorrect. Establishing suitable criteria of education 1220.C1). and Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience for filling internal auditing positions pertains to (720 questions) proficiency, not due Copyright 2013 Gleim Publications Inc. Page 116 professional care. Printed for Sanja Knezevic [212] Gleim #: 2.6.111 fb.com/ciaaofficial An internal auditor has some suspicion of, but no information about, [211] Gleim #: 2.6.110 potential An internal auditor must exercise due professional care in performing misstatement of financial statements. The internal auditor fails to engagements. exercise due Due professional care includes professional care by Establishing direct communication between the chief audit executive Identifying potential ways in which a misstatement could occur and and the ranking the board. items for investigation. A. A. Evaluating established operating standards and determining whether Informing the engagement manager of the suspicions and asking for those advice on standards are adequate. how to proceed. B. B. Accumulating sufficient information so that the internal auditor can Not testing for possible misstatement because the engagement work give absolute program had assurance that irregularities do not exist. already been approved by engagement management. C. C. Establishing suitable criteria of education and experience for filling Expanding the engagement work program, without the engagement internal client’s auditing positions. approval, to address the highest ranked ways in which a D. misstatement may have Answer (A) is incorrect. Direct communication between the CAE occurred. and the board D. relates to independence rather than to due professional care. Answer (A) is incorrect. Ranking the ways in which a misstatement Answer (B) is correct. In the exercise of due professional care, an could occur internal auditor is consistent with the standard of due professional care. must, among other things, consider the adequacy and effectiveness Answer (B) is incorrect. Seeking advice is consistent with exercising of governance, the standard risk management, and control processes (Impl. Std. 1220.A1). of due professional care. Establishing Answer (C) is correct. Internal auditors must apply the care and skill to provide reasonable assurance to the various stakeholders of the expected of internal audit a reasonably prudent and competent internal auditor (Attr. Std. activity that it (1) performs in accordance with its charter, (2) 1220). operates effectively Engagement work programs are expected to be modified to reflect and efficiently, and (3) is perceived by the stakeholders as adding changing value and circumstances. Thus, the internal auditor fails to exercise due improving operations. These processes include appropriate professional care by supervision, periodic not investigating a suspected misstatement solely because the work internal assessments and ongoing monitoring of quality assurance, program had and periodic already been approved. external assessments (PA 1300-1, para. 2). Answer (D) is incorrect. The internal auditor does not need the Answer (D) is incorrect. Proper training is a feedforward, not a engagement feedback, control. client’s approval to expand the engagement work program. [214] Gleim #: 2.7.113 Gleim CIA Test Prep: Part 1 - Internal Audit Basics An individual became head of the internal audit activity of an (720 questions) organization 1 week Copyright 2013 Gleim Publications Inc. Page 117 ago. An engagement client has come to the person complaining Printed for Sanja Knezevic vigorously that one of [213] Gleim #: 2.7.112 the internal auditors is taking up an excessive amount of client time A quality assurance and improvement program of an internal audit on an engagement activity provides that seems to be lacking a clear purpose. In handling this conflict reasonable assurance that internal auditing work is performed in with a client, the accordance with its person should consider charter. Which of the following are designed to provide feedback on A. Discounting what is said, but documenting the complaint. the effectiveness Whether existing procedures within the internal audit activity provide of an internal audit activity? for proper I. Proper supervision planning and quality assurance. II. Proper training B. III. Internal reviews Presenting an immediate defense of the internal auditor based upon IV. External reviews currently A. I, II, and III only. known facts. B. II, III, and IV only. C. C. I, III, and IV only. D. Promising the client that the internal auditor will finish the work D. I, II, III, and IV. within 1 week. Answer (A) is incorrect. Proper training is a feedforward, not a Gleim CIA Test Prep: Part 1 - Internal Audit Basics feedback, control. (720 questions) Answer (B) is incorrect. Proper training is a feedforward, not a Copyright 2013 Gleim Publications Inc. Page 118 feedback, control. Printed for Sanja Knezevic Answer (C) is correct. A quality assurance and improvement fb.com/ciaaofficial program is designed Answer (A) is incorrect. The CAE has responsibilities for planning Answer (B) is incorrect. Internal assessment is an element of a engagement work quality program. schedules and maintaining a quality assurance and improvement Answer (C) is incorrect. Supervision is an element of a quality program and cannot program. Ongoing afford to ignore a potentially valid complaint. reviews are internal assessments that include engagement Answer (B) is correct. The CAE should examine departmental supervision. procedures and the Answer (D) is incorrect. External assessment is an element of a conduct of the specific engagement mentioned to ascertain that quality program. proper planning and [216] Gleim #: 2.7.115 quality assurance procedures are in place and are being followed. Assessment of a quality assurance and improvement program Answer (C) is incorrect. Taking a defensive position with the client should include stifles evaluation of all of the following except communication, hampers future engagement involvements, and A. Adequacy of the oversight of the work of external auditors. ignores basic B. Conformance with the Standards and Code of Ethics. responsibilities for managing the internal audit activity. C. Adequacy of the internal audit activity’s charter. Answer (D) is incorrect. Making a promise to end the work within a D. Contribution to the organization’s governance processes. specified time Gleim CIA Test Prep: Part 1 - Internal Audit Basics without knowledge of the work schedule jeopardizes the authority of (720 questions) the CAE and the Copyright 2013 Gleim Publications Inc. Page 119 internal audit activity in the current and future engagements. The Printed for Sanja Knezevic CAE has an Answer (A) is correct. Oversight of the work of external auditors, obligation to assure that adequate time is allowed for achieving including engagement objectives. coordination with the internal audit activity, is the responsibility of the [215] Gleim #: 2.7.114 board (PA The chief audit executive should develop and maintain a quality 2050-1, para. 1). It is not within the scope of the process for assurance and monitoring and assessing improvement program that covers all aspects of the internal audit the quality program. activity and Answer (B) is incorrect. Conformance with the Definition of Internal continuously monitors its effectiveness. All of the following are Auditing, included in a quality Standards, and Code of Ethics, including timely corrective actions to program except remedy any Annual appraisals of individual internal auditors’ A. performance. significant instances of nonconformance, is an element of the B. Periodic internal assessment. assessment of a quality C. Supervision. program. D. Periodic external assessments. Answer (C) is incorrect. Adequacy of the internal audit activity’s Answer (A) is correct. Appraising each internal auditor’s work at charter, goals, least annually is objectives, policies, and procedures is an element of the assessment properly a function of the human resources program of the internal of a quality audit activity. program. Answer (D) is incorrect. Contribution to the organization’s Printed for Sanja Knezevic governance, risk fb.com/ciaaofficial management, and control processes is an element of the Answer (A) is incorrect. Senior management is not responsible for assessment of a quality the quality program. assurance and improvement program for the internal audit activity. [217] Gleim #: 2.7.116 Answer (B) is correct. The chief audit executive must develop and The internal audit activity’s quality assurance and improvement maintain a quality program is the assurance and improvement program that covers all aspects of the responsibility of internal audit A. External auditors. activity (Attr. Std.1300). B. The chief audit executive. Answer (C) is incorrect. The directors are not responsible for the C. The board. quality assurance D. The audit committee. and improvement program for the internal audit activity. Answer (A) is incorrect. External auditors may perform an external Answer (D) is incorrect. The audit committee is not responsible for assessment, the quality but the CAE is responsible for it. assurance and improvement program for the internal audit activity. Answer (B) is correct. The chief audit executive must develop and [219] Gleim #: 2.8.118 maintain a At what minimal required frequency does the chief audit executive quality assurance and improvement program that covers all aspects report the results of of the internal internal assessments in the form of ongoing monitoring to senior audit activity (Attr. Std. 1300). management and the Answer (C) is incorrect. The CAE may report results to the board, board? but the A. Monthly. program is the CAE’s responsibility. B. Quarterly. Answer (D) is incorrect. The CAE may report results to the audit C. Annually. committee, but D. Biennially. the program is the CAE’s responsibility. Answer (A) is incorrect. The CAE may report on a monthly basis, [218] Gleim #: 2.7.117 but the Which of the following is responsible for developing and maintaining minimal requirement for reporting is annually. a quality Answer (B) is incorrect. The CAE may report on a quarterly basis, assurance and improvement program that covers all aspects of the but the internal audit minimal requirement for reporting is annually. activity and continuously monitors its effectiveness? Answer (C) is correct. To demonstrate conformance with the A. Senior management. mandatory IIA B. Chief audit executive. guidance, the results of external and periodic internal assessments C. The board of directors. are D. Audit committee. communicated upon completion of such assessments and the results Gleim CIA Test Prep: Part 1 - Internal Audit Basics of ongoing (720 questions) monitoring are communicated at least annually (Inter. Std. 1320). Copyright 2013 Gleim Publications Inc. Page 120 Answer (D) is incorrect. The CAE is required to report more When is initial use of the conformance phrase by internal auditors frequently than appropriate? every 2 years. After an internal review completed within A. the past 5 years. [220] Gleim #: 2.8.119 B. After an external review completed within the past 10 years. Internal auditors may report that their activities conform with the C. After an internal review completed within the past 10 years. Standards. They may D. After an external review completed within the past 5 years. use this statement only if Answer (A) is incorrect. An internal audit activity must have an A. It is supported by the results of the quality program. external An independent external assessment of the internal audit activity is assessment every 5 years. conducted Answer (B) is incorrect. Initial use of the conformance phrase annually. requires the B. completion of an external assessment within the past 5 years. Senior management or the board is accountable for implementing a Answer (C) is incorrect. Initial use of the conformance phrase quality requires the program. completion of an external assessment within the past 5 years. C. Answer (D) is correct. The chief audit executive may state that the D. External assessments of the internal audit activity are made by internal audit external auditors. activity conforms with the International Standards for the Gleim CIA Test Prep: Part 1 - Internal Audit Basics Professional Practice (720 questions) of Internal Auditing only if the results of the quality assurance and Copyright 2013 Gleim Publications Inc. Page 121 improvement Printed for Sanja Knezevic program support this statement (Attr. Std. 1321). To use the phrase, Answer (A) is correct. The chief audit executive may state that the the chief audit internal audit executive of an internal audit activity in existence for at least 5 years activity conforms with the International Standards for the must have Professional Practice of the results of an external assessment within that period. Internal Auditing only if the results of the quality assurance and [222] Gleim #: 2.8.121 improvement program Following an external assessment of the internal audit activity, who is support this statement (Attr. Std. 1321). (are) Answer (B) is incorrect. An independent external assessment of the responsible for communicating the results to the board? internal audit A. Internal auditors. activity must be conducted at least once every 5 years. B. Audit committee. Answer (C) is incorrect. The CAE must develop and maintain a C. Chief audit executive. QAIP that covers all D. External auditors. aspects of the internal audit activity. Answer (A) is incorrect. The chief audit executive (not internal Answer (D) is incorrect. Assessments also may be made by others auditors) is who are (1) responsible for communicating the results of external assessments to independent, (2) qualified, and (3) from outside the organization. the board. [221] Gleim #: 2.8.120 Answer (B) is incorrect. The chief audit executive (not the audit committee) is responsible for communicating the results of external assessments to Internal Auditing and the Standards, and application of the Code of the board. Ethics, the Answer (C) is correct. The chief audit executive must communicate results of external and periodic internal assessments are the results of communicated upon the QAIP to senior management and the board (Attr. Std. 1320). completion of such assessments and the results of ongoing Answer (D) is incorrect. The chief audit executive (not external monitoring are auditors) is communicated at least annually. The results include the assessor’s responsible for communicating the results of external assessments to or assessment the board. team’s evaluation with respect to the degree of conformance” (Inter. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Std. 1320). (720 questions) Answer (C) is incorrect. The results of periodic internal assessments Copyright 2013 Gleim Publications Inc. Page 122 are Printed for Sanja Knezevic communicated upon their completion. fb.com/ciaaofficial Answer (D) is incorrect. The results of ongoing monitoring are [223] Gleim #: 2.8.122 communicated at To demonstrate conformance of the internal audit activity with the least annually. mandatory [224] Gleim #: 2.9.123 guidance of The IIA, Which of the following is part of an internal audit activity’s quality The chief audit executive determines the form and content of the assurance results program, rather than being included as part of other responsibilities communicated. of the chief audit A. executive (CAE)? The results of external assessments are communicated upon B. their The CAE provides information about and access to internal audit completion. working papers C. The results of periodic internal assessments are communicated at to the external auditors to enable them to understand and determine least annually. the degree to D. The results of ongoing monitoring are communicated upon their which they may rely on the internal auditors’ work. completion. A. Answer (A) is incorrect. The form, content, and frequency of Management approves a formal charter establishing the purpose, communicating the authority, and results of the quality assurance and improvement program is responsibility of the internal audit activity. established through B. discussions with senior management and the board and considers C. Each individual internal auditor’s performance is appraised at the least annually. responsibilities of the internal audit activity and chief audit executive Supervision of an internal auditor’s work is performed throughout as contained each audit in the internal audit charter. engagement. Answer (B) is correct. “To demonstrate conformance with the D. Definition of Gleim CIA Test Prep: Part 1 - Internal Audit Basics (720 questions) Copyright 2013 Gleim Publications Inc. Page 123 reviews report to the CAE while performing the reviews and Printed for Sanja Knezevic communicate results Answer (A) is incorrect. Providing working papers to the external directly to the CAE (PA 1311-1, para. 7). auditors relates to Answer (C) is incorrect. The CAE shares information about internal the responsibility of the CAE to coordinate with external auditors. assessments Answer (B) is incorrect. A CAE’s responsibility to seek approval of a with appropriate persons outside the internal audit activity, such as charter to senior establish the authority, purpose, and responsibility of the internal management. audit activity is not Answer (D) is incorrect. Results ordinarily are communicated part of a quality assurance program. directly to the Answer (C) is incorrect. Individual performance appraisals are part CAE. Given a self-assessment, reporting to the internal audit staff of a CAE’s essentially responsibility for personnel management and development. involves having the staff report to itself. Answer (D) is correct. The CAE develops and maintains a quality [226] Gleim #: 2.9.125 assurance and As a part of a quality program, internal assessment teams most likely improvement program (Attr. Std. 1300) that includes ongoing and will examine periodic which of the following to evaluate the quality of engagement planning assessments (PA 1300-1, para. 2). Ongoing monitoring is and incorporated into the routine documentation for individual engagements? policies and practices used to manage the internal audit activity. A. Written engagement work programs. Engagement B. Project assignment documentation. supervision is among the processes and tools used in ongoing C. Weekly status reports. internal assessments (PA D. The long-range engagement work schedule. 1311-1, para. 1). Gleim CIA Test Prep: Part 1 - Internal Audit Basics [225] Gleim #: 2.9.124 (720 questions) Ordinarily, those conducting internal quality program assessments Copyright 2013 Gleim Publications Inc. Page 124 report to Printed for Sanja Knezevic A. The board. fb.com/ciaaofficial B. The chief audit executive. Answer (A) is correct. Internal assessments must include ongoing C. Senior management. monitoring of the D. The internal audit staff. performance of the internal audit activity and periodic self- Answer (A) is incorrect. At least annually, the CAE reports the assessments or assessments results of internal by other persons within the organization with sufficient knowledge of assessments to the board. internal auditing Answer (B) is correct. The CAE establishes a structure for reporting practices (Attr. Std. 1311). The processes and tools used in ongoing results of internal internal assessments that maintains appropriate credibility and assessments include, among other things, selective peer reviews of objectivity. working papers by Generally, those assigned responsibility for conducting ongoing and staff not involved in the respective audits (PA 1311-1, para. 1). periodic Answer (B) is incorrect. Project assignment documentation contains Copyright 2013 Gleim Publications Inc. Page 125 less relevant Printed for Sanja Knezevic information for assessment purposes than work programs. Answer (A) is incorrect. An internal assessment will identify tasks Answer (C) is incorrect. Status reports do not bear directly on that can be planning. performed better. Answer (D) is incorrect. The long-range engagement work schedule Answer (B) is incorrect. An internal assessment will determine does not relate to whether internal audit planning and documentation for individual engagements. services meet professional standards. [227] Gleim #: 2.9.126 Answer (C) is incorrect. An internal assessment will set forth Periodic internal assessments of the internal audit activity primarily recommendations for serve the needs of improvement. The A. board of directors. Answer (D) is correct. External assessments must be conducted at B. The internal audit activity’s staff. least once every 5 C. The chief audit executive (CAE). years by a qualified, independent reviewer or review team from D. Senior management. outside the Answer (A) is incorrect. The directors are secondary users of a organization (Attr. Std. 1312). Individuals who perform the external periodic internal assessment are assessment. free of any obligation to, or interest in, the organization whose Answer (B) is incorrect. The internal audit activity staff are internal audit activity is secondary users of a assessed (PA 1312-1, para. 5). periodic internal assessment. [229] Gleim #: 2.9.128 Answer (C) is correct. Those conducting internal assessments External assessment of an internal audit activity is not likely to generally should evaluate report to the CAE while performing the reviews and communicate Adherence to the internal audit A. activity’s charter. directly to the B. Conformance with the Standards. CAE (PA 1311-1, para. 7). C. Detailed cost-benefit analysis of the internal audit activity. Answer (D) is incorrect. Senior management is a secondary user of D. The tools and techniques employed by the internal audit activity. a periodic Answer (A) is incorrect. Adherence to the internal audit activity’s internal assessment. charter is [228] Gleim #: 2.9.127 within the broad scope of coverage of the external assessment. Quality program assessments may be performed internally or Answer (B) is incorrect. Conformance with the Standards is within externally. A the broad distinguishing feature of an external assessment is its objective to scope of coverage of the external assessment. A. Identify tasks that can be performed better. Answer (C) is correct. The external assessment has a broad scope B. Determine whether internal audit services meet professional of coverage standards. that includes, among other things, conformance with The IIA’s C. Set forth the recommendations for improvement. mandatory D. Provide independent assurance. guidance and the internal audit activity’s charter, plans, policies, Gleim CIA Test Prep: Part 1 - Internal Audit Basics procedures, (720 questions) practices, and applicable legislative and regulatory requirements; performed (or that should have been performed under its charter), and the including (but not expectations of the internal audit activity expressed by the board, limited to) conformance with the Definition of Internal Auditing, the senior Code of Ethics, management, and operational managers (PA 1312-1, para. 10). and the Standards. An external assessment also includes, as However, the costs appropriate, and benefits of internal auditing are neither easily quantifiable nor the recommendations for improvement (PA 1312-1, para. 2). subject of [231] Gleim #: 2.9.130 an external assessment. The interpretation related to quality assurance given by the Answer (D) is incorrect. The tools and techniques of the internal Standards is that audit activity are External assessments can provide senior management and the within the broad scope of coverage of the external assessment. board with [230] Gleim #: 2.9.129 independent assurance about the quality of the internal audit activity. An external assessment of an internal audit activity contains an A. expressed opinion. The Appropriate follow-up to an external assessment is the responsibility opinion applies of the chief A. Only to the internal audit activity’s conformance with the audit executive’s immediate supervisor. Standards. B. B. Only to the effectiveness of the internal auditing coverage. The internal audit activity is primarily measured against The IIA’s C. C. Only to the adequacy of internal control. Code of Ethics. D. To the entire spectrum of assurance and consulting work. Supervision is limited to the planning, examination, evaluation, Gleim CIA Test Prep: Part 1 - Internal Audit Basics communication, (720 questions) and follow-up process. Copyright 2013 Gleim Publications Inc. Page 126 D. Printed for Sanja Knezevic Answer (A) is correct. External assessments provide an fb.com/ciaaofficial independent and Answer (A) is incorrect. An opinion is expressed on all assurance objective evaluation of the internal audit activity’s compliance with and consulting the Standards work performed (or that should have been performed under its and Code of Ethics. charter). Answer (B) is incorrect. The communication of final results of an Answer (B) is incorrect. The scope of an external assessment external extends to more than the assessment should include the CAE’s responses. These include an effectiveness of the internal auditing coverage. action plan and Answer (C) is incorrect. An external assessment addresses the implementation dates. Moreover, the results are communicated to internal audit activity, the stakeholders not the adequacy of the organization’s controls. of the internal audit activity, such as senior management, the board, Answer (D) is correct. External assessments of an internal audit and the activity contain an external auditors. expressed opinion as to the entire spectrum of assurance and Answer (C) is incorrect. The external assessment considers the consulting work internal audit activity’s conformance with the Definition of Internal Auditing, the actions are undertaken. Standards, A. and the Code of Ethics. Are communicated to employees in writing and are updated by Answer (D) is incorrect. Supervision begins with planning and operating continues personnel as conditions change. throughout the engagement. B. [232] Gleim #: 3.1.1 Policies and procedures for activities are set out in manuals for use Which of the following is not implied by the definition of control? by properly A. Measurement of progress toward goals. trained personnel. B. Uncovering of deviations from plans. C. C. Assignment of responsibility for deviations. Internal reviews as to the propriety and effectiveness of the D. Indication of the need for corrective action. objectives are Gleim CIA Test Prep: Part 1 - Internal Audit Basics undertaken on a periodic basis by the internal audit activity. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 127 Answer (A) is correct. The elements of control include (1) Printed for Sanja Knezevic establishing standards Answer (A) is incorrect. Measurement of progress toward goals is for the operation to be controlled, (2) measuring performance against implied by the the definition of control. standards, (3) examining and analyzing deviations, (4) taking Answer (B) is incorrect. Uncovering of deviations from plans is corrective action, implied by the and (5) reappraising the standards based on experience. These definition of control. elements of control Answer (C) is correct. The elements of control include (1) provide reasonable assurance to management that established establishing standards for objectives and goals the operation to be controlled, (2) measuring performance against will be achieved. the standards, (3) Answer (B) is incorrect. More than simply the establishment and examining and analyzing deviations, (4) taking corrective action, and communication (5) reappraising of objectives is required for effective control. the standards based on experience. Thus, assigning responsibility Answer (C) is incorrect. The essential elements of adoption of for deviations found standards, is not a part of the controlling function. comparison, and corrective action are also needed. Answer (D) is incorrect. Indication of the need for corrective action Answer (D) is incorrect. The essential elements of adoption of is implied by the standards, definition of control. comparison, and corrective action are also needed. [233] Gleim #: 3.1.2 Gleim CIA Test Prep: Part 1 - Internal Audit Basics Controls provide assurance to management that desired actions will (720 questions) be accomplished Copyright 2013 Gleim Publications Inc. Page 128 when objectives are established in writing and Printed for Sanja Knezevic Standards are adopted, results are compared with the standards, fb.com/ciaaofficial and corrective [234] Gleim #: 3.1.3 An internal auditor is examining inventory control in a merchandising A. Planning looks to the future; controlling is concerned with the past. division with B. Planning and controlling are completely independent of each annual sales of US $3,000,000 and a 40% gross profit rate. Tests other. show that 2% of the Planning prevents problems; controlling is initiated by problems that monetary amount of purchases do not reach inventory because of have breakage and occurred. employee theft. Adding certain controls costing US $35,000 annually C. could reduce D. Controlling cannot operate effectively without the tools provided these losses to .5% of purchases. Should the controls be by planning. recommended? Answer (A) is incorrect. A control system looks to the future when it Yes, because the projected saving exceeds the cost of A. the added provides for controls. corrective action and review and revision of standards. B. No, because the cost of the added controls exceeds the projected Answer (B) is incorrect. Planning and controlling overlap. savings. Answer (C) is incorrect. Comprehensive planning includes creation C. Yes, because the ideal system of internal control is the most of controls. extensive one. Answer (D) is correct. Control is the process of making certain that Yes, regardless of cost-benefit considerations, because the situation plans are involves achieving the desired objectives. The elements of control include (1) employee theft. establishing D. standards for the operation to be controlled, (2) measuring Answer (A) is incorrect. The cost exceeds the benefit. performance against Answer (B) is correct. Controls must be subject to the cost-benefit the standards, (3) examining and analyzing deviations, (4) taking criterion. The corrective annual cost of these inventory controls is US $35,000, but the cost action, and (5) reappraising the standards based on experience. savings is only Planning provides US $27,000 {(2.0% – 0.5%) × [$3,000,000 sales × (1.0 – 0.4 gross needed tools for the control process by establishing standards, i.e., profit rate)]}. the first step. Hence, the cost exceeds the benefit, and the controls should not be Gleim CIA Test Prep: Part 1 - Internal Audit Basics recommended. (720 questions) Answer (C) is incorrect. The ideal system is subject to the cost- Copyright 2013 Gleim Publications Inc. Page 129 benefit criterion. Printed for Sanja Knezevic The most extensive system of internal controls may not be cost [236] Gleim #: 3.1.5 effective. Which of the following best defines control? Answer (D) is incorrect. Cost-benefit considerations apply even to Control is the result of proper planning, organizing, and directing A. employee by management. theft. B. Controls are statements of what the organization chooses to [235] Gleim #: 3.1.4 accomplish. Which of the following statements best describes the relationship Control is provided when cost-effective measures are taken to between planning restrict deviations and controlling? to a tolerable level. C. Control procedures should be designed from the “bottom up” to Control accomplishes objectives and goals in an accurate, timely, ensure attention and economical to detail. fashion. D. D. Answer (A) is incorrect. Termination of employees who perform Answer (A) is correct. A control is “any action taken by unsatisfactorily management, the board, is not a comprehensive definition of control. and other parties to manage risk and increase the likelihood that Answer (B) is correct. A control is any action taken by management, established the board, objectives and goals will be achieved” (The IIA Glossary). Thus, and other parties to manage risk and increase the likelihood that control is the established result of proper planning, organizing, and directing by management. objectives and goals will be achieved (IIA Glossary). Answer (B) is incorrect. Established objectives and goals are what Answer (C) is incorrect. Control is not limited to processing. the Moreover, it should organization chooses to accomplish. be designed by management, the board, and others, not by internal Answer (C) is incorrect. The internal audit activity evaluates the auditors. The efficiency of internal auditor’s objectivity is impaired by designing such systems. controls, but the definition of control addresses effectiveness in Answer (D) is incorrect. Some control procedures may be designed achieving from the objectives and goals. bottom up, but the concept of control flows from management and Answer (D) is incorrect. Efficient performance accomplishes the board down objectives and goals through the organization. in an accurate, timely, and economical fashion. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [237] Gleim #: 3.1.6 (720 questions) Internal auditors regularly evaluate controls. Which of the following Copyright 2013 Gleim Publications Inc. Page 130 best describes the Printed for Sanja Knezevic concept of control as recognized by internal auditors? fb.com/ciaaofficial Management regularly discharges personnel who do not perform up [238] Gleim #: 3.1.7 to Specific airline ticket information, including fare, class, purchase expectations. date, and lowest A. available fare options, as prescribed in the organization’s travel Management takes action to enhance the likelihood that established policy, is obtained and goals and reported to department management when employees purchase objectives will be achieved. airline tickets from the B. organization’s authorized travel agency. Such a report provides Control represents specific procedures that accountants and internal information for auditors Quality of performance in relation to the organization’s A. travel design to ensure the correctness of processing. policy. C. B. Identifying costs necessary to process employee business expense report data. C. Departmental budget-to-actual comparisons. According to The IIA Glossary appended to the Standards, which of D. Supporting employer’s business expense deductions. the following are Answer (A) is correct. Comparison of actual performance against a most directly designed to ensure that risks are contained? standard A. Risk management processes. provides information for assessing quality of performance. B. Internal audit activities. Answer (B) is incorrect. This ticket information is preliminary; C. Control processes. employees may D. Governance processes. change tickets and routings prior to their trip. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Departmental budget-to-actual comparisons (720 questions) do not Copyright 2013 Gleim Publications Inc. Page 131 necessarily reflect the actual costs ultimately incurred. Printed for Sanja Knezevic Answer (D) is incorrect. Supporting expense deductions may not Answer (A) is incorrect. Risk management is a process to identify, necessarily assess, manage, reflect actual costs. and control potential events or situations to provide reasonable [239] Gleim #: 3.1.8 assurance regarding the The actions taken to manage risk and increase the likelihood that achievement of the organization’s objectives. established Answer (B) is incorrect. An internal audit activity is a department, objectives and goals will be achieved are best described as division, team of A. Supervision. consultants, or other practitioner(s) that provides independent, B. Quality assurance. objective assurance and C. Control. consulting services designed to add value and improve an D. Compliance. organization’s operations. Answer (A) is incorrect. Supervision is just one means of achieving Answer (C) is correct. Control processes are the policies, control. procedures, and activities Answer (B) is incorrect. Quality assurance relates to just one set of that are part of a control framework, designed to ensure that risks are objectives and contained within goals. It does not pertain to achievement of all established the risk tolerances established by the risk management process. organizational Answer (D) is incorrect. Governance is the combination of objectives and goals. processes and structures Answer (C) is correct. Control is “any action taken by management, implemented by the board to inform, direct, manage, and monitor the the board, activities of the and other parties to manage risk and increase the likelihood that organization toward the achievement of its objectives. established [241] Gleim #: 3.2.10 objectives and goals will be achieved” (The IIA Glossary). The requirement that purchases be made from suppliers on an Answer (D) is incorrect. Compliance is “adherence to policies, approved vendor list is plans, procedures, an example of a laws, regulations, contracts, or other requirements” (The IIA A. Preventive control. Glossary). B. Detective control. [240] Gleim #: 3.1.9 C. Corrective control. D. Monitoring control. Answer (A) is correct. Preventive controls are actions taken prior to Copyright 2013 Gleim Publications Inc. Page 132 the Printed for Sanja Knezevic occurrence of transactions with the intent of stopping events that will fb.com/ciaaofficial have [243] Gleim #: 3.2.12 negative effects from occurring. Use of an approved vendor list is a The procedure requiring preparation of a prelisting of incoming cash control to receipts, with prevent the use of unacceptable suppliers. copies of the prelist going to the cashier and to accounting, is an Answer (B) is incorrect. A detective control identifies errors after example of which they have type of control? occurred. A. Preventive. Answer (C) is incorrect. Corrective controls correct the problems B. Corrective. identified by C. Detective. detective controls. D. Directive. Answer (D) is incorrect. Monitoring controls are designed to ensure Answer (A) is correct. A prelisting of cash receipts in the form of the quality of checks is a the control system’s performance over time. preventive control. It is intended to deter undesirable events from [242] Gleim #: 3.2.11 occurring. Controls that are designed to provide management with assurance of Because irregularities involving cash most likely take place before the realization of receipts are specified minimum gross margins on sales are recorded, either remittance advices or a prelisting of checks should A. Directive controls. be prepared in B. Preventive controls. the mailroom so as to establish recorded accountability for cash as C. Detective controls. soon as D. Output controls. possible. A cash register tape is a form of prelisting for cash received Answer (A) is correct. The objective of directive controls is to cause over the or encourage counter. One copy of a prelisting will go to accounting for posting to desirable events to occur, e.g., providing management with the cash assurance of the receipts journal, and another is sent to the cashier for reconciliation realization of specified minimum gross margins on sales. with checks Answer (B) is incorrect. Preventive controls deter undesirable and currency received. events from Answer (B) is incorrect. A corrective control remedies an error or occurring. irregularity. Answer (C) is incorrect. Detective controls uncover and correct Answer (C) is incorrect. A detective control uncovers an error or undesirable irregularity that events that have occurred. has already occurred. Answer (D) is incorrect. Output controls relate to the accuracy and Answer (D) is incorrect. A directive control causes or encourages a reasonableness of information processed by a system, not to desirable operating controls. event. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [244] Gleim #: 3.2.13 (720 questions) Controls may be classified according to the function they are D. Application control. intended to perform, for Answer (A) is correct. Feedforward controls anticipate and prevent example, as detective, preventive, or directive. Which of the following problems. is a directive Policies and procedures serve as feedforward controls because they control? provide A. Monthly bank statement reconciliations. guidance on how an activity should be performed to best ensure that B. Dual signatures on all disbursements over a specific amount. an objective C. Recording every transaction on the day it occurs. is achieved. D. Requiring all members of the internal audit activity to be CIAs. Answer (B) is incorrect. Implementation controls are applied during Answer (A) is incorrect. Monthly bank statement reconciliation is a systems detective development. control. The events audited have already occurred. Answer (C) is incorrect. Policies and procedures provide primary Answer (B) is incorrect. Requiring dual signatures on all guidance before disbursements over a and during the performance of some task rather than give feedback specific amount is a preventive control. The control is designed to on its deter an accomplishment. undesirable event. Answer (D) is incorrect. Application controls apply to specific Answer (C) is incorrect. Recording every transaction on the day it applications, e.g., occurs is a payroll or accounts payable. preventive control. The control is designed to deter an undesirable [246] Gleim #: 3.2.15 event. Managerial control can be divided into feedforward, concurrent, and Answer (D) is correct. Requiring all members of the internal audit feedback activity to be controls. Which of the following is an example of a feedback control? CIAs is a directive control. The control is designed to cause or A. Quality control training. encourage a B. Budgeting. desirable event to occur. The requirement enhances the C. Forecasting inventory needs. professionalism and level D. Variance analysis. of expertise of the internal audit activity. Answer (A) is incorrect. Quality control training is a feedforward, or Gleim CIA Test Prep: Part 1 - Internal Audit Basics futuredirected, (720 questions) control. Copyright 2013 Gleim Publications Inc. Page 133 Answer (B) is incorrect. Budgeting is a feedforward, or future- Printed for Sanja Knezevic directed, control. [245] Gleim #: 3.2.14 Answer (C) is incorrect. Forecasting inventory needs is a An organization’s policies and procedures are part of its overall feedforward, or futuredirected, system of internal control. controls. The control function performed by policies and procedures Answer (D) is correct. A feedback control measures actual is performance, i.e., A. Feedforward control. something that has already occurred, to ensure that a desired future B. Implementation control. state is C. Feedback control. attained. It is used to evaluate past activity to improve future [248] Gleim #: 3.2.17 performance. A As part of a total quality control program, a firm not only inspects variance is a deviation from a standard. Hence, variance analysis is finished goods but a feedback also monitors product returns and customer complaints. Which type control. of control best [247] Gleim #: 3.2.16 describes these efforts? The operations manager of a company notified the treasurer of that A. Feedback control. organization 60 B. Feedforward control. days in advance that a new, expensive piece of machinery was going C. Production control. to be purchased. D. Inventory control. This notification allowed the treasurer to make an orderly liquidation Answer (A) is correct. A feedback control measures actual of some of the performance, company’s investment portfolio on favorable terms. What type of something that has already occurred, to ensure that a desired future control was state is involved? attained. It is used to evaluate the past to improve future A. Feedback. performance. Inspecting B. Strategic. finished goods, monitoring product returns, and evaluating C. Concurrent. complaints are postaction D. Feedforward. controls intended to eliminate deviations in future cycles of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics process (720 questions) under control. Copyright 2013 Gleim Publications Inc. Page 134 Answer (B) is incorrect. Feedforward controls anticipate problems Printed for Sanja Knezevic before they fb.com/ciaaofficial occur. Answer (A) is incorrect. Feedback controls apply to decision making Answer (C) is incorrect. Customer complaints are not part of based on production control. evaluations of past performance. Answer (D) is incorrect. The three types of control are feedforward, Answer (B) is incorrect. Strategic controls are broad-based and concurrent, affect an organization and feedback. over a long period. They apply to such long-term variables as quality [249] Gleim #: 3.2.18 and R&D. The use of financial statement analysis, quality control procedures, Answer (C) is incorrect. Concurrent controls adjust ongoing and employee processes. performance evaluations are all examples of Answer (D) is correct. Feedforward controls provide for the active A. Preliminary controls. anticipation of B. Concurrent controls. problems so that they can be avoided or resolved in a timely manner. C. Feedback controls. Another example D. Feedforward controls. is the quality control inspection of raw materials and work-in-process Answer (A) is incorrect. Feedforward (preliminary) controls to avoid anticipate and avoid defective finished goods. future performance problems, e.g., budgeting. Answer (B) is incorrect. Concurrent controls are applied midstream, [251] Gleim #: 3.2.20 e.g., Of the following, the controls that are often difficult for internal inspection on an assembly line. auditors to evaluate Answer (C) is correct. A feedback control operates to provide because of the lack of criteria or standards are information about A. Preventive controls. processes that have already occurred. B. Financial controls. Answer (D) is incorrect. Feedforward (preliminary) controls C. Corrective controls. anticipate and avoid D. Operating controls. future performance problems, e.g., budgeting. Answer (A) is incorrect. Preventive controls keep loss exposures Gleim CIA Test Prep: Part 1 - Internal Audit Basics from occurring. (720 questions) They include not only operating controls but also those for which Copyright 2013 Gleim Publications Inc. Page 135 quantifiable Printed for Sanja Knezevic standards are readily determined. [250] Gleim #: 3.2.19 Answer (B) is incorrect. Financial controls, e.g., a budget, are The internal audit activity of an organization is an integral part of the subject to organization’s quantifiable standards that are relatively easy to measure. risk management, control, and governance processes because it Answer (C) is incorrect. Corrective controls are post-detection or evaluates and remedial contributes to the improvement of those processes. Select the type controls. They may include controls for which standards are easily of control provided defined, such when the internal audit activity conducts a systems development as financial controls. analysis. Answer (D) is correct. Operating controls are those used in the A. Feedback control. management B. Strategic plans. processes of directing and controlling and are based on comparison C. Policies and procedures. of results with D. Feedforward control. standards. As an activity becomes less mechanical, however, Answer (A) is incorrect. A feedback control provides information on standards become the results more difficult to determine. Control standards for security, for of a completed activity. example, are less Answer (B) is incorrect. Strategic plans are developed by senior easily developed than for the output per hour of a machine because management to the degree of provide long-range guidance for the organization. security achieved is not readily measurable. Answer (C) is incorrect. Policies and procedures are developed by Gleim CIA Test Prep: Part 1 - Internal Audit Basics management. (720 questions) They are the most basic control subsystem of an organization. Copyright 2013 Gleim Publications Inc. Page 136 Answer (D) is correct. A feedforward control provides information on Printed for Sanja Knezevic potential fb.com/ciaaofficial problems so that corrective action can be taken in anticipation, rather [252] Gleim #: 3.2.21 than as a Which of the following operating controls relate to the organizing result, of a problem. function? Formal procedures for selecting potential A. suppliers. entity’s objectives and goals. Of the controls listed, only the timely Procedures providing for clear levels of purchase order approvals sharing of based on the scheduling information with purchasing personnel fits this value of the requisition. description. B. Answer (B) is incorrect. Providing timely feedback relates to the C. Written objectives and goals for the department. control function, D. Timely materials reporting to buyers. not the directing function. Answer (A) is incorrect. Establishing procedures is a function of Answer (C) is incorrect. Prescribing formal procedures for selecting planning, which potential is the determination of how an individual activity is to be done. suppliers is a part of the planning function, not the directing function. Answer (B) is correct. Organizing is the intentional design and Answer (D) is incorrect. Establishing measurable goals for the structuring of department is a tasks and roles to accomplish organizational goals. An arrangement part of the planning function, not the directing function. that requires [254] Gleim #: 3.2.23 purchases of greater value to be authorized at higher management Which of the following is not a type of control? levels is an A. Preventive. example of an organizational control. B. Reactive. Answer (C) is incorrect. Establishing objectives and goals is also a C. Detective. planning D. Directive. function. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Provision of timely information is a control (720 questions) function. Copyright 2013 Gleim Publications Inc. Page 137 [253] Gleim #: 3.2.22 Printed for Sanja Knezevic Which of the following is an operating control relating to Answer (A) is incorrect. Controls may be preventive. management’s directing Answer (B) is correct. Controls may be preventive (to deter function? undesirable events from Informing purchasing personnel of the future need for long-lead-time occurring), detective (to detect and correct undesirable events which products in have occurred), or ample time. directive (to cause or encourage a desirable event to occur). A. “Reactive” is not a Supplying buyers with timely, accurate, and useful reports on specified type of control. However, controls may be reactive in the products received, sense that they accepted, or rejected. detect an undesirable event and react to it or correct it. B. Answer (C) is incorrect. Controls may be detective. C. Prescribing formal procedures for selecting potential suppliers. Answer (D) is incorrect. Controls may be directive. D. Establishing measurable goals for the department. [255] Gleim #: 3.2.24 Answer (A) is correct. Directing is the process of motivating people An adequate and effective system of internal control provides in an reasonable assurance organization to contribute effectively and efficiently to the that objectives will be achieved. Controls may be preventive, achievement of the detective, or directive. Which of the following is a detective control for the procurement B. Passive, mitigating control. function? C. Active, detective control. Goods received are counted and compared with quantities on D. Detective, preventive control. purchase order and Gleim CIA Test Prep: Part 1 - Internal Audit Basics receiving reports. (720 questions) A. Copyright 2013 Gleim Publications Inc. Page 138 The procurement function is organizationally separate from receiving, Printed for Sanja Knezevic disbursing, fb.com/ciaaofficial and accounting. Answer (A) is incorrect. The control is detective, but it is not B. directive. A directive Review and approval of each procurement action is required prior to control causes or encourages a desirable event to occur. the final Answer (B) is incorrect. The control is neither passive nor mitigating. issuance of a purchase order. It is detected by C. the clerk in a conscious effort to maintain proper documentation. Prenumbered standard purchase order forms include all relevant Moreover, a terms required to mitigating (compensating) control is used when other controls are not be used in all applicable instances. feasible, for D. example, supervisory review when segregation of duties is absent. Answer (A) is correct. Detective controls are designed to detect and Answer (C) is correct. When shipping documents are not received in correct the shipping undesirable events that have occurred. Accounting for all goods department (such as copies of the sales invoice, customer order received and form, and bill of comparing quantities on purchase orders and receiving reports is an lading), the clerk should attempt to obtain the proper documentation example. from the Answer (B) is incorrect. Segregation of duties is a preventive originating organization. This type of control is detective because it control. Preventive detects and controls deter undesirable events from occurring. attempts to correct an undesirable event that has occurred. It is also Answer (C) is incorrect. Review and approval of each procurement active because it action is a takes a conscious intervention by the clerk to ensure the preventive control. documentation is received. Answer (D) is incorrect. Using prenumbered standard purchase Answer (D) is incorrect. The control is not preventive. It does not order forms is a deter an undesirable preventive control. event. [256] Gleim #: 3.2.25 [257] Gleim #: 3.2.26 When a copy of the sale invoice is not received by an organization’s Which of the following is a feedback control? shipping Preventive A. maintenance. department, an employee requests the document from the proper B. Inspection of completed goods. authority. This C. Close supervision of production-line workers. process is a(n) D. Measuring performance against a standard. Directive, A. detective control. Answer (A) is incorrect. Preventive maintenance is a feedforward circumvent controls. For example, comparison of recorded control. It accountability for assets attempts to anticipate and prevent problems. with the assets known to be held may fail to detect fraud if persons Answer (B) is correct. Feedback controls obtain information about having custody of completed assets collude with recordkeepers. activities. They permit improvement in future performance by Answer (C) is incorrect. Management can override controls. learning from past Answer (D) is incorrect. Even a single manager may be able to mistakes. Thus, corrective action occurs after the fact. Inspection of override controls. completed [259] Gleim #: 3.3.28 goods is an example of a feedback control. An organization has grown rapidly and has just automated its human Answer (C) is incorrect. The close supervision of production-line resource system. workers is a The organization has developed a large database that tracks concurrent control. It adjusts an ongoing process. employees, employee Answer (D) is incorrect. Measuring performance against a standard benefits, payroll deductions, job classifications, ethnic code, age, is a general insurance, medical aspect of control. protection, and other similar information. Management has asked the [258] Gleim #: 3.3.27 internal audit An adequate system of internal controls is most likely to detect a activity to review the new system. The automated system contains a fraud perpetrated by table of pay rates a matched with the employee job classifications. The best control to A. Group of employees in collusion. ensure that the table B. Single employee. is updated correctly for only valid pay changes is to C. Group of managers in collusion. Limit access to the data table to management and line supervisors D. Single manager. who have the Gleim CIA Test Prep: Part 1 - Internal Audit Basics authority to determine pay rates. (720 questions) A. Copyright 2013 Gleim Publications Inc. Page 139 Require a supervisor in the department, who does not have the Printed for Sanja Knezevic ability to change Answer (A) is incorrect. A group has a better chance of successfully the table of pay rates, to compare the changes with a signed perpetrating a management fraud than does an individual employee. authorization. Answer (B) is correct. Segregation of duties and other control B. processes serve to Ensure that adequate edit and reasonableness checks are built into prevent or detect a fraud committed by an employee acting alone. the automated One employee may system. not have the ability to engage in wrongdoing or may be subject to C. detection by other Require that all pay changes be signed by the employee to verify that employees in the course of performing their assigned duties. the change However, collusion may goes to a bona fide employee. D. Answer (A) is incorrect. Access to the database should be severely payroll department. Also, a report showing all employees and hours restricted to worked personnel within the human resources or payroll departments. should be sent to the supervisor’s department for review. Answer (B) is correct. To maintain a proper segregation of duties, A. changes in pay All new employees and their hours worked be entered by the human rates should be authorized by someone outside the human resources resources department. department. Furthermore, authorization should be independently verified by an B. individual who All changes to employee records be approved by supervisors outside does not have a recording function. of both Answer (C) is incorrect. Edit checks will not detect unauthorized human resources and payroll. changes. C. Answer (D) is incorrect. The control must ensure that changes in the The payroll department physically delivers paychecks to employees table of pay rather than rates are properly authorized and entered into the system. mailing them. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. (720 questions) Answer (A) is correct. The payroll department has a recording Copyright 2013 Gleim Publications Inc. Page 140 function. It should Printed for Sanja Knezevic not authorize pay rate changes or the addition or deletion of fb.com/ciaaofficial employees from the [260] Gleim #: 3.3.29 payroll. Accordingly, authorization of such changes should be made An organization has grown rapidly and has just automated its human by an resource system. individual outside the department. Verification of payroll data should The organization has developed a large database that tracks also be employees, employee made outside the department. Proper segregation of duties is critical benefits, payroll deductions, job classifications, ethnic code, age, in the insurance, medical prevention of payroll fraud. protection, and other similar information. Management has asked the Answer (B) is incorrect. The entry of new employees and their hours internal audit should be activity to review the new system. An employee in the payroll segregated. The human resources department should not be department is responsible for both contemplating a fraud involving the addition of a fictitious employee activities. and the entry of Answer (C) is incorrect. Approving changes in existing employee fictitious hours worked. The paycheck would then be sent to the records does payroll employee’s not prevent the fraud of entering a fictitious employee. home address. The most effective control procedure to prevent this Answer (D) is incorrect. Physical delivery of paychecks does not type of fraud is to prevent the require that payroll employee from withholding the fictitious employee’s check. A report of all new employees added be approved by someone Moreover, a outside of the department with a recording function should not have an asset Answer (A) is incorrect. The human resources department should custody function. not add Gleim CIA Test Prep: Part 1 - Internal Audit Basics employees and deliver paychecks. These two duties should be (720 questions) segregated. Copyright 2013 Gleim Publications Inc. Page 141 Answer (B) is incorrect. The functions are all performed by human Printed for Sanja Knezevic resources. [261] Gleim #: 3.3.30 There is no segregation of duties. An organization has grown rapidly and has just automated its human Answer (C) is correct. The functions of transaction authorization and resource system. recording The organization has developed a large database that tracks should be segregated to minimize opportunities for fraud. employees, employee Furthermore, automatic benefits, payroll deductions, job classifications, ethnic code, age, check deposit reduces asset custody risk. insurance, medical Answer (D) is incorrect. Payroll is adding employees and processing protection, and other similar information. Management has asked the hours. internal audit These two duties should be performed by different departments. activity to review the new system. Human resources and payroll are [262] Gleim #: 3.3.31 separate Internal control should follow certain basic principles to achieve its departments. Which of the following combinations provides the best objectives. One of segregation of these principles is the segregation of functions. Which one of the duties? following examples Human resources adds employees, payroll processes hours, and does not violate the principle of segregation of functions? human resources The treasurer has the authority to sign checks but gives the signature delivers the paychecks to employees. block to the A. assistant treasurer to run the check-signing machine. Human resources adds employees, reviews and submits payroll A. hours to payroll The warehouse clerk, who has the custodial responsibility over for processing, and delivers paychecks to employees. inventory in the B. warehouse, may authorize disposal of damaged goods. Human resources adds employees, and payroll processes hours and B. enters The sales manager has the responsibility to approve credit and the employee bank account numbers. Paychecks are automatically authority to deposited in the write off accounts. employee’s bank account. C. C. The department time clerk is given the undistributed payroll checks Payroll adds employees and enters employees’ bank account to mail to numbers but absent employees. processes hours only as approved by human resources. Paychecks D. are Gleim CIA Test Prep: Part 1 - Internal Audit Basics automatically deposited in the employee’s bank account. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 142 Printed for Sanja Knezevic Answer (B) is incorrect. Matching quantity received with the packing fb.com/ciaaofficial slip does Answer (A) is correct. The treasurer’s department should have not ensure receipt of the quantity ordered. custody of assets but Answer (C) is correct. Use of the master price list ensures that the should not authorize or record transactions. Because the assistant correct retail treasurer reports to price is marked. the treasurer, the treasurer is merely delegating an assigned duty Answer (D) is incorrect. Goods may or may not be needed in retail related to asset sales. custody. [264] Gleim #: 3.3.33 Answer (B) is incorrect. Authorization to dispose of damaged goods The manager of a production line has the authority to order and could be used to receive replacement cover thefts of inventory for which the warehouse clerk has custodial parts for all machinery that requires periodic maintenance. The responsibility. internal auditor Transaction authorization is inconsistent with asset custody. received an anonymous tip that the manager ordered substantially Answer (C) is incorrect. The sales manager could approve credit to more parts than a controlled were necessary from a family member in the parts supply business. organization and then write off the account as a bad debt. The sales The unneeded manager’s parts were never delivered. Instead, the manager processed authorization of credit is inconsistent with his/her indirect access to receiving documents and assets. charged the parts to machinery maintenance accounts. The Answer (D) is incorrect. The time clerk could conceal the payments for the termination of an employee undelivered parts were sent to the supplier, and the money was and retain that employee’s paycheck. Recordkeeping is inconsistent divided between the with asset custody. manager and the family member. Which of the following internal [263] Gleim #: 3.3.32 controls would have Upon receipt of purchased goods, receiving department personnel most likely prevented this fraud from occurring? match the quantity Establishing predefined spending levels for all vendors during the received with the packing slip quantity and mark the retail price on bidding the goods based on process. a master price list. The annotated packing slip is then forwarded to A. inventory control B. Segregating the receiving function from the authorization of parts and goods are automatically moved to the retail sales area. The most purchases. significant C. Comparing the bill of lading for replacement parts to the approved control strength of this activity is purchase order. Immediately pricing goods A. for retail sale. Using the company’s inventory system to match quantities requested B. Matching quantity received with the packing slip. with C. Using a master price list for marking the sale price. quantities received. D. Automatically moving goods to the retail sales area. D. Answer (A) is incorrect. Timing is not as important as the accuracy Gleim CIA Test Prep: Part 1 - Internal Audit Basics of prices. (720 questions) Copyright 2013 Gleim Publications Inc. Page 143 An accounts receivable clerk, who approves sales returns and Printed for Sanja Knezevic allowances, receives Answer (A) is incorrect. Predefined spending levels would probably customer remittances and deposits them in the bank. Limited already include supervision is the fraudulent amounts and would only limit the size of the fraud. maintained over the employee. Answer (B) is correct. Segregating the parts authorization and C. receiving functions A clerk in the invoice processing department fails to match a would have improved internal control. If the parts in question had vendor’s invoice been sent to the with its related receiving report. Checks are not signed unless all company and a receiving report had been prepared by an employee appropriate other than the one documents are attached to a voucher. ordering the goods, the fraud could not have occurred. Moreover, the D. receiving Answer (A) is incorrect. The requirement for documentation will department should not accept goods unless it has a blind copy of a reveal a theft properly approved when the fund is reimbursed unless the documents can be falsified. purchase order for the items. Answer (B) is incorrect. The amount involved is probably not Answer (C) is incorrect. The bill of lading would agree with the material. purchase order. The Answer (C) is correct. Segregation of duties among key functions is quantity received (verified by a third party) should be compared to an important both the bill of control procedure. An accounts receivable clerk who is permitted to lading and the purchase order. approve sales Answer (D) is incorrect. The computer matching would only verify returns and allowances and also receive customer remittances could the fraudulent misappropriate funds received and cover the shortage by debiting paperwork. sales returns and [265] Gleim #: 3.3.34 allowances. Limited supervision is insufficient to compensate for lack Which one of the following is most likely to be considered an internal of control segregation of duties. weakness? Answer (D) is incorrect. The requirement for documentation will The petty cash custodian has the ability to steal petty cash. uncover the Documentation for all oversight. disbursements from the fund must be submitted with the request for Gleim CIA Test Prep: Part 1 - Internal Audit Basics replenishment (720 questions) of the fund. Copyright 2013 Gleim Publications Inc. Page 144 A. Printed for Sanja Knezevic An inventory control clerk at a manufacturing plant has the ability to fb.com/ciaaofficial steal one [266] Gleim #: 3.3.35 completed television set from inventory a year. The theft probably will One characteristic of an effective internal control structure is the never be proper segregation of detected. duties. The combination of responsibilities that would not be B. considered a violation of segregation of functional responsibilities is or sooner if a bankruptcy or other unusual circumstances are Signing of paychecks and custody of blank A. payroll checks. involved. Credit B. Preparation of paychecks and check distribution. memoranda are prenumbered and must correlate with receiving C. Approval of time cards and preparation of paychecks. reports. Which of the D. Timekeeping and preparation of payroll journal entries. following areas could be viewed as an internal control weakness of Answer (A) is incorrect. Persons with recordkeeping but not custody the above of assets organization? responsibilities should have access to blank checks, while the duty of A. Write-offs of delinquent accounts. signing B. Credit approvals. checks (custodianship) should be assigned to persons (e.g., the C. Monthly aging of receivables. treasurer) with no D. Handling of credit memos. recordkeeping function. Answer (A) is correct. The accounts receivable manager has the Answer (B) is incorrect. Payroll preparation and payment to ability to employees should be perpetrate irregularities because (s)he performs incompatible segregated since they are incompatible recordkeeping and functions. custodianship functions. Authorization and recording of transactions should be separate. Answer (C) is incorrect. Approval of time cards is an authorization Thus, someone function that outside the accounts receivable department should authorize write- is incompatible with the recordkeeping function of preparation of offs. paychecks. Answer (B) is incorrect. Credit approval is an authorization function Answer (D) is correct. Combining the timekeeping function and the that is preparation properly segregated from the recordkeeping function. of the payroll journal entries would not be improper because the Answer (C) is incorrect. Monthly aging is appropriate. employee has no Answer (D) is incorrect. The procedures regarding credit access to assets or to employee records in the human resources memoranda are department. Only standard controls. through collusion could an embezzlement be perpetrated. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Accordingly, the (720 questions) functions of authorization, recordkeeping, and custodianship remain Copyright 2013 Gleim Publications Inc. Page 145 separate. Printed for Sanja Knezevic [267] Gleim #: 3.3.36 [268] Gleim #: 3.3.37 An internal auditor noted that the accounts receivable department is Which of the following controls would prevent the ordering of separate from quantities in excess of other accounting activities. Credit is approved by a separate credit an organization’s needs? department. Control Review of all purchase requisitions by a supervisor in the user accounts and subsidiary ledgers are balanced monthly. Similarly, department prior to accounts are aged submitting them to the purchasing department. monthly. The accounts receivable manager writes off delinquent A. accounts after 1 year, Automatic reorder by the purchasing department when low inventory level is indicated by the system. C. Use predetermined totals (hash totals) of cash receipts to control B. posting routines. A policy requiring review of the purchase order before receiving C. a The employee who receives customer mail receipts prepares the new shipment. daily bank A policy requiring agreement of the receiving report and packing slip deposit, which is then deposited by another employee. before D. storage of new receipts. Answer (A) is incorrect. The bank reconciliation is a detective, not a D. preventive, Answer (A) is correct. Supervisory review at the originating control. department level is Answer (B) is correct. Sequentially numbered receipts should be one means of control over the number of items ordered. This control issued to is an maintain accountability for cash collected. Such accountability should example of the segregation of duties. Authorization should be be separate from established as soon as possible because cash has a high inherent recordkeeping and asset custody. risk. Daily cash Answer (B) is incorrect. Automatic reordering does not consider receipts should be deposited intact so that receipts and bank future plans, deposits can be which could lead to purchases of excess material. reconciled. The reconciliation should be performed by someone Answer (C) is incorrect. Review of the purchase order before independent of receiving a new the cash custody function. shipment is a control for the risk of accepting unordered goods. Answer (C) is incorrect. Use of hash totals is a control over the Answer (D) is incorrect. A policy requiring agreement of the completeness of receiving report and posting routines, not cash receipts. packing slip before storage of new receipts is a control over the risk Answer (D) is incorrect. A cash remittance list should be prepared of receiving before a an amount other than that ordered. separate employee prepares the bank deposit. The list and deposit [269] Gleim #: 3.3.38 represent Which of the following describes the most effective preventive control separate records based on independent counts made by different to ensure employees. proper handling of cash receipt transactions? Gleim CIA Test Prep: Part 1 - Internal Audit Basics Have bank reconciliations prepared by an employee not involved (720 questions) with cash Copyright 2013 Gleim Publications Inc. Page 146 collections and then have them reviewed by a supervisor. Printed for Sanja Knezevic A. fb.com/ciaaofficial One employee issues a prenumbered receipt for all cash collections; [270] Gleim #: 3.3.39 another Checks from customers are received in the organization’s mail room employee reconciles the daily total of prenumbered receipts to the each day. What bank deposits. controls should be in place to safeguard them? B. Establishing a separate post office box for A. customer payments. B. Forwarding all checks to the cashier upon receipt. C. Requiring a specific mail clerk to list and restrictively endorse Answer (C) is incorrect. The payroll register should be approved by each check. an officer of D. Providing bonding protection for mail clerks. the organization. This control is a strength. Answer (A) is incorrect. Requiring a specific mail clerk to list and Answer (D) is incorrect. Paychecks should be drawn on a separate restrictively payroll endorse each check provides more protection than establishing a checking account. This control is a strength. separate post [272] Gleim #: 3.3.41 office box for customer payments. The internal auditor recognizes that certain limitations are inherent in Answer (B) is incorrect. The same person should not both receive any system of and deposit internal controls. Which one of the following scenarios is the result of checks. an inherent Answer (C) is correct. An employee who does not have access to limitation of internal control? other records A. The comptroller both makes and records cash deposits. should open the mail and prepare a list of checks received. The A security guard allows one of the warehouse employees to remove check listing will assets from later be reconciled with the daily bank deposit and entries to the premises without authorization. accounts receivable. B. A restrictive endorsement (“for deposit only”) will put transferees on C. The organization sells to customers on account, without credit notice to act approval. accordingly (that is, deposit the check in the organization’s account). An employee who is unable to read is assigned custody of the Answer (D) is incorrect. Bonding insures against, but does not organization’s directly prevent, computer tape library and run manuals that are used during the third losses. shift. [271] Gleim #: 3.3.40 D. Which of the following activities performed by a payroll clerk is a Gleim CIA Test Prep: Part 1 - Internal Audit Basics control weakness (720 questions) rather than a control strength? Copyright 2013 Gleim Publications Inc. Page 147 A. Has custody of the check signature stamp machine. Printed for Sanja Knezevic B. Prepares the payroll register. Answer (A) is incorrect. Segregating the functions of recording and C. Forwards the payroll register to the chief accountant for approval. asset custody is D. Draws the paychecks on a separate payroll checking account. customary. That the comptroller both makes and records cash Answer (A) is correct. Payroll checks should be signed by the deposits is an avoidable treasurer, i.e., by control weakness. someone who is not involved in timekeeping, recordkeeping, or Answer (B) is correct. Inherent limitations in internal control arise payroll from mistakes in preparation. The payroll clerk performs a recordkeeping function. judgment, misunderstandings of instructions, personnel Answer (B) is incorrect. Preparing the payroll register is one of the carelessness, distraction, recordkeeping fatigue, collusion, perpetrations by management, changing tasks of the payroll clerk. conditions, and deterioration of degrees of compliance. Thus, a control (use of department store’s disbursement cycle reflects a control strength? security guards) based Individual department managers use prenumbered forms to order on segregation of functions may be overcome by collusion among merchandise two or more from vendors. employees. A. Answer (C) is incorrect. Transactions can and should be authorized The receiving department is given a copy of the purchase order before execution. complete with a The security guard’s failure to obtain authorization for removal of description of goods, quantity ordered, and extended price for all assets is an merchandise avoidable control weakness. ordered. Answer (D) is incorrect. Assignment of an unqualified employee is B. an avoidable The treasurer’s office prepares checks for suppliers based on control weakness. vouchers prepared by [273] Gleim #: 3.3.42 the accounts payable department. One payroll engagement objective is to determine whether C. segregation of duties is Individual department managers are responsible for the movement of proper. Which of the following activities is incompatible? merchandise Hiring employees and authorizing changes A. in pay rates. from the receiving dock to storage or sales areas as appropriate. B. Preparing the payroll and filing payroll tax forms. D. C. Signing and distributing payroll checks. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Preparing attendance data and preparing the payroll. (720 questions) Answer (A) is incorrect. Hiring employees and authorizing changes Copyright 2013 Gleim Publications Inc. Page 148 in pay rates Printed for Sanja Knezevic are both personnel functions. fb.com/ciaaofficial Answer (B) is incorrect. Preparing the payroll and filing payroll tax Answer (A) is incorrect. The managers should submit purchase forms are requisitions to the both functions of the payroll department. purchasing department. The purchasing function should be separate Answer (C) is incorrect. Proper treasury functions include signing from operations. and Answer (B) is incorrect. To encourage a fair count, the receiving distributing payroll checks. department should Answer (D) is correct. Attendance data are accumulated by the receive a copy of the purchase order from which the quantity has timekeeping been omitted. function. Preparing the payroll is a payroll department function. For Answer (C) is correct. Accounting for payables is a recording control function. The matching purposes, these two functions should be separated to avoid the of the supplier’s invoice, the purchase order, and the receiving report perpetration and (and usually the concealment of irregularities. purchase requisition) should be the responsibility of the accounting [274] Gleim #: 3.3.43 department. These Which of the following observations made during the preliminary are the primary supporting documents for the payment voucher survey of a local prepared by the accounts payable section that will be relied upon by the treasurer in recording inventory receipts. The purchase orders list the name of making payment. the vendor and the Answer (D) is incorrect. The receiving department should transfer quantities of the materials ordered. A possible error that this system goods directly to could allow is the storeroom to maintain security. A copy of the receiving report A. Payment to unauthorized vendors. should be sent to the B. Payment for unauthorized purchases. storeroom so that the amount stored can be compared with the C. Overpayment for partial deliveries. amount in the report. D. Delay in recording purchases. [275] Gleim #: 3.3.44 Gleim CIA Test Prep: Part 1 - Internal Audit Basics Which of the following controls would help prevent overpaying a (720 questions) vendor? Copyright 2013 Gleim Publications Inc. Page 149 Reviewing and canceling supporting documents when A. a check is Printed for Sanja Knezevic issued. Answer (A) is incorrect. Comparing receipts with purchase orders B. Requiring the check signer to mail the check directly to the will help detect vendor. unauthorized vendors. C. Reviewing the accounting distribution for the expenditure. Answer (B) is incorrect. Comparing receipts with purchase orders D. Approving the purchase before ordering from the vendor. will help detect Answer (A) is correct. Reviewing and canceling the supporting unauthorized purchases. documents Answer (C) is correct. To ensure a fair count, the copy of the prevents paying a vendor twice for the same purchase. If the person purchase order sent to who signs the the receiving clerk should not include quantities. The receiving clerk check cancels the required documents, they cannot be recycled in should count the support of a items in the shipment and prepare a receiving report. Copies are duplicate payment voucher. Securing the paid voucher file from sent to inventory access by the control and accounts payable. accounts payable clerk is another effective control. Answer (D) is incorrect. Using purchase orders to identify receipts Answer (B) is incorrect. Requiring the check signer to mail the will not cause a check directly to delay in recording purchases. the vendor would prevent the check from being misappropriated. [277] Gleim #: 3.3.46 Answer (C) is incorrect. Reviewing the accounting distribution for Which of the following situations will cause an internal auditor to the question the expenditure would ensure that the expenditure is debited to the adequacy of controls over a purchasing function? proper account(s). The original and one copy of the purchase order are mailed to the Answer (D) is incorrect. Approving the purchase before ordering vendor. The from the vendor copy on which the vendor acknowledges acceptance is returned to would ensure that only authorized purchases are made. the purchasing [276] Gleim #: 3.3.45 department. A receiving department receives copies of purchase orders for use in A. identifying and Receiving reports are forwarded to purchasing where they are matched with purchase orders and sent to accounts payable. D. Customer billing complaints are investigated by the controller’s B. office. The accounts payable section prepares documentation C. for Gleim CIA Test Prep: Part 1 - Internal Audit Basics payments. (720 questions) Unpaid voucher files and perpetual inventory records are Copyright 2013 Gleim Publications Inc. Page 150 independently Printed for Sanja Knezevic maintained. fb.com/ciaaofficial D. Answer (A) is correct. Shipping documents are prepared at the time Answer (A) is incorrect. This practice ensures accurate of shipment. They communication. are prenumbered to facilitate detection of unrecorded shipments. A Answer (B) is correct. Purchasing and receiving should be gap in the sequence organizationally of documents may indicate an irregularity. An employee outside the independent. Moreover, comparing the purchase order and the shipping receiving report department should account for these documents. Sales invoices are should be the responsibility of a third person. Fraud perpetrated by a generated by the purchasing organization’s computer system at the same time as the shipping department employee could be concealed if (s)he is the first to obtain documents and the should have the same numbers. Thus, every shipping document receiving report. should be matched Answer (C) is incorrect. Accounts payable may prepare with a sales invoice to ensure proper billing. documentation but Answer (B) is incorrect. Accounting for sales invoices alone does should not sign checks. not prevent or Answer (D) is incorrect. Separately maintaining unpaid vouchers detect unbilled shipments. and perpetual Answer (C) is incorrect. Segregating the duties for recording sales inventory records is acceptable. transactions and [278] Gleim #: 3.3.47 maintaining customer accounts does not ensure that all shipments Which of the following ensures that all inventory shipments are billed are invoiced. to customers? Answer (D) is incorrect. Customers who are not billed may not notify Shipping documents are prenumbered and are independently the accounted for and organization. matched with sales invoices. [279] Gleim #: 3.3.48 A. If internal control is well designed, two tasks that should be Sales invoices are prenumbered and are independently accounted performed by different for and traced to persons are the sales journal. Approval of bad debt write-offs, and reconciliation of the accounts B. payable Duties for recording sales transactions and maintaining customer subsidiary ledger and controlling account. account balances A. are separated. Distribution of payroll checks and approval of sales B. returns for C. credit. Posting of amounts from both the cash receipts journal and cash Copyright 2013 Gleim Publications Inc. Page 151 payments journal Printed for Sanja Knezevic to the general ledger. [280] Gleim #: 3.3.49 C. Which one of the following situations represents an internal control D. Recording of cash receipts and preparation of bank weakness in the reconciliations. payroll department? Answer (A) is incorrect. There is no conflict between writing off bad Payroll department personnel are rotated A. in their duties. debts B. Paychecks are distributed by the employees’ immediate (accounts receivable) and reconciling accounts payable, which are supervisor. liabilities. C. Payroll records are reconciled with quarterly tax reports. Answer (B) is incorrect. Distribution of payroll checks and approval D. The timekeeping function is independent of the payroll of sales department. returns are independent functions. People who perform such Answer (A) is incorrect. Periodic rotation of payroll personnel disparate tasks are inhibits the unlikely to be able to perpetrate and conceal a fraud. In fact, some perpetration and concealment of fraud. organizations Answer (B) is correct. Paychecks should not be distributed by use personnel from an independent function to distribute payroll supervisors checks. because an unscrupulous person could terminate an employee and Answer (C) is incorrect. Posting both ledgers would cause no fail to report the conflict as long as termination. The supervisor could then clock in and out for the the individual involved did not have access to the actual cash. If a employee and keep person has the paycheck. A person unrelated to either payroll recordkeeping or access to records but not the assets, no danger exists of the operating embezzlement without department should distribute checks. collusion. Answer (C) is incorrect. This analytical procedure may detect a Answer (D) is correct. Recording of cash establishes accountability discrepancy. for assets. Answer (D) is incorrect. Timekeeping should be independent of The bank reconciliation compares that recorded accountability with asset custody actual assets. and employee records. The recording of cash receipts and preparation of bank [281] Gleim #: 3.3.50 reconciliations should Which of the following activities represents both an appropriate therefore be performed by different individuals because the preparer human resources of a department function and a deterrent to payroll fraud? reconciliation could conceal a cash shortage. For example, if a A. Distribution of paychecks. cashier both B. Authorization of overtime. prepares the bank deposit and performs the reconciliation, (s)he C. Authorization of additions and deletions from the payroll. could embezzle D. Collection and retention of unclaimed paychecks. cash and conceal the theft by falsifying the reconciliation. Answer (A) is incorrect. The treasurer should perform the asset Gleim CIA Test Prep: Part 1 - Internal Audit Basics custody function (720 questions) regarding payroll. Answer (B) is incorrect. Authorizing overtime is a responsibility of Answer (B) is incorrect. Lapping entails the theft of cash receipts operating and the use of management. subsequent receipts to conceal the theft. The effect is to overstate Answer (C) is correct. The payroll department is responsible for receivables, but assembling no difference between the control total and the total of subsidiary payroll information (recordkeeping). The human resources amounts would department is arise. responsible for authorizing employee transactions, such as hiring, Answer (C) is incorrect. Aging does not involve accounting entries. firing, and Answer (D) is incorrect. Interception of customer statements might changes in pay rates and deductions. Segregating the recording and indicate authorization fraudulent receivables but would not cause the subsidiary ledger functions helps prevent fraud. discrepancy. Answer (D) is incorrect. Unclaimed checks should be in the custody [283] Gleim #: 3.3.52 of the An internal auditor noted that several shipments were not billed. To treasurer until they can be deposited in a special bank account. prevent recurrence Gleim CIA Test Prep: Part 1 - Internal Audit Basics of such nonbilling, the organization should (720 questions) Numerically sequence and independently account for all controlling Copyright 2013 Gleim Publications Inc. Page 152 documents Printed for Sanja Knezevic (such as packing slips and shipping orders) when sales journal fb.com/ciaaofficial entries are [282] Gleim #: 3.3.51 recorded. An organization has computerized sales and cash receipts journals. A. The computer B. Undertake a validity check with customers as to orders placed. programs for these journals have been properly debugged. The Release product for shipment only on the basis of credit approval by internal auditor the credit discovered that the total of the accounts receivable subsidiary manager or other authorized person. accounts differs C. materially from the accounts receivable control account. This Undertake periodic tests of gross margin rates by product line and discrepancy could obtain indicate explanations of significant departures from planned rates. Credit memoranda being improperly A. recorded. D. B. Receivables being lapped. Answer (A) is correct. The sequential numbering of documents C. Receivables not being properly aged. provides a D. Statements being intercepted prior to mailing. standard control over transactions. The numerical sequence should Answer (A) is correct. Sales returns and allowances require the be accounted crediting of for by an independent party. A major objective is to detect accounts receivable. Thus, the recording of unauthorized credit unrecorded and memoranda is one unauthorized transactions. explanation for the discrepancy if sales and cash receipts are Answer (B) is incorrect. This check would not prevent or detect properly recorded. unrecorded and unauthorized transactions. purchases may be made from vendors with respect to whom buyers Answer (C) is incorrect. Credit approval does not ensure billing. or other Answer (D) is incorrect. Testing gross margin rates is an analytical employees have a conflict of interest. The result may be excessive procedure, not prices or a preventive control. amounts, or poor quality of goods and services acquired. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Accordingly, additions to (720 questions) the vendor file should be authorized at an appropriate level and not Copyright 2013 Gleim Publications Inc. Page 153 by the buyers. Printed for Sanja Knezevic Similarly, bidders’ lists should be approved by supervisory personnel. [284] Gleim #: 3.3.53 Answer (B) is incorrect. The requirement of a written purchase order A preliminary survey of the purchasing function indicates that approved by Department managers initiate purchase requests that must be the plant superintendent is a satisfactory control to prevent approved by the unnecessary purchases. plant superintendent, Answer (C) is incorrect. Payment is not made without a receiving Purchase orders are typed by the purchasing department using report. prenumbered and Answer (D) is incorrect. Payment requests must be supported by an controlled forms, approved Buyers regularly update the official vendor listing as new sources of purchase order. supply [285] Gleim #: 3.3.54 become known, Management is concerned with the potential for unauthorized Rush orders can be placed with a vendor by telephone but must be changes in the payroll. followed by a Which of the following is the proper organizational structure to written purchase order before delivery can be accepted, and prevent such Vendor invoice payment requests must be accompanied by a unauthorized changes? purchase order and The payroll department maintains and authorizes all changes in the receiving report. personnel One possible fault of this system is that records. Purchases could be made from a vendor controlled by a buyer at A. prices higher than The payroll department is supervised by the management of the normal. human resources A. division. Unnecessary supplies can be purchased by department B. B. managers. The payroll department’s functions are limited to maintaining the C. Payment can be made for supplies not received. payroll records, Payment can be made for supplies received but not ordered by the distributing paychecks, and posting the payroll entries to the general purchasing ledger. department. C. D. D. The personnel department authorizes the hiring and pay levels of Answer (A) is correct. A risk exposure typical of the purchasing all employees. function is that Gleim CIA Test Prep: Part 1 - Internal Audit Basics (720 questions) responsibility of a cashier. Copyright 2013 Gleim Publications Inc. Page 154 Answer (C) is incorrect. It is a part of the custodial function, which is Printed for Sanja Knezevic the primary fb.com/ciaaofficial responsibility of a cashier. Answer (A) is incorrect. The personnel department should be Answer (D) is correct. The cashier is an assistant to the treasurer responsible for these and thus functions. performs an asset custody function. Individuals with custodial Answer (B) is incorrect. The payroll and personnel departments functions should should be not have access to the accounting records. If the cashier were independent. allowed to post the Answer (C) is incorrect. The payroll department should not post the receipts to the accounts receivable subsidiary ledger, an opportunity payroll entries to for the general ledger or distribute the paychecks. These functions are embezzlement would arise that could be concealed by falsifying the the responsibility of books. the accounting department and the treasurer’s office, respectively. [287] Gleim #: 3.3.56 Answer (D) is correct. The payroll department is responsible for Which one of the following situations represents an internal control assembling payroll weakness in information (recordkeeping). The personnel department is accounts receivable? responsible for authorizing A. Internal auditors confirm customer accounts periodically. and executing employee transactions such as hiring, firing, and B. Delinquent accounts are reviewed only by the sales manager. changes in pay rates C. The cashier is denied access to customers’ records and monthly and deductions. Segregating these functions helps prevent fraud. statements. Thus, the payroll for D. Customers’ statements are mailed monthly by the accounts each period should be compared with the active employment files of receivable department. the personnel Gleim CIA Test Prep: Part 1 - Internal Audit Basics department. (720 questions) [286] Gleim #: 3.3.55 Copyright 2013 Gleim Publications Inc. Page 155 In a well-designed internal control structure in which the cashier Printed for Sanja Knezevic receives remittances Answer (A) is incorrect. Periodic confirmation of accounts receivable from the mail room, the cashier should not is an internal A. Endorse the checks. control strength. B. Prepare the bank deposit slip. Answer (B) is correct. Internal control over accounts receivable C. Deposit remittances daily at a local bank. begins with a proper D. Post the receipts to the accounts receivable subsidiary ledger segregation of duties. Hence, the cashier, who performs an asset cards. custody function, Answer (A) is incorrect. It is a part of the custodial function, which is should not be involved in recordkeeping. Accounts should be the primary periodically confirmed responsibility of a cashier. by an auditor, and delinquent accounts should be reviewed by the Answer (B) is incorrect. It is a part of the custodial function, which is head of accounts the primary receivable and the credit manager. Customer statements should be Answer (D) is correct. A voucher should not be prepared for mailed monthly by payment until the the accounts receivable department without allowing access to the vendor’s invoice has been matched against the corresponding statements by purchase order and employees of the cashier’s department. The sales manager should receiving report. This procedure provides assurance that a valid not be the only transaction has person to review delinquent accounts because (s)he may have an occurred and that the parties have agreed on the terms, such as interest in not price and quantity. declaring an account uncollectible. [289] Gleim #: 3.3.58 Answer (C) is incorrect. An employee with asset-custody To control purchasing and accounts payable, an information system responsibilities should not must include have access to records for that asset. certain source documents. For a manufacturing organization, these Answer (D) is incorrect. Monthly account statements give customers documents should an opportunity to include complain about incorrect billings or missing payments. A. Purchase orders, receiving reports, and vendor invoices. [288] Gleim #: 3.3.57 B. Receiving reports and vendor invoices. Which one of the following situations represents a strength of internal C. Purchase requisitions, purchase orders, receiving reports, and control for vendor invoices. purchasing and accounts payable? Purchase requisitions, purchase orders, inventory reports of goods Prenumbered receiving reports are A. issued randomly. needed, and B. Invoices are approved for payment by the purchasing department. vendor invoices. C. Unmatched receiving reports are reviewed on an annual basis. D. Vendors’ invoices are matched against purchase orders and Gleim CIA Test Prep: Part 1 - Internal Audit Basics receiving reports (720 questions) before a liability is recorded. Copyright 2013 Gleim Publications Inc. Page 156 D. Printed for Sanja Knezevic Answer (A) is incorrect. Prenumbered receiving reports should be fb.com/ciaaofficial issued Answer (A) is incorrect. A purchase requisition is also needed. sequentially. A gap in the sequence may indicate an erroneous or Answer (B) is incorrect. A purchase order and requisition are also fraudulent necessary. transaction. Answer (C) is correct. Before ordering an item, the purchasing Answer (B) is incorrect. Invoices should not be approved by department should purchasing. That is have on hand a purchase requisition reflecting an authorized request the job of the accounts payable department. by a user Answer (C) is incorrect. Annual review of unmatched receiving department. Before a voucher is prepared for paying an invoice, the reports is too accounts payable infrequent. More frequent attention is necessary to remedy department should have the purchase requisition, a purchase order deficiencies in internal (to be certain the control. items were indeed ordered), the vendor’s invoice, and a receiving report (to be certain the items were received). which checks were used during a period. Answer (D) is incorrect. A receiving report is needed. Answer (C) is incorrect. Cash receipts are part of the revenue cycle. [290] Gleim #: 3.3.59 Answer (D) is incorrect. Consideration of the qualifications of Auditors document their understanding of internal control with accounting questionnaires, personnel is not a test of controls over the completeness of any flowcharts, and narrative descriptions. A questionnaire consists of a cycle. This series of questions procedure is appropriate during the consideration of the control concerning controls that auditors consider necessary to prevent or environment. detect errors and [291] Gleim #: 3.3.60 fraud. The most appropriate question designed to contribute to the The initiation of the purchase of materials and supplies would be the auditors’ responsibility of understanding of the completeness of the expenditure (purchases- the payables) cycle A. Purchasing department. concerns the B. Stores control department. Internal verification of quantities, prices, and mathematical accuracy C. Inventory control department. of sales D. Production department. invoices. Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. (720 questions) Use and accountability of B. prenumbered checks. Copyright 2013 Gleim Publications Inc. Page 157 C. Disposition of cash receipts. Printed for Sanja Knezevic D. Qualifications of accounting personnel. Answer (A) is incorrect. The purchasing department places orders Answer (A) is incorrect. Determination of proper amounts of sales that have been invoices initiated and authorized by others. concerns the valuation assertion. Also, sales invoices are part of the Answer (B) is incorrect. The stores control department has custody salesreceivables of materials; it (revenue) cycle. does not maintain inventory records. Answer (B) is correct. A completeness assertion concerns whether Answer (C) is correct. The inventory control department would be all responsible for transactions and accounts that should be presented in the financial initiating a purchase. It has access to the inventory records and statements are would therefore know so presented. The exclusive use of sequentially numbered when stocks were getting low. documents facilitates Answer (D) is incorrect. The production department manufactures control over expenditures. An unexplained gap in the sequence goods and obtains alerts the auditor materials from stores control. to the possibility that not all transactions have been recorded. A [292] Gleim #: 3.3.61 failure to use Multiple copies of the purchase order are prepared for recordkeeping prenumbered checks would therefore suggest a higher assessment and distribution of control risk. with a copy of the purchase order sent to the vendor and one If a company uses prenumbered checks, it should be easy to retained by the determine exactly purchasing department. In addition, for proper informational flow and C. Segregation of payroll preparation and paycheck distribution. internal control D. Segregation of payroll preparation and maintenance of year-to- purposes, a version of the purchase order would be distributed to the date records. Accounts payable, receiving, and stores control A. departments. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Accounts payable, receiving, and inventory control departments. (720 questions) C. Accounts payable, accounts receivable, and receiving Copyright 2013 Gleim Publications Inc. Page 158 departments. Printed for Sanja Knezevic D. Accounts payable, receiving, and production planning fb.com/ciaaofficial departments. Answer (A) is incorrect. Segregating timekeeping and payroll Answer (A) is incorrect. The stores control department does not preparation is an need to know effective control. It prevents one person from claiming that an that a purchase has been initiated. employee worked Answer (B) is correct. The accounts payable department should certain hours and then writing a check to that employee. Payment to receive a copy of an absent or the purchase order for internal control purposes to ensure that all fictitious employee would therefore require collusion between two invoices paid are employees. for properly authorized items. The receiving department should Answer (B) is incorrect. Personnel should be separate from payroll. receive a copy The former (with the quantity omitted to encourage an honest count) so that its authorizes the calculation of the payroll by the latter. employees will Answer (C) is incorrect. Segregating paycheck preparation from know that incoming shipments were authorized and should be distribution makes it accepted. In more difficult for checks to be made out to fictitious employees. addition, the department issuing the purchasing requisition (the Answer (D) is correct. Most companies have their payrolls prepared inventory control by the same department) should receive a copy as a notification that the order individuals who maintain the year-to-date records. There is no need has been placed. for this Answer (C) is incorrect. The accounts receivable department does segregation of functions because both duties involve recordkeeping. not need a [294] Gleim #: 3.3.63 copy. If employee paychecks are distributed by hand to employees, which Answer (D) is incorrect. The production planning department does one of the not need a following departments should be responsible for the safekeeping of copy. unclaimed [293] Gleim #: 3.3.62 paychecks? Organizational independence in the processing of payroll is achieved A. Payroll department. by segregation of B. Timekeeping department. functions that are built into the system. Which one of the following C. Production department in which the employee works or worked. functional D. Cashier department. segregations is not required for internal control purposes? Answer (A) is incorrect. The payroll department was responsible for A. Segregation of timekeeping from payroll preparation. causing the B. Segregation of personnel function from payroll preparation. check to be written. Answer (B) is incorrect. The timekeeping department authorized (720 questions) payment based Copyright 2013 Gleim Publications Inc. Page 159 on a certain number of hours worked. Printed for Sanja Knezevic Answer (C) is incorrect. A production supervisor or fellow worker Answer (A) is incorrect. Ensuring that a sales order is for a has an legitimate, creditworthy opportunity to intercept the check of a fictitious or terminated customer is a function of the credit department. employee. Answer (B) is incorrect. To maintain proper segregation of functions, Answer (D) is correct. The responsibility for unclaimed paychecks goods should be should be pulled by the storeroom department and shipped by the shipping given to a department that has no opportunity to authorize or write department. those checks. Answer (C) is incorrect. Invoice preparation and account updating Because the treasury function serves only an asset custody function should be and thus has performed by two different departments. had no input into the paycheck process, it is the logical repository of Answer (D) is correct. Allowing a sales department employee to unclaimed approve a credit checks. memo without a receiving report would be unacceptably risky. Sales [295] Gleim #: 3.3.64 personnel could Organizational independence is required in the processing of overstate sales in one period and then reverse them in subsequent customers’ orders in periods. Thus, a copy order to maintain an internal control structure. Which one of the of the receiving report for returned goods should be sent to billing for following situations is preparation of a not a proper segregation of duties in the processing of orders from credit memo after approval by a responsible supervisor who is customers? independent of sales. A. Approval by credit department of a sales order prepared by the [296] Gleim #: 3.4.65 sales department. An organization’s directors, management, external auditors, and Shipping of goods by the shipping department that have been internal auditors all retrieved from stock play important roles in creating a proper control environment. Senior by the finished goods storeroom department. management is B. primarily responsible for Invoice preparation by the billing department and posting to Establishing a proper organizational culture and specifying a system customers’ accounts of internal by the accounts receivable department. control. C. A. Approval of a sales credit memo because of a product return by the Designing and operating a control system that provides reasonable sales assurance that department with subsequent posting to the customer’s account by established objectives and goals will be achieved. the accounts B. receivable department. Ensuring that external and internal auditors adequately monitor the D. control Gleim CIA Test Prep: Part 1 - Internal Audit Basics environment. C. sales and gross profit generated from their product lines. Many Implementing and monitoring controls designed by the D. board of products are seasonal directors. and individual store managers can require that seasonal products be Answer (A) is correct. Senior management is primarily responsible removed to make for space for the next season’s products. Which of the following is a establishing a proper organizational culture and specifying a system control deficiency in of internal this situation? control. The store manager can require items to be removed, thus affecting Answer (B) is incorrect. Senior management is not likely to be the potential involved in the performance evaluation of individual product managers. detailed design and day-to-day operation of a control system. A. Answer (C) is incorrect. Management administers risk and control The product manager negotiates the purchase price and sets B. the processes. It selling price. cannot delegate this responsibility to the external auditors or to the Evaluating product managers by total gross profit generated by internal audit product line will activity. lead to dysfunctional behavior. Answer (D) is incorrect. The board has oversight governance C. responsibilities but D. There is no receiving function located at individual stores. ordinarily does not become involved in the details of operations. Answer (A) is incorrect. Goods are seasonal, and store space is Gleim CIA Test Prep: Part 1 - Internal Audit Basics limited. This is a (720 questions) constraint that is consistent with maximizing revenue and profitability Copyright 2013 Gleim Publications Inc. Page 160 for the Printed for Sanja Knezevic organization. fb.com/ciaaofficial Answer (B) is incorrect. The product manager is evaluated based on [297] Gleim #: 3.4.66 sales and The marketing department for a major retailer assigns separate gross profit; thus, performing both of these duties is not a conflict. product managers for Answer (C) is incorrect. Evaluating the product managers on gross each product line. Product managers are responsible for ordering profit and products and budgeted sales holds them accountable for profitability. This determining retail pricing. Each product manager’s purchasing approach is budget is set by the consistent with their authority over ordering and pricing. marketing manager. Products are delivered to a central distribution Answer (D) is correct. The receiving function verifies that the goods center where goods received are are segregated for distribution to the company’s 52 department those actually sent by the shipper. Without this function being stores. Because performed at the receipts are recorded at the distribution center, the company does store, goods could be lost, pilfered, or simply sent to the wrong store not maintain a without it receiving function at each store. Product managers are evaluated on being discovered. a combination of Gleim CIA Test Prep: Part 1 - Internal Audit Basics (720 questions) Copyright 2013 Gleim Publications Inc. Page 161 individual product managers to approve their own requests to exceed Printed for Sanja Knezevic budget [298] Gleim #: 3.4.67 would almost certainly result in misallocation. Thus, Item I is a valid The marketing department for a major retailer assigns separate choice. product managers for Item II is not a valid choice because the marketing manager asserts each product line. Product managers are responsible for ordering his/her products and authority before an unwanted event has taken place. Item III is not a determining retail pricing. Each product manager’s purchasing valid choice budget is set by the because product managers may be tempted to commit the company marketing manager. Products are delivered to a central distribution to buy more center where goods product than it can finance. The marketing manager is in a position to are segregated for distribution to the company’s 52 department coordinate stores. Because these requests and reconcile them with the budget. receipts are recorded at the distribution center, the company does Answer (B) is incorrect. The gross profit evaluation is effective in not maintain a evaluating receiving function at each store. Product managers are evaluated on product managers, but it does not necessarily restrain excess a combination of spending. sales and gross profit generated from their product lines. Many Answer (C) is incorrect. Approval by the marketing manager is a products are seasonal preventive and individual store managers can require that seasonal products be control, which deters undesirable events from occurring. A detective removed to make control space for the next season’s products. Requests for purchases detects and corrects undesirable events that have occurred. Also, beyond those initially the gross profit budgeted must be approved by the marketing manager. This evaluation is effective only in evaluating the manager. procedure Answer (D) is incorrect. Approval by the marketing manager is a Should provide for the most efficient allocation of scarce preventive organizational I. resources. control, which deters undesirable events from occurring. A detective II. Is a detective control procedure. control III. Is unnecessary because each product manager is evaluated on detects and corrects undesirable events that have occurred. Also, profit generated. the gross profit A. I only. evaluation is effective only in evaluating the manager. B. III only. [299] Gleim #: 3.4.68 C. II and III only. Which of the following would minimize defects in finished goods D. I, II, and III. caused by poor Answer (A) is correct. The organization has two scarce resources to quality raw materials? allocate: its A. Documented procedures for the proper handling of work-in- purchasing budget and the space available in its retail stores. The process inventory. marketing B. Required material specifications for all purchases. manager is high enough in the organization to coordinate this C. Timely follow-up on all unfavorable usage variances. allocation. Allowing D. Determination of the amount of spoilage at the end of the auditor would best address the security issue by recommending that manufacturing process. plant management Gleim CIA Test Prep: Part 1 - Internal Audit Basics Move the small tools inventory to the custody of the production (720 questions) inventory staging Copyright 2013 Gleim Publications Inc. Page 162 superintendent and implement the use of a special requisition to Printed for Sanja Knezevic issue small tools. fb.com/ciaaofficial A. Answer (A) is incorrect. Documented procedures for handling work- Initiate a full physical inventory of small tools B. on a monthly basis. in-process Place supply of small tools in a secured area, install a key-access inventory do not ensure that materials are of sufficient quality. card system for Answer (B) is correct. A preventive control is required in this all employees, and record each key-access transaction on a report situation, i.e., one that for the ensures an unwanted event does not take place. The most cost- production superintendent. effective way of C. achieving the goal is to keep poor quality raw materials from entering Close the exit to the employee parking lot and require all plant the warehouse to employees to use a begin with. Of the controls listed, only required specifications will doorway by the receiving dock that also provides access to the plant accomplish this. employees’ Answer (C) is incorrect. Follow-up on unfavorable usage variances parking area. may lead to D. detection and correction of use of substandard materials but does Answer (A) is correct. Minimizing the loss of assets requires a not prevent or preventive minimize defects in products already processed. control. Giving responsibility for custody of small tools to one Answer (D) is incorrect. Determination of spoilage after raw individual materials have been used establishes accountability. Requiring that requisitions be submitted in production is not a preventive control. ensures that [300] Gleim #: 3.4.69 their use is properly authorized. An internal auditor notes year-to-year increases for small tool Answer (B) is incorrect. A full physical inventory of small tools on a expense at a monthly manufacturing facility that has produced the same amount of basis is a periodic, detective control that is effective only in identical product for the determining the last 3 years. Production inventory is kept in a controlled staging area amount of losses. adjacent to the Answer (C) is incorrect. Placing small tools in a secured area, receiving dock, but the supply of small tools is kept in an installing a keyaccess unsupervised area near the system, and recording access transactions are preventive and exit to the plant employees’ parking lot. After determining that all of detective the following controls but do not record the amount of tools removed from the alternatives are equal in cost and are also feasible for local inventory. management, the internal Answer (D) is incorrect. Closing the exit to the employee parking lot does not limit access to the small tools inventory. A. Research and development personnel are hired by the payroll Gleim CIA Test Prep: Part 1 - Internal Audit Basics department. (720 questions) B. Research and development expenditures are reviewed by an Copyright 2013 Gleim Publications Inc. Page 163 independent person. Printed for Sanja Knezevic All research and development costs are charged to expense in [301] Gleim #: 3.4.70 accordance with the Which of the following control procedures does an internal auditor applicable accounting principles. expect to find C. during an engagement to evaluate risk management and insurance? The research and development budget is properly allocated between Periodic internal review of the in-force list to evaluate the adequacy new products, of insurance product maintenance, and cost reduction programs. coverage. D. A. Answer (A) is incorrect. Only the human resources department Required approval of all new insurance policies by the B. should be organization’s CEO. responsible for hiring. A department responsible for recordkeeping C. Policy of repetitive standard journal entries to record insurance (e.g., payroll) expense. should not authorize transactions. D. Cutoff procedures with regard to insurance expense reporting. Answer (B) is incorrect. Reviewing monetary amounts is a financial Answer (A) is correct. Obtaining insurance and periodically control. reviewing its Answer (C) is incorrect. Expensing R&D costs is an accounting adequacy are among management’s responses to the findings of a treatment rather risk assessment. than a control. Insurance coverage should be sufficient to ensure that the relevant Answer (D) is correct. Operating controls are those applicable to assessed risks production and are managed in accordance with the organization’s risk appetite. support activities. Because they may lack established criteria or Answer (B) is incorrect. CEO approval is an operational decision standards, they ordinarily should be based on management principles and methods. The delegated to a lower level manager. appropriate Answer (C) is incorrect. A policy concerning standard journal entries allocation of R&D costs to new products, product maintenance, and is an cost reduction accounting control, not a risk management and insurance control. programs is an example. This is in contrast to the expensing of R&D Answer (D) is incorrect. Cutoff procedures with regard to insurance costs, which expense is required by the rules of external financial reporting. reporting are an accounting control, not a risk management and Gleim CIA Test Prep: Part 1 - Internal Audit Basics insurance control. (720 questions) [302] Gleim #: 3.4.71 Copyright 2013 Gleim Publications Inc. Page 164 Which of the following is an operating control for a research and Printed for Sanja Knezevic development fb.com/ciaaofficial department? [303] Gleim #: 3.4.72 Obsolete or scrap materials are charged to a predefined project Answer (D) is incorrect. Limiting obsolete or scrap materials sales to number. The materials a preapproved are segregated into specified bin locations and eventually buyer does not mitigate the risk of misappropriation before the transported to a public materials auction for sale. To reduce the risks associated with this process, an are sold. It also may be less effective than an auction for obtaining organization the best price. should employ which of the following procedures? Specifying that a commission be paid to the auction firm creates an Require managerial approval for materials to be declared I. scrap or incentive to obsolete. maximize the organization’s return. II. Permit employees to purchase obsolete or scrap materials prior to Gleim CIA Test Prep: Part 1 - Internal Audit Basics auction. (720 questions) III. Limit obsolete or scrap materials sales to a pre-approved buyer. Copyright 2013 Gleim Publications Inc. Page 165 IV. Specify that a fixed fee, rather than a commission, be paid to the Printed for Sanja Knezevic auction firm. [304] Gleim #: 3.4.73 A. II and III. While performing analytical procedures related to an engagement B. I only. involving a social C. II and IV. services agency of a government entity, the internal auditor noted an D. I, III, and IV. unusually large Answer (A) is incorrect. Permitting employees to purchase obsolete increase in payments to individual recipients who are under the or scrap direction of a materials prior to auction provides even more incentive for particular social worker in the agency. The internal auditor is misappropriation. considering making a Limiting obsolete or scrap materials sales to a pre-approved buyer recommendation about appropriate controls to address a potential does not problem of fictitious mitigate the risk of misappropriation before the materials are sold. recipients. The internal auditor has identified the following control Moreover, procedures as these procedures may be less effective than an auction for obtaining potential items to include in the recommendation. the best price. Require that all additions to the recipient file be independently Answer (B) is correct. A preventive control is needed. Management investigated and approval for approved by a supervisor of the social workers. materials to be declared scrap or obsolete reduces the risk of I. misappropriation. Require the use of self-checking digits on the account numbers of all Otherwise, materials may be more easily misclassified. recipients so Answer (C) is incorrect. Permitting employees to purchase obsolete that any duplicates will be immediately noted by the system. or scrap II. materials prior to auction provides even more incentive for Incorporate a code into the computer program to search for duplicate misappropriation. names and Specifying that a commission be paid to the auction firm creates an addresses. Develop an exception report that will go to the section incentive to supervisor maximize the organization’s return. whenever duplicates are noted. III. may prevent or detect fraud. The probability of detection is greater Require that social workers be rotated IV. among recipients. when the Which of the following control combinations would effectively address wrongdoer’s opportunity to conceal fraud is reduced. However, the internal duplicate recipient auditor’s concerns and improve control over valid recipients? account numbers are not the risk in this situation. The appropriate A. I, II, III, and IV. controls prevent B. I, II, and III. or detect payments to nonexistent recipients that are sent to actual C. I and IV. addresses under D. I, III, and IV. the social worker’s control. Answer (A) is incorrect. Duplicate recipient account numbers are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics the risk in (720 questions) this situation. The appropriate controls prevent or detect payments to Copyright 2013 Gleim Publications Inc. Page 166 nonexistent Printed for Sanja Knezevic recipients that are sent to actual addresses under the social worker’s fb.com/ciaaofficial control. [305] Gleim #: 3.4.74 Answer (B) is incorrect. Duplicate recipient account numbers are not The most appropriate method to prevent fraud or theft during the the risk in frequent movement this situation. The appropriate controls prevent or detect payments to of trailers loaded with valuable metal scrap from the manufacturing nonexistent plant to the recipients that are sent to actual addresses under the social worker’s organization’s scrap yard about 10 miles away would be to control. Perform complete physical inventory of the scrap trailers before However, rotating social workers among recipients may prevent or leaving the plant detect fraud. and upon arrival at the scrap yard. Answer (C) is incorrect. A programmed control that searches for A. and reports Require existing security guards to log the time of plant departure exceptions (e.g., duplicate names and addresses) detects payments and scrap yard to multiple arrival. The elapsed time should be reviewed by a supervisor for recipients at a single or a few addresses. fraud. Answer (D) is correct. A supervisory review of all additions to the B. recipient file is Use armed guards to escort the movement of the trailers from the a detective control that alerts management to nonexistent recipients. plant to the Once it scrap yard. becomes widely understood that this review will always be C. performed, it becomes Contract with an independent hauler for the D. removal of scrap. a preventive control. A programmed control that searches for and Answer (A) is incorrect. Performing a complete physical inventory of reports the scrap at exceptions (e.g., duplicate names and addresses) detects payments both locations would not be economically feasible. to multiple Answer (B) is correct. Having the security guards record the times of recipients at a single or a few addresses. Rotating social workers departure among recipients and arrival is a cost-effective detective control because it entails no Answer (D) is correct. Physical safeguarding of assets is enacted additional through the use expenditures. Comparing the time elapsed with the standard time of preventive controls that reduce the likelihood of theft or other loss. allowed and Keeping the investigating material variances may detect a diversion of part of the vehicles at a secure location and restricting access establishes scrap. accountability by Answer (C) is incorrect. Hiring armed guards to escort the scrap the custodian and allows for proper authorization of their use. trailers is Gleim CIA Test Prep: Part 1 - Internal Audit Basics unlikely to be cost-effective unless the scrap is extremely valuable. (720 questions) Logging Copyright 2013 Gleim Publications Inc. Page 167 departures and arrivals will be sufficient in most cases. Printed for Sanja Knezevic Answer (D) is incorrect. Using an independent hauler would provide [307] Gleim #: 3.4.76 no Which of the following controls could be used to detect bank deposits additional assurance of prevention or detection of wrongdoing. that are [306] Gleim #: 3.4.75 recorded but never made? A utility with a large investment in repair vehicles would most likely Establishing accountability for receipts at the earliest A. possible implement which time. internal control to reduce the risk of vehicle theft or loss? Linking receipts to other internal accountabilities, for example, A. Review insurance coverage for adequacy. collections to B. Systematically account for all repair work orders. either accounts receivable or sales. Physically inventory vehicles and reconcile the results with the B. accounting C. Consolidating cash receiving points. records. D. Having bank reconciliations performed by a third party. C. Answer (A) is incorrect. Early establishment of accountability will not Maintain vehicles in a secured location with release and return help subject to approval detect bank deposits recorded on the books but not deposited in the by a custodian. bank. D. Answer (B) is incorrect. The issue is not accountability for receipts Answer (A) is incorrect. Insurance provides for indemnification if but detection loss or theft of failure to make deposits. occurs. It thus reduces financial exposure but does not prevent the Answer (C) is incorrect. The number of receiving points does not actual loss or impact the theft. failure to make recorded deposits. Answer (B) is incorrect. An internal control designed to ensure Answer (D) is correct. Having an independent third party prepare the control over bank repair work performed has no bearing on the risk of loss. reconciliations would reveal any discrepancies between recorded Answer (C) is incorrect. Taking an inventory is a detective, not a deposits and the preventive, bank statements. A bank reconciliation compares the bank statement control. with organization records and resolves differences caused by deposits in Copyright 2013 Gleim Publications Inc. Page 168 transit, Printed for Sanja Knezevic outstanding checks, NSF checks, bank charges, errors, etc. fb.com/ciaaofficial [308] Gleim #: 3.4.77 [309] Gleim #: 3.4.78 To minimize the risk that agents in the purchasing department will Management can best strengthen internal control over the custody of use their positions inventory stored for personal gain, the organization should in an off-site warehouse by implementing A. Rotate purchasing agent assignments periodically. Reconciliations of transfer slips to/from the warehouse with A. B. Request internal auditors to confirm selected purchases and inventory records. accounts payable. B. Increases in insurance coverage. C. Specify that all items purchased must pass value-per-unit-of-cost C. Regular reconciliation of physical inventories to accounting reviews. records. Direct the purchasing department to maintain records on purchase D. Regular confirmation of the amount on hand with the custodian of prices paid, the warehouse. with review of such being required each 6 months. Answer (A) is incorrect. A control over the movement of inventory to D. and from Answer (A) is correct. The risk of favoritism is increased when the warehouse provides no assurance over the custody of the buyers have longterm inventory while in relationships with specific vendors. Periodic rotation of buyer the warehouse. assignments Answer (B) is incorrect. Increasing insurance coverage helps will limit the opportunity to show favoritism. This risk is also reduced protect the if buyers organization against losses but does not strengthen internal control are required to take vacations. over the Answer (B) is incorrect. Confirmation does not enable internal custody of inventory. auditors to detect Answer (C) is correct. A detective control that will reveal, on a inappropriate benefits received by purchasing agents or deter long- regular basis, any term discrepancies between the inventory records and the actual relationships. inventory on hand is Answer (C) is incorrect. Value-per-unit-of-cost reviews could be needed. Periodic comparison of the recorded accountability for helpful in inventory with the ensuring a certain level of value received for price paid but do not actual physical inventory will accomplish this. directly focus Answer (D) is incorrect. Confirming with the custodian the amount of on receipt of inappropriate benefits by purchasing agents. inventory Answer (D) is incorrect. Review of records every 6 months does not on hand does not verify that the inventory is actually at the enable the warehouse. organization to detect receipt of inappropriate benefits by an agent or [310] Gleim #: 3.4.79 deter When a supplier of office products is unable to fill an order relationships that could lead to such activity. completely, it marks the Gleim CIA Test Prep: Part 1 - Internal Audit Basics out-of-stock items as back ordered on the customer’s order and (720 questions) enters these items in a back order file that management can view or print. Customers are Gleim CIA Test Prep: Part 1 - Internal Audit Basics becoming (720 questions) disgruntled with the supplier because it seems unable to keep track Copyright 2013 Gleim Publications Inc. Page 169 of and ship out-ofstock Printed for Sanja Knezevic items as soon as they are available. The best approach for ensuring [311] Gleim #: 3.4.80 prompt Which of the following observations by an auditor is most likely to delivery of out-of-stock items is to indicate the A. Match the back order file to goods received daily. existence of control weaknesses over safeguarding of assets? Increase inventory levels to minimize the number of times that out-of- A service department’s location is not well suited to allow adequate stock service to conditions occur. other units. B. I. Implement electronic data interchange with supply vendors to Employees hired for sensitive positions are not subjected to II. decrease the time to background checks. replenish inventory. Managers do not have access to reports that profile overall C. performance in relation Reconcile the sum of filled and back orders with the total of all orders to other benchmarked organizations. placed III. daily. Management has not taken corrective action to resolve past D. engagement Answer (A) is correct. A directive control is appropriate, i.e., one observations related to inventory controls. designed to IV. cause or encourage the occurrence of a desirable event. Matching A. I and II only. the back order B. I and IV only. file with goods received daily is the surest way of facilitating prompt C. II and III only. delivery of D. II and IV only. out-of-stock items. Answer (A) is incorrect. A service department’s location concerns Answer (B) is incorrect. An increase in inventory minimizes out-of- achieving stock organizational objectives, not safeguarding of assets. conditions but has no effect on tracking and shipping goods as soon Answer (B) is incorrect. A service department’s location concerns as they are achieving available. organizational objectives, not safeguarding of assets. But failure to Answer (C) is incorrect. More efficient replenishment of its own do background inventory has no checks is a control weakness related to asset security. effect on tracking and shipping goods as soon as they are available. Answer (C) is incorrect. Managers not having access to reports Answer (D) is incorrect. Reconciling the sum of filled and back profiling overall orders with the performance concerns achieving organizational objectives. total of all orders placed daily ensures that orders were either filled or Answer (D) is correct. Internal auditors evaluate risk exposures and back the adequacy ordered but will not affect delivery of the items that are out of stock. and effectiveness of controls relating to, among other things, by an agent or deter relationships that could lead to such activity. safeguarding of Answer (B) is incorrect. Detailed material specifications will not assets (Perf. Std. 2130.A1). Lack of background checks for prevent buyer employees hired for favoritism in placing orders. sensitive positions and failure to take corrective action on past Answer (C) is correct. The risk of favoritism is increased when engagement buyers have long-term observations relating to safeguarding of assets are red flags relationships with specific vendors. Periodic rotation of buyer signifying control assignments will limit weaknesses. Regular reference and background checks, integrity the opportunity for any buyer to show favoritism to a particular tests, and drug supplier. screening are hiring procedures that may be part of an effective Answer (D) is incorrect. The number of orders placed is not relevant ethical culture. to preventing Furthermore, internal auditors follow up on engagement results to favoritism. determine what [313] Gleim #: 3.4.82 corrective actions have been taken or whether management or the Appropriate internal control for a multinational corporation’s branch board has office that has a assumed the risk of not taking action. If the CAE believes the risk monetary transfer unit requires that assumed may The individual who initiates wire transfers not reconcile A. the bank be unacceptable to the organization, (s)he must discuss the matter statement. with senior B. The branch manager receive all wire transfers. management and the board (Perf. Stds. 2500.A1 and 2600). C. Foreign currency rates be computed separately by two different [312] Gleim #: 3.4.81 employees. A control likely to prevent purchasing agents from favoring specific D. Corporate management approve the hiring of monetary transfer suppliers is unit employees. Requiring management’s review of a monthly report of the totals Answer (A) is correct. A control is any action taken by management spent by each to enhance buyer. the likelihood that established goals and objectives will be achieved. A. Controls B. Requiring buyers to adhere to detailed material specifications. include segregation of duties to reduce the risk that any person may C. Rotating buyer assignments periodically. be able to D. Monitoring the number of orders placed by each buyer. perpetrate and conceal errors or fraud in the normal course of his/her Gleim CIA Test Prep: Part 1 - Internal Audit Basics duties. (720 questions) Different persons should authorize transactions, record transactions, Copyright 2013 Gleim Publications Inc. Page 170 and maintain Printed for Sanja Knezevic custody of the assets associated with the transaction. Independent fb.com/ciaaofficial reconciliation of Answer (A) is incorrect. Requiring review of a monthly report of the bank accounts is necessary for good internal control. totals spent by Answer (B) is incorrect. Having the branch manager receive all wire each buyer does not enable the organization to detect receipt of transfers is inappropriate benefits not an important internal control consideration. Answer (C) is incorrect. Foreign currency translation rates are excess of expectations based on the age of the employee, whether a verified, not similar computed. Having two employees in the same department perform procedure was performed recently, or the average cost per claim. the same task A. will not significantly enhance internal control. Require all submitted claims to be accompanied by a signed Answer (D) is incorrect. Corporate management approval of hiring statement by the monetary dentist testifying that the claimed procedures were performed. transfer unit employees is not an important internal control B. consideration. Send confirmations to the dentists requesting them to confirm the Gleim CIA Test Prep: Part 1 - Internal Audit Basics exact nature of (720 questions) the claims submitted to the healthcare processor. Copyright 2013 Gleim Publications Inc. Page 171 C. Printed for Sanja Knezevic Develop an integrated test facility and submit false claims to verify [314] Gleim #: 3.4.83 that the system An internal auditor is assigned to perform an engagement to is detecting such claims on a consistent basis. evaluate the D. organization’s insurance program, including the appropriateness of Answer (A) is correct. Under this detective control, unusual claims the approach to could be minimizing risks. The organization self-insures against large casualty identified and followed up to determine if they are legitimate. This losses and health control is a benefits provided for all its employees. The organization is a large type of IT input control known as a reasonableness test. national firm with Answer (B) is incorrect. Requiring a signed statement does not over 15,000 employees located in various parts of the country. It prevent the uses an outside dentist from filing a false claim. claims processor to administer its healthcare program. The Answer (C) is incorrect. Sending confirmations to the dentists does organization’s medical not prevent costs have been rising by approximately 8% per year for the past 5 the filing of false claims or a false response to the confirmation. years, and Answer (D) is incorrect. An integrated test facility would only provide management is concerned with controlling these costs. The information about the correctness of the processing of the claim or a healthcare processor false wishes to implement controls that would help prevent fraud by response to the confirmation, not on the propriety of the claim. dentists who are [315] Gleim #: 3.4.84 submitting billings for services not provided. Assume further that all An internal auditor is reviewing the organization’s policy regarding the claims are investing in submitted electronically to the healthcare processor. Which of the financial derivatives. The internal auditor normally expects to find all following control of the following procedures would be the most effective? in the policy except Develop a program that identifies procedures performed on an A statement indicating whether derivatives are to be used for individual in hedging or speculative purposes. A. C. Require that all donations be made by check. A specific authorization limit for the amount and types of derivatives Require issuance of a confirmation receipt to all donors, with the that can be receipt issued by used by the organization. the person who opens and deposits the cash receipts. B. D. A specific limit on the amount authorized for C. any single trader. Answer (A) is correct. A lockbox system expedites receipt of funds A statement requiring board review of each transaction because of and provides the risk effective control over cash receipts. Donors send their payments to involved in such transactions. mailboxes, D. often in numerous locations, that are checked by a bank several Gleim CIA Test Prep: Part 1 - Internal Audit Basics times a day. (720 questions) Hence, payments are deposited before being processed by the Copyright 2013 Gleim Publications Inc. Page 172 organization’s Printed for Sanja Knezevic accounting system. fb.com/ciaaofficial Answer (B) is incorrect. The flaw in this procedure is that it focuses Answer (A) is incorrect. A policy specifying whether derivatives are only on to be used for deposits that were made. The concern is with cash receipts that were hedging or speculating is a crucial directive control. not Answer (B) is incorrect. A policy specifying the authorization limits deposited. for derivatives is Answer (C) is incorrect. An individual may deposit a check to a an appropriate directive control. similarly named Answer (C) is incorrect. A policy specifying the authorization limits organization. for derivatives is Answer (D) is incorrect. The same person should not be responsible an appropriate directive control. for the cash Answer (D) is correct. A policy requiring board review of every receipts and the confirmations. The person could confirm receipts derivatives even if they transaction is cost ineffective. Management is responsible for daily were diverted. operations and is [317] Gleim #: 3.4.86 expected to conform to the policies of the board. A rental car agency’s fleet maintenance division uses a different [316] Gleim #: 3.4.85 code for each type of Which of the following control procedures provides the greatest inventory transaction. A daily summary report lists activity by part assurance that all number and donations to a not-for-profit organization are immediately deposited transaction code. The report is reconciled by the parts room to the supervisor to the day’s organization’s account? material request forms and is then forwarded to the fleet manager for Use a lockbox to receive A. all donations. approval. The Perform periodic reviews of the organization’s cash receipts by reconciliation of the summary report to the day’s material request tracing deposits to forms by the parts the original posting in the cash receipts records. room supervisor B. A. Verifies that all material request forms were approved. Provides documentation as to what material was available for a contractor’s invoice used a unit of measure different from that in the specific contract. transaction. Thus, the basis of payment was not what was called for in this unit- B. price contract. C. Confirms that all material request forms are entered for all parts Answer (B) is incorrect. The dirt removed would not have been issued. received by the D. Ensures the accuracy and completeness of data input. organization. Hence, no receiving reports would have existed. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. This comparison would not have detected (720 questions) the specific Copyright 2013 Gleim Publications Inc. Page 173 reason for a variance. Printed for Sanja Knezevic Answer (D) is incorrect. The problem was not a mathematical error Answer (A) is incorrect. This reconciliation would not necessarily but an include a review of erroneous basis for payment. authorizations. [319] Gleim #: 3.4.88 Answer (B) is incorrect. The material available for a specific During an engagement involving a purchasing department, an transaction is not part of internal auditor the reconciliation. discovered that many purchases were made (at normal prices) from Answer (C) is incorrect. Not all request forms may have been an office supplier submitted. whose owner was the brother of the director of purchasing. Controls Answer (D) is correct. This reconciliation is an input control to verify were in place to that data entry restrict such purchases and no fraud appears to have been is accurate and complete. The parts requested should be consistent committed. In this case, the with the parts used internal auditor should recommend in the maintenance activities. Unexplained variances should be The development of an approved-vendor file initiated by the buyer investigated. and approved [318] Gleim #: 3.4.87 by the director of purchasing. During an engagement involving a construction contract, the internal A. auditor B. Establishment of a price policy (range) for all goods. discovered that the contractor was being paid for each ton of dirt C. The initiation of a conflict-of-interest policy. removed. The D. The inspection of all receipts by receiving inspectors. contract called for payment based on cubic yards removed. Which Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal control (720 questions) might have prevented this error? Copyright 2013 Gleim Publications Inc. Page 174 Comparison of invoices with purchase orders A. or contracts. Printed for Sanja Knezevic B. Comparison of invoices with receiving reports. fb.com/ciaaofficial C. Comparison of actual costs with budgeted costs. Answer (A) is incorrect. An approved-vendor file approved by the D. Extension checks of invoice amounts. director would not Answer (A) is correct. This detective control would have revealed prevent a conflict of interest. that the Answer (B) is incorrect. Price is not a factor when dealing with conflicts of interest. Answer (C) is correct. A policy is one means of achieving control. It is not adequate to determine the degree of risk that should be is a general guide insured. to and limit on action that should be clearly stated in writing and Answer (C) is correct. The claims handling process begins with systematically prompt reporting communicated to appropriate parties. A conflict-of-interest policy by the affected operational unit of the organization of any basis for a should contain claim. directives that restrict business dealings with relatives unless Prompt reporting is required to permit the insurer to take whatever otherwise disclosed to steps it may and approved by senior management. deem necessary to reduce the ultimate compensable loss. The Answer (D) is incorrect. The inspection of all receipts by receiving insurance function inspectors is an then cooperates with the operational unit to document and formally appropriate receiving control that does not pertain to this situation. submit the [320] Gleim #: 3.4.89 claim to the carrier. Subsequently, the insurance function will be Which of the following policies and procedures is consistent with involved in any effective required review of the claim and negotiation of a settlement. administration of the insurance function? Answer (D) is incorrect. Prudence dictates that other factors, e.g., Billings for insurance coverage are received and payments disbursed the financial by the resources of the carrier and the fairness and efficiency of claims insurance manager. handling, be A. considered in addition to rates. Policy coverages are adjusted each year by applying a price index to Gleim CIA Test Prep: Part 1 - Internal Audit Basics previous year (720 questions) coverages. Copyright 2013 Gleim Publications Inc. Page 175 B. Printed for Sanja Knezevic Final settlements are negotiated after claims are developed C. and [321] Gleim #: 3.4.90 submitted. A recent inventory shortage at XYZ Corp., an unaffiliated supplier, Policies are always placed with the carrier that offers the lowest rate contributed to for a production failures at OPS Corp. in the current period. To avoid specified level of coverage. future production D. failures because of supplier inventory shortages, the most Answer (A) is incorrect. The manager has too many responsibilities; appropriate method is for there is no OPS to separation of duties. The receipt of billings and the disbursement of Establish an inventory control A. framework at XYZ. payments B. Increase the size of orders. should be done by different people. C. Produce the inventory items instead of purchasing from suppliers. Answer (B) is incorrect. While policy coverages should be D. Inform XYZ about its risk appetite regarding supply failures. systematically Answer (A) is incorrect. OPS has no authority to establish an evaluated each year to assure appropriate coverage, mere inventory control adjustment for inflation framework at XYZ. Answer (B) is incorrect. Increasing order size does not address the Answer (C) is incorrect. The mailroom typically compiles a prelisting cause of of cash. supplier failures. The list is sent to the accountant as a control for actual cash sent to Answer (C) is incorrect. Although in-house production will eliminate the cashier. the external Answer (D) is incorrect. Use of sales department vehicles by only parties, it may not be the most cost-effective method. The external sales personnel party may have is appropriate. cost advantages the organization does not. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is correct. The risk appetite is the level of risk that an (720 questions) organization is Copyright 2013 Gleim Publications Inc. Page 176 willing to accept (The IIA Glossary). Thus, communicating about the Printed for Sanja Knezevic risk appetite fb.com/ciaaofficial with external parties is an important aspect of risk management. It [323] Gleim #: 3.4.92 allows the An employee should not be able to visit the organization’s safe organization to develop strategies to work with suppliers who may deposit box containing have different investment securities without being accompanied by another objectives. employee. What would [322] Gleim #: 3.4.91 be a possible consequence of an employee’s being able to visit the A system of internal control includes physical controls over access to safe deposit box and use of assets unaccompanied? and records. A departure from the purpose of such procedures is that The employee could pledge organizational investments as security A. Access to the safe-deposit box requires two officers. for a short-term Only storeroom personnel and line supervisors have access to the personal bank loan. raw materials A. storeroom. The employee could steal securities and the theft would never B. be B. discovered. C. The mailroom compiles a list of the checks received in the C. It would be impossible to obtain a fidelity bond on the employee. incoming mail. There would be no record of when organizational personnel visited D. Only salespersons and sales supervisors use sales department the safe vehicles. deposit box. Answer (A) is incorrect. It is appropriate for two officers to be D. required to open Answer (A) is correct. The bank should maintain a record, which can the safe-deposit box. One supervises the other. be Answer (B) is correct. Storeroom personnel have custody of assets, inspected by organizational personnel, of all safe deposit box visits. and Access should supervisors are in charge of execution functions. To give supervisors be limited to authorized officers. Organizations typically require the access to the presence of raw materials storeroom is a violation of the essential internal control two authorized persons for access to the box. This precaution principle of provides segregation of functions. supervisory control over, for example, the temporary removal of the Answer (B) is incorrect. These controls will not detect an initial securities to misposting. The serve as a pledge for a loan (hypothecation of securities). statements and the reconciliation are based on the misposted Answer (B) is incorrect. An engagement involving investment records. securities would Answer (C) is correct. A control total should be generated for the eventually uncover an outright theft assuming no alteration of the transactions to asset records. be posted. It should then be compared with the total of items posted Answer (C) is incorrect. Obtaining a fidelity bond is contingent upon to the the individual accounts. character of the employee, not the presence of a specific control. Answer (D) is incorrect. These controls will not detect an initial Answer (D) is incorrect. The bank maintains a record of visits. misposting. The [324] Gleim #: 3.4.93 statements and the reconciliation are based on the misposted One of two office clerks in a small organization prepares a sales records. invoice; however, the Gleim CIA Test Prep: Part 1 - Internal Audit Basics invoice is incorrectly entered by the bookkeeper in the general ledger (720 questions) and the accounts Copyright 2013 Gleim Publications Inc. Page 177 receivable subsidiary ledger for a smaller amount resulting from a Printed for Sanja Knezevic transposition of [325] Gleim #: 3.4.94 digits. The customer subsequently remits the amount on the monthly Which of the following aspects of the administration of a statement. compensation program is the Assuming only three employees are in the department, the most most important control in the long run? effective control to An informal wage and salary policy to be competitive with the A. prevent this type of error is industry average. Assigning the second office clerk to make an independent check of B. A plan of job classifications based on predefined evaluation prices, criteria. discounts, extensions, footings, and invoice serial numbers. C. A wage and salary review plan for individual employee A. compensation. Requiring that monthly statements be prepared by the bookkeeper D. A level of general compensation that is reasonably competitive. and verified by Answer (A) is incorrect. A vague policy would contribute little if one of the other office clerks prior to mailing. anything to the B. fair administration of compensation programs. C. Using predetermined totals to control posting routines. Answer (B) is correct. Job classifications and grades are established Requiring the bookkeeper to perform periodic reconciliations of the during the accounts job analysis phase and the general level of compensation in the receivable subsidiary ledger and the general ledger. community and in D. the industry must be determined. Compensation is then fixed based Answer (A) is incorrect. The misposting was an error that occurred on the plan of subsequent to job classifications, usually within a range for each grade. A range is this step. necessary to allow for flexibility. Compensation should be low enough to avoid value of an asset. excess cost Gleim CIA Test Prep: Part 1 - Internal Audit Basics and to permit competitive pricing but high enough to attract needed (720 questions) personnel. Copyright 2013 Gleim Publications Inc. Page 178 Answer (C) is incorrect. A plan for reviewing individual Printed for Sanja Knezevic compensation fb.com/ciaaofficial presupposes a classification plan. [327] Gleim #: 3.4.96 Answer (D) is incorrect. Reasonably competitive compensation is One control objective of the financing/treasury cycle is the proper predicated on a authorization of classification plan. transactions involving debt and equity instruments. Which of the [326] Gleim #: 3.4.95 following controls To minimize potential financial losses associated with physical would best meet this objective? assets, the assets Segregation of responsibility for custody of funds from recording of should be insured in an amount that is the A. Supported by periodic appraisals. transaction. B. Determined by the board of directors. A. Automatically adjusted by an economic indicator such as the Written policies requiring review of major funding/repayment consumer price proposals by the index. board. C. B. D. Equal to the book value of the individual assets. Use of an underwriter in all cases of new issue of debt or C. equity Answer (A) is correct. Based on the results of the risk assessment, instruments. the internal D. Requiring two signatures on all checks of a material amount. audit activity should evaluate the adequacy and effectiveness of Answer (A) is incorrect. Segregation of responsibility for custody of controls funds from encompassing the organization’s governance, operations, and recording of the transaction concerns the objective of safeguarding of information assets, not systems. This should include, among other things, safeguarding of authorization. assets (Impl. Answer (B) is correct. The control objective of authorization Std. 2120.A1). Safeguarding assets includes insuring them. The concerns the proper types and execution of transactions in accordance with management’s wishes. amounts of insurance should be supported by periodic appraisals. One means of Answer (B) is incorrect. The determination of insurance coverage is achieving this control objective is the establishment of policies as not a guides to function of the board of directors. action. When a decision affects the capitalization of the entity, a Answer (C) is incorrect. The consumer price index generally does policy should be not provide an in force requiring review at the highest level. appropriate adjustment factor for fixed assets. Answer (C) is incorrect. Use of an underwriter in all cases of new Answer (D) is incorrect. Book values may not reflect the issue of debt or replacement or real equity instruments does not state a control but rather a specific not be a conflict of interest. The relationship between the return on means of issuing the investment securities. and any possible action by the agent to favor the supplier is very Answer (D) is incorrect. Requiring two signatures on all checks of a weak. material Gleim CIA Test Prep: Part 1 - Internal Audit Basics amount concerns the objective of safeguarding of assets, not (720 questions) authorization. Copyright 2013 Gleim Publications Inc. Page 179 [328] Gleim #: 3.4.97 Printed for Sanja Knezevic Which of the following describes a control weakness? [329] Gleim #: 3.4.98 Purchasing procedures are well designed and are followed unless A manufacturer uses large quantities of small, inexpensive items, otherwise such as nuts, bolts, directed by the purchasing supervisor. washers, and gloves, in the production process. As these goods are A. purchased, they are B. Prenumbered blank purchase orders are secured within the recorded in inventory in bulk amounts. Bins are located on the shop purchasing department. floor to provide Normal operational purchases fall in the range from US $500 to US timely access to these items. When necessary, the bins are refilled $1,000 with from inventory, and two signatures required for purchases over US $1,000. the cost of the items is charged to a consumable supplies account, C. which is part of The purchasing agent invests in a publicly traded mutual fund that shop overhead. Which of the following would be an appropriate lists the stock improvement of of one of the organization’s suppliers in its portfolio. controls in this environment? D. Relocate bins to the inventory A. warehouse. Answer (A) is correct. Well-designed procedures that are set aside Require management review of reports on the cost of consumable at items used in management’s discretion are not adequate controls. Control relation to budget. procedures must be B. followed consistently to be effective. However, the possibility of C. Lock the bins during normal working hours. management D. None of these controls are needed for items of minor cost and override is an inherent limitation of internal control. size. Answer (B) is incorrect. Use of prenumbered blank purchase orders Answer (A) is incorrect. The bins should be on the shop floor where secured the nuts, within the purchasing department is a common control. bolts, etc., are needed. Answer (C) is incorrect. Requiring a more stringent authorization Answer (B) is correct. In accordance with the cost-benefit criterion, procedure for control larger purchases is an appropriate control as long as documentation expenditures for manufacturing supplies (nuts, bolts, etc.) should be supports the minimal. purchases. Nevertheless, some controls should be implemented. For example, Answer (D) is incorrect. The purchasing agent’s mutual fund usage should investment should be estimated and compared with stock balances and also with the fb.com/ciaaofficial number of using [331] Gleim #: 4.1.2 personnel. Moreover, variances should be calculated for the Which of the following are elements of the control environment? difference between Integrity A. and ethical values. costs incurred and budgeted amounts. B. Organizational structure. Answer (C) is incorrect. Locking the bins would limit the efficiency C. Assignment of authority and responsibility. and D. All of the answers are correct. effectiveness of shop personnel. Answer (A) is incorrect. Organizational structure and assignment of Answer (D) is incorrect. Controls are needed even for items of minor authority and cost and responsibility are also part of the control environment. size. Answer (B) is incorrect. Integrity and ethical values and assignment [330] Gleim #: 4.1.1 of authority The COSO framework treats internal control as a process designed and responsibility are also part of the control environment. to provide Answer (C) is incorrect. Integrity and ethical values and reasonable assurance regarding the achievement of objectives organizational structure related to are also part of the control environment. A. Reliability of financial reporting. Answer (D) is correct. The COSO internal control framework lists the B. Effectiveness and efficiency of operations. following C. Compliance with applicable laws and regulations. seven elements of the control environment: D. All of the answers are correct. Integrity and ethical values Answer (A) is incorrect. The effectiveness and efficiency of Commitment to competence operations and Board of directors or audit committee compliance with applicable laws and regulations are also correct. Management’s philosophy and operating style Answer (B) is incorrect. The reliability of financial reporting and Organizational structure compliance Assignment of authority and responsibility with applicable laws and regulations are also correct. Human resource policies and practices Answer (C) is incorrect. Reliability of financial reporting and [332] Gleim #: 4.1.3 effectiveness and Which of the following is not a component of the CoCo model? efficiency of operations are also correct. A. Commitment. Answer (D) is correct. The COSO framework treats internal control B. Capability. as a process C. Control environment. designed to provide reasonable assurance regarding the D. Monitoring and learning. achievement of objectives Answer (A) is incorrect. Commitment is a component of the CoCo related to reliability of financial reporting, effectiveness and efficiency model. of Answer (B) is incorrect. Capability is a component of the CoCo operations, and compliance with applicable laws and regulations. model. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is correct. The control environment is not one of the four (720 questions) components Copyright 2013 Gleim Publications Inc. Page 180 of the CoCo model. The four components are commitment, Printed for Sanja Knezevic capability, monitoring and learning, and purpose. independently of an audit of the control system over other functions Answer (D) is incorrect. Monitoring and learning is a component of that impact the CoCo corporate bonuses. model. III. [333] Gleim #: 4.1.4 A. I only. In regard to The IIA’s Electronic Systems Assurance and Control B. II only. study, which of the C. III only. following is not a business assurance objective? D. II and III only. A. Recordability. Answer (A) is correct. The control environment includes, among B. Capability. other things, the C. Protectability. element of human resource policies and practices. Thus, hiring, D. Functionality. orientation, Gleim CIA Test Prep: Part 1 - Internal Audit Basics training, evaluation, counseling, promotion, compensation, and (720 questions) remedial actions Copyright 2013 Gleim Publications Inc. Page 181 must be considered by management. Printed for Sanja Knezevic Answer (B) is incorrect. Compensation systems are part of the Answer (A) is correct. Recordability is not a business assurance organization’s objective. control systems. Answer (B) is incorrect. Capability is one of the five business Answer (C) is incorrect. Audits of the compensation systems can be assurance objectives. combined Answer (C) is incorrect. Protectability is one of the five business with an audit of other functions that affect corporate bonuses. assurance objectives. Answer (D) is incorrect. Compensation systems are part of the Answer (D) is incorrect. Functionality is one of the five business organization’s assurance objectives. control systems, and they may be audited in combination with other [334] Gleim #: 4.1.5 functions that Which of the following statements is correct regarding corporate affect corporate bonuses. compensation [335] Gleim #: 4.1.6 systems and related bonuses? The policies and procedures helping to ensure that management A bonus system should be considered part of the control directives are environment of an executed and actions are taken to address risks to achievement of organization and should be considered in formulating a report on objectives describes internal control. A. Risk assessments. I. B. Control environments. Compensation systems are not part of an organization’s control C. Control activities. system and should D. Monitoring. not be reported as such. Gleim CIA Test Prep: Part 1 - Internal Audit Basics II. (720 questions) An audit of an organization’s compensation system should be Copyright 2013 Gleim Publications Inc. Page 182 performed Printed for Sanja Knezevic fb.com/ciaaofficial Answer (A) is incorrect. Risk assessment identifies and analyzes control. external or internal Answer (B) is incorrect. Senior management is not likely to be risks to achievement of the objectives at the activity level as well as involved in the the entity level. detailed design and day-to-day operation of a control system. Answer (B) is incorrect. Control environments reflect the attitude Answer (C) is incorrect. Management administers risk and control and actions of the processes. It board and management regarding the significance of control within cannot delegate this responsibility to the external auditors or to the the organization. internal audit Answer (C) is correct. Control activities are the policies and activity. procedures helping to Answer (D) is incorrect. The board has oversight governance ensure that management directives are executed and actions are responsibilities but taken to address risks ordinarily does not become involved in the details of operations. to achievement of objectives. [337] Gleim #: 4.1.8 Answer (D) is incorrect. Monitoring is a process that assesses the Which term best reflects the attitude and actions of the board and quality of the management system’s performance over time. regarding the significance of control within the organization? [336] Gleim #: 4.1.7 A. Risk assessment. An organization’s directors, management, external auditors, and B. Control activities. internal auditors all C. Control environment. play important roles in creating a proper control environment. Senior D. Monitoring. management is Gleim CIA Test Prep: Part 1 - Internal Audit Basics primarily responsible for (720 questions) Establishing a proper organizational culture and specifying a system Copyright 2013 Gleim Publications Inc. Page 183 of internal Printed for Sanja Knezevic control. Answer (A) is incorrect. Risk assessment identifies and analyzes A. external or internal Designing and operating a control system that provides reasonable risks to achievement of the objectives at the activity level as well as assurance that the entity level. established objectives and goals will be achieved. Answer (B) is incorrect. Control activities are the policies and B. procedures helping to Ensuring that external and internal auditors adequately monitor the ensure that management directives are executed and actions are control taken to address risks environment. to achievement of objectives. C. Answer (C) is correct. A control environment reflects the attitude and Implementing and monitoring controls designed by the D. board of actions of the directors. board and management regarding the significance of control within Answer (A) is correct. Senior management is primarily responsible the organization. for Answer (D) is incorrect. Monitoring is a process that assesses the establishing a proper organizational culture and specifying a system quality of the of internal system’s performance over time. [338] Gleim #: 4.1.9 controls in the CoCo model. Internal control can provide only reasonable assurance that the B. organization’s Soft controls have become more necessary as technology advances objectives will be met efficiently and effectively. One factor limiting have the likelihood of empowered employees. achieving those objectives is that C. The internal auditor’s primary responsibility is the A. detection of D. Control self-assessment is not an approach to audit soft controls. fraud. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. The board is active and independent. (720 questions) C. The cost of internal control should not exceed its benefits. Copyright 2013 Gleim Publications Inc. Page 184 D. Management monitors performance. Printed for Sanja Knezevic Answer (A) is incorrect. The internal audit activity’s responsibility fb.com/ciaaofficial regarding Answer (A) is incorrect. The COSO and CoCo models emphasize controls is to evaluate effectiveness and efficiency and to promote soft controls. continuous Answer (B) is incorrect. The communication of ethical values and improvement. the fostering of Answer (B) is incorrect. An effective governance function mutual trust are soft controls in the CoCo model. strengthens the control Answer (C) is incorrect. Soft controls have become more necessary environment. as technology Answer (C) is correct. A limiting factor is that the cost of internal advances have empowered employees. control should Answer (D) is correct. One approach to auditing soft controls is not exceed its expected benefits. Thus, the potential loss associated control selfassessment, with any which is the involvement of management and staff in the assessment exposure or risk is weighed against the cost to control it. Although of the cost-benefit internal controls within their work group. relationship is a primary criterion that should be considered in [340] Gleim #: 4.1.11 designing and Which of the following broad control objectives listed in The IIA’s implementing internal control, the precise measurement of costs and Electronic Systems benefits Assurance and Control differs from the objectives found in the COSO usually is not possible. internal control Answer (D) is incorrect. Senior management’s role is to oversee the framework? establishment, administration, and assessment of the system of risk Effectiveness A. and efficiency. management B. Financial reporting. and control processes. C. Compliance. [339] Gleim #: 4.1.10 D. Safeguarding of assets. Which of the following statements is not accurate with regard to soft Answer (A) is incorrect. Effectiveness and efficiency of operations is controls? addressed A. The COSO and CoCo models emphasize soft controls. in both models. The communication of ethical values and the fostering of mutual trust Answer (B) is incorrect. Financial reporting is addressed in both are soft models. Answer (C) is incorrect. Compliance with laws and regulations is required to be entered into an electronic device that records all food addressed in orders by food both models. servers and transmits the order to the kitchen for preparation. All Answer (D) is correct. Safeguarding of assets is not among the food servers are objectives of responsible for collecting cash for all their orders and must turn in control found in the COSO internal control framework. cash at the end of [341] Gleim #: 4.1.12 their shift equal to the sales value of food ordered for their I.D. Which of the following is the common name for Internal Control: number. The manager Guidance for then reconciles the cash received for the day with the computerized Directors on the Combined Code? record of food A. COSO. orders generated. All differences are investigated immediately by the B. COBIT. restaurant. C. The Turnbull Report. Organizational headquarters has established monitoring controls to D. CoCo. determine when an Answer (A) is incorrect. The COSO (Committee of Sponsoring individual restaurant might not be recording all its revenue and Organizations of transmitting the the Treadway Commission) issued Internal Control – Integrated applicable cash to the corporate headquarters. Which one of the Framework. following is the best Answer (B) is incorrect. COBIT is the integrated framework for example of a monitoring control? information The restaurant manager reconciles the cash received with the food technology controls issued by the IT Governance Institute. orders recorded Answer (C) is correct. One of the three most recognized internal on the computer. control A. frameworks is Internal Control: Guidance for Directors on the All food orders must be entered on the computer, and segregation of Combined Code. duties is It is commonly known as the Turnbull Report and was issued by the maintained between the food servers and the cooks. Institute of B. Chartered Accountants in England and Wales. Management prepares a detailed analysis of gross margin per store Answer (D) is incorrect. CoCo refers to Guidance on Control and (original title: investigates any store that shows a significantly lower gross margin. Criteria of Control) issued by the Canadian Institute of Chartered C. Accountants. Cash is transmitted to corporate headquarters D. on a daily basis. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. The manager’s activity is an example of a (720 questions) reconciliation Copyright 2013 Gleim Publications Inc. Page 185 control applied at the store level. Monitoring is an overall control that Printed for Sanja Knezevic determines [342] Gleim #: 4.1.13 whether other controls are operating effectively. A restaurant chain has over 680 restaurants. All food orders for each Answer (B) is incorrect. The division of duties is an operational restaurant are control. Answer (C) is correct. Monitoring is a process that assesses the consideration of communications with external parties, and the quality of internal actions of internal and control over time. It involves assessment by appropriate personnel of external auditors are examples. the design Answer (B) is incorrect. The board is the entity’s governing body, and operation of controls and the taking of corrective action. not its Monitoring can be management. done through ongoing activities or separate evaluations. Ongoing Answer (C) is incorrect. A quality assurance program is a form of monitoring internal assessment. procedures are built into the normal recurring activities of an entity The manager of the program should be independent of the and include operations assessed. regular management and supervisory activities. Thus, analysis of Answer (D) is incorrect. An internal audit activity should be gross margin independent of the data and investigation of significant deviations is a monitoring operations reviewed and is not a managerial function. process. [344] Gleim #: 4.1.15 Answer (D) is incorrect. Daily transmission of cash is an operational Which of the following are elements included in the control control. environment described in [343] Gleim #: 4.1.14 the COSO internal control framework? Management has a role in the maintenance of control. In fact, Organizational structure, management philosophy, A. and planning. management sometimes B. Integrity and ethical values, assignment of authority, and human is a control. Which of the following most likely involves managerial resource policies. functions as a C. Competence of personnel, backup facilities, laws, and regulations. control? D. Risk assessment, assignment of responsibility, and human A. Monitoring performance. resource practices. B. Board approval of the charter of the internal audit activity. Answer (A) is incorrect. Planning is not an element of the control C. Maintenance of a quality assurance program. environment. D. Establishment of an internal audit activity. Answer (B) is correct. The COSO internal control framework lists the Gleim CIA Test Prep: Part 1 - Internal Audit Basics following (720 questions) seven elements of the control environment: Copyright 2013 Gleim Publications Inc. Page 186 Integrity and ethical values Printed for Sanja Knezevic Commitment to competence fb.com/ciaaofficial Board of directors or audit committee Answer (A) is correct. Monitoring is a component of the control Management’s philosophy and operating style environment. It is a Organizational structure process that assesses the quality of the system’s performance over Assignment of authority and responsibility time. It consists of Human resource policies and practices ongoing activities built into normal operations to ensure that they Answer (C) is incorrect. Backup facilities, laws, and regulations are continue to be not elements performed effectively. Supervision and other ordinary management of the control environment. functions, Answer (D) is incorrect. Risk assessment is part of planning the internal audit activity and specific engagements. achievement of objectives. [345] Gleim #: 4.2.16 Answer (B) is incorrect. Involvement of internal auditors in The function of the chief risk officer (CRO) is most effective when the establishing control CRO activities impairs their independence and objectivity. A. Manages risk as a member of senior management. Answer (C) is correct. The COSO document, Enterprise Risk B. Shares the management of risk with line management. Management – C. Shares the management of risk with the chief audit executive. Integrated Framework, defines enterprise risk management (ERM) D. Monitors risk as part of the enterprise risk management team. as “a process, Gleim CIA Test Prep: Part 1 - Internal Audit Basics effected by an entity’s board of directors, management, and other (720 questions) personnel, Copyright 2013 Gleim Publications Inc. Page 187 applied in strategy setting and across the enterprise, designed to Printed for Sanja Knezevic identify potential Answer (A) is incorrect. Senior management has an oversight role events that may affect the entity and manage risk to be within its risk in risk appetite, to management. provide reasonable assurance regarding the achievement of entity Answer (B) is incorrect. The risk knowledge at the line level is objectives.” specific only to that The emphasis is on (1) the objectives of a specific entity and (2) area of the organization. establishing a Answer (C) is incorrect. The CAE should not be accountable for a means for evaluating the effectiveness of ERM. management Answer (D) is incorrect. Enterprise risk management is concerned function. with selecting Answer (D) is correct. A CRO is a member of management not the best risk response but the risk response that falls within the assigned primary enterprise’s responsibility for enterprise risk management processes. The CRO is risk tolerances and appetite. most effective [347] Gleim #: 4.2.18 when supported by a specific team with the necessary expertise and Many organizations use electronic funds transfer to pay their experience related suppliers instead of to organization-wide risk. issuing checks. Regarding the risks associated with issuing checks, [346] Gleim #: 4.2.17 which of the Enterprise risk management following risk management techniques does this represent? Guarantees achievement of organizational A. objectives. A. Controlling. B. Requires establishment of risk and control activities by internal B. Accepting. auditors. C. Transferring. Involves the identification of events with negative impacts on D. Avoiding. organizational Gleim CIA Test Prep: Part 1 - Internal Audit Basics objectives. (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 188 D. Includes selection of the best risk response for the organization. Printed for Sanja Knezevic Answer (A) is incorrect. Risk management processes cannot fb.com/ciaaofficial guarantee Answer (A) is incorrect. Eliminating checks does not represent an Answer (C) is correct. Residual risk is the risk remaining after ongoing control. management takes Answer (B) is incorrect. Eliminating checks avoids instead of action to reduce the impact and likelihood of an adverse event. Such accepts the associated action risk. includes control activities in responding to a risk. Answer (C) is incorrect. Eliminating checks does not transfer risk to Answer (D) is incorrect. The underlying risk is the inherent risk. anyone else. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Risk is eliminated. (720 questions) Answer (D) is correct. Risk responses may include avoidance, Copyright 2013 Gleim Publications Inc. Page 189 acceptance, sharing, Printed for Sanja Knezevic and reduction. By eliminating checks, the organization avoids all risk [350] Gleim #: 4.2.21 associated with Components of enterprise risk management (ERM) are integrated them. with the [348] Gleim #: 4.2.19 management process. Which of the following correctly states four of Which of the following is a factor affecting risk? the eight A. New personnel. components of ERM according to the COSO’s framework? B. New or revamped information systems. Event identification, risk assessment, control activities, and A. C. Rapid growth. objective setting. D. All of the answers are correct. B. Internal environment, risk responses, monitoring, and risk Answer (A) is incorrect. New or revamped information systems and minimization. rapid growth External environment, information and communication, monitoring, are also factors affecting risk. and event Answer (B) is incorrect. New personnel and rapid growth are also identification. factors C. affecting risk. Objective setting, response to opportunities, risk assessment, and Answer (C) is incorrect. New personnel and new or revamped control information activities. systems are also factors affecting risk. D. Answer (D) is correct. New personnel, new or revamped information Answer (A) is correct. ERM ensures that (1) a process is established systems, and (2) and rapid growth are all factors that affect risk. objectives align with the mission and the risk appetite. Event [349] Gleim #: 4.2.20 identification, risk What is residual risk? assessment, control activities, and objective setting are components A. Impact of risk. of ERM. B. Risk that is under control. Event identification relates to internal and external events affecting C. Risk that is not managed. the D. Underlying risk in the environment. organization. Risk assessment considers likelihood and impact (see Answer (A) is incorrect. The impact of risk is its consequence. the definitions Answer (B) is incorrect. Risk that is under control is managed risk. of risk in The IIA Glossary) as a basis for risk management. Control activities are policies and procedures to ensure the effectiveness of risk Gleim CIA Test Prep: Part 1 - Internal Audit Basics responses. Objective (720 questions) setting precedes event identification. Copyright 2013 Gleim Publications Inc. Page 190 Answer (B) is incorrect. Risk assessment, not minimization, is a Printed for Sanja Knezevic component of fb.com/ciaaofficial ERM. Answer (A) is incorrect. Limitations of ERM can also arise from cost- Answer (C) is incorrect. The internal, not external, environment is a benefit component considerations and collusion. of ERM. Answer (B) is incorrect. Limitations of ERM can also arise from Answer (D) is incorrect. Response to opportunities is a capability of faulty human ERM. judgment and collusion. [351] Gleim #: 4.2.22 Answer (C) is incorrect. Limitations of ERM can also arise from Which of the following control models is fully incorporated into the faulty human broader integrated judgment and cost-benefit considerations. framework of enterprise risk management (ERM)? Answer (D) is correct. The limitations of ERM are the same as those A. CoCo. for control in B. COSO. general. They arise from the possibility of (1) faulty human judgment, C. Electronic Systems Assurance and Control. (2) cost-benefit D. COBIT. considerations, (3) simple errors or mistakes, (4) collusion, and (5) Answer (A) is incorrect. ERM extends the COSO, not the CoCo, management model. override. Answer (B) is correct. The Committee of Sponsoring Organizations [353] Gleim #: 4.2.24 of the Management considers risk appetite for all of the following reasons Treadway Commission published Enterprise Risk Management – except Integrated Evaluating A. strategic options. Framework. This document describes a model that incorporates the B. Setting objectives. earlier COSO C. Developing risk management techniques. internal control framework while extending it to the broader area of D. Increasing the net present value of investments. enterprise risk Answer (A) is incorrect. Management considers risk appetite when management. evaluating Answer (C) is incorrect. ERM extends the COSO, not the eSAC, strategic options. model. Answer (B) is incorrect. Management considers risk appetite when Answer (D) is incorrect. ERM extends the COSO, not the COBIT, setting model. objectives. [352] Gleim #: 4.2.23 Answer (C) is incorrect. Management considers risk appetite when Limitations of enterprise risk management (ERM) may arise from developing A. Faulty human judgment. risk management techniques. B. Cost-benefit considerations. Answer (D) is correct. Risk appetite should be considered in C. Collusion. 1. Evaluating strategies, D. All of the answers are correct. 2. Setting related objectives, and 3. Developing risk management methods. The internal auditors are assessing the risk of fraud involving senior Increasing the net present value of investments is an operational management. An objective. It impact factor is would be determined after consideration of the entity’s risk appetite Nonretention A. of customers. and other B. Inadequacy of internal controls. strategic factors. C. Unusual transactions. [354] Gleim #: 4.2.25 D. Potential override of internal controls. Inherent risk is Answer (A) is correct. An impact factor is a potential result of an A. A potential event that will adversely affect the organization. event. These B. Risk response risk. events are usually identified through the risk assessment process. The risk after management takes action to reduce the impact or For example, the likelihood of an consequences of fraud may include direct financial loss and harm to adverse event. its reputation, C. which in turn may lead to inability to attract skilled employees or The risk when management has not taken action to reduce the customers. impact or likelihood Answer (B) is incorrect. Inadequacy of internal controls is a risk that of an adverse event. normally is D. identified during risk assessment. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. The existence of complex or unusual (720 questions) transactions is a Copyright 2013 Gleim Publications Inc. Page 191 risk that normally is identified during risk assessment. Printed for Sanja Knezevic Answer (D) is incorrect. Potential override of internal controls is a Answer (A) is incorrect. A risk event is a potential event that will risk that affect the entity normally is identified during risk assessment. adversely. [356] Gleim #: 4.2.27 Answer (B) is incorrect. A risk response is an action taken to reduce Which risk response reflects a change from acceptance to sharing? the impact or A. An insurance policy on a manufacturing plant was not renewed. likelihood of an adverse event, including a control activity. “Risk B. Management purchased insurance on previously uninsured response risk” is a property. nonsense term. C. Management sold a manufacturing plant. Answer (C) is incorrect. The risk after management takes action to After employees stole numerous inventory items, management reduce the impact implemented or likelihood of an adverse event in responding to a risk is residual mandatory background checks on all employees. risk. D. Answer (D) is correct. Inherent risk is the risk when management Gleim CIA Test Prep: Part 1 - Internal Audit Basics has not taken action (720 questions) to reduce the impact or likelihood of an adverse event. Thus, it is risk Copyright 2013 Gleim Publications Inc. Page 192 in the absence of Printed for Sanja Knezevic a risk response. fb.com/ciaaofficial [355] Gleim #: 4.2.26 Answer (A) is incorrect. Not renewing insurance represents a Answer (D) is incorrect. The CAE must not be the CRO because change from risk managing risk is sharing to risk acceptance. a responsibility of management, not internal audit. Answer (B) is correct. The categories of risk responses under the [358] Gleim #: 4.2.29 COSO ERM model Which of the following is closely related to traditional risk are avoidance, retention (acceptance), reduction, sharing, and management instead of exploitation. If enterprise risk management (ERM)? management does not insure a building, the response is acceptance. A. Rapid response to opportunities. Ordinarily, B. Organization-level view of risk. acceptance is based on a judgment that the cost of another C. Emphasis on specific functions. response is excessive. D. Achieving financial goals. However, once management purchases insurance, the risk is shared Gleim CIA Test Prep: Part 1 - Internal Audit Basics with an outside (720 questions) party. Copyright 2013 Gleim Publications Inc. Page 193 Answer (C) is incorrect. Selling property avoids all the risks of Printed for Sanja Knezevic ownership. Answer (A) is incorrect. Rapid response to opportunities is a Answer (D) is incorrect. Management originally accepted the risk of characteristic of ERM, employee theft which tries to offset potential risks with opportunities. by not implementing pre-hire investigation. Conducting background Answer (B) is incorrect. ERM tries to view risk as it affects every checks on all level of an employees reduces the risk of theft. organization. [357] Gleim #: 4.2.28 Answer (C) is correct. The enterprise risk management approach Under the COSO’s ERM framework, which of the following most set forth by the accurately describes committee of Sponsoring Organizations of the Treadway risk management responsibilities? Commission (COSO) In practice, management has primary A. responsibility. attempts to approach an organization as a whole instead of focusing B. The internal audit activity has an oversight role. on any specific C. The board provides assurance about the effectiveness of ERM. area or risk. D. The chief audit executive should serve as chief risk officer. Answer (D) is incorrect. Financial goals are an example of the Answer (A) is correct. The board has overall responsibility. methods ERM uses to However, in practice, achieve objectives in one or more separate but overlapping the board delegates responsibility for ERM to senior management, categories. which should [359] Gleim #: 4.2.30 ensure that sound processes are in place and functioning. Which of the following members of an organization has ultimate Answer (B) is incorrect. The internal audit activity provides objective ownership assurance responsibility of the enterprise risk management, provides leadership that (1) ERM processes are effective and (2) key risks are managed and direction to at an senior managers, and monitors the entity’s overall risk activities in acceptable level. relation to its risk Answer (C) is incorrect. The board has overall responsibility. appetite? A. Chief risk officer. Printed for Sanja Knezevic B. Chief executive officer. fb.com/ciaaofficial C. Internal auditors. Answer (A) is incorrect. Risk management is a key responsibility of D. Chief financial officer. senior Answer (A) is incorrect. The risk officer works in assigned areas of management and the board, not the internal auditor. responsibility Answer (B) is correct. The internal audit activity must evaluate and in a staff function. The work of a risk officer often extends beyond contribute to the one specific improvement of governance, risk management, and control area because the officer will have the necessary resources to work processes using a across many systematic and disciplined approach (Perf. Std. 2100). Assurance segments or divisions. services involve the Answer (B) is correct. The chief executive officer (CEO) sets the internal auditor’s objective assessment of management’s risk tone at the top management activities of the organization and has ultimate responsibility for ownership of and the degree to which they are effective. the ERM. The Answer (C) is incorrect. Designing and updating the risk CEO will influence the composition and conduct of the board, provide management process is a leadership role of management. and direction to senior managers, and monitor the entity’s overall risk Answer (D) is incorrect. The design and implementation of controls activities in is the relation to its risk appetite. If any problems arise with the responsibility of management, not internal audit. organization’s risk [361] Gleim #: 4.3.32 appetite, the CEO will also take any measures to adjust the The primary reason that a bank would maintain a separate alignment to better suit compliance function is to the organization. Better manage perceived A. high risks. Answer (C) is incorrect. The internal auditors evaluate the ERM and B. Strengthen controls over the bank’s investments. may provide C. Ensure the independence of line and senior management. recommendations. D. Better respond to shareholder expectations. Answer (D) is incorrect. The CFO is subordinate to the CEO, who Answer (A) is correct. The risk management process identifies, has ultimate assesses, responsibility for ERM. manages, and controls potential risk exposures. Organizations such [360] Gleim #: 4.3.31 as brokers, When assessing the risk associated with an activity, an internal banks, and insurance companies may view risks as sufficiently auditor should critical to warrant A. Determine how the risk should best be managed. continuous oversight and monitoring. B. Provide assurance on the management of the risk. Answer (B) is incorrect. A separate compliance function may help C. Update the risk management process based on risk exposures. strengthen D. Design controls to mitigate the identified risks. controls, but this is not its primary purpose. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Risk management is the direct responsibility (720 questions) of Copyright 2013 Gleim Publications Inc. Page 194 management. Answer (D) is incorrect. A separate compliance function will help C. Responsibility for risk Advisory role Oversight role respond to D. Oversight role Advisory role Responsibility for risk shareholder needs, but this is not its primary purpose. Answer (A) is incorrect. Internal auditors are generally involved in [362] Gleim #: 4.3.33 the assurance Which of the following goals sets risk management strategies at the and advisory role. The board has an oversight role. optimum level? Answer (B) is incorrect. Management performs the implementation A. Minimize costs. role in risk B. Maximize market share. management, and the board has an oversight role. Internal auditors C. Minimize losses. are generally D. Maximize shareholder value. involved in the assurance and advisory role. Answer (A) is incorrect. Minimizing costs is not a comprehensive Answer (C) is correct. Risk management is a key responsibility of approach. senior Answer (B) is incorrect. Maximizing market share is not a management and the board. To achieve its business objectives, comprehensive management approach. ensures that sound risk management processes are in place and Answer (C) is incorrect. Minimizing losses is not a comprehensive functioning. approach. Boards have an oversight role to determine that appropriate risk Answer (D) is correct. The risk management processes chosen management depend on the processes are in place and that these processes are adequate and organization’s culture, management style, and business objectives. effective. In this These choices role, they may direct the internal audit activity to assist them by should optimize stakeholder (for example, shareholder) value by examining, coping evaluating, reporting, and/or recommending improvements to the effectively with uncertainty, risks, and opportunities. Thus, adequacy and maximizing effectiveness of risk management processes (PA 2120-1, para. 1). shareholder value is a comprehensive approach that relates to risk Management management and the board are responsible for their organization’s risk strategies across the organization. management and control Gleim CIA Test Prep: Part 1 - Internal Audit Basics processes. However, internal auditors acting in a consulting role can (720 questions) assist the Copyright 2013 Gleim Publications Inc. Page 195 organization in identifying, evaluating, and implementing risk Printed for Sanja Knezevic management [363] Gleim #: 4.3.34 methodologies and controls to address those risks (PA 2120-1, para. Which of the following represents the best statement of 2). responsibilities for risk Answer (D) is incorrect. Management is responsible for risk management? management, not the Internal oversight role performed by the board. Management Auditing Board [364] Gleim #: 4.3.35 A. Responsibility for risk Oversight role Advisory role An internal auditor plans to conduct an audit of the adequacy of B. Oversight role Responsibility for risk Advisory role controls over investments in new financial instruments. Which of the following some financial investment scandals show that such comparisons can would not be be highly required as part of such an engagement? misleading because high returns were due to taking on a high level Determine if policies exist which describe the risks the treasurer may of risk. Also, this take and the determination does not test the adequacy of the controls. types of instruments in which the treasurer may make investments. Answer (D) is incorrect. A fundamental control concept over cash- A. like assets is the Determine the extent of management oversight over investments in treasurer’s establishment of a mechanism to monitor the risks. sophisticated [365] Gleim #: 4.3.36 instruments. When the executive management of an organization decided to form B. a team to Determine whether the treasurer is getting higher or lower rates of investigate the adoption of an activity-based costing (ABC) system, return on an internal auditor investments than are treasurers in comparable organizations. was assigned to the team. The best reason for including an internal C. auditor is the Determine the nature of controls established by the treasurer to internal auditor’s knowledge of monitor the risks Activities A. and cost drivers. in the investments. B. Information processing procedures. D. C. Current product cost structures. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Risk management processes. (720 questions) Answer (A) is incorrect. An engineer has more knowledge than an Copyright 2013 Gleim Publications Inc. Page 196 internal Printed for Sanja Knezevic auditor about activities and cost drivers. fb.com/ciaaofficial Answer (B) is incorrect. An information systems expert has more Answer (A) is incorrect. The first step of such an engagement knowledge than should be to determine an internal auditor about information needs and information the nature of policies established to manage the risks associated processing with the investments. procedures. New financial instruments are very risky. Answer (C) is incorrect. A management accountant has more Answer (B) is incorrect. Sophisticated financial instruments are knowledge than an complex by their internal auditor about a company’s current product cost. nature and can carry a high level of risk. Thus, the auditor should Answer (D) is correct. The internal audit activity’s scope of work determine the nature extends to of the risk management process established to monitor and authorize evaluating the organization’s risk management processes. The such investments. internal audit Answer (C) is correct. For this particular engagement, the auditor activity should assist the organization by identifying and evaluating does not need to significant develop a comparison of investment returns with those of other exposures to risk and contributing to the improvement of risk organizations. In fact, management and control systems. [366] Gleim #: 4.3.37 Ascertaining the extent to which management has established Internal auditors should review the means of physically safeguarding criteria to determine assets from whether objectives have been accomplished. losses arising from D. A. Misapplication of accounting principles. Answer (A) is incorrect. Internal auditors must evaluate risk B. Procedures that are not cost justified. exposures relating C. Exposure to the elements. to, among other things, the organization’s compliance with laws, D. Underusage of physical facilities. regulations, Gleim CIA Test Prep: Part 1 - Internal Audit Basics policies, procedures, and contracts. (720 questions) Answer (B) is correct. Safeguarding assets is an operational activity Copyright 2013 Gleim Publications Inc. Page 197 and is Printed for Sanja Knezevic therefore beyond the scope of the internal audit activity. Answer (A) is incorrect. Misapplication of accounting principles Answer (C) is incorrect. The internal audit activity must evaluate risk relates to the exposures reliability of information and not physical safeguards. relating to, among other things, the organization’s compliance with Answer (B) is incorrect. Procedures that are not cost justified relate laws, to efficiency, not regulations, policies, procedures, and contracts. effectiveness, of operations. Answer (D) is incorrect. Ascertaining the extent to which Answer (C) is correct. The internal audit activity must evaluate risk management has exposures relating established adequate criteria to determine whether objectives and to governance, operations, and information systems regarding the goals have been safeguarding of accomplished is within the scope of internal auditing. assets (Impl. Std. 2120.A1). For example, internal auditors evaluate [368] Gleim #: 4.3.39 risk arising from In the risk management process, management’s view of the internal the possibilities of theft, fire, improper or illegal activities, and audit activity’s exposure to the role is likely to be determined by all of the following factors except elements. A. Organizational culture. Answer (D) is incorrect. Underusage of facilities relates to efficiency B. Preferences of the independent auditor. of operations. C. Ability of the internal audit staff. [367] Gleim #: 4.3.38 D. Local conditions and customs of the country. Which of the following activities is outside the scope of internal Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditing? (720 questions) Evaluating risk exposures regarding compliance with policies, Copyright 2013 Gleim Publications Inc. Page 198 procedures, and Printed for Sanja Knezevic contracts. fb.com/ciaaofficial A. Answer (A) is incorrect. Organizational culture is a factor that Safeguarding B. of assets. influences C. Evaluating risk exposures regarding compliance with laws and management’s view of the role of internal auditing. regulations. Answer (B) is correct. Ultimately, the role of internal auditing in the risk management process is determined by senior management and the board. Their Answer (D) is incorrect. Internal auditors may recommend controls. view on internal [370] Gleim #: 4.3.41 auditing’s role is likely to be determined by factors such as the Which of the following may be assessed by the internal auditor to culture of the determine the organization, ability of the internal audit staff, and local conditions effectiveness of the risk management process? and customs (PA I. Significant risks 2120-1, para. 5). II. Ongoing monitoring activities Answer (C) is incorrect. The ability of the internal audit staff is a Previous risk evaluation reports by management, internal auditors, factor that external influences management’s view of the role of internal auditing. auditors, and any other sources Answer (D) is incorrect. Local conditions and customs of the country III. influence A. I and II only. management’s view of the role of internal auditing. B. I and III only. [369] Gleim #: 4.3.40 C. II and III only. Which of the following threatens the independence of an internal D. I, II, and III. auditor who had Gleim CIA Test Prep: Part 1 - Internal Audit Basics participated in the initial establishment of a risk management (720 questions) process? Copyright 2013 Gleim Publications Inc. Page 199 Developing assessments and reports on the risk A. management Printed for Sanja Knezevic process. Answer (A) is correct. Significant risks and ongoing management B. Managing the identified risks. activities are C. Evaluating the adequacy and effectiveness of management’s risk assessed by the internal audit activity as part of the risk management processes. process (Inter. D. Recommending controls to address the risks identified. Std. 2120). But review of previous risk evaluation reports is a means Answer (A) is incorrect. Developing assessments and reports on the of obtaining organization’s risk management processes is not only an internal evidence for an assessment. audit role but Answer (B) is incorrect. Review of previous risk evaluation reports normally also a high audit priority. by management, Answer (B) is correct. Assuming management’s responsibility for the internal auditors, external auditors, and any other sources is an audit risk procedure, a management process is a potential threat to the internal audit means of obtaining evidence for an assessment. Moreover, internal activity’s auditors assess independence. It requires a full discussion and board approval (PA ongoing monitoring activities. 2120-1, Answer (C) is incorrect. Review of previous risk evaluation reports para. 5). by management, Answer (C) is incorrect. Internal auditors assist both management internal auditors, external auditors, and any other sources is an audit and the board procedure, a by examining, evaluating, reporting, and recommending means of obtaining evidence for an assessment. Moreover, internal improvements on the auditors assess adequacy and effectiveness of risk management processes. significant risks. Answer (D) is incorrect. Review of previous risk evaluation reports Gleim CIA Test Prep: Part 1 - Internal Audit Basics by management, (720 questions) internal auditors, external auditors, and any other sources is an audit Copyright 2013 Gleim Publications Inc. Page 200 procedure. Printed for Sanja Knezevic [371] Gleim #: 4.3.42 fb.com/ciaaofficial The board’s expectations of the internal audit activity regarding the Answer (A) is incorrect. The internal audit activity assists in risk risk management management; it is process is not the same thing as risk management. Noted in the work programs for formal consulting A. engagements. Answer (B) is incorrect. Control processes are “the policies, B. Included in the business continuity plan. procedures, and activities C. Codified in the charters of the internal audit activity and the board. that are part of a control framework designed to ensure that risks are D. Reviewed by the internal auditors immediately following a contained within disaster. the risk tolerances established by the risk management process” Answer (A) is incorrect. A work program is a listing of specific (The IIA Glossary). procedures. Answer (C) is correct. Risk management is “a process to identify, Answer (B) is incorrect. Business continuity planning is just one assess, manage, and element of risk control potential events or situations to provide reasonable management. assurance regarding the Answer (C) is correct. The chief audit executive (CAE) is to obtain achievement of the organization’s objectives” (The IIA Glossary). an Answer (D) is incorrect. Consulting services are “advisory and understanding of senior management’s and the board’s expectations related client service of the internal activities, the nature and scope of which are agreed with the client” audit activity in the organization’s risk management process. This (The IIA understanding Glossary). is then codified in the charters of the internal audit activity and the [373] Gleim #: 4.3.44 board (PA Risk management is the responsibility of management. The role of 2120-1, para. 4). the internal audit Answer (D) is incorrect. The internal audit activity’s role needs to be activity in the risk management process may include which of the understood following? before a crisis. Monitoring I. activities. [372] Gleim #: 4.3.43 II. Evaluating the risk management process as part of the Which of the following is the most accurate term for a process to engagement plan. identify, assess, Participating on oversight committees, monitoring of activities, and manage, and control potential events or situations to provide status reasonable assurance reporting. regarding the achievement of the organization’s objectives? III. A. The internal audit activity. IV. Managing and coordinating the process. B. Control process. A. I only. C. Risk management. B. II only. D. Consulting service. C. I, II, and III only. D. I, II, III, and IV. Recognize that organizations should use similar techniques A. for Answer (A) is incorrect. The internal audit activity’s role in the risk managing risk. management B. Determine that the key objectives of risk management processes process may extend on a continuum from no role to managing and are being met. coordinating C. Determine the level of risks acceptable to the organization. the process. Treat the evaluation of risk management processes in the same Answer (B) is incorrect. The internal audit activity’s role in the risk manner as the risk management analysis used to plan engagements. process also may extend to monitoring activities; participating on D. oversight Answer (A) is incorrect. Risk management processes vary with the committees, monitoring of activities, and status reporting; and size and managing and complexity of an organization’s business activities. coordinating the process. Answer (B) is correct. Internal auditors need to obtain sufficient and Answer (C) is incorrect. The internal audit activity’s role in the risk appropriate management evidence to determine that key objectives of the risk management process also may extend to managing and coordinating the process. processes are Answer (D) is correct. The internal audit activity’s role in the risk being met to form an opinion on the adequacy of risk management management processes process of an organization can change over time and may include (PA 2120-1, para. 8). responsibilities Answer (C) is incorrect. Management and the board determine the along a continuum that extends from (1) no role; (2) auditing the risk level of management acceptable organizational risks. process as part of the internal audit plan; (3) active, continuous Answer (D) is incorrect. Evaluating management’s risk processes support and differs from the involvement in the risk management process, such as participation internal auditors’ risk assessment used to plan an engagement, but on oversight information committees, monitoring activities, and status reporting; and (4) from a comprehensive risk management process is useful in such managing and planning. coordinating the process (PA 2120-1, para. 4). [375] Gleim #: 4.3.46 Gleim CIA Test Prep: Part 1 - Internal Audit Basics If an organization has no formal risk management processes, the (720 questions) chief audit executive Copyright 2013 Gleim Publications Inc. Page 201 should Printed for Sanja Knezevic A. Establish risk management processes based on industry norms. [374] Gleim #: 4.3.45 Formulate hypothetical results of possible consequences resulting The internal audit activity must evaluate the effectiveness and from risks not contribute to the being managed. improvement of risk management processes. With respect to B. evaluating the adequacy C. Inform regulators that the organization is guilty of an infraction. of risk management processes, internal auditors most likely should Formally discuss with the directors their obligations for risk management processes. Answer (A) is incorrect. Matters addressed in the control D. environment, e.g., Answer (A) is incorrect. Internal auditors have no authority to integrity and ethical values, human resources, and organizational establish risk structure are management processes. They must seek direction from subject to soft controls and soft risk management approaches. management and the board Answer (B) is incorrect. A risk matrix links identified risks to, for as to their role in the process. example, Answer (B) is incorrect. Internal auditors are not required to perform controls or business processes. a risk Answer (C) is correct. The organization designs risk management analysis of the possible consequences of not establishing a risk processes management based on its culture, management style, and business objectives. For process. However, such a request might be made by management. example, the Answer (C) is incorrect. In the absence of a specific legal use of derivatives or other sophisticated capital market products by requirement, internal the auditors are not required to report to outside parties. organization could require the use of quantitative risk management Answer (D) is correct. In situations where the organization does not tools. But the have formal internal auditor determines that the methodology chosen is risk management processes, the chief audit executive formally sufficiently discusses with comprehensive and appropriate for the nature of the organization management and the board their obligations to understand, manage, (PA 2120-1, and monitor para. 7). risks within the organization and the need to satisfy themselves that Answer (D) is incorrect. An ERM framework contains broad there are statements of processes operating within the organization, even if informal, that classes of risks. They are not stated in the detail (quantitative or not) provide the required by a appropriate level of visibility into the key risks and how they are being specific organization. managed [377] Gleim #: 4.3.48 and monitored (PA 2120-1, para. 3). Which of the following is not a responsibility of the chief audit Gleim CIA Test Prep: Part 1 - Internal Audit Basics executive? (720 questions) To communicate the internal audit activity’s plans and resource Copyright 2013 Gleim Publications Inc. Page 202 requirements to Printed for Sanja Knezevic senior management and the board for review and approval. fb.com/ciaaofficial A. [376] Gleim #: 4.3.47 To coordinate with other internal and external providers of audit and Quantitative risk management methods are most appropriate for consulting Assessing A. personnel risks. services to ensure proper coverage and minimize duplication. B. Developing a risk matrix. B. C. The use of derivatives by the organization. To oversee the establishment, administration, and assessment of the D. Identifying risks from the COSO’s enterprise risk management organization’s system of risk management processes. framework. C. To follow up on whether appropriate management actions have been White-collar crime is usually perpetrated for the benefit of an taken on organization, but significant reported risks. fraud benefits an individual. D. C. Answer (A) is incorrect. The CAE should communicate the internal White-collar crime is usually perpetrated by outsiders to the audit detriment of an activity’s plans and resource requirements, including significant organization, but fraud is perpetrated by insiders to benefit the interim changes, organization. to senior management and to the board for review and approval. The D. CAE also Answer (A) is correct. Fraud is defined in The IIA Glossary as “any should communicate the impact of resource limitations. illegal act Answer (B) is incorrect. The CAE should share information and characterized by deceit, concealment, or violation of trust. These coordinate acts are not activities with other internal and external providers of relevant dependent upon the threat of violence or physical force.” assurance and Answer (B) is incorrect. Fraud may be perpetrated internally. consulting services to ensure proper coverage and minimize Answer (C) is incorrect. Fraud may be perpetrated for the duplication of efforts. organization’s benefit Answer (C) is correct. Overseeing the establishment, administration, or for otherwise unselfish reasons. and Answer (D) is incorrect. Fraud may be perpetrated by insiders and assessment of the organization’s system of risk management outsiders, and processes is the role it may be either beneficial or detrimental to an organization. of senior management, not the CAE (PA 2120-1, para. 2). [379] Gleim #: 4.4.50 Answer (D) is incorrect. The CAE should establish and maintain a Which of the following wrongful acts committed by an employee system to constitutes fraud? monitor the disposition of results communicated to management. A. Libel. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Embezzlement. (720 questions) C. Assault. Copyright 2013 Gleim Publications Inc. Page 203 D. Harassment. Printed for Sanja Knezevic Answer (A) is incorrect. Defamation is the unjustifiable [378] Gleim #: 4.4.49 communication In the course of their work, internal auditors must be alert for fraud (publication) to a third party of a false statement that injures the and other forms of plaintiff’s white-collar crime. The important characteristic that distinguishes reputation and holds him/her up to hatred, contempt, or ridicule. Oral fraud from other defamation varieties of white-collar crime is that is slander. Defamation published in more permanent form Fraud is characterized by deceit, concealment, or A. violation of trust. (newspaper, letter, film) Unlike other white-collar crimes, fraud is always perpetrated against is libel. an outside Answer (B) is correct. Fraud is defined in The IIA Glossary as “any party. illegal act B. characterized by deceit, concealment, or violation of trust. These in statement III. acts are not Answer (C) is correct. “Adequate criteria are needed to evaluate dependent upon the threat of violence or physical force. Frauds are controls. Internal perpetrated by auditors must ascertain the extent to which management has parties and organizations to obtain money, property, or services; to established adequate avoid payment criteria to determine whether objectives and goals have been or loss of services; or to secure personal or business advantage.” accomplished. If Embezzlement is adequate, internal auditors must use such criteria in their evaluation. the intentional appropriation of property entrusted to one’s care. The If inadequate, embezzler internal auditors must work with management to develop appropriate converts property to his/her own use and conceals the theft. evaluation Answer (C) is incorrect. The tort of assault entails placing another in criteria” (Impl. Std. 2210.A3). reasonable Answer (D) is incorrect. The internal auditors also may take the fear of a harmful or offensive bodily contact. actions described Answer (D) is incorrect. Harassment is the act of persistently in statements I and III. annoying another. [381] Gleim #: 4.4.52 Gleim CIA Test Prep: Part 1 - Internal Audit Basics A key feature that distinguishes fraud from other types of crime or (720 questions) impropriety is that Copyright 2013 Gleim Publications Inc. Page 204 fraud always involves the Printed for Sanja Knezevic A. Violent or forceful taking of property. fb.com/ciaaofficial B. Deceitful wrongdoing of management-level personnel. [380] Gleim #: 4.4.51 C. Unlawful conversion of property that is lawfully in the custody of Internal auditors need to ascertain the extent to which management the perpetrator. has established D. False representation or concealment of a material fact. adequate control criteria. For this purpose, which of the following Answer (A) is incorrect. Fraud usually does not involve force or actions may be violence. appropriate? Answer (B) is incorrect. Employees at any level in an organization Determining whether objectives have I. been accomplished can commit II. Using the criteria in their evaluation fraud. III. Working with management to develop appropriate control Answer (C) is incorrect. Embezzlement is the unlawful conversion of evaluation criteria property A. I only. that is lawfully in the custody of the perpetrator. B. I and II only. Answer (D) is correct. Fraud is defined in The IIA Glossary as “any C. I, II, and III. illegal act D. II only. characterized by deceit, concealment, or violation of trust. These Answer (A) is incorrect. The internal auditors also may take the acts are not actions described dependent upon the threat of violence or physical force.” in statements II and III. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. The internal auditors also may take the (720 questions) action described Copyright 2013 Gleim Publications Inc. Page 205 Printed for Sanja Knezevic Answer (B) is incorrect. Establishing and maintaining control is a [382] Gleim #: 4.4.53 responsibility One factor that distinguishes fraud from other employee crimes is of management. that fraud involves Answer (C) is incorrect. Planning fraud prevention activities is a Intentional A. deception. responsibility of B. Personal gain for the perpetrator. management. C. Collusion with a party outside the organization. Answer (D) is incorrect. Controlling fraud prevention activities is a D. Malicious motives. responsibility Answer (A) is correct. Fraud is defined in The IIA Glossary as “any of management. illegal act Gleim CIA Test Prep: Part 1 - Internal Audit Basics characterized by deceit, concealment, or violation of trust. These (720 questions) acts are not Copyright 2013 Gleim Publications Inc. Page 206 dependent upon the threat of violence or physical force.” Printed for Sanja Knezevic Answer (B) is incorrect. Fraud may be perpetrated for the fb.com/ciaaofficial organization’s benefit [384] Gleim #: 4.4.55 or for otherwise unselfish reasons. Which of the following statements is(are) true regarding the Answer (C) is incorrect. An employee may act alone. prevention of fraud? Answer (D) is incorrect. Fraud may be perpetrated for the The primary means of preventing fraud is through internal control organization’s benefit established and or for otherwise unselfish reasons. maintained by management. [383] Gleim #: 4.4.54 I. In an organization with a separate division that is primarily Internal auditors are responsible for assisting in the prevention of responsible for the fraud by prevention of fraud, the internal audit activity is responsible for examining and evaluating the adequacy of the internal control Examining and evaluating the adequacy and effectiveness of that system. division’s II. actions taken to prevent fraud. Internal auditors should assess the operating effectiveness of fraud- A. related B. Establishing and maintaining that division’s system of internal communication systems. control. III. C. Planning that division’s fraud prevention activities. A. I only. D. Controlling that division’s fraud prevention activities. B. I and II only. Answer (A) is correct. Control is the principal means of preventing C. II only. fraud. D. I, II, and III. Management is primarily responsible for the establishment and Answer (A) is incorrect. Internal auditors are responsible for maintenance of assisting in the control. Internal auditors are primarily responsible for preventing prevention of fraud by examining and evaluating the adequacy of the fraud by internal examining and evaluating the adequacy and effectiveness of control. control system, and internal auditors should assess the operating effectiveness of fraud-related communication systems. C. Answer (B) is incorrect. Internal auditors should assess the Divisional employees had not been properly trained to distinguish operating between bona effectiveness of fraud-related communication systems. fide signatures and cleverly forged ones on authorization forms. Answer (C) is incorrect. The primary means of preventing fraud is D. through Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal control established and maintained by management, and (720 questions) internal auditors Copyright 2013 Gleim Publications Inc. Page 207 should assess the operating effectiveness of fraud-related Printed for Sanja Knezevic communication systems. Answer (A) is incorrect. For cost-benefit reasons, controls should be Answer (D) is correct. Control is the principal means of preventing more extensive fraud. in high-risk areas. Management, in turn, is primarily responsible for the establishment Answer (B) is incorrect. Even the best system of control can often and be circumvented by maintenance of control. Internal auditors are primarily responsible for collusion. preventing Answer (C) is correct. Management is responsible for establishing fraud by examining and evaluating the adequacy and effectiveness and maintaining of control. internal control. Thus, management also is responsible for the fraud Internal auditors also should assess the operating effectiveness of prevention fraud-related program. The control environment element of this program includes a communication systems and practices, and they should support code of conduct, fraud-related ethics policy, or fraud policy to set the appropriate tone at the top. training. Moreover, [385] Gleim #: 4.4.56 organizations should establish effective fraud-related information and A significant employee fraud took place shortly after an internal communication auditing engagement. practices, for example, documentation and dissemination of policies, The internal auditor may not have properly fulfilled the responsibility guidelines, and for the results. prevention of fraud by failing to note and report that Answer (D) is incorrect. Forgery, like collusion, can circumvent even Policies, practices, and procedures to monitor activities and an effective safeguard assets were control. less extensive in low-risk areas than in high-risk areas. [386] Gleim #: 4.4.57 A. Internal auditors have a responsibility for helping to deter fraud. A system of control that depended upon separation of duties could Which of the be following best describes how this responsibility is usually met? circumvented by collusion among three employees. By coordinating with security personnel and law enforcement B. agencies in the There were no written policies describing prohibited activities and the investigation of possible frauds. action A. required whenever violations are discovered. By testing for fraud in every engagement and following B. up as management. appropriate. Answer (C) is incorrect. Reporting suspected fraud to law C. By assisting in the design of control systems to prevent fraud. enforcement personnel is a By evaluating the adequacy and effectiveness of controls in light of responsibility of management. the potential Answer (D) is correct. Internal auditors are responsible for assisting exposure or risk. in the deterrence D. of fraud by examining and evaluating the adequacy and the Answer (A) is incorrect. Investigating possible frauds involves effectiveness of controls. detection, not [388] Gleim #: 4.4.59 deterrence. Internal auditing is responsible for assisting in the prevention of fraud Answer (B) is incorrect. Testing for fraud in every engagement is not by required. Informing the appropriate authorities within the organization and Answer (C) is incorrect. Designing control systems impairs an recommending internal auditor’s whatever investigation is considered necessary in the circumstances objectivity. when Answer (D) is correct. Control is the principal means of preventing wrongdoing is suspected. fraud. A. Management is primarily responsible for the establishment and Establishing the organization’s governance, operations, and maintenance of information systems control. Internal auditors are primarily responsible for preventing concerning compliance with laws, regulations, and contracts. fraud by B. examining and evaluating the adequacy and effectiveness of control. Examining and evaluating the adequacy and the effectiveness of [387] Gleim #: 4.4.58 control, Which of the following describes one of the responsibilities of the commensurate with the extent of the potential exposure or risk in the internal auditor for various the deterrence of fraud in an organization? segments of the organization’s operations. A. Implementation of systems to discourage fraud. C. B. Prosecuting perpetrators of fraud. Determining whether operating standards are acceptable D. and are C. Reporting suspected fraud to law enforcement personnel. being met. D. Evaluating the adequacy of controls to prevent fraud. Answer (A) is incorrect. Informing appropriate authorities in the Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization (720 questions) when the internal auditor suspects wrongdoing concerns the internal Copyright 2013 Gleim Publications Inc. Page 208 auditor’s Printed for Sanja Knezevic obligation for detecting, not preventing, fraud. fb.com/ciaaofficial Answer (B) is incorrect. Management is responsible for establishing Answer (A) is incorrect. Implementing systems is an operating these function for which systems. management is responsible. Answer (C) is correct. Internal auditors are responsible for assisting Answer (B) is incorrect. Prosecuting perpetrators of fraud is a in the responsibility of prevention of fraud by examining and evaluating the adequacy and B. Maintain internal control. the C. Evaluate the system of internal control. effectiveness of controls. D. Exercise operating authority over fraud prevention activities. Answer (D) is incorrect. These standards are criteria to determine Answer (A) is incorrect. Establishing internal control is whether management’s operational objectives and goals have been accomplished. They do responsibility. not concern Answer (B) is incorrect. Maintaining internal control is prevention of fraud. management’s [389] Gleim #: 4.4.60 responsibility. The internal auditors’ responsibility regarding fraud includes all of the Answer (C) is correct. Control is the principal means of preventing following fraud. except Management, in turn, is primarily responsible for the establishment A. Determining whether the control environment sets the appropriate and tone at top. maintenance of control. Internal auditors are primarily responsible for B. Ensuring that fraud will not occur. preventing C. Being aware of activities in which fraud is likely to occur. fraud by examining and evaluating the adequacy and effectiveness D. Evaluating the effectiveness of control activities. of control. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Operating authority is a management (720 questions) function. Copyright 2013 Gleim Publications Inc. Page 209 [391] Gleim #: 4.4.62 Printed for Sanja Knezevic An internal auditor who suspects fraud should Answer (A) is incorrect. Internal auditing is responsible for A. Determine that a loss has been incurred. evaluating the B. Interview those who have been involved in the control of assets. organization’s control environment. C. Identify the employees who could be implicated in the case. Answer (B) is correct. Control is the principal means of preventing D. Recommend an investigation if appropriate. fraud, and Answer (A) is incorrect. Determining the loss could alert the management is responsible for establishing and maintaining internal perpetrator of the control. Thus, fraud. The perpetrator could then destroy or compromise evidence. internal auditors cannot give absolute assurance that noncompliance Answer (B) is incorrect. Interviewing those who have been involved or fraud does not in the exist. control of assets is part of the fraud investigation. Answer (C) is incorrect. The internal auditor should have sufficient Answer (C) is incorrect. Identifying the employees who could be knowledge of implicated in fraud indicators and be alert to opportunities that could allow fraud. the case is part of the fraud investigation. Answer (D) is incorrect. Assessing the design and operating Answer (D) is correct. An internal auditor’s responsibilities for effectiveness of fraudrelated detecting fraud controls is the responsibility of internal auditing. include evaluating fraud indicators and deciding whether any [390] Gleim #: 4.4.61 additional action is The internal audit activity’s responsibility for preventing fraud is to necessary or whether an investigation should be recommended. Establish A. internal control. Gleim CIA Test Prep: Part 1 - Internal Audit Basics (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 210 D. The payroll clerk has added ghost employees. Printed for Sanja Knezevic Answer (A) is incorrect. Administrative expense is 2% (US $10 ÷ fb.com/ciaaofficial $500) of [392] Gleim #: 4.4.63 current revenue. An international nonprofit organization finances medical research. Answer (B) is incorrect. Purchases of supplies from fictitious The majority of its vendors involve revenue and support comes from fundraising activities, investments, risk exposures that are far smaller than those arising from and specific inappropriate grants. grants from an initial sponsoring corporation. The organization has Answer (C) is correct. Grants represent 83.6% (US $418 ÷ $500) of been in operation current over 15 years and has a small internal audit department. The revenue. Consequently, fraudulent grants constitute a much greater organization has just risk exposure finished a major fundraising drive that raised US $500 million for the than any of the other items listed. current fiscal Answer (D) is incorrect. The payroll clerk’s addition of ghost period. employees involves The following are selected data from recent financial statements (US risk exposures that are far smaller than those arising from dollar figures in inappropriate grants. millions): [393] Gleim #: 4.4.64 Current Past Internal auditors are more likely to detect fraud by Year Year developing/strengthening their Revenue US $500 US $425 ability to Investments (average balances) 210 185 A. Recognize and question changes that occur in organizations. Medical research grants made 418 325 B. Interrogate fraud perpetrators to discover why the fraud was Investment income 16 20 committed. Administrative expense 10 6 C. Develop internal controls to prevent the occurrence of fraud. Auditors must always be alert for the possibility of fraud. Assume the D. Document computerized operating system programs. controls over Gleim CIA Test Prep: Part 1 - Internal Audit Basics each risk listed below are marginal. Which of the following possible (720 questions) frauds or misuses Copyright 2013 Gleim Publications Inc. Page 211 of organization assets should be considered the area of greatest Printed for Sanja Knezevic risk? Answer (A) is correct. An internal auditor’s responsibilities for The president is using company travel and entertainment funds for detecting fraud activities that include evaluating fraud indicators and deciding whether any might be considered questionable. additional action is A. necessary or whether an investigation should be recommended. Purchases of supplies are made from B. fictitious vendors. Answer (B) is incorrect. Interrogation of fraud perpetrators occurs Grants are made to organizations that might be associated with the after detection. The president or are danger signals of fraud often involve negative organizational not for purposes dictated in the organization’s charter. changes. Answer (C) is incorrect. The controls mentioned are preventive, not appropriate response to indicators of fraud. Legal counsel can act detective. only in an Answer (D) is incorrect. Documentation of operating systems is not advisory capacity. within the scope Answer (D) is incorrect. The internal auditor should report the matter of internal auditing and would do little to enhance fraud detection and request skills. funding for outside service providers only if (s)he has determined that [394] Gleim #: 4.4.65 the After noting some red flags, an internal auditor has an increased indicators of fraud are sufficient to recommend an investigation. awareness that fraud [395] Gleim #: 4.4.66 may be present. Which of the following best describes the internal When an internal auditor identifies multiple factors that have been auditor’s linked with responsibility? possible fraudulent conditions and suspects that fraud has taken Expand activities to determine whether an investigation A. is place, the auditor warranted. should Report the possibility of fraud to senior management and the board A. Immediately report to senior management and the board. and ask them B. Immediately report to the board. how they would like to proceed. C. Recommend an investigation. B. D. Extend tests to determine the extent of the fraud. Consult with external legal counsel to determine the course of action Gleim CIA Test Prep: Part 1 - Internal Audit Basics to be taken, (720 questions) including the approval of the proposed engagement work program to Copyright 2013 Gleim Publications Inc. Page 212 make sure it Printed for Sanja Knezevic is acceptable on legal grounds. fb.com/ciaaofficial C. Answer (A) is incorrect. Immediate reporting by the CAE to senior Report the matter to the audit committee and request funding for management and outside service the board is required only after a sufficient investigation has been providers to help investigate the possible fraud. made to establish D. reasonable certainty that a significant fraud has occurred. Thus, Answer (A) is correct. An internal auditor’s responsibilities for reasonable certainty is detecting fraud necessary before any fraud reporting is made. include evaluating fraud indicators and deciding whether any Answer (B) is incorrect. Immediate reporting by the CAE to senior additional action is management and necessary or whether an investigation should be recommended. the board is required only after a sufficient investigation has been Answer (B) is incorrect. The internal auditor should notify the made to establish appropriate reasonable certainty that a significant fraud has occurred. Thus, authorities within the organization if (s)he has determined that the reasonable certainty is indicators of necessary before any fraud reporting is made. fraud are sufficient to recommend an investigation. Answer (C) is correct. An internal auditor’s responsibilities for Answer (C) is incorrect. The internal auditor is responsible for detecting fraud determining the include evaluating fraud indicators and deciding whether any Review the finding with the suspect’s fellow workers to see whether additional action is the workers necessary or whether an investigation should be recommended. can furnish additional evidence. Answer (D) is incorrect. Extended tests to determine the extent of B. fraud are performed C. Decide whether to recommend an investigation. after the fraud has in fact been determined, not suspected. D. Discuss the case with the board. [396] Gleim #: 4.4.67 Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditor suspects that a mailroom clerk is embezzling (720 questions) funds. In exercising Copyright 2013 Gleim Publications Inc. Page 213 due professional care, the internal auditor should Printed for Sanja Knezevic Reassign the clerk to A. another department. Answer (A) is incorrect. The internal auditor should avoid B. Institute stricter controls over mailroom operations. confronting suspected C. Evaluate fraud indicators and decide whether further action is employees. Employees suspected of theft or fraud have certain necessary. common law and D. Confront the clerk with the auditor’s suspicions. statutory rights that, if infringed upon, can be costly to the Answer (A) is incorrect. Personnel assignments are the organization. responsibility of Answer (B) is incorrect. Fellow workers may also be involved in the management. embezzlement. Answer (B) is incorrect. The system of internal controls is Answer (C) is correct. An internal auditor’s responsibilities for management’s detecting fraud responsibility. include evaluating fraud indicators and deciding whether any Answer (C) is correct. An internal auditor’s responsibilities for additional action is detecting fraud necessary or whether an investigation should be recommended. include evaluating fraud indicators and deciding whether any Answer (D) is incorrect. The CAE should determine the extent, if additional action is any, of the fraud necessary or whether an investigation should be recommended. before presenting it to the board. Answer (D) is incorrect. An internal auditor should not confront a [398] Gleim #: 4.4.69 suspect until Which of the following best describes an auditor’s responsibility after the proper authorities have been notified and have determined the noting some appropriate indicators of fraud? action. Expand activities to determine whether an investigation A. is [397] Gleim #: 4.4.68 warranted. An internal auditor’s field work uncovers a series of transactions that B. Report the possibility of fraud to senior management and ask how indicate a to proceed. possible embezzlement. Which of the following actions should the C. Consult with external legal counsel to determine the course of chief audit action to be taken. executive take? Report the matter to the audit committee and request funding for A. Confront the suspected embezzler to determine that the facts are outside correct. specialists to help investigate the possible fraud. D. Answer (A) is correct. An internal auditor’s responsibilities for the risk of fraud and the manner in which it is managed by the detecting fraud organization. They are include evaluating fraud indicators and deciding whether any not expected to have the expertise of a person whose primary additional action is responsibility is necessary or whether an investigation should be recommended. detecting and investigating fraud (Impl. Std. 1210.A2). Answer (B) is incorrect. The internal auditor should notify senior Answer (B) is incorrect. The internal auditor is not expected to have management the expertise of a and the board only if (s)he has determined that the indicators of fraud person whose primary responsibility is detecting and investigating are fraud. sufficient to recommend an investigation. Answer (C) is incorrect. An internal auditor must have sufficient Answer (C) is incorrect. The internal auditor does not have the knowledge to authority to identify the indicators of fraud but is not required to have sufficient consult with external legal counsel. knowledge and Answer (D) is incorrect. The internal auditor should notify the audit training to be able to detect fraud. committee Answer (D) is incorrect. Detecting and investigating fraud is not a only if (s)he has determined that the indicators of fraud are sufficient primary role of an to internal auditor. recommend an investigation. [400] Gleim #: 4.5.71 [399] Gleim #: 4.4.70 Red flags are conditions that indicate a higher likelihood of fraud. What is the responsibility of the internal auditor with respect to fraud? Which of the The internal auditor should have sufficient knowledge to identify the following is not considered a red flag? indicators of Management has delegated the authority to make purchases under a fraud but is not expected to be an expert. certain value A. to subordinates. The internal auditor should have the same ability to detect fraud as a A. person whose An individual has held the same cash-handling job for an extended primary responsibility is detecting and investigating fraud. period without B. any rotation of duties. An internal auditor should have sufficient knowledge and training so B. that (s)he is An individual handling marketable securities is responsible for able to detect fraud. making the C. purchases, recording the purchases, and reporting any discrepancies D. An internal auditor’s primary role is to detect and investigate fraud. and Gleim CIA Test Prep: Part 1 - Internal Audit Basics gains/losses to senior management. (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 214 The assignment of responsibility and accountability in the accounts Printed for Sanja Knezevic receivable fb.com/ciaaofficial department is not clear. Answer (A) is correct. Internal auditors must have sufficient D. knowledge to evaluate Answer (A) is correct. Delegating the authority to make purchases incentive to falsify the records or otherwise take inappropriate action under a certain to improve value to subordinates is an acceptable and common practice performance measures so that the quotas appear to have been met. intended to limit risk Answer (C) is incorrect. Hiring policies should be based on factors while promoting efficiency. It is not, by itself, considered a red flag. other than Answer (B) is incorrect. Lack of rotation of duties or cross-training adequate training, such as the applicants’ personal integrity. for sensitive Furthermore, hiring of all jobs is a red flag. Such a person may have a greater opportunity to adequately trained applicants is unlikely to be necessary. commit and Answer (D) is incorrect. Under the reasonable assurance concept, conceal fraud. the cost of controls Answer (C) is incorrect. An inappropriate combination of duties is a should not exceed their benefits. The cost of applying controls to all red flag. relevant Answer (D) is incorrect. Establishing clear lines of authority and transactions rather than a sample may be greater than the resultant accountability savings. not only helps to assign culpability but also has preventive effects. [402] Gleim #: 4.5.73 [401] Gleim #: 4.5.72 Internal auditors have been advised to consider red flags to Which of the following policies is most likely to result in an determine whether environment conducive to management is involved in a fraud. Which of the following does not the occurrence of fraud? represent a Budget preparation input by the employees who are responsible for difficulty in using the red flags as fraud indicators? meeting the Many common red flags are also associated with situations in which budget. no fraud A. exists. Unreasonable sales and B. production goals. A. The division’s hiring process frequently results in the rejection of Some red flags are difficult to quantify B. or to evaluate. adequately C. Red flag information is not gathered as a normal part of an trained applicants. engagement. C. The red flags literature is not well enough established to have a D. The application of some accounting controls on a sample basis. positive impact on Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal auditing. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 215 Answer (A) is incorrect. Red flags are developed by correlation Printed for Sanja Knezevic analysis, not Answer (A) is incorrect. Participatory budgeting can reduce necessarily by causation analysis. resistance to budgets and Answer (B) is incorrect. Many red flags, such as management’s reduce the likelihood of inappropriate means being taken to meet the attitude, are budget. difficult to quantify. Answer (B) is correct. Unrealistically high sales or production quotas Answer (C) is incorrect. Internal auditors should be able to identify can be an fraud indicators and should be alert to opportunities that could allow fraud. Consider 3. to be normal turnover, but be concerned about 2. and 4. However, as warning internal auditors do not normally perform procedures specifically to signals of fraud. gather red C. flag information. D. Consider 1., 2., 3., and 4. as warning signals of fraud. Answer (D) is correct. The state of red flags literature is an aid, not a Answer (A) is incorrect. The items described can be detected difficulty, in through usual internal auditing. It is well established and will be refined in the future procedures in a financial audit. as research Answer (B) is incorrect. Although the economy suffered a downturn, is done. the change Gleim CIA Test Prep: Part 1 - Internal Audit Basics in working capital is unusual in light of the continuing strong profit (720 questions) margins and Copyright 2013 Gleim Publications Inc. Page 216 should be investigated. Printed for Sanja Knezevic Answer (C) is incorrect. The working capital ratio, the high fb.com/ciaaofficial employee turnover [403] Gleim #: 4.5.74 rate, and the sole-source procurement policy are all warning signals The following are facts about a subsidiary: of fraud. The subsidiary has been in business for several years and enjoyed Answer (D) is correct. The fact that the organization has reported good profit high profits margins although the general economy was in a recession, which when competitors have not may indicate a material misstatement in affected the financial competitors. statements. Insufficient working capital may indicate such problems 1. as The working capital ratio has declined from a healthy 2. 3:1 to 0.9:1. overexpansion, decreases in revenues, transfers of funds to other Turnover for the last several years has included three controllers, two organizations, supervisors insufficient credit, and excessive expenditures. The internal auditor of accounts receivable, four payables supervisors, and numerous should be alert staff in other for the diversion of funds for personal use through such methods as financial positions. unrecorded 3. sales and falsified expenditures. Rapid turnover in financial positions Purchasing policy requires three bids. However, the supervisor of may signify purchasing at existing problems with which the individuals feel uncomfortable but the subsidiary has instituted a policy of sole-source procurement to that they do reduce the not want to disclose. Accountability for funds and other resources number of suppliers. should be 4. determined upon termination of employment. Use of sole-source When conducting a financial audit of the subsidiary, the internal procurement auditor should does not encourage competition to ensure that the organization is A. Most likely not detect 1., 2., or 3. obtaining the B. Ignore 2. since the economy had a downturn during this period. required materials or equipment at the best price. Sole-source posted to the accounts receivable and accounts payable subsidiary procurement, if not ledgers; having adequately justified, indicates potential favoritism or kickbacks. the same person maintain both does not create a control weakness. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. To establish accountability for petty cash, (720 questions) only one Copyright 2013 Gleim Publications Inc. Page 217 person should have access to the fund. Printed for Sanja Knezevic Gleim CIA Test Prep: Part 1 - Internal Audit Basics [404] Gleim #: 4.5.75 (720 questions) An internal auditor should be concerned about the possibility of fraud Copyright 2013 Gleim Publications Inc. Page 218 if Printed for Sanja Knezevic Cash receipts, net of the amounts used to pay petty cash-type fb.com/ciaaofficial expenditures, are [405] Gleim #: 4.5.76 deposited in the bank daily. Randy and John had known each other A. for many years. They had become best The monthly bank statement reconciliation is performed by the same friends in college, where they both employee majored in accounting. After graduation, who maintains the perpetual inventory records. Randy took over the family business from B. his father. His family had been in the The accounts receivable subsidiary ledger and accounts payable grocery business for several generations. subsidiary ledger When John had difficulty finding a job, are maintained by the same person. Randy offered him a job in the family C. store. John proved to be a very capable One person, acting alone, has sole access to the petty cash fund employee. As John demonstrated his (except for a abilities, Randy began delegating more provision for occasional surprise counts by a supervisor or auditor). and more responsibility to him. After a D. period of time, John was doing all of the Answer (A) is correct. Paying petty cash expenditures from cash general accounting and authorization receipts functions for checks, cash, inventories, facilitates the unauthorized removal of cash before deposit. All cash documents, records, and bank receipts reconciliations. (1) John was trusted should be deposited intact daily. Petty cash expenditures should be completely and handled all financial handled functions. No one checked his work. through an imprest fund. Randy decided to expand the business Answer (B) is incorrect. The monthly bank reconciliation should not and opened several new stores. (2) Randy be was always handling the most urgent performed by a person who makes deposits or writes checks, but the problem . . . “crisis management” is inventory what his college professors had termed it. clerk has no such responsibilities. John assisted with the problems when his Answer (C) is incorrect. There is no direct relationship between the other duties allowed him time. transactions Although successful at work, John had (3) difficulties with personal financial Answer (A) is incorrect. Complete trust is an opportunity to commit a problems. fraud. At first, the amounts stolen by John were Answer (B) is incorrect. Complete trust is an opportunity to commit a small. John didn’t even worry about fraud. making the accounts balance. But John Answer (C) is correct. Complete trust in an individual is an became greedy. “How easy it is to take the opportunity to money,” he said. He felt that he was a commit fraud. John’s actions went unscrutinized because of the critical member of the business team absence of an (4) and that he contributed much more to appropriate segregation of functions and his ability to override the success of the company than was whatever control represented by his salary. “It would take procedures were in place. two or three people to replace me,” he Answer (D) is incorrect. Complete trust is an opportunity to commit often thought to himself. As the amounts a fraud. became larger and larger, (5) he made the Gleim CIA Test Prep: Part 1 - Internal Audit Basics books balance. Because of these (720 questions) activities, John was able to purchase an Copyright 2013 Gleim Publications Inc. Page 219 expensive car and take his family on Printed for Sanja Knezevic several trips each year. (6) He also joined [406] Gleim #: 4.5.77 an expensive country club. Things were Randy and John had known each other changing at home, however. (7) John’s for many years. They had become best family observed that he was often friends in college, where they both argumentative and at other times very majored in accounting. After graduation, depressed. Randy took over the family business from The fraud continued for 6 years. Each his father. His family had been in the year, the business performed more and grocery business for several generations. more poorly. In the last year, the stores When John had difficulty finding a job, had a substantial net loss. Randy’s bank Randy offered him a job in the family required an audit. John confessed when he store. John proved to be a very capable thought the auditors had discovered his employee. As John demonstrated his embezzlements. abilities, Randy began delegating more When discussing frauds, the pressures, and more responsibility to him. After a opportunities, and rationalizations that period of time, John was doing all of the cause/allow a perpetrator to commit the general accounting and authorization fraud are often identified. Symptoms of functions for checks, cash, inventories, fraud are also studied. documents, records, and bank Number 1, “John was trusted completely . . .,” is an example of a(n) reconciliations. (1) John was trusted A. Document symptom. completely and handled all financial B. Situational pressure. functions. No one checked his work. C. Opportunity to commit. Randy decided to expand the business D. Physical symptom. and opened several new stores. (2) Randy was always handling the most urgent fraud are also studied. problem . . . “crisis management” is Number 2, “Randy was always handling the most urgent . . .,” is an what his college professors had termed it. example of a(n) John assisted with the problems when his Opportunity A. to commit. other duties allowed him time. B. Analytical symptom. Although successful at work, John had C. Situational pressure. (3) difficulties with personal financial D. Rationalization. problems. Answer (A) is correct. When a manager continually handles the At first, the amounts stolen by John were most pressing small. John didn’t even worry about issues of a company, an opportunity for the manager to commit fraud making the accounts balance. But John is created. became greedy. “How easy it is to take the The lack of long-range planning creates a potential for fraud because money,” he said. He felt that he was a organizational objectives may have been replaced with individual critical member of the business team initiatives. (4) and that he contributed much more to Answer (B) is incorrect. Crisis management provides an opportunity the success of the company than was to commit represented by his salary. “It would take fraud. two or three people to replace me,” he Answer (C) is incorrect. Crisis management provides an opportunity often thought to himself. As the amounts to commit became larger and larger, (5) he made the fraud. books balance. Because of these Answer (D) is incorrect. Crisis management provides an opportunity activities, John was able to purchase an to commit expensive car and take his family on Gleim CIA Test Prep: Part 1 - Internal Audit Basics several trips each year. (6) He also joined (720 questions) an expensive country club. Things were Copyright 2013 Gleim Publications Inc. Page 220 changing at home, however. (7) John’s Printed for Sanja Knezevic family observed that he was often fb.com/ciaaofficial argumentative and at other times very [407] Gleim #: 4.5.78 depressed. Randy and John had known each other The fraud continued for 6 years. Each for many years. They had become best year, the business performed more and friends in college, where they both more poorly. In the last year, the stores majored in accounting. After graduation, had a substantial net loss. Randy’s bank Randy took over the family business from required an audit. John confessed when he his father. His family had been in the thought the auditors had discovered his grocery business for several generations. embezzlements. When John had difficulty finding a job, When discussing frauds, the pressures, Randy offered him a job in the family opportunities, and rationalizations that store. John proved to be a very capable cause/allow a perpetrator to commit the employee. As John demonstrated his fraud are often identified. Symptoms of abilities, Randy began delegating more and more responsibility to him. After a year, the business performed more and period of time, John was doing all of the more poorly. In the last year, the stores general accounting and authorization had a substantial net loss. Randy’s bank functions for checks, cash, inventories, required an audit. John confessed when he documents, records, and bank thought the auditors had discovered his reconciliations. (1) John was trusted embezzlements. completely and handled all financial When discussing frauds, the pressures, functions. No one checked his work. opportunities, and rationalizations that Randy decided to expand the business cause/allow a perpetrator to commit the and opened several new stores. (2) Randy fraud are often identified. Symptoms of was always handling the most urgent fraud are also studied. problem . . . “crisis management” is Number 3, “Difficulties with personal financial problems,” is an what his college professors had termed it. example of a(n) John assisted with the problems when his A. Behavioral symptom. other duties allowed him time. B. Situational pressure. Although successful at work, John had C. Rationalization. (3) difficulties with personal financial D. Opportunity to commit. problems. Gleim CIA Test Prep: Part 1 - Internal Audit Basics At first, the amounts stolen by John were (720 questions) small. John didn’t even worry about Copyright 2013 Gleim Publications Inc. Page 221 making the accounts balance. But John Printed for Sanja Knezevic became greedy. “How easy it is to take the Answer (A) is incorrect. Personal financial problems are a money,” he said. He felt that he was a situational pressure to critical member of the business team commit a fraud. (4) and that he contributed much more to Answer (B) is correct. Financial difficulties create situational the success of the company than was pressures or temptations represented by his salary. “It would take that may contribute to fraud. These situational pressures result from two or three people to replace me,” he high personal often thought to himself. As the amounts indebtedness, extravagant lifestyles, gambling problems, etc. became larger and larger, (5) he made the Answer (C) is incorrect. Personal financial problems are a books balance. Because of these situational pressure to activities, John was able to purchase an commit a fraud. expensive car and take his family on Answer (D) is incorrect. Personal financial problems are a several trips each year. (6) He also joined situational pressure to an expensive country club. Things were commit a fraud. changing at home, however. (7) John’s Gleim CIA Test Prep: Part 1 - Internal Audit Basics family observed that he was often (720 questions) argumentative and at other times very Copyright 2013 Gleim Publications Inc. Page 222 depressed. Printed for Sanja Knezevic The fraud continued for 6 years. Each fb.com/ciaaofficial [408] Gleim #: 4.5.79 two or three people to replace me,” he Randy and John had known each other often thought to himself. As the amounts for many years. They had become best became larger and larger, (5) he made the friends in college, where they both books balance. Because of these majored in accounting. After graduation, activities, John was able to purchase an Randy took over the family business from expensive car and take his family on his father. His family had been in the several trips each year. (6) He also joined grocery business for several generations. an expensive country club. Things were When John had difficulty finding a job, changing at home, however. (7) John’s Randy offered him a job in the family family observed that he was often store. John proved to be a very capable argumentative and at other times very employee. As John demonstrated his depressed. abilities, Randy began delegating more The fraud continued for 6 years. Each and more responsibility to him. After a year, the business performed more and period of time, John was doing all of the more poorly. In the last year, the stores general accounting and authorization had a substantial net loss. Randy’s bank functions for checks, cash, inventories, required an audit. John confessed when he documents, records, and bank thought the auditors had discovered his reconciliations. (1) John was trusted embezzlements. completely and handled all financial When discussing frauds, the pressures, functions. No one checked his work. opportunities, and rationalizations that Randy decided to expand the business cause/allow a perpetrator to commit the and opened several new stores. (2) Randy fraud are often identified. Symptoms of was always handling the most urgent fraud are also studied. problem . . . “crisis management” is Number 4, “and that he contributed much more . . .,” is an example of what his college professors had termed it. a John assisted with the problems when his A. Rationalization. other duties allowed him time. B. Behavioral symptom. Although successful at work, John had C. Situational pressure. (3) difficulties with personal financial D. Physical symptom. problems. Gleim CIA Test Prep: Part 1 - Internal Audit Basics At first, the amounts stolen by John were (720 questions) small. John didn’t even worry about Copyright 2013 Gleim Publications Inc. Page 223 making the accounts balance. But John Printed for Sanja Knezevic became greedy. “How easy it is to take the Answer (A) is correct. Rationalization occurs when a person money,” he said. He felt that he was a attributes his/her actions critical member of the business team to rational and creditable motives without analysis of one’s true and (4) and that he contributed much more to especially the success of the company than was unconscious motives. Feeling that one is not being paid as much as represented by his salary. “It would take one is worth is a common rationalization for low-level fraud. what his college professors had termed it. Answer (B) is incorrect. The belief that compensation is inadequate John assisted with the problems when his is a possible other duties allowed him time. rationalization for improprieties. Although successful at work, John had Answer (C) is incorrect. The belief that compensation is inadequate (3) difficulties with personal financial is a possible problems. rationalization for improprieties. At first, the amounts stolen by John were Answer (D) is incorrect. The belief that compensation is inadequate small. John didn’t even worry about is a possible making the accounts balance. But John rationalization for improprieties. became greedy. “How easy it is to take the Gleim CIA Test Prep: Part 1 - Internal Audit Basics money,” he said. He felt that he was a (720 questions) critical member of the business team Copyright 2013 Gleim Publications Inc. Page 224 (4) and that he contributed much more to Printed for Sanja Knezevic the success of the company than was fb.com/ciaaofficial represented by his salary. “It would take [409] Gleim #: 4.5.80 two or three people to replace me,” he Randy and John had known each other often thought to himself. As the amounts for many years. They had become best became larger and larger, (5) he made the friends in college, where they both books balance. Because of these majored in accounting. After graduation, activities, John was able to purchase an Randy took over the family business from expensive car and take his family on his father. His family had been in the several trips each year. (6) He also joined grocery business for several generations. an expensive country club. Things were When John had difficulty finding a job, changing at home, however. (7) John’s Randy offered him a job in the family family observed that he was often store. John proved to be a very capable argumentative and at other times very employee. As John demonstrated his depressed. abilities, Randy began delegating more The fraud continued for 6 years. Each and more responsibility to him. After a year, the business performed more and period of time, John was doing all of the more poorly. In the last year, the stores general accounting and authorization had a substantial net loss. Randy’s bank functions for checks, cash, inventories, required an audit. John confessed when he documents, records, and bank thought the auditors had discovered his reconciliations. (1) John was trusted embezzlements. completely and handled all financial When discussing frauds, the pressures, functions. No one checked his work. opportunities, and rationalizations that Randy decided to expand the business cause/allow a perpetrator to commit the and opened several new stores. (2) Randy fraud are often identified. Symptoms of was always handling the most urgent fraud are also studied. problem . . . “crisis management” is Number 5, “he made the books balance,” is an example of a(n) A. Physical symptom. and more responsibility to him. After a B. Analytical symptom. period of time, John was doing all of the C. Lifestyle symptom. general accounting and authorization D. Document symptom. functions for checks, cash, inventories, Gleim CIA Test Prep: Part 1 - Internal Audit Basics documents, records, and bank (720 questions) reconciliations. (1) John was trusted Copyright 2013 Gleim Publications Inc. Page 225 completely and handled all financial Printed for Sanja Knezevic functions. No one checked his work. Answer (A) is incorrect. Making the “books balance” is an example Randy decided to expand the business of a document and opened several new stores. (2) Randy symptom. was always handling the most urgent Answer (B) is incorrect. Making the “books balance” is an example problem . . . “crisis management” is of a document what his college professors had termed it. symptom. John assisted with the problems when his Answer (C) is incorrect. Making the “books balance” is an example other duties allowed him time. of a document Although successful at work, John had symptom. (3) difficulties with personal financial Answer (D) is correct. Tampering with the company’s books is a problems. document symptom. At first, the amounts stolen by John were In other words, the indicator of fraud consists of the changes in small. John didn’t even worry about actual company making the accounts balance. But John records. became greedy. “How easy it is to take the Gleim CIA Test Prep: Part 1 - Internal Audit Basics money,” he said. He felt that he was a (720 questions) critical member of the business team Copyright 2013 Gleim Publications Inc. Page 226 (4) and that he contributed much more to Printed for Sanja Knezevic the success of the company than was fb.com/ciaaofficial represented by his salary. “It would take [410] Gleim #: 4.5.81 two or three people to replace me,” he Randy and John had known each other often thought to himself. As the amounts for many years. They had become best became larger and larger, (5) he made the friends in college, where they both books balance. Because of these majored in accounting. After graduation, activities, John was able to purchase an Randy took over the family business from expensive car and take his family on his father. His family had been in the several trips each year. (6) He also joined grocery business for several generations. an expensive country club. Things were When John had difficulty finding a job, changing at home, however. (7) John’s Randy offered him a job in the family family observed that he was often store. John proved to be a very capable argumentative and at other times very employee. As John demonstrated his depressed. abilities, Randy began delegating more The fraud continued for 6 years. Each year, the business performed more and grocery business for several generations. more poorly. In the last year, the stores When John had difficulty finding a job, had a substantial net loss. Randy’s bank Randy offered him a job in the family required an audit. John confessed when he store. John proved to be a very capable thought the auditors had discovered his employee. As John demonstrated his embezzlements. abilities, Randy began delegating more When discussing frauds, the pressures, and more responsibility to him. After a opportunities, and rationalizations that period of time, John was doing all of the cause/allow a perpetrator to commit the general accounting and authorization fraud are often identified. Symptoms of functions for checks, cash, inventories, fraud are also studied. documents, records, and bank Number 6, “He also joined an expensive country club,” is an example reconciliations. (1) John was trusted of a completely and handled all financial A. Rationalization. functions. No one checked his work. B. Lifestyle symptom. Randy decided to expand the business C. Behavioral symptom. and opened several new stores. (2) Randy D. Physical symptom. was always handling the most urgent Answer (A) is incorrect. Joining an expensive country club is an problem . . . “crisis management” is example of a what his college professors had termed it. lifestyle symptom. John assisted with the problems when his Answer (B) is correct. John was living beyond his means. The other duties allowed him time. change in lifestyle Although successful at work, John had was a symptom that indicated the presence of fraud. (3) difficulties with personal financial Answer (C) is incorrect. Joining an expensive country club is an problems. example of a At first, the amounts stolen by John were lifestyle symptom. small. John didn’t even worry about Answer (D) is incorrect. Joining an expensive country club is an making the accounts balance. But John example of a became greedy. “How easy it is to take the lifestyle symptom. money,” he said. He felt that he was a Gleim CIA Test Prep: Part 1 - Internal Audit Basics critical member of the business team (720 questions) (4) and that he contributed much more to Copyright 2013 Gleim Publications Inc. Page 227 the success of the company than was Printed for Sanja Knezevic represented by his salary. “It would take [411] Gleim #: 4.5.82 two or three people to replace me,” he Randy and John had known each other often thought to himself. As the amounts for many years. They had become best became larger and larger, (5) he made the friends in college, where they both books balance. Because of these majored in accounting. After graduation, activities, John was able to purchase an Randy took over the family business from expensive car and take his family on his father. His family had been in the several trips each year. (6) He also joined an expensive country club. Things were Copyright 2013 Gleim Publications Inc. Page 228 changing at home, however. (7) John’s Printed for Sanja Knezevic family observed that he was often fb.com/ciaaofficial argumentative and at other times very [412] Gleim #: 4.5.83 depressed. When comparing perpetrators who have embezzled an The fraud continued for 6 years. Each organization’s funds with year, the business performed more and perpetrators of financial statement fraud (falsified financial more poorly. In the last year, the stores statements), those who had a substantial net loss. Randy’s bank have falsified financial statements are less likely to required an audit. John confessed when he Have experienced an autocratic A. management style. thought the auditors had discovered his B. Be living beyond their obvious means of support. embezzlements. C. Rationalize the fraudulent behavior. When discussing frauds, the pressures, D. Use organizational expectations as justification for the act. opportunities, and rationalizations that Answer (A) is incorrect. Autocratic management styles have been cause/allow a perpetrator to commit the linked to fraud are often identified. Symptoms of management (financial statement) fraud. fraud are also studied. Answer (B) is correct. Living beyond one’s means has been linked Number 7, “John’s family observed that he was often argumentative . to employee . .,” is an fraud (embezzlement), not to financial statement fraud. Fraud example of a perpetrated for the A. Rationalization. benefit of the organization ordinarily benefits the wrongdoer B. Lifestyle symptom. indirectly, whereas C. Behavioral symptom. fraud that is detrimental to the organization provides immediate, D. Physical symptom. direct benefits to Answer (A) is incorrect. Being argumentative is an example of a the employee. behavioral Answer (C) is incorrect. Rationalization is common to all fraud. symptom. Answer (D) is incorrect. High expectations are often given as a Answer (B) is incorrect. Being argumentative is an example of a motivating factor behavioral by those who have committed financial statement fraud. symptom. [413] Gleim #: 4.5.84 Answer (C) is correct. A drastic change in an employee’s behavior Internal auditors should have knowledge about factors (red flags) may indicate that have proven to the presence of fraud. The guilt and the other forms of stress be associated with management fraud. Which of the following factors associated with have generally perpetrating and concealing the fraud may induce noticeable not been associated with management fraud? changes in behavior. A. Generous performance-based reward systems. Answer (D) is incorrect. Being argumentative is an example of a B. A domineering management. behavioral C. Regular comparison of actual results with budgets. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. A management preoccupation with increased financial (720 questions) performance. Answer (A) is incorrect. Generous reward systems provide Answer (A) is correct. An increase in sales far out of proportion to incentives for the increase in management to distort performance. cost of goods sold is an indicator of possible fraud. Answer (B) is incorrect. Pressure from superiors provides an Answer (B) is incorrect. A gross profit margin of 50% is not an incentive for indicator of management to distort performance. fraud. Manufacturers can expect a range of 40-60% for this ratio. Answer (C) is correct. Regular comparison of actual results to Answer (C) is incorrect. These data indicate an industry gross profit budgets provides margin of feedback and is a normal and necessary part of the control loop. 50% and host firm gross profit margin of 40%. The greater gross Ineffective profit margin control is an indicator of possible fraud. realized by the host firm may result from any number of reasonable Answer (D) is incorrect. A management preoccupation with causes. These increased financial include (1) greater efficiencies exercised by the host firm, (2) greater performance provides an incentive for managers to distort sales effort performance. (or a more highly accepted product), and (3) measurement errors. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. These data indicate an industry gross profit (720 questions) margin of Copyright 2013 Gleim Publications Inc. Page 229 40% and a host firm gross profit margin of 50%. The lower gross Printed for Sanja Knezevic profit margin [414] Gleim #: 4.5.85 realized by the host firm may result from such causes as (1) host firm Which of the following is an indicator of possible financial reporting inefficiencies; (2) less acceptance of host firm product, or less sales fraud being effort; and perpetrated by management of a manufacturer? (3) measurement errors. A trend analysis discloses (1) sales increases of 50% and (2) cost of [415] Gleim #: 4.5.86 goods sold Which of the following would indicate that fraud may be taking place increases of 25%. in a marketing A. department? A ratio analysis discloses that cost of goods sold B. is 50% of sales. There is no documentation for some fairly large expenditures made A cross-sectional analysis of common size statements discloses that to a new (1) the firm’s vendor. percentage of cost of goods sold to sales is 40% and (2) the industry A. average A manager appears to be living a lifestyle that is in excess of what percentage of cost of goods sold to sales is 50%. could be C. provided by a marketing manager’s salary. A cross-sectional analysis of common size statements discloses that B. (1) the firm’s The control environment can best be described as “very loose.” percentage of cost of goods sold to sales is 50% and (2) the industry However, this average attitude is justified by management on the grounds that it is needed percentage of cost of goods sold to sales is 40%. for creativity. D. C. D. All of the answers are correct. authorized for payment by the general manager, that showed the Gleim CIA Test Prep: Part 1 - Internal Audit Basics general manager’s (720 questions) father as the person who signed for the receipt of the material at the Copyright 2013 Gleim Publications Inc. Page 230 supplier. Which is Printed for Sanja Knezevic not a symptom of fraud as described in this situation? fb.com/ciaaofficial Purchased material is not received by authorized organizational A. Answer (A) is incorrect. A manager’s excessive lifestyle and a loose personnel. control B. Routine controls are suspended for certain transactions. environment are also possible fraud indicators. Purchased material is not delivered to a central location on the Answer (B) is incorrect. Large undocumented purchases and a organization’s loose control premises. environment are also possible fraud indicators. C. Answer (C) is incorrect. Large undocumented purchases and a D. The use of blanket purchase orders. manager’s excessive Answer (A) is incorrect. The receipt of goods or services by non- lifestyle are also possible fraud indicators. organizational Answer (D) is correct. Among the many indicators of possible fraud personnel is a symptom of fraud. are lack of timely Answer (B) is incorrect. Suspension of normal and appropriate and appropriate documentation (including information about procedures is a authorization) for fraud indicator. material transactions, suspicious lifestyle characteristics of Answer (C) is incorrect. The receipt of goods or services off-site is a employees in a position to symptom of commit fraud, and management’s failure to display and communicate fraud. an appropriate Answer (D) is correct. Fraud is characterized by intentional attitude toward internal control. deception and can be [416] Gleim #: 4.5.87 perpetrated for the benefit or to the detriment of the organization. When an internal auditor followed up on a significant increase in The use of maintenance supplies blanket purchase orders is a normal business practice. during the past year, a purchasing agent explained to the internal Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditor that the (720 questions) primary reason for the increase was painting services and supplies. Copyright 2013 Gleim Publications Inc. Page 231 The internal Printed for Sanja Knezevic auditor found a blanket purchase order without the normal bid or [417] Gleim #: 4.5.88 quote When an internal auditor followed up on a significant increase in documentation. The blanket purchase order had been signed by the maintenance supplies general manager during the past year, a purchasing agent explained to the internal and named the general manager’s father as the sole contractor for auditor that the painting services on primary reason for the increase was painting services and supplies. the organization’s projects. The auditor also found a number of large The internal invoices, auditor found a blanket purchase order without the normal bid or quote documentation. The blanket purchase order had been signed by the Bank management suspects that a bank loan officer frequently made general manager loans to fictitious and named the general manager’s father as the sole contractor for entities, disbursed loan proceeds to personally established accounts, painting services on and then let the the organization’s projects. The auditor also found a number of large loans go into default. Some pertinent facts about the loan officer invoices, include authorized for payment by the general manager, that showed the A high standard of living, explained as the result of sound general manager’s investments and not father as the person who signed for the receipt of the material at the taking vacations; supplier. What is An expensive personal car obtained through business contacts; the common indicator of fraud recognized by the internal auditor in Gasoline and repair bills submitted for a car assigned by the bank this scenario? that are higher Analytical procedures revealed an extraordinary increase in A. than the organization’s average (mileage logs were submitted on a account balances. quarterly B. Paint and supplies are being purchased for a contractor. basis); and The purchasing agent is selecting the contractor on the basis of a Marked annoyance with questions from internal auditors. blanket purchase In this situation, typical indicators of the suspected fraud include all of order. the following C. except D. Invoices are being authorized for payment by the general A. Not taking an annual vacation. manager. B. Becoming easily annoyed with auditor inquiries about Answer (A) is correct. Analytical procedures are commonly questionable loans. performed by C. Explaining a high standard of living as the result of investments. internal auditors to assess information collected in an engagement. D. Submitting gasoline and repair bills that are higher than company The average. assessment results from comparing information with expectations Gleim CIA Test Prep: Part 1 - Internal Audit Basics identified or (720 questions) developed by the internal auditor. Thus, an extraordinary increase in Copyright 2013 Gleim Publications Inc. Page 232 an account Printed for Sanja Knezevic balance should be detected and investigated as the result of fb.com/ciaaofficial applying analytical Answer (A) is incorrect. Not taking an annual vacation suggests that methods. the loan officer Answer (B) is incorrect. The provision of paint is not an issue. fears discovery of wrongdoing in his/her absence. Answer (C) is incorrect. The purchasing agent is fulfilling this Answer (B) is incorrect. Becoming defensive may indicate a guilty responsibility in conscience. accordance with the authority of a purchasing agent’s position. Answer (C) is incorrect. A high standard of living may be Answer (D) is incorrect. The general manager may appropriately inconsistent with the loan authorize officer’s income. payment. Answer (D) is correct. Submitting gasoline and repair bills that are [418] Gleim #: 4.5.89 higher than average is not correlated with making fraudulent loans. These factors volume. are not [420] Gleim #: 4.5.91 controllable by the loan officer, so they cannot be indicators of An unexpected decrease in which of the following ratios could unusual activity by indicate that fictitious him/her. inventory has been recorded? [419] Gleim #: 4.5.90 A. Average collection period. Bank management suspects that a bank loan officer frequently made B. Total asset turnover. loans to fictitious C. Price-earnings. entities, disbursed loan proceeds to personally established accounts, D. Current. and then let the Gleim CIA Test Prep: Part 1 - Internal Audit Basics loans go into default. Some pertinent facts about the loan officer (720 questions) include Copyright 2013 Gleim Publications Inc. Page 233 A high standard of living, explained as the result of sound Printed for Sanja Knezevic investments and not Answer (A) is incorrect. The average collection period equals taking vacations; average receivables An expensive personal car obtained through business contacts; divided by average daily net sales. An increase in reported inventory Gasoline and repair bills submitted for a car assigned by the bank does not affect it. that are higher Answer (B) is correct. The total asset turnover ratio equals sales than the organization’s average (mileage logs were submitted on a divided by total quarterly assets. An increase in reported inventory will increase total assets basis); and and decrease the Marked annoyance with questions from internal auditors. ratio. The most appropriate trend analysis to indicate this potential fraud is Answer (C) is incorrect. The price-earnings ratio (price per share ÷ Loan default rates A. by loan officer. EPS) is not B. Accumulation of unpaid vacation days. directly affected by fictitious inventory. C. Automobile operating expenses by loan officer. Answer (D) is incorrect. The current ratio (current assets ÷ current D. Total monetary volume of loans by loan officer. liabilities) is Answer (A) is correct. Trend analysis would detect an unexplained increased when fictitious inventory is recorded. increase in the [421] Gleim #: 4.5.92 default rate caused by bogus loans. Which of the following is an indicator of increased risk of fraud? The Answer (B) is incorrect. Trend analysis would not detect annual treasurer vacation not Takes all vacations and has just accepted a promotion to vice taken. president A. of finance. Answer (C) is incorrect. Although trend analysis could detect higher B. Takes no vacations and has just accepted a promotion to vice than average president of finance. expenses for operation of the car, these expenses have no C. Takes all vacations and has refused promotion to vice president of relationship to suspected finance. fraudulent loans. D. Takes no vacations and has refused promotion to vice president Answer (D) is incorrect. The default rate is a better indicator than of finance. monetary Answer (A) is incorrect. This combination of behaviors is not D. Stockroom personnel record cycle count information. unusual. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. This combination of behaviors is not (720 questions) unusual. Copyright 2013 Gleim Publications Inc. Page 234 Answer (C) is incorrect. This combination of behaviors is not Printed for Sanja Knezevic unusual. fb.com/ciaaofficial Answer (D) is correct. An employee who refuses to take vacations Answer (A) is correct. The opportunity for fraud has been increased and turns because down promotions is engaging in classic behavior that indicates the stockroom personnel select the items for cycle count (poor internal need to conceal control). Selection an ongoing fraud. of items should be based on relative values or the relationship of an [422] Gleim #: 4.5.93 item to the total An engagement had been scheduled by the chief audit executive to volume of transactions. Moreover, personnel who do not have address unusual custodial or inventory shortages revealed in the annual physical inventory recordkeeping responsibilities should control the counts. process at a large Answer (B) is incorrect. An appropriate and effective cycle count consumer goods warehouse operation. A cycle count program had process should been installed in the improve control. storeroom at the beginning of the year in place of the disruptive Answer (C) is incorrect. The number of adjustments is not indicative process of counting of the level of one entire product line at the end of each month. The cycle count control in this situation. program appeared Answer (D) is incorrect. A properly controlled cycle count process effective because only nine minor adjustments had been made for could involve the entire year on stockroom personnel in performing counts. the several thousand different products located in the storeroom. The [423] Gleim #: 4.5.94 storeroom The internal audit activity has been assigned to perform an supervisor explained that each of the 15 stockroom personnel engagement involving a selected one item each division. Based on background review, the internal auditor knows the day for cycle count based on how efficiently the item could be following about counted. The management policies: opportunity for control-related problems including fraud has been Organizational policy is to rapidly promote divisional managers who increased in the show stockroom because significant success. Thus, successful managers rarely stay at a A. Items for cycle count are selected by stockroom personnel. division for more B. A cycle count program has been installed in place of a less than 3 years. efficient program. A significant portion of division management’s compensation comes Only nine minor adjustments have been recorded as a result of the in the form cycle count of bonuses based on the division’s profitability. process. The division was identified by senior management as a turnaround C. opportunity. The division is growing but is not scheduled for a full audit by the external techniques used to commit fraud, and the types of frauds associated auditors this with the activities year. The division has been growing about 7% per year for the past 3 reviewed. For example, performance may be distorted because years and uses a promotion and standard cost system. compensation (e.g., bonuses) are tied to profitability. During the preliminary review, the internal auditor notes the following Answer (D) is incorrect. Not all responses are red flags. changes in [424] Gleim #: 4.5.95 financial data compared with the prior year: An internal auditor is investigating the performance of a division with Sales have increased by 10%. an unusually Cost of goods sold has increased by 2%. large increase in sales, gross margin, and profit. Which of the Inventory has increased by 15%. following indicators is Divisional net profit has increased by 8%. least likely to indicate the possibility of sales-related fraud in the Which of the following items might alert the internal auditor to the division? possibility of fraud A significant portion of divisional management’s compensation is in the division? based on The division is not scheduled for an external A. audit this year. reported divisional profits. B. Sales have increased by 10%. A. A significant portion of management’s compensation is directly tied to There is an unusually large amount of sales returns recorded B. after reported year end. net profit of the division. The internal auditor has taken a random sample of sales invoices but C. cannot locate D. All of the answers are correct. a shipping document for a number of the sales transactions selected Gleim CIA Test Prep: Part 1 - Internal Audit Basics for November (720 questions) and December. Copyright 2013 Gleim Publications Inc. Page 235 C. Printed for Sanja Knezevic D. One of the division’s major competitors went out of business Answer (A) is incorrect. The lack of a scheduled external audit is not during the year. an indicator of Answer (A) is incorrect. Basing management compensation on fraud. reported profits Answer (B) is incorrect. Sales have normally been increasing by creates an incentive for fraud. about 7% at this Answer (B) is incorrect. An unusually large amount of sales returns division. Thus, an increase of 10%, by itself, is not unexpected and after year end does not raise a red may indicate that invalid sales were recorded near the end of the flag. year. Answer (C) is correct. The internal auditor’s responsibilities for Answer (C) is incorrect. The lack of shipping documents may detecting fraud indicate that include having sufficient knowledge of fraud to be able to identify invalid sales were recorded during November and December. indicators that fraud Answer (D) is correct. A decrease in the number of competitors may have been committed. This knowledge includes the during the year is characteristics of fraud, the a potential explanation for the increase in sales and profits. [425] Gleim #: 4.5.96 A. Which of the following is most likely to be considered an indication of An individual has held the same cash-handling job for an extended possible fraud? period without A. The replacement of the management team after a hostile any rotation of duties. takeover. B. B. Rapid turnover of the organization’s financial executives. An individual handling marketable securities is responsible for C. Rapid expansion into new markets. making the D. A government audit of the organization’s tax returns. purchases, recording the purchases, and reporting any discrepancies Gleim CIA Test Prep: Part 1 - Internal Audit Basics and gains or (720 questions) losses to senior management. Copyright 2013 Gleim Publications Inc. Page 236 C. Printed for Sanja Knezevic The assignment of responsibility and accountability in the accounts fb.com/ciaaofficial receivable Answer (A) is incorrect. The replacement of the management team department is not clear. after a hostile D. takeover is not unusual. Answer (A) is correct. Delegating authority for purchases below a Answer (B) is correct. Even the most effective internal control can certain limit is sometimes be a common and an acceptable control procedure aimed at limiting risk circumvented, perhaps by collusion of two or more employees. Thus, while an auditor must promoting efficiency. It is not, by itself, considered a condition that be sensitive to certain conditions that might indicate the existence of indicates a fraud, including higher likelihood of fraud. high personnel turnover. In the case of financial executives, high Answer (B) is incorrect. Lack of rotation of duties or cross-training turnover may suggest for sensitive a pattern of inflation of profits to obtain bonuses or other benefits, to jobs is an identified red flag. secure Answer (C) is incorrect. An inappropriate segregation of duties is an advantages in the marketplace, or to conceal incompetence or rash identified actions. red flag. The same person should not authorize, execute, and Answer (C) is incorrect. Rapid expansion into new markets is not account for unusual. transactions and have custody of the assets. Answer (D) is incorrect. A government audit of the organization’s tax Answer (D) is incorrect. Lack of recorded accountability for assets is returns is not an unusual. identified red flag. [426] Gleim #: 4.5.97 [427] Gleim #: 4.5.98 Which of the following would not be considered a condition that The most common motivation for management fraud is the existence indicates a higher of likelihood of fraud? Vices, such as A. a gambling habit. Management has delegated the authority to make purchases under a B. Job dissatisfaction. certain C. Financial pressures on the organization. monetary limit to subordinates. D. The challenge of committing the perfect crime. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. Debiting the stolen asset account simply (720 questions) increases the Copyright 2013 Gleim Publications Inc. Page 237 discrepancy between the recorded amount and the amount on hand. Printed for Sanja Knezevic Answer (C) is incorrect. An entry decreasing revenue is unusual and Answer (A) is incorrect. Vices are an example of motivators of fraud would perpetratedrfor attract attention. the benefit of individuals and to the organization’s detriment. Answer (D) is incorrect. This entry would not permanently conceal Answer (B) is incorrect. Job dissatisfaction is an example of the fraud. It motivators of fraud would simply shift the irreconcilable balance to another asset perpetrated for the benefit of individuals and to the organization’s account. detriment. [429] Gleim #: 5.1.1 Answer (C) is correct. Management fraud benefits organizations In a sampling application, the group of items about which the auditor rather than wants to individuals, so the existence of financial pressures is the most estimate some characteristic is called the common motivation. A. Population. Management perpetrators attempt to make their financial statements B. Attribute of interest. appear more C. Sample. attractive because of the financial pressures of restrictive loan D. Sampling unit. covenants, a poor cash Gleim CIA Test Prep: Part 1 - Internal Audit Basics position, loss of significant customers, etc. (720 questions) Answer (D) is incorrect. The challenge of committing the perfect Copyright 2013 Gleim Publications Inc. Page 238 crime is an example Printed for Sanja Knezevic of motivators of fraud perpetrated for the benefit of individuals and to fb.com/ciaaofficial the Answer (A) is correct. The population is the group of items about organization’s detriment. which an auditor [428] Gleim #: 4.5.99 wishes to draw conclusions. Which of the following fraudulent entries is most likely to be made to Answer (B) is incorrect. The attribute of interest is the characteristic conceal the theft of the population of an asset? the auditor wants to estimate. Debit expenses and A. credit the asset. Answer (C) is incorrect. The sample is a subset of the population B. Debit the asset and credit another asset account. used to estimate the C. Debit revenue and credit the asset. characteristic. D. Debit another asset account and credit the asset. Answer (D) is incorrect. A sampling unit is the item that is actually Answer (A) is correct. Most fraud perpetrators attempt to conceal selected for their theft by examination. It is a subset of the population. charging it against an expense account. The result is that the [430] Gleim #: 5.1.2 recorded asset The variability of a population, as measured by the standard balance equals the actual amount on hand, and applying procedures deviation, is the to it will not Extent to which the individual values of the items in the population detect the theft. are spread about the mean. Answer (B) is incorrect. The range is the difference between the A. largest and Degree of asymmetry B. of a distribution. smallest values in a sample. It is a crude measure of variability but is Tendency of the means of large samples (at least 30 items) to be not used to normally estimate population variability. distributed. Answer (C) is correct. The standard deviation is a measure of C. variability. If the Measure of the closeness of a sample estimate to a corresponding sample is representative, its standard deviation will approximate that population of the characteristic. population. D. Answer (D) is incorrect. Confidence interval is a synonym for Answer (A) is correct. The standard deviation measures the degree precision. It is the of dispersion range around a sample statistic that is expected to contain the true of items in a population about its mean. population Answer (B) is incorrect. The dispersion of items in a population is parameter. not a function Gleim CIA Test Prep: Part 1 - Internal Audit Basics of the degree of asymmetry of the distribution. For example, a (720 questions) distribution may be Copyright 2013 Gleim Publications Inc. Page 239 skewed (positively or negatively) with a large or small standard Printed for Sanja Knezevic deviation. [432] Gleim #: 5.1.4 Answer (C) is incorrect. The central limit theorem states that the The measure of variability most useful in variables sampling is the distribution of A. Median. sample means for large samples should be normally distributed even B. Range. if the C. Standard deviation. underlying population is not. D. Mean. Answer (D) is incorrect. Precision is the interval about the sample Answer (A) is incorrect. The median (the value at the 50th statistic within percentile) measures which the true value is expected to fall. central tendency, not variability. [431] Gleim #: 5.1.3 Answer (B) is incorrect. The range (difference between the largest The measure of variability of a statistical sample that serves as an and smallest estimate of the values) has far less significance than the standard deviation. population variability is the Answer (C) is correct. The standard deviation is a mathematical A. Basic precision. measure of the B. Range. variability of items in a population about its mean. C. Standard deviation. Answer (D) is incorrect. The mean (arithmetic average) measures D. Confidence interval. central Answer (A) is incorrect. Basic precision is the range around the tendency, not variability. sample statistic [433] Gleim #: 5.1.5 that is expected to contain the true population parameter. In sampling applications, the standard deviation represents a measure of the A. Expected error rate. distributed population, the confidence level is the percentage of all B. Level of confidence desired. the precision C. Degree of data variability. intervals that may be constructed from simple random samples that D. Extent of precision achieved. will include the Answer (A) is incorrect. The expected error rate is associated with population value. In practice, the confidence level is regarded as the attribute probability that a sampling. precision interval calculated from a simple random sample drawn Answer (B) is incorrect. The desired confidence level is determined from a normally by the distributed population will contain the population value. internal auditor’s judgment. Answer (D) is incorrect. The standard error of the mean is the Answer (C) is correct. The standard deviation measures the standard deviation of variability within a the distribution of sample means. population. [435] Gleim #: 5.1.7 Answer (D) is incorrect. The extent of precision achieved in A 90% confidence interval for the mean of a population based on the variables sampling is information in a computed using the standard deviation. sample always implies that there is a 90% chance that the [434] Gleim #: 5.1.6 Estimate is equal to the true A. population mean. A specified range is based on an estimate of a population B. True population mean is no larger than the largest endpoint of the characteristic calculated interval. from a random sample. The probability that the range contains the C. Standard deviation will not be any greater than 10% of the true population population mean. value is the D. True population mean lies within the specified confidence interval. A. Error rate. Answer (A) is incorrect. Computation of a confidence interval B. Lower precision limit. permits the C. Confidence level. probability that the interval contains the population value to be D. Standard error of the mean. quantified. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. Two-sided confidence intervals are more (720 questions) common. The Copyright 2013 Gleim Publications Inc. Page 240 area in each tail of a two-sided, 90% interval is 5%. Printed for Sanja Knezevic Answer (C) is incorrect. The confidence interval is based on the fb.com/ciaaofficial standard Answer (A) is incorrect. The error rate in an attribute sampling deviation, but it has no bearing on the size of the standard deviation. application is the Answer (D) is correct. The confidence level, e.g., 90%, is specified proportion of incorrect items in a population. by the Answer (B) is incorrect. The lower precision limit is the lower bound auditor. A confidence interval based on the specified confidence of the interval level, also called constructed from the sample result at a specified confidence level. precision, is the range around a sample value that is expected to Answer (C) is correct. In principle, given repeated sampling and a contain the true normally population value. In this situation, if the population is normally distributed and repeated simple random samples are taken, the probability is that B. The adverse consequences of noncompliance. 90% of the C. The acceptable level of risk of making an incorrect audit confidence intervals constructed around the sample results will conclusion. contain the D. The cost of performing auditing procedures on sample selections. population value. Answer (A) is correct. Sampling risk is the possibility that [436] Gleim #: 5.1.8 engagement The degree to which the auditor is justified in believing that the conclusions based on a sample may differ from those reached if the estimate based on a test were random sample will fall within a specified range is called applied to all items in the population. The experience and knowledge A. Sampling risk. of the B. Non-sampling risk. auditor are elements of nonsampling risk. C. Confidence level. Answer (B) is incorrect. As the adverse consequences of D. Precision. noncompliance increase, Gleim CIA Test Prep: Part 1 - Internal Audit Basics the allowable level of sampling risk tends to decrease. (720 questions) Answer (C) is incorrect. The acceptable level of sampling risk is one Copyright 2013 Gleim Publications Inc. Page 241 element of Printed for Sanja Knezevic the acceptable level of risk of drawing an incorrect audit conclusion. Answer (A) is incorrect. Sampling risk is the complement of the The other confidence level. element is nonsampling risk. Answer (B) is incorrect. Non-sampling risk is the risk of improperly Answer (D) is incorrect. The cost of performing procedures on auditing the sample selections sampled items. It cannot be quantified. is weighed against the benefit of minimizing the chance of making an Answer (C) is correct. The confidence level is the percentage of incorrect times that one would decision. expect the sample to adequately represent the population. Thus, a [438] Gleim #: 5.2.10 confidence level of In preparing a sampling plan for an inventory pricing test, which of 90% should result in samples that adequately represent the the following population 90% of the time. describes an advantage of statistical sampling over nonstatistical In other words, given repeated random sampling from a normally sampling? distributed A. Requires nonquantitative expression of sample results. population, 90% of the confidence intervals that may be constructed B. Provides a quantitative measure of sampling risk. from simple C. Minimizes nonsampling risk. random samples will contain the population mean. D. Reduces the level of tolerable error. Answer (D) is incorrect. Precision is the confidence interval. Answer (A) is incorrect. Statistical sampling provides quantified [437] Gleim #: 5.2.9 results. If an internal auditor is sampling to test compliance with a particular Answer (B) is correct. Statistical and nonstatistical sampling are company policy, both used to which of the following factors should not affect the allowable level of project the characteristics of a population. However, statistical sampling risk? sampling permits The experience and knowledge A. of the auditor. the internal auditor to make a quantitative assessment of how closely auditor’s selections are random, although it is unlikely that they are. If the sample the sample represents the population for a given level of reliability. is representative, it does not matter whether it is random. Answer (C) is incorrect. Nonsampling risk exists in both statistical [440] Gleim #: 5.2.12 and An important difference between a statistical and a judgmental nonstatistical sampling. sample is that with a Answer (D) is incorrect. Tolerable error is related to materiality and statistical sample, auditor A. No judgment is required because everything is computed judgment. according to a formula. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. A smaller sample can be used. (720 questions) C. More accurate results are obtained. Copyright 2013 Gleim Publications Inc. Page 242 D. Population estimates with measurable reliability can be made. Printed for Sanja Knezevic Answer (A) is incorrect. Judgment is needed to determine fb.com/ciaaofficial confidence levels and [439] Gleim #: 5.2.11 sample unit definition. An auditor tested a population by examining 60 items selected Answer (B) is incorrect. A statistical sample may result in either a judgmentally and found smaller or one error. The main limitation of the auditor’s sample is the inability larger sample. to Answer (C) is incorrect. Either method may produce greater Quantify A. sampling risk. accuracy. B. Quantify the acceptable error rate. Answer (D) is correct. The principal benefit of statistical sampling is C. Project the population’s error rate. that it D. Determine whether the sample is random. permits the auditor to make a quantitative assessment of how closely Answer (A) is correct. The limitation of all nonstatistical sampling the sample techniques is represents the population for a given level of reliability, i.e., how the auditor’s inability to quantify sampling risk. Based on past unbiased the experience and sample is. intuition, the auditor may conclude that the sampling risk is [441] Gleim #: 5.2.13 acceptable, but the Statistical sampling is appropriate to estimate the value of an auto auditor is not able to quantify this risk. dealer’s 3,000 lineitem Answer (B) is incorrect. The auditor could quantify the acceptable inventory because statistical sampling is error rate A. Reliable and objective. independently of the sample design. B. Thorough and complete. Answer (C) is incorrect. The auditor can project an error rate of C. Thorough and accurate. 1/60, or .0167. D. Complete and precise. The problem is that the auditor cannot quantify the risk that the rate Gleim CIA Test Prep: Part 1 - Internal Audit Basics in the sample (720 questions) is significantly different from the rate in the population. Copyright 2013 Gleim Publications Inc. Page 243 Answer (D) is incorrect. A mathematician may be able to determine Printed for Sanja Knezevic whether the Answer (A) is correct. The results of statistical (probability) sampling subpopulations can be identified and sampled from; sample items are objective are then and subject to the laws of probability. Hence, sampling risk can be selected from the randomly selected subpopulations. quantified and [443] Gleim #: 5.2.15 controlled at a specified level of confidence (reliability). Sampling risk A distinguishing characteristic of random number sample selection is is the risk that that each the sample selected does not represent the population. A. Item is selected from a stratum having minimum variability. Answer (B) is incorrect. By definition, a sample is not complete or B. Item’s chance for selection is proportional to its dollar value. thorough. C. Item in the population has an equal chance of being selected. Answer (C) is incorrect. By definition, a sample is not thorough. D. Stratum in the population has an equal number of items selected. Also, it cannot be Answer (A) is incorrect. Stratifying the population does not ensure considered accurate because of the existence of sampling risk. random Answer (D) is incorrect. By definition, a sample is not complete. selection. [442] Gleim #: 5.2.14 Answer (B) is incorrect. Deliberately biasing the sample makes To project the frequency of shipments to wrong addresses, an random selection internal auditor chose a impossible. random sample from the busiest month of each of the four quarters Answer (C) is correct. A random sample is one in which every item of the most recent in the year. What underlying concept of statistical sampling did the auditor population has an equal and nonzero chance of being selected. violate? Answer (D) is incorrect. Stratifying the population does not ensure Attempting to project a rate of occurrence rather A. than an error random rate. selection. B. Failing to give each item in the population an equal chance of Gleim CIA Test Prep: Part 1 - Internal Audit Basics selection. (720 questions) C. Failing to adequately describe the population. Copyright 2013 Gleim Publications Inc. Page 244 D. Using multistage sampling in conjunction with attributes. Printed for Sanja Knezevic Answer (A) is incorrect. Randomness is not associated with a rate fb.com/ciaaofficial of occurrence [444] Gleim #: 5.2.16 (often referred to as an error rate). Using random numbers to select a sample Answer (B) is correct. A random sample is one in which every item Is required for a variables A. sampling plan. in the B. Is likely to result in an unbiased sample. population has an equal and nonzero chance of being selected for C. Results in a representative sample. the sample. D. Allows auditors to use smaller samples. Here, the auditor deliberately excluded shipments from the slower Answer (A) is incorrect. Although random-number sampling may be months. used for a Answer (C) is incorrect. The population is adequately described as variables sampling plan, it is not required. Systematic selection is the four also acceptable quarters of the most recent year. unless the population is not randomly organized. Answer (D) is incorrect. Multistage sampling is appropriate when Answer (B) is correct. The principal issue in statistical sampling is homogeneous selecting a sample that is representative of the population, i.e., unbiased. This drawing a representative sample. can be Answer (D) is incorrect. Items excluded from the sampling frame achieved by ensuring the sample is drawn randomly. cannot be Answer (C) is incorrect. The use of random numbers does not included by an appropriate sampling technique. always result in a Gleim CIA Test Prep: Part 1 - Internal Audit Basics representative sample. Statistical methods allow auditors to estimate (720 questions) the Copyright 2013 Gleim Publications Inc. Page 245 probability that a random sample is not representative. Printed for Sanja Knezevic Answer (D) is incorrect. The use of random numbers does not affect [446] Gleim #: 5.2.18 sample size. Random numbers can be used to select a sample only when each [445] Gleim #: 5.2.17 item in the Which one of the following statements about sampling is true? population A larger sample is always more representative of the underlying Can be assigned to A. a specific stratum. population than a B. Is independent of outside influence. smaller sample. C. Can be identified with a unique number. A. Is expected to be within plus or minus three standard deviations of For very large populations, the absolute size of the sample has more the population impact on the mean. precision of its results than does its size relative to its population. D. B. Answer (A) is incorrect. Random-number sampling applies to both For a given sample size, a simple random sample always produces simple and the most stratified sampling. representative sample. Answer (B) is incorrect. No such requirement exists. C. Answer (C) is correct. A random sample is one in which every item The limitations of an incomplete sample frame can almost always be in the overcome by population has an equal and nonzero chance of being selected and careful sampling techniques. that selection is D. not influenced by whether any other item is selected. Answer (A) is incorrect. A large sample selected in a biased way is Answer (D) is incorrect. By definition, there are a few population often less items outside representative than a smaller but more carefully selected sample. plus or minus three standard deviations from the population mean. Answer (B) is correct. When the size of the population is very large, [447] Gleim #: 5.2.19 the absolute A company is simulating the actions of a government agency in size of the sample may vary considerably even though its size which 50% of the time relative to the a recall of a product is required, 40% of the time only notification of population does not. the buyer about a Answer (C) is incorrect. Simple random sampling does not eliminate potential defect is required, and 10% of the time no action on its part sampling is required. risk. Proper execution of a simple random sample increases the Random numbers of 1 to 100 are being used. An appropriate probability of assignment of random numbers for the recall category would be The auditor should accept the historical sample but use A. 1-40 nonparametric statistics to B. 40-90 analyze it. C. 61-100 C. D. 11-60 The auditor should first determine how similar the new process is to Answer (A) is incorrect. It is an appropriate assignment of random the old numbers for process before deciding what to do. the notification category. D. Answer (B) is incorrect. This range includes 51 numbers. Answer (A) is incorrect. High statistical power based on an Answer (C) is incorrect. It is an appropriate assignment of random inappropriate sample numbers for will only provide a very precise wrong answer. the notification category. Answer (B) is incorrect. A fresh sample may not be cost effective if Answer (D) is correct. Given a 50% chance of a recall, 50 different the old numbers sample is representative of the new process. should be assigned to that alternative. This answer is the only Answer (C) is incorrect. Nonparametric statistics is applied to alternative with 50 problems for numbers (11-60). which specific distributions are not known. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is correct. If the old and new processes are not (720 questions) substantially similar, Copyright 2013 Gleim Publications Inc. Page 246 the existing sample will not be representative. Printed for Sanja Knezevic [449] Gleim #: 5.3.21 fb.com/ciaaofficial When planning an attribute sampling application, the difference [448] Gleim #: 5.2.20 between the expected As part of an internal audit, a benchmark must be established for the error rate and the maximum tolerable error rate is the planned defect rate for an A. Precision. innovative new production process. The auditor can either use a B. Reliability. large sample that is C. Dispersion. already available from other production processes in the same plant D. Skewness. or draw a fresh Answer (A) is correct. The precision of an attribute sample (also sample from the new process. However, a fresh sample would be called the expensive, time confidence interval or allowance for sampling risk) is an interval consuming, and much smaller in size. Which one of the following is around the the best course of sample statistic that the auditor expects to contain the true value of action for the auditor? the population. The auditor should accept this large historical sample because In attribute sampling (used for tests of controls), precision is analyses based on it determined by will have high statistical power. subtracting the expected error rate from the tolerable error rate in the A. population. The auditor should draw a fresh sample and combine it with B. the Answer (B) is incorrect. Reliability is the confidence level. It is the old sample. percentage of times that repeated samples will be representative of the population selecting and evaluating the sample. from which [451] Gleim #: 5.3.23 they are taken. In selecting a sample of items for attributes testing, an auditor must Answer (C) is incorrect. Dispersion is the degree of variation in a set consider the of values. confidence level factor, the desired precision, and the Answer (D) is incorrect. Skewness is the lack of symmetry in a A. Recorded monetary amount of the population. frequency B. Sampling interval. distribution. C. Expected occurrence rate. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Standard deviation in the population. (720 questions) Answer (A) is incorrect. The monetary amount of the population Copyright 2013 Gleim Publications Inc. Page 247 relates to testing Printed for Sanja Knezevic for variables. [450] Gleim #: 5.3.22 Answer (B) is incorrect. The sampling interval is used in monetary- In evaluating an attribute sample, the range within which the estimate unit of the sampling. population characteristic is expected to fall is called Answer (C) is correct. The expected occurrence rate, also called the A. Confidence level. expected B. Precision. deviation rate, is one of the three necessary factors in determining C. Upper error limit. sample size for D. Expected error rate. an attribute test. Answer (A) is incorrect. The confidence level is the specified Answer (D) is incorrect. The standard deviation is an element in the measure of how variables reliable the auditor wants the sample results to be. sampling formula. Answer (B) is correct. The precision of an attribute sample (also Gleim CIA Test Prep: Part 1 - Internal Audit Basics called the (720 questions) confidence interval or allowance for sampling risk) is an interval Copyright 2013 Gleim Publications Inc. Page 248 around the Printed for Sanja Knezevic sample statistic that the auditor expects to contain the true value of fb.com/ciaaofficial the population. [452] Gleim #: 5.3.24 In attribute sampling (used in tests of controls), precision is The size of a given sample is jointly a result of characteristics of the determined by population of subtracting the expected error rate from the tolerable error rate in the interest and decisions made by the internal auditor. Everything else population. being equal, Answer (C) is incorrect. The confidence interval (precision) is the sample size will range between Increase if the internal auditor decides to accept more risk of the lower and upper error limits. incorrectly Answer (D) is incorrect. The expected error rate is a measure of concluding that controls are effective when they are in fact how frequently ineffective. the auditor expects the characteristic of interest to exist in the A. population prior to Double if the internal auditor finds that the variance of the population Answer (D) is incorrect. Decreasing the expected error rate while is twice as holding all large as was indicated in the pilot sample. other factors constant decreases the sample size. B. [454] Gleim #: 5.3.26 Decrease if the internal auditor increases the tolerable C. rate of If all other sample size planning factors were exactly the same in deviation. attribute sampling, D. Increase as sampling risk increases. changing the confidence level from 95% to 90% and changing the Answer (A) is incorrect. An increase in allowable risk decreases desired precision sample size. from 2% to 5% would result in a revised sample size that would be Answer (B) is incorrect. Doubling the variability of the population will A. Larger. cause the B. Smaller. sample size to more than double. C. Unchanged. Answer (C) is correct. In an attribute test, the tolerable deviation rate D. Indeterminate. is inversely Gleim CIA Test Prep: Part 1 - Internal Audit Basics related to sample size. If it is increased, sample size will decrease. (720 questions) Answer (D) is incorrect. Sampling risk increases as the sample size Copyright 2013 Gleim Publications Inc. Page 249 decreases. Printed for Sanja Knezevic [453] Gleim #: 5.3.25 Answer (A) is incorrect. Increasing the confidence level while An internal auditor is planning to use attribute sampling to test the narrowing the precision effectiveness of a interval would result in a larger sample size. specific internal control related to approvals for cash disbursements. Answer (B) is correct. In an attribute test, the confidence level is In attribute directly related, and sampling, decreasing the estimated occurrence rate from 5% to 4% the precision is inversely related, to sample size. Thus, if the while keeping all confidence level is other sample size planning factors exactly the same would result in a reduced and precision is widened, sample size will be smaller. revised sample Answer (C) is incorrect. Decreasing the confidence level while size that would be widening the precision A. Larger. interval would allow the sample size to be decreased. B. Smaller. Answer (D) is incorrect. The revised sample size is determinable. C. Unchanged. [455] Gleim #: 5.3.27 D. Indeterminate. If all other factors specified in an attribute sampling plan remain Answer (A) is incorrect. Increasing the expected error rate increases constant, decreasing the sample the confidence level from 95% to 90% would cause the required size. sample size to Answer (B) is correct. In an attribute test, the expected deviation A. Increase. rate is directly B. Decrease. related to sample size. If it is decreased, sample size will decrease. C. Change by 5%. Answer (C) is incorrect. Changing one variable while holding all D. Remain the same. other factors Answer (A) is incorrect. Decreasing the confidence level permits a constant changes the sample size. smaller sample size. effectiveness is used to describe the likelihood that the statistical Answer (B) is correct. In an attribute test, the confidence level is sample result will be directly related a more accurate estimate of the true population error rate. Assume to sample size. Hence, decreasing the confidence level permits a an auditor expects a smaller sample control procedure failure rate of 0.5%. The auditor is making a size to be used. decision on whether to Answer (C) is incorrect. The percentage change is not use a 90% or a 95% confidence level and whether to set the proportionate. tolerable control failure Answer (D) is incorrect. Decreasing the confidence level permits a rate at 3% or 4%. Which of the following statements regarding smaller efficiency and sample size. effectiveness of an attribute sample is true? [456] Gleim #: 5.3.28 Decreasing the confidence level to 90% and decreasing the tolerable In an attribute sampling application, holding other factors constant, control sample size will failure rate to 3% will result in both increased efficiency and increase as which of the following becomes smaller? effectiveness. A. Confidence coefficient. A. B. Population. Decreasing the tolerable failure rate from 4% to 3% will increase B. C. Planned precision. audit efficiency. D. Expected rate of occurrence. Increasing the confidence level to 95% and decreasing the tolerable Answer (A) is incorrect. A decrease in a numerator factor will control failure decrease the rate to 3% will increase audit effectiveness. sample size. C. Answer (B) is incorrect. A population decrease permits a decrease D. Increasing the confidence level to 95% will increase audit in sample size. efficiency. Answer (C) is correct. In an attribute test, planned precision is Answer (A) is incorrect. Decreasing the confidence level reduces inversely related to the sample size sample size; its decrease (tightening) will increase sample size. and thus decreases effectiveness. Answer (D) is incorrect. A decrease in a numerator factor will Answer (B) is incorrect. Decreasing the tolerable failure rate decrease the increases the sample sample size. size and thus decreases efficiency. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is correct. In an attribute test, confidence level and (720 questions) expected Copyright 2013 Gleim Publications Inc. Page 250 deviation rate are in the numerator, while the tolerable deviation rate Printed for Sanja Knezevic is in the fb.com/ciaaofficial denominator. Hence, increasing the confidence level increases the [457] Gleim #: 5.3.29 sample size, An auditor has to make a number of decisions when using attribute and decreasing the tolerable rate also increases the sample size. A sampling. The larger sample term efficiency is used to describe anything that affects sample size. increases audit effectiveness. The term Answer (D) is incorrect. Increasing the confidence level increases The records related to repairs completed after 12 months of service the sample size for the selected and thus decreases audit efficiency. vehicles were reviewed to determine if major repairs were needed. [458] Gleim #: 5.3.30 Assuming that all Which of the following must be known to evaluate the results of an other factors remain constant, how would sample size and achieved attribute sample? precision be A. Estimated dollar value of the population. affected by a change in confidence level from 95% to 90%? B. Standard deviation of the sample values. Sample size would be smaller; achieved precision A. would be C. Actual size of the sample selected. larger. D. Finite population correction factor. B. Both sample size and achieved precision would be larger. Answer (A) is incorrect. Dollar values are irrelevant to attribute C. Both sample size and achieved precision would be smaller. sampling. D. Sample size would be larger; achieved precision would be Answer (B) is incorrect. The standard deviation is an element in the smaller. variables Answer (A) is correct. Because the confidence coefficient of an sampling formula. attribute test is Answer (C) is correct. Sample size is used to evaluate the actual directly related to the sample size, a smaller coefficient would result occurrence rate in a smaller (number of a particular attribute identified ÷ actual sample size) of sample. Also, since sample size is inversely related to precision, a the attribute of larger precision interest, such as a control deviation. would result from using a smaller sample. Answer (D) is incorrect. The finite population correction factor is Answer (B) is incorrect. Sample size would be smaller, not larger. used to adjust Answer (C) is incorrect. Achieved precision would be larger, not an initial computed sample size. smaller. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. The opposite is true: sample size would be (720 questions) smaller and Copyright 2013 Gleim Publications Inc. Page 251 achieved precision larger. Printed for Sanja Knezevic [460] Gleim #: 5.3.32 [459] Gleim #: 5.3.31 An internal auditor, testing to determine if a division is shipping An individual is an internal auditor for a car rental agency that goods to customers operates a fleet of without making the prescribed credit check, decides to use attribute 75,000 vehicles in 1,000 cities throughout North America. As a part sampling. Each of an operational sales order in the sample is examined for credit approval. Using an audit, the auditor tested the impact of vehicle age on the incidence of initial estimate of major repairs. A the occurrence rate of 4%, desired precision of 2.5%, and a computer program showed that 20% of the fleet has been in service confidence level of 95%, for more than the required sample size is 214. The total population size is 2,305. 12 months. A sample of 375 is drawn based on Sample items are Confidence level = 95% selected, and seven sales without the required credit approval are Expected rate of occurrence = 10% noted. Reducing the Precision = ±3% desired confidence level from 95% to 90% will result in A. Less achieved precision (i.e., higher than 2.5%) if the sample size the critical rate if the occurrence rate in the sample is less than the remains at 214. critical rate. B. An unchanged sample size if the desired precision remains at C. 2.5%. Greater than a 95% probability that the actual rate of occurrence in C. A larger sample size if the desired precision remains at 2.5%. the population D. A smaller sample size if the desired precision remains at 2.5%. is less than the critical rate if no exceptions are found. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. (720 questions) Answer (A) is incorrect. The probability is 95% that the actual rate of Copyright 2013 Gleim Publications Inc. Page 252 occurrence Printed for Sanja Knezevic is equal to or greater than the critical rate if one exception is found. fb.com/ciaaofficial Answer (B) is correct. Discovery sampling is a form of attribute Answer (A) is incorrect. Lowering the confidence level while leaving sampling that is the sample size appropriate when even a single deviation would be critical. The unchanged will decrease achieved precision. sample size is Answer (B) is incorrect. Lowering the confidence level while holding calculated so that it will include at least one instance of a deviation if precision deviations constant will allow the sample size to decrease. occur in the population at a given rate. If no exceptions are found, Answer (C) is incorrect. Lowering the confidence level while holding the correct precision conclusion is that the probability is 95% that the occurrence rate is constant will allow the sample size to decrease. less than the Answer (D) is correct. Because the confidence coefficient of an critical rate. attribute test is Answer (C) is incorrect. The probability is 95% that the actual rate is directly related to the sample size, a smaller coefficient results in a equal to or smaller sample exceeds the critical rate if any exceptions are found. (holding all other factors constant). Answer (D) is incorrect. The probability does not increase if no [461] Gleim #: 5.3.33 exceptions are An auditor applying a discovery-sampling plan with a 5% risk of found. overreliance may [462] Gleim #: 5.3.34 conclude that there is How does stop-or-go attribute sampling differ from fixed-sample-size A 95% probability that the actual rate of occurrence in the population attribute is less than sampling? the critical rate if only one exception is found. Nonsampling A. error is smaller. A. B. Total expected sample size will always be smaller. A 95% probability that the actual rate of occurrence in the population C. Desired reliability does not have to be specified in advance. is less than D. It cannot be used to determine the assessed level of control risk. the critical rate if no exceptions are found. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. (720 questions) A 95% probability that the actual rate of occurrence in the population Copyright 2013 Gleim Publications Inc. Page 253 is less than Printed for Sanja Knezevic Answer (A) is incorrect. Nonsampling error is not affected by the sequential sampling, is to reduce the sample size when the auditor sampling method. believes the Answer (B) is correct. The objective of stop-or-go sampling, error rate in the population is low. Thus, it may reduce the sample sometimes called size because sequential sampling, is to reduce the sample size when the auditor sample items are examined only until enough evidence has been believes the error gathered to reach rate in the population is low. Thus, total expected sample size is the desired conclusion. always lower for stopor- Answer (C) is incorrect. Stratified sampling is more appropriate for go sampling. heterogeneous populations. Stop-or-go sampling might then be used Answer (C) is incorrect. Both methods require desired reliability to for each be specified in stratum. advance. Answer (D) is incorrect. The confidence limits define precision. An Answer (D) is incorrect. It expresses the principal objective of stop- increase in or-go attribute the confidence limits will result in a loss of precision (assuming sampling. constant sample [463] Gleim #: 5.3.35 size). What is the chief advantage of stop-or-go sampling? [464] Gleim #: 5.4.36 The error rate in the population can be projected to within certain A. In a variables sampling application, which of the following will result precision limits. when Stop-or-go sampling may reduce the size of the sample that needs to confidence level is changed from 90% to 95%? be taken A. Standard error of the mean will not be affected. from a population, thus reducing sampling costs. B. Nonsampling error will decrease. B. C. Sample size will increase. Stop-or-go sampling allows sampling analysis to be performed on D. Point estimate of the arithmetic mean will increase. populations that Gleim CIA Test Prep: Part 1 - Internal Audit Basics are not homogeneous. (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 254 Stop-or-go sampling allows the sampler to increase the confidence Printed for Sanja Knezevic limits of the fb.com/ciaaofficial analysis without sacrificing precision. Answer (A) is incorrect. The standard error of the mean is the D. standard deviation of Answer (A) is incorrect. In stop-or-go sampling, only enough items the distribution of sample means. The larger the sample, the lower are examined the degree of to permit the auditor to state that the error rate is below a variability in the sample. An increase in confidence level from 90% to prespecified rate with a 95% requires a prespecified level of confidence. Although other methods also larger sample. Thus, the standard error of the mean will be affected. accomplish this Answer (B) is incorrect. By definition, nonsampling error is result, stop-or-go sampling has the advantage of greater efficiency. unaffected by changes in Answer (B) is correct. The objective of stop-or-go sampling, sampling criteria. sometimes called Answer (C) is correct. In any sampling application (attribute or Answer (B) is correct. The size of the precision interval in a variables), an increase variables test is in the confidence level requires a larger sample. based upon the tolerable misstatement that is determined by Answer (D) is incorrect. The estimate of the mean may increase or materiality decrease if sample judgments. As this value decreases, for example, because of a size changes. decrease in [465] Gleim #: 5.4.37 tolerable misstatement, the size of the required sample increases In selecting a sample of items for variables testing, an auditor must accordingly, and consider the vice versa. Hence, tolerable misstatement (precision) and sample desired precision, the standard deviation, and the size are Recorded monetary amount A. of the population. inversely related. B. Acceptable risk level. Answer (C) is incorrect. The relationship is inverse. C. Expected occurrence rate. Answer (D) is incorrect. The relationship is inverse. D. Sampling interval. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. The recorded monetary amount is not (720 questions) needed for Copyright 2013 Gleim Publications Inc. Page 255 variables testing. Printed for Sanja Knezevic Answer (B) is correct. Four factors determine the size of a classical [467] Gleim #: 5.4.39 variables Using mean-per-unit sampling to estimate the value of inventory, an sample: the confidence coefficient, the estimated standard deviation internal auditor of the had the following results: population, the population size, and the tolerable misstatement Projected inventory value US $3,000,000 (desired precision). Confidence level 95% Answer (C) is incorrect. The expected occurrence rate is a factor in Confidence interval $2,800,000 to $3,200,000 the samplesize Standard error $100,000 formula for attribute sampling. Z-value (approximate) 2.0 Answer (D) is incorrect. The sampling (skip) interval is the dollar Precision $200,000 interval The recorded value of inventory was US $3,075,000. Which of the calculated for monetary-unit sampling. following changes [466] Gleim #: 5.4.38 will result in a narrower confidence interval? If all other factors in a sampling plan are held constant, changing the An increase in the confidence level A. from 95% to 99%. measure of B. A decrease in the confidence level from 95% to 90%. tolerable misstatement to a smaller value will cause the sample size C. A decrease in the allowable risk of incorrect rejection. to be D. An increase in the precision. A. Smaller. Answer (A) is incorrect. Increasing the confidence level results in a B. Larger. wider C. Unchanged. confidence interval if the standard error is constant. D. Indeterminate. Answer (B) is correct. Decreasing the confidence level of any Answer (A) is incorrect. The relationship is inverse. variables sample allows the auditor to narrow the confidence interval. Answer (C) is incorrect. Decreasing the allowable risk of incorrect Answer (B) is incorrect. Unless the auditor uses statistical sampling, rejection (the (s)he cannot complement of the confidence level) increases the confidence level quantify precision. and results in Answer (C) is incorrect. Nonstatistical sampling does not always a wider confidence interval if the standard error is constant. result in less reliable Answer (D) is incorrect. Increasing the precision makes the estimates. However, reliability cannot be quantified. confidence interval Answer (D) is incorrect. The risk of incorrect acceptance is not wider. quantified in [468] Gleim #: 5.4.40 nonstatistical sampling. Using mean-per-unit sampling to estimate the value of inventory, an [469] Gleim #: 5.4.41 internal auditor An auditor is using the mean-per-unit method of variables sampling had the following results: to estimate the Projected inventory value US $3,000,000 correct total value of a group of inventory items. Based on the Confidence level 95% sample, the auditor Confidence interval $2,800,000 to $3,200,000 estimates, with precision of ±4% and confidence of 90%, that the Standard error $100,000 correct total is Z-value (approximate) 2.0 US $800,000. Accordingly, Precision $200,000 There is a 4% chance that the actual correct total is less than US The recorded value of inventory was US $3,075,000. If the internal $720,000 or more auditor had used than US $880,000. nonstatistical sampling instead of statistical sampling, which of the A. following would The chance that the actual correct total is less than US $768,000 or be true? more than A. The confidence level could not be quantified. US $832,000 is 10%. B. The precision would be larger. B. C. The projected value of inventory would be less reliable. The probability that the inventory is not significantly overstated is D. The risk of incorrect acceptance would be higher. between 6% Gleim CIA Test Prep: Part 1 - Internal Audit Basics and 14%. (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 256 The inventory is not likely to be overstated by more than 4.4% (US Printed for Sanja Knezevic $35,200) or fb.com/ciaaofficial understated by more than 3.6% (US $28,800). Answer (A) is correct. One advantage of statistical sampling is that it D. allows the Answer (A) is incorrect. The precision, not the confidence level, is auditor to quantify sampling risk and the confidence level. An auditor ±4%. should never Answer (B) is correct. A 90% confidence level implies that 10% of attempt to quantify the sampling risk or confidence level of a the time the nonstatistically drawn true population total will be outside the computed range. Precision of sample. ±4% gives the boundaries of the computed range: US $800,000 × 4% = US [471] Gleim #: 5.4.43 $32,000. Hence, To use stratified variables sampling to evaluate a large, the range is US $768,000 to US $832,000. heterogeneous inventory, an Answer (C) is incorrect. Precision is a range of values, not the appropriate criterion for classifying inventory items into strata is probability A. Monetary values. (confidence level) that the true value will be included within that B. Number of items. range. C. Turnover volume. Answer (D) is incorrect. The precision percentage is not multiplied D. Storage locations. by the Answer (A) is correct. In variables sampling, the objective is to confidence percentage. estimate the [470] Gleim #: 5.4.42 dollar value of the population, in this case, inventory. Strata based on When relatively few items of high monetary value constitute a large dollar proportion of an values are the usual population characteristic. account balance, stratified sampling techniques and complete testing Answer (B) is incorrect. Monetary values are the usual characteristic of the high to create monetary-value items will generally result in a strata in variables sampling, not number of items. Simplified evaluation A. of sample results. Answer (C) is incorrect. Turnover volume is a characteristic of B. Smaller nonsampling error. interest in C. Larger estimate of population variability. attribute sampling but not in variables sampling. D. Reduction in sample size. Answer (D) is incorrect. Storage location is not a relevant Gleim CIA Test Prep: Part 1 - Internal Audit Basics characteristic when (720 questions) creating strata for variables sampling. Copyright 2013 Gleim Publications Inc. Page 257 [472] Gleim #: 5.4.44 Printed for Sanja Knezevic Which one of the following is not an important consideration in Answer (A) is incorrect. While stratifying reduces sample size, determining the stratification requires appropriate sample size? a combination of sample results from more than one sample, in A. Whether the sample is designed to estimate a mean or a contrast to simple proportion. random sampling. B. The amount of variability in the population under study. Answer (B) is incorrect. A nonsampling error is an error in C. The sensitivity of the decision using this sample to errors of “performing” audit estimation. procedures, which is independent of sample selection. D. The cost per sample observation. Answer (C) is incorrect. Stratified sampling, when properly used, will Answer (A) is correct. Difference and ratio estimation use the same result in a variables smaller estimate of population variability. sampling formula. Hence, sample size considerations are the same Answer (D) is correct. Stratifying a population means dividing it into for both. subpopulations, Answer (B) is incorrect. The greater the variability, the greater the thereby reducing sample size. Stratifying allows for greater emphasis required on larger or more sample size. important items. Answer (C) is incorrect. The more sensitive the decision is to determining the differences between the audit and carrying amounts estimation errors, for items in the greater the appropriate sample size. the sample, calculating the mean difference, and multiplying the Answer (D) is incorrect. In accordance with the cost-benefit mean by the principle, the greater number of items in the population. This method is used when the the cost per observation, the smaller the appropriate sample size. population Gleim CIA Test Prep: Part 1 - Internal Audit Basics contains sufficient misstatements to provide a reliable sample and (720 questions) when Copyright 2013 Gleim Publications Inc. Page 258 differences between carrying and audit amounts are not proportional. Printed for Sanja Knezevic If fb.com/ciaaofficial differences are proportional, ratio estimation is used. A sufficient [473] Gleim #: 5.4.45 number of Difference estimation sampling would be appropriate to use to nonproportional errors must exist to generate a reliable sample project the monetary estimate. error in a population if Answer (D) is incorrect. Ratio estimation is appropriate for Subsidiary ledger book balances for some individual inventory items proportional are differences. unknown. [474] Gleim #: 5.4.46 A. Ratio estimation sampling would be inappropriate to use to project Virtually no differences between the individual carrying amounts and the monetary error the audited in a population if amounts exist. The recorded carrying amounts and audited amounts are B. approximately A number of nonproportional differences between carrying amounts proportional. and audited A. amounts exist. A number of observed differences exist between carrying amounts C. and audited Observed differences between carrying amounts and audited amounts. amounts are B. proportional to carrying amounts. Observed differences between carrying amounts and audited D. amounts are Answer (A) is incorrect. Individual carrying amounts must be known proportional to carrying amounts. to use C. difference estimation. Subsidiary ledger book balances for some inventory D. items are Answer (B) is incorrect. Sufficient misstatements must exist to unknown. generate a reliable Gleim CIA Test Prep: Part 1 - Internal Audit Basics sample. (720 questions) Answer (C) is correct. Difference estimation of population error Copyright 2013 Gleim Publications Inc. Page 259 entails Printed for Sanja Knezevic Answer (A) is incorrect. Proportional relationships tend to support Answer (C) is incorrect. Auditors use regression (an extension of the use of ratio correlation estimation. analysis) to project balances of accounts or other populations. Answer (B) is incorrect. A minimum number of differences must be Answer (D) is incorrect. Discovery sampling is a type of attribute present to use sampling plan ratio estimation. used for detection of critical deviations. Attribute sampling applies to Answer (C) is incorrect. The existence of proportional differences binary favors the use of (yes/no or error/nonerror) propositions. ratio estimation. [476] Gleim #: 5.4.48 Answer (D) is correct. Ratio estimation is similar to difference When an internal auditor uses monetary-unit statistical sampling to estimation except that examine the total it estimates the population error by multiplying the carrying amount of value of invoices, each invoice the population A. Has an equal probability of being selected. by the ratio of the total audit amount of the sample items to their total B. Can be represented by no more than one monetary unit. carrying amount. C. Has an unknown probability of being selected. It has been demonstrated that both ratio and difference estimation D. Has a probability proportional to its monetary value of being are reliable and selected. efficient when small errors predominate and the errors are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics skewed. Moreover, audit (720 questions) amounts should be proportional to carrying amounts. Consequently, Copyright 2013 Gleim Publications Inc. Page 260 ratio estimation Printed for Sanja Knezevic requires that carrying amounts be known. fb.com/ciaaofficial [475] Gleim #: 5.4.47 Answer (A) is incorrect. Each monetary unit, not each invoice, has Which of the following techniques could be used to estimate the an equal standard deviation for probability of being selected (unless all invoices are for the same a sampling plan? amount). Difference A. estimation. Answer (B) is incorrect. It is possible for two or more monetary units B. Pilot sample. to be selected C. Regression. from the same item; e.g., a US $4,500 item will be represented by D. Discovery sampling. four monetary units Answer (A) is incorrect. Difference estimation is a type of variables if every 1,000th dollar is selected. sampling Answer (C) is incorrect. The probability of selection can be plan that calculates the mean difference between audit and recorded calculated using the amounts in monetary value of the item and the monetary value of the population. the sample and then multiplies by the number of items in the Answer (D) is correct. Monetary-unit sampling, also called population. It is not a probability-proportionalto- technique for estimating the standard deviation. size sampling, results in the selection of every nth monetary unit. Answer (B) is correct. Auditors may use the standard deviation of a Thus, a US $1,000 pilot sample item is 1,000 times more likely to be selected than a US $1 monetary to estimate the standard deviation of a population. unit item. The probability of selection of a sampled item is directly proportional to The use of probability-proportional-to-size sampling is inefficient if the size of the A. Bank accounts are being examined. item. B. Statistical inferences are to be made. [477] Gleim #: 5.4.49 C. Each account is of equal importance. Monetary-unit sampling (MUS) is most useful when the internal D. The number of sampling units is large. auditor Gleim CIA Test Prep: Part 1 - Internal Audit Basics Is testing the accounts A. payable balance. (720 questions) B. Cannot cumulatively arrange the population items. Copyright 2013 Gleim Publications Inc. Page 261 C. Expects to find several material misstatements in the sample. Printed for Sanja Knezevic D. Is concerned with overstatements. Answer (A) is incorrect. PPS sampling could be appropriate in an Answer (A) is incorrect. An audit of accounts payable is primarily examination of concerned bank accounts if larger items are more important than smaller items with understatements. (which is usually Answer (B) is incorrect. The items in the population must be true in variables sampling). arranged by Answer (B) is incorrect. PPS sampling permits statistical inferences cumulative monetary total. The first monetary unit is chosen to be made. randomly, the second Answer (C) is correct. Probability-proportional-to-size sampling, also equals the random start plus the sample interval in monetary units, called etc. monetary-unit sampling, gives greater weight to larger, more Answer (C) is incorrect. As the expected amount of misstatement significant items. If all increases, the items are of the same importance, PPS is inappropriate. MUS sample size increases. MUS may also overstate the upper Answer (D) is incorrect. PPS sampling could be appropriate with a misstatement limit large number of when misstatements are found. The result might be rejection of an sampling units if larger items are more important than smaller items. acceptable [479] Gleim #: 5.4.51 balance. Which of the following factors would most likely preclude the auditor Answer (D) is correct. MUS, also called probability-proportional-to- from using size (PPS) monetary-unit sampling? sampling, is a modified version of attribute sampling that relates The auditor expects to find a limited number of understatements of deviation rates to individual monetary amounts. It uses the monetary unit as the sampling unit. account balances. MUS is A. appropriate for testing account balances, such as those for inventory The auditor expects to find that a large percentage of items sampled and have receivables, in which some items may be far larger than others in the misstatements. population. B. In effect, MUS stratifies the population because the larger account Individual accounts are not assigned a number, but are listed only C. balances have a alphabetically. greater chance of being selected. The auditor expects to find more errors in the larger dollar value [478] Gleim #: 5.4.50 items than in the smaller dollar value items. Results in a smaller sample size than classical variables sampling for D. larger Answer (A) is incorrect. Monetary-unit sampling can effectively numbers of misstatements. handle a small D. number of understatement errors. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is correct. Monetary-unit sampling, also called (720 questions) probabilityproportional- Copyright 2013 Gleim Publications Inc. Page 262 to-size sampling, combines attribute and variables sampling Printed for Sanja Knezevic techniques. It uses the monetary unit as the sampling unit and fb.com/ciaaofficial effectively stratifies Answer (A) is incorrect. MUS is efficient when few misstatements the population because larger items are more likely to be selected. are expected. Monetary-unit Answer (B) is incorrect. MUS does not assume normally distributed sampling is most useful when few misstatements are expected and populations. overstatements Answer (C) is incorrect. MUS uses monetary units as sampling are more likely than understatements. units. Answer (C) is incorrect. Account numbers do not have to be Answer (D) is correct. MUS, also called probability-proportional-to- assigned to use size (PPS) monetary-unit sampling. sampling, is a modified version of attribute sampling that relates Answer (D) is incorrect. Misstatements in larger balances indicate deviation rates to that monetaryunit monetary amounts. It uses a monetary unit as the sampling unit. In sampling should be used. effect, MUS [480] Gleim #: 5.4.52 stratifies the population because the larger account balances have a An internal auditor is planning to use monetary-unit sampling for greater chance of testing the monetary being selected. However, as the number of expected misstatements value of a large accounts receivable population. The advantages of increases, MUS using monetaryunit requires a larger sample size than classical variables sampling. sampling (MUS) include all of the following except that it [481] Gleim #: 5.4.53 Is an efficient model for establishing that a low error rate population What effect does an increase in the standard deviation have on the is not required sample materially misstated. size of mean-per-unit estimation and probability-proportional-to-size A. sampling? Does not require the normal distribution approximation required by Assume no change in any of the other characteristics of the variables population and no change sampling. in desired precision and confidence. B. Probability Can be applied to a group of accounts because the sampling units Mean-per-Unit Estimation Proportional to Size are A. Increase in sample size Increase in sample size homogenous. B. No change in sample size Decrease in sample size C. C. Increase in sample size No change in sample size D. Decrease in sample size No change in sample size Answer (A) is incorrect. An increase in standard deviation has no Answer (A) is incorrect. Monetary-unit sampling, also called effect on the probability-proportionalto- required sample size for PPS sampling. size sampling, is inefficient compared with classical variables Answer (B) is incorrect. An increase in standard deviation increases sampling when many sample size differences exist. for mean-per-unit estimation but has no effect on the required Answer (B) is correct. Monetary-unit sampling, also called sample size for PPS probability-proportionalto- sampling. size sampling, is especially efficient and effective when the Answer (C) is correct. An increase in the standard deviation reflects population contains few an increase differences. However, variables sampling approaches (e.g., ratio in the variability of the population. This increase in the variability of estimation) tend to be the sampling more efficient (samples are smaller) as the amount of misstatement units increases sample size in a mean-per-unit test. However, a increases. change in the Monetary-unit sampling is also inefficient when understatements and standard deviation has no effect on the required sample size when negative PPS sampling amounts are expected. is used because the sampling units (monetary units) are not variable. Answer (C) is incorrect. A high degree of variability in the monetary Answer (D) is incorrect. An increase in standard deviation increases amount of items sample size in the population is not a basis for preferring one of these methods to for mean-per-unit estimation. another. [482] Gleim #: 5.4.54 Answer (D) is incorrect. A low degree of variability in the monetary In which of the following situations will monetary-unit sampling be amount of items more effective in the population is not a basis for preferring one of these methods to and efficient than ratio estimation? the other. The population contains a large number of differences between the [483] Gleim #: 5.5.55 recorded An auditor for the state highway and safety department needs to amount and the actual amount. estimate the average A. highway weight of tractor-trailer trucks using the state’s highway The population is expected to contain few differences between the system. Which recorded estimation method must be used? amount and the actual amount. A. Mean-per-unit. B. B. Difference. The population has a high degree of variability C. in monetary C. Ratio. amount. D. Probability-proportional-to-size. D. The population has a low degree of variability in monetary Answer (A) is correct. Mean-per-unit sampling estimates the amount. average value of Gleim CIA Test Prep: Part 1 - Internal Audit Basics population items, in this case, truck weight. (720 questions) Answer (B) is incorrect. Difference estimation compares recorded Copyright 2013 Gleim Publications Inc. Page 263 and audit Printed for Sanja Knezevic amounts. Recorded amounts are not relevant to the current biased. This bias may be overcome by taking repeated systematic procedure. samples, each with a Answer (C) is incorrect. Ratio estimation compares recorded and random start. In effect, each possible systematic sample in the audit amounts. population is a cluster. Recorded amounts are not relevant to the current procedure. Thus, the repeated systematic samples, each with a random start, Answer (D) is incorrect. Probability-proportional-to-size estimation constitute a random compares sample of clusters. recorded and audit amounts. Recorded amounts are not relevant to Answer (C) is incorrect. Increasing the confidence level has no the current effect on bias. procedure. Answer (D) is incorrect. Increasing the precision has no effect on [484] Gleim #: 5.5.56 bias. An auditor is designing a sampling plan to test the accuracy of daily [485] Gleim #: 5.5.57 production reports Systematic selection can be expected to produce a representative over the past 3 years. All of the reports contain the same information sample when except that Random number tables are used to determine the items included A. Friday reports also contain weekly totals and are prepared by in the sample. managers rather than by B. The population is arranged randomly with respect to the audit supervisors. Production normally peaks near the end of a month. If objective. the auditor wants The sample is determined using multiple random starts and includes to select two reports per month using an interval sampling plan, more items which of the than required. following techniques reduces the likelihood of bias in the sample? C. A. Estimating the error rate in the population. D. Judgmental sampling is used by the auditor to offset any sampling B. Using multiple random starts. bias. C. Increasing the confidence level. Answer (A) is incorrect. Systematic selection is random only with D. Increasing the precision. respect to the Gleim CIA Test Prep: Part 1 - Internal Audit Basics start. (720 questions) Answer (B) is correct. A sample selected using a systematic Copyright 2013 Gleim Publications Inc. Page 264 sampling procedure Printed for Sanja Knezevic and a random start will behave as if it were a random sample when fb.com/ciaaofficial the population Answer (A) is incorrect. Estimating the deviation rate in the is randomly ordered with respect to the audit objective. Sampling population has no effect bias due to on bias. Bias is related to the selection method. systematic selection will be small when the population items are not Answer (B) is correct. Systematic (interval) sampling involves arranged in a choosing a random pattern. start and then selecting subsequent items at fixed intervals. Answer (C) is incorrect. The number of items in a sample is not However, if the population relevant to the is not random, for example, because it exhibits cyclical variation, the procedures used to select the specific items in the sample. The use results will be of multiple random starts might increase the chance that a sample will behave [487] Gleim #: 5.5.59 randomly, but An auditor is testing on a company’s large, normally distributed only if the population is arranged randomly. accounts receivable Answer (D) is incorrect. Judgmental sampling will not increase the file. The objectives of the audit are to test end-of-period monetary randomness balances and of a sample but will introduce sampling bias into the sample. accounts receivable posting exception (error) rates. The accounts [486] Gleim #: 5.5.58 receivable file The most appropriate methodology for drawing a sample from 3,000 contains a large number of small monetary balances and a small time cards to number of large check for signatures would be monetary balances, and the auditor expects to find numerous errors A. Interval sampling. in the account B. Cluster sampling. balances. The most appropriate sampling technique to estimate the C. Stratified sampling. monetary amount D. Variables sampling. of errors is Gleim CIA Test Prep: Part 1 - Internal Audit Basics Difference or A. ratio estimation. (720 questions) B. Unstratified mean-per-unit. Copyright 2013 Gleim Publications Inc. Page 265 C. Probability-proportional-to-size. Printed for Sanja Knezevic D. Attribute. Answer (A) is correct. Systematic (interval) sampling is Answer (A) is correct. Difference estimation calculates the average accomplished by selecting a difference random start and taking every nth item in the population, if n is the between the audit and recorded amounts of sample items and sampling interval, multiplies by the computed by dividing the population by the size of the sample. The number of items in the population. Ratio estimation multiplies the random start recorded should be within the first interval. A systematic sampling plan amount of the population by the ratio of the observed amount of the assumes the items are sample to its arranged randomly in the population. If the auditor discovers that this total recorded amount. These methods are useful when small errors is not true, a predominate random selection method should be used. The population of time and the errors are not skewed. If the number of errors is small, a very cards may be in large sample random order. is required to provide a representative difference between audit and Answer (B) is incorrect. The time cards are not arranged in clusters recorded (blocks). amounts. Answer (C) is incorrect. The time cards are not arranged in strata or Answer (B) is incorrect. Mean-per-unit estimation is used to project subpopulations. a total Answer (D) is incorrect. The purpose of the sample is to estimate monetary amount by multiplying the mean sample value by the the rate at which a number of items in control (presumably supervisors’ signatures) has been applied, not the population. Unstratified means that the population is not divided the value of the into population. subpopulations. This method is inappropriate when many small Answer (C) is incorrect. Stratified sampling arranges populations for balance account more errors exist. efficient sampling. Answer (C) is incorrect. Probability-proportional-to-size sampling is Answer (D) is correct. The accounts receivable posting exception used for rate would be estimating monetary amounts of errors when the expected error determined using attribute sampling. Attribute sampling is used for frequency is low. applications Because the sampling unit is the monetary unit, this method involving binary (yes/no or right/wrong) propositions. Whether an increases the item has been likelihood of selecting large items. posted requires a yes/no answer. Answer (D) is incorrect. Attribute sampling does not involve [489] Gleim #: 5.5.61 estimation of An auditor is testing on a company’s large, normally distributed monetary amounts. accounts receivable Gleim CIA Test Prep: Part 1 - Internal Audit Basics file. The objectives of the audit are to test end-of-period monetary (720 questions) balances and Copyright 2013 Gleim Publications Inc. Page 266 accounts receivable posting exception (error) rates. To test the Printed for Sanja Knezevic accounts receivable file fb.com/ciaaofficial to compute an estimated monetary total, the auditor could use any [488] Gleim #: 5.5.60 one of the following An auditor is testing on a company’s large, normally distributed sampling techniques except accounts receivable A. Difference or ratio estimation. file. The objectives of the audit are to test end-of-period monetary B. Unstratified mean-per-unit estimation. balances and C. Probability-proportional-to-size sampling. accounts receivable posting exception (error) rates. The expected D. Attribute sampling. population exception Answer (A) is incorrect. Difference or ratio estimation can be used rate is 3% for the accounts receivable posting processes. If the to estimate auditor has established population dollar values. Both methods involve determining the a 5% tolerable rate, the auditor would use which sampling plan for difference testing the actual between the audit and recorded amounts of items in the sample. exception rate? Answer (B) is incorrect. Mean-per-unit estimation averages audit Difference or mean-A. per-unit estimation. values and B. Discovery. multiplies them by the units in the population to estimate the account C. Stratified. balance. D. Attribute. Answer (C) is incorrect. Probability-proportional-to-size sampling Answer (A) is incorrect. Difference or mean estimation is used when uses the sampling monetary unit as the sampling unit. It is a means of testing account for monetary values. balances. Answer (B) is incorrect. Discovery sampling is only used when Answer (D) is correct. Attribute sampling is used for applications exception rates involving are expected to be very low. binary (yes/no or right/wrong) propositions. Attribute sampling does Answer (B) is incorrect. Confirming receivables is appropriate for not involve use of random estimation of monetary amounts. selection. Individual account balances could be selected by using Gleim CIA Test Prep: Part 1 - Internal Audit Basics probabilityproportional- (720 questions) to-size (monetary-unit) sampling or by randomly choosing a page Copyright 2013 Gleim Publications Inc. Page 267 number and then selecting an account item (1-50) on each page. Printed for Sanja Knezevic Answer (C) is correct. A sales cutoff test is the least justified [490] Gleim #: 5.5.62 situation for use of An internal auditor uses a number of techniques to select samples. A random selection because the auditor is concerned that the monthly frequently, and sales journal appropriately, used technique is random selection. In which of the has been held open to record the next month sales. The auditor following situations should select would random selection be least justified? The auditor needs to transactions from the latter part of the month and examine supporting Test sales transactions to determine that they were properly evidence to authorized and are determine if they were recorded in the proper period. supported by shipping documents. Answer (D) is incorrect. The auditor can audit the largest monetary- A. value items Confirm accounts receivable and has already selected the 10 largest and then randomly sample small items. accounts for [491] Gleim #: 5.5.63 confirmation. The remaining accounts are not numbered. The auditor The auditor wishes to sample the perpetual inventory records to only has a develop an estimate of computer listing of the accounts in alphabetical order approximately the monetary amount of misstatement, if any, in the account balance. 250 pages The account long with 50 account balances on every page. balance is made up of a large number of small-value items and a B. small number of Obtain evidence on the proper sales cut-off by sampling items from large-value items. The auditor has decided to audit all items over US the monthly $50,000 plus a sales journal to determine if the items were recorded in the correct random selection of others. This audit decision is made because the time period. auditor expects to C. find a large amount of errors in the perpetual inventory records but is Test the perpetual inventory records to ensure that the sample not sure that it covers the largest will be enough to justify taking a complete physical inventory. The monetary value items in the account. auditor expects the D. errors to vary directly with the value recorded in the perpetual Answer (A) is incorrect. Testing controls over sales is ideal for records. The most random selection. efficient sampling procedure to accomplish the auditor’s objectives is This type of sampling provides evidence about the quality of Monetary-A. unit sampling. processing B. Ratio estimation. throughout the year. C. Attribute sampling. D. Stratified mean-per-unit sampling. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Use stratified sampling where the strata are defined by marital and (720 questions) family status, Copyright 2013 Gleim Publications Inc. Page 268 age, and salaried/hourly status. Printed for Sanja Knezevic C. fb.com/ciaaofficial D. Use monetary-unit sampling according to employee salaries. Answer (A) is incorrect. Monetary-unit (probability-proportional-to- Answer (A) is incorrect. This convenience sample is likely to size) sampling emphasize people becomes less accurate when many errors are expected. with the time to respond at the expense of employees who are too Answer (B) is correct. Ratio estimation estimates the population busy with misstatement by company work to respond. multiplying the recorded amount of the population by the ratio of the Answer (B) is incorrect. Managers and supervisors often do not total audit have the same amount of the sample to its total recorded amount. It is reliable and needs and perceptions as their subordinates and also often efficient when misperceive the views small errors predominate and are not skewed. Thus, ratio estimation of employees. should be used in Answer (C) is correct. Stratified sampling divides a population into this situation because the auditor is not sampling the very large items subpopulations, thereby permitting the application of different and the errors are techniques to each not skewed (they vary directly with the size of the recorded values). stratum. This approach reduces the effect of high variability if the Answer (C) is incorrect. Attribute sampling is not used to estimate a strata are monetary selected so that variability among the strata is greater than variability amount. within each Answer (D) is incorrect. Mean-per-unit (MPU) variables sampling stratum. For example, one expects to find greater similarities among averages audit married values in the sample and multiplies by the number of items in the people than between married people and unmarried people. population to Answer (D) is incorrect. The survey tests perceptions and beliefs, estimate the population value. When many errors are expected, MPU not monetary and stratified amounts. MPU are not as efficient as ratio estimation. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [492] Gleim #: 5.5.64 (720 questions) An auditor is conducting a survey of perceptions and beliefs of Copyright 2013 Gleim Publications Inc. Page 269 employees concerning Printed for Sanja Knezevic an organization health care plan. The best approach to selecting a [493] Gleim #: 5.5.65 sample is to The appropriate sampling plan to use to identify at least one Focus on people who are likely to respond so that a larger sample A. irregularity, assuming can be obtained. some number of such irregularities exist in a population, and then to Focus on managers and supervisors because they can also reflect discontinue the opinions of sampling when one irregularity is observed is the people in their departments. A. Stop-or-go sampling. B. B. Discovery sampling. C. Variables sampling. determine if they are current and properly categorized. For each loan D. Attribute sampling. approved, Answer (A) is incorrect. Stop-or-go sampling is a variant of attribute verify aging and categorization. sampling B. intended to reduce sample sizes when the population is relatively Select a discovery sample of all loan applications to determine deviation free. It whether each allows for discontinuing sampling when few or no errors are found or application contains a statement of collateral. for C. expanding the sample if the initial sample does not provide sufficient Select a sample of payments made on the loan portfolio and trace assurance. them to loans to Answer (B) is correct. Discovery sampling is a form of attribute see if the payments are properly applied. For each loan identified, sampling applied examine the when a control is critical and a single deviation is important, for loan application to determine that the loan has proper example, collateralization. commission of a material fraud. The expected deviation rate should D. be at or near Gleim CIA Test Prep: Part 1 - Internal Audit Basics zero, and the sample size is calculated so that the sample will (720 questions) include at least one Copyright 2013 Gleim Publications Inc. Page 270 example of a deviation if it occurs in the population at a given rate. Printed for Sanja Knezevic Answer (C) is incorrect. Variables sampling estimates the value of a fb.com/ciaaofficial population. Answer (A) is correct. In some cases, stratifying the population is Answer (D) is incorrect. Most attribute sampling applications are not done to reduce the discontinued when a single deviation is found. effect of high variability by dividing the population into [494] Gleim #: 5.5.66 subpopulations. Reducing the A bank’s internal auditor wishes to determine whether all loans are variance within each subpopulation allows the auditor to sample a supported by smaller number of sufficient collateral, properly aged regarding current payments, and items while holding precision and confidence level constant. This accurately procedure is the categorized as current or noncurrent. The best audit procedure to most appropriate in this situation because it takes a sample from the accomplish these total loan file and objectives would be to tests to determine that each sampling unit is properly categorized as Use generalized audit software to read the total loan file, age the file well as properly by last collateralized and aged. payment due, and extract a statistical sample stratified by the current Answer (B) is incorrect. Block sampling (cluster sampling) randomly and aged selects groups population. Examine each loan selected for proper collateralization of items as the sampling units. For this plan to be effective, variability and aging. within the A. blocks should be greater than variability among them. If blocks of Select a block sample of all loans in excess of a specified monetary homogeneous limit and samples are selected, the sample will be biased. Furthermore, this of the rate of occurrence of some characteristic in a population. sample only consists Hence, the entire of large loan amounts and does not test for proper collateralization. sample size must be taken, regardless of when the first error occurs. Answer (C) is incorrect. Discovery sampling is a form of attribute Answer (C) is incorrect. Stop-or-go sampling is a sequential sampling used to sampling procedure. identify critical deviations in a population. The occurrence rate is The next step is determined by the results of the previous step. Once assumed to be at or a step is near 0%, and the method cannot be used to evaluate results initiated, it is carried out until it is completed. Each phase of the statistically if deviations sample is are found in the sample. Hence, discovery sampling is used for tests conducted without reference to when the first error is observed. of controls, but it Answer (D) is correct. Discovery sampling is a form of attribute is appropriate only when one deviation is critical. Moreover, this sampling used to procedure is identify critical deviations in a population. The occurrence rate is inefficient because it samples from loan applications, not loans assumed to be at approved. or near 0%, and the method cannot be used to evaluate results Answer (D) is incorrect. This procedure is ineffective. It is based statistically if only on loans for deviations are found in the sample. Hence, discovery sampling is which payments are currently being made. It does not include loans used for tests of that should have controls, but it is appropriate only when one deviation is critical. The been categorized differently because payments are not being made. sample size It also does not is calculated so that the sample will contain at least one example of a address whether the loans are properly classified as current or deviation if noncurrent. it occurs in the population at a given rate. [495] Gleim #: 5.5.67 Gleim CIA Test Prep: Part 1 - Internal Audit Basics Which sampling plan requires no additional sampling once the first (720 questions) error is found? Copyright 2013 Gleim Publications Inc. Page 271 A. Stratified sampling. Printed for Sanja Knezevic B. Attribute sampling. [496] Gleim #: 5.5.68 C. Stop-or-go sampling. The supervisor of claims processing for a health insurance firm D. Discovery sampling. selects all claims Answer (A) is incorrect. Stratifying the population is done to reduce processed in the past 2 days by a particular employee for audit. the effect of From this sample, the high variability by dividing the population into subpopulations. It is not supervisor can develop concerned An overall representative view of employee A. work for the year. with errors in the population, and sampling would not stop when the B. A quantification of sampling error. first error is C. Conclusions about the correctness of processing for the encountered. department. Answer (B) is incorrect. The goal of attribute sampling is to arrive at D. An understanding of the details contained in the processing task. an estimate Answer (A) is incorrect. The sample is not representative of the employee’s work for the whole year. is calculated so that the sample will contain at least one example of a Answer (B) is incorrect. The sample is a judgment, not a statistical, deviation if sample. it occurs in the population at a given rate. Answer (C) is incorrect. Conclusions about the whole department Answer (C) is incorrect. Probability-proportional-to-size (monetary- cannot be unit) drawn from a sample of one employee’s work. sampling is a modified version of attribute sampling that relates Answer (D) is correct. The auditor has used judgment sampling, not deviation rates to statistical monetary amounts. sampling. Thus, (s)he cannot quantitatively assess precision and Answer (D) is incorrect. Variables sampling is used to estimate the confidence level value of a and therefore is precluded from drawing valid statistical inferences population, not the occurrence rate of deviations. about the Gleim CIA Test Prep: Part 1 - Internal Audit Basics population. However, this sample should assist the auditor in (720 questions) obtaining a Copyright 2013 Gleim Publications Inc. Page 272 preliminary understanding of the system and in determining whether Printed for Sanja Knezevic a statistical fb.com/ciaaofficial sample will be needed. [498] Gleim #: 5.5.70 [497] Gleim #: 5.5.69 Assume the internal auditor becomes concerned that significant When an internal auditor’s sampling objective is to obtain a fraud may be taking measurable assurance that place by dentists who are billing the health care processor for a sample will contain at least one occurrence of a specific critical services that were not exception existing in provided. For example, employees may have their teeth cleaned, but a population, the sampling approach to use is the dentist A. Random. charges the processor for pulling teeth and developing dentures. The B. Discovery. most effective C. Probability-proportional-to-size. procedure to determine whether such a fraud exists is to D. Variables. Develop a schedule of payments made to individual dentists. Verify Answer (A) is incorrect. Random sampling is a method used to that payments choose the were made to the dentists by confirming the payments with the sample. health care Answer (B) is correct. Discovery sampling is a form of attribute processor. sampling used to A. identify critical deviations in a population. The occurrence rate is Take a random sample of payments made to dentists and confirm assumed to be at the amounts or near 0%, and the method cannot be used to evaluate results paid with the dentists’ offices to determine that the amounts agree statistically if with the deviations are found in the sample. Hence, discovery sampling is amounts billed by the dentists. used for tests of B. controls, but it is appropriate only when one deviation is critical. The Take a random sample of claims submitted by dentists and trace sample size through the system to determine whether the claims were paid at the amounts Simple random sampling to select a sample of vouchers processed billed. by the C. department during the past year. Take a discovery sample of employee claims that were submitted A. through dentist Probability-proportional-to-size sampling to select a sample of offices, and confirm the type of service performed by the dentist vouchers through direct processed by the department during the past year. correspondence with the employee who had the service performed. B. D. Discovery sampling to select a sample of vouchers processed by the Answer (A) is incorrect. Developing a schedule of payments and department verifying that during the past year. the payments were made does not reveal whether the claims were C. proper or Judgmental sampling to select a sample of vouchers processed by fraudulent. clerks identified Answer (B) is incorrect. Verifying that dentists were paid the by the department manager as acting suspiciously. amounts that they D. billed does not reveal whether the claims were proper or fraudulent. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Verifying that claims were paid at the (720 questions) amounts billed Copyright 2013 Gleim Publications Inc. Page 273 does not reveal whether the claims were proper or fraudulent. Printed for Sanja Knezevic Answer (D) is correct. A discovery sample is used to identify critical Answer (A) is incorrect. Simple random sampling is appropriate if errors or the extent of fraud irregularities, that is, when a single deviation is critical. This method is to be estimated. cannot be Answer (B) is incorrect. Probability-proportional-to-size sampling is used to evaluate the results statistically if deviations are found. appropriate if the Because dentists monetary value of fraud is to be estimated. are suspected of filing fraudulent claims, the auditor should take a Answer (C) is correct. The purpose is to determine whether fraud discovery has occurred rather sample of employee claims. The internal auditor should then confirm than to estimate its overall frequency. Discovery sampling is a the work method designed done by the dentist according to the claim with the employee. The specifically for this purpose. It is a form of attribute sampling used to employee is the identify critical best source of information as to whether the service was provided. deviations in a population. The occurrence rate is assumed to be 0%, [499] Gleim #: 5.5.71 and statistical After partially completing an internal control review of the accounts evaluation of results is impossible if deviations are found. Thus, payable discovery sampling is department, an auditor suspects that some type of fraud has only appropriate when one deviation is critical. occurred. To ascertain Answer (D) is incorrect. Restricting the population to the vouchers whether the fraud is present, the best sampling approach is to use processed by suspicious workers presents a significant potential for biasing the used for tests of monetary amounts, so the variability of monetary sample. The amounts is not an department manager may be the guilty party. issue in determining sample size. [500] Gleim #: 5.5.72 Answer (B) is incorrect. Monetary-unit (probability-proportional-to- Management is legally required to prepare a shipping document for size) sampling all movement of neutralizes variability by defining the sampling unit as an individual hazardous materials. The document must be filed with bills of lading. monetary unit. Management Answer (C) is correct. The sample size for a variable test depends expects 100% compliance with the procedure. Which of the following on confidence level, sampling population size, precision, and variability of the population. The approaches is most appropriate? standard deviation A. Attribute sampling. measures variability. The larger the standard deviation, the larger the B. Discovery sampling. sample size that C. Targeted sampling. is required to achieve specified levels of precision and confidence. D. Variables sampling. Answer (D) is incorrect. The objective of discovery sampling is to Answer (A) is incorrect. The particular type of attribute sampling that select items until at is least one item is discovered with a particular characteristic, such as appropriate in this situation is discovery sampling. evidence of fraud. Answer (B) is correct. Discovery sampling is a form of attribute [502] Gleim #: 5.5.74 sampling used to An internal auditor is performing a test to determine whether a gas identify critical errors or irregularities, i.e., when the occurrence rate and electric is assumed to appliance manufacturer should move its service center from one be 0%. location to another. Answer (C) is incorrect. Targeted sampling is a nonsense answer. The service center houses the service trucks that are used to drive to Answer (D) is incorrect. Variables sampling concerns amounts. the customers’ [501] Gleim #: 5.5.73 locations to service their appliances. The internal auditor wants to Variability of the monetary amount of individual items in a population determine the affects sample reduction in average miles driven as a result of moving to the other size in which of the following sampling plans? location. Which of A. Attribute sampling. the following statistical sampling methods would be most appropriate B. Monetary-unit sampling. for this test? C. Mean-per-unit sampling. A. Attribute sampling. D. Discovery sampling. B. Discovery sampling. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Probability-proportional-to-size (monetary-unit) sampling. (720 questions) D. Mean-per-unit sampling. Copyright 2013 Gleim Publications Inc. Page 274 Answer (A) is incorrect. Attribute sampling will not produce a Printed for Sanja Knezevic quantitative value. fb.com/ciaaofficial Answer (B) is incorrect. Discovery sampling is used to uncover an Answer (A) is incorrect. Attribute sampling tests binary (yes/no) attribute that propositions. It is not exists in the population with a low rate of occurrence, not to estimate Answer (B) is incorrect. Probability-proportional-to-size sampling a variable. uses attribute Answer (C) is incorrect. Individual carrying amounts adding up to a sampling methods to estimate monetary amounts. It is not total carrying appropriate in this situation. amount are required for probability-proportional-to-size (monetary- Answer (C) is incorrect. Attribute sampling tests binary propositions unit) sampling and therefore to be used. cannot estimate the average length of time to process the claims. It Answer (D) is correct. Mean-per-unit sampling is the only variables could, however, be sampling used to estimate the probability that a claim is not processed within method designed to estimate a variable for which individual carrying the company’s amounts of defined standard. items in a population are not available. Answer (D) is incorrect. Discovery sampling is used to determine if [503] Gleim #: 5.5.75 an isolated event The internal auditor for an insurance company is conducting an audit is occurring in the population. It would be used here only if exceeding of claims the policy for processing and wants to assess the average length of time taken to claims processing were expected to be extremely rare and extremely process automobile important. claims to determine whether processing is being completed within [504] Gleim #: 5.5.76 standards set by An auditor is checking the accuracy of a computer-printed inventory company policy. The auditor plans to take a sample of claims made listing to during the year determine whether the total monetary value of inventory is and perform the needed analysis. The most appropriate sampling significantly overstated. method is Because there is not adequate time or resources to check all items in A. Mean-per-unit variables sampling. the warehouse, a B. Probability-proportional-to-size sampling. sample of inventory items must be used. If the sample size is fixed, C. Attribute sampling. which one of the D. Discovery sampling. following would be the most accurate sampling approach in this Gleim CIA Test Prep: Part 1 - Internal Audit Basics case? (720 questions) Select those items that are most A. easily inspected. Copyright 2013 Gleim Publications Inc. Page 275 B. Employ simple random sampling. Printed for Sanja Knezevic Sample so that the probability of a given inventory item being Answer (A) is correct. Mean-per-unit (MPU) variables sampling selected is averages audit values proportional to the number of units sold for that item. in the sample and multiplies by the number of items in the population C. to estimate the Sample so that the probability of a given inventory item being population value. This is the most appropriate sampling procedure selected is because it allows proportional to its book value. the auditor to calculate the mean for the processing time and D. construct a confidence Answer (A) is incorrect. Using ease of inspection as a selection interval around the mean. criterion provides no statistical validity. and hardware problems. Answer (B) is incorrect. Simple random sampling selects units of C. inventory. D. The cost to alleviate all computer complaints. Large and small items are equally likely to be chosen. Thus, it will Answer (A) is incorrect. The organization should focus its scarce probably result resources on in a sample that accounts for a lesser percentage of the total those areas generating the highest levels of dissatisfaction. Pareto monetary value than diagrams such PPS sampling. as this one are tools for facilitating this kind of analysis. Answer (C) is incorrect. Although better than simple random Answer (B) is incorrect. Complaints about CD-ROMs and software sampling, selection are of items with high sales volumes may result in a sample with a infrequent. relatively small Answer (C) is correct. Complaints based on lack of user knowledge monetary value. and hardware Answer (D) is correct. The audit objective is to determine whether problems are by far the most frequent according to this chart. the total Consequently, the monetary amount of inventory is significantly overstated. Hence, company should devote its resources primarily to these issues. monetary-unit Answer (D) is incorrect. Cost information is not provided. (probability-proportional-to-size) sampling is appropriate. It increases [506] Gleim #: 5.6.78 the An organization has collected data on the complaints made by likelihood that a sample of a given size will include high monetary- personal computer users value and has categorized the complaints. inventory items. (Refer to Figure FIGURE18_12.) Gleim CIA Test Prep: Part 1 - Internal Audit Basics The chart displays the (720 questions) A. Arithmetic mean of each computer complaint. Copyright 2013 Gleim Publications Inc. Page 276 B. Relative frequency of each computer complaint. Printed for Sanja Knezevic C. Median of each computer complaint. fb.com/ciaaofficial D. Absolute frequency of each computer complaint. [505] Gleim #: 5.6.77 Answer (A) is incorrect. The chart does not display arithmetic An organization has collected data on the complaints made by means, relative personal computer users frequencies, or medians of each type of complaint. and has categorized the complaints. Answer (B) is incorrect. The chart does not display arithmetic (Refer to Figure FIGURE18_12.) means, relative Using the information collected, the organization should focus on frequencies, or medians of each type of complaint. The total number of personal computer complaints A. that occurred. Answer (C) is incorrect. The chart does not display arithmetic The number of computer complaints associated with CD-ROM means, relative problems and new frequencies, or medians of each type of complaint. software usage. Answer (D) is correct. This Pareto diagram depicts the frequencies B. of complaints The number of computer complaints associated with the lack of user in absolute terms. It displays the actual number of each type of knowledge complaint. The chart does not display arithmetic means, relative frequencies, or grounds. The chart is particularly valuable in determining whether the medians of each quality of type of complaint. materials received from outside vendors is consistent from month to Gleim CIA Test Prep: Part 1 - Internal Audit Basics month. What is (720 questions) the best term for this chart? Copyright 2013 Gleim Publications Inc. Page 277 A. C chart. Printed for Sanja Knezevic B. P chart. [507] Gleim #: 5.6.79 C. R chart. Statistical quality control often involves the use of control charts D. X-bar chart. whose basic purpose Answer (A) is incorrect. A C chart is also an attribute control chart. It is to shows Determine when accounting control procedures A. are not working. defects per item. B. Control labor costs in production operations. Answer (B) is correct. A P chart is based on an attribute C. Detect performance trends away from normal operations. (acceptable/not D. Monitor internal control applications of information technology. acceptable) rather than a measure of a variable, specifically, the Answer (A) is incorrect. Quality control concerns product quality, not percentage of controls defects in a sample. over accounting procedures. Answer (C) is incorrect. An R chart displays the range of dispersion Answer (B) is incorrect. Quality control concerns product quality, not of a variable, costs. such as size or weight. Answer (C) is correct. Statistical control charts are graphic aids for Answer (D) is incorrect. An X-bar chart plots the sample mean for a monitoring variable. the status of any process subject to random variations. The Gleim CIA Test Prep: Part 1 - Internal Audit Basics processes are measured (720 questions) periodically, and the values are plotted on the chart. If the value falls Copyright 2013 Gleim Publications Inc. Page 278 within the Printed for Sanja Knezevic control limits, no action is taken. If the value falls outside the limits, fb.com/ciaaofficial the process is [509] Gleim #: 5.6.81 considered “out of control,” and an investigation is made for possible A health insurer uses a computer application to monitor physician bill corrective amounts for action. Another advantage of the chart is that it makes trends visible. various surgical procedures. This program allows the organization to Answer (D) is incorrect. Quality control concerns product quality, not better control information technology. reimbursement rates. The X-bar chart below is an example of the [508] Gleim #: 5.6.80 output from this The statistical quality control department prepares a control chart application. showing the (Refer to Figure CIA2_7_59.) percentages of defective production. Simple statistical calculations Select the interpretation that best explains the data plotted on the provide control chart. limits that indicate whether assignable causes of variation are A. Random variation. explainable on chance B. Abnormal variation. C. Normal variation. not upper management. D. Cyclic variation. Answer (C) is incorrect. Ensuring the conformance with ISO-9000 Answer (A) is incorrect. Random variations should fall within specifications realistically is a component of a compliance audit, not quality control. determined control limits. Answer (D) is incorrect. Determining the appropriate timing of Answer (B) is correct. Statistical quality control charts are graphic inspections is aids for only one step toward approaching quality control. Consequently, it is monitoring the status of any process subject to random variations. not the The X-bar chart primary component of the quality control function. presented here depicts the sample means for a variable. If the values Gleim CIA Test Prep: Part 1 - Internal Audit Basics fall within (720 questions) the upper and lower control limits, no action is taken. Accordingly, Copyright 2013 Gleim Publications Inc. Page 279 values outside Printed for Sanja Knezevic these limits are abnormal and should be investigated for possible [511] Gleim #: 5.6.83 corrective An automobile parts manufacturer has received complaints from action. customers about Answer (C) is incorrect. Normal variations should fall within declining quality. After a quick review, management realizes the realistically problem has no determined control limits. single source. To perform a thorough process of problem Answer (D) is incorrect. In time series analysis, cyclic variation is identification, the most the fluctuation appropriate tool is a(n) in the value of a variable caused by change in the level of general Fishbone A. (Ishikawa) diagram. business B. Histogram. activity. C. Pareto diagram. [510] Gleim #: 5.6.82 D. ISO 9000 audit. The most important component of quality control is Answer (A) is correct. A fishbone diagram (also called a cause-and- A. Ensuring that goods and services conform to the design effect specifications. diagram or an Ishikawa diagram) is a total quality management B. Satisfying upper management. process C. Conforming with ISO-9000 specifications. improvement technique. It is useful in studying causation (why the D. Determining the appropriate timing of inspections. actual and Answer (A) is correct. The intent of quality control is to ensure that desired situations differ). This format organizes the analysis of goods and causation and services conform to the design specifications. Whether the focus is helps to identify possible interactions among causes. on Answer (B) is incorrect. A histogram displays the continuum of feedforward, feedback, or concurrent control, the emphasis is on values for an ensuring product independent variable. It is useful for visually inspecting the range of a or service conformity. quantifiable Answer (B) is incorrect. Quality control is geared toward satisfying variable. the customer, Answer (C) is incorrect. A Pareto diagram (also known as 80:20 control charts are graphic aids for monitoring the status of any analysis) process subject to displays the values of an independent variable such that managers random variations. can quickly Gleim CIA Test Prep: Part 1 - Internal Audit Basics identify the areas most in need of attention. The variables involved (720 questions) must be Copyright 2013 Gleim Publications Inc. Page 280 quantifiable. Printed for Sanja Knezevic Answer (D) is incorrect. An ISO 9000 audit focuses on process, not fb.com/ciaaofficial product, [513] Gleim #: 5.6.85 quality. The director of sales asks for a count of customers grouped in [512] Gleim #: 5.6.84 descending numerical A manufacturer mass produces nuts and bolts on its assembly line. rank by (1) the number of orders they place during a single year and The line (2) the dollar supervisors sample every nth unit for conformance with amounts of the average order. The visual format of these two pieces specifications. Once a of information is nonconforming part is detected, the machinery is shut down and most likely to be a adjusted. The most Fishbone A. (Ishikawa) diagram. appropriate tool for this process is a B. Cost of quality report. A. Fishbone (Ishikawa) diagram. C. Kaizen diagram. B. Cost of quality report. D. Pareto diagram. C. ISO 9000 audit. Answer (A) is incorrect. A fishbone diagram is useful for determining D. Statistical quality control chart. the Answer (A) is incorrect. A fishbone diagram is useful for determining unknown causes of problems, not for stratifying quantifiable the variables. unknown causes of problems, not routine mechanical adjustments. Answer (B) is incorrect. The contents of a cost of quality report are Answer (B) is incorrect. The contents of a cost of quality report are stated in stated in monetary terms. This report is not helpful for determining when to monetary terms. This tool is not helpful for determining when to adjust adjust machinery. machinery. Answer (C) is incorrect. Kaizen diagram is not a meaningful term in Answer (C) is incorrect. An ISO 9000 audit focuses on the quality of this context. the Answer (D) is correct. A Pareto diagram (also known as 80:20 organization’s total process, not the routine adjustment of machinery. analysis) displays Answer (D) is correct. Statistical quality control is a method of the values of an independent variable such that managers can determining quickly identify the whether the shipment or production run of units lies within acceptable areas most in need of attention. limits. It is [514] Gleim #: 6.1.1 also used to determine whether production processes are out of In planning an assurance engagement, a survey could assist with all control. Statistical of the following except A. Obtaining engagement client comments and suggestions on activities, risks, and controls to identify areas for engagement control problems. emphasis and (2) invite B. Obtaining preliminary information on controls. comments and suggestions from engagement clients (PA 2210.A1-1, C. Identifying areas for engagement emphasis. para. 3). An D. Evaluating the adequacy and effectiveness of controls. analysis of quality control documents is a part of field work, which Answer (A) is incorrect. A survey could assist with obtaining client follows the survey. comments Answer (B) is incorrect. The permanent engagement file probably and suggestions on control problems. contains Answer (B) is incorrect. A survey could assist with obtaining information, such as problems detected in prior years that will help in preliminary the development information on controls. of appropriate questions to ask this year. Answer (C) is incorrect. A survey could assist with identifying areas Answer (C) is incorrect. The prior engagement communications will for likely assist in engagement emphasis. developing the current year’s questionnaire. Answer (D) is correct. Internal auditors conduct a survey to (1) Answer (D) is incorrect. Knowing what the department is supposed become familiar to do will help the with activities, risks, and controls to identify areas for engagement internal auditor develop knowledgeable questions. emphasis and [516] Gleim #: 6.1.3 (2) invite comments and suggestions from engagement clients (PA During which phase of the engagement does the internal auditor 2210.A1-1, identify the objectives para. 3). A survey is not sufficient for evaluating the adequacy and and related controls of the activity being examined? effectiveness A. Preliminary survey. of controls. Evaluation requires testing. B. Staff selection. [515] Gleim #: 6.1.2 C. Work program preparation. An assurance engagement in the quality control department is being D. Final communication of results. planned. Which of Answer (A) is correct. If appropriate, internal auditors conduct a the following is least likely to be used in the preparation of a survey to (1) preliminary survey become familiar with activities, risks, and controls to identify areas for questionnaire? engagement emphasis and (2) invite comments and suggestions A. An analysis of quality control documents. from engagement B. The permanent engagement file. clients (PA 2210.A1-1, para. 3). C. The prior engagement communications. Answer (B) is incorrect. Staff selection is the process of deciding D. Management’s charter for the quality control department. which internal Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditors will work on the engagement. (720 questions) Answer (C) is incorrect. The work program is prepared after the Copyright 2013 Gleim Publications Inc. Page 281 preliminary Printed for Sanja Knezevic survey. Answer (A) is correct. Internal auditors conduct a survey to (1) Answer (D) is incorrect. Final communication of results occurs after become familiar with the completion of the engagement. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Research temporary help agencies and evaluate the cost and benefit (720 questions) of outsourcing Copyright 2013 Gleim Publications Inc. Page 282 needed services. Printed for Sanja Knezevic C. fb.com/ciaaofficial Suspend further engagement work and issue the final [517] Gleim #: 6.1.4 communication of results The preliminary survey indicates that severe staff reductions at the because the conclusions are obvious. engagement D. location have resulted in extensive amounts of overtime among Answer (A) is correct. A preliminary survey allows the internal accounting staff. auditor to (1) Department members are visibly stressed and very vocal about the become familiar with activities, risks, and controls to identify areas for effects of the engagement emphasis and (2) invite comments and suggestions cutbacks. Accounting payrolls are nearly equal to prior years, and from engagement many key controls, clients (PA 2210.A1-1, para. 3). In this case, additional planning is such as segregation of duties, are no longer in place. The accounting necessary to supervisor now modify the engagement for the difficult circumstances discovered performs all operations within the cash receipts and posting process during the and has no time to preliminary survey and to address the responsibilities of the internal review and approve transactions generated by the remaining audit activity. members of the Answer (B) is incorrect. What additional work will be necessary is department. Journal entries for the last 6 months since the staff not clear in reductions show these circumstances. increasing numbers of prior-month adjustments and corrections, Answer (C) is incorrect. Management has not accepted this plan of including revenues, action. cost of sales, and accruals that had been misstated or forgotten Answer (D) is incorrect. Issuing a final communication of results at during month-end this point closing activity. The internal auditor should would violate the Standards, including those relating to objectivity, Discuss these observations with management of the internal audit due activity to professional care, and performance of the engagement. determine whether further work would be an efficient use of internal [518] Gleim #: 6.1.5 auditing Which of the following best describes a preliminary survey? resources at this time. A standardized questionnaire used to obtain an understanding of A. management Proceed with the scheduled engagement but add personnel based objectives. on the expected A. number of observations and anticipated lack of assistance from local A statistical sample of key employee attitudes, skills, B. and accounting knowledge. management. A “walk-through” of the financial control system to identify risks and B. the controls that can address those risks. C. performed? A process used to become familiar with activities and risks to identify Review reports of engagements performed by regulatory and areas for external auditors engagement emphasis. since the last internal audit engagement. D. A. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Interview management to identify changes made in policies (720 questions) regarding investments Copyright 2013 Gleim Publications Inc. Page 283 or loans. Printed for Sanja Knezevic B. Answer (A) is incorrect. A preliminary survey covers many areas Review minutes of board meetings to identify changes in policies besides management affecting objectives. investments and loans. Answer (B) is incorrect. A preliminary survey would not normally C. include statistical All of the answers D. are correct. sampling. Answer (A) is incorrect. The internal auditors should also interview Answer (C) is incorrect. A walk-through of controls is merely one management possible and review board minutes. component of a preliminary survey. Answer (B) is incorrect. The internal auditors should also review Answer (D) is correct. If appropriate, internal auditors conduct a reports of other survey to (1) become auditors and review board minutes. familiar with the activities, risks, and controls to identify areas for Answer (C) is incorrect. The internal auditors should also review engagement reports of other emphasis and (2) invite comments and suggestions from auditors and interview management. engagement clients Answer (D) is correct. Typical components of a preliminary survey (PA 2210.A1-1, para. 3). include, [519] Gleim #: 6.1.6 among other things, interviews and reviews of prior audit reports and The internal auditors of a financial institution are performing an other engagement to relevant documentation. evaluate the institution’s investing and lending activities. During the Gleim CIA Test Prep: Part 1 - Internal Audit Basics last year, the (720 questions) institution has adopted new policies and procedures for monitoring Copyright 2013 Gleim Publications Inc. Page 284 investments and Printed for Sanja Knezevic the loan portfolio. The internal auditors know that the organization fb.com/ciaaofficial has invested in [520] Gleim #: 6.1.7 new types of financial instruments during the year and is heavily An internal auditor conducts a preliminary survey and identifies a involved in the use of number of financial derivatives to appropriately hedge risks. If the internal significant engagement issues and reasons for pursuing them in auditors were to more depth. The conduct a preliminary review, which of the following procedures engagement client informally communicates concurrence with the should be preliminary survey results and asks that the internal auditor not report on the areas of is given for not pursuing the engagement. The internal auditor always significant concern considers until the client has an opportunity to respond to the problem areas. the risk associated with the potential observations as a basis for Which of the determining the following engagement responses is not appropriate? need for more immediate attention. Keep the engagement on schedule and discuss with management Answer (D) is incorrect. The internal auditor has identified significant the need for engagement issues. No basis is given for not pursuing the completing the engagement on a timely basis. engagement. A. [521] Gleim #: 6.1.8 Consider the risk involved in the areas involved, and, if the risk is During a preliminary survey, an auditor found that several accounts high, proceed payable vouchers with the engagement. for major suppliers required adjustments for duplicate payment of B. prior invoices. This Consider the engagement to be terminated with no communication of would indicate results A need for additional testing to determine related controls and the needed because the engagement client has already agreed to take current constructive exposure to duplicate payments made to suppliers. action. A. C. The possibility of unrecorded liabilities for the amount of B. the Work with the engagement client to keep the engagement on overpayments. schedule and address Insufficient controls in the receiving area to ensure timely notice to the significant issues in more depth, as well as the client’s the accounts responses, during the payable area that goods have been received and inspected. course of the engagement. C. D. The existence of a sophisticated accounts payable system that Answer (A) is incorrect. The internal auditor has identified significant correlates engagement issues. No basis is given for not pursuing the overpayments to open invoices and therefore requires no further engagement. audit concern. Answer (B) is incorrect. The internal auditor should always consider D. the risk Gleim CIA Test Prep: Part 1 - Internal Audit Basics associated with the potential observations as a basis for determining (720 questions) the need for Copyright 2013 Gleim Publications Inc. Page 285 more immediate attention. Printed for Sanja Knezevic Answer (C) is correct. The apparently constructive action by the Answer (A) is correct. One reason for conducting a preliminary engagement survey is to become client may be a delaying tactic intended to conceal more serious familiar with the activities, risks, and controls to identify areas for problems after the engagement internal auditor has identified significant engagement issues. emphasis (PA 2210.A1-1, para. 3). Accordingly, this preliminary Moreover, no basis survey information should prompt the auditor to identify the magnitude of duplicate engagement emphasis and (2) invite comments and suggestions payments. from engagement Answer (B) is incorrect. Unrecorded liabilities are not likely to result clients (PA 2210.A1-1, para. 3). Interviews with the engagement in the generation client may be of duplicate accounts payable vouchers. conducted as part of the survey to obtain an overall understanding of Answer (C) is incorrect. The existence of duplicate payments is operations. most likely related to Answer (B) is incorrect. The review for adequacy determines a problem in accounts payable. whether control Answer (D) is incorrect. Duplicate payments are not overpayments. processes exist that are properly planned and designed. Duplicate Answer (C) is incorrect. The review for effectiveness determines payments are exceptions and should be handled as such. whether [522] Gleim #: 6.1.9 management has directed processes to provide reasonable You are an internal auditing supervisor who is reviewing the working assurance that goals and papers of a staff objectives will be achieved. internal auditor’s overall examination of the firm’s sales function. The Answer (D) is incorrect. Internal auditors review operations and pages are not programs to numbered or cross-referenced. Furthermore, the working papers ascertain the extent to which results are consistent with goals and were dropped and objectives. reassembled at random before they were brought to you. You decide Gleim CIA Test Prep: Part 1 - Internal Audit Basics to put the (720 questions) working papers in the proper order according to the Standards. The Copyright 2013 Gleim Publications Inc. Page 286 first stage of this Printed for Sanja Knezevic activity is to identify each page as a part of (1) the preliminary fb.com/ciaaofficial survey, (2) the review [523] Gleim #: 6.1.10 of the adequacy of control processes, (3) the review for effectiveness During an operational engagement, an internal auditor compares the of control inventory processes, or (4) the review of results. The second page the turnover rate of a subsidiary with established industry standards to supervisor selects Evaluate the accuracy of the subsidiary’s internal A. financial reports. documents an interview with a salesperson discussing the overall B. Test the subsidiary’s controls designed to safeguard assets. sales cycle. This Determine if the subsidiary is complying with organizational page belongs with which activity? procedures regarding A. Preliminary survey. inventory levels. B. Review for adequacy of control processes. C. C. Review for effectiveness of control processes. Assess the performance of the subsidiary and indicate where D. Review of results. additional Answer (A) is correct. Planning includes performing, if appropriate, a engagement work may be needed. survey to D. (1) become familiar with the activities, risks, and controls to identify Answer (A) is incorrect. Evaluating the reliability and integrity of areas for financial records is one component of a financial, not an operational, engagement client is normally more economical. Some of the basic engagement. data gathering Answer (B) is incorrect. Evaluating the safeguarding of assets is will be done by those most competent to do it rapidly. one component Answer (D) is incorrect. Sending a memorandum and questionnaire of a financial, not an operational, engagement. is Answer (C) is incorrect. Testing inventory turnover addresses advantageous in most circumstances. economy and Gleim CIA Test Prep: Part 1 - Internal Audit Basics efficiency issues, not compliance. (720 questions) Answer (D) is correct. Analytical procedures are often used during Copyright 2013 Gleim Publications Inc. Page 287 the Printed for Sanja Knezevic preliminary survey to identify potential areas for additional [525] Gleim #: 6.1.12 engagement work. The audit committee has raised a few issues that the internal audit [524] Gleim #: 6.1.11 activity will In advance of a preliminary survey, a chief audit executive sends a examine during an operational audit for the current year. When memorandum and performing the questionnaire to the supervisors of the department to be evaluated. preliminary survey, which of the following is not an appropriate What is the most technique? likely result of that procedure? Performing A. interviews. A. It creates apprehension about the engagement. B. Developing questionnaires. B. It involves the engagement client’s supervisory personnel in the C. Determining the largest risk of financial statement misstatement. engagement. D. All of the answers are appropriate techniques. C. It is an uneconomical approach to obtaining information. Answer (A) is incorrect. Performing interviews allows the auditor to D. It is only useful for engagements of distant locations. explore Answer (A) is incorrect. Greater knowledge of the upcoming objectives, goals, and standards of operation, along with risks. The engagement is more interview also likely to remove some of the apprehension about the engagement. allows the auditor to gain insights into management’s style. Answer (B) is correct. Sending a memorandum and questionnaire to Answer (B) is incorrect. Questionnaires can trigger appropriate the preparation for engagement client is part of a participative approach. It helps involve the auditor’s arrival as well as give the auditor insight into the the organization’s supervisors of the engagement client’s department and thereby operations. encourages a more Answer (C) is correct. Determining potential misstatements is not collegial approach to the engagement. Obtaining the assistance of the objective of the engagement an operational audit. Additionally, a final risk analysis is developed at client in data gathering, evaluating operations, and solving problems a later time should result in the audit, not during the preliminary survey. A preliminary risk in improved relations and in more effective and efficient assessment is engagements. appropriate during this stage. Answer (C) is incorrect. Sending a memorandum and questionnaire Answer (D) is incorrect. The development and use of risk analysis to to the determine the largest risk of misstatement is not an appropriate preliminary [527] Gleim #: 6.2.14 survey Management answered “yes” to every question when filling out an technique. internal control [526] Gleim #: 6.2.13 questionnaire and stated that all listed requirements and control A well-designed internal control questionnaire should activities were part of Elicit “yes” or “no” responses rather than narrative responses and be their procedures. An internal auditor retrieved this questionnaire from organized by management department. during the preliminary survey visit but did not review the responses A. with management B. Be a sufficient source of data for assessment of control risk. while on site. The internal auditor’s supervisor should be critical of C. Help evaluate the effectiveness of internal control. the above D. Be independent of the objectives of the internal auditing procedure because engagement. Engagement information must be corroborated A. in some way. Answer (A) is incorrect. Yes/no question formats and organizing B. Internal control questionnaires cannot be relied upon. question The internal auditors were not present while the questionnaire was sequence by department may facilitate administering the being filled questionnaire, but other out. formats and methods of question organization are possible. C. Answer (B) is incorrect. The questionnaire is a tool to help D. The questionnaire was not designed to address accounting understand and operations and controls. document internal control but is not sufficient as the sole source of Answer (A) is correct. Self-assessment questionnaires provide information to indirect support the assessment of control risk. information. Because this information is provided by engagement Answer (C) is correct. An internal control questionnaire consists of a client personnel series of and not by independent sources, it must be confirmed. questions about the organization’s controls designed to prevent or Answer (B) is incorrect. The adaptability of general-purpose internal detect errors or control fraud. Answers to the questions help the internal auditor to identify questionnaires to different organizational units, personnel, and specific functional units is controls relevant to specific assertions and to design tests of controls one of their strengths. to evaluate Answer (C) is incorrect. Internal control questionnaires can be the effectiveness of their design and operation. designed so that Answer (D) is incorrect. The internal control questionnaire must be the engagement client can answer the questions without the internal designed to auditor’s achieve the engagement objectives. presence. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. An internal control questionnaire does not (720 questions) need to Copyright 2013 Gleim Publications Inc. Page 288 address accounting information to ensure integrity. Printed for Sanja Knezevic [528] Gleim #: 6.2.15 fb.com/ciaaofficial Management answered “yes” to every question when filling out an Answer (B) is incorrect. Interviews do not produce objective internal control evidence unless the questionnaire and stated that all listed requirements and control information corroborates facts already in evidence. activities were part of Answer (C) is incorrect. Interviews tend to be more costly in relation their procedures. An internal auditor retrieved this questionnaire from to the amount of management information generated. They involve more preparation and during the preliminary survey visit but did not review the responses discussion time than other with management techniques. while on site. The auditor’s supervisor is writing the performance Answer (D) is incorrect. Critical information obtained during an assessment for the interview must be auditor on this preliminary survey assignment. The supervisor cites followed up and confirmed. the need to review [529] Gleim #: 6.2.16 management’s responses on the control questionnaire. The auditor Which of the following statements indicates the wrong way to use an should have internal control interviewed management for additional information because the questionnaire? interview technique Clarifying all answers with written remarks A. and explanations. A. Provides the opportunity to insert questions to probe promising Filling out the questionnaire during an interview with the person who areas. has Is the most efficient way to upgrade the information to the level of responsibility for the area that is being reviewed. objective B. evidence. C. Constructing the questionnaire so that a “no” response requires B. attention. C. Is the least costly audit technique when a large amount of Supplementing the completed questionnaire with a narrative information is involved. description or Is the only audit procedure that does not require confirmation and flowchart. walk-through of D. the information obtained. Answer (A) is correct. Only those answers that appear inappropriate D. should be Gleim CIA Test Prep: Part 1 - Internal Audit Basics pursued by asking for clarification or explanation. In this way, (720 questions) problem areas may Copyright 2013 Gleim Publications Inc. Page 289 be pinpointed and either compensating controls identified or Printed for Sanja Knezevic extensions to the Answer (A) is correct. During face-to-face contact, a skilled engagement procedures planned. interviewer can react to Answer (B) is incorrect. Filling out the questionnaire during an potential problems and expand questioning of more relevant interview with subjects. Thus, the the person who has responsibility for the area that is being reviewed interview allows for cross-examination. Moreover, the interview is an provides an appropriate use of an internal control questionnaire. opportunity to observe body language. Answer (C) is incorrect. Constructing the questionnaire so that a “no” response requires attention is an appropriate use of an internal control Adding this control should eliminate significant engagement questionnaire. recommendations in Answer (D) is incorrect. Supplementing the completed questionnaire the coming year, so the scope of engagement activities can be with a reduced narrative description or flowchart is an appropriate use of an internal accordingly. control B. questionnaire. Engagement activity can be reduced if the vice president agrees to Gleim CIA Test Prep: Part 1 - Internal Audit Basics require the (720 questions) internal audit activity’s approval of all divisional standard operating Copyright 2013 Gleim Publications Inc. Page 290 procedures. Printed for Sanja Knezevic C. fb.com/ciaaofficial SOP questionnaires must be mailed and controlled by the internal [530] Gleim #: 6.2.17 audit activity to An internal auditing manager is conducting the annual meeting with be considered in relation to the proposed engagement schedule. manufacturing D. division management to discuss proposed engagement plans and Answer (A) is correct. A specific advantage of an SOP questionnaire activities for the next is that it year. After some discussion about the past year’s activity at 12 plants may be used by local management to periodically ensure that in the division, employee practices the divisional vice president agrees that all significant remain current with relevant, valid, and up-to-date standard operating recommendations made by the procedures. internal auditing staff refer to key controls and related operating The overall level of control and the control environment improve activities that are when follow-up correctly described for local management within the volume of activities are performed to determine that controls are being standard operating implemented as procedures for the division. The vice president proposes to transcribe intended. key control Answer (B) is incorrect. SOP questionnaires have no effect on activities from the division’s extensive written procedures to a self- inherent risk, and assessment the internal auditors have no information that such a control will be standard operating procedure (SOP) questionnaire. What effective. significance should the Answer (C) is incorrect. Standard operating procedures, as internal auditing manager attach to such SOP questionnaires in described, provide relation to the directive controls that appear to be adequate. Approval by the proposed engagement schedule for the next year? internal audit The SOP questionnaires should improve control adequacy, but the activity does not affect the operation of these controls. internal Answer (D) is incorrect. Control of SOP questionnaires by the auditors need to verify that controls are working as documented in internal audit the SOP. activity does not affect the information obtained. Such information A. must be verified to be considered objective. [531] Gleim #: 6.2.18 auditor did not document the potential problems for further audit An auditor is considering developing a questionnaire to research investigation. The employee attitudes primary deficiency with the process is that toward control procedures. Which of the following is a criterion that The auditor failed to consider the importance of the information A. should not be offered. considered in designing the questionnaire? A questionnaire was used in a situation in which a structured Questions must be worded to ensure a valid interpretation A. by the interview should respondents. have been used. Questions must be reliably worded so that they measure what was B. intended to be C. Questionnaires do not allow for opportunities to document other measured. information. B. D. All of the answers are correct. C. The questionnaire should be short to increase the response rate. Answer (A) is correct. The major problem is that the auditor was too D. Questions should be worded such that a “No” answer indicates a oriented to problem. the questionnaire and failed to give appropriate consideration to the Gleim CIA Test Prep: Part 1 - Internal Audit Basics other (720 questions) information offered. Questionnaires are limited, and the auditor Copyright 2013 Gleim Publications Inc. Page 291 needs to be Printed for Sanja Knezevic flexible enough to gather other information when it is offered. Answer (A) is incorrect. The validity and reliability of each question Answer (B) is incorrect. A questionnaire’s advantage is that it are extremely provides a important. Bias and ambiguity must be avoided. structured, comprehensive approach to evidence gathering. Answer (B) is incorrect. The validity and reliability of each question Answer (C) is incorrect. Questionnaires are limited, but the problem are extremely is with their important. Bias and ambiguity must be avoided. application, not necessarily with their nature. Answer (C) is incorrect. When questionnaires are too long, people Answer (D) is incorrect. Two of the responses are not appropriate tend not to fill conclusions. them out. [533] Gleim #: 6.2.20 Answer (D) is correct. Many types of questions can be used. Which of the following is not an advantage of sending an internal Questions can be control multiple-choice, checklists, fill-in-the-blank, essay, Likert scales, questionnaire prior to an audit engagement? items (options The engagement client can use the questionnaire for self-evaluation indicating degrees of agreement or disagreement), etc. prior to the [532] Gleim #: 6.2.19 auditor’s visit. The auditor used a questionnaire during interviews to gather A. information about the The questionnaire will help the engagement client understand the nature of claims processing. Unfortunately, the questionnaire did not scope of the cover a number engagement. of pieces of information offered by the person being interviewed. B. Consequently, the Preparing the questionnaire will help the auditor plan the scope of A questionnaire provides a framework that minimizes the possibility the engagement of and organize the information to be gathered. overlooking aspects of internal control. C. A. The engagement client will respond only to the questions asked, A questionnaire can be B. easily completed. without C. A questionnaire is flexible in design and application. volunteering additional information. The completed questionnaire provides documentation that the D. internal auditor Gleim CIA Test Prep: Part 1 - Internal Audit Basics become familiar with internal control. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 292 Answer (A) is incorrect. A questionnaire provides a framework to Printed for Sanja Knezevic assure that fb.com/ciaaofficial control concerns are not overlooked. Answer (A) is incorrect. Answering the questionnaire will help the Answer (B) is incorrect. A questionnaire is relatively easy to engagement client complete. For the identify areas where procedures are weak or not properly most part, only yes/no responses are elicited from management and documented. employees. Answer (B) is incorrect. The questionnaire will communicate the Answer (C) is correct. Questionnaires are designed to be inflexible areas that the in that the auditor plans to evaluate. responses to certain questions are expected. Questionnaires are not Answer (C) is incorrect. The auditor can use the preparation of the easily adapted questionnaire to to unique situations. The approach that offers the most flexibility is a organize the information to be gathered. narrative Answer (D) is correct. An internal control questionnaire consists of a memorandum describing internal control. The next most flexible series of approach is a questions about the organization’s controls designed to prevent or flowchart. detect errors or Answer (D) is incorrect. The completed questionnaire can become fraud. Answers to the questions help the internal auditor to identify part of the specific controls working papers to document the internal auditor’s becoming familiar relevant to specific assertions and to design tests of controls to with the evaluate the engagement client’s activities, risks, and controls. effectiveness of their design and operation. However, the information [535] Gleim #: 6.2.22 obtained is Which of the following statements describes an internal control limited to that elicited by the questions asked. questionnaire? It [534] Gleim #: 6.2.21 A. Provides detailed evidence regarding the substance of the control A questionnaire consists of a series of questions relating to controls system. normally required Takes less of the engagement client’s time to complete than other to prevent or detect errors and fraud that may occur for each type of control transaction. evaluation devices. Which of the following is not an advantage of a questionnaire? B. C. Requires that the internal auditor be in attendance to properly payroll and to change pay rates? administer it. 1. D. Provides indirect evidence that might need corroboration. Are check totals reconciled to payroll register data before checks are Gleim CIA Test Prep: Part 1 - Internal Audit Basics distributed to (720 questions) employees? Copyright 2013 Gleim Publications Inc. Page 293 2. Printed for Sanja Knezevic Are the functions of preparing the payroll and distributing paychecks Answer (A) is incorrect. Questionnaires usually provide for yes/no performed responses and by different persons? therefore provide less detailed evidence than some other 3. procedures. In which phase of the engagement will the internal auditor confirm Answer (B) is incorrect. Questionnaires tend to be lengthy, and their these responses? completion is A. Planning. time-consuming. B. Identifying, analyzing, evaluating, and recording. Answer (C) is incorrect. An auditor need not be present. C. The survey. Answer (D) is correct. An internal control questionnaire consists of a D. Preliminary preparation. series of Answer (A) is incorrect. The internal auditor obtains responses to questions about the controls designed to prevent or detect errors or the internal irregularities. control questionnaire during the planning phase. These responses Answers to the questions help the internal auditor to identify specific will be internal control confirmed during the performance of the engagement. policies and procedures relevant to specific assertions and to design Answer (B) is correct. During the performance of the engagement, tests of controls to “internal evaluate the effectiveness of their design and operation. The auditors must identify, analyze, evaluate, and document sufficient questionnaire provides a information to framework to assure that specific concerns are not overlooked, but it achieve the engagement’s objectives” (Perf. Std. 2300). This process is not a sufficient includes means of understanding the entire system. Thus, the evidence confirming compliance with internal controls. An example is obtained is indirect and validating the requires corroboration by means of observation, interviews, responses to the internal control questionnaire. flowcharting, examination Answer (C) is incorrect. The planning phase includes the survey, if of documents, etc. appropriate. [536] Gleim #: 6.2.23 The survey includes becoming familiar with the activity to be As part of a payroll engagement, an internal auditor used an internal reviewed, control identifying areas for special emphasis, obtaining information for use questionnaire. Positive responses were given to each of the following in questions by the engagement performance, and determining whether further work is payroll department manager: necessary. For Is authorization by the personnel department required to make example, the survey might include seeking answers to the internal additions to the control questionnaire. relationship with the engagement client. Answer (D) is incorrect. The planning phase includes the survey [538] Gleim #: 6.3.25 (preliminary When an internal auditor is interviewing to gain information, (s)he will preparation). not be able to Gleim CIA Test Prep: Part 1 - Internal Audit Basics remember everything that was said in the interview. The most (720 questions) effective way to record Copyright 2013 Gleim Publications Inc. Page 294 interview information for later use is to Printed for Sanja Knezevic Write notes quickly, trying to write down everything in detail as it is fb.com/ciaaofficial said; then [537] Gleim #: 6.3.24 highlight important points after the meeting. When conducting interviews during the early stages of an internal A. auditing Electronically record the interview to capture everything that engagement, it is more effective to everyone says; then Ask for specific answers that A. can be quantified. type everything said into a computer for documentation. B. Ask people about their jobs. B. C. Ask surprise questions about daily procedures. Hire a professional secretary to take notes, allowing complete D. Take advantage of the fact that fear is an important part of the concentration on the engagement. interview; then delete unimportant points after the meeting. Answer (A) is incorrect. Later field work will cover information that C. can be Organize notes around topics on the interview plan and note quantified. Building rapport is more important in the early interviews. responses in the Answer (B) is correct. To improve internal auditor-client cooperation, appropriate area, reviewing the notes after the meeting to make the internal additions. auditor should, to the extent feasible, humanize the engagement D. process. For Gleim CIA Test Prep: Part 1 - Internal Audit Basics example, individuals feel more important being asked people-type (720 questions) questions, such Copyright 2013 Gleim Publications Inc. Page 295 as asking people about their jobs, rather than control-type questions. Printed for Sanja Knezevic Answer (C) is incorrect. Unless fraud is suspected or the Answer (A) is incorrect. Extensive note taking may interfere with engagement concerns communication cash or negotiable securities, the more effective approach is to with the respondent. Maintaining eye contact and observing defuse the nonverbal signals is engagement client anxiety that results from anticipating the difficult if the interviewer is preoccupied with his/her notes. engagement. Answer (B) is incorrect. Recording might be used for controversial Answer (D) is incorrect. Although engagement client fear is a material, but it natural part of usually will not elicit positive feelings from the respondent. For most anticipating the engagement, the internal auditor should keep it from organizational playing an purposes, exact quotes are unnecessary. important role by using good interpersonal skills to build a positive, Answer (C) is incorrect. Aside from cost, this option is unworkable participative given the loss of confidentiality and the probable negative reaction from the D. respondent. Answer (A) is incorrect. The internal auditor will probably miss Answer (D) is correct. Preparing for the interview is crucial. The important points internal auditor in the effort to write everything down. should have learned as much as possible about the engagement Answer (B) is incorrect. Recording the entire interview is inefficient. client, determined the Answer (C) is incorrect. This procedure would be a waste of engagement objectives, and prepared questions. During the everyone’s time, and interview, the internal the internal auditor still may not obtain the information sought. auditor should record notes on a split page, which lists the questions Answer (D) is correct. Anticipation is one approach the internal on one side and auditor can use contains space for responses on the other. After the interview, the to maintain focus during a far-ranging discussion. It assumes that the internal auditor internal should expand on the notes while the material is still fresh. auditor has done some homework and is prepared to listen [539] Gleim #: 6.3.26 intelligently. Active As part of an engagement to evaluate safety management programs, listening permits anticipation because the mind can process an internal auditor information more interviews the individual responsible for writing, issuing, and rapidly than most people speak. Thus, the listener has time to maintaining safety analyze the procedures. While the internal auditor’s primary interest is to identify information and determine what is most important. the controls Gleim CIA Test Prep: Part 1 - Internal Audit Basics ensuring that procedures are kept current, the individual has a (720 questions) tremendous amount of Copyright 2013 Gleim Publications Inc. Page 296 information and seems intent on telling the internal auditor most of it. Printed for Sanja Knezevic What might the fb.com/ciaaofficial internal auditor do to guard against missing what is important? [540] Gleim #: 6.3.27 Write down everything the individual says. If the internal auditor gets To elicit views on broad organizational risks and objectives from the behind, ask board and senior for a pause and catch up. After the interview, the internal auditor can management, an internal auditor should sift through List specific risk factors A. for consideration. the notes and be confident of finding the key information. B. Develop spreadsheets with quantitative data relevant to the A. industry. Tape record the interview and later extract the relevant B. C. Use a nondirective approach to initiating discussion of mitigating information. risks. Do not sort through extraneous information. Revisit the topic with the Ask each member of management about specific risks listed in an individual’s industry supervisor and obtain any needed information at that time. reference. C. D. During the conversation, make an effort to anticipate the approach of Answer (A) is incorrect. Although such factors may be relevant, they a point of will not critical interest. necessarily create an opportunity for management to brainstorm. Answer (B) is incorrect. Facts provide more of a teaching tool than a Answer (D) is incorrect. Only paraphrasing relates to feedback. proper [542] Gleim #: 6.3.29 means to start relevant discussion. Auditors must be effective listeners, especially when asking complex Answer (C) is correct. Effective interview planning includes questions. To formulating basic improve their listening, auditors should take care to do all the questions. An internal auditor may use a directive approach by following except asking narrowly A. Stop talking. It is very difficult to listen and talk at the same time. focused questions. A preferable alternative given the interviewees B. Be patient. Allow the speaker ample time to respond. and the subject C. Avoid all questions until the speaker has concluded. matter is a nondirective approach using broad questions that are D. Put the speaker at ease. A nervous speaker will be difficult to more likely to understand. provide clarification and yield unexpected observations. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Although an industry reference may raise (720 questions) many valid Copyright 2013 Gleim Publications Inc. Page 297 points, it may not address concerns specific to the organization. Printed for Sanja Knezevic [541] Gleim #: 6.3.28 Answer (A) is incorrect. Listening tends to be more difficult than Tolerating silence, asking open-ended questions, and paraphrasing talking. Most people are three aids to prefer to express their own ideas rather than listen. more effective Answer (B) is incorrect. A good listener does not interrupt and A. Meetings. makes smooth B. Listening. transitions between listening and speaking. C. Interviews. Answer (C) is correct. Questions asked at appropriate times during D. Feedback. the interview can Answer (A) is incorrect. These methods may slow down a meeting. indicate that the interviewer is listening attentively. When done Answer (B) is correct. Listening entails decoding and understanding correctly, this also the first allows the interviewer to probe deeper when additional clarification is message sent. The sender then becomes a listener with respect to needed. the feedback. Answer (D) is incorrect. Making eye contact and using other Hence, listening is necessary at both ends of the communication appropriate nonverbal channel. Other cues characteristic of attentive listening will tend to put the speaker aids to effective listening are using body language to encourage the at ease and speaker, enhance the communication process. showing appropriate emotion to signify empathy, understanding and [543] Gleim #: 6.3.30 correcting for Listening effectiveness is best increased by one’s biases, avoiding making premature judgments, and briefly Resisting both internal and external A. distractions. summarizing B. Waiting to review key concepts until the speaker is through what has been said. talking. Answer (C) is incorrect. These methods may or may not help C. Tuning out messages that do not seem to fit the meeting purpose. depending on the D. Factoring in biases to evaluate the information being given. purpose of the interview. Answer (A) is correct. Concentrating on what the speaker is saying D. is critical to Gleim CIA Test Prep: Part 1 - Internal Audit Basics effective listening. This result is best achieved by resisting internal (720 questions) and external Copyright 2013 Gleim Publications Inc. Page 298 distractions. Physical distractions such as noise, a tendency to be Printed for Sanja Knezevic overly aware of fb.com/ciaaofficial the speaker’s physical and other differences from the listener, Answer (A) is incorrect. Planning a reply before the speaker has focusing on finished may cause interesting details at the expense of major points, or emotional the listener to miss an important point or make an unfounded reactions to a assumption. Thinking statement with which the listener disagrees should be avoided. about a reply is not listening. Answer (B) is incorrect. Given that a person listens faster than a Answer (B) is incorrect. The nonverbal messages are not always speaker talks, more important. (s)he can review the key concepts silently without waiting for the Answer (C) is incorrect. An effective listener tries to remember the speaker to important points. conclude. This process helps the listener remember them better Being distracted by interesting details is a mistake because of the without notes. danger of missing Answer (C) is incorrect. Seemingly unrelated information may be critical information. important. Answer (D) is correct. The mind can process information more Answer (D) is incorrect. The listener should concentrate on the rapidly than most information while people speak. Thus, the listener has time to analyze the information listening. Later, that person can allow for bias on both the listener’s and determine part and the what is most important and how it relates to known information. This speaker’s part. process of active [544] Gleim #: 6.3.31 listening helps the interviewer maintain focus. An internal auditor is interviewing an employee. While listening to the [545] Gleim #: 6.3.32 interviewee, A supportive behavior that a listener, such as an auditor or a the internal auditor should supervisor, can use to A. Prepare a response to the interviewee. encourage a speaker is to Take mental notes on the speaker’s nonverbal communication Look away from the speaker to avoid A. any intimidation. because it is more B. Interject a similar incident or experience. important than what is being said. C. Stop other activity or work while the person is talking. B. D. Not respond verbally until the speaker stops talking. Make sure all details, as well as the main ideas of the interviewee, Answer (A) is incorrect. Looking away is discouraging. are Answer (B) is incorrect. Interruptions devalue the speaker and the remembered. speaker’s C. message. Integrate the incoming information from the interviewee with Answer (C) is correct. An effective listener enhances the information that is communication process already known. by sending appropriate nonverbal signals to the speaker. Thus, even Internal auditors should be active listeners to gain the most though a information in an internal person can probably listen and do some routine work, a listener who audit interview. Which of the following best describes how an active wishes to listener behaves convey a positive and encouraging message should stop other in an interview? The listener activities and focus Judges and evaluates the information A. as it is presented. complete attention on the speaker. B. Listens with acceptance, empathy, and intensity. Answer (D) is incorrect. Complete silence may appear disapproving. C. Avoids looking directly at the speaker and interrupting his or her [546] Gleim #: 6.3.33 train of thought. When evaluating communication, the internal auditor should be Formulates arguments and conclusions as pieces of the speaker’s aware that nonverbal information fit communication together. A. Is independent of a person’s cultural background. D. B. Is often imprecise. Answer (A) is incorrect. Good listeners are objective, not C. Always conveys a more truthful response than verbal judgmental. communication. Answer (B) is correct. Active listening involves acceptance of the D. Always conveys less information than verbal communication. speaker’s Answer (A) is incorrect. Nonverbal communication is heavily ideas, that is, deferring judgment until the speaker has finished. influenced by Empathy is a culture. For example, a nod of the head may have opposite sensitive awareness of the speaker’s feelings, thoughts, and meanings in different experience. An cultures. empathic listener understands what the speaker wants to Answer (B) is correct. Nonverbal communication (body language) communicate rather than consists of what the listener wants to understand. Listening with intensity facial expressions, vocal intonations, posture, gestures, appearance, involves and physical concentrating on the speaker’s message and disregarding distance. Thus, by its nature, nonverbal communication is much less distractions. An active precise than listener also is responsible for completeness. (S)he considers verbal communication. nonverbal and Answer (C) is incorrect. Nonverbal communication is not necessarily emotional content and asks questions to clarify the communication. more Answer (C) is incorrect. A good listener makes eye contact. truthful than verbal communication. Answer (D) is incorrect. Formulating arguments and conclusions Answer (D) is incorrect. Nonverbal communication can sometimes before the convey more speaker has finished is the antithesis of acceptance. information than verbal communication. [548] Gleim #: 6.4.35 Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditor must weigh the cost of an engagement procedure (720 questions) against the Copyright 2013 Gleim Publications Inc. Page 299 persuasiveness of the evidence to be gathered. Observation is one Printed for Sanja Knezevic engagement [547] Gleim #: 6.3.34 procedure that involves cost-benefit trade-offs. Which of the following the existence or occurrence assertion (whether assets or liabilities statements exist and whether regarding observation as an engagement technique is (are) true? transactions have occurred) than for the completeness assertion Observation is limited because individuals may react differently when (whether all being transactions that should be reported are reported). observed. Answer (D) is incorrect. Observation is more persuasive for the I. existence assertion When testing financial statement balances, observation is more than for the completeness assertion. persuasive for the [549] Gleim #: 6.4.36 completeness assertion than it is for the existence assertion. An internal auditing team has been assigned to review “the customer II. satisfaction Observation is effective in providing information about how the measurement system” that the Industrial Products Division organization’s implemented 2 years ago. processes differ from those specified by written policies. This system consists of an annual mail survey conducted by the III. division’s customer A. I only. service office. A survey is sent to 100 purchasing departments B. II only. randomly selected from C. I and III only. all customers who made purchases in the prior 12 months. The D. I, II, and III. survey is three pages Gleim CIA Test Prep: Part 1 - Internal Audit Basics long, and its 30 questions use a mixture of response modes (e.g., (720 questions) some questions are Copyright 2013 Gleim Publications Inc. Page 300 open-ended, some are multiple-choice, and others use a response Printed for Sanja Knezevic scale). The customer fb.com/ciaaofficial service office mails the survey in September and tabulates the Answer (A) is incorrect. Observation also is effective for determining results for whether written questionnaires returned by October 15. Only one mailing is sent. If policies have been put into practice. the customer does Answer (B) is incorrect. Observation is more persuasive for the not return the questionnaire, no follow-up is conducted. When the existence assertion survey was last than for the completeness assertion. conducted, 45 of the questionnaires were not returned. Nonresponse Answer (C) is correct. Observation consists of watching the physical bias is often a activities of the concern in conducting mail surveys. The main reason that employees in the organization to see how they perform their duties. nonresponse bias can cause The internal difficulties in a sample such as the one taken by the customer auditor can determine whether written policies have been put into service office is that practice. The sample means and standard errors are A. harder to compute. Observation is limited because employees who know they are being B. Those who did not respond may be systematically different from observed may those who did. behave differently while being observed. Moreover, observation is C. The questionnaire is too short. more persuasive for D. Confidence intervals are narrower. Answer (A) is incorrect. Formulas are as easy to use with bad data an advantage of face-to-face interviews over mail surveys? as with good The response rate is A. typically higher. data. B. Interviewers can increase a respondent’s comprehension of Answer (B) is correct. The sample will not be truly random if questions. respondents as a C. Survey designers can use a wider variety of types of questions. group differ from nonrespondents. Thus, people may choose not to D. They are less expensive because mailing costs are avoided. respond for Answer (A) is incorrect. Mail surveys often have low response rates. reasons related to the purpose of the questionnaire. Answer (B) is incorrect. The interviewer’s ability to interpret Answer (C) is incorrect. Longer questionnaires increase responses and nonresponse bias. rephrase questions increases response quality. Answer (D) is incorrect. Nonresponse decreases sample size, so Answer (C) is incorrect. Audiovisual aids, complex sequences, and confidence other intervals would be wider rather than narrower. varieties of questions are made possible by the interactive nature of Gleim CIA Test Prep: Part 1 - Internal Audit Basics interviews. (720 questions) Answer (D) is correct. One of the principal advantages of mail Copyright 2013 Gleim Publications Inc. Page 301 surveys is their Printed for Sanja Knezevic cost efficiency. Mailing costs are lower than the costs of telephone [550] Gleim #: 6.4.37 interviews and An internal auditing team has been assigned to review “the customer still lower than the costs of face-to-face interviews. satisfaction Gleim CIA Test Prep: Part 1 - Internal Audit Basics measurement system” that the Industrial Products Division (720 questions) implemented 2 years ago. Copyright 2013 Gleim Publications Inc. Page 302 This system consists of an annual mail survey conducted by the Printed for Sanja Knezevic division’s customer fb.com/ciaaofficial service office. A survey is sent to 100 purchasing departments [551] Gleim #: 6.4.38 randomly selected from An internal auditing team has been assigned to review “the customer all customers who made purchases in the prior 12 months. The satisfaction survey is three pages measurement system” that the Industrial Products Division long, and its 30 questions use a mixture of response modes (e.g., implemented 2 years ago. some questions are This system consists of an annual mail survey conducted by the open-ended, some are multiple-choice, and others use a response division’s customer scale). The customer service office. A survey is sent to 100 purchasing departments service office mails the survey in September and tabulates the randomly selected from results for all customers who made purchases in the prior 12 months. The questionnaires returned by October 15. Only one mailing is sent. If survey is three pages the customer does long, and its 30 questions use a mixture of response modes (e.g., not return the questionnaire, no follow-up is conducted. When the some questions are survey was last open-ended, some are multiple-choice, and others use a response conducted, 45 of the questionnaires were not returned. Which of the scale). The customer following is not service office mails the survey in September and tabulates the are reading the questionnaire. results for Answer (D) is incorrect. Questionnaire variations cannot make it questionnaires returned by October 15. Only one mailing is sent. If possible to get the customer does information about more than one population parameter using the not return the questionnaire, no follow-up is conducted. When the same questions. survey was last Gleim CIA Test Prep: Part 1 - Internal Audit Basics conducted, 45 of the questionnaires were not returned. Many (720 questions) questionnaires are made Copyright 2013 Gleim Publications Inc. Page 303 up of a series of different questions that use the same response Printed for Sanja Knezevic categories (e.g., [552] Gleim #: 6.4.39 strongly agree, agree, neither, disagree, strongly disagree). Some An internal auditing team has been assigned to review “the customer designs will have satisfaction different groups of respondents answer alternative versions of the measurement system” that the Industrial Products Division questionnaire that implemented 2 years ago. present the questions in different orders and reverse the orientation This system consists of an annual mail survey conducted by the of the endpoints of division’s customer the scale (e.g., agree on the right and disagree on the left or vice service office. A survey is sent to 100 purchasing departments versa). The purpose of randomly selected from such questionnaire variations is to all customers who made purchases in the prior 12 months. The Eliminate intentional A. misrepresentations. survey is three pages B. Reduce the effects of pattern response tendencies. long, and its 30 questions use a mixture of response modes (e.g., C. Test whether respondents are reading the questionnaire. some questions are Make it possible to get information about more than one population open-ended, some are multiple-choice, and others use a response parameter scale). The customer using the same questions. service office mails the survey in September and tabulates the D. results for Answer (A) is incorrect. Questionnaire variations cannot eliminate questionnaires returned by October 15. Only one mailing is sent. If intentional the customer does misrepresentations. not return the questionnaire, no follow-up is conducted. When the Answer (B) is correct. The sequence and format of questions have survey was last many known conducted, 45 of the questionnaires were not returned. Several of effects. For example, questions should be in a logical order, and the internal auditing personal team members are concerned about the low response rate, the poor questions should be asked last because of the emotions they may quality of the evoke. One questionnaire design, and the potentially biased wording of some of method for reducing these effects is to use questionnaire variations the questions. that cause They suggest that the customer service office might want to these biases to average out across the sample. supplement the survey Answer (C) is incorrect. Questionnaire variations cannot test with some unobtrusive data collection such as observing customer whether respondents interactions in the office or collecting audiotapes of phone conversations with C. Unobtrusive measures or observations. customers. Which of the D. Rating scales. following is not a potential advantage of unobtrusive data collection Gleim CIA Test Prep: Part 1 - Internal Audit Basics compared to (720 questions) surveys or interviews? Copyright 2013 Gleim Publications Inc. Page 304 Interactions with customers can be observed as they occur in their A. Printed for Sanja Knezevic natural setting. fb.com/ciaaofficial B. It is easier to make precise measurements of the variables under Answer (A) is incorrect. Trend analysis extrapolates past and study. current conditions. C. Unexpected or unusual events are more likely to be observed. Answer (B) is incorrect. Ratio analysis considers the internal D. People are less likely to alter their behavior because they are relationships of financial being studied. data. Answer (A) is incorrect. Observing the phenomenon in its natural Answer (C) is incorrect. Use of rating scales requires the participant setting to participate eliminates some aspects of experimental bias. actively. Thus, it is not unobtrusive. Answer (B) is correct. Lack of experimental control and Answer (D) is correct. A rating scale may be used when a range of measurement precision opinions is are weaknesses of observational research. Another is that some expected. The scale represents a continuum of responses. In this things, such as case, it reflects private behavior, attitudes, feelings, and motives, cannot be probability statements. observed. [554] Gleim #: 6.4.41 Answer (C) is incorrect. The possibility of observing unexpected or Which of the following procedures is the least effective in gathering unusual information about behavior makes unobtrusive measures useful for exploratory the nature of the processing and potential problems? investigations. Interview supervisors in the claims department to find out more about Answer (D) is incorrect. If research subjects are unaware of being the studied, they procedures used, and the rationale for the procedures, and obtain are less likely to do what they think the researcher wants, censor their their comments, observations about the nature and efficiency of processing. etc. A. [553] Gleim #: 6.4.40 Send an email message to all clerical personnel detailing the alleged An internal auditing team developed a preliminary questionnaire with problems and the following request them to respond. response choices: B. I. Probably not a problem Interview selected clerical employees in the claims department to II. Possibly a problem find out more III. Probably a problem about the procedures used, and the rationale for the procedures, and The questionnaire illustrates the use of obtain their A. Trend analysis. observations about the nature and efficiency of processing. B. Ratio analysis. C. Distribute a questionnaire to gain a greater understanding of the Checklists used to assess risk have been criticized for all of the responsibilities following reasons for claims processing and the control procedures utilized. except D. Providing a false sense of security that all relevant factors A. are Answer (A) is incorrect. Interviewing supervisors and employees is addressed. a good B. Inappropriately implying equal weight to each item on the method of learning more about the nature of processing and checklist. soliciting input as to C. Decreasing the uniformity of data acquisition. the potential causes of the problems being investigated. These Being incapable of translating the experience or sound reasoning individuals are intended to be intimately involved with the processing of transactions. captured by each item on the checklist. Answer (B) is correct. Sending an email message to clerical staff is D. the least Answer (A) is incorrect. A checklist may omit factors the importance effective communication and information-gathering technique. It is of which impersonal could not be foreseen. and alleges inefficiencies before evidence has indicated that the Answer (B) is incorrect. Each item will not be of equal significance. problems are Answer (C) is correct. Checklists increase the uniformity of data caused by inefficiencies in processing. This impersonal method acquisition. might have been They ensure that a standard approach to assessing risk is taken and useful if the auditor wished to solicit open responses, but not enough minimize the guidance is possibility of omitting consideration of factors that can be anticipated. given to encourage that kind of response. Answer (D) is incorrect. A checklist does not substitute for the Answer (C) is incorrect. Interviewing supervisors and employees is sound a good professional judgment needed to understand the process of method of learning more about the nature of processing and assessing risk. soliciting input as to [556] Gleim #: 6.5.43 the potential causes of the problems being investigated. These The chief audit executive was reviewing recent reports that had individuals are recommended intimately involved with the processing of transactions. additional engagements because of risk exposures to the Answer (D) is incorrect. Using a questionnaire is a procedure that is organization. Which of the not as following represents the greatest risk and should be the next effective as interviewing individuals, but it is an efficient method of assignment? gathering A. Three prenumbered receiving reports were missing. preliminary information that would be useful in structuring the B. There were several purchase orders issued without purchase interviews. requisitions. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Payment had been made for routine inventory items without a (720 questions) purchase order or Copyright 2013 Gleim Publications Inc. Page 305 receiving report. Printed for Sanja Knezevic C. [555] Gleim #: 6.4.42 D. Several times cash receipts had been held over an extra day engagement work program. before depositing. D. Answer (A) is incorrect. The absence of a receiving report or Answer (A) is incorrect. Testing of the control will be performed purchase requisition during the field will prevent payment if disbursements are properly controlled. work phase of the engagement. Answer (B) is incorrect. Certain routine purchases may not require Answer (B) is incorrect. There is no need to report the potential requisitions. defect. Testing is Answer (C) is correct. Payment vouchers for merchandise should be needed before reporting the defect to management. supported by Answer (C) is incorrect. A separate engagement is not needed. (1) a properly authorized purchase requisition, (2) a purchase order Answer (D) is correct. One purpose of the risk assessment is to executing the highlight areas transaction, (3) a receiving report indicating all goods ordered have that should be addressed during the engagement. A potentially major been received control in good condition, and (4) a vendor invoice confirming the amount deficiency is a significant area warranting special emphasis and owed. Lack of should be noted to such support for cash payments suggests a high risk of fraud. ensure the needed coverage in the engagement work program. Answer (D) is incorrect. Assuming other controls are in place, the [558] Gleim #: 6.5.45 extent of the Data-gathering activities such as interviewing operating personnel, risk is the loss of 1 day’s receipts. identifying Gleim CIA Test Prep: Part 1 - Internal Audit Basics standards to be used to evaluate performance, and assessing risks (720 questions) inherent in a Copyright 2013 Gleim Publications Inc. Page 306 department’s operations are typically performed in which phase of an Printed for Sanja Knezevic audit fb.com/ciaaofficial engagement? [557] Gleim #: 6.5.44 A. Field work. During a preliminary survey of the accounts receivable function, an B. Preliminary survey. internal auditor C. Engagement program development. discovered a potentially major control deficiency while preparing a D. Examination and evaluation of evidence. flowchart. What Answer (A) is incorrect. The preliminary survey must be performed immediate action should the internal auditor take regarding the before the weakness? field work can be undertaken. Perform sufficient testing to determine its A. cause and effect. Answer (B) is correct. Internal auditors must conduct a preliminary B. Report it to the level of management responsible for corrective assessment of action. the risks relevant to the activity under review. Engagement objectives Schedule a separate engagement to evaluate that segment of the must reflect accounts the results of this assessment (Impl. Std. 2210.A1). Moreover, receivable function. planning should C. include performing, as appropriate, a survey to (1) become familiar Highlight the weakness to ensure that procedures to test it are with the included in the activities, risks, and controls to identify areas for engagement measurable. Objective information is such that it can be supported by emphasis and facts or (2) invite comments and suggestions from engagement clients (PA numbers. Subjective information is a judgment and may be 2210.A1-1, interpreted differently para. 3). Thus, among many other things, a survey should include by different people. discussions with Answer (B) is incorrect. The auditor’s assessment of management the engagement client (e.g., interviews with operating personnel) and responses is a documenting key control activities (including identifying performance professional judgment. standards). Answer (C) is incorrect. The business forecast is not a fact. Answer (C) is incorrect. The preliminary survey must be performed Answer (D) is incorrect. The evaluation of internal control is based before the on engagement program can be developed. professional judgment. Information based on judgment is subjective. Answer (D) is incorrect. The preliminary survey must be performed [560] Gleim #: 6.5.47 before the Levels of production stoppages over the past year at a large evidence can be examined or evaluated. laminating business were Gleim CIA Test Prep: Part 1 - Internal Audit Basics abnormally high due to machine malfunctions. Would it be (720 questions) appropriate for the internal Copyright 2013 Gleim Publications Inc. Page 307 auditing function to develop a survey examining attitudes toward line Printed for Sanja Knezevic operations, [559] Gleim #: 6.5.46 rotation of work zones, training, maintenance schedule, etc., for the Internal auditors must make a preliminary assessment of risks when machine operators conducting an to complete? assurance engagement. This assessment may involve quantitative A. Yes, the survey is reliable without corroboration. (objective) and B. Yes, the examined areas are relevant to the malfunctions. subjective factors. The least subjective factor is C. No, the examined areas are irrelevant to the malfunctions. The organization’s recognized losses A. on derivatives. D. No, the survey is inappropriate without corroboration. B. The auditor’s assessment of management responses. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Changes in the auditee’s business forecast. (720 questions) D. The evaluation of internal control. Copyright 2013 Gleim Publications Inc. Page 308 Answer (A) is correct. In planning the engagement, internal auditors Printed for Sanja Knezevic must fb.com/ciaaofficial consider the significant risks and the means by which the potential Answer (A) is incorrect. Reliability without corroboration is not the impact of risk reason why the is kept to an acceptable level (Perf. Std. 2201). Risk factors have use of the survey is appropriate. The auditors should keep in mind differing degrees the potential need to of objectivity. The most objective (least subjective) factors are facts. corroborate the information before making any final assessment. The Answer (B) is correct. Internal auditors must conduct a preliminary organization’s losses on derivatives are facts and therefore objective assessment of the to the extent risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment (Impl. Std. 2210.A1). If appropriate, Answer (A) is incorrect. The risk of material misstatement in internal auditors financial statement conduct a survey to (1) become familiar with the activities, risks, and assertions is just one adverse effect that can result from unmitigated controls to risk. identify areas for engagement emphasis and (2) invite comments Answer (B) is correct. Risk is the possibility that an event having an and suggestions from impact on engagement clients (PA 2210.A1-1, para. 3). The survey is the achievement of objectives will occur. Risk is measured in terms appropriate as a means to of impact and conduct a preliminary assessment because the examined areas are likelihood (The IIA Glossary). relevant. The Answer (C) is incorrect. The failure to adhere to organizational auditors should keep in mind the potential need to corroborate the policies, plans, information before and procedures or to comply with relevant laws and regulations is making any final assessment, but this does not prevent use of the just one type of survey. adverse effect that can result from unmitigated risk. Answer (C) is incorrect. The examined areas are relevant to the Answer (D) is incorrect. The failure to accomplish established malfunctions. objectives and Answer (D) is incorrect. The need for corroboration will be goals for operations or programs is just one type of adverse effect determined after the that can result survey is completed. The possible need for corroboration does not from unmitigated risk. preclude the use of Gleim CIA Test Prep: Part 1 - Internal Audit Basics the survey. (720 questions) [561] Gleim #: 6.5.48 Copyright 2013 Gleim Publications Inc. Page 309 In planning an engagement, the internal auditor establishes Printed for Sanja Knezevic objectives to address the [562] Gleim #: 6.5.49 risk associated with the activity. Risk is the Which of the following activities represents the greatest risk to a Possibility that the balance or class of transactions and related post-merger assertions contains manufacturing organization and is therefore most likely to be the misstatements that could be material to the financial statements. subject of an internal A. audit engagement? Uncertainty of the occurrence of an event that could affect the Combining A. imprest funds. achievement of B. Combining purchasing functions. objectives. C. Combining legal functions. B. D. Combining marketing functions. Failure to adhere to organizational policies, plans, and procedures or Answer (A) is incorrect. Imprest funds are typically immaterial in to comply amount. with relevant laws and regulations. Answer (B) is correct. Purchasing functions ordinarily represent the C. greatest Failure to accomplish established objectives and goals for operations exposure to loss of the items listed and are therefore most likely to D. or programs. be evaluated. The financial exposure in the purchasing function is ordinarily greater A. Asking the console operator to print every item that costs more than in, for than US $100. example, the legal and marketing functions. After a merger, risk is B. Using a generalized audit software package. heightened C. Obtaining a printout of the entire file and then selecting each nth because of the difficulty of combining the systems of the two item. organizations. Thus, D. Using the systems department’s programmer to write an the likelihood of an engagement is increased. extraction program. Answer (C) is incorrect. Legal functions do not typically represent a Gleim CIA Test Prep: Part 1 - Internal Audit Basics risk of loss (720 questions) as great as the purchasing functions. Copyright 2013 Gleim Publications Inc. Page 310 Answer (D) is incorrect. Marketing functions do not typically Printed for Sanja Knezevic represent a risk of fb.com/ciaaofficial loss as great as the purchasing functions. Answer (A) is incorrect. Independence is jeopardized when an [563] Gleim #: 6.6.50 operator is involved in An auditor is least likely to use computer software to the process. A. Construct parallel simulations. Answer (B) is correct. Independence can be preserved when the B. Access client data files. auditor acquires C. Prepare spreadsheets. general audit software (GAS) from an external source rather than D. Assess computer control risk. relying on auditeedeveloped Answer (A) is incorrect. Parallel simulation involves using an audit software. Also, efficiency is enhanced to the extent GAS can be auditor’s program used to reproduce the logic of management’s program. (as compared to manual auditing or writing special audit programs). Answer (B) is incorrect. Computer software makes accessing The leading GAS company files packages are currently ACL and IDEA. much faster and easier. Answer (C) is incorrect. Printing out the entire file is both Answer (C) is incorrect. Many audit spreadsheet programs are unnecessary and inefficient. available. Answer (D) is incorrect. Overreliance on an auditee’s programmer Answer (D) is correct. The auditor is required to evaluate the impairs adequacy and independence. effectiveness of the system of internal control and to assess risk to [565] Gleim #: 6.6.52 plan the audit. Which of the following cannot be performed by an auditor using This assessment is a matter of professional judgment that cannot be generalized audit accomplished software (GAS)? with a computer alone. Identifying missing A. check numbers. [564] Gleim #: 6.6.51 B. Correcting erroneous data elements, making them suitable for When an auditor performs tests on a computerized inventory file audit testwork. containing over C. Matching identical product information in separate data files. 20,000 line items, that auditor can maintain independence and D. Aging accounts receivable. perform most Answer (A) is incorrect. Identifying gaps is a function of major GAS efficiently by packages. Answer (B) is correct. GAS can help an auditor identify erroneous Substantiate the accuracy of data through self-checking digits A. and data, but hash totals. correcting them before performing testwork is inappropriate. B. Reduce the level of required tests of controls to a relatively small Answer (C) is incorrect. Merging files is a function of GAS amount. packages. Access information stored on computer files without a complete Answer (D) is incorrect. Aging is a function of GAS packages. understanding of [566] Gleim #: 6.6.53 the client’s hardware and software features. Which of the following is not true about audit use of the Internet? C. A. It is a useful research tool for gathering audit-related information. Consider increasing the use of substantive tests of transactions in B. It provides a secure medium to transmit confidential information. place of C. Electronic communication is the major use of the Internet by analytical procedures. internal auditors. D. D. An electronic record of a user’s web browsing activities is created. Answer (A) is incorrect. Self-checking digits and hash totals are Answer (A) is incorrect. The Internet is a useful audit tool for application gathering and controls used by clients. disseminating audit-related information. Answer (B) is incorrect. GAS may permit far more comprehensive Answer (B) is correct. Users transmitting sensitive information tests of across the Internet controls than in a manual audit. must understand the threats that arise that could compromise the Answer (C) is correct. A detailed knowledge of the client’s system is confidentiality of unnecessary the data. Security measures, such as encryption technology, need to because a generalized audit software package is designed to be taken to process data files ensure that the information is viewed only by those authorized to from almost any platform. The leading packages are currently ACL view it. (Audit Answer (C) is incorrect. The major use of the Internet by internal Command Language) and IDEA (Interactive Data Extraction and auditors is Analysis). electronic communication. Answer (D) is incorrect. The auditor is required to apply analytical Answer (D) is incorrect. Web browsing leaves an electronic record procedures in of the user’s the planning and overall review phases of the audit. search path. [568] Gleim #: 6.6.55 Gleim CIA Test Prep: Part 1 - Internal Audit Basics Which of the following strategies will an auditor most likely consider (720 questions) in auditing an Copyright 2013 Gleim Publications Inc. Page 311 entity that processes most of its financial data only in electronic form, Printed for Sanja Knezevic such as a [567] Gleim #: 6.6.54 paperless system? A primary advantage of using generalized audit software (GAS) Continuous monitoring and analysis of transaction processing with packages in auditing an embedded the financial statements of a client that uses a computer system is audit module. that the auditor may A. Increased reliance on internal control activities that emphasize the embedded audit modules? segregation of Embedded audit modules cannot be protected from A. computer duties. viruses. B. Auditors are required to monitor embedded audit modules Verification of encrypted digital certificates used to monitor the continuously to obtain authorization of valid results. transactions. B. C. C. Embedded audit modules can easily be modified through Extensive testing of firewall boundaries that restrict the recording of management tampering. outside Auditors are required to be involved in the system design of the network traffic. application to be D. monitored. Answer (A) is correct. An audit module embedded in the client’s D. software Answer (A) is incorrect. Embedded audit modules are no more routinely selects and abstracts certain transactions. They may be vulnerable to tagged and traced computer viruses than any other software. through the information system. An alternative is recording in an Answer (B) is incorrect. The advantage of embedded audit modules audit log, that is, is that in a file accessible only by the auditor. auditors are not required to monitor them continuously to obtain valid Answer (B) is incorrect. The same level of segregation of duties as results. in a manual Answer (C) is incorrect. Embedded audit modules cannot be easily system is not feasible in highly sophisticated computer systems. modified Answer (C) is incorrect. Encrypted digital signatures help ensure the through management tampering. authenticity Answer (D) is correct. Continuous monitoring and analysis of of the sender of information, but verifying them is a less pervasive transaction and significant processing can be achieved with an embedded audit module. To be procedure than continuous monitoring of transactions. successful, the Answer (D) is incorrect. Firewalls exclude unauthorized activity from internal auditor may need to be involved in the design of the entering a application. system; however, such activity would be independent of the internal Designing the system may impair independence unless the client processing of makes all financial information. management decisions. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [570] Gleim #: 6.6.57 (720 questions) If a financial institution overstated revenue by charging too much of Copyright 2013 Gleim Publications Inc. Page 312 each loan Printed for Sanja Knezevic payment to interest income and too little to repayment of principal, fb.com/ciaaofficial which of the [569] Gleim #: 6.6.56 following audit procedures would be least likely to detect the error? Which of the following is the primary reason that many auditors Performing an analytical review by comparing interest income this hesitate to use period as a percentage of the loan portfolio with the interest income percentage processes a set of valid and invalid transactions using the client’s for the prior application period. programs. Based on the understanding of the programmed controls, A. the auditor has an Using an integrated test facility (ITF) and submitting interest expectation of the results of the processing. The auditor can payments for various determine if the client’s loans in the ITF portfolio to determine if they are recorded correctly. controls are working effectively to reject and report invalid and B. questionable Using test data and submitting interest payments for various loans in transactions. the test Answer (D) is incorrect. Using GAS is the most effective procedure. portfolio to determine if they are recorded correctly. The auditor is C. taking a detailed sample of actual transactions. Using generalized audit software to select a random sample of loan [571] Gleim #: 6.6.58 payments What computer-assisted audit technique (CAAT) would an auditor made during the period, calculating the correct posting amounts, and use to identify a tracing the fictitious or terminated employee? postings that were made to the various accounts. Parallel simulation of payroll A. calculations. D. B. Exception testing for payroll deductions. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Recalculations of net pay. (720 questions) D. Tagging and tracing of payroll tax-rate changes. Copyright 2013 Gleim Publications Inc. Page 313 Answer (A) is incorrect. In a parallel simulation, data that were Printed for Sanja Knezevic processed by the Answer (A) is correct. Analytical review is the least effective engagement client’s system are reprocessed through the auditor’s procedure. It provides program to only a comparison with the prior period when the same error may determine whether the output obtained matches the output have been made. generated by the Moreover, it is a global test that does not isolate the cause of a client’s system. This technique might identify problems with the suspected misstatement. client’s Answer (B) is incorrect. The concern is whether the interest rate processing but would not identify a fictitious or terminated employee. calculation is made Answer (B) is correct. Exception testing for payroll deductions is a correctly. Using an ITF, the auditor creates a test record within the type of CAAT client’s actual that can identify employees who have no deductions. This is system. Fictitious transactions affecting the test record along with important because actual transactions fictitious or terminated employees will generally not have any are processed. Client operating personnel need not be aware of the deductions. testing process. Answer (C) is incorrect. A CAAT program can recalculate such Accordingly, an ITF is an effective way to detect computational amounts as gross errors. pay, net pay, taxes and other deductions, and accumulated or used Answer (C) is incorrect. Using the test data approach, the auditor leave times. develops and These recalculations can help determine whether the payroll Answer (C) is incorrect. Transaction data can be filtered using GAS. program is operating Answer (D) is incorrect. Suppliers used by cardholders can be correctly or employee files have been altered, but it would not identify summarized using a fictitious GAS. or terminated employee. [573] Gleim #: 6.6.60 Answer (D) is incorrect. In this type of CAAT program, certain actual Insurers may receive hospitalization claims directly from hospitals by transactions are “tagged.” As they proceed through the system, a computer media; data file is no paper is transmitted from the hospital to the insurer. Which of the created that traces the processing through the system and permits following subsequent controls is most effective in detecting fraud in such an environment? review of that processing. However, this procedure would not identify Use integrated test facilities to test the correctness of processing in a a fictitious manner that or terminated employee. is transparent to data processing. Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. (720 questions) Develop monitoring programs to identify unusual types of claims or Copyright 2013 Gleim Publications Inc. Page 314 an unusual Printed for Sanja Knezevic number of claims by demographic classes for investigation by the fb.com/ciaaofficial claims [572] Gleim #: 6.6.59 department. An organization provides credit cards to selected employees for B. business use. The Use generalized audit software to match the claimant identification credit card company provides a computer file of all transactions by number with a employees of the master list of valid policyholders. organization. An auditor plans to use generalized audit software C. (GAS) to select Develop batch controls over all items received from a particular relevant transactions for testing. Which of the following would not be hospital and readily process those claims in batches. identified using GAS? D. High-monetary-A. amount transactions. Answer (A) is incorrect. An integrated test facility is useful in B. Fraudulent transactions. determining the C. Transactions for specific cardholders. correctness of processing of validly entered transactions. The issue D. Suppliers used by each cardholder. in this case is Answer (A) is incorrect. GAS can be used to search for unusual the validity of the entered transactions. transactions, Answer (B) is correct. Monitoring assesses the quality of internal such as those exceeding a specific dollar amount. control over Answer (B) is correct. It is highly unlikely that the accounts payable time. Ongoing monitoring occurs as part of routine operations. It system includes contains sufficient evidence of fraudulent transactions. GAS can be management and supervisory review, comparisons, reconciliations, used to and other explore indicators of fraud, but it probably would not identify them. actions by personnel as part of their regular activities. Thus, parts (other branches). This process requires, among other things, monitoring of the use of number and nature of claims may serve to detect failures of internal quantitative and qualitative measures. A key indicator for financial control. performance Answer (C) is incorrect. An edit control should be built into the measurement is the amount of bad debt write-offs. A high level of application to bad debt writeoffs test for valid policy numbers. could indicate fraud, which would compromise the accuracy and Answer (D) is incorrect. Batch controls are designed to ensure that reliability of all items financial reports. Bad debt write-offs may result from recording submitted are processed, i.e., that they are not lost or added to. fictitious sales. Batch controls Answer (D) is incorrect. The number of suppliers is not a financial serve a control purpose, but the major concern in this situation is the benchmark. validity of [575] Gleim #: 6.7.62 the input. Accounts payable schedule verification may include the use of Gleim CIA Test Prep: Part 1 - Internal Audit Basics analytical information. (720 questions) Which of the following is analytical information? Copyright 2013 Gleim Publications Inc. Page 315 A. Comparing the schedule with the accounts payable ledger or Printed for Sanja Knezevic unpaid voucher file. [574] Gleim #: 6.6.61 B. Comparing the balance on the schedule with the balances of prior A company that has many branch stores has decided to use its best- years. performing store as Comparing confirmations received from selected creditors with the a benchmark organization for the purpose of analyzing the accuracy accounts and reliability of payable ledger. branch store financial reporting. Which one of the following is the C. most likely measure D. Examining vendors’ invoices in support of selected items on the to be included in a financial benchmark? schedule. High turnover A. of employees. Answer (A) is incorrect. Comparing the schedule with the accounts B. High level of employee participation in setting budgets. payable C. High amount of bad debt write-offs. ledger or unpaid voucher file is a test of details. D. High number of suppliers. Answer (B) is correct. Analytical procedures are useful in identifying Answer (A) is incorrect. Turnover of employees is an internal (1) nonfinancial unexpected differences, (2) the absence of differences when they benchmark. are expected, (3) Answer (B) is incorrect. Employee participation in setting budgets is potential errors, (4) potential fraud or illegal acts, or (5) other unusual an internal or nonfinancial benchmark. nonrecurring transactions or events (PA 2320-1, para. 2). Thus, they Answer (C) is correct. Internal benchmarking is the application of may include best practices comparison of current-period information with budgets, forecasts, or in one part of the organization (e.g., a high-performing branch store) similar to its other information for prior periods. Answer (C) is incorrect. Comparing confirmations received from analytical procedures provide information that all transactions and selected accounts that creditors with the accounts payable ledger is a test of details. should be presented are included. In some circumstances, the Answer (D) is incorrect. Examining vendors’ invoices in support of internal auditor may selected be able to determine that analytical procedures by themselves items on the schedule is a test of details. provide the desired Gleim CIA Test Prep: Part 1 - Internal Audit Basics level of assurance. (720 questions) Answer (D) is incorrect. For assertions of low materiality, analytical Copyright 2013 Gleim Publications Inc. Page 316 information Printed for Sanja Knezevic may be considered sufficient. fb.com/ciaaofficial [577] Gleim #: 6.7.64 [576] Gleim #: 6.7.63 During an engagement, the internal auditor should consider the Analytical procedures following factor(s) in Are considered direct information about the assertion A. being determining the extent to which analytical procedures should be used evaluated. during the B. Involve such tests as confirmation of receivables. engagement: C. May provide the best available information for the completeness A. Adequacy of the system of internal control. assertion. B. Significance of the area being examined. D. Are never sufficient by themselves to support management C. Precision with which the results of analytical audit procedures can assertions. be predicted. Answer (A) is incorrect. Although relevant, analytical information is D. All of the answers are correct. not direct. It Answer (A) is incorrect. The adequacy of the system of internal is a means of gathering information without testing particular control should be transactions considered. directly. Answer (B) is incorrect. The significance of the area being Answer (B) is incorrect. Analytical information involves a study of examined should be plausible considered. relationships among data. Confirmation is a substantive test of Answer (C) is incorrect. The precision with which the results of details. analytical Answer (C) is correct. Analytical procedures usually involve procedures can be predicted should be considered. summarizing and Answer (D) is correct. When determining the extent to which comparing data so that trends and other important relationships may analytical be detected. procedures should be used, the internal auditor considers (1) the Procedures range from simple comparisons of amounts reported to significance of advanced the area being examined, (2) the assessment of risk management in statistical and modeling techniques. The use of analytical procedures the audited involves area, (3) the adequacy of the internal control system, (4) the judgment and focuses on the overall reasonableness of recorded availability and amounts. Thus, reliability of financial and nonfinancial information, (5) the precision with which the results of analytical audit procedures can be predicted, (6) the Answer (A) is incorrect. Reviewing the trend of overall retirement availability and expense over comparability of information regarding the industry in which the the last 10 years does not consider the changes in plans or the organization number of operates, and (7) the extent to which other procedures provide employees retired. evidence (PA 2320- Answer (B) is incorrect. The sample should be stratified. The 1, para. 5). population is not Gleim CIA Test Prep: Part 1 - Internal Audit Basics homogeneous. (720 questions) Answer (C) is correct. Analytical procedures often provide the Copyright 2013 Gleim Publications Inc. Page 317 internal auditor Printed for Sanja Knezevic with an efficient and effective means of obtaining evidence. The [578] Gleim #: 6.7.65 assessment The internal auditor of an organization with a recently automated results from comparing information with expectations identified or human resources developed by system reviews the retirement benefits plan and determines that the the internal auditor. Analytical procedures are useful in identifying (1) pension and unexpected medical benefits have been changed several times in the past 10 differences, (2) the absence of differences when they are expected, years. The internal (3) potential auditor wishes to determine whether further investigation is justified. errors, (4) potential fraud or illegal acts, or (5) other unusual or The most nonrecurring appropriate engagement procedure is to transactions or events (PA 2320-1, para. 2). Accordingly, significant Review the trend of overall retirement expense over the last 10 changes, years. If it has such as those in pension and medical benefits, require the internal increased, further investigation is needed. auditor to refine A. his/her expectations. In these circumstances, the internal auditor Use generalized audit software to take a monetary-unit sample of must stratify the retirement pay sample according to the plans in effect when the employees retired and determine whether each retired employee was paid correctly. and develop a B. predicted result for each person based on the stratum to which (s)he Review reasonableness of retirement pay and medical expenses on belongs. a per-person Answer (D) is incorrect. Taking an attribute sample of retirement basis stratified by which plan was in effect when the employee pay does not retired. meet the engagement objective of determining whether further C. investigation is Use generalized audit software to take an attribute sample of warranted. retirement pay and [579] Gleim #: 6.7.66 perform detailed testing to determine whether each person chosen Analytical procedures enable the internal auditor to predict the was given the balance or quantity of proper benefits. an item. Information to develop this estimate can be obtained by all D. of the following except relationships to exist and to remain relatively stable in the absence of Tracing transactions through the system to determine whether reasons for procedures are variation. being applied as prescribed. Answer (D) is incorrect. Financial information is related to A. nonfinancial information; Comparing financial data with data for comparable prior periods, e.g., salary expense should be related to the number of hours anticipated worked. results (e.g., budgets and forecasts), and similar data for the industry [580] Gleim #: 6.7.67 in which the Analytical procedures in which current financial statements are entity operates. compared with budgets B. or previous statements are primarily intended to determine the Studying the relationships of elements of financial data that would be Adequacy of financial statement A. disclosure. expected to B. Existence of specific errors or omissions. conform to a predictable pattern based upon the entity’s experience. C. Overall reasonableness of statement contents. C. D. Use of an erroneous cutoff date. Studying the relationships of financial data with relevant D. Answer (A) is incorrect. Analytical procedures concern nonfinancial data. interrelationships among Gleim CIA Test Prep: Part 1 - Internal Audit Basics data, not the propriety of disclosure. (720 questions) Answer (B) is incorrect. Analytical procedures are concerned with Copyright 2013 Gleim Publications Inc. Page 318 overall Printed for Sanja Knezevic reasonableness, not the existence of specific errors. fb.com/ciaaofficial Answer (C) is correct. Analytical procedures often provide the Answer (A) is correct. Tracing transactions through the system is a internal auditor test of controls with an efficient and effective means of obtaining evidence. The directed toward the operating effectiveness of internal control, not an assessment analytical results from comparing information with expectations identified or procedure. developed by Answer (B) is incorrect. The basic premise of analytical procedures the internal auditor. Analytical procedures are useful in identifying (1) is that plausible unexpected relationships among data may be reasonably expected to exist and differences, (2) the absence of differences when they are expected, continue in the (3) potential absence of known conditions to the contrary. Well-drafted budgets errors, (4) potential fraud or illegal acts, or (5) other unusual or and forecasts nonrecurring prepared at the beginning of the year should therefore be compared transactions or events (PA 2320-1, para. 2). Thus, a comparison of with actual results, current-period and engagement client information should be compared with data for information with budgets or previous-period information is helpful in the industry in planning the which the engagement client operates. engagement. This comparison may identify conditions, such as Answer (C) is incorrect. The internal auditor should expect financial unreasonable ratios and amounts in financial statements, that may require subsequent results from comparing information with expectations identified or engagement developed by procedures. the internal auditor. Analytical procedures are useful in identifying (1) Answer (D) is incorrect. Analytical procedures detect unreasonable unexpected amounts, not differences, (2) the absence of differences when they are expected, the specific causes of unexpected conditions. (3) potential Gleim CIA Test Prep: Part 1 - Internal Audit Basics errors, (4) potential fraud or illegal acts, or (5) other unusual or (720 questions) nonrecurring Copyright 2013 Gleim Publications Inc. Page 319 transactions or events (PA 2320-1, para. 2). An analysis of materials Printed for Sanja Knezevic used and [581] Gleim #: 6.7.68 materials issued may reveal a discrepancy. One possible explanation A rental car organization’s fleet maintenance division uses a different for excessive code for each issuance of materials is employee theft. type of inventory transaction. A daily summary report lists activity by [582] Gleim #: 6.7.69 part number and During an operational audit engagement, an auditor compared the transaction code. The report is reconciled by the parts room inventory turnover supervisor to the day’s rate of a subsidiary with established industry standards in order to material request forms and is then forwarded to the fleet manager for A. Evaluate the accuracy of internal financial reports. approval. The B. Test controls designed to safeguard assets. use of transaction codes provides the fleet manager with information C. Determine compliance with corporate procedures regarding concerning the inventory levels. types of inventory activities. The internal auditor is considering an D. Assess performance and indicate where additional audit work may analytical review of be needed. transaction codes and materials used. The objective of this review is Answer (A) is incorrect. Comparison with industry standards will not to test the Provide information about overstocked A. inventory items. accuracy of internal reporting. B. Reveal shortages in perpetual inventory records. Answer (B) is incorrect. Comparison with industry standards will not C. Determine whether inventory items are properly valued. test the D. Identify possible material lost due to employee theft. controls designed to safeguard the inventory. Answer (A) is incorrect. The summary report does not include Answer (C) is incorrect. Comparison with industry standards will not stocking levels. test Answer (B) is incorrect. The summary report concerns only issued compliance. items. Answer (D) is correct. Inventory turnover provides analytical Answer (C) is incorrect. The summary report does not address the information. It valuation equals cost of sales divided by average inventory. A low turnover assertion. ratio implies Answer (D) is correct. Analytical procedures often provide the that inventory is excessive, for example, because the goods are internal auditor obsolete or with an efficient and effective means of obtaining evidence. The because the organization has overestimated demand. Accordingly, assessment such an analytical procedure will provide an indication of the efficiency and nonrecurring transactions or events. effectiveness Answer (D) is incorrect. Analytical review is appropriate when of the subsidiary’s management of the inventory. plausible Gleim CIA Test Prep: Part 1 - Internal Audit Basics relationships among the data allow the auditor to develop or identify (720 questions) reasonable Copyright 2013 Gleim Publications Inc. Page 320 expectations that may be compared with actual data. For example, Printed for Sanja Knezevic such fb.com/ciaaofficial relationships may include the ways in which operating expenses vary [583] Gleim #: 6.7.70 relative to The use of an analytical review to verify the correctness of various each other. Analytical review of these expenses does not require that operating expenses they be would not be a preferred approach if related to revenue. An auditor notes strong indicators of a specific fraud involving A. [584] Gleim #: 6.8.71 these accounts. A company with many branch stores has decided to benchmark one B. Operations are relatively stable and have not changed much over of its stores for the the past year. purpose of analyzing the accuracy and reliability of branch store An auditor would like to identify large, unusual, or non-recurring financial reporting. transactions Which one of the following is the most likely measure to be included during the year. in a financial C. benchmark? Operating expenses vary in relation to other operating expenses, but A. High turnover of employees. not in relation B. High level of employee participation in setting budgets. to revenue. C. High amount of bad debt write-offs. D. D. High number of suppliers. Answer (A) is correct. Analytical auditing procedures assist internal Answer (A) is incorrect. Turnover of employees is not a financial auditors in benchmark. identifying conditions that may require subsequent engagement Answer (B) is incorrect. Employee participation in setting budgets is procedures. not a Accordingly, if the auditor already suspects fraud involving operating financial benchmark. expenses, a Answer (C) is correct. The level of bad debts written off as more directed audit approach is appropriate. uncollectible is a Answer (B) is incorrect. Operational stability suggests that the benchmark stated in financial terms. A level exceeding the normal analytical benchmark could relationships involving operating expenses continue to exist. This indicate fraud, which compromises the accuracy and reliability of stability helps financial the auditor to develop expectations that may be used for comparison reports. Bad debt write-offs may result from recording fictitious sales. with actual Answer (D) is incorrect. The number of suppliers is not a financial results. benchmark. Answer (C) is incorrect. Analytical review is useful in identifying Gleim CIA Test Prep: Part 1 - Internal Audit Basics unusual or (720 questions) Copyright 2013 Gleim Publications Inc. Page 321 Assuming that a high degree of security is needed, which of the Printed for Sanja Knezevic following potential [585] Gleim #: 6.8.72 sources of information will also be relevant to the internal auditor’s The legislative auditing bureau of a country is required to perform assessment of compliance whether the governmental unit is being charged for computer engagements involving organizations that are issued defense security that exceeds the contracts on a cost-plus entity’s needs? basis. Contracts are clearly written to define acceptable costs, Comparison of the security system with best practices implemented including developmental for similar research cost and appropriate overhead rates. systems During the past year, the government has engaged in extensive I. outsourcing of its Comparison of the security system with recent publications on state- activities. The outsourcing included contracts to run cafeterias, of-the-art provide janitorial systems services, manage computer operations and systems development, II. and provide Tests of the functionality of III. the security system engineering of construction projects. The contracts were modeled A. II only. after those used for B. I and II only. years in the defense industry. The legislative internal auditors are C. III only. being called upon to D. I, II, and III. expand their efforts to include compliance engagements involving Answer (A) is incorrect. Benchmarking (identifying the best these contracts. practices of similar Upon initial investigation of these outsourced areas, the internal entities) also provides relevant information. auditor found many Answer (B) is correct. Comparison of the security system with best areas in which the outsourced management has apparently practices expanded its authority and implemented for similar systems and with recent publications on responsibility. For example, the contractor that manages computer state-of-the-art operations has systems is the best approach. It compares the system being developed a highly sophisticated security program that may developed with cutting represent the most edge systems and provides the internal auditor with a basis to advanced information security in the industry. The internal auditor address the reviews the outsourcer’s claim that the system is the minimum necessary for the contract and sees reference only to providing appropriate levels of organization. computing security. Answer (C) is incorrect. Testing the functionality of the system The internal auditor suspects that the governmental agency may be provides incurring information on whether the system works, not whether it is developmental costs that the outsourcer may use for competitive appropriate for the advantage in entity. marketing services to other organizations. Answer (D) is incorrect. Testing the functionality of the system provides information on whether the system works, not whether it is against those of the best organizations. This procedure also involves appropriate for the identifying entity. the underlying key actions and causes that contribute to the Gleim CIA Test Prep: Part 1 - Internal Audit Basics performance (720 questions) difference. The percentage of orders delivered on time at the Copyright 2013 Gleim Publications Inc. Page 322 company’s most Printed for Sanja Knezevic efficient plant is an example of an internal nonfinancial benchmark. fb.com/ciaaofficial [587] Gleim #: 6.8.74 [586] Gleim #: 6.8.73 What is the first phase in the benchmarking process? An example of an internal nonfinancial benchmark is A. Organize benchmarking teams. The labor rate of comparably skilled employees at a major A. B. Select and prioritize benchmarking projects. competitor’s plant. C. Researching and identifying best-in-class performance. The average actual cost per pound of a specific product at the D. Data analysis. company’s most Answer (A) is incorrect. Organizing benchmarking teams is a efficient plant. subsequent phase. B. Answer (B) is correct. The first phase in the benchmarking process A US $50,000 limit on the cost of employee training programs at is to select each of the and prioritize benchmarking projects. The next phase is to organize company’s plants. benchmarking C. teams. Researching and identifying best-in-class is the third phase in The percentage of customer orders delivered on time at the the company’s most benchmarking process. The fourth phase is data analysis, and the efficient plant. final phase is the D. implementation phase. Answer (A) is incorrect. The labor rate of comparably skilled Answer (C) is incorrect. Researching and identifying best-in-class employees at a performance is major competitor’s plant is a financial measure. a subsequent phase. Answer (B) is incorrect. The average actual cost per pound of a Answer (D) is incorrect. Data analysis is a subsequent phase. specific product Gleim CIA Test Prep: Part 1 - Internal Audit Basics at the company’s most efficient plant is a financial measure. (720 questions) Answer (C) is incorrect. A US $50,000 limit on the cost of employee Copyright 2013 Gleim Publications Inc. Page 323 training Printed for Sanja Knezevic programs at each of the company’s plants is a financial measure. [588] Gleim #: 6.8.75 Answer (D) is correct. Benchmarking is a continuous evaluation of Which of the following statements regarding benchmarking is false? the practices Benchmarking involves continuously evaluating the practices of best- of the best organizations in their class and the adaptation of in-class processes to reflect organizations and adapting company processes to incorporate the the best of these practices. It entails analysis and measurement of best of these key outputs practices. A. Benchmarking, in practice, usually involves a company’s formation of Answer (B) is correct. Leadership is most important in the benchmarking teams. implementation phase B. of the benchmarking process because the team must be able to Benchmarking is an ongoing process that entails quantitative and justify its qualitative recommendations. Also, the process improvement teams must measurement of the difference between the company’s performance manage the of an activity implementation of approved changes. and the performance by the best in the world or the best in the Answer (C) is incorrect. The data analysis phase entails identifying industry. performance C. gaps and understanding the reasons they exist. The benchmarking organization against which a firm is comparing Answer (D) is incorrect. This stage involves the setting up of itself must be a databases and direct competitor. information-gathering methods. D. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. It is a true statement about benchmarking. (720 questions) Answer (B) is incorrect. It is a true statement about benchmarking. Copyright 2013 Gleim Publications Inc. Page 324 Answer (C) is incorrect. It is a true statement about benchmarking. Printed for Sanja Knezevic Answer (D) is correct. Benchmarking is an ongoing process that fb.com/ciaaofficial entails [590] Gleim #: 6.8.77 quantitative and qualitative measurement of the difference between Researching and identifying best-in-class performance is often the the company’s most difficult performance of an activity and the performance by a best-in-class phase. Which of the following is not a critical step? organization. Setting A. up databases. The benchmarking organization against which a firm is comparing B. Choosing information-gathering methods. itself need not C. Formatting questionnaires. be a direct competitor. The important consideration is that the D. Employee training and empowerment. benchmarking Answer (A) is incorrect. Setting up databases is a critical step in the organization be an outstanding performer in its industry. researching [589] Gleim #: 6.8.76 and identifying phase. The phase of the benchmarking process in which the team must be Answer (B) is incorrect. Choosing information-gathering methods is able to justify its a critical recommendations is the step in the researching and identifying phase. Prioritize benchmarking A. projects phase. Answer (C) is incorrect. Formatting questionnaires is a critical step B. Implementation phase. in the C. Data analysis phase. researching and identifying phase. D. Researching and identifying best in class performance phase. Answer (D) is correct. The critical steps in the researching and Answer (A) is incorrect. This is the stage where businesses must identifying phase understand key are setting up databases, choosing information-gathering methods, business processes and drivers. formatting questionnaires, and selecting benchmarking partners. Employee Answer (D) is correct. Benchmarking is a continuous evaluation of training and the practices empowerment is part of total quality management (TQM). of the best organizations in their class and the adaptation of [591] Gleim #: 6.8.78 processes to reflect Which of the following is true of benchmarking? the best of these practices. It entails analysis and measurement of Benchmarking is typically accomplished by comparing an key outputs organization’s against those of the best organizations. performance with the performance of its closest competitors. Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. (720 questions) Benchmarking can be performed using either qualitative or Copyright 2013 Gleim Publications Inc. Page 325 quantitative Printed for Sanja Knezevic comparisons. [592] Gleim #: 6.8.79 B. An organization wants to improve on its performance measures for a Benchmarking is normally limited to manufacturing operations and new business production line. Which type of benchmarking is most likely to provide information processes. useful for this C. purpose? Benchmarking is accomplished by comparing an organization’s A. Functional. performance to B. Competitive. that of the best-performing organizations. C. Generic. D. D. Internal. Answer (A) is incorrect. Benchmarking involves a comparison with Answer (A) is correct. The type of benchmarking most likely to help industry improve leaders or world-class operations. It uses either industry-wide performance measures for a new business line is functional amounts (to protect benchmarking. the confidentiality of information provided by participating Comparison with organizations that perform related functions within organizations) or the same amounts from cooperating organizations. technological area provides information about what is being achieved Answer (B) is incorrect. Benchmarking requires measurements, elsewhere in which involve the new business line. quantitative comparisons. Answer (B) is incorrect. Comparison with the best competitors Answer (C) is incorrect. Benchmarking can be applied to all of the focuses on functional performance in related organizations as a whole and likely includes areas in an organization. In fact, manufacturing often tends to be some industry-specific, activities unrelated to the new business line. whereas activities such as processing an order or paying an invoice Answer (C) is incorrect. Comparison of processes that are virtually are not. the same Nonmanufacturing functions often provide a greater opportunity to regardless of industry (such as document processing) would not be improve by as helpful as learning from global leaders. comparison of processes that are similar in function. Answer (D) is incorrect. Comparison against the best within the should continue. same Answer (D) is correct. When analytical audit procedures identify organization may be misleading. It does not provide information unexpected about what is results or relationships, the internal auditor evaluates such results or being accomplished outside the organization in the new business relationships line. (PA 2320-1, para. 6). The senior allowed the identified variance to go [593] Gleim #: 6.9.80 unevaluated. An inexperienced internal auditor notified the senior auditor of a Gleim CIA Test Prep: Part 1 - Internal Audit Basics significant variance (720 questions) from the engagement client’s budget. The senior told the new Copyright 2013 Gleim Publications Inc. Page 326 internal auditor not to Printed for Sanja Knezevic worry because the senior had heard that there had been an fb.com/ciaaofficial unauthorized work stoppage [594] Gleim #: 6.9.81 that probably accounted for the difference. Which of the following A small city managed its own pension fund. According to the city statements is most charter, investments appropriate? could be made only in bonds, money market funds, or high-quality The new internal auditor should have investigated the matter fully stocks. The internal and not auditor has already verified the existence of the pension fund’s bothered the senior. assets. The fund A. balance was not very large and was managed by the city treasurer. The senior used proper judgment in curtailing what could have been The internal auditor a wasteful decided to estimate income from investments of the fund by investigation. multiplying the average B. fund balance by a weighted-average rate based on the current The senior should have halted the engagement until the variance portfolio mix. Upon was fully doing so, the internal auditor found that recorded return was explained. substantially less than C. was expected. The internal auditor’s next procedure should be to The senior should have aided the new internal auditor in formulating Inquire of the treasurer as to the reason that income appears to be a plan for less than accumulating appropriate information. expected. D. A. Answer (A) is incorrect. An inexperienced internal auditor should Prepare a more detailed estimate of income by consulting a dividend refer this and reporting matter to the senior. service that lists the interest or dividends paid on specific stocks and Answer (B) is incorrect. The facts given do not support the bonds. conclusion that B. accumulating additional information would be wasteful. Inform management and the board that fraud is suspected and Answer (C) is incorrect. The variance needs explanation, but the suggest that legal engagement counsel be called in to complete the investigation. C. Interview management and apply other engagement procedures to Select a sample of entries to the pension fund income account and determine trace to the whether transaction controls and procedures within the machining cash journal to determine if cash was received. department are D. adequate. Answer (A) is incorrect. The internal auditor should refine the A. estimate further Do no further work because the concern was not identified by the before discussing the matter with the treasurer. Even if the internal analytical auditor has procedures included in the engagement work program. confidence in the first estimate, the suspicion of potential fraud B. should lead the Notify internal auditing management that C. fraud is suspected. internal auditor to do further work, e.g., tracing the estimated income Place a note in the working papers to review this matter in detail developed in during the next the first step to the cash receipts book before confronting the engagement. treasurer. D. Answer (B) is correct. When analytical audit procedures identify Gleim CIA Test Prep: Part 1 - Internal Audit Basics unexpected (720 questions) results or relationships, for example, when pension fund assets are Copyright 2013 Gleim Publications Inc. Page 327 suspiciously Printed for Sanja Knezevic low, the internal auditor evaluates such results or relationships (PA Answer (A) is correct. When analytical audit procedures identify 2320-1, unexpected results para. 6). Before inquiring of client management, the auditor should or relationships, the internal auditor evaluates such results or obtain more relationships. The auditor detailed information about the unexpected results or relationships. may ask management about the reasons for the difference and Answer (C) is incorrect. The internal auditor does not have sufficient would corroborate information management’s explanation (PA 2320-1, para. 6). to justify the conclusion that fraud has occurred. Answer (B) is incorrect. The engagement work program is a guide Answer (D) is incorrect. This procedure would provide information that does not only about restrict the auditor from pursuing information unknown at the time recorded income. that the program [595] Gleim #: 6.9.82 was written. While testing the effectiveness of inventory controls, the internal Answer (C) is incorrect. The facts do not yet support a conclusion auditor makes a note that fraud has in the working papers that most of the cycle count adjustments for occurred. the facility involved Answer (D) is incorrect. The risk of a material misstatement of transactions of the machining department. The machining inventory should be department also had addressed promptly. generated an extraordinary number of cycle count adjustments in [596] Gleim #: 6.9.83 comparison with An internal auditor was evaluating the effectiveness and efficiency of other departments last year. The internal auditor should the operation of the motor pool. The engagement work program included the use of Which of the above actions should have the highest priority? analytical A. 1, 6, and 4. procedures to observe the trend of expenses for major overhauls of B. 4, 5, and 6. heavy-wheeled C. 6, 5, and 1. vehicles. This trend showed a substantial increase in the last year of D. 2, 3, and 4. the ratios of Gleim CIA Test Prep: Part 1 - Internal Audit Basics monetary amounts spent in relation to (1) the number of vehicles (720 questions) being used, (2) the Copyright 2013 Gleim Publications Inc. Page 328 mileage of the vehicles, (3) the age of the equipment, and (4) Printed for Sanja Knezevic environmental fb.com/ciaaofficial conditions. The auditor’s investigation indicated that two new Answer (A) is incorrect. Discussing the matter with the maintenance firms were superintendent could being used. The expenditure packages from the maintenance work compromise the investigation if (s)he is engaged in fraudulent were complete; activities or tells however, the billings for the work had an unusual regularity. The someone who is. identification of the Answer (B) is correct. When analytical procedures identify vehicles being serviced did not correspond to the vehicle unexpected results or maintenance reports. relationships, the internal auditor evaluates such results or Possible engagement procedures include relationships. This Discussing the matter with the superintendent of maintenance and evaluation includes determining whether the difference from asking for an expectations could be a explanation result of fraud, error, or a change in conditions. The auditor may ask 1. management Preparing a schedule of the types of maintenance being performed about the reasons for the difference and would corroborate and comparing management’s explanation, it with manufacturers’ maintenance guides for example, by modifying expectations and recalculating the 2. difference or by applying Analyzing vehicles’ trip tickets to determine if they contain indications other audit procedures (PA 2320-1, para. 6). Substantial increases in of maintenance cost problems needing attention ratios indicate a need for a more extensive investigation. Items 4 and 3. 5 could provide Reviewing deadline reports to determine that vehicles were not in information regarding the status of vehicles. If discrepancies are service on the found, the appropriate dates of maintenance work authorities within the organization should be consulted. 4. Answer (C) is incorrect. Discussing the matter with the Reviewing dispatch schedules to determine whether vehicles were superintendent could dispatched for compromise the investigation, and the days that the vehicles were in use on days the maintenance work was reported as performed use is irrelevant. 5. Answer (D) is incorrect. Items 2 and 3, although potential indicators Discussing the matter 6. with plant security of fraud, do not provide conclusive information. reasonable period of time and trace the receipts to the appropriate [597] Gleim #: 6.9.84 accounts. The internal auditor of a construction enterprise that builds Determine causes of any discrepancies. foundations for bridges and B. large buildings performed a review of the expense accounts for Report the observations, as they are, to management and equipment (augers) recommend an used to drill holes in rocks to set the foundation for the buildings. investigation for possible fraud. During the review, C. the internal auditor noted that the expenses related to some of the Report the observations to the construction manager and insist that auger accounts had appropriate increased dramatically during the year. The internal auditor inquired controls such as independent receiving reports be implemented. of the Follow up to see construction manager who offered the explanation that the augers if the controls are properly implemented. last 2 to 3 years and D. are expensed when purchased. Thus, the internal auditor should see Gleim CIA Test Prep: Part 1 - Internal Audit Basics a decrease in the (720 questions) expense accounts for these augers in the next year but would expect Copyright 2013 Gleim Publications Inc. Page 329 an increase in the Printed for Sanja Knezevic expenses of other augers. The internal auditor also found out that Answer (A) is incorrect. The auditor has an ethical duty to report the construction material facts that, if manager is responsible for the inventorying and receiving of the not disclosed, may distort the reporting of activities under review augers and is a part (Rule of Conduct owner of a business that supplies augers to the organization. The 2.3). supplier was Answer (B) is incorrect. The results should be reported to approved by the president to improve the quality of equipment. management. The Assume the internal suggested procedure is incomplete and not likely to determine the auditor did not find a satisfactory explanation for the results of the causes of the analytical problem. procedures performed and has conducted the appropriate follow-up Answer (C) is correct. When analytical audit procedures identify procedures. The unexpected results or engagement in this area is otherwise complete. Which of the relationships, the internal auditor evaluates such results or following would be the relationships. Unexplained most appropriate action to take? results or relationships discovered by applying analytical procedures Note the actions and follow-up next year. Defer the reporting to may be an management until indication of a significant problem (e.g., a potential error, fraud, or a satisfactory explanation can be obtained. illegal act). Results A. or relationships that are not adequately explained may indicate a Expand engagement procedures by observing the receipt of all situation to be augers during a communicated to senior management and the board. Depending on the circumstances, the internal auditor may recommend appropriate action (PA 2320-1, useful in para. 6). Identifying products for which management has not been attuned to Answer (D) is incorrect. The results should be reported to other changes in levels of market demand. management. The internal auditor has already noted that the A. construction manager has B. Identifying potential problems in purchasing activities. a conflict of interest. Furthermore, the internal auditor cannot insist C. Identifying obsolete inventory. that controls be D. All of the answers are correct. implemented; (s)he can only recommend. Gleim CIA Test Prep: Part 1 - Internal Audit Basics [598] Gleim #: 6.9.85 (720 questions) Which result of an analytical procedure suggests the existence of Copyright 2013 Gleim Publications Inc. Page 330 obsolete Printed for Sanja Knezevic merchandise? fb.com/ciaaofficial Decrease in the inventory A. turnover rate. Answer (A) is incorrect. An inventory turnover analysis may also B. Decrease in the ratio of gross profit to sales. indicate potential C. Decrease in the ratio of inventory to accounts payable. problems in purchasing activities and the presence of obsolete D. Decrease in the ratio of inventory to accounts receivable. inventory. Answer (A) is correct. Inventory turnover is equal to cost of sales Answer (B) is incorrect. An inventory turnover analysis may also divided by indicate erroneous average inventory. If inventory is increasing at a faster rate than demand forecasts and the presence of obsolete inventory. sales, the turnover Answer (C) is incorrect. An inventory turnover analysis may also rate decreases and suggests a buildup of unsalable inventory. The indicate potential ratios of gross problems in purchasing activities and erroneous demand forecasts. profit to sales, inventory to accounts payable, and inventory to Answer (D) is correct. Inventory turnover provides analytical accounts receivable information. It equals do not necessarily change when obsolete merchandise is on hand. cost of sales divided by average inventory. A low turnover ratio Answer (B) is incorrect. The ratio of gross profit to sales does not implies that inventory necessarily is excessive, for example, because the goods are obsolete or change when obsolete merchandise is on hand. because the organization Answer (C) is incorrect. The ratio of inventory to accounts payable has overestimated demand. does not [600] Gleim #: 6.9.87 necessarily change when obsolete merchandise is on hand. An internal auditor’s preliminary analysis of accounts receivable Answer (D) is incorrect. The ratio of inventory to accounts turnover revealed the receivable does not following rates: necessarily change when obsolete merchandise is on hand. Year 1 Year 2 Year 3 [599] Gleim #: 6.9.86 7.3 6.2 4.3 An internal auditor decides to perform an inventory turnover analysis Which of the following is the most likely cause of the decrease in for both raw accounts receivable materials inventory and finished goods inventory. The analysis would turnover? be potentially Increase in the cash A. discount offered. B. Liberalization of credit policy. of an increased cash discount has an indeterminate effect on the C. Shortening of due date terms. turnover ratio. Both D. Increased cash sales. the numerator and the denominator are decreased but not Answer (A) is incorrect. An increase in cash sales that reduces necessarily by the same credit sales as a amount. An increase in cash sales not affecting credit sales has no result of an increased cash discount has an indeterminate effect on effect on the ratio. the turnover Answer (B) is correct. The accounts receivable turnover ratio equals ratio. Both the numerator and the denominator are decreased but not net credit sales necessarily divided by average accounts receivable. Accounts receivable by the same amount. An increase in cash sales not affecting credit turnover will decrease if sales has no net credit sales decrease or average accounts receivable increase. effect on the ratio. Liberalization of Answer (B) is correct. The accounts receivable turnover ratio equals credit policy will increase receivables. net credit Answer (C) is incorrect. Shortening due dates decreases the sales divided by average accounts receivable. Accounts receivable average accounts turnover will receivable outstanding and increases the ratio if other factors are decrease if net credit sales decrease or average accounts receivable held constant. increase. Answer (D) is incorrect. Increased cash sales have an Liberalization of credit policy will increase receivables. indeterminate effect on the Answer (C) is incorrect. Shortening due dates decreases the turnover ratio. average accounts [602] Gleim #: 6.9.89 receivable outstanding and increases the ratio if other factors are Two major retail organizations, both publicly traded and operating in held constant. the same Answer (D) is incorrect. Increased cash sales have an geographic area, have recently merged. Both are approximately the indeterminate effect on the same size and have turnover ratio. internal audit activities. Organization A has little EDI experience. [601] Gleim #: 6.9.88 Organization B has A company’s accounts receivable turnover rate decreased from 7.3 invested heavily in information technology and has EDI connections to 4.3 over the last with its major 3 years. What is the most likely cause for the decrease? vendors. A. An increase in the discount offered for early payment. The board has asked the internal auditors from both organizations to B. A more liberal credit policy. analyze risk areas C. A change in net payment due from 30 to 25 days. that should be addressed after the merger. The chief audit executive D. Increased cash sales. of Organization B Gleim CIA Test Prep: Part 1 - Internal Audit Basics has suggested that the two internal audit activities have a planning (720 questions) meeting to share Copyright 2013 Gleim Publications Inc. Page 331 work programs, scope of engagement coverage, and copies of Printed for Sanja Knezevic engagement Answer (A) is incorrect. An increase in cash sales that reduces communications that were delivered to their boards. Management credit sales as a result has also suggested that the internal auditors review the compatibility of the organizations’ higher sales and bonuses. two computer Answer (D) is correct. Large discounts stimulate demand (increase systems and control philosophy for individual store operations. unit sales volume) The two organizations agree to share data on store operations. The but reduce the gross commissions profit (gross margin). If data reveal that commissions are pegged to three stores in Organization A are characterized by significantly sales volume, the compensation of the sales staff will increase in lower gross margins, these circumstances higher-than-average sales volume, and higher levels of employee even as gross margins are squeezed. bonuses. The three [603] Gleim #: 6.9.90 stores are part of a set of six that are managed by a relatively new An internal auditor performs an analytical review by comparing the section manager. In gross margins of addition, the store managers of the three stores are also relatively various divisional operations with those of other divisions and with new. The most likely the individual cause of the observed data is division’s performance in previous years. The internal auditor notes a The relative inexperience of A. the store managers. significant B. Problems with employee training and employee ability to meet increase in the gross margin at one division. The internal auditor customer needs. does some Fraudulent activity whereby goods are taken from the stores, thus preliminary investigation and also notes that no changes occurred in resulting in the products, lower gross margins. production methods, or divisional management during the year. The C. most likely cause Promotional activities that offer large discounts coupled with the of the increase in gross margin is a(n) payment of Increase in the number of competitors selling A. similar products. bonuses to employees who reach targeted sales goals. Decrease in the number of suppliers of the material used in D. manufacturing the Gleim CIA Test Prep: Part 1 - Internal Audit Basics product. (720 questions) B. Copyright 2013 Gleim Publications Inc. Page 332 C. Overstatement of year-end inventory. Printed for Sanja Knezevic D. Understatement of year-end accounts receivable. fb.com/ciaaofficial Answer (A) is incorrect. An increase in the number of competitors Answer (A) is incorrect. The inexperience of the store managers has most likely no necessary results in price competition and a decrease in sales revenue and correlation with higher sales and bonuses. gross margin. Answer (B) is incorrect. Problems with employee ability to meet Answer (B) is incorrect. A decrease in the number of suppliers most customer needs likely results might result in lower sales volume and bonuses. in less price competition on the supply side, with a consequent Answer (C) is incorrect. No evidence of fraud is given. If fraud were increase in costs occurring, and decrease in gross margin. inventory shrinkage would be apparent. Also, this explanation does Answer (C) is correct. An overstatement of year-end inventory not account for the results in an increase in the gross margin (sales – cost of sales). Overstating goal; therefore, the goal is not being met. ending inventory Answer (B) is incorrect. Corrective action has apparently not been understates cost of sales. taken. Actual Answer (D) is incorrect. An understatement of accounts receivable replacement did not meet the goal. understates Answer (C) is correct. The goal has not been met and corrective sales and the gross margin. action is needed. Gleim CIA Test Prep: Part 1 - Internal Audit Basics According to Performance Standard 2100, internal auditors are (720 questions) involved in Copyright 2013 Gleim Publications Inc. Page 333 evaluating and improving the effectiveness of control processes Printed for Sanja Knezevic using a systematic [604] Gleim #: 6.9.91 and disciplined approach. Thus, internal auditors should determine A medium-sized municipality provides 8.5 billion gallons of water per the extent to year for 31,000 which results are consistent with goals. They also should determine customers. The water meters are replaced at least every 5 years to the extent to ensure accurate which management has established adequate criteria. If adequate, billing. The water department tracks unmetered water to identify auditors should water consumption use these criteria in their evaluation. that is not being billed. The department recently issued the following Answer (D) is incorrect. This cannot be determined from the water activity information given. report: Gleim CIA Test Prep: Part 1 - Internal Audit Basics Activity Month 1 Month 2 Month 3 (720 questions) Actual 1st Copyright 2013 Gleim Publications Inc. Page 334 Quarter Printed for Sanja Knezevic 1st Quarter fb.com/ciaaofficial Goal [605] Gleim #: 6.9.92 Meters Replaced 475 400 360 1,235 1,425 A medium-sized municipality provides 8.5 billion gallons of water per Leaks Reported 100 100 85 285 year for 31,000 Leaks Repaired 100 100 85 285 100% customers. The water meters are replaced at least every 5 years to Unmetered Water 2% 6% 2% 4% 2% ensure accurate Based on the activity reported for the meter replacement program, an billing. The water department tracks unmetered water to identify internal auditor water consumption would conclude that that is not being billed. The department recently issued the following Established operating standards are understood A. and are being water activity met. report: B. Any corrective action needed has probably been taken during the Activity Month 1 Month 2 Month 3 quarter. Actual 1st C. Deviations from the goal should be analyzed and corrected. Quarter D. Meters should be changed every 3 years. 1st Quarter Answer (A) is incorrect. The actual number of meters replaced is Goal less than the Meters Replaced 475 400 360 1,235 1,425 Leaks Reported 100 100 85 285 C. I, II, and III. Leaks Repaired 100 100 85 285 100% D. None of the answers are correct. Unmetered Water 2% 6% 2% 4% 2% Gleim CIA Test Prep: Part 1 - Internal Audit Basics Based on the activity reported for the unmetered water, an internal (720 questions) auditor would Copyright 2013 Gleim Publications Inc. Page 335 conclude that Printed for Sanja Knezevic Established operating standards are understood A. and are being Answer (A) is incorrect. The inventory turnover rate must be met. compared with industry B. Further audit investigation of unmetered water is not warranted. averages to determine whether it is relatively high or low. C. Deviations from the goal were probably not corrected. Answer (B) is incorrect. The information provided by the inventory D. The operating standard should be changed. turnover rate is Answer (A) is incorrect. The actual unmetered water percentage insufficient to conclude that inventory is valued at more than net was greater than realizable value. the goal; therefore, the goal was not met. Answer (C) is incorrect. More information is needed before Answer (B) is correct. Analytical auditing procedures assist internal conclusions can be drawn auditors in about obsolescence, valuation, or cost. identifying conditions, which may require subsequent engagement Answer (D) is correct. The inventory turnover rate equals cost of procedures. sales divided by Month 3 performance met the standard, so the deviation in Month 2 average inventory. An inventory turnover rate tells the internal auditor was probably how many times corrected, and further audit work is not warranted. the inventory has been sold during the period. However, the rate Answer (C) is incorrect. The deviation in Month 2 was apparently cannot be interpreted corrected. without additional information. Thus, the internal auditor cannot Answer (D) is incorrect. There is no evidence that the operating determine whether standard is obsolete items are in inventory, inventory valuation is too high, or inappropriate. inventory costs are [606] Gleim #: 6.9.93 too high. Assume an internal auditor computes an inventory turnover rate by [607] Gleim #: 6.9.94 product line and The following represents accounts receivable information for a identifies a number of product lines with a rate of less than 3.5. corporation for a 3- Which of the year period: following conclusions can be justified by these engagement results? Year 1 Year 2 Year 3 I. The identified product lines contain obsolete inventory. Net accounts receivable as a II. Inventory is valued at more than net realizable value. percentage of total assets 23.4% 27.3% 30.8% Inventory costs are too high because the organization is carrying Accounts receivable turnover ratio 6.98 6.05 5.21 obsolete All of the following are plausible explanations for these changes inventory. except III. Fictitious sales may A. have been recorded. A. I and III only. B. Credit and collection procedures have become ineffective. B. II only. C. Allowance for bad debts is understated. D. Sales returns for credit have been overstated. A. Observation. Answer (A) is incorrect. Fictitious sales is a plausible answer. They B. Objective. would C. Conclusion. generate additional uncollectible accounts receivable that are not D. Finding. necessarily Answer (A) is incorrect. A finding (observation) is an objective reflected in the allowance for bad debts. The result would be a lower statement of fact turnover about the results of audit testwork without interpretation or ratio and a higher ratio of net receivables to total assets. commentary. Answer (B) is incorrect. Ineffective credit and collection procedures Answer (B) is incorrect. The IIA Glossary defines engagement is a plausible objectives as answer. They could contribute to increases in uncollectible accounts broad statements developed by internal auditors that define intended receivable engagement that are not necessarily reflected in the allowance for bad debts. The accomplishments. result would Answer (C) is correct. A conclusion/opinion is the auditor’s be a lower turnover ratio and a higher ratio of net receivables to total interpretation of the assets. results of testwork. The conclusion/opinion allows the reader to Answer (C) is incorrect. An understated allowance for bad debts is a understand the plausible meaning of what the auditor discovered during the course of answer. It would contribute to overstatement of net accounts testwork. receivable as a Answer (D) is incorrect. A finding (observation) is an objective percentage of total assets and decreases in receivables turnover. statement of fact Answer (D) is correct. Overstated sales returns for credit is not a about the results of audit testwork without interpretation or plausible commentary. answer. They would understate (not overstate) net accounts [609] Gleim #: 6.10.96 receivable. This After completing an engagement work program step regarding understatement would result in lower (not higher) net accounts materials movement receivable between storage and assembly, the internal auditor would most likely balances as a percentage of total assets and higher (not lower) prepare a(n) receivables turnover A. Observation. (sales ÷ average accounts receivable). B. Report. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Conclusion. (720 questions) D. Opinion. Copyright 2013 Gleim Publications Inc. Page 336 Answer (A) is correct. A finding (observation) is an objective Printed for Sanja Knezevic statement of fact fb.com/ciaaofficial about the results of audit testwork without interpretation or [608] Gleim #: 6.10.95 commentary. “Except for the missing documentation noted above, the system of Answer (B) is incorrect. The engagement report is the final product internal controls of the over petty cash is functioning as intended.” The above statement is engagement. an example of a(n) Answer (C) is incorrect. After performing testwork, the next step for C. Conclusion. the internal D. Recommendation. auditor is to draft his/her findings/observations. Answer (A) is correct. A finding/observation is an objective Answer (D) is incorrect. After performing testwork, the next step for statement of fact the internal about the results of audit testwork without interpretation or auditor is to draft his/her findings/observations. commentary. [610] Gleim #: 6.10.97 Answer (B) is incorrect. A conclusion/opinion is the auditor’s Which two terms are often used interchangeably? interpretation of A. “Conclusion” and “opinion.” the results of testwork. B. “Finding” and “conclusion.” Answer (C) is incorrect. A conclusion/opinion is the auditor’s C. “Finding” and “opinion.” interpretation of D. “Opinion” and “observation.” the results of testwork. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. A recommendation is a description of (720 questions) actions that the Copyright 2013 Gleim Publications Inc. Page 337 auditor believes the auditee should undertake to remedy the Printed for Sanja Knezevic negative observations Answer (A) is correct. Conclusions/opinions are the internal auditor’s made in the course of the engagement. evaluations of [612] Gleim #: 6.10.99 the effects of the observations and recommendations on the The single most important factor in drawing a useful conclusion or activities reviewed. They stating a useful usually put the observations and recommendations in perspective opinion in an engagement report is based upon their A. Use of statistical sampling techniques. overall implications. To some extent, the terms are interchangeable. B. Senior management interest in the engagement outcome. Answer (B) is incorrect. “Finding” is a synonym for “observation.” C. Auditee management assurances. “Conclusion” is a D. Auditor judgment. synonym for “opinion.” Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. “Finding” is a synonym for “observation.” (720 questions) “Opinion” is a Copyright 2013 Gleim Publications Inc. Page 338 synonym for “conclusion.” Printed for Sanja Knezevic Answer (D) is incorrect. “Opinion” is a synonym for “conclusion.” fb.com/ciaaofficial “Observation” is a Answer (A) is incorrect. Statistical sampling allows the auditor to synonym for “finding.” state the results of [611] Gleim #: 6.10.98 testwork with a certain level of confidence, but it is not a substitute “Three of six petty cash funds examined failed to contain either the for auditor correct amount of judgment. funds or sufficient documentation in lieu of funds, a 50% Answer (B) is incorrect. The level of interest of senior management noncompliance rate.” The in the engagement above statement is an example of a(n) must not affect the auditor’s judgment in drawing conclusions and A. Observation. stating opinions. B. Opinion. Answer (C) is incorrect. Assurances provided by auditee operating and financial controls. The auditor’s preliminary conclusion management are among is that controls many factors used by internal auditors as input into forming are adequately designed to achieve management’s operating and findings/observations and financial objectives. the resulting conclusions/opinions. The auditor’s next step is to Answer (D) is correct. Auditor judgment is the essential element in A. Present his/her findings to the chief audit executive. moving from a B. Prepare a preliminary report on internal controls for presentation finding/observation to a conclusion/opinion. No formula can tell an to the board. auditor whether a C. Report his/her results to the auditor in charge. certain exception rate is indicative of a working or failing control. D. Prepare a plan for testing internal controls. [613] Gleim #: 6.10.100 Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditor interviewed client personnel and obtained an (720 questions) understanding of the Copyright 2013 Gleim Publications Inc. Page 339 auditee department’s operations. The auditor then performed Printed for Sanja Knezevic testwork. The auditor’s Answer (A) is incorrect. The internal audit staffer presents his/her presentation of the results of the testwork will usually take the form of results to the a auditor in charge of the engagement, not to the chief audit executive. A. Finding. Answer (B) is incorrect. Preliminary results are not sufficient for the B. Conclusion. preparation of a C. Recommendation. report. Also, the internal audit staffer presents his/her results to the D. Meeting with senior management. auditor in charge of Answer (A) is correct. A finding (observation) is an objective the engagement, not to the board. statement of fact Answer (C) is correct. The auditor in charge of the engagement is about the results of audit testwork without interpretation or responsible for commentary. coordinating the results of audit work and ensuring that work Answer (B) is incorrect. A conclusion/opinion can only be drawn performed supports once the results conclusions and opinions. For this reason, internal audit staff must of testwork have taken the form of a finding/observation. report the results of Answer (C) is incorrect. A recommendation can only be prepared audit work to the auditor in charge. once a Answer (D) is incorrect. The auditor in charge must determine finding/observation has been formulated and a conclusion/opinion whether it is has been stated. appropriate to proceed with testing controls after reviewing the Answer (D) is incorrect. Unless the auditor has found evidence of internal audit staffer’s fraud or a results. control deficiency that requires immediate correction, meeting with [615] Gleim #: 7.1.2 senior The internal auditor has concluded that an engagement client’s management is not the appropriate next step. system of internal [614] Gleim #: 7.1.1 controls is inadequate to achieve management’s objectives. The An internal audit staffer has just completed an assessment of the most appropriate next engagement client’s step is to Test controls to determine whether they are functioning A. as working papers. designed. Answer (B) is incorrect. Working papers aid in the planning, B. Halt the engagement and issue a report about inadequate performance, and review controls. of engagements. C. Draw preliminary conclusions about internal control. Answer (C) is incorrect. Working papers provide the principal Contact the engagement client’s direct supervisor to recommend that support for results. the head of Answer (D) is correct. Engagement working papers generally (1) aid the department or function under audit is transferred or terminated. in planning, D. performance, and review of engagements; (2) provide the principal Answer (A) is incorrect. If controls are poorly designed, testing their support for operation is engagement results; (3) document whether engagement objectives most likely a poor use of audit resources. were achieved; Answer (B) is incorrect. A determination that internal controls are (4) support the accuracy and completeness of the work performed; inadequate is (5) provide a basis not sufficient grounds for halting a scheduled engagement. for the internal audit activity’s quality assurance and improvement Answer (C) is correct. Internal auditors gain an understanding of the program; and design of the (6) facilitate third-party review (PA 2330-1, para. 2). engagement client’s internal controls. The auditors then draw [617] Gleim #: 7.2.4 conclusions about An internal auditor’s working papers should support the observations, whether internal controls are designed adequately to achieve conclusions, management’s and recommendations to be communicated. One of the purposes of control objectives. this requirement is Answer (D) is incorrect. Advising on such personnel matters is not to an appropriate Provide support for the internal audit activity’s A. financial budget. internal audit function. B. Facilitate quality assurance reviews. [616] Gleim #: 7.2.3 C. Provide control over working papers. Which of the following does not describe one of the functions of Permit the audit committee to review observations, conclusions, and engagement working recommendations. papers? D. A. Facilitates third-party reviews. Answer (A) is incorrect. Financial budgets are based on the planned B. Aids in the planning, performance, and review of engagements. scope of C. Provides the principal support for engagement communications. internal audit work. D. Aids in the professional development of the operating staff. Answer (B) is correct. Engagement working papers, among other Gleim CIA Test Prep: Part 1 - Internal Audit Basics things, provide (720 questions) a basis for the internal audit activity’s quality assurance and Copyright 2013 Gleim Publications Inc. Page 340 improvement Printed for Sanja Knezevic program (PA 2330-1, para. 2). fb.com/ciaaofficial Answer (C) is incorrect. Control over working papers is obtained by Answer (A) is incorrect. The facilitation of third-party reviews is a other means. function of Answer (D) is incorrect. Audit committees rarely review the full draft C. of a final D. Comply with the Standards. engagement communication, much less the supporting working Answer (A) is correct. Engagement working papers, among other papers. things, aid in [618] Gleim #: 7.2.5 planning, performing, and reviewing the engagement (PA 2330-1, A working paper is complete when it para. 2). A. Complies with the internal audit activity’s format requirements. Answer (B) is incorrect. Working papers do not provide the means B. Contains all of the attributes of an observation. for C. Is clear, concise, and accurate. preparation of the financial statements. D. Satisfies the engagement objective for which it is developed. Answer (C) is incorrect. Documentation of control weaknesses is Answer (A) is incorrect. Format requirements are superficial and only one indicate only example of working paper content, not the primary purpose for them. that mechanical requirements have been met. They do not relate to Answer (D) is incorrect. The preparation of adequate working content. papers is a Answer (B) is incorrect. A working paper may relate to only a part of requirement of the Standards but is not the primary purpose for their an existence. observation. [620] Gleim #: 7.2.7 Answer (C) is incorrect. Clarity, concision, and accuracy are The internal auditor prepares working papers primarily for the benefit desirable of characteristics of working paper content. These qualities may be A. The external auditor. present although B. The internal audit activity. the working paper is not complete. C. The engagement client. Answer (D) is correct. Engagement working papers, among other D. Senior management. things, Answer (A) is incorrect. Benefits to the external auditor are document whether engagement objectives were achieved (PA 2330- secondary. 1, para. 2). Answer (B) is correct. Engagement working papers generally (1) aid Gleim CIA Test Prep: Part 1 - Internal Audit Basics in planning, (720 questions) performance, and review of engagements; (2) provide the principal Copyright 2013 Gleim Publications Inc. Page 341 support for Printed for Sanja Knezevic engagement results; (3) document whether engagement objectives [619] Gleim #: 7.2.6 were achieved; The primary purpose of an internal auditor’s working papers is to (4) support the accuracy and completeness of the work performed; Provide documentation of the planning and execution of engagement (5) provide a procedures basis for the internal audit activity’s quality assurance and performed. improvement program; A. and (6) facilitate third-party review (PA 2330-1, para. 2). Hence, they Serve as a means with which to prepare the financial B. statements. primarily Document weaknesses in internal control with recommendations to benefit internal auditors. management Answer (C) is incorrect. Benefits to the engagement client are for improvement. secondary. Answer (D) is incorrect. Benefits to senior management are Answer (D) is incorrect. Logical order is desirable but is not as secondary. fundamental as [621] Gleim #: 7.2.8 providing sufficient, reliable, relevant, and useful information. Which of the following is the most important if working papers are to [622] Gleim #: 7.2.9 have the The primary purpose of an engagement working paper prepared in characteristics that will ensure that they achieve their primary connection with purposes? payroll expense is to A. Working papers must be of standard format and standard content. Record payroll data and analyses to support reported A. Working papers must be properly indexed and cross-referenced to recommendations. the draft final B. Verify the work done by the internal auditor. engagement communication. C. Record the names of all employees. B. D. Provide documentation to support payroll taxes due. Working papers must provide sufficient, reliable, and useful Answer (A) is correct. Working papers document the information information to obtained, the support the engagement results. analyses made, and the support for the conclusions and C. engagement results (PA Working papers must be arranged in logical order following the 2330-1, para. 1). engagement work Answer (B) is incorrect. Verification of work done is a secondary program sequence. purpose. D. Answer (C) is incorrect. A list of employee names is but one part of Gleim CIA Test Prep: Part 1 - Internal Audit Basics the (720 questions) information required to support observations, conclusions, and Copyright 2013 Gleim Publications Inc. Page 342 recommendations. Printed for Sanja Knezevic Answer (D) is incorrect. Payroll expense, not payroll tax, is the fb.com/ciaaofficial subject of this Answer (A) is incorrect. Standard content is impossible. working paper. Engagements concern [623] Gleim #: 7.2.10 different subjects. Which of the following most completely describes the appropriate Answer (B) is incorrect. Indexing and cross-referencing are content of working desirable but are not as papers? fundamental as providing sufficient, reliable, relevant, and useful A. Engagement objectives, procedures, and conclusions. information. B. Engagement purposes, criteria, techniques, and Answer (C) is correct. Working papers document the information recommendations. obtained, the Engagement objectives, procedures, observations, conclusions, and analyses made, and the support for the conclusions and recommendations. engagement results (PA 2330- C. 1, para. 1). In turn, internal auditors must identify sufficient, reliable, D. Engagement subject, purposes, sampling information, and relevant, and analysis. useful information to achieve the engagement’s objectives (Perf. Std. Answer (A) is incorrect. Working papers should also include 2310). observations and recommendations. (4) support the accuracy and completeness of the work performed; Answer (B) is incorrect. This list describes means rather than ends. (5) provide a Answer (C) is correct. The primary purpose of working papers is to basis for the internal audit activity’s quality assurance and support the improvement program; observations, conclusions, and recommendations to be and (6) facilitate third-party review (PA 2330-1, para. 2). communicated. Hence, Answer (B) is incorrect. Many documents may be examined that they document the information obtained and the analyses made in prove to be arriving at the irrelevant to the engagement objectives. These documents need not foregoing results. The working papers also must document whether be included. the Answer (C) is incorrect. In many circumstances, the exact wording engagement objectives were achieved and the performance of of a procedure engagement is not needed to support an observation or recommendation. A procedures. Furthermore, working papers will contain engagement reference to the work programs procedure in the working papers may be adequate. (PA 2330-1, paras. 1 and 2). Answer (D) is incorrect. Some previous working papers may be Answer (D) is incorrect. Working papers should support all of the outdated. engagement However, parts of previous working papers may be included in results. current working Gleim CIA Test Prep: Part 1 - Internal Audit Basics papers subject to updating. (720 questions) [625] Gleim #: 7.2.12 Copyright 2013 Gleim Publications Inc. Page 343 The chief audit executive establishes policies for Printed for Sanja Knezevic A. Standardized working papers. [624] Gleim #: 7.2.11 B. Defining the hours available for individual engagements. Engagement working papers include C. Defining standardized tick marks and ensuring compliance with Providing a basis for evaluating the internal audit A. quality program. them. B. Copies of all source documents examined in the course of the Ensuring the written documentation of all conversations held engagement. throughout the C. Copies of all procedures that were reviewed during the engagement. engagement. D. All working papers prepared during a previous engagement Answer (A) is correct. The CAE establishes working paper policies performed in the same for the area. various types of engagements performed. Standardized engagement D. working Answer (A) is correct. Engagement working papers generally (1) aid papers, such as questionnaires and audit programs, may improve in planning, the engagement’s performance, and review of engagements; (2) provide the principal efficiency and facilitate the delegation of engagement work (PA support for 2330-1, para. 4). engagement results; (3) document whether engagement objectives Answer (B) is incorrect. The time devoted to an engagement were achieved; depends on its complexity and other unique circumstances. Answer (C) is incorrect. Defining standardized tick marks and Answer (A) is correct. Standardized engagement working papers, ensuring such as compliance with them is not required. questionnaires and audit programs, may improve the engagement’s Answer (D) is incorrect. Only conversations relevant to the efficiency and engagement must be facilitate the delegation of engagement work (PA 2330-1, para. 4). documented. Answer (B) is incorrect. Standard forms do not necessarily result in Gleim CIA Test Prep: Part 1 - Internal Audit Basics greater (720 questions) professionalism. Copyright 2013 Gleim Publications Inc. Page 344 Answer (C) is incorrect. Standard forms clearly reduce time spent in Printed for Sanja Knezevic workingpaper fb.com/ciaaofficial preparation but do not necessarily result in greater neatness. [626] Gleim #: 7.2.13 Answer (D) is incorrect. Standard forms do not necessarily result in An internal auditor’s working papers should be reviewed by the greater Management of the A. engagement client. accuracy. B. Management of the internal audit activity. [628] Gleim #: 7.3.15 C. Audit committee of the board. An adequately documented working paper should D. Management of the organization’s security division. A. Be concise but complete. Answer (A) is incorrect. The engagement client should seldom see, B. Follow a unique form and arrangement. much less C. Contain examples of all forms and procedures used by the review, working papers. engagement client. Answer (B) is correct. Internal auditors prepare working papers. D. Not contain copies of engagement client records. Internal audit Gleim CIA Test Prep: Part 1 - Internal Audit Basics management reviews the prepared working papers (PA 2330-1, (720 questions) para. 1). Copyright 2013 Gleim Publications Inc. Page 345 Answer (C) is incorrect. The audit committee will most likely review Printed for Sanja Knezevic summary Answer (A) is correct. Clarity, conciseness, and accuracy are communications, not working papers. desirable qualities of Answer (D) is incorrect. Management of the security division might working papers, but completeness and support for conclusions are be shown paramount working papers relevant to an investigation but does not have the considerations. status of a Answer (B) is incorrect. Working papers should be uniform and reviewer. consistent. [627] Gleim #: 7.2.14 Answer (C) is incorrect. Working papers should contain only Standardized working papers are often used, chiefly because they information related to an allow working engagement objective. papers to be prepared more Answer (D) is incorrect. Copies of engagement client records should A. Efficiently. be included B. Professionally. whenever necessary. C. Neatly. [629] Gleim #: 7.3.16 D. Accurately. An internal auditor prepared a working paper that consisted of a list auditor checked the ratios and other statistics in the four most recent of employee reports. The names and identification numbers as well as the following statement: internal auditor used scratch paper and copies of the reports to verify By matching random numbers with employee identification numbers, the accuracy of 40 employee computations and compared the data used in the computations with personnel files were selected to verify that they contain all supporting documents required by the documents. The internal auditor wrote a note for the working papers organization’s policy 501. No exceptions were noted. describing these The internal auditor did not place any tick marks on this working procedures and then discarded the scratch paper and report copies. paper. Which one of The note stated, the following changes will improve the internal auditor’s working The ratios and other statistics in the quarterly reports to the board paper the most? were checked for the Use of tick marks to show that each A. file was examined. last 4 quarters and appropriate supporting documents were B. Removal of the employee names to protect their confidentiality. examined. All amounts C. Justification for the sample size. appear to be appropriate. D. Listing of the actual documents examined for each employee. In this situation, Answer (A) is incorrect. Tick marks are not necessary. The same Four quarters do not provide a large enough sample on which to procedures were base a applied to all sample items, and no exceptions were detected. conclusion. Answer (B) is incorrect. Working papers are kept confidential, so A. removal of The internal auditor’s working papers are not sufficient to facilitate an employee names is unnecessary. efficient Answer (C) is correct. The working paper should fully document the review of the internal auditor’s work. use of B. statistical techniques. Thus, it should specify how the sample size for The internal auditor should have included the scratch paper in C. the this attribute working papers. sampling application was determined (factors such as confidence The internal auditor did not consider whether the information in the level, precision, report to the etc.) board was compiled efficiently. Answer (D) is incorrect. Reference to the organization’s policy is D. equivalent to Answer (A) is incorrect. The problem did not state or imply that listing the documents examined. sampling was Gleim CIA Test Prep: Part 1 - Internal Audit Basics used. (720 questions) Answer (B) is correct. The internal auditor’s working papers do not Copyright 2013 Gleim Publications Inc. Page 346 support the Printed for Sanja Knezevic conclusions and engagement results because they do not document fb.com/ciaaofficial the procedures [630] Gleim #: 7.3.17 and the information obtained. A reviewer cannot check the internal Productivity statistics are provided quarterly to the board of directors. auditor’s work An internal without obtaining additional copies of the quarterly reports and Answer (A) is correct. One potential use of engagement working independently papers is to provide recalculating the statistics. The review would be more efficient if the support in circumstances such as insurance claims, fraud cases, and internal lawsuits. Claims auditor had included the graphs in the working papers and had used analysis is appropriately included in the working papers because it tick marks permits assessment with explanations to show which computations were checked and to of the risks associated with the two key factors (equipment in use describe what and time spent by the internal auditor did to verify the amounts used in the employees at such equipment) leading to claims. computations. Answer (B) is incorrect. Confirmations of workers’ compensation Answer (C) is incorrect. Scratch paper is usually not suitable for claims fail to working papers. identify exposure to risks; they only support claims paid by the carrier Unorganized working papers are difficult to review and understand. under the Answer (D) is incorrect. The problem did not state or imply that an workers’ compensation policies. objective of Answer (C) is incorrect. Documentation supporting purchases of the engagement was to evaluate efficiency. personal computers [631] Gleim #: 7.3.18 cannot be expected to address risk assessments. Employees using personal computers have been reporting Answer (D) is incorrect. Listings of all personal computers in use occupational injuries and and the employees claiming substantial workers’ compensation benefits. The working using them fail to indicate the risks associated with the extent of papers of an usage and the type of engagement performed to determine the extent of the organization’s equipment. exposure to such [632] Gleim #: 7.3.19 personal injury liability should include Which of the following is an unnecessary feature of a working paper Analysis of claims by type of equipment and extent of use by prepared in individual connection with maintenance costs? employees. The internal auditor has initialed and dated the working paper as of A. the date Confirmations from insurance carriers as to claims paid under completed even though the working paper was prepared over the workers’ preceding 4 compensation policies in force. working days. B. A. C. Reviews of documentation supporting purchases of personal Total repair expense for the month preceding the engagement B. is computers. shown. D. Listings of all personal computers in use and the employees who The chief audit executive has initialed the working paper as reviewer use them. although the Gleim CIA Test Prep: Part 1 - Internal Audit Basics working paper was prepared by another person. (720 questions) C. Copyright 2013 Gleim Publications Inc. Page 347 Total acquisition cost of property, plant, and equipment for the Printed for Sanja Knezevic preceding month is shown. fb.com/ciaaofficial D. Answer (A) is incorrect. Program documentation is likely to change Answer (A) is incorrect. The date of completion and signature or each year and initials of the will require reevaluation during each engagement. internal auditor are important for control of the engagement. Answer (B) is incorrect. Auditor-prepared programs and test data Answer (B) is incorrect. The working papers concern maintenance are likely to change cost, and the each year and will require reevaluation for each engagement. amount for the month preceding the engagement is necessary for Answer (C) is incorrect. Prior year’s working papers revised to subsequent reflect changes in the period review. current year pertain to the current year’s engagement. Thus, they Answer (C) is incorrect. Working papers that document the should be contained engagement should in the current section of the working papers. be prepared by the internal auditor and reviewed by management of Answer (D) is correct. The permanent section of the working papers the internal should contain audit activity. the information necessary for continuing engagements. Answer (D) is correct. Because total acquisition cost of property, Administrative controls over plant, and the computer operations of each location, which are not likely to equipment is irrelevant to maintenance costs, this feature is change from year to unnecessary to year, are appropriately included in the permanent section of the support the observations, conclusions, and recommendations working papers. concerning these [634] Gleim #: 7.3.21 costs. Each individual working paper should, at a minimum, contain a(n) [633] Gleim #: 7.3.20 Expression of the internal auditor’s A. overall opinion. When performing an engagement to evaluate the computerized B. Tick mark legend. purchasing activities of C. Complete flowchart of the system of internal controls for the area a manufacturing organization, which of the following should be being reviewed. included in the D. Descriptive heading. permanent file portion of the engagement working papers? Answer (A) is incorrect. An expression of an opinion in the working A. Copies of the computer program documentation. papers is B. Printouts using internal auditor-prepared programs and test data. premature and an indicator of bias. C. Prior year’s working papers revised to reflect changes during the Answer (B) is incorrect. A tick mark legend should not appear on current year. each working Information concerning administrative controls over the computer paper. operations at Answer (C) is incorrect. A flowchart of internal controls will likely be each location. included D. in a working paper at the beginning of a significant engagement Gleim CIA Test Prep: Part 1 - Internal Audit Basics segment, but each (720 questions) working paper will not contain a flowchart. Copyright 2013 Gleim Publications Inc. Page 348 Answer (D) is correct. Each working paper must, at a minimum, Printed for Sanja Knezevic identify the engagement and describe the contents or purpose of the working Answer (D) is incorrect. The purpose of supervisory review of paper, for working papers is to example, in the heading. Also, each working paper should be signed determine that working papers adequately support observations, (initialed) conclusions, and and dated by the internal auditor and contain an index or reference recommendations. number. [636] Gleim #: 7.3.23 Furthermore, verification symbols (tick marks) are likely to appear on Internal auditors often include summaries within their working most papers. Which of the working papers and should be explained. following best describes the purpose of such summaries? [635] Gleim #: 7.3.22 Summaries are prepared to conform A. with the Standards. Engagement working papers are indexed by means of reference Summaries are usually required to complete each section of an numbers. The primary engagement work purpose of indexing is to program. A. Permit cross-referencing and simplify supervisory review. B. B. Support the final engagement communication. Summaries distill the most useful information from several working C. Eliminate the need for follow-up reviews. papers into a Determine that working papers adequately support observations, more usable form. conclusions, and C. recommendations. Summaries document that the internal auditor has considered all D. relevant Gleim CIA Test Prep: Part 1 - Internal Audit Basics information. (720 questions) D. Copyright 2013 Gleim Publications Inc. Page 349 Answer (A) is incorrect. Summaries are not required by the Printed for Sanja Knezevic Standards. Answer (A) is correct. Indexing permits cross-referencing. It is Answer (B) is incorrect. Summaries are not usually required by important because it engagement work simplifies supervisory review either during the engagement or programs. subsequently by creating Answer (C) is correct. Working papers document an engagement. a trail of related items through the working papers. It thus facilitates They contain preparation of the records of planning, the preliminary survey, the engagement final engagement communications, later engagements for the same work program, engagement client, the results of field work, and other related matters. Summaries help and internal and external assessments of the internal audit activity. to coordinate Answer (B) is incorrect. The working papers as a whole should working papers related to a subject by providing concise statements support the final of the most engagement communication. important information. Thus, they provide for an orderly and logical Answer (C) is incorrect. Follow-up is necessitated by engagement flow of client conditions, information and facilitate supervisory review. not the state of working papers. Answer (D) is incorrect. Summaries are not necessary to document that the internal auditor has considered all relevant information. information, but appropriately cross-referencing information in the [637] Gleim #: 7.3.24 working papers When engagement conclusions are challenged, the internal auditor’s assists in the factual rebuttal of challenges. factual rebuttal is [638] Gleim #: 7.3.25 best facilitated by Which of the following conditions constitutes inappropriate working- A. Summaries in the engagement work program. paper B. Pro forma working papers. preparation? C. Cross-referencing of the working papers. All forms and directives used by the engagement client are included D. Explicit procedures in the engagement work program. in the Gleim CIA Test Prep: Part 1 - Internal Audit Basics working papers. (720 questions) A. Copyright 2013 Gleim Publications Inc. Page 350 Flowcharts are included in B. the working papers. Printed for Sanja Knezevic C. Engagement observations are cross-referenced to supporting fb.com/ciaaofficial documentation. Answer (A) is incorrect. The engagement work program guides the D. Tick marks are explained in notes. collection of Answer (A) is correct. Performance Standard 2330 states that information, but appropriately cross-referencing information in the internal auditors working papers must document relevant information to support the conclusions and assists in the factual rebuttal of challenges. engagement Answer (B) is incorrect. Pro forma working papers save time in the results. Thus, working papers should be confined to information that information is material collection process by guiding the internal auditor to ensure that all and relevant to the engagement and the observations, conclusions, significant points and are covered. recommendations. Hence, forms and directives used by the Answer (C) is correct. Each working paper should have an index or engagement client reference number. should be included only to the extent they support the observations, Indexing permits cross-referencing, which simplifies supervisory conclusions, review either during and recommendations and are consistent with engagement the engagement or subsequently by creating an information trail of objectives. related items Answer (B) is incorrect. A graphic representation of the engagement through the working papers. It thus facilitates preparation of the final client’s engagement controls, document flows, and other activities is often vital for communication, later engagements involving the same client, internal understanding and external operations and is therefore a necessary part of the documentation. quality assessments, and factual rebuttal of challenges by clearly Answer (C) is incorrect. Cross-referencing is essential to the orderly identifying sources arrangement and locations of facts. and understanding of working papers and reduces duplication. Answer (D) is incorrect. The engagement work program guides the Answer (D) is incorrect. Tick marks are verification symbols that collection of should be standard throughout the engagement. They should be described in a Gleim CIA Test Prep: Part 1 - Internal Audit Basics note. (720 questions) Gleim CIA Test Prep: Part 1 - Internal Audit Basics Copyright 2013 Gleim Publications Inc. Page 352 (720 questions) Printed for Sanja Knezevic Copyright 2013 Gleim Publications Inc. Page 351 fb.com/ciaaofficial Printed for Sanja Knezevic [640] Gleim #: 7.3.27 [639] Gleim #: 7.3.26 XYZ Which type of working-paper summary is typically used to Bank Reconciliation consolidate numerical data June 30, Year 1 scattered among several schedules? (Amounts in currency units) Statistical A. summaries. Balance per bank (a) 16,482.97 B. Segment summaries. Deposits in transit (b) C. Results summaries. 6/29 2,561.14 D. Pyramid summaries. 6/30 1,572.28 4,133.42 Answer (A) is correct. Summarization of facts in the working papers Subtotal 20,616.39 is a means Outstanding checks of emphasizing important information, establishing perspective, (c) providing an 248 842.11 overview, aiding memory, training staff, facilitating supervisory 952 2,000.00 review, and 968 571.00 controlling engagements. By the use of indexing and cross- 969 459.82 referencing, summaries 970 714.25 4,587.18 may be used to relate different working papers that concern a given Subtotal 16,029.21 point. A Bank service charge 12.50 statistical summary condenses the related numerical information NSF check returned from engagement (d) work programs. 350.00 Answer (B) is incorrect. A segment summary is a narrative with Error on check #954 (14.00) respect to a Balance per books (e) To T/B 16,377.71 particular part of the engagement. It should appear at the beginning Legend: of each (a) Confirmed with bank -- see section of the working papers, which should be organized logically confirmation on W/P A-4. according to (b)Verified by tracing to July 15 the different objectives of the engagement. cutoff statement; traced to cash Answer (C) is incorrect. A results summary provides the significant receipts journal. facts about (c) Okay. engagement observations. (d)Examined supporting Answer (D) is incorrect. The term “pyramid summaries” is not documentation and traced to final meaningful in this disposition. context. (e) Footed total and compared with balance in general ledger. 6/29 2,561.14 This working paper will be considered deficient if which other 6/30 1,572.28 4,133.42 relevant engagement Subtotal 20,616.39 working paper is not cross-referenced and included in the cash Outstanding checks section of the workingpaper (c) file? 248 842.11 A. Petty cash count. 952 2,000.00 B. Confirmation of cash balance with bank. 968 571.00 C. Copies of deposit slips for deposits in transit. 969 459.82 D. Engagement client representation that the cash balance per 970 714.25 4,587.18 books was accurate. Subtotal 16,029.21 Answer (A) is incorrect. Petty cash is not relevant. This working Bank service charge 12.50 paper concerns NSF check returned cash in the bank. (d) Answer (B) is correct. Confirming the cash balance in the bank 350.00 account as of the Error on check #954 (14.00) end of the period is a standard engagement procedure. It provides Balance per books (e) To T/B 16,377.71 direct, Legend: externally generated information to support the reported cash (a) Confirmed with bank -- see amount. confirmation on W/P A-4. Answer (C) is incorrect. Under ordinary circumstances, copies of (b)Verified by tracing to July 15 deposit slips are cutoff statement; traced to cash not required as long as an adequate explanation of engagement receipts journal. procedures relative (c) Okay. to deposits in transit is provided. (d)Examined supporting Answer (D) is incorrect. The engagement client’s representation is documentation and traced to final not relevant disposition. when outside confirmation and analysis of cash records supports the (e) Footed total and compared with cash balance. balance in general ledger. Gleim CIA Test Prep: Part 1 - Internal Audit Basics A deficiency in this working paper is that (720 questions) A standardized cash reconciliation working A. paper was not used. Copyright 2013 Gleim Publications Inc. Page 353 B. All verification symbols were not properly explained. Printed for Sanja Knezevic C. Analytical review procedures were not performed. [641] Gleim #: 7.3.28 D. Cross-referencing of working papers was not accomplished. XYZ Answer (A) is incorrect. Efficiency can be achieved through Bank Reconciliation standardization; June 30, Year 1 however, not every working paper can be standardized. This working (Amounts in currency units) paper may Balance per bank (a) 16,482.97 be subject to standardization but is not inadequate in that respect. Deposits in transit (b) Answer (B) is correct. Each engagement working paper should B. contain a heading, Eliminate any cross-references to other working papers because the which usually consists of the name of the client’s organization or system is function, a title unclear. or description of the contents or purpose of the paper, and the date C. or period Provide a cross-referencing system that shows the relationship covered. Each working paper should be signed (initialed) and dated among by the internal observations, conclusions, recommendations, and the related facts. auditor and contain an index or reference number. Verification D. symbols (tick Answer (A) is incorrect. A full set of properly indexed and cross- marks) are also likely to appear on most working papers and should referenced be adequately working papers, not a separate analysis, is necessary. explained in a note. In this example, the explanation for tick mark (c) Answer (B) is incorrect. Proper cross-referencing avoids the need to does not memorize detail the procedures used to review outstanding checks. the locations of supporting information. Answer (C) is incorrect. Analytical procedures are usually not as Answer (C) is incorrect. Cross-references should be added, not relevant to the deleted. examination of cash as to other assets and liabilities. Answer (D) is correct. Cross-referencing is important because it Answer (D) is incorrect. Cross-referencing was accomplished. simplifies review Gleim CIA Test Prep: Part 1 - Internal Audit Basics either during the engagement or subsequently by creating a trail of (720 questions) related items Copyright 2013 Gleim Publications Inc. Page 354 through the working papers. It thus facilitates preparation of the final Printed for Sanja Knezevic engagement fb.com/ciaaofficial communication and later engagements for the same engagement [642] Gleim #: 7.3.29 client. During the working-paper review, an internal auditing supervisor [643] Gleim #: 7.3.30 finds that the Which of the following concepts distinguishes the retention of internal auditor’s observations are not adequately cross-referenced computerized audit to supporting documentation from the traditional hard copy form? documentation. The supervisor will most likely instruct the internal Analyses, conclusions, and recommendations are filed on electronic auditor to media and are Prepare a working paper to indicate that the full scope of the therefore subject to computer system controls and security engagement was procedures. carried out. A. A. Evidential support for all findings is copied and provided to local Familiarize him/herself with the sequence of working papers so that management (s)he will be during the closing conference and to each person receiving the final able to answer questions about the conclusions stated in the final report. engagement B. communication. Computerized data files can be used in computer C. audit D. Misplaces working papers occasionally. procedures. Answer (A) is incorrect. Continuous physical control of working Audit programs can be standardized to eliminate the need for a papers during preliminary survey fieldwork may be appropriate. at each location. Answer (B) is incorrect. Engagement clients may be shown working D. papers with Answer (A) is correct. The only difference between the the CAE’s approval. computerized audit Answer (C) is incorrect. Internal and external auditors commonly documentation and hard copy form is how the working papers are grant access to stored. each others’ work programs and working papers. Electronic audit documentation is saved either on disks or hard drive, Answer (D) is correct. The internal audit activity controls whereas engagement working hard copy is stored in a file cabinet. Unlike computerized audit papers and provides access to authorized personnel only (PA documentation, 2330.A1-1, para. 1). hard copies are not subject to computer controls and security By misplacing working papers occasionally, the internal auditor is procedures. thus violating Answer (B) is incorrect. Evidential support would be retained and the confidentiality concept. provided on [645] Gleim #: 7.4.32 the basis of the nature of the finding and not the media used for Working papers contain a record of engagement work performed and storing audit much documentation. confidential information. They are the property of the internal audit Answer (C) is incorrect. This capability is not an exclusive function activity, which is of responsible for their security. Which of the following is the most computerized audit documentation. important control Answer (D) is incorrect. Though the nature of the preliminary survey requirement for working papers? may change A. Allow access to working papers only to internal audit activity in some cases, the requirement for this phase of the audit is not personnel. eliminated by Provide for the protection of working papers at all times and to the computerized audit documentation. extent Gleim CIA Test Prep: Part 1 - Internal Audit Basics appropriate. (720 questions) B. Copyright 2013 Gleim Publications Inc. Page 355 Make the administrative section of the internal audit activity Printed for Sanja Knezevic responsible for the [644] Gleim #: 7.4.31 security of working papers. Which of the following actions constitutes a violation of the C. confidentiality concept D. Purge working papers periodically of materials that are considered regarding working papers? An internal auditor confidential. Takes working papers to his/her hotel A. room overnight. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Shows working papers on occasion to engagement clients. (720 questions) C. Allows the external auditor to copy working papers. Copyright 2013 Gleim Publications Inc. Page 356 Printed for Sanja Knezevic Answer (A) is correct. The working papers are essential to the fb.com/ciaaofficial proper functioning Answer (A) is incorrect. Working papers may be shown to of the internal audit activity. Among many other purposes, they engagement clients or document the others if engagement objectives will not be compromised. information obtained, the analyses made, and the support for the Answer (B) is correct. Working papers should always be properly conclusions and protected. During engagement results. Unauthorized changes or removal of the field work, they should be in the internal auditor’s physical information would possession or control or seriously compromise the integrity of the internal audit activity’s work. otherwise protected against fire, theft, or other disaster. For example, For this the internal reason, the chief audit executive must ensure that working papers auditor may use the engagement client’s safe or other security are kept secure. facilities. In the internal Answer (B) is incorrect. Engagement clients may be shown working auditing office, they should be kept in locked files and should be papers in formally signed out proper circumstances, for example, when client fraud is not an issue. when removed from the files. When others (government auditors, the Answer (C) is incorrect. A secondary objective is to facilitate external audit subsequent firm, etc.) review the working papers, the reviews should take place engagements in the same department. in the internal Answer (D) is incorrect. A secondary objective is to facilitate auditing office. Secure files should be provided for long-term storage, engagements by and itemized external auditors. records of their location should be maintained. When electronic Gleim CIA Test Prep: Part 1 - Internal Audit Basics working papers are (720 questions) placed online, computer system security measures should be similar Copyright 2013 Gleim Publications Inc. Page 357 to those used for Printed for Sanja Knezevic other highly sensitive information of the organization. [647] Gleim #: 7.4.34 Answer (C) is incorrect. This arrangement is awkward for working A fire destroyed a large portion of an organization’s inventory. papers needed at Management is filing the engagement site. an insurance claim and needs to use the internal auditors’ working Answer (D) is incorrect. Lack of relevance to future needs, not papers in preparing confidentiality, is the the claim. Management criterion for destruction of working papers. May not use the working papers in preparing A. the claim. [646] Gleim #: 7.4.33 May use the working papers in preparing the claim, but such use The primary objective of maintaining security over working papers is should be to approved by the chief audit executive. Prohibit unauthorized changes or removal A. of information. B. B. Prohibit engagement clients from seeing working papers. Should be precluded from preparing the claim, and this function C. Facilitate subsequent engagements in the same department. should be D. Facilitate engagements by external auditors. performed by the internal audit activity. C. May use the working papers in preparing the claim, but such use when their involvement in fraud is suspected. should be Answer (B) is incorrect. The working papers usually should not be approved by the organization’s external auditors. shown to D. engagement clients when internal auditor-client relations might Answer (A) is incorrect. Working papers may be used for “other thereby be business damaged or the engagement objectives compromised. purposes.” Answer (C) is incorrect. Access to noncontroversial matter may Answer (B) is correct. One potential use of engagement working nevertheless papers is to permit circumvention of engagement procedures. provide support in the organization’s pursuit of insurance claims, Answer (D) is correct. When the engagement objectives will not be fraud cases, and compromised, the internal auditor may show all or part of the working lawsuits. In such cases, management and other members of the papers to organization may the engagement client. For instance, the results of certain request access to engagement working papers. This access may be engagement procedures necessary to may be shared with the engagement client to encourage corrective substantiate or explain engagement observations and action. Thus, recommendations or to use working papers as well as drafts of engagement communications engagement documentation for other business purposes. The CAE may be reviewed should approve with engagement clients to verify their accuracy, completeness, and these requests. Accordingly, the insurance claim is an “other significance. business purpose,” But complete disclosure may permit circumvention of the internal and management may use the internal auditors’ working papers in auditors’ preparing the procedures, and working papers should never be shared with claim. engagement clients Answer (C) is incorrect. Management, not the internal audit activity, in fraud investigations. should Gleim CIA Test Prep: Part 1 - Internal Audit Basics prepare the insurance claim. (720 questions) Answer (D) is incorrect. The approval of external auditors is not Copyright 2013 Gleim Publications Inc. Page 358 needed. Printed for Sanja Knezevic [648] Gleim #: 7.4.35 fb.com/ciaaofficial The internal auditor is most likely to make working papers available [649] Gleim #: 7.5.36 to the Working papers should be disposed of when they are of no further engagement client when use. Retention A. Fraud is suspected. policies must B. The internal auditors have recorded specific damaging comments. Specify a minimum retention A. period of 3 years. C. The internal auditor considers the content noncontroversial. B. Be prepared by the audit committee. D. Engagement client comments are needed to evaluate significance C. Be approved by legal counsel. and accuracy. D. Be approved by the external auditor. Answer (A) is incorrect. Working papers are never shown to Answer (A) is incorrect. Working papers should not be retained for engagement clients an arbitrary period. The duration of retention is a function of usefulness, including These retention requirements must be consistent with the legal organization’s considerations. guidelines and any pertinent regulatory or other requirements Answer (B) is incorrect. The CAE must develop retention policies. (Impl. Std. 2330.A2). Although working papers pertaining to fraud Answer (C) is correct. The chief audit executive must develop investigations retention might be kept apart from others, no working paper will have to be requirements for engagement records, regardless of the medium in kept which each indefinitely. record is stored. These retention requirements must be consistent Answer (C) is incorrect. Approval by legal counsel is appropriate. with the Answer (D) is incorrect. Legal and contractual requirements may organization’s guidelines and any pertinent regulatory or other determine the requirements retention period. (Impl. Std. 2330.A2). Thus, approval by the organization’s legal Gleim CIA Test Prep: Part 1 - Internal Audit Basics counsel is (720 questions) appropriate. Copyright 2013 Gleim Publications Inc. Page 359 Answer (D) is incorrect. Retention policies need not be approved by Printed for Sanja Knezevic the external [651] Gleim #: 7.5.38 auditor. When current-file working papers are no longer of use to the internal [650] Gleim #: 7.5.37 audit activity, Which of the following states an inappropriate policy relating to the they should be retention of A. Destroyed. engagement working papers? B. Placed in the custody of the organizational legal department for A. Working papers should be disposed of when they have no further safekeeping. use. C. Transferred to the permanent file. B. Working papers prepared for fraud investigators should be D. Transferred to the custody of the engagement client for ease of retained indefinitely. future records. C. Working-paper retention schedules should be approved by legal Answer (A) is correct. Working papers should be destroyed after counsel. they have Working-paper retention schedules should consider legal and served their purpose. Any parts having continuing value should be contractual brought requirements. forward to current working papers or to the permanent file. D. Answer (B) is incorrect. If working papers are useful, they should be Answer (A) is incorrect. The duration of retention should be controlled determined by by the internal auditors. usefulness. Answer (C) is incorrect. Useless working papers should be Answer (B) is correct. The CAE must develop retention destroyed. requirements for Answer (D) is incorrect. Engagement clients should not have engagement records, regardless of the medium in which each record custody of is stored. confidential papers. [652] Gleim #: 7.5.39 The best description of the principal purpose for retaining working disclosure. papers is to C. A. Help perform the engagement in an orderly fashion. Documents revealing attorneys’ thought processes will be subject to B. Maintain the engagement work program for reuse in the next forced engagement. disclosure. C. Provide support for the final engagement communication. D. D. Provide a basis for supervisory review. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. An important but secondary purpose of (720 questions) working paper Copyright 2013 Gleim Publications Inc. Page 360 retention is orderly performance of engagements. Printed for Sanja Knezevic Answer (B) is incorrect. An important but secondary purpose of fb.com/ciaaofficial working paper Answer (A) is correct. Most of an organization’s records that are not retention is the reuse of work programs. protected by the Answer (C) is correct. Engagement working papers provide the attorney-client privilege may be accessible in criminal proceedings. principal support In noncriminal for the engagement results (PA 2330-1, para. 2). They should be proceedings, the issue of access is less clear (PA 2330.A1-2, para. retained after the 1). final engagement communication has been issued for a time that is Answer (B) is incorrect. The work product of attorneys, not auditors, consistent with is usually organizational guidelines and any pertinent regulatory or other protected. requirements. Answer (C) is incorrect. A mere expectation of confidentiality does Answer (D) is incorrect. An important but secondary purpose of not protect working paper records from disclosure if they are not subject to a legal privilege. retention is supervisory review. Answer (D) is incorrect. Documents revealing attorneys’ thought [653] Gleim #: 7.5.40 processes or An internal audit activity’s policies regarding engagement records strategies are usually privileged. should address such [654] Gleim #: 7.6.41 matters as their content, retention period, handling of access Which of the following tools would best give a graphical requests, and representation of a sequence responsibility for control and security. Which of the following of activities and decisions? statements relevant to A. Flowchart. the development of these policies is true? B. Control chart. Most records not protected by the attorney-client privilege are C. Histogram. accessible in D. Run chart. criminal proceedings. Answer (A) is correct. Flowcharting is an essential aid in the A. program B. The work product of the internal auditors is protected from development process that involves a sequence of activities and disclosure. decisions. A Records created with an expectation of confidentiality are protected flowchart is a pictorial diagram of the definition, analysis, or solution from of a problem in which symbols are used to represent operations, data system that a flowchart does. flow, equipment, Answer (D) is incorrect. A detailed narrative does not provide the etc. means of evaluating Answer (B) is incorrect. A control chart is used to monitor deviations complex operations that a flowchart does. from [656] Gleim #: 7.6.43 desired quality measurements during repetitive operations. Internal auditors often flowchart a control system and reference the Answer (C) is incorrect. A histogram is a bar chart showing flowchart to conformance to a narrative descriptions of certain activities. This is an appropriate standard bell curve. procedure to Answer (D) is incorrect. A run chart tracks the frequency or amount Determine whether the system meets established management A. of a given objectives. variable over time. B. Document that the system meets international auditing [655] Gleim #: 7.6.42 requirements. Which method of evaluating internal controls during the preliminary C. Determine whether the system can be relied upon to produce survey provides accurate information. the internal auditor with the best visual grasp of a system and a D. Gain the understanding necessary to test the effectiveness of the means for analyzing system. complex operations? Answer (A) is incorrect. To determine whether the system meets A. A flowcharting approach. established B. A questionnaire approach. management objectives, the auditor must perform more extensive C. A matrix approach. procedures. A D. A detailed narrative approach. flowchart is an aid to understanding the system. It does not provide Gleim CIA Test Prep: Part 1 - Internal Audit Basics evidence (720 questions) about the actual operating effectiveness of the system. Copyright 2013 Gleim Publications Inc. Page 361 Answer (B) is incorrect. International auditing standards do not Printed for Sanja Knezevic require the use of Answer (A) is correct. Flowcharts are graphical representations of flowcharts. the step-by-step Answer (C) is incorrect. To determine whether the system can be progression of transactions, including document (information) relied upon to preparation, produce accurate information, the auditor must perform more authorization, flow, storage, etc. Flowcharting allows the internal extensive auditor to analyze a procedures. A flowchart is an aid to understanding the system. It system and to identify the strengths and weaknesses of the does not provide purported internal controls evidence about the actual operating effectiveness of the system. and the appropriate areas of audit emphasis. Answer (D) is correct. Flowcharting is a pictorial method of Answer (B) is incorrect. A questionnaire approach provides only an analyzing and agenda for understanding the processes and procedures involved in operations, evaluation. whether Answer (C) is incorrect. A matrix approach does not provide the manual or computerized. Flowcharting is therefore useful in the visual grasp of the preliminary survey and in obtaining an understanding of internal control. It is also Answer (B) is incorrect. This information is not given in a flowchart. helpful in Answer (C) is incorrect. This information is not given in a flowchart. systems development. Answer (D) is correct. Flowcharts are graphical representations of [657] Gleim #: 7.6.44 the step-bystep An internal auditor develops a flowchart primarily to progression of transactions including document (information) A. Detect errors and irregularities. preparation, B. Analyze a system and identify internal controls. authorization, flow, storage, etc. Flowcharting allows the internal C. Determine functional responsibilities. auditor to D. Reduce the need for interviewing auditee personnel. analyze a system and to identify the strengths and weaknesses of Gleim CIA Test Prep: Part 1 - Internal Audit Basics the purported (720 questions) internal controls and the appropriate areas of audit emphasis. Copyright 2013 Gleim Publications Inc. Page 362 [659] Gleim #: 7.6.46 Printed for Sanja Knezevic Of the following, which is the most efficient source for an auditor to fb.com/ciaaofficial use to evaluate a Answer (A) is incorrect. Flowcharts only show where errors and company’s overall control system? irregularities might A. Control flowcharts. occur. B. Copies of standard operating procedures. Answer (B) is correct. Flowcharting is a tool commonly used to learn C. A narrative describing departmental history, activities, and forms what set of usage. procedures is supposed to be in effect in a control system. An D. Copies of industry operating standards. internal control Answer (A) is correct. Control flowcharting is a graphical means of flowchart is a pictorial diagram of documents and their processing representing and disposition the sequencing of activities and information flows with related control within the system. It is a basis for preliminary evaluation and is points. It followed by testing to provides an efficient and comprehensive method of describing see if the prescribed procedures are in effect and are working as relatively complex intended. activities, especially those involving several departments. Answer (C) is incorrect. Questionnaires are used to determine Answer (B) is incorrect. Copies of procedures and related forms do functional not provide responsibilities. an efficient overview of processing activities. Answer (D) is incorrect. Flowchart development usually requires Answer (C) is incorrect. A narrative review covering the history and asking questions of forms usage the auditee. of the department is not as efficient or comprehensive as [658] Gleim #: 7.6.45 flowcharting for the An auditor frequently uses flowcharts to determine whether there is purpose of communicating relevant information about controls. Satisfactory performance A. of an operation. Answer (D) is incorrect. Industry standards do not provide a picture B. Sufficient but not excessive personnel assigned to an operation. of existing C. Authority to meet the performance criteria. practice for subsequent audit activity. D. Inefficiency and lack of controls. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. This information is not given in a flowchart. (720 questions) Copyright 2013 Gleim Publications Inc. Page 363 documentation with a copy of the program flowchart. Prepare an Printed for Sanja Knezevic overview [660] Gleim #: 7.6.47 flowchart that links these details. A flowchart of process activities and controls may provide A. Information on where A. fraud could occur. Start with a shipment of goods and trace the transaction back B. Information on the extent of a past fraud. through the C. An indication of where fraud has occurred in a process. origination of the sales order as received from the sales D. No information related to fraud prevention. representative. Answer (A) is correct. Flowcharting is a pictorial method of analyzing B. and Start with the receipt of a sales order from a sales representative and understanding the processes and procedures involved in operations, “walk whether through” both the manual and computerized processing at manual or computerized. Flowcharting is therefore useful in the headquarters and the preliminary plant until the goods are shipped and billed. survey and in obtaining an understanding of internal control. It is also C. helpful in Obtain a copy of the plants’ systems flowchart for the sales process, systems development. Consequently, by indicating control interview weaknesses, flowcharts relevant personnel to determine if any changes have been made, show where fraud may occur. and then develop Answer (B) is incorrect. Flowcharts do not provide any evidence of an overview flowchart which will highlight the basic process. the extent of D. fraud. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Other procedures would be needed to (720 questions) detect where fraud Copyright 2013 Gleim Publications Inc. Page 364 has occurred. Printed for Sanja Knezevic Answer (D) is incorrect. Flowcharts provide evidence of where fraud fb.com/ciaaofficial may occur. Answer (A) is incorrect. The issue is the processing of sales orders, Flowcharts therefore help in prevention. not the system for [661] Gleim #: 7.6.48 making changes in the sales price data. The internal auditor wishes to develop a flowchart of (1) the process Answer (B) is incorrect. Starting with the completed transaction of receiving sales does not identify order information at headquarters, (2) the transmission of the data to processing steps in which documents or data were diverted and the plants to processed separately. generate the shipment, and (3) the plants’ processing of the Answer (C) is correct. The survey during the engagement planning information for shipment. phase helps the The internal auditor should internal auditor to become familiar with activities, risks, and controls Start with management’s decisions to set sales prices. Gather and to identify internal areas for audit emphasis. Flowcharting is a typical survey procedure, documentation on the approval process for changing sales prices. and the walkthrough Complement is a means of gathering information to be reflected in the flowchart. Answer (D) is incorrect. Processing steps that occur other than at Printed for Sanja Knezevic the plant level must Answer (A) is incorrect. The figure does not show physical media or also be considered. input/output [662] Gleim #: 7.6.49 procedures (manifestations of how the system works rather than The diamond-shaped symbol is commonly used in flowcharting to what it accomplishes). show or represent a Flowcharts depict these matters. Process or a single step in a procedure A. or program. Answer (B) is incorrect. The figure is a data flow diagram; it depicts B. Terminal output display. the flow of data C. Decision point, conditional testing, or branching. within and out of the system. Flowcharts show how input/output D. Predefined process. procedures are Answer (A) is incorrect. The rectangle is the appropriate symbol for conducted. a process or Answer (C) is correct. A data flow diagram shows how data flow to, a single step in a procedure or program. from, and within Answer (B) is incorrect. A terminal display is signified by a symbol a system and the processes that manipulate the data. similar to the Answer (D) is incorrect. The figure does not show how shape of a cathode ray tube. accountability is allocated in Answer (C) is correct. Flowcharts illustrate in pictorial fashion the the system. Accountability transfers are usually shown in flowcharts. flow of data, [664] Gleim #: 7.6.51 documents, and/or operations in a system. Flowcharts may (Refer to Figure CIA2_08_14.) summarize a system or This figure could be expanded to show the present great detail, e.g., as found in program flowcharts. The Edit checks used in preparing purchase orders A. from stock records. diamond-shaped B. Details of the preparation of purchase orders. symbol represents a decision point or test of a condition in a program C. Physical media used for stock records, the vendor file, and flowchart, purchase orders. that is, the point at which a determination must be made as to which D. Workstations required in a distributed system for preparing logic path purchase orders. (branch) to follow. Answer (A) is incorrect. A data flow diagram does not depict edit Answer (D) is incorrect. A predefined processing step is checks. represented by a Answer (B) is correct. A data flow diagram can be used to depict rectangle with double lines on either side. lower-level [663] Gleim #: 7.6.50 details as well as higher-level processes. A system can be divided (Refer to Figure CIA2_08_14.) into subsystems, This figure shows how and each subsystem can be further subdivided at levels of increasing A. Physical media are used in the system. detail. Thus, B. Input/output procedures are conducted. any process can be expanded as many times as necessary to show C. Data flow within and out of the system. the required D. Accountability is allocated in the system. level of detail. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Flowcharts, not data flow diagrams, show (720 questions) the physical Copyright 2013 Gleim Publications Inc. Page 365 media on which data such as stock records, the vendor file, and Answer (D) is incorrect. A systems flowchart should show both purchase orders manual and computer are maintained. processing. Answer (D) is incorrect. Flowcharts, not data flow diagrams, show [666] Gleim #: 7.6.53 the Graphical notations that show the flow and transformation of data workstations through which data pass and the sequence of activities. within a system or [665] Gleim #: 7.6.52 business area are called An internal auditor reviews and adapts a systems flowchart to A. Action diagrams. understand the flow of B. Program structure charts. information in the processing of cash receipts. Which of the following C. Conceptual data models. statements is D. Data flow diagrams. true regarding the use of such flowcharts? The flowcharts Answer (A) is incorrect. Action diagrams are process logic notations Show specific control procedures used, such as edit tests that are that implemented and combine graphics and text to support the definition of technical rules. batch control reconciliations. Answer (B) is incorrect. Program structure charts are graphical A. depictions of the B. Are a good guide to potential segregation of duties. hierarchy of modules or instructions in a program. C. Are generally kept up to date for systems changes. Answer (C) is incorrect. Conceptual data modules are independent D. Show only computer processing, not manual processing. definitions of Gleim CIA Test Prep: Part 1 - Internal Audit Basics the data requirements that are explained in terms of entities and (720 questions) relationships. Copyright 2013 Gleim Publications Inc. Page 366 Answer (D) is correct. Data flow diagrams show how data flow to, Printed for Sanja Knezevic from, and fb.com/ciaaofficial within the system and the processes that manipulate the data. A data Answer (A) is incorrect. A program flowchart will identify the specific flow diagram edit tests can be used to depict lower-level details as well as higher-level implemented. processes. A Answer (B) is correct. Systems flowcharts are overall graphic system can be divided into subsystems, and each subsystem can be analyses of the flow of further data and the processing steps in an information system. Accordingly, subdivided at levels of increasing detail. Thus, any process can be they can be used expanded as to show segregation of duties and the transfer of data between many times as necessary to show the required level of detail. different segments in the [667] Gleim #: 7.6.54 organization. In documenting the procedures used by several interacting Answer (C) is incorrect. The flowcharts are usually not kept up to departments the internal date for changes. auditor will most likely use a(n) Thus, the auditor will have to interview key personnel to determine A. Horizontal (or systems) flowchart. changes in B. Vertical flowchart. processing since the flowchart was developed. C. Gantt chart. D. Internal control questionnaire. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. A vertical flowchart is usually designed to (720 questions) provide for Copyright 2013 Gleim Publications Inc. Page 367 written descriptions. Printed for Sanja Knezevic Answer (B) is correct. A horizontal or systems flowchart depicts the Answer (A) is correct. Flowcharting is a useful tool for systems functions or development as well departments involved in a process successively from left to right. as understanding the internal control structure. A flowchart is a Thus, the steps pictorial diagram of the performed by a function or department are presented in the same definition, analysis, or solution of a problem in which symbols are column. A used to represent vertical flowchart displays step-by-step processes effectively, but it operations, data flow, equipment, etc. A systems flowchart provides does not an overall view of delineate the system’s components as well. By emphasizing the flow the inputs, processes, and outputs of a system, such as a set of of processing interacting departments. between departments or people, a horizontal flowchart more clearly Answer (B) is incorrect. A vertical flowchart does not highlight the shows any interaction inappropriate separation of duties and lack of independent checks on between departments. performance. Answer (C) is incorrect. A Gantt chart is not a tool for documenting Answer (C) is incorrect. A horizontal flowchart is usually shorter. procedures. Gantt Space for charts typically are used in industry as a method of recording written descriptions is not usually provided. progress toward goals for Answer (D) is incorrect. More of the flow of processing can be employees and machinery. depicted on one Answer (D) is incorrect. An internal control questionnaire does not page than in a vertical flowchart with written descriptions. highlight the [669] Gleim #: 7.7.56 interaction between departments. Engagement information is usually considered relevant when it is [668] Gleim #: 7.6.55 A. Derived through valid statistical sampling. Which of the following is a true statement comparing a horizontal B. Objective and unbiased. flowchart with a C. Factual, adequate, and convincing. vertical flowchart? D. Consistent with the engagement objectives. A horizontal flowchart provides more room for written descriptions Gleim CIA Test Prep: Part 1 - Internal Audit Basics that parallel (720 questions) the symbols. Copyright 2013 Gleim Publications Inc. Page 368 A. Printed for Sanja Knezevic A horizontal flowchart brings into sharper focus the assignment of fb.com/ciaaofficial duties and Answer (A) is incorrect. Whether sampling is appropriate and the independent checks on performance. results are valid are B. issues related to the determination of sufficiency and reliability rather A horizontal flowchart C. is usually longer. than relevance. D. A horizontal flowchart does not provide as broad a picture at a Answer (B) is incorrect. Objectivity and lack of bias do not ensure glance. that information will support observations and recommendations and be consistent the issues is logical is a matter of relevance. Information must be with the engagement relevant, but objectives. relevant information may not be sufficient. Answer (C) is incorrect. Sufficient information is factual, adequate, [671] Gleim #: 7.7.58 and convincing so Reliable information is that a prudent, informed person would reach the same conclusions Supportive of the engagement observations and consistent with the as the internal engagement auditor. objectives. Answer (D) is correct. Relevant information supports engagement A. observations and B. Helpful in assisting the organization in meeting prescribed goals. recommendations and is consistent with the objectives for the Factual, adequate, and convincing so that a prudent person would engagement reach the same (Inter. Std. 2310). conclusion as the internal auditor. [670] Gleim #: 7.7.57 C. To determine the sufficiency of information regarding interpretation of Competent and the best attainable through the use of appropriate a contract, an engagement internal auditor uses techniques. The best obtainable A. information. D. B. Subjective judgments. Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Objective evaluations. (720 questions) D. Logical relationships between information and issues. Copyright 2013 Gleim Publications Inc. Page 369 Answer (A) is incorrect. The best information attainable is reliable Printed for Sanja Knezevic but not Answer (A) is incorrect. Relevant information supports engagement necessarily sufficient. observations and Answer (B) is incorrect. An evaluation of the sufficiency of is consistent with engagement objectives. information requires Answer (B) is incorrect. Useful information assists the organization objective judgments. The “prudent, informed person” language states in meeting goals. an Answer (C) is incorrect. Sufficient information is factual, adequate, objectivity criterion. and convincing to Answer (C) is correct. Sufficient information is factual, adequate, a prudent person. and convincing Answer (D) is correct. Reliable information is the best attainable so that a prudent, informed person would reach the same information through conclusions as the the use of appropriate engagement techniques (Inter. Std. 2310). An auditor (Inter. Std. 2310). Since the internal auditor must avoid original document distortion by is the prime example of such information. personal feelings, prejudices, or interpretations, this judgment must [672] Gleim #: 7.7.59 be objective. When sampling methods are used, the concept of sufficiency of Answer (D) is incorrect. Whether the relationship between the information means information and that the samples selected provide Reasonable assurance that they are representative of the A. Answer (B) is incorrect. Competence is a characteristic of reliable sampled population. information. B. The best information that is reasonably obtainable. Answer (C) is incorrect. Relevant information supports engagement Reasonable assurance that the information has a logical relationship observations. to the Answer (D) is correct. Sufficient information is factual, adequate, engagement objective. and convincing C. so that a prudent, informed person would reach the same D. Absolute assurance that a sample is representative of the conclusions as the population. auditor (Inter. Std. 2310). Answer (A) is correct. Sufficient information is factual, adequate, Gleim CIA Test Prep: Part 1 - Internal Audit Basics and convincing (720 questions) so that a prudent, informed person would reach the same Copyright 2013 Gleim Publications Inc. Page 370 conclusions as the Printed for Sanja Knezevic auditor (Inter. Std. 2310). If properly designed and executed, a fb.com/ciaaofficial statistical sample is [674] Gleim #: 7.7.61 representative of the sampled population. In an operational audit, the internal auditors discovered an increase Answer (B) is incorrect. The best information reasonably obtainable in absenteeism. is reliable Accordingly, the chief audit executive decided to identify information information. about workforce Answer (C) is incorrect. The logical relationship indicates relevance. morale. To achieve this engagement objective, the internal auditors Answer (D) is incorrect. Cost-benefit considerations usually must understand preclude absolute that assurance. Morale cannot be A. reliably analyzed. [673] Gleim #: 7.7.60 B. Only outcomes that are directly quantifiable can be reliably Which of the following is an essential factor in evaluating the analyzed. sufficiency of Reliable information may be obtained about morale factors such as information? The information must job A. Be well documented and cross-referenced in the working papers. satisfaction. B. Be based on references that are considered competent. C. Bear a direct relationship to the observation and include all of the D. Morale is always proportional to compensation. elements of an Answer (A) is incorrect. Difficulty of analysis does not preclude observation. reliability. C. Answer (B) is incorrect. With proper engagement tools, even D. Be convincing enough for a prudent person to reach the same emotional decision. responses may be measured and analyzed reliably. Answer (A) is incorrect. Documentation and cross-referencing are Answer (C) is correct. Reliable information is the best information desirable but attainable have no specific relationship to any of the characteristics of through the use of appropriate engagement techniques (Inter. Std. information 2310). Such (sufficiency, reliability, relevance, and usefulness). information need not consist only of quantifiable outcomes, such as criteria or should work with management to develop such criteria. rates of Answer (B) is incorrect. Failure to hire a person from a minority workforce turnover and absenteeism. Reliable information may be group this year identified about is irrelevant without knowing the total hires for the period. such difficult-to-measure things as attitudes toward supervisors, Answer (C) is incorrect. An affirmative-action policy is clearly other workers, auditable. and compensation. For example, surveys may produce statistically Answer (D) is incorrect. This conclusion cannot be reached without valid knowledge information about job satisfaction. of the actual company policy. Answer (D) is incorrect. According to research and common human Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience, (720 questions) the availability of, for example, intrinsic awards (e.g., personal Copyright 2013 Gleim Publications Inc. Page 371 achievement) may Printed for Sanja Knezevic offset a low level of extrinsic awards (e.g., compensation). [676] Gleim #: 7.7.63 [675] Gleim #: 7.7.62 Reliable evidence is best defined as evidence that While testing a division’s compliance with company affirmative-action Is the A. best attainable. policies, an B. Is obtained by observing people, property, and events. auditor found that Is supplementary to other evidence already gathered and tends to 1. 5% of the employees are from minority groups. strengthen or 2. No one from a minority group has been hired in the past year. confirm it. The most appropriate conclusion for the auditor to reach is that C. A. Insufficient evidence exists of compliance with affirmative-action Proves an intermediate fact, or group of facts, from which still other policies. facts can be B. The division is violating the company’s policies. inferred. C. The company’s policies cannot be audited and hence cannot be D. enforced. Answer (A) is correct. Reliable information is the best information With 5% of its employees from minority groups, the division is attainable effectively through the use of appropriate engagement techniques (Inter. Std. complying. 2310). D. Information is reliable when the auditor’s results can be verified by Answer (A) is correct. Sufficient information is factual, adequate, others. and convincing Reliable information is also valid. It accurately represents the so that a prudent, informed person would reach the same observed conclusions as the phenomena. Information must be collected using reasonable efforts auditor (Inter. Std. 2310). Without knowledge of guidelines for subject to compliance, the such inherent limitations as the cost-benefit constraint. Accordingly, auditor cannot draw a reasonable conclusion given the insufficiency internal of the facts. auditors employ efficient methods, e.g., statistical sampling and Hence, the auditor must determine whether management has analytical established adequate auditing procedures. Answer (B) is incorrect. Physical evidence is obtained by observing Answer (B) is correct. The bank deposits can be verified by people, examining bank property, and events. Physical evidence is not necessarily reliable. In statements obtained directly from the bank. Information obtained fact, the from an independent quality of reliability is more often associated with documentary source is usually more reliable than information secured solely within evidence. the entity. Answer (C) is incorrect. Corroborative evidence is supplementary to Moreover, it is obviously relevant to the issue of whether cash other receipts are deposited evidence already gathered and tends to strengthen or confirm it. intact. A reasonable internal auditor should judge that the Although comparison of the corroborative evidence may be reliable, much reliable evidence is organization’s records with independently obtained bank statements primary rather is persuasive of than supplementary. the proposition that cash receipts are not deposited intact. Thus, the Answer (D) is incorrect. Circumstantial evidence proves an information is also intermediate fact, or sufficient. group of facts, from which still other facts can be inferred. Answer (C) is incorrect. The information is sufficient, reliable, and Circumstantial relevant. evidence is not necessarily reliable. Answer (D) is incorrect. The information is sufficient and reliable. [677] Gleim #: 7.7.64 [678] Gleim #: 7.8.65 While performing an engagement relating to an organization’s cash What characteristic of information is satisfied by an original signed controls, the document? internal auditor observed that cash deposits are not deposited intact A. Sufficiency. daily. A B. Reliability. comparison of a sample of cash receipts lists revealed that each C. Relevance. cash receipt list D. Usefulness. equaled cash journal entry amounts but not daily bank deposits Answer (A) is incorrect. Sufficient information is factual, adequate, amounts, and cash and receipts list totals equaled bank deposit totals in the long run. This convincing. The information contained on the document may be information as none of those support for the internal auditor’s observations is things. A. Sufficient but not reliable or relevant. Answer (B) is correct. Reliable information is the best information B. Sufficient, reliable, and relevant. attainable C. Not sufficient, reliable, or relevant. through the use of appropriate engagement techniques (Inter. Std. D. Relevant but not sufficient or reliable. 2310). An Gleim CIA Test Prep: Part 1 - Internal Audit Basics original document is the prime example of such information. (720 questions) Answer (C) is incorrect. Relevance concerns the relationship of the Copyright 2013 Gleim Publications Inc. Page 372 information Printed for Sanja Knezevic to some objective of the engagement. No engagement objective is fb.com/ciaaofficial disclosed in the Answer (A) is incorrect. The information is reliable and relevant. question. Thus, whether the information on the document is relevant Answer (C) is incorrect. The information is not sufficient. Hence, it to the cannot be investigation cannot be determined. conclusive. The inherent limitations of this engagement require that Answer (D) is incorrect. Usefulness is achieved if the item helps the internal auditors organization rely on information that is merely persuasive rather than convincing (the internal auditor, in this case) to accomplish predetermined goals. beyond all doubt. No such Answer (D) is correct. Sufficient information is factual, adequate, goals are specified. and convincing so [679] Gleim #: 7.8.66 that a prudent, informed person would reach the same conclusions An internal auditor is evaluating the advertising function. The as the auditor organization has (Inter. Std. 2310). Sufficiency is based on the internal auditor’s engaged a medium-sized local advertising agency to place professional judgment advertising in magazine as to the amounts, kinds, and persuasiveness of information publications. As part of the review of the engagement working required. Testimony from papers, the internal individuals who may be neither objective nor knowledgeable is auditing supervisor is evaluating the information collected. The unlikely to be internal auditor sufficient. reviewed the language in the advertising for its legality and [680] Gleim #: 7.8.67 compliance with fair trade An internal auditor has set an engagement objective of determining regulations by interviewing the organization’s advertising manager, whether all cash the product receipts are deposited intact daily. To satisfy this objective, the marketing director (who may not have been objective), and five of the internal auditor organization’s interviewed the controller who gave assurances that all cash receipts largest customers (who may not have been knowledgeable). The are deposited as supervisor can soon as is reasonably possible. As information that can be used to justifiably conclude that the information is satisfy the stated A. Reliable. engagement objective, the controller’s assurances are B. Irrelevant. Sufficient but not reliable A. or relevant. C. Conclusive. B. Sufficient, reliable, and relevant. D. Insufficient. C. Not sufficient, reliable, or relevant. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Relevant but not sufficient or reliable. (720 questions) Answer (A) is incorrect. The information is not sufficient or reliable. Copyright 2013 Gleim Publications Inc. Page 373 Answer (B) is incorrect. The information is relevant but not sufficient Printed for Sanja Knezevic or reliable. Answer (A) is incorrect. The advertising director and the product Answer (C) is incorrect. The information is relevant. marketing director Answer (D) is correct. Internal auditors must identify sufficient, are not objective. reliable, relevant, Answer (B) is incorrect. The information is relevant but not and useful information to achieve engagement objectives (Perf. Std. sufficient. 2310). Relevant information supports engagement observations and requested, not sold. recommendations Answer (B) is incorrect. This memorandum is an uncorroborated and is consistent with the objectives for the engagement. Sufficient statement. information is Answer (C) is incorrect. A/R records showing cash collections from factual, adequate, and convincing so that a prudent, informed person the customer are would reach less direct than the shipping document and invoice and provide only the same conclusions as the auditor. Reliable information is the best circumstantial information support regarding the validity of the sale. attainable through the use of appropriate procedures (Inter. Std. Answer (D) is correct. Reliable information is the best information 2310). The attainable through controller’s assurance is relevant because it pertains to the cash the use of appropriate engagement techniques (Inter. Std. 2310). receipts. However, Information is it lacks reliability because it was not obtained from an independent ordinarily more reliable if it is obtained from a source independent of source. the client. The Furthermore, the information is not sufficient because, by itself, it shipping document and invoice provide direct information that the does not sale was made, and provide a reasonable basis for a conclusion. the bill of lading is externally generated documentation that the [681] Gleim #: 7.8.68 merchandise was In deciding whether recorded sales are valid, which of the following shipped. items of [682] Gleim #: 7.8.69 information is most reliable? The chief audit executive is reviewing some of the basic concepts A. A copy of the customer’s purchase order. inherent in the A memorandum from the director of the shipping department stating performance of an engagement with three internal auditors who are that another on a rotation employee verified the personal delivery of the merchandise to the assignment. After 6 months in the internal audit activity, they will customer. move back to line B. positions. Each of them has fairly extensive organizational C. Accounts receivable records showing cash collections from the experience and is on a fast customer. track to a high-level management line position. To develop their The shipping document, independent bill of lading, and the invoice analytical decisionmaking for the abilities, the CAE pulls some old engagement working papers, merchandise. holding back D. the review notes and clearing comments. The CAE asks the team to Gleim CIA Test Prep: Part 1 - Internal Audit Basics indicate the (720 questions) informational criteria that are violated. During the planning stage of Copyright 2013 Gleim Publications Inc. Page 374 an engagement, Printed for Sanja Knezevic the internal auditor made an on-site observation of the vehicle fb.com/ciaaofficial maintenance Answer (A) is incorrect. The customer’s purchase order only proves department and included the following statement in a memorandum that the item was summary of the results: The chief audit executive is reviewing some of the basic concepts “We noted that several maintenance garages were deteriorating inherent in the badly. Fencing around performance of an engagement with three internal auditors who are the property was in need of repair.” on a rotation Which of the following informational criteria, if any, is violated? assignment. After 6 months in the internal audit activity, they will A. Sufficiency. move back to line B. Reliability. positions. Each of them has fairly extensive organizational C. Relevance. experience and is on a fast D. No criteria are violated. track to a high-level management line position. To develop their Answer (A) is incorrect. The sufficiency criterion has not been analytical decisionmaking violated. Physical abilities, the CAE pulls some old engagement working papers, observation by the internal auditor is sufficient to determine holding back deterioration and the review notes and clearing comments. The CAE asks the team to need for repairs. indicate the Answer (B) is incorrect. The reliability criterion has not been informational criteria that are violated. The organization’s inventories violated. On-site are under the observation is an appropriate technique to determine deterioration administration of three production managers. The internal auditors and needed perform a standard repairs. limited test of finished goods inventory balances every year. During Answer (C) is incorrect. The relevance criterion has not been this year’s violated. The engagement concerning inventories, the internal auditors noted information obtained by the internal auditor supports observations finished goods about the inventories were abnormally high, sales were consistent with prior physical condition of the department. years, and returns Answer (D) is correct. The observations made about the vehicle and allowances appeared normal. The internal auditors performed maintenance the usual random department contain sufficient information (factual, adequate, and sample recount of several finished goods inventory cards without convincing so discrepancy and then that a prudent, informed person would reach the same conclusions) extended the testing to include 10 raw materials and 10 work-in- that is reliable process cards, noting (the best attainable through the use of appropriate engagement no exceptions. The following statement was included in the techniques) and engagement working relevant (supports engagement observations and recommendations papers: and is “Our standard test of finished goods inventories revealed no consistent with the objectives for the engagement) (Inter. Std. 2310). exceptions to the Gleim CIA Test Prep: Part 1 - Internal Audit Basics inventory count. We extended our tests this year to include both raw (720 questions) materials and Copyright 2013 Gleim Publications Inc. Page 375 work-in-process without exception. At the time of our engagement, Printed for Sanja Knezevic the supervising [683] Gleim #: 7.8.70 inventory managers were not available; however, the division assignment. After 6 months in the internal audit activity, they will secretary indicated that move back to line performance standards were on file. It appears that there is adequate positions. Each of them has fairly extensive organizational awareness and experience and is on a fast understanding of the performance standards.” track to a high-level management line position. To develop their Which of the following informational criteria is not violated? analytical decisionmaking A. Sufficiency. abilities, the CAE pulls some old engagement working papers, B. Reliability. holding back C. Relevance. the review notes and clearing comments. The CAE asks the team to D. All criteria are violated. indicate the Answer (A) is incorrect. The criterion of sufficiency has been informational criteria that are violated. The organization is required to violated. comply with Answer (B) is incorrect. The criterion of reliability has been violated. certain specific standards related to environmental issues. One of Answer (C) is incorrect. The criterion of relevance has been these standards violated. requires that certain hazardous chemicals be placed in certified Answer (D) is correct. The conclusion violates the criteria of containers for sufficiency, shipment to a governmental disposal site. The container must bear reliability, and relevance. The sufficiency criterion is violated because an inspection seal recounting signed within the last 90 days by a governmental inspector. Based several inventory items is insufficient given the abnormally high on the following inventory. The tests, the internal auditor concluded that the organization was in reliability criterion is violated because the performance standard compliance for the information is engagement period: not the best attainable. The internal auditors should interview Determine from each chemical loading supervisor that compliance inventory managers requirements to determine their awareness and understanding of the performance are understood. standards. The I. relevance criterion is violated because the information related to raw Inspect sealed containers for evidence II. of leakage. materials and III. Ask chemical loading personnel about procedures performed. work-in-process does not pertain to the finished goods inventory. Which of the following informational criteria, if any, is violated? Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. Sufficiency. (720 questions) B. Reliability. Copyright 2013 Gleim Publications Inc. Page 376 C. Relevance. Printed for Sanja Knezevic D. No criteria are violated. fb.com/ciaaofficial Answer (A) is correct. Sufficient information is factual, adequate, [684] Gleim #: 7.8.71 and convincing The chief audit executive is reviewing some of the basic concepts so that a prudent, informed person would reach the same inherent in the conclusions as the performance of an engagement with three internal auditors who are internal auditor (Inter. Std. 2310). These tests are insufficient on a rotation because the internal auditor did not determine that each container had an inspection seal Direct observation of various advertising 2. media used signed within 3. Review of a marketing survey of general public reaction to the the last 90 days. marketing plan Answer (B) is incorrect. The information is reliable. It is the best Which of the following informational criteria, if any, is violated? information A. Sufficiency. attainable through the use of appropriate engagement techniques. B. Reliability. Answer (C) is incorrect. The information is relevant. It supports C. Relevance. engagement D. No criteria are violated. observations and recommendations and is consistent with the Answer (A) is incorrect. The sufficiency criterion has not been objectives for the violated. The engagement. analytical comparison, direct observation, and review of the market Answer (D) is incorrect. The sufficiency criterion was violated. survey Gleim CIA Test Prep: Part 1 - Internal Audit Basics provide sufficient information about the effectiveness and validity of (720 questions) expenditures. Copyright 2013 Gleim Publications Inc. Page 377 Answer (B) is incorrect. The reliability criterion has not been Printed for Sanja Knezevic violated. Analysis, [685] Gleim #: 7.8.72 observation, and review by the internal auditors are all methods of The chief audit executive is reviewing some of the basic concepts obtaining inherent in the competent information. performance of an engagement with three internal auditors who are Answer (C) is incorrect. The relevance criterion has not been on a rotation violated. The assignment. After 6 months in the internal audit activity, they will analytical comparisons, direct observations, and review of the move back to line marketing survey positions. Each of them has fairly extensive organizational are all types of information pertinent to the evaluation of the experience and is on a fast marketing track to a high-level management line position. To develop their expenditures. analytical decisionmaking Answer (D) is correct. The identified information is sufficient (factual, abilities, the CAE pulls some old engagement working papers, adequate, holding back and convincing so that a prudent, informed person would reach the the review notes and clearing comments. The CAE asks the team to same indicate the conclusions), reliable (the best attainable through the use of informational criteria that are violated. In an engagement to evaluate appropriate the effectiveness engagement techniques), and relevant (supports engagement and validity of a subsidiary’s marketing expenditures, the internal observations and auditors identified recommendations and is consistent with the objectives for the the following information: engagement) Analytical comparisons of advertising expenditures and changes in (Inter. Std. 2310). shopping Gleim CIA Test Prep: Part 1 - Internal Audit Basics patterns and item sales (720 questions) 1. Copyright 2013 Gleim Publications Inc. Page 378 Printed for Sanja Knezevic Answer (B) is incorrect. The reliability criterion has not been fb.com/ciaaofficial violated, although [686] Gleim #: 7.8.73 the sufficiency criterion has been violated. The chief audit executive is reviewing some of the basic concepts Answer (C) is incorrect. Although the relevance criterion has been inherent in the violated, the performance of an engagement with three internal auditors who are reliability criterion has not been violated. on a rotation Answer (D) is incorrect. The sufficiency and relevance criteria have assignment. After 6 months in the internal audit activity, they will been move back to line violated. positions. Each of them has fairly extensive organizational [687] Gleim #: 7.8.74 experience and is on a fast Management is investigating the acquisition of an upgraded version track to a high-level management line position. To develop their of the existing analytical decisionmaking client-server system to increase the system’s capacity. Management abilities, the CAE pulls some old engagement working papers, has requested that holding back the internal auditor perform an operational engagement to determine the review notes and clearing comments. The CAE asks the team to the efficiency of indicate the the existing computer processing resource. What is the most relevant informational criteria that are violated. In an engagement performed source of at the information to meet the engagement objective? organization’s real estate development subsidiary, the engagement A. A survey of current user satisfaction. objective was to A review of computer job log records, listings of scheduled jobs, and determine that capitalized land improvements had been assigned computer equally to all down-time. developed lots. The internal auditors identified the following B. information: C. A comparison of server capacity with desktop computer capacity. Independent appraisals 1. of all lot values D. A detailed analysis of hard drive growth over the last 3 years. 2. Sales records for similar subdivision lots Gleim CIA Test Prep: Part 1 - Internal Audit Basics 3. An analysis of market values of each lot (720 questions) Which of the following informational criteria, if any, are violated? Copyright 2013 Gleim Publications Inc. Page 379 A. Sufficiency and relevance. Printed for Sanja Knezevic B. Reliability and sufficiency. Answer (A) is incorrect. User satisfaction surveys are subjective and C. Relevance and reliability. are not directly D. No criteria are violated. related to efficient use of the hardware resources. Answer (A) is correct. The conclusion violates the criteria of Answer (B) is correct. Reviewing job logs, job schedules, and sufficiency and documentation of relevance. The sufficiency criterion is violated because information computer down-time provides an objective record of actual hardware about cost usage. The allocation is missing. The relevance criterion is violated because the internal auditor may also wish to consider such matters as information percentage usage of the identified does not pertain to the objective. CPU by time of day, the number of online transactions per hour by D. Records of inventories stored at off-site locations. time of day, Gleim CIA Test Prep: Part 1 - Internal Audit Basics average and peak response times by time of day, and average and (720 questions) peak batch job Copyright 2013 Gleim Publications Inc. Page 380 turnaround time by time of day. Printed for Sanja Knezevic Answer (C) is incorrect. This comparison does not address the fb.com/ciaaofficial engagement objective. Answer (A) is incorrect. Although informative, monthly gross profit Answer (D) is incorrect. The growth of hard drive use only and inventory addresses a portion of the levels have no bearing on legal ownership. engagement objective. Answer (B) is incorrect. Purchase orders represent a commitment to [688] Gleim #: 7.8.75 purchase, not In testing the write-off of a deteriorated piece of equipment, the best legal ownership. information about Answer (C) is correct. Mere possession of inventory does not signify the condition of the equipment is that another The equipment manager’s statement regarding A. condition. party does not have a claim to it. For example, the inventory may be B. Accounting records showing maintenance and repair costs. held on C. A physical inspection of the actual piece of equipment. consignment. Payment of vendor invoices is the culmination of the D. The production department’s equipment downtime report. purchases-payables Answer (A) is incorrect. The equipment manager’s statement cycle. The paid invoice evidences the purchaser’s ownership of the regarding inventory. condition, standing alone, is not conclusive. Answer (D) is incorrect. Records of inventories stored at off-site Answer (B) is incorrect. Accounting records are less persuasive locations verify the than the internal existence of the inventory, not legal ownership. auditor’s direct observation. [690] Gleim #: 7.9.77 Answer (C) is correct. The most reliable form of engagement During interviews with the inventory management personnel, an information is that internal auditor obtained through the internal auditor’s direct experience. Thus, a learned that salespersons often order inventory for stock without physical receiving the inspection provides the best information about the current condition approval of the vice president of sales. Also, detail testing showed of equipment. that there are no Answer (D) is incorrect. Internal reports are less persuasive than the written approvals on purchase orders for replacement parts. The internal results of detail auditor’s direct observation. testing are a good example of [689] Gleim #: 7.8.76 Indirect A. information. The most reliable information an internal auditor can assess when B. Circumstantial information. determining an C. Corroborative information. organization’s legal title to inventories is D. Subjective information. A. Monthly gross profit and inventory levels. Answer (A) is incorrect. Detail testing provides direct information B. Purchase orders. that the C. Paid vendor invoices. approvals were not received. Indirect information establishes physical existence, subsequent events, subsidiary records, and immediately related testimony by the facts from which the main fact may be inferred. engagement client and third parties. Oral or written statements (e.g., Answer (B) is incorrect. Circumstantial information tends to prove a letters to the fact by internal auditor) derived from inquiries or interviews are testimonial proving other events or circumstances that afford a basis for a information. reasonable Answer (C) is incorrect. Documentary information exists in some inference of the occurrence of the fact. Thus, it is also indirect permanent form, information. such as checks, invoices, shipping records, receiving reports, and Answer (C) is correct. Corroborative information is evidence from a purchase orders. It different includes both external information, e.g., bills of lading received by the source that supplements and confirms other information. For engagement example, oral client from common carriers, and documents originating within the testimony that a certain procedure was not performed may be engagement corroborated by the client’s organization. absence of documentation. Answer (D) is incorrect. Analytical information is derived from the Answer (D) is incorrect. Subjective information is opinion-oriented study and and is not comparison of relationships among data. dependable for reaching engagement conclusions. No subjective [692] Gleim #: 7.9.79 information is The chief audit executive is reviewing the working papers produced present in this situation. by an internal [691] Gleim #: 7.9.78 auditor during a fraud investigation. Among the items contained in A letter to the internal auditor in response to an inquiry is an example the working papers of which type of is a description of an item of physical information. Which of the information? following is the most A. Physical. probable source of this item of information? B. Testimonial. Observing A. conditions. C. Documentary. B. Interviewing people. D. Analytical. C. Examining records. Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Computing variances. (720 questions) Answer (A) is correct. Physical information results from the Copyright 2013 Gleim Publications Inc. Page 381 verification of the Printed for Sanja Knezevic actual existence of things, activities, or individuals by observation, Answer (A) is incorrect. Physical information results from the inspection, or verification of the count. It may take the form of photographs, maps, charts, or other actual existence of something by observation, inspection, or count. depictions. Answer (B) is correct. Information may consist of authoritative Answer (B) is incorrect. Interviewing produces testimonial documentation, information. calculations by the internal auditor, internal control, interrelationships Answer (C) is incorrect. The examination of records requires among the data, documentary information and produces analytical information. A page of the internal auditor’s working papers containing the Answer (D) is incorrect. Computations and verifications lead to computations that analytical demonstrate the existence of an error or irregularity. information. D. [693] Gleim #: 7.9.80 Answer (A) is incorrect. Photographic information is physical. An internal auditor takes a photograph of the engagement client’s Answer (B) is incorrect. Statements received in response to workplace. The inquiries or photograph is a form of what kind of information? interviews are testimonial. A. Physical. Answer (C) is correct. Documentary information exists in some B. Testimonial. permanent form, C. Documentary. such as checks, invoices, shipping records, receiving reports, and D. Analytical. purchase orders. Gleim CIA Test Prep: Part 1 - Internal Audit Basics It includes both external information, e.g., shipping documents (720 questions) provided by Copyright 2013 Gleim Publications Inc. Page 382 carriers, and documents originating within the engagement client’s Printed for Sanja Knezevic organization. fb.com/ciaaofficial Answer (D) is incorrect. The study and comparison of relationships Answer (A) is correct. Physical information results from the among data verification of the actual results in analytical information. existence of things, activities, or individuals by observation, [695] Gleim #: 7.9.82 inspection, or count. It The internal auditor for a construction contractor finds materials costs may take the form of photographs, maps, charts, or other depictions. increasing as a Answer (B) is incorrect. Testimonial information consists of oral or percentage of billings and suspects that materials billed to the written organization are being statements derived from inquiries or interviews. delivered to another contractor. What type of information will best Answer (C) is incorrect. Documentary information consists of letters, enable the internal memoranda, auditor to determine whether erroneous billings occurred? invoices, shipping and receiving reports, etc. A. Documentary. Answer (D) is incorrect. Analytical information is derived from a B. Physical examination. study and C. Confirmation. comparison of the relationships among data. D. Analytical. [694] Gleim #: 7.9.81 Gleim CIA Test Prep: Part 1 - Internal Audit Basics Which of the following is an example of documentary information? (720 questions) A photograph of an engagement A. client’s workplace. Copyright 2013 Gleim Publications Inc. Page 383 B. A letter from a former employee alleging a fraud. Printed for Sanja Knezevic A page of the general ledger containing irregularities placed there by Answer (A) is correct. Documentary information exists in some the permanent form, such perpetrator of a fraud. as checks, invoices, shipping records, receiving reports, and C. purchase orders. It includes both external information, e.g., shipping documents Answer (B) is correct. Analytical information obtained by determining provided by carriers, and employee documents originating within the engagement client’s organization. participation in optional programs is the most persuasive. Actual By matching participation invoices received from vendors with receiving documents prepared requires an affirmative act that strongly suggests a positive employee by organizational evaluation personnel, the nonreceipt of items billed to the organization can be of a program. detected. Also, the Answer (C) is incorrect. Employee participation ratios are more invoices received may well indicate that delivery was made to an persuasive than address other than the personnel director’s testimony about employee satisfaction. the organization’s storage area or a construction site. Answer (D) is incorrect. The effectiveness of the means of Answer (B) is incorrect. Physical examination is not usually communicating possible. The materials information about the programs is not relevant to employee will not be available at the organization’s premises. satisfaction. Answer (C) is incorrect. Testimonial information obtained through [697] Gleim #: 7.9.84 confirmation is In an engagement to review travel expenses, the internal auditor unlikely to be helpful. The supplier will confirm shipment of goods calculates average and the amount of expenses per day traveled for all sales personnel and then examines the invoice but will not report the delivery address. detailed receipts Answer (D) is incorrect. Analytical procedures are not likely to be for those with high averages. These procedures represent the effective unless identification of which budgets were very carefully developed, all conditions remained types of information? virtually constant, and A. Documentary and physical. the amounts were relatively large. B. Analytical and physical. [696] Gleim #: 7.9.83 C. Documentary and analytical. During an engagement to review the personnel function, an internal D. Physical and testimonial. auditor notes that Gleim CIA Test Prep: Part 1 - Internal Audit Basics there are several employee benefit programs and that participation in (720 questions) some of the Copyright 2013 Gleim Publications Inc. Page 384 programs is optional. Which of the following is the best information Printed for Sanja Knezevic for assessing the fb.com/ciaaofficial acceptability of various benefit programs to employees? Answer (A) is incorrect. The information is documentary but not Discuss satisfaction levels with program A. participants. physical. B. Evaluate program participation ratios and their trends. Answer (B) is incorrect. The information is analytical but not C. Discuss satisfaction levels with the director of personnel. physical. D. Evaluate methods used to make employees aware of available Answer (C) is correct. Documentary information includes accounting program options. records, Answer (A) is incorrect. Responses from participants, by definition, outgoing correspondence, receiving reports, etc. Analytical do not information results from include testimony by nonparticipants. analysis and verification and includes computations and When evaluating the propriety of a payment to a consultant, the most comparisons. The travel appropriate expense receipts are documentary information. The calculations of information for the internal auditor to obtain and review is average travel A. Oral information in the form of opinions of operating management. expenses are analytical information. B. Documentary information in the form of a contract. Answer (D) is incorrect. The information is neither physical nor Analytical information in the form of comparisons with prior years’ testimonial. expenditures [698] Gleim #: 7.9.85 on consultants. An internal auditor arrived at the conclusion that the segregation of C. duties in the D. Physical information in the form of the consultant’s report. counting and recording of cash receipts was adequate. What type of Gleim CIA Test Prep: Part 1 - Internal Audit Basics information is (720 questions) this? Copyright 2013 Gleim Publications Inc. Page 385 A. Analytical. Printed for Sanja Knezevic B. Documentary. Answer (A) is incorrect. Oral information tends to be less reliable C. Physical. than information in D. Testimonial. some permanent form. Answer (A) is correct. Analytical information is drawn from the Answer (B) is correct. A contract is a document that formalizes an consideration of agreement between the interrelationships among data or, in the case of the control, the the parties. It provides persuasive information that the payment was particular properly policies and procedures of which it is composed. Analysis produces authorized. circumstantial Answer (C) is incorrect. Comparisons with prior years’ payments information in the form of inferences or conclusions based on may be invalid if examining the circumstances have changed. components as a whole for consistencies, inconsistencies, cause- Answer (D) is incorrect. The report indicates that some work was and-effect done but not that relationships, relevant and irrelevant items, etc. the payment was authorized or in the appropriate amount. Answer (B) is incorrect. Documentary information exists in some [700] Gleim #: 7.9.87 permanent The most reliable forms of documentary evidence are those form, such as checks, invoices, shipping records, receiving reports, documents that are and purchase A. Prenumbered. orders. B. Internally generated. Answer (C) is incorrect. Physical information consists of the internal C. Easily duplicated. auditor’s D. Authorized by a responsible official. direct observation and inspection, e.g., of the counting of inventory. Answer (A) is incorrect. The use of prenumbered and sequentially Answer (D) is incorrect. Testimonial information is provided by the issued statements of documents is an effective control, but such documents may be engagement client personnel and others. accessible to an [699] Gleim #: 7.9.86 employee who is perpetrating fraud. Answer (B) is incorrect. Internally generated documents are not the (720 questions) most reliable Copyright 2013 Gleim Publications Inc. Page 386 among the choices. Printed for Sanja Knezevic Answer (C) is incorrect. Ease of duplication would tend to reduce fb.com/ciaaofficial rather than [702] Gleim #: 7.10.89 increase reliability of a document. To verify the proper value of costs charged to real property records Answer (D) is correct. Externally generated documents are deemed for improvements to be more to the property, the best source of information is reliable than those produced by the auditee. However, the Inspection by the internal auditor of real property A. improvements. evidentiary value of the A letter signed by the real property manager asserting the propriety latter is enhanced if they are subject to effective control. Accordingly, of costs authorization by an appropriate party lends credibility to a document incurred. because it B. increases the probability that the underlying transaction is valid. C. Original invoices supporting entries into the accounting records. [701] Gleim #: 7.9.88 D. Comparison of billed amounts with contract estimates. The most likely source of information indicating employee theft of Answer (A) is incorrect. An inspection confirms that the inventory is improvements were A. Physical inspection of the condition of inventory items on hand. made, not their cost. B. A warehouse employee’s verbal charge of theft. Answer (B) is incorrect. Records or documents generated internally C. Differences between an inventory count and perpetual inventory are less records. reliable than those produced externally. D. Accounts payable transactions vouched to inventory receiving Answer (C) is correct. To verify real property costs, the best method reports. of obtaining Answer (A) is incorrect. Physical inspection of items on hand does engagement information is to examine records. Records originating not disclose outside the shortages or indicate theft. engagement client, such as original invoices, are much more reliable Answer (B) is correct. Testimonial information may not be than internal conclusive and should documents or engagement client testimony. Also, these invoices be supported by other forms of information whenever possible. support actual However, it may accounting record entries. provide a lead not indicated by other procedures. Answer (D) is incorrect. A comparison of billed amounts with Answer (C) is incorrect. Differences between inventory counts and contract estimates perpetual measures the reasonableness of costs but is less persuasive than records are normal and, by themselves, do not indicate theft. original invoices Answer (D) is incorrect. Vouching transactions from accounts supporting entries into the accounting records. payable to [703] Gleim #: 7.10.90 receiving reports provides no information about a shortage or theft Ordinarily, what source of information should most affect the internal arising after auditor’s receipt of the goods. conclusions? Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. External. B. Inquiry. Answer (B) is incorrect. The information is also internal and not C. Oral. sufficient. D. Informal. Answer (C) is incorrect. The information is not sufficient to Answer (A) is correct. External information is ordinarily more reliable determine the cause. than the Answer (D) is correct. The organization employs an external other types of information listed because it is generated from sources inventory service independent and internal personnel for data entry and balancing, so the sources of the engagement client. The internal auditor should select the of information strongest are both external and internal. However, the information is not information available to support engagement observations, sufficient to conclusions, and determine the cause of the shortages. Sufficient information is recommendations. factual, adequate, Answer (B) is incorrect. Information derived from inquiries is and convincing so that a prudent, informed person would reach the ordinarily less same reliable than external information. conclusions as the internal auditor (Inter. Std. 2310). The documents Answer (C) is incorrect. Oral information is ordinarily less reliable reviewed than external will not reveal the cause of the shortages. information. [705] Gleim #: 7.10.92 Answer (D) is incorrect. Informal information is ordinarily less During an investigation of unexplained inventory shrinkage, an reliable than internal auditor is external information. testing inventory additions as recorded in the perpetual inventory Gleim CIA Test Prep: Part 1 - Internal Audit Basics records. Because of (720 questions) internal control weaknesses, the information recorded on receiving Copyright 2013 Gleim Publications Inc. Page 387 reports may not be Printed for Sanja Knezevic reliable. Under these circumstances, which of the following [704] Gleim #: 7.10.91 documents provides the An internal auditor’s objective is to determine the cause of inventory best information about additions to inventory? shortages shown A. Purchase orders. by the physical inventories taken by an independent service B. Purchase requisitions. organization that used C. Vendors’ invoices. some engagement client personnel. The internal auditor addresses D. Vendors’ statements. this objective by Answer (A) is incorrect. The quantity ordered may not equal the reviewing the count sheets, inventory printouts, and memos from the quantity shipped last inventory. by the vendor. The source of information and the sufficiency of this information are Answer (B) is incorrect. The quantity requested in a purchase Internal A. and not sufficient. requisition may not B. External and sufficient. equal the quantity shipped by the vendor as a result of modification C. Both external and internal and sufficient. by the D. Both external and internal and not sufficient. purchasing department or vendor stockouts. Answer (A) is incorrect. The information is also external. Answer (C) is correct. The vendors’ invoice confirms that the proper relevant source of information about environmental violations. This amount due externally has been recorded. A vendor’s invoices provide the best source of generated documentation and the engagement client’s responses information thereto may about additions to inventory. Vendors’ invoices provide an external indicate a significant loss exposure for the engagement client. source of Answer (D) is incorrect. External auditors do not have ready access information regarding shipments to the engagement client. These to the needed amounts should information. be equal to quantities added to inventory (after possible adjustment [707] Gleim #: 7.10.94 for items The most conclusive information to support supplier account returned to the vendor because of damage, etc.). balances is obtained by Answer (D) is incorrect. Vendors’ statements normally list only the A. Reviewing the vendor statements obtained from the accounts invoice payable clerk. number, date, and total. They do not list invoice detail such as B. Obtaining confirmations of balances from the suppliers. quantities shipped. C. Performing analytical account analysis. Gleim CIA Test Prep: Part 1 - Internal Audit Basics Interviewing the accounts payable manager to determine the internal (720 questions) controls Copyright 2013 Gleim Publications Inc. Page 388 maintained over accounts payable processing. Printed for Sanja Knezevic D. fb.com/ciaaofficial Answer (A) is incorrect. Vendor statements obtained from the [706] Gleim #: 7.10.93 accounts payable In engagement planning, internal auditors should review all relevant clerk may be inaccurate, purposely misstated, or prepared for information. nonexisting vendors. Which of the following sources of information would most likely help Answer (B) is correct. Confirmation has the advantage of obtaining identify information suspected violations of environmental regulations? from sources external to the entity. Information from external sources Discussions with operating A. executives. provides B. Review of trade publications. greater assurances of reliability than information from sources within C. Review of correspondence the entity has conducted with the entity. governmental agencies. Answer (C) is incorrect. Analytical account analysis is effective for Discussions conducted with the external auditors in coordinating identifying engagement circumstances that require additional consideration. efforts. Answer (D) is incorrect. Interviewing an employee provides oral, or D. testimonial, Answer (A) is incorrect. Operating management is a possibly biased information, which is inherently less reliable than information source. obtained from Answer (B) is incorrect. This source is not sufficiently specific. independent sources. Answer (C) is correct. Correspondence from regulators is likely to be [708] Gleim #: 7.10.95 a valid and A set of engagement working papers contained a copy of a document providing information that an expensive item that had been special-ordered D. Examination of the account balances contained in general and was actually on hand subsidiary ledgers. on a particular date. The most likely source of this information is a Answer (A) is correct. First-hand observation by the auditor is more printout from a persuasive computerized than analytical reviews performed, client-prepared records examined A. Purchases journal. by the B. Cash payments journal. auditor, or interviews with client personnel. C. Perpetual inventory file. Answer (B) is incorrect. Items purchased may no longer be present D. Receiving report file. in the Gleim CIA Test Prep: Part 1 - Internal Audit Basics department being reviewed, even though they were originally (720 questions) purchased for that Copyright 2013 Gleim Publications Inc. Page 389 department. Printed for Sanja Knezevic Answer (C) is incorrect. Interviews are useful in gaining insight into Answer (A) is incorrect. The purchases journal indicates when the operations item was ordered and understanding exceptions but are not sufficient. but not whether it was still on hand at a specific later date. Answer (D) is incorrect. Ledger balances may not indicate whether Answer (B) is incorrect. The cash payments journal indicates when assets have the item was paid been moved or stolen. for but not whether it was still on hand at a specific later date. [710] Gleim #: 7.11.97 Answer (C) is correct. In a perpetual inventory system, purchases Which of the following types of tests is the most persuasive if an are directly recorded internal auditor in the inventory account, and cost of goods sold is determined as the wants assurance of the existence of inventory stored in a goods are sold. A warehouse? computerized perpetual inventory file has a record of each debit or Examining the shipping documents that support recorded transfers to credit transaction and from the with its date, amount, etc., and the inventory balance for any given warehouse. date could therefore A. be determined. B. Obtaining written confirmation from management. Answer (D) is incorrect. The receiving report indicates when the C. Physically observing the inventory in the warehouse. item was received D. Examining warehouse receipts contained in the engagement but not whether it was still on hand at a specific later date. client’s records. [709] Gleim #: 7.11.96 Gleim CIA Test Prep: Part 1 - Internal Audit Basics Which of the following techniques is most likely to result in sufficient (720 questions) information Copyright 2013 Gleim Publications Inc. Page 390 with regard to an engagement to review the quantity of fixed assets Printed for Sanja Knezevic on hand in a fb.com/ciaaofficial particular department? Answer (A) is incorrect. Shipping documents are not as reliable as Physical A. observation. personal B. Analytical review of purchase requests and subsequent invoices. knowledge. C. Interviews with department management. Answer (B) is incorrect. Testimonial information is not as reliable as information. The information was generated internally but passed personal through knowledge. outsiders who confirmed it (honored the check) before sending it Answer (C) is correct. Direct knowledge obtained through the directly to the internal auditor’s internal auditor. Such information is very persuasive. physical observation is the most reliable information about the Answer (C) is incorrect. Internal information is less persuasive than existence of the external inventory. information. Answer (D) is incorrect. Warehouse receipts are not as reliable as Answer (D) is incorrect. The invoice is external information of debt personal but not of knowledge. payment. The information concerning payment is internal and not [711] Gleim #: 7.11.98 persuasive. A Documents provide information with differing degrees of reference to a check is not as reliable as the check itself. persuasiveness. If the [712] Gleim #: 7.11.99 engagement objective is to obtain information that payment has An internal auditor at a savings and loan association concludes that actually been made for a secured real a specific invoice from a vendor, which of the following documents estate loan is collectible. Which of the following engagement ordinarily is the procedures provides the most persuasive? most persuasive information about the loan’s collectibility? An entry in the engagement client’s cash disbursements journal A. Confirming the loan balance with the borrower. supported by a B. Reviewing the loan file for proper authorization by the credit voucher package containing the vendor’s invoice. committee. A. C. Examining documentation of a recent, independent appraisal of A canceled check, made out to the vendor and referenced to the the real estate. invoice, included D. Examining the loan application for appropriate borrowers’ in a cutoff bank statement that the internal auditor received directly signatures. from the bank. Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. (720 questions) An accounts payable subsidiary ledger that shows payment C. of the Copyright 2013 Gleim Publications Inc. Page 391 invoice. Printed for Sanja Knezevic D. A vendor’s original invoice stamped “PAID” and referenced to a Answer (A) is incorrect. A confirmation provides information about a check number. loan’s Answer (A) is incorrect. The engagement client either has initiated existence, not its collectibility. or had an Answer (B) is incorrect. Information about the loan’s authorization is opportunity to alter the voucher and the invoice. not relevant to Answer (B) is correct. A canceled check included in a cutoff bank its collectibility. statement Answer (C) is correct. Real estate appraisals are based on received directly from the bank provides external as well as internal estimated resale value or documentary future cash flows. A recent, independent appraisal provides information about the borrower’s ability to repay the loan. Such an appraisal tends to be Gleim CIA Test Prep: Part 1 - Internal Audit Basics reasonably reliable (720 questions) because it is timely and derives from an expert source independent Copyright 2013 Gleim Publications Inc. Page 392 of the engagement Printed for Sanja Knezevic client. fb.com/ciaaofficial Answer (D) is incorrect. The validity of the loan is not relevant to the Answer (A) is incorrect. An unsubstantiated response to an inquiry borrower’s of management is ability to repay the loan. usually considered the least persuasive information. [713] Gleim #: 7.11.100 Answer (B) is incorrect. Observation of procedures for acquisition The most persuasive information regarding the asset value of newly would not be as acquired persuasive as examination of the asset. computers is Answer (C) is correct. Information is considered more or less Inquiry A. of management. persuasive depending B. Observation of engagement client’s procedures. on the engagement client’s degree of control. The following is a C. Physical examination. hierarchy from most D. Documentation prepared externally. persuasive to least persuasive: internal auditor’s examination and Answer (A) is incorrect. An unsubstantiated response to an inquiry observation, of externally developed information, internally developed information, management ordinarily yields the least persuasive information. and oral Answer (B) is incorrect. Observation of procedures for acquisition information from the client. Thus, the most persuasive information would not be about the existence as persuasive as documents showing the cost of the asset. assertion for a new asset is physical examination. Answer (C) is incorrect. Physical examination of the asset reveals Answer (D) is incorrect. Documentation is less relevant to the only limited existence assertion than information as to the asset’s value. physical examination. Answer (D) is correct. Information is considered more or less [715] Gleim #: 7.11.102 persuasive Which of the following represents the general order of depending on how much control the engagement client has over it. persuasiveness, from most to The most least, for the types of information listed below? persuasive information relevant to the valuation assertion is Inquiry I. of management documentation that is II. Observation of engagement client’s procedures prepared externally. III. Physical examination [714] Gleim #: 7.11.101 IV. Documentation prepared externally The most persuasive information about the existence of newly A. III, II, IV, I. acquired computers for B. IV, I, II, III. the sales department is C. II, IV, I, III. A. Inquiry of management. D. IV, III, I, II. B. Observation of engagement client’s procedures. Answer (A) is correct. An auditor’s physical examination provides C. Physical examination. the most D. Documentation prepared externally. persuasive form of evidence. First-hand observation by the auditor of may have evolved over time. client Answer (B) is correct. The physical inspection of an engagement personnel performing procedures is the next most persuasive. client’s facilities, Information records, and processing steps is the most persuasive information. originating from a third party is less persuasive than information The internal auditor personally reviews actual documents and determines what personnel actually gathered by the auditor but more persuasive than information do with them. originating with the Answer (C) is incorrect. The program flowchart excludes manual client. Oral information from the client is the least convincing. processing steps. Answer (B) is incorrect. The internal auditor’s physical examination Answer (D) is incorrect. The treasurer may not know how the (III) and specific clerical observation (II) are more persuasive than externally developed processing may have changed. Furthermore, the treasurer may have information (IV). reason not to Answer (C) is incorrect. The internal auditor’s physical examination describe processing accurately. (III) is the [717] Gleim #: 7.11.104 most persuasive evidence of all. The internal auditor is concerned with the overall valuation of Answer (D) is incorrect. The internal auditor’s observation (II) is inventory. Rank the more persuasive following sources of engagement information from most persuasive than both externally developed information (IV) and inquiry of to least persuasive management (I). in addressing the assertion as to the valuation of inventory. [716] Gleim #: 7.11.103 Calculate inventory turnover by I. individual product. The internal auditor wants to understand the actual flow of data Assess the net realizability of all inventory items with a turnover ratio regarding cash of 2.0 or processing. The most convincing information is obtained by less by interviewing the marketing manager as to the marketability of A. Reviewing the systems flowchart. the product. Performing a walk-through of the processing and obtaining copies of II. all Calculate the net realizable value (NRV) of all inventory products documents used. (using software B. to calculate NRV based on the last selling price) and compare NRV Reviewing the programming flowchart for information about control with cost. procedures III. placed into the computer programs. Take a statistical sample of inventory and examine the latest C. purchase documents D. Interviewing the treasurer. (invoices and receiving slips) to calculate inventory cost. Gleim CIA Test Prep: Part 1 - Internal Audit Basics IV. (720 questions) A. I, II, III, IV. Copyright 2013 Gleim Publications Inc. Page 393 B. I, IV, II, III. Printed for Sanja Knezevic C. IV, I, III, II. Answer (A) is incorrect. The systems flowchart might not indicate D. II, III, IV, I. how processing Answer (A) is incorrect. The proper order is IV, I, III, II. Answer (B) is incorrect. The proper order is IV, I, III, II. [718] Gleim #: 7.11.105 Answer (C) is correct. Sampling inventory and examining purchase Which of the following are least valuable in predicting the amount of documents uncollectible are procedures that provide the most persuasive information in accounts for an organization? establishing cost, Published economic indices indicating a general A. business which is the basis of determining the valuation of inventory. They rely downturn. on the Dollar amounts of accounts actually written off by the organization for internal auditor’s own observations and on inspection of documents each of the from external past 6 months. sources. The next most persuasive information is derived from the B. internal C. Total monthly sales for each of the past 6 months. auditor’s analytical procedures. A change in inventory turnover or a Written forecasts from the credit manager regarding expected future very low level cash of inventory turnover indicates potential obsolescence of inventory collections. and the need D. for the internal auditor to perform additional procedures, e.g., Answer (A) is incorrect. Although these statistics might not be quite examining as relevant subsequent sales to determine whether inventory should be written as some of the other data, they are reliable, having been compiled down. and published Calculation of net realizable value may indicate a valuation problem. by an independent source. The Answer (B) is incorrect. The dollar amounts of write-offs are relevant difficulty with this procedure is that the last sales price may not be and appropriate. reliable, representing the actual experience of the organization. The marketing manager’s opinion about marketability is the least Answer (C) is incorrect. These amounts include cash as well as persuasive credit sales. Thus, information. It is a form of testimonial information from an individual the inclusion of cash sales reduces the relevance of these data. who may However, prior have a vested interest in persuading the internal auditor that the sales also represent the actual experience of the organization and goods will be sold therefore have a at their normal prices in the normal course of business. In addition, high degree of reliability. the arbitrary Answer (D) is correct. Written forecasts from the credit manager cutoff value of 2.0 may not be justified. The cutoff should be based may be relevant on the nature and useful, but they cannot be considered sufficient or reliable. of the client’s inventory. Opinion evidence Answer (D) is incorrect. The proper order is IV, I, III, II. does not have as much reliability as factual evidence. In addition, the Gleim CIA Test Prep: Part 1 - Internal Audit Basics source of the (720 questions) evidence may have a bias, which should be considered by the Copyright 2013 Gleim Publications Inc. Page 394 internal auditor Printed for Sanja Knezevic when evaluating the reliability of this data. fb.com/ciaaofficial [719] Gleim #: 7.11.106 Which of the following examples of audit evidence is the most externally, they are subsequently processed by the engagement persuasive? client. Thus, they are A. Real estate deeds that were properly recorded with a government more reliable than purely internal information but less reliable than agency. purely external B. Canceled checks written by the treasurer and returned from a information. bank. [720] Gleim #: 7.11.107 C. Time cards for employees that are stored by a manager. One objective of an internal auditing engagement involving the D. Vendor invoices filed by the accounting department. receiving function is to Gleim CIA Test Prep: Part 1 - Internal Audit Basics determine whether receiving clerks independently count incoming (720 questions) supplies before Copyright 2013 Gleim Publications Inc. Page 395 completing the quantity received section of the receiving report. Printed for Sanja Knezevic Which of the Answer (A) is correct. Real estate deeds recorded in public records following is the most persuasive information supporting the assertion are documentary that the counts information generated by external parties. They are not processed by are made? the engagement The receiving section supervisor’s assurance, based on personal client. Accordingly, this purely external evidence is more persuasive observation, that than information the counts are made. originating with, or processed by, the engagement client. A. Answer (B) is incorrect. Canceled checks written by the treasurer A receiving clerk’s initials on all receiving reports attesting that the and returned from a count was bank constitute internal-external information. Such information made. originates with the B. engagement client but is processed externally. Because the bank’s Assurance, from the warehouse supervisor, that the accuracy of the acceptance of perpetual checks provides some confirmation of their validity, they are more inventory is the result of the reliability of the entries in the quantity reliable than purely received internal evidence. section. Answer (C) is incorrect. Time cards for employees that are stored C. by a manager are Periodic observations by the internal auditor over the course D. of considered internal information. They are generated by, and remain the engagement. with, the Answer (A) is incorrect. Testimonial information is not as reliable as engagement client. Purely internal information is less reliable than the internal information from auditor’s direct personal observation. external sources. Answer (B) is incorrect. Testimonial information is not as reliable as Answer (D) is incorrect. Vendor invoices filed by the accounting the internal department are auditor’s direct personal observation. considered external-internal information. Although the invoices were Answer (C) is incorrect. Testimonial information is not as reliable as created the internal auditor’s direct personal observation. Answer (D) is correct. An internal auditor’s presumption about the validity of information is that the internal auditor’s direct personal knowledge, obtained through physical examination, observation, computation, and inspection is more persuasive than information obtained indirectly.