1 Flashcards
Sauce 1
Read outloud
Which sections
Far
Reg
Bec
Aud
Flash Cards
Do them
Sauce 2
Min one set 30 MCQ day up to that lesson
first hour
Do new lessons
Second Hour
as many sets 30 MCQ day up to that lesson and time your self
SIM
Do them if the lesson has them
SIM
Write the MJE and lear as to why
when in the SIM section
Do the Research question first and then look at the all the SIMs and do the easiest first
External Assesments 1312
sb every 5 years
Standard 1300, “Quality Assurance and Improvement Program,”
Such a program must include both internal and external assessments.
What term is used in the IIA’s International Standards to identify the person responsible for managing an organization’s internal audit activity?
Attribute Standard 1000 makes the first of numerous references in the Attribute Standards to the “chief audit executive.”
The Attribute Standards focus on four primary themes around which the remaining Attribute Standards are organized. Each of the following key words or phrases is associated with those four primary themes except
The primary themes associated with the Attribute Standards are: (1) Purpose, Authority, and Responsibility; (2) Independence and Objectivity; (3) Proficiency and Due Professional Care; and (4) Quality Assurance and Improvement Program. “Managing the Internal Audit Activity” is associated with the Performance Standards, not the Attribute Standards.
The Performance Standards focus on seven primary themes around which the remaining Performance Standards are organized. Each of the following key words or phrases is associated with these seven primary themes except
D. Proficiency and Due Professional Care.
The Performance Standards focus on seven primary themes around which the remaining Performance Standards are organized. Each of the following key words or phrases is associated with these seven primary themes except
Purpose, authority, and responsibility.
What term identifies the guidance in the International Standards for the Professional Practice of Internal Auditing that distinguishes between requirements for “assurance” services and “consulting” services?
Implementation standards.
The original COSO model has _____ control components, while the COSO ERM model has _____ control components.
5, 8
Which of the following items is one of the eight components of COSO’s enterprise risk management framework?
Monitoring.
Strategic, operations, reporting, and compliance objectives are a part of which of the following models of internal control?
COSO ERM.
Which component of the COSO ERM framework is concerned with management’s decision to avoid, accept, reduce, or share risk and to develop a set of actions to align risk with the entity’s risk preferences?
Risk response.
Which of the following are reasons that internal controls need to be monitored?
People forget, quit jobs, get lazy, or come to work hung over.
B Machines fail. C. Advances in technology. D. All of the above.
Within the COSO Internal Control—Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively?
Monitoring is the core, underlying control component in the COSO ERM model. Its position at the foundation is not accidental and reflects the importance of monitoring to achieving strong internal control and effective risk management. Ensuring that internal controls continue to operate effectively is the primary purpose of monitoring.
Which of the following is the best definition of a compensating control?
A control that accomplishes the same objective as another control
According to COSO, an effective approach to monitoring internal control involves each of the following steps, except
Increasing the reliability of financial reporting and compliance with applicable laws and regulations.
In a large public corporation, evaluating internal control procedures should be the responsibility of
Internal audit staff who report to the board of directors.
The system of internal control begins with
setting organizational objectives.
Which of the following is not a major step in the COSO model of control monitoring?
Establish a baseline of an internal control known to be effective.
Establishing a baseline of known control effectiveness is part of the process of establishing a foundation for monitoring. Hence, it is a sub-activity, rather than a major step, in the COSO model of control monitoring.
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring-for-change continuum?
Change Identification is the monitoring for change process that would include ongoing and separate evaluations intended to identify and address changes in internal control effectiveness.
The goals of risk management include:
aligning risk appetite with strategy.
B. seizing opportunities through better identification and management.
C. reducing operational surprises and losses.
D. all of the above.
Activities that can be useful in monitoring control system effectiveness include all of the following except
This answer is correct because segregation of duties is NOT part of monitoring control effectiveness.
ABC, Inc. assessed overall risks of MIS systems projects on two standard criteria: technology used and design structure. The following systems projects have been assessed on these risk criteria. Which of the following projects holds the highest risk to ABC?
The requirement is to identify the project with the highest risk. This answer is correct because the project involves both new (more risky than current) technology and sketchy (more risky than well-defined) structure.
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?
The independent verification of transactions reduces the risk of bad data entering an accounting system. Hence, this control would be effective in reducing the risk of incorrect processing that would result from bad data entering a system. Stated more succinctly, independently verifying transactions reduces the risk of GIGO (garbage in, garbage out).
Which of the following is most useful when risk is being prioritized?
An expected value calculates (and integrates) the likelihood of losses with the amount of losses. Hence, an expected value combines the information in low and high probability exposures and low and high-degree loss exposures into a decision-relevant, single, valuable (for decision analysis) number.
In which of the following organizations might segregation of duties be easiest to achieve?
A large organization that has implemented SoD software.
A manufacturing firm noted that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following responses to the risk?
Risk reduction.
Each of the following is a limitation of enterprise risk management (ERM) except
While it is accurate to say that ERM can provide reasonable levels of assurance, it cannot provide absolute assurance with respect to risk management objectives. Consequently, this is the correct answer to the question, because this statement is false.
According to COSO, which of the following is the most effective method to transmit a message of ethical behavior throughout an organization?
Demonstrating appropriate behavior by example.
A senior executive of an international organization who wishes to demonstrate the importance of the security of company information to all team members should
Visibly participate in a global information security campaign
Recognizing potential impediments to communication between system user and system designer can be useful in
managing change in the system of internal control.
Correct!
This is the best answer because user and design communication issues are more important to managing changes in the system of internal control than to the processes mentioned in any of the other answers.
