1. Which of the following comments are correct regarding the assessment of risk associated with the two projects?
I. Activities requested by the audit committee should always be considered higher risk than those requested by management.
II. Activities wit
c. III only.
2. Which of the following factors would be considered the least important in deciding whether existing internal audit resources should be moved from the ongoing legal compliance audit to the management-requested division audit?
a. A financial audit of the
a. A financial audit of the division by the external auditor a year ago.
3. During a preliminary survey, an auditor notes that several accounts payable vouchers for major suppliers show adjustments for duplicate payment of prior invoices. This would indicate:
a. A need for additional testing to determine related controls and t
a. A need for additional testing to determine related controls and the current exposure to duplicate payments made to suppliers.
4. A large data processing center is experiencing processing bottlenecks at peak batch-processing hours. The center is sometimes unable to complete all batch processing by the start of the next business day, creating difficulties in starting on-line syste
b. Job scheduling.
5. A controller became aware that a competitor appeared to have access to the company's pricing information. The internal auditor determined that the leak of information was occurring during the electronic transmission of data from branch offices to the h
b. Encryption.
6. During an audit of cash controls, an auditor compared a sample of cash receipts lists with (1) the total of daily cash receipts journal entries, and (2) daily bank deposit slip amounts. The comparison revealed that:
* each cash receipts list equaled ca
b. Sufficient, competent, and relevant.
7. Which of the following would indicate that fraud may be taking place in a marketing department?
a. There is no documentation for some fairly large expenditures made to a new vendor.
b. A manager appears to be living a lifestyle that is in excess of wha
d. All of the above.
8. Auditors use a variety of indexing and cross-referencing methods in their audit workpapers. An internal auditing manager might devise a workpaper-indexing method tailored to a specific organization's needs. On the other hand, a government audit agency
a. The internal auditing manager devises a method which simplifies the review process within a particular organization, but the government audit agency devises one uniform method to simplify the review process of the vastly different organizations to be a
9. After noting some red flags, an auditor has an increased awareness that fraud may be present. Which of the following best describes the auditor's responsibility?
a. Expand activities to determine whether an investigation is warranted.
b. Report the pos
a. Expand activities to determine whether an investigation is warranted.
10. During the course of an audit, an auditor discovers that a research and development employee has been patenting new developments that are unrelated to the basic business of the company. The company does not have a specific policy addressing patents on
d. Both a and b.
11. An auditor becomes concerned that fraud, in the form of payments to bogus companies, may exist. Buyers, who are responsible for all purchases for specific product lines, are able to approve expenditures up to $50,000 without any other approval. Which
d. Use generalized audit software to list all major vendors by product line; select a sample of paid invoices to new vendors and examine evidence which shows that services or goods were received.
12. Confirmation would be most effective in addressing the existence assertion for:
a. The addition of a milling machine to a machine shop.
b. Sale of merchandise during the regular course of business.
c. Inventory hald on consignment.
d. The granting of
c. Inventory hald on consignment.
13. A manufacturing firm uses large quantities of small inexpensive items such as nuts, bolts, washers, and gloves in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor
b. Require management review of reports on the cost of consumable items used in relation to budget.
14. Which of the following control procedures would be the least effective in preventing a fraud conducted by sending purchase orders to bogus vendors?
a. Require that all purchases be made from an authorized vendor list maintained independently of the in
d. Require that total purchases for a month not exceed the total budgeted purchases for that month.
15. A company controller is concerned that parts may be stolen because there is no formal receiving function (that is, receiving slips are not filled out). Production raw materials are moved from rail cars directly to the production line, and vendors are
d. All of the above.
16. The production line has experienced shutdowns because needed production parts were not on hand. Management wants to know the cause of this problem. Which of the following audit procedures best addresses this objective?
a. Determine if access controls
b. Use generalized audit software to develop a complete list of the parts shortages that caused each of the production shutdowns, and analyze this data.
18. The auditor wants to determine if purchasing requirements have been updated for changes in production techniques. Which of the following audit procedures would be most effective in addressing the auditor's objective?
a. Recalculate parts needed based
a. Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period.
19. Which of the following computerized control procedures would be most effective in ensuring that data uploaded from personal computers to a mainframe are complete and that no additional data are added?
a. Self-checking digits to ensure that only author
b. Batch control totals, including control totals and hash totals.
20. An auditor is planning an audit of a customer information system which uses a local area network (LAN) with personal computers (PC's). Increased risks associated with the company's use of a LAN and PC's, as opposed to use of a mainframe, could include
c. Problems with failures of the hardware used for processing data.
21. A company uses a local area network (LAN) with one client server. The auditor wishes to determine whether LAN users are complying with company policies related to the documentation of applications developed by end users and shared by other users on th
d. Take a random sample of end-user applications stored on the server and examine the applications for compliance with company policies.
22. A potential problem in a manufacturing company is that purchasing agents may take kickbacks or receive gifts from vendors in exchange for favorable contracts. Which of the following would be the least effective in preventing this problem?
a. A specifi
c. A requirement for the purchasing agent to develop a company profile of all vendors before the vendors are added to the authorized vendor list.
23. Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?
a. Observe the process.
b. Review the trend in receivables write-offs.
c. Ask the credit manager about the effectiveness of the funct
b. Review the trend in receivables write-offs.
24. An auditor is experienced in air-quality issues. While interviewing the manager of a small environmental, safety, and health (ESH) department, the auditor discovers that there is a significant lack of knowledge about legal requirements for controlling
c. Take note of the weakness and direct additional questions to help determine the potential effect of the lack of knowledge.
25. Much nonprofit organization fundraising is done over the telephone. Which of the following control procedures would be least effective in gaining assurance that all of the pledges made by telephone are recorded and designated for payment to the organi
c. A confirmation program which randomly selects donations received and confirms the amounts with the donors.
26. Which of the following control procedures would provide the greatest assurance that all donations to a nonprofit organization are immediately deposited to the organization's account?
a. Use a lockbox to receive all donations.
b. Perform periodic inter
a. Use a lockbox to receive all donations.
27. A potential problem facing many nonprofit organizations is public skepticism over the use of funds. For example, there have been instances in which funds were used to support a lavish lifestyle of the organization's president or used to support politi
d. Periodic payroll audits by the internal auditor to determine compliance with authorized pay rates.
28. As part of cash management procedures, the treasurer of a nonprofit organization has decided to invest in a variety of new financial instruments. The audit committee has asked the internal audit department to conduct an audit of the adequacy of contro
c. Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations.
29. Contributions to a nonprofit organization have been constant for the past three years. The audit committee has become concerned that the president may have embarked on a scheme in which some of the contributions from many sustaining members have been
b. Take a sample which includes all large fonors for the past three years and a statistical sample of thers and request a confirmation of total contributions made to the organization or to affiliated organizations.
30. Which of the following best describes a preliminary survey?
a. A standardized questionnaire used to obtain an understanding of management objectives.
b. A statistical sample of key employee attitudes, skills, and knowledge.
c. A "walk-through" of the
d. A process used to become familiar with activities and risks in order to identify areas for audit emphasis.
31. The auditor wishes to determine if the change in investment income during the current year was due to (a) changes in investment strategy; (b) changes in portfolio mix; or (c) other factors. Which of the following analytical review procedures should th
d. Multiple regression analysis which includes independent variables related to the nature of the investment portfolio and market conditions.
32. Auditors must always be alert for the possibility of fraud. Assume the controls over each risk listed below are marginal. Which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?
a. The p
c. Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization's charter.
33. Assume the auditor finds a number of instances in which travel and entertainment reimbursements going to the president seem excessive and inconsistent with the charter of the organization. Before an audit report is issued, a front-page article appears
b. Direct the inquiry to the audit committee or the board of directors.
34. During an examination of grants awarded, the auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization's charter. All the grants, howe
d. Report the breakdown in control structure to the audit committee.
35. An auditor wishes to determine the extent to which invalid data could be contained in a human-resources computer system. Examples would be an invalid job classification, age in excess of retirement age, or an invalid ethnic classification. The best ap
c. Use generalized audit software to develop a detailed report of all data outside specified parameters.
36. An organization uses electronic data interchange (EDI) and on-line systems. Paper-based documents are not generated for purchase orders, receiving reports, or invoices. An auditor wishes to determine if invoices are paid only for goods received and at
b. Use generalized audit software to select a sample of payments and match purchase order, invoice, and receiving reports stored on the computer using a common reference.
37. Management has requested an audit of promotional expenses. The sales department has been giving away expensive items in conjunction with new product sales to stimulate demand. The promotion seems successful, but management believes the cost may be too
b. A comparison of the unit cost of the products sold before and during the promotion period.
38. Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
a. Determine whether agreed-upon lot sizes were sent by vendors.
b. Determine whether only authorized items were received from vendors.
c.
c. Determine whether the balances owed to vendors are correct.
39. If an auditee's operating standards are vague and thus subject to interpretation, the auditor should:
a. Seek agreement with the auditee as to the standards to be used to measure operating performance.
b. Determine best practices in this area and use
a. Seek agreement with the auditee as to the standards to be used to measure operating performance.
40. A production manager for a moderate-sized manufacturing company began ordering excessive raw materials and had them delivered to a wholesale company that the manager was running as a side business. The manager falsified receiving documents and approve
d. Perform analytical tests, comparing production, materials purchased, and raw materials inventory levels; investigate differences.
41. During a review of purchasing operations, an auditor finds that current procedures differ markedly from stated company procedures. However, the auditor concludes that the procedures currently used represent an increase in efficiency and a decrease in
c. Report the change and suggest that the change in procedures be documented.
42. If the auditors were to perform a preliminary review, which of the following procedures should be performed?
a. Review reports of audits performed by regulatory and outside auditors since the last internal audit.
b. Interview management to identify ch
d. All of the above.
43. The auditors are evaluating the adequacy of the new policies and procedures in maintaining an appropriate risk profile. Which of the following audit procedures would be least relevant to the accomplishment of the audit objective?
a. Meet with operatio
c. Test a sample of investments for compliance with the new procedures.
44. The audit committee has expressed concern that the financial institution has been taking on higher-risk loans in pursuit of short-term profit goals. Which of the following audit procedures would provide the least amount of information to address this
c. Perform an analytical review which involves developing a chart to compare interest income plotted over the past ten years.
45. In which of the following situations does the auditor potentially lack objectivity?
a. An auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented.
b. A former purchasing assist
b. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal auditing department.
46. A bank internal auditor wishes to determine whether all loans are backed by sufficient collateral, properly aged as to current payments, and properly categorized as current or non-current. The best audit procedure to accomplish this objective would be
a. Use generalized audit software to read the total loan file, age the file by last payment due, and take a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging.
47. A bank internal auditor wishes to determine if loans that were not funded were rejected using criteria consistent with that contained in bank policies. All loan requests are initially processed by a lending officer. Those that the officer deems approp
a. Select an attribute sample of loans not funded and review the loan applications and the reasons for rejecting them.
48. A financial institution is overstating revenue by charging too much of each loan payment to interest income and too little to repayment of principal. Which of the following audit procedures would be least effective in detecting this error?
a. Perform
a. Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period.
49. An auditor has taken an attribute sample of a bank's existing loan portfolio. Out of a sample of 60 loans, the auditor finds:
* Four that were not properly collateralized,
* Five that are not in compliance with bank policies (other than lack of collat
d. III only.
50. Which of the following concepts distinguishes the retention of computerized audit workpapers from that of the traditional hardcopy form?
a. Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer
a. Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer system controls and security procedures.
51. Which of the following statements is most accurate regarding the data security of an on-line computer system protected by an internal user-to-data access control program?
a. Access to data is controlled by restricting specific applications to specific
c. Security will be dependent upon the controls over the issuance of user ID's and user authentication.
52. Which of the following actions would be a violation of auditor independence?
a. Continuing on an audit assignment at a division for which the auditor will soon be responsible as the result of a promotion.
b. Reducing the scope of an audit due to budge
a. Continuing on an audit assignment at a division for which the auditor will soon be responsible as the result of a promotion.
53. Red flags are conditions which indicate a higher likelihood of fraud. Which of the following would not be considered a red flag?
a. Management has delegated the authority to make purchases under a certain dollar limit to subordinates.
b. An individual
a. Management has delegated the authority to make purchases under a certain dollar limit to subordinates.
54. When an office supply company is unable to fill an order completely, it marks the out-of-stock items as back ordered on the customer's order and enters these items in a back order file which management can view or print. Customers are becoming disgrun
a. Match the back order file to goods received daily.
55. Which of the following audit procedures would be least effective in determining whether a division recorded subsequent-year sales in the current year?
a. Perform analytical review procedures which compare like-month sales for the past two years, inclu
c. Use an integrated test facility to run data through the computer during the last month of the year and the first month of the subsequent year to determine if sales were recorded correctly.
56. Which of the following database controls would be most effective in maintaining a segregation of duties appropriate to the users' reporting structure within an organization?
a. Access security features.
b. Software change control procedures.
c. Depend
a. Access security features.
57. Which of the following statements are correct regarding internal audit workpaper documentation for a fraud investigation?
I. All incriminating evidence should be included in the workpapers.
II. All important testimonial evidence should be reviewed to
d. I, II, and III.
58. Which of the following statements are correct regarding the deterrence of fraud?
I. The primary means of deterring fraud is through an effective control system initiated by top management.
II. Internal auditors are responsible for assisting in the det
d. I, II, and III.
59. The requirement that purchases be made from suppliers on an approved vendor list is an example of a:
a. Preventive control.
b. Detective control.
c. Corrective control.
d. Monitoring control.
a. Preventive control.
60. As used by the internal auditing profession, the Standards refer to all of the following except:
a. Criteria by which the operations of an internal audit department are evaluated and measured.
b. Criteria which dictate the minimum level of ethical act
b. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors.
61. The transportation department for a large manufacturing company maintains its vehicle inventory and maintenance records in a database on a stand-alone microcomputer in the fleet supervisor's office. Which audit approach is most appropriate for evaluat
a. Verify a sample of the records extracted from the database with supporting documentation.
62. Which of the following activities would not be presumed to impair the independence of an internal auditor?
I. Recommending standards of control for a new information system application.
II. Drafting procedures for running a new computer application to
d. I and III.
63. An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if:
a. The auditor notes strong
a. The auditor notes strong indicators of a specific fraud involving this account.
64. A CIA is working in a non-internal audit position as the director of purchasing. The CIA signs a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presen
b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited for a CIA.
66. An auditor, nearly finished with an audit, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing audit and there is pressure to complete the current audit. The auditor notes the probl
c. Not be in violation of either the IIA Code of Ethics or Standards.
67. Systems development audits include reviews at various points to ensure that development is properly controlled and managed. The reviews should include all of the following except:
a. Conducting a technical feasibility study on the available hardware,
a. Conducting a technical feasibility study on the available hardware, software, and technical resources.
68. Spreadsheet software would be most appropriate for which of the following audit activities?
a. Preparing overhead projector slides for an audit presentation.
b. Preparing a narrative report summarizing the results of an audit.
c. Preparing depreciatio
c. Preparing depreciation schedules for fixed assets.
69. During the course of a bank audit, the auditors discover that one loan officer had approved loans to a number of related but separate organizations, in violation of regulatory policies. The loan officer indicated that it was an oversight and it would
a. Inform management of the conflict of interest and the violation of the regulatory requirements and suggest further investigation.
70. Which of the following situations would be a violation of the IIA Code of Ethics?
a. An auditor was subpoenaed in a court case in which a merger partner claimed to have been defrauded by the auditor's company. The auditor divulged confidential audit i
d. During an audit, an auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in
1. Division A has a large number of small customers and has automated cash collection. Customers are requested to return a copy of their invoice (turnaround document) with their payment. The returned document contains the customer's account number, name,
a. Cash receipts/mail clerk.
2. If the treasurer took a customer's cash remittance and omitted it from the cash deposit and recorded a debit to cash for the remaining receipts, the omission would best be detected by:
a. Monthly analytical review comparing accounts receivable balances
d. Batching all receipts and turnaround documents and reconciling the posting of the batches to the receivables and cash account.
3. To address management's concern that a division might not be adequately investing short-term funds, management has developed a model that estimates minimum daily cash balances for each division. To determine whether a specific division is failing to ma
d. Total daily cash balances at each division and interest income based on its model of minimum cash balances.
4. Upon investigation, the auditor finds that one division consistently has large amounts of excess cash at a time when the organization is borrowing heavily and using the proceeds to support other divisions. The best control procedure to address this con
c. Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management.
5. An auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts:
a. Show specific control procedu
b. Are a good guide to potential segregation of duties.
6. The auditor wants to understand the actual flow of data regarding cash processing. The most convincing evidence would be obtained by:
a. Reviewing the systems flowchart.
b. Performing a "walk-through" of the processing and obtaining copies of all docum
b. Performing a "walk-through" of the processing and obtaining copies of all documents used.
7. The auditor wishes to follow appropriate sampling theory on projected dollar differences, even if made judgmentally, to the population. Which of the items noted above should have their dollar differences projected to the population as a whole to determ
d. All of the items.
8. Assume that management has been working with a 5 percent materiality level for inventory. If the auditor decides that all of the sampling items identified above represent errors, which of the following conclusions are justified?
I. Recorded inventory i
c. II and IV.
9. The following are potential sources of evidence regarding the effectiveness of the division's total quality management program. Assume that all comparisons are for similar time periods and duration and current items are compared with similar items befo
a. Employee morale over the two time periods.
10. The auditor is concerned with the overall valuation of inventory. Rank the following sources of audit evidence from most persuasive to least persuasive in addressing the assertion as to the valuation of inventory.
I. Calculate inventory turnover by in
c. IV, I, III, II.
11. The auditor wishes to test the assertion that all claims paid by a medical insurance company contain proper authorization and documentation, including but not limited to the validity of the claim from an approved physician and an indication that the c
d. Select a sample of paid claims from the claims (cash) disbursement file and trace to documentary evidence of authorization and other supporting documentation.
12. A control deficiency associated with the above scenario is:
a. The store manager can require items to be closed out, thus affecting the potential performance evaluation of individual product managers.
b. The product manager negotiates the purchase pri
d. There is no receiving function located at individual stores.
13. Which of the following is a control strength?
(A correct response to this question may involve making more than one answer.)
a. Goods received are scanned in to develop an electronic receiving report.
b. The scanned in goods are reconciled with the nu
a. Goods received are scanned in to develop an electronic receiving report.
b. The scanned in goods are reconciled with the number of price tags generated and attached to the products.
d. Product managers are given a purchasing budget by the marketing man
14. Requests for purchases beyond those initially budgeted by the marketing manager must be approved by the marketing manager. Which of the following statements regarding this control procedure is correct? The procedure:
I. Should provide for the most eff
c. I only.
15. A new product manager has proposed that the organization implement Electronic Data Interchange (EDI) with its 15 largest vendors. Automated cash register information on products sold would go to the vendors and the vendors would be allowed to ship pro
b. A long-term contract specifying prices, maximum delivery amounts, and timing of deliveries would be an acceptable substitute for individual purchase orders.
d. Profit and total sales should increase for the product lines involved.
16. Which of the following would explain all the changes in the analyses presented above?
a. The company recorded fictitious sales during November and December, but did not credit inventory.
b. There was a cutoff problem with January sales being recorded
a. The company recorded fictitious sales during November and December, but did not credit inventory.
17. Management insists that the changes in the accounts receivable account were due to a change in its customer base and credit terms. The most appropriate audit procedure to follow up on this management assertion would be to:
a. Use attribute sampling to
c. Use generalized audit software to obtain a ranked listing of sales volume by customers for the year and compare with a similar list for the previous year.
18. The auditor sends positive confirmations to the 10 largest customers and to randomly selected other customers. Of the 10 largest customers, eight respond that they do not confirm accounts receivable. In following up on the response of the eight custom
b. Send second requests to the customers pointing out the need to respond to positive confirmations.
19. If the data are correct, which of the following conclusions by the auditor is justified?
I. The rate of customer complaints logged is decreasing.
II. The number of service calls made at customer locations seems to be more closely related to the number
b. I and II.
20. Based on the data, the auditor can justifiably conclude that:
I. Total revenue is increasing more rapidly than is total cost.
II. The service department is more efficient since revenue has increased dramatically in the current year.
III. The service d
d. I only.
21. The best audit procedure to determine whether or not the company is meeting its objective of satisfying 95 percent of customer inquiries within 24 hours would be to:
a. Select an attribute sample from the population of logged-in customer complaints an
a. Select an attribute sample from the population of logged-in customer complaints and trace to records indicating its disposition, noting time and nature of disposition.
22. The auditor wishes to investigate whether the number of service calls is based more on the number of service technicians than on the number of complaints that actually merit service. The following are four audit procedures which would be performed in
b. Steps 1 and 2.
23. Which of the following audit procedures ought to be included as part of the audit program to address the specific audit concerns identified above?
a. Send confirmations to the 10 largest customers to determine the collectibility of the account balance
b. Select a random sample of all loans over $100,000 and examine supporting documentation to determine if the documentation is in compliance with the applicable regulations.
24. During the audit, the auditor's preliminary evidence indicated that the first concern (loans to the 10 largest customers) is not violated. However, upon further investigation of related parties and interlocking organizations, the auditor concludes tha
a. Report the findings immediately to management and suggest that legal counsel review the regulations and the audit evidence gathered to date to determine if a violation has taken place.
25. Several members of senior management have questioned whether the internal audit department should report to the newly-established, quality audit function as part of the total quality management process within the company. The director of internal audi
d. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
26. An organization uses a database management system (DBMS) as a repository of data. The DBMS in turn supports a number of end-user developed applications which were created using fourth generation programming languages. Some of the applications update t
b. Concurrency update controls are in place.
27. A catalog company has been experiencing an increasing incidence of problems where the wrong products have been shipped to the customer. Most of the customer orders come in over the telephone and an operator enters the data into the order system immedi
c. II and III.
28. The auditor wishes to gain assurance on whether the spreadsheet has properly implemented the freight dispatching algorithm. Which of the following audit procedures would accomplish the task?
I. Develop an independent spreadsheet and run test data thro
c. I, II, III.
29. Assume the audit testing performed in question 28 indicates that the spreadsheet has correctly implemented the freight dispatching algorithm. Which of the following conclusions is justified from the audit evidence?
I. The spreadsheet must be obtaining
a. III only.
30. The best procedure to determine whether the control procedure to limit the amount of purchases for a particular product line was working properly during the past year would be to:
a. Use generalized audit software to prepare a list of purchases by pro
a. Use generalized audit software to prepare a list of purchases by product line. Compare the amounts with the authorized by the marketing manager.
31. It is often recognized that one control procedure by itself is not sufficient to achieve a particular control objective. One control objective is to ensure that purchase orders are made only by authorized purchasing agents, to authorized vendors, for
b. I, II, and IV.
33. The auditor wishes to determine that the program is correctly approving items for payment only when the purchase order, receiving report, and vendor invoice match within the tolerable
0.5 percent. Assume all the following suggested audit procedures wo
d. Implementing an integrated test facility with auditor-submitted test items throughout period under analysis.
34. Which of the following statements, if true, would contribute to the control effectiveness of the computerized environment described above?
a. The company uses an automated access control program that identifies all users, data, and actions that can be
a. The company uses an automated access control program that identifies all users, data, and actions that can be taken by the users.
35. The auditor wishes to test controls over computer program changes. The specific objective to be addressed in the following audit step is that only authorized changes have been made to computer programs, (i.e.,, there are no unauthorized program change
c. Use generalized audit software to compare the table of contents of the program library currently with an auditor copy made previously. Compare and identify differences. Select a sample of the differences for further investigation.
36. Which of the following elements of Action 1 taken by the audit manager would be considered a violation of the Standards?
I. The type of audits was changed before modifying the charter and going to the audit committee.
II. Negative findings were omitte
a. I and II.
37. Considering Actions 2, 3 and 4 that were taken, which would be considered a violation of the Standards?
a. Actions 2, 3, and 4.
b. Action 4 only.
c. Action 2 and 3 only.
d. None of the Actions.
d. None of the Actions.
38. Is Action 5 a violation of the Standards?
a. Yes. Internal control should be evaluated on every audit, but the internal control questionnaire is not the mandated approach to evaluate the controls.
b. No. Auditors may omit necessary procedures if there
d. No. Auditors are not required to fill out internal control questionnaires on every audit.
39. Regarding Action 6, which of the following elements of the action would be considered a violation of the Standards?
a. Failing to report the lack of criteria to appropriate level of management.
b. Development a set of criteria to present to the audite
a. Failing to report the lack of criteria to appropriate level of management.
40. Given the acceptance of the cost savings audits and the scarcity of internal audit resources, the audit manager also decided that follow-up action was not needed. The manager reasoned that cost savings should be sufficient to motivate the auditee to i
c. Yes. Scarcity of resources is not sufficient reason to omit follow-up action.
41. Observation is considered a reliable audit procedure, but one that is limited in usefulness. However, it is used in a number of different audit situations. Which of the following statements is true regarding observation as an audit technique?
a. It is
c. It is rarely sufficient to satisfy any audit assertion other than existence.
42. A small city managed its own pension fund. According to city charter, the funds could be invested in bonds, money market funds, or high quality stocks only. The auditor has already verified the existence of the pension fund assets. The fund balance wa
b. Prepare a more detailed estimate of income by consulting a dividend and reporting service which lists the interest or dividends paid on specific stocks and bonds.
43. Which of the following would constitute a violation of The IIA's Code of Ethics?
a. Janice has accepted an assignment to audit the electronics manufacturing division. Janice has recently joined the internal auditing department. But she was senior audi
c. Jane is content with her career as an internal auditor and has come to look at it as a regular 9 to 5 job. She has not engaged in continuing professional education or other activities to improve her effectiveness during the last three years. However, s
44. Which of the following items might alert the auditor to the possibility of fraud in the division?
a. The division is not scheduled for an external audit this year.
b. Sales have increased by 10 percent.
c. A significant portion of management's compens
c. A significant portion of management's compensation is directly tied to reported net income of the division.
45. It is November and the audit manager is finalizing plans for a year-end audit of the division. Based on the above data, the audit procedure with highest priority would be to:
a. Select sales transactions and trace shipping documents to entries into co
b. Schedule a complete count of inventory at year-end and have the auditor observe and test the year-end inventory.
46. If the auditor decides there are significant problems with the standard cost system, the next audit step to perform would be to:
a. Interview divisional management to determine why the standard cost system has not been updated on a timely basis.
b. Se
d. Schedule all variances and determine their source and their disposition, i.e., whether they are allocated to inventory or cost of goods sold.
47. Assume the auditor found that there was a plan to overstate inventory and therefore increase reported profits for the division. If reported correctly, the division would not have shown an increase in net income. The auditor has substantial evidence th
b. Inform management and the audit committee of the findings and discuss proper follow-up action and/or further investigation with them.
48. Internal auditors and management have become increasingly concerned about computer fraud. Which of the following control procedures would be least important in preventing computer fraud?
a. Program change control which required a distinction between p
b. Testing of new applications by users during the systems development process.
d. Segregation of duties between the programmer and systems analyst.
49. The division had a large increase in sales in the previous year (19X2). Which of the following hypotheses would the data support regarding the potential cause of the sales increase? The division:
a. Reduced its selling price for most of its product li
b. Acquired another company and accounted for the purchase as a purchase transaction, not a pooling.
50. Which of the following would not explain the decrease in cost of goods sold as a percentage of sales ratio? The division:
a. Liquidated inventory in conjunction with a plan to bring its current ratio more in line with the industry average.
b. Increase
a. Liquidated inventory in conjunction with a plan to bring its current ratio more in line with the industry average.
51. The current ratio increased during the past year while the quick ratio decreased. Which of the following explanations would best explain the reason that the current ratio increased while the quick ratio decreased?
a. A substantial increase in accounts
b. The significant buildup of inventory.
52. Internal auditors are often called upon to either perform, or assist the external auditor in performing, a due diligence review. A due diligence review is:
a. A review of interim financial statements as directed by an underwriting firm.
b. An operatio
d. A review of financial statements and related disclosures in conjunction with a potential acquisition.
53. During an audit of a manufacturing division of a defense contractor, the auditor came across a scheme which looked like the company was inappropriately adding costs to a cost-plus governmental contract. The auditor discussed the manner with senior man
a. No. The auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved.
54. The internal auditing department encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential auditee. The nature of the scope limitation should be:
a. Noted in the audit working pa
c. Communicated, preferably in writing, to the board.
55. Management has requested the audit department to conduct an audit of the implementation of its recently developed company code of conduct. In preparing for the audit, the auditor reviews the newly developed code and compares it with several others for
b. Report the nature of the deficiencies in a formal report to management.
56. It is important that the auditor be able to carefully distinguish between a scope limitation and other limitations on the audit. According to the Standards, which of the following would not be considered a scope limitation?
a. The divisional managemen
b. The audit committee reviews that audit plan for the year and deletes an audit that the director thought was important to conduct.
57. An internal auditor, recently terminated from a company due to downsizing, has found a job with another company in the same industry. Which of the following disclosures made by the internal auditor to the new organization would constitute a violation
d. None of the above represent a violation of the Code.
58. Reporting a senior management and the board is an important part of the auditor's obligation. Which of the following items is not required to be reported to senior management and/or the board?
a. Subsequent to the completion of an audit, but prior to
a. Subsequent to the completion of an audit, but prior to the issuance of an audit report, the audit senior in charge of the audit was offered a permanent position in the auditee's department.
59. During a regularly scheduled EDP audit of a major division, the EDP auditor discovers a complicated programming algorithm that adds costs to a cost-plus program billing the government. The amount added accounted for 95 percent of the net income for th
a. Immediately report the circumstances and the EDP auditor's findings to the audit committee.
60. It has been established that an internal auditing charter is one of the more important factors positively affecting the internal auditing department's independence. The Standards help clarify the nature of the charter by providing guidelines as to the
c. The length of tenure for the internal auditing director.
61. Which of the following audit procedures would be most effective in determining whether material fraud was taking place?
a. Take a random sample of cash disbursements and trace to approved purchase orders and receiving slips.
b. Reconcile the perpetual
b. Reconcile the perpetual inventory to the general ledger and investigate any differences.
62. The auditor is responsible for evaluating the control structure to determine if the structure would allow for undetected fraud. Based on the above scenario, the most likely undetected fraud, if any, would be:
a. The purchasing agent could be purchasin
b. The purchasing agents could be sending fake purchase orders to a dummy vendor, inserting a receiving slip, and having payments made to the dummy vendor.
63. Which of the following control procedures, if properly implemented, would best decrease the likelihood of fraud in the environment described above?
a. Require periodic rotation of purchases among different vendors.
b. Require rotation of duties among
c. Require receiving reports be sent directly to accounts payable.
64. Auditors have learned that increased computerization has created more opportunities for computer fraud, but has also led to the development of computer audit techniques to detect frauds. A type of fraud that has occurred in the banking industry is a p
a. Parallel Simulation.
65. Which of the following audit procedures would be the best procedure to investigate this observation?
a. Use generalized audit software to sort payments to recipients by social worker. Then sort the payments by common addresses and names.
b. Implement
a. Use generalized audit software to sort payments to recipients by social worker. Then sort the payments by common addresses and names.
66. The auditor is considering making a recommendation on appropriate controls to address a potential problem of fictitious recipients. The auditor has identified the following control procedures as potential items to include in the recommendation.
I. Req
d. I, III, and IV.
67. Which of the following statements correctly characterizes the "red flags" literature that has recently developed in the auditing profession?
I. Red flags are items or actions that have been associated with fraudulent conduct.
II. The auditor should do
b. I and III.
68. Which of the following procedures would have most likely led to the discovery of the missing materials and the fraud?
a. Take a random sample of receiving reports and trace to the recording in the perpetual inventory record. Note differences and inves
c. Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences and investigating.
69. Assume the perpetrators confessed to the auditors. What is the appropriate auditor action?
a. Request the perpetrators sign the auditor's summary of the confession and include it in the working papers. Report the details to senior management for furth
a. Request the perpetrators sign the auditor's summary of the confession and include it in the working papers. Report the details to senior management for further action.
70. The preliminary survey indicates that severe staff reductions at the audit location have resulted in extensive amounts of overtime among accounting staff. Department members are visibly stressed and very vocal about the effects of the cutbacks. Accoun
a. Discuss these findings with audit management to determine whether further audit work would be an efficient use of audit resources at this time.
1. A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allo
c. Overpayment for partial deliveries.
2. The auditor finds a situation where one person` has the ability to collect receivables, make deposits, issue credit memos, and record receipt of payments. The auditor suspects the individual may be stealing from cash receipts. Which of the following au
c. Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.
3. An internal auditor is auditing a division's accounts and is concerned that the division's management may have shipped poor quality merchandise in order to boost sales and profitability for the year and thereby boost the division manager's bonus. Furth
d. Require the division to take a complete physical inventory at year end, and observe the taking of the inventory.
5. Which of the following is not a benefit of using information technology in solving audit problems?
a. It helps reduce audit risk.
b. It improves the timeliness of the audit.
c. It increases audit opportunities.
d. It improves the auditor's judgment.
d. It improves the auditor's judgment.
6. In some countries, governmental units have established audit standards. For example, in the United States, the General Accounting Office has developed standards for the conduct of governmental audits, particularly those that relate to compliance with g
d. Follow both the IIA Standards and any additional governmental standards.
7. The auditor randomly selects participants in the job retraining program for the past year to verify that they had met all the eligibility requirements. This type of audit is best referred to-as a(n):
a. Compliance audit.
b. Operational audit.
c. Econom
a. Compliance audit.
8. The auditor plans an audit of the job retraining program to verify that the program complies with applicable grant provisions. One of the provisions is that the city adopt a budget for the program and subsequently follow procedures to ensure that the b
b. Determine that the budget was reviewed and approved by supervisory personnel within the granting agency.
9. The auditor must determine the applicable laws and regulations. Which of the following procedures would be the least effective in learning about the applicable laws and regulations?
a. Make inquiries of the city's chief financial officer, legal counsel
d. Discuss the matter with the audit committee and make inquiries as to the nature of the requirements and the audit
10. An auditor notes that production is often stopped or hampered by raw materials inventory not being present when needed. Which of the following statements are correct based on this information alone?
I. The auditor should investigate the quality of com
c. I and Ill.
11. Which of the following would be the least important risk factor when considering the ability to integrate the two companies' computer systems?
a. The number of programmers and systems analysts employed by each company.
b. The extent of EDI connections
a. The number of programmers and systems analysts employed by each company.
12. During the first meeting, a disagreement occurs over the approach taken regarding store compliance. The audit director for company B questions company A's extensive use of store compliance testing, stating that the approach is neither responsive to ma
a. I only.
13. The audit director for company B decides to review selected store compliance audit reports issued by the internal audit department of company A. Upon reviewing the reports, the director comments that most items included in the report are inappropriate
b. II only
14. One auditor has suggested that each audit department conduct an audit of consumer satisfaction that would include an analysis of: (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returne
b. The survey would not consider customers who did not make purchases in the last three months.
15. One manager has suggested that the audit teams jointly examine the corporate culture and the "tone at the top" to identify control risks associated with the proposed merger. Which of the following statements is correct?
a. The corporate culture is not
d. None of the above.
16. In analyzing the differences between the two companies, the audit director of company A notes that company A has a formal corporate code of ethics while company B does not. The code of ethics covers such things as purchase agreements and relationships
b. II only.
17. Company A's audit director, who is also a CIA, faces an ethical dilemma. For an audit in process, persuasive evidence indicates that a top manager has been involved in insider trading. The extent and type of trading is such that the trading would be c
b. Discontinue audit work associated with the insider trading. Report the preliminary findings to the chairperson of the audit committee and recommend an investigation.
18. The two organizations agree to share data on store operations. The data reveal that three stores in company A are characterized by:
� significantly lower gross margins,
� higher-than-average sales volume, and
� higher levels of employee bonuses.
The t
d. Promotional activities that offer large discounts coupled with the payment of commissions to employees who reach targeted sales goals.
19. Assume the auditor concludes that the most reasonable explanation of the observed data in the prior question is that inventory fraud is taking place in the three stores. Which of the following audit activities would provide the most persuasive evidenc
c. Schedule a surprise inventory audit to include a physical inventory. Investigate areas of inventory shrinkage.
20. Which of the following procedures would provide the most relevant evidence to determine the adequacy of the allowance for doubtful accounts receivable?
a. Confirm the receivables.
b. Analyze the following month's payments on the accounts receivable ba
d. Analyze the allowance through an aging of receivables and an analysis of current economic data.
21. A consultant's employees will be working on an organization's property using heavy equipment to handle potentially hazardous materials. Although it is believed that the consultant selected is technically competent, which of the following is a control
b. The consultant should be required to prepare and submit regular reports over the duration of the project demonstrating that employees have been trained, that they are aware of hazards, and that the work area is inspected regularly for practices potenti
22. The auditor is reviewing the company's policy regarding investing in financial derivatives. The auditor would normally expect to find all of the following in the policy except:
a. A statement indicating whether derivatives are to be used for hedging o
d. A statement requiring board review of each transaction because of the risk involved in such transactions.
23. An investment portfolio manager has the authority to use financial derivatives to hedge transactions but is not supposed to take speculative positions. However, the manager launches a scheme which includes: (1) taking a position larger than required b
a. Examine individual trades to determine whether the trades violate the authorization limit for the manager.
24. Assume that the director of internal auditing determines that the department does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following actions would be the least acceptable?
a. Notify the audit co
c. Notify the audit committee of the problem and assign the most competent auditors to the job.
25. A company is considering purchasing a commercial property. Because of the location of the property and the known recent history of activities on the property, management has asked the internal audit department, in cooperation with company counsel, to
a. The potential for future liability may outweigh any advantages achieved by obtaining the property.
26. Audit committees have been identified as a major factor in promoting both the internal and external auditor's independence. Which of the following is the most important limitation on the effectiveness of audit committees?
a. Audit committees may be co
a. Audit committees may be composed of independent directors. However, those directors. may have close personal and professional friendships with management.
27. Which of the following statements best
describes aces auditor's responsibility for follow up activities related to a previous audit?
a. The auditor should determine if corrective action has been taken and is achieving the desired results or if managem
a. The auditor should determine if corrective action has been taken and is achieving the desired results or if management or the board has assumed the risk of not taking the corrective action.
28. Assume that an auditor's findings are so serious that, in the auditor's view, they require immediate action by management. Which of the following statements regarding the auditor's responsibility with respect to reporting and follow up are correct?
I.
d. I, II, and III.
29. An audit manager has just returned from an executive training program and has suggested that the audit department develop a mathematical model to help identify factors that may be causing changes in the cost of production. According to the manager, th
c. Develop a multiple regression analysis of production costs including such variables as raw material inventory costs, number of employees in the department, and overtime pay.
30. An auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished goods inventory. The analysis would be potentially useful in:
a. Identifying products for which management has not been attuned to changes in ma
d. All of the above.
31. An internal auditor finds that senior management has given tacit approval to activities which have resulted in prematurely recognizing revenue for goods that were not shipped. A preliminary investigation corroborates the auditor's initial findings. As
d. All of the above.
32. Which of the following would be permissible under the IIA Code of Ethics?
a. Disclosing confidential, audit-related, information that is potentially damaging to the organization in a court of law in response to a subpoena.
b. Using audit-related infor
a. Disclosing confidential, audit-related, information that is potentially damaging to the organization in a court of law in response to a subpoena.
33. During an audit, an employee with whom you have developed a good working relationship informs you that she has some information about top management which would be damaging to the organization and may concern illegal activities. The employee does not
a. Assure the employee that you can maintain her anonymity and listen to the information.
34. Which of the following describes a control weakness?
a. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor.
b. Prenumbered blank purchase orders are secured within the purchasing department.
a. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor.
35. In order to test whether data currently within the automated system are correct, the auditor should:
a. Use test data and determine whether all the data entered are captured correctly in the updated database.
b. Take a sample of data to be entered for
d. Use generalized audit software to select a sample of employees from the database, and verify the data fields.
36. The automated system contains a table of pay rates which is matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:
a. Limit access to the data table to manage
b. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.
37. An employee in the payroll department is contemplating a fraud which would involve the addition of a fictitious employee and the input of fictitious hours worked. The paycheck would then be sent to the payroll employee's home address. The most effecti
a. A report of all new employees added be approved by someone outside of the payroll department. Require that reports showing all employees and hours worked be sent to the supervisor's department for review.
38. Human resources and payroll are separate departments. Which of the following combinations would provide the best segregation of duties?
a. Human resources adds employees, payroll processes hours, and human resources delivers the paychecks to employees
c. Human resources adds employees, and payroll processes hours and enters employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.
39. The auditor is concerned that retired employees are not receiving the correct benefits. Which of the following auditing procedures would be the least effective in addressing this concern?
a. Take a sample of employees added to the retirement list for
a. Take a sample of employees added to the retirement list for a specified time period, for example, a day or a week, and determine that they are scheduled for the appropriate benefits.
40. The auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit invest
c. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
43. An internal auditor for a large regional bank holding company was asked to serve on the board of directors of a local bank. The bank competes in many of the same markets as the bank holding company, but focuses more on consumer financing than on busin
c. I and II.
44. The auditor needs to determine the scope of the proposed audit of insurance coverage by the company. Which of the following statements are correct regarding the potential scope of the audit?
I. Since it is an internal audit, the audit department shoul
d. II and III.
45. Which of the following analytical review procedures would provide the most insight into the reasonableness of the increase in health care costs?
a. Develop a comparison of the costs incurred with similar costs incurred by other companies.
b. Obtain th
b. Obtain the government index of health care costs for the comparable period of time and compare the rate of increase with that, of the cost per employee incurred by the company.
46. Without prejudice to your response to question 45, assume that the auditor finds that total health insurance costs for the organization are 10% higher per employee than for comparable companies in the same industry. Based on this finding, the auditor
d. None of the above.
47. Assume that the auditor wishes to test whether the health care processor is meeting contract requirements regarding the proper payment or denial of employee claims. The best audit approach would be to take a sample of:
a. Employees and interview them
c. Claims filed with the health care processor and determine whether they were either appropriately paid or denied.
48. When the audit was assigned, management asked the auditor to evaluate the appropriateness of using self-insurance to minimize risk to the organization. Given the scope of the audit requested by management, should the auditor engage an actuarial consul
d. Yes. The actuary has skills, not usually found in auditors, to identify and quantify self-insurance risks.
50. Assume the auditor becomes concerned that significant fraud may be taking place by dentists who are billing the health care processor for services that were not provided. For example, employees may have their teeth cleaned, but the dentist charges the
d. Take a discovery sample' of employee claims which were submitted through dentist offices, and confirm the type of service performed by the dentist through direct correspondence with the employee who had the service performed.
51. The health care processor wishes to implement controls that would help prevent the type of fraud described in the prior question. Assume further that all the claims are submitted electronically to the health care processor. Which of the following cont
a. Develop a program which identifies procedures performed on an individual in excess of expectations based on: the age of the employee, whether a similar procedure was performed recently, or the average cost per claim.
52. Assume that the auditor's preliminary find ings indicate that certain dentists are billing the health care processor for services that were not provided and that this practice is not being detected or prevented by the health care processor. The audito
d. Classical variables estimation of claims submitted by the suspected dentists stratified by dollar amount of services performed.
53. An internal auditor has been requested to perform a review of the company's process for developing accruals for its liability to clean up toxic waste sites. The audit should determine whether:
a. The company monitors governmental investigations to ide
d. All of the above.
54. During an operational audit, an auditor observes a large number of above-ground storage containers and a large amount of black emissions from a company smokestack. The organization has an environmental safety department. The audit engagement is not de
c. Document the observations and report them to the environmental safety department. Determine if their response will be timely, and follow-up to determine if they have taken timely action.
55. The internal audit department can be involved with systems development continuously, at the end of specific stages, after imple-mentation, or not at all. An advantage of continuous internal audit involvement compared to the other two types of involvem
c. Redesign costs can be minimized.
56. Of the following management requests, which is within the normal audit scope as
stated in the Standards?
a. Perform an independent evaluation of management's planning process as a basis for making recommendations.
b. Talk with banks to identify financ
a. Perform an independent evaluation of management's planning process as a basis for making recommendations.
57. Which of the following factors might best indicate the possibility of fraudulent activity
in the production process?
a. Employee overtime has increased 50% during the past year.
b. Although scrap is generated, there is no income reported from scrap sa
b. Although scrap is generated, there is no income reported from scrap sales.
58. Management requests the auditor to examine factors which would help improve the efficiency with which resources are used in the purchasing and production processes. Which of the following procedures would be the least effective in addressing managemen
d. Compare the company's total cost of goods sold, as a percentage of total sales, with industry averages.
59. Management is concerned that employee productivity and morale may be decreasing even though production workers are being paid more overtime wages. Which of the following audit procedures would be least effective in addressing this concern?
a. Develop
a. Develop a schedule of employee pay and analyze changes in overtime pay.
60. An internal audit department had been requested to perform an audit to determine whether the organization was in compliance with a particular set of laws and regulations. The audit did not reveal any issues of non-compliance but did reveal that the or
d. I, 11, III, and IV.
61. Which of the following, if observed, would not indicate the need to search for other indicators of fraud?
a. The standard of living of one of the purchasing agents has increased.
b. The internal control structure has significant weaknesses.
c. Managem
c. Management, at the purchasing agents' request, has adopted a policy of paying vendors on a more timely basis to avoid incurring penalty charges.
62. Which of the following statements regard ing the internal auditor's responsibility for detecting fraud in the environment described in the scenario above is not correct? The auditor should:
a. Detect fraud if "red flags" are present in the environment
a. Detect fraud if "red flags" are present in the environment.
63. Management has requested that the auditor investigate the possibility of kickbacks going to a purchasing agent. Which of the following procedures would be least effective in addressing management's concern?
a. Confirm all contract terms with vendors.
a. Confirm all contract terms with vendors.
64. An organization has outsourced many services, including waste collection, cafeteria, and custodial services, which had previously been performed internally. Management requests an audit of contract compliance and the overall performance of the compani
a. Comparison of current costs with the costs of performing the same services before they were outsourced.
d. Comparison of identified activities for each outsourcer with "best practices" of other outsourcers.
65. Which of the following audit procedures would provide the least relevant evidence in determining that payroll payments were made to bona fide employees?
a. Reconcile time cards in use to employees on the job.
b. Examine canceled checks for proper endo
d. Test the payroll account bank reconciliation by tracing outstanding checks to the payroll register.
66. Which of these statements should be in the criteria section of the finding?
a. II only. b. III only. c. III and IV only. d. V only.
c. III and IV only
67. Which of these statements should be in the condition section of the finding?
a. I only. b. IV only. c. VI only. d. VII only.
a. I only
68. Which of these statements should be in the cause section of the finding?
a. I only. b. II only. c. VI only . d. VII only.
b. II only
69. Which of these statements should be in the effect section of the finding?
a. II only. b. III only. c. V only. d. VI only.
d. VI only
70. Which of these statements should be in the recommendation section of the finding?
a. III only. b. III and IV only. c. V only. d. VI only.
c. V only
1. Regarding item A only, which of the following audit conclusions is justified?
a. There is a 15% deviation rate in total loans processed.
b. There is a problem in processing that should be followed up by the auditor to determine why 15 of the loans may
d. None of the above.
2. Regarding item B, which of the following would be correct?
I. The sample deviation rate exceeds 4%.
II. The auditor should examine the nature of the loans approved by the vice president to see if there is a pattern.
III. The audit finding should be inc
d. I, II, and III.
3. Assume with regard to item B, the vice president asks the loan committee to review the loans on an after-the-fact basis. Assume further, upon this subsequent review, the loan committee approves the loans on the after-the-fact basis. Which of the follow
b. II only.
4. Regarding item C, which of the following actions would be inappropriate on the part of the auditor?
a. Examine the loans to determine if there is a pattern of the loans to companies. Summarize amounts and include in the audit report.
b. Report the amou
b. Report the amounts of the loan committee and leave it up to them to correct. Take no further follow-up action at this time and do not include the items in the audit report.
5. Regarding item D, which of the following would be correct?
I. The deviation rate is under 4%, therefore the finding need not be reported to management and the audit committee.
II. The auditor should review appropriate regulations and possibly get legal
c. II and IV.
6. Regarding item E, which of the following conclusions/audit actions is appropriate?
a. There is no audit finding since the loan committee approved all of the loans.
b. Before issuing a final audit report, the auditor should investigate to determine the
b. Before issuing a final audit report, the auditor should investigate to determine the reasons for the lack of documentation and timely submittal to the loan committee and include that analysis in the report.
7. The first phase of the risk assessment process is to identify and catalog and auditable activities of the organization. Which of the following would not be considered an auditable activity?
a. The agenda established by the audit committee for one of it
a. The agenda established by the audit committee for one of its quarterly meetings.
8. Management is concerned abut the lower level of profitability in the Mid-Central Region. Which of the following would be a reasonable possible explanation(s) of the lower profitability for the Mid-Central Region?
I. Leasing and maintenance expenses are
c. II and III only
9. Based on the previous information, which of the following preliminary conclusions can the auditor use as a basis for further investigations?
a. Sales per store are directly related to the size of the store.
b. Sales clerks are less productive in larger
a. Sales per store are directly related to the size of the store.
10. Which one of the following statements is not correct regarding the auditor's further analysis?
a. The Mid-Central Region has fewer average full-time equivalent employees per store than the other regions per store.
b. The other regions all generate hig
b. The other regions all generate higher sales per square foot than the Mid-Central Region.
11. Management has centralized purchasing and uses a model based upon previous year's sales with adjustments for trends in the marketplace, e.g., the trend to more casual shoes. A staff auditor has suggested that the centralized purchasing may be one of t
d. Perform a product-line analysis of sales and purchases in the Mid-Central Region and compare with other regions.
12. The director of internal auditing for an organization has just completed a risk assessment process, identified the areas with the highest risks, and assigned an audit priority to each. Which of the following conclusions logically follow from such a ri
b. III only.
13. Which of the following represents appropriate internal audit action in response to the risk assessment process?
I. The low risk areas may be delegated to the external auditor, but the high risk areas should be performed by the internal auditing functi
b. II only
14. Internal auditing is unique in that its scope often encompasses all areas of an organization. Thus, it is not possible for each internal auditor to possess detailed competence in all areas which might be audited. Which of the following competencies is
c. Understanding of management principles.
15. The internal auditor is considering performing risk analysis as a basis for determining which areas of the organization ought to be examined. Which one of the following statements is correct regarding risk analysis?
a. The extent to which management j
a. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
16. A restaurant food chain has over 680 restaurants. All food orders for each restaurant are required to be input into an electronic device which records all food orders by food servers and transmits the order to the kitchen for preparation. All food ser
c. Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin.
17. The director of internal auditing set up a computerized spreadsheet to facilitate the risk assessment process involving a number of different divisions in the organization. The spreadsheet included the following factors:
� pressure on divisional manag
d. Using a subjective group consensus to assess personnel competence is appropriate.
18. It would be appropriate for internal auditing departments to use consultants with expertise in health care benefits when the internal auditing department is:
a. Conducting an audit of the organization's estimate of its liability for post- retirement b
d. All of the above.
19. Which of the following would best describe the reason that the division has experienced growth in both the number of employees and market share during 1995?
a. Increased productivity per employee.
b. Increase in the housing price index for the region.
d. Acquisition of another building company during the year.
20. Which of the following audit procedures should be performed to verify the accrued revenue recorded for the jobs in progress account at year-end 1995?
I. Take a sample of jobs listed in progress at year-end and physically observe the construction sites
d. I, II, and III.
21. The auditor is interested in the increase in net income for the year and investigates the cost of materials assigned to home production during the year and compares it to changes in the building materials price index. The auditor finds that building m
d. The organization had overstated its beginning of the year inventory, but the amounts were corrected when the new subsidiary was acquired during the year.
22. The organization sells its homes with a 10-year warranty against defects and has chosen to insure the warranty costs itself. The auditor is concerned that the organization may be understating these warranty costs by making optimistic assumptions regar
b. Take a sample of the debits to warranty expense and trace to purchases of building materials to verify the correct posting of the account.
23. Which of the following hypotheses is warranted from the preliminary data and should be considered by the auditor in determining the scope of the audit for 1995?
a. The division is using its work force more efficiently than it had in the two previous y
c. An unusually large part of recorded income in 1995 is due to accrued revenue for jobs in progress.
24. In which year did the division have the highest productivity in terms of numbers of homes built?
a. 1992.
b. 1993.
c. 1994.
d. 1995.
b. 1993.
25. Which of the following procedures would be the least appropriate audit procedure to address these analytical findings?
a. Note the explanation in the working papers for investigation during the next audit and perform no further work at this time.
b. D
a. Note the explanation in the working papers for investigation during the next audit and perform no further work at this time.
26. Assume the auditor did not find a satisfactory explanation for the results of the analytical procedures performed and has conducted the appropriate follow-up procedures The audit of the area is otherwise complete. Which of the following would be the m
c. Report the findings, as they are, to management and recommend an investigation for possible irregularities.
27. An auditor performs an analytical review by comparing the gross margins of various divisional operations with those of other divisions and with the individual division's performance in previous years. The auditor notes a significant increase in the gr
c. An overstatement of year-end inventory.
28. As organizations become more computer integrated, management is becoming increasingly concerned with the quality of access controls to the computer system. Which of the following provides the most accountability?
Option I. Option II. Option III. Optio
a. Option I.
29. The auditor wants to determine whether or not the computer program is appropriately matching the purchase receipts, and vendor invoices throughout the year. Which one of the following computerized audit techniques would be most efficient and effective
b. Use an integrated test facility throughout the year.
30. The auditor wants to determine the extent to which items are not matched at year-end and investigate the potential cause of the non-matching items. Which one of the following audit procedures would be most effective in determining the items to investi
d. Use generalized audit software to read the electronically marked unmatched items.
31. Management's enthusiasm for computer security seems to vary with changes in the environment, particularly the occurrence of other computer disasters. Which of the following concepts should be addressed when making comprehensive recommendation regardin
d. I, II, and III.
32. Most large-scale computer systems maintain at least three program libraries: production library (for running programs); source code library (maintains original source coding); and test library (for programs which are being changed). Which of the follo
c. Only the program librarian should be allowed to make changes to the production library.
33. Which of the following control procedures would be lease effective in assuring that the correct product is shipped and billed at the appropriate price?
a. Self-checking digits are used on all products numbers and customers must order from a catalog wi
c. The customer service representative prepares batch totals of the number of items ordered and the total dollar amount of the orders.
34. The auditor wants to determine that only the marketing manager and other designated personnel in the department have approved changes to the price of products in the product database. Which of the following audit procedures would provide the most pers
d. Obtain a computerized log of all changes made to the price database. Take a random sample of changes and trace to a signed document by the person authorizing the change.
35. The auditor wants to gain assurance that all telephone orders received were shipped and billed in a timely fashion. Which of the following audit procedures would be most effective in meeting the auditor's objective?
a. Use an integrated test facility
b. Take the computer log of incoming orders and use generalized audit software to compare order date to invoice and shipping date in the sales invoice file.
36. Most organizations are concerned about the potential compromise of passwords. Which of the following procedures would be the most effective in controlling against a perpetrator obtaining someone else's password?
a. Allow only the users to change their
c. Implement the use of "see-through" authentication techniques whereby the user uses a card to generate a password and verifies both the key and the generated password to the system.
37. An internal auditor is assigned to conduct an audit of security of a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financia
d. The level of security of other LANS in the company which also utilize sensitive data.
38. An internal auditor conducts a preliminary survey and identifies a number of significant audit issues and reasons for pursuing them in more depth. The auditee informally communicates concurrence with the preliminary survey results and asks that the au
c. Consider the audit to be terminated with no report needed since the auditee has already agreed to take constructive action.
39. The Standards specify that supervision of the work of internal auditors be "carried out continuously." Which of the following statements regarding supervision is correct?
I. "Continuously" indicates that supervision should be performed throughout the
d. I, II, and III
40. The auditor has planned an audit of the effectiveness of the quality assurance function as it affects the receiving of goods, transfer of the goods into production, and the scrap costs related to defective items. The auditee argues that such an audit
a. Refer to the audit department charter and the approved audit plan which includes the area designated for audit in the current time period.
41. A significant part of the auditor's working papers will be the conclusions reached by the auditor regarding the audit area. In some situations, the supervisor might not agree with the conclusions and will ask the staff auditor to perform more work. As
d. Present both conclusions in the audit report and let management and the auditee react to both.
42. Corporate management has just implemented a policy that every department must downsize by immediately cutting 10% of each department's staff and budget. The director of internal auditing has reacted to the organization's recent plans for "downsizing
c. The director should have re-prioritized risks and cut out specific audit engagements, rather than cutting 10% across the board.
43. The Standards state that internal auditors are "responsible for continuing their education in order to maintain their proficiency." Which of the following is correct regarding the continuing education requirements of the practicing internal auditor?
a
b. CIAs have formal requirements that must be met in order to continue as a CIA.
44. Which of the following combinations best illustrates a scope limitation and the appropriate response by the director of internal auditing?
Nature of Limitation Intenal Auditing Action
a. Auditee limits scope of audit based upon proprietary information
b. Auditee will not provide
access to records needed
for approved audit work plan. Report to the board
45. In considering the internal auditing department's independence, which of the following facts, by themselves, could contribute to a lack of internal audit independence?
I. The CEO accused the previous director of not operating "in the best interests of
c. II and III only.
d. I, II, III.
46. Given the current dispute with an auditee regarding audit scope, which of the following internal auditing actions are not appropriate?
a. Meet with the board to obtain approval of the audit charter to mitigate the existence of this problem and similar
d. Indicate the auditee that if the resistance continues, the auditing department will not be available to perform cost/benefit audits for the department in the future.
47. Management has requested the internal auditing department to perform an operational audit of the telephone marketing operations of a major division and to recommend procedures and policies for improving management control over the operation. The audit
d. Accept the audit engagement because independence would not be impaired.
48. A new staff auditor has been assigned to an audit of the cash management operations of the organization. The staff auditor has no background in cash management and this is the auditor's first audit. Under which of the following conditions would the in
a. The senior auditor is skilled in the area and closely supervises the staff auditor.
49. Communication skills are important to internal auditors. According to the Standards, the auditor should be able to effectively convey all of the following to the auditee except:
a. The audit objectives designed for a specific auditable entity.
b. The
c. The risk assessment used in selecting the area for audit investigation.
50. Auditors have been advised to look at "red flags" to determine whether management is involved in a fraud. Which of the following does not represent a difficulty in using the "red flags" as fraud indicators?
a. Many common red flags are also associated
d. The red flags literature is not well enough established to have a positive impact on auditing.
51. Today's internal auditor will often encounter a wide range of potential ethical dilemmas, not all of which are explicitly addressed by The Institute of Internal Auditors' Code of Ethics. If the auditor encounters such a dilemma, the auditor should alw
b. Consider all parties affected and the potential consequences of actions, and take an action consistent with the objectives of internal auditing and the concepts embodied in The Institute of Internal Auditors' Code of Ethics.
52. An internal auditor has been assigned to audit a foreign subsidiary. The auditor is aware that the social climate of the country is such that "facilitating payments" (bribes) are often used to make things happen and are an accepted part of that societ
a. Not accept the payment since such acceptance would be in conflict with the Code of Ethics.
53. An auditor has uncovered facts which could be interpreted as indicating unlawful activity on the part of an auditee. The auditor decides not to inform senior management of these facts since he cannot prove that an irregularity occurred. The auditor, h
d. Has violated the Standards because the auditor should inform the appropriate authorities in the organization if fraud may be indicated.
54. A new staff auditor was told to perform an audit in an area with which the auditor was not familiar. Because of time constraints, there was no supervision of the audit. The auditor was given the assignment because if represented a good learning experi
b. The audit department violated the Standards by not providing adequate supervision.
55. During the course of an audit, the auditor makes a preliminary determination that a major division has been inappropriately capitalizing research and development expense. The audit is not yet completed and the auditor has not documented the problem or
b. Inform the president that this scope limitation will need to be reported to the chairperson of the audit committee.
56. An auditor finds a situation where there is some suspicion, but no evidence, of potential misstatement. The standard of due professional care would be violated if the auditor:
a. Identified potential ways in which an error could occur and ranked the i
c. Did not test for possible misstatement because the audit program had already been approved by audit management.
57. Governmental auditors have been increasingly called upon to perform audits to determine whether or not individuals are getting extra social welfare payments. One common type of welfare fraud is individuals receiving more than one social welfare paymen
b. Generalized audit software.
58. Which of the following indicators is least likely to indicate the possibility of sales-related fraud in the division?
a. A significant portion of divisional management compensation is based on reported divisional profits.
b. There is an unusually larg
d. One of the division's major competitors went out of business during the year.
59. If the auditor continued to suspect fraudulent recording of transactions to increase reported profits, which of the following audit procedures would be least effective?
a. Take a physical inventory.
b. Develop a schedule of inventory by month and inve
b. Develop a schedule of inventory by month and investigate unusual fluctuations and gross margin by month.
60. Without prejudice to your answers on the previous question, assume that the analysis shows unusually high sales and gross margin during the months of November and December and the auditor wishes to investigate further. Which of the following audit pro
b. Confirm accounts receivable with large customers.
61. The auditor has not yet performed any detailed audit work. Based on the information given, the most appropriate action for the auditor to take would be to:
a. Report the items to divisional management and ask for their explanation before determining w
b. Take a sample of the items on hand and trace to underlying documents, such receiving reports and sales orders, to determine how the goods were handled.
62. Assume the auditor found that most of the goods were repaired and sold as new items. Such sales are both (1) against company policy; and (2) against governmental regulations. The auditor does not know whether or not fraud was involved or the extent th
c. Divisional management, the audit committee, and senior management.
d. The audit committee and top management only.
63. Assume that subsequent investigation shows that previously issued financial statements were materially misstated due to the improper recognition of sales. The auditor's next step should be to:
a. Immediately inform the external auditor and the divisio
d. Inform senior management, the board, and the audit committee.
64. Insurance companies are beginning to receive hospitalization claims directly from hospitals by computer media; no paper is transmitted from the hospital to the insurance company. Which of the following control procedures would be most effective in det
b. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic classes for investigation by the claims department.
65. The auditor suspects a disbursements fraud whereby an unknown employee(s) is submitting and approving invoices for payment. Before discussing the potential fraud with management, the auditor decides to gather additional evidence. Which of the followin
a. Use audit software to develop a list of vendors with post office box numbers or other unusual features. Select a sample of those items and trace to supporting documents such as receiving reports.
66. Monitoring is an important component of internal control. Which of the following items would not be an example of monitoring?
a. Management regularly compares divisional performance with budgets for the division.
b. Data processing management regularl
c. Data processing management regularly reconciles batch controls totals for items processed with batch controls for items submitted.
67. Auditors regularly evaluate controls and control procedures. Which of the following best describes the concept of control as recognized by internal auditors?
a. Management regularly discharges personnel who do not perform up to expectations.
b. Manage
b. Management takes action to enhance the likelihood that established goals and objectives will be achieved.
68. Auditors are operating in organizations in which management is in the process of "reengineering" operations with strong emphasis on total quality management techniques. In their quest to gain efficiency in processing, many of the traditional control p
d. All of the above.
69. One criticism of the banking industry is that loan committees were not properly carrying out their function of examining proposed loans, determining that proper collateral exists, and assessing the associated risk before approving the loan. In gatheri
c. Examine individual loans for signatures of the committee members and determine the amount of loans made during each meeting and an approximation of time spent in approving the loans.
70. Auditors need to determine if management has established criteria to determine if goals and objectives have been accomplished. If the auditor determines such criteria are inadequate or non-existent, which of the following actions would be appropriate?
c. I, II, and III.
1. The primary purpose for performing a follow-up review is to:
a. Ensure timely consideration of the internal auditors' recommendations.
b. Ascertain that appropriate action was taken on reported findings.
c. Allow the internal auditors to evaluate the e
b. Ascertain that appropriate action was taken on reported findings.
2. Assume that senior management has decided to accept the risk involved in failure to document the basis for lease-versus-purchase decisions involving company automobiles. In such a case, what would be the auditors' reporting obligation?
a. The auditors
a. The auditors have no further reporting responsibility.
3. Auditors realize that at times corrective action is not taken even when agreed to by the appropriate parties. This should lead an internal auditor to:
a. Decide the extent of necessary follow-up work.
b. Allow management to decide when to follow-up, si
a. Decide the extent of necessary follow-up work.
4. A perpetual inventory system uses a minimum quantity on hand to initiate purchase ordering procedures for restocking. In reviewing the appropriateness of the minimum quantity level established by the stores department, the auditor would be least likely
c. Optimal order sizes determined by the economic order quantities model.
5. In publicly held companies, management often requires the internal auditing department's involvement with quarterly financial statements that are made public and/or used internally. Which one of the following is generally not a reason for such involvem
c. The Standards state that internal auditors should be involved with reviewing quarterly financial statements.
6. Discuss the matter with plant security.
What priority should the above actions have?
a. 1, 6, and 4.
b. 4, 5, and 6.
c. 6, 5, and 1.
d. 2, 3, and 4.
b. 4, 5, and 6.
7. To better monitor the performance of operating management, executive management has requested that the internal auditors examine interim financial statements which are prepared for internal use only. Although interim financial statements have been prep
b. The timing of revenue recognition and the valuation of inventories.
8. In order to prevent maintenance materials from being charged incorrectly to capital projects, the accounting information system should:
a. Verify that the project number being entered contains the required number of characters.
b. Authenticate the user
c. Use tables of project numbers and material requirements.
9. An auditor is reviewing monthly reports distributed by management information system (MIS) output personnel to determine if access to confidential information is limited to project supervisors. Which of the following steps should the auditor perform?
I
c. II only.
10. Monthly project reports compare actual costs to original budget estimates and compute variances. Project variations greater than 10 percent of budget require subsequent explanation and approval by the supervisor. Which of the following audit test(s) w
a. IV only.
11. A decentralized production facility uses a mini-computer to process inventory and production records. The computer system transmits data to the main production facility as a batch process each day. Which of the following would the auditor perform as p
c. I and II only.
12. A manufacturing firm uses hazardous materials in production of its products. An audit of these hazardous materials may include:
I. Recommending an environmental management system as a part of policies and procedures.
II. Verifying the existence of "cr
c. I, II, and IV.
13. Obsolete or scrap materials are charged to a predefined project number. The material is segregated into specified bin locations and eventually transported to a public auction for sale.
In order to reduce the risks associated with this process, a compa
b. I only.
14. A manufacturing firm uses large quantities of small inexpensive items such as nuts, bolts, washers, and gloves in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor
b. Require management review of reports on the cost of consumable items used in relation to budget.
15. A manufacturing firm's inventory includes a significant investment in precious metals. The auditors' review of management's system of internal controls over these items most likely would include:
I. Reviewing procedures to ensure that the value of the
b. I and IV.
16. Inventory levels for a packing facility are controlled by the use of just-in-time techniques. If the auditor's objective is to evaluate ordering and stocking standards, which of the following procedures would be relevant?
I. Using audit software to co
d. I and II.
17. In applying the standards of conduct set forth in the Code of Ethics, internal auditors are expected to:
a. Exercise their individual judgment.
b. Compare them to standards in other professions.
c. Be guided by the desires of the auditee.
d. Use discr
a. Exercise their individual judgment.
18. The reconciliation of the summary report to the day's material request forms by the parts room supervisor:
a. Verifies that all material request forms were approved.
b. Provides documentation as to what material was available for a specific transactio
d. Ensures the accuracy and completeness of data input.
19. The use of transaction codes provides the fleet manager with information concerning the types of inventory activity. The auditor is considering an analytical review of transaction codes and materials used. The objective of this review is to:
a. Provid
d. Identify possible material lost due to employee theft.
20. If a manufacturing firm has established a limit on the number of defects that are tolerable in the final assembly of its product, which of the following quality control procedures should be employed?
I. Inspect completed goods for compliance with esta
c. I, II, and III
21. Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
a. Determine whether agreed-upon lot sizes were sent by vendors.
b. Determine whether only authorized items were received from vendors.
c.
c. Determine whether the balances owed to vendors are correct.
22. Management is evaluating the need for an environmental audit program. Which one of the following should not be included as an overall program objective?
a. Conduct site assessments at both facilities.
b. Verify company compliance with all environmenta
a. Conduct site assessments at both facilities.
23. If the internal auditing department is assigned the responsibility of conducting an environmental audit, which of the following actions should be performed first?
a. Conduct risk assessments for each site.
b. Review company policies and procedures.
c.
b. Review company policies and procedures.
24. An advantage of conducting environmental audits under the direction of the internal auditing department would be that:
a. Independence and authority are already in place.
b. Technical expertise is more readily available.
c. The financial aspects are d
a. Independence and authority are already in place.
25. In many countries the company generating hazardous waste is responsible for the waste from "cradle to grave" (creation to destruction). A potential risk to the company is the use of an outside vendor to process hazardous waste. Which of the following
d. All of the above.
26. Management is exploring different ways of reducing or preventing pollution in manufacturing operations. The objective of a pollution prevention audit is to identify opportunities where waste can be minimized and pollution can be eliminated at the sour
b. IV, II, I, III, and V.
27. When the labor cost accounting component of the application was first implemented, it did not meet certain business requirements in the department and had to be substantially rewritten. Which one of the following risks associated with EUC application
b. There may be insufficient review and analysis of user needs when user and analyst unctions are no longer separate.
28. Certain payroll transactions were posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be:
a. A standard method for uploading mainframe data files.
d. Balancing totals of critical fields.
29. Management of the department allowed the outside consultants to test and install new releases of the application software without documenting the changes. Which of the following risks would be most closely associated with this practice?
a. The reliabi
c. The users may not be aware that changes have been made.
30. When planning the controls review of the EUC application, the internal auditor chose to include the general control environment in the scope. Which one of the following statements regarding general controls is the auditor most likely to find true?
a.
d. General controls must be in place before application controls can be relied upon.
31. A payroll clerk with authorized access to the local area network (LAN) was able to directly update personnel files independent of the application programs. The best control to prevent a clerk from doing this would be to:
a. Restrict access to LAN work
b. Restrict access to and monitor installation of software products or tools having powerful update capabilities.
32. The auditor used the reporting capabilities of the 4GL to analyze the data files for unusual activity, such as excessive overtime hours, unusual fluctuations in pay rates, or excessive vacation time. The application controls being verified by this ana
a. Edit and validation controls.
33. Regarding the audit finding of an advanced computing security system, what is the most appropriate course of action by the auditor?
a. Estimate the amount of cost used to develop the advanced security system and inform the outsourcer that it will be a
c. Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the outsourcer to resolve differences.
34. The auditor wishes to estimate the additional cost of the added security. Which of the following procedures would be the best first step in providing that evidence? Compare the total costs of computer security under the new contract with the total com
a. Previously incurred.
35. Assuming that a high degree of security is needed, which of the following potential sources of evidence would also be relevant to the auditor's assessment of whether the governmental unit is being charged for computer security that exceeds the entity'
b. I and II only
36. The auditor is concerned whether all the debits to the computer security expense account are appropriate expenditures. The most appropriate audit procedure would be to:
a. Take an attribute sample of computing invoices and determine whether all invoic
d. Take a sample of all debits to the account and investigate by examining source documents to determine the nature and authority of the expenditure.
37. Management has asked the auditor to recommend monitoring controls which management could establish to provide timely oversight of the information systems contract. Which of the following would be the least effective monitoring control?
a. Require mont
c. Use internal auditors to investigate the appropriateness of costs, as part of a yearly audit of the outsourcer.
38. Assume the auditor investigates and finds that the company providing the computing services is clearly performing research and development activities and charging the governmental entity for those activities because it is experimenting with implementi
c. I and II only.
39. Which of the following audit procedures would be least effective in addressing the auditor's concern?
a. Retest the computation of the overhead by multiplying actual costs by the overhead rate.
b. Take a probability-proportional-to-size sample of expe
d. Take a sample of contractor payments to determine if the underlying expense was appropriately classified as contract expense or overhead.
40. The auditor calculates a statistical estimate of expenditures by the contractor to determine whether they are in compliance with the contract. The audit working papers document the following evidence which the auditor is considering for the audit repo
d. All of the above.
41. Assume the contract with the defense contractor states that the government will not pay for costs associated with waste or inefficiency on the part of the contractor. Which of the following sources of evidence would be least persuasive regarding poten
a. Management certification that it has not incurred waste or inefficiencies that are not allowed in the contract.
42. Assume that the contract also states that the contractor must comply with all applicable environmental regulations because the government is responsible for fines for such regulations. The governmental auditor finds that the environmental protection a
a. I only.
43. A director of internal auditing uncovers a significant fraudulent activity which clearly involves the executive vice president to whom the director reports. Which of the following best describes how the director should proceed?
a. Carry out an examina
d. Report the facts to the chief executive officer and the audit committee of the board of directors.
44. Which of the following controls is least likely to provide an auditor with assurance that online purchase requisitions are properly authorized?
a. Terminal access restrictions.
b. Password requirements.
c. Hash totals.
d. Validity tests.
c. Hash totals.
45. The auditor plans to select a sample of transactions to assess the extent that purchase discounts may have been lost by the company. After assessing the risks associated with lost purchase discounts, the auditor was most likely to select a sample from
c. Paid non-EDI invoices.
46. Before authorizing payment of an EDI invoice, the computer automatically compares the invoice with the purchase order and receiving report data. When the system was being developed, the auditor reviewed the payment authorization program and made recom
a. Prepare an exception report.
47. The auditor determined that the risks associated with the EDI purchases were less than the risks associated with the purchases made through the traditional system. Which one of the following factors best supports this prioritization of risks?
a. There
c. The internal auditors were involved with systems development and testing of the EDI software.
48. You have been asked to be a member of a peer review team. In assessing the independence of the internal audit department being reviewed, you should consider all of the following factors except:
a. Access to and frequency of communications with the boa
b. The criteria of education and experience considered necessary when filling vacant positions on the audit staff.
49. Which of the following preprocessing controls is least likely to provide the auditor with assurance about the validity of transactions?
a. Verification of the requestor.
b. Authentication of information.
c. Exception processing.
d. Decryption of data.
d. Decryption of data.
50. The auditor wants to obtain assurance that the EFT payments have not been made twice. Computer assisted audit tools and techniques could be used to perform which of the following procedures?
I. Identification of EFT transactions to the same vendor for
d. I and IV only.
51. When the auditor called to arrange the annual control audit during the third quarter, the VAN stated that it could not accommodate the auditor since the peak processing period started earlier than normal this year and all VAN personnel were occupied.
a. The company's board of directors.
52. Because the VAN did not provide the auditor with access to its system, that portion of the audit program was not completed. Which one of the following should not be done by the auditor?
a. Include the scope limitation in the final report.
b. Rewrite t
b. Rewrite the audit program to eliminate the step.
53. Which one of the following would not be included as a reason for the company to use EFT with the EDI system?
a. To take advantage of the time lag associated with negotiable instruments.
b. To allow the company to negotiate discounts with EDI vendors b
a. To take advantage of the time lag associated with negotiable instruments.
54. Which one of the following is least likely to be recommended by the auditor when an EDI/EFT system is being designed?
a. The identity of the individual approving an electronic document should be stored as a data field.
b. Disaster recovery plans shoul
d. Remote access to electronic data should be denied.
55. An internal auditor was performing an operational audit of the purchasing and accounts payable system. The audit objective was to identify changes to processes that would improve efficiency and effectiveness. Which of the following statements support
b. II and IV only.
56. Which one of the following is likely to be a concern in performing an assessment of an EDI purchasing system?
a. Increased turnover of the information technology staff.
b. Increased transaction volume.
c. Increased competition in the market.
d. Decrea
a. Increased turnover of the information technology staff.
57. Which one of the following input controls or edit checks would catch certain types of errors within the payment amount field of a transaction?
a. Record count.
b. Echo check.
c. Check digit.
d. Limit check.
d. Limit check.
58. When assessing application controls, which one of the following input controls or edit checks is most likely to be used to detect a data input error in the customer account number field?
a. Limit check.
b. Validity check.
c. Control total.
d. Hash tot
b. Validity check.
59. The Standards would not require the director of internal auditing to:
a. Contribute resources for the annual audit of financial statements.
b. Coordinate audit work with that of the external auditors.
c. Communicate to senior management and the board
a. Contribute resources for the annual audit of financial statements.
60. Follow-up activity may be required to ensure that corrective action has taken place for certain findings. The internal audit department's responsibility to perform follow-up activities as required should be defined in the:
a. Internal auditing departm
a. Internal auditing department's written charter.
61. The director of internal auditing has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the director to join him for a week of hunting at his private lodge
b. Refuse on the grounds of conflict of interest.
62. During testing of the effectiveness of inventory controls, the auditor makes a note in the working papers that most of the cycle count adjustments for the facility involved transactions of the machining department. The machining department also had ge
a. Interview management and apply other audit techniques to determine whether transaction controls and procedures within the machining department are adequate.
63. Developing an audit finding involves comparing the condition to the relevant standard or criterion. Which of the following choices best represents an appropriate standard or criterion to support a finding?
a. A quality standard operating procedure (nu
d. All of the above.
64. An internal audit director for a large manufacturing company is considering revising the department's audit charter with respect to the minimum educational and experience qualifications required. The audit director wants to require all staff auditors
d. The policy could limit the range of activities which could be audited by the department due to the department's narrow expertise and backgrounds.
65. An organization was in the process of establishing its new internal audit department. The controller had no previous experience with internal auditors. Due to this lack of experience, the controller advised the applicants that they would be reporting
b. The internal audit department will not be independent because the director reports to the external auditors.
66. Assuming that there is a meeting later the same day with the audit committee of the board, which of the following is not a responsibility of the director of internal auditing?
a. Inform the audit committee of senior management's decisions on all signi
c. Inform the audit committee of the outcome of earlier meetings with the CFO and the options being considered for recording the inventory adjustment.
67. Which of the following actions should the director take?
a. Schedule audits to review the inventory costing systems at all locations after year end.
b. Recall all copies of the draft audit report sent out for management review and response.
c. Tell th
d. Offer to review the basis for the conclusion about the inventory valuation at all locations.
68. In a review of travel and entertainment expenses, a Certified Internal Auditor questioned the business purposes of an officer's reimbursed travel expenses. The officer promised to compensate for the questioned amounts by not claiming legitimate expens
c. Should still include the finding in the audit report.
69. An inexperienced internal auditor notified the senior auditor of a significant variance from the auditee's budget. The senior told the new auditor not to worry as the senior had heard that there had been an unauthorized work stoppage that probably acc
d. The senior should have aided the new auditor in formulating a plan for accumulating appropriate evidence.
70. The standards of conduct set forth in the Code of Ethics:
a. Provide basic principles in the practice of internal auditing.
b. Are guidelines to assist internal auditors in dealing with auditees.
c. Are rules that must be obeyed in all circumstances.
a. Provide basic principles in the practice of internal auditing.