Assurance & Compliance Engagements

Question 1

The chief executive officer wants to know whether the purchasing function is properly meeting its charge to “purchase the right materials at the right time in the right quantities.” Which of the following types of engagements addresses this request?

A financial engagement relating to the purchasing department.
An operational engagement relating to the purchasing function.
A compliance engagement relating to the purchasing function.
A full-scope engagement relating to the manufacturing operation.

Answer 1

An operational engagement relating to the purchasing function.

Question 2

The primary difference between operational engagements and financial engagements is that, in the former, the internal auditors

Are not concerned with whether the client entity is generating information in compliance with financial accounting standards.
Are seeking to help management use resources in the most effective manner possible.
Start with the financial statements of the client entity and work backward to the basic processes involved in producing them.
Can use analytical skills and tools that are not necessary in financial engagements.

Answer 2

Are seeking to help management use resources in the most effective manner possible.

Question 3

During an operational engagement, the internal auditors compare the current staffing of a department with established industry standards to

Identify bogus employees on the department’s payroll.
Assess the current performance of the department and make appropriate recommendations for improvement.
Evaluate the adequacy of the established internal controls for the department.
Determine whether the department has complied with all lass and regulations governing its personnel.

Answer 3

Assess the current performance of the department and make appropriate recommendations for improvement.

Question 4

Which group is charged with overseeing the establishment, administration, and evaluation of the processes of risk management and control?

Operating managers.
Internal auditors.
External auditors.
Senior management.

Answer 4

Senior management.

Question 5

Which of the following statements about control self-assessment (CSA) is false?

CSA is usually an informal and undocumented process.
In its purest form, CSA integrates business objectives and risks with control processes.
CSA is also known as control/risk self-assessment.
Most implemented CSA programs share some key features and goals.

Answer 5

CSA is usually an informal and undocumented process.

Question 6

In reviewing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that

The contractor could be charging for the use of equipment not used in the construction.
Income taxes related to construction equipment depreciation may have been calculated erroneously.
Contractor cash budgets could have been inappropriately complied.
Payroll taxes may have been inappropriately omitted from billings.

Answer 6

The contractor could be charging for the use of equipment not used in the construction.

Question 7

A company would like to contract for janitorial services for 1 year with 4 option years. The specifications require the potential contractor to perform certain cleaning services at specified intervals. Which of the following is the best contract type for this requirement?

Cost-reimbursable.
Indefinite delivery.
Fixed-price.
Time-and-materials.

Answer 7

Fixed-price.

Question 8

An internal auditor is conducting an audit of environmental protection and alarm devices. Which is the most significant objective of such an assignment? To determine whether

The devices are installed and operating properly.
The costs of the devices were properly recorded.
The device specification documents ate complete.
Acquisitions and disposals are properly authorized.

Answer 8

The devices are installed and operating properly.

Question 9

Which of the following does the internal auditor not have to review as thoroughly in a lump-sum contract?

Progressive payments.
Adjustments to labor costs.
Work completed in accordance with the contract.
Incentives associated with the contract.

Answer 9

Work completed in accordance with the contract.

Question 10

Total quality management in a manufacturing environment is best exemplified by

Identifying and reworking production defects before sale.
Designing the product to minimize defects.
Performing inspections to isolate defects as early as possible.
Making machine adjustments periodically to reduce defects.

Answer 10

Designing the product to minimize defects.

Question 11

Which forms of control self-assessment assume that managers and members of work teams possess an understanding of risk and control concepts and use those concepts in communications?

The self-certification approach.
The self-certification approach and facilitated approach.
The self-certification approach and questionnaire approach.
All self-assessment programs.

Answer 11

All self-assessment programs.

Question 12

Which of the following statements about TQM is false?

This approach can increase revenues and decrease costs significantly.
TQM is a comprehensive approach to quality.
TQM begins with internal suppliers’ requirements.
TQM concepts are applicable to the operations of the internal audit activity itself.

Answer 12

TQM begins with internal suppliers’ requirements.

Question 13

TQM is the continuous pursuit of quality in every aspect of organizational activities through a number of goals. Which of the following is not one of those goals?

A philosophy of doing it right the first time.
Promotion of individual work.
Employee training and empowerment.
Improvement of processes.

Answer 13

Promotion of individual work.

Question 14

An internal audit team is performing a due diligence audit to assess plans for a potential merger/acquisition. Which of the following would be the least valid reason for a company to merge with or acquire another company?

To diversify risk.
To respond to government policy.
To reduce labor costs.
To increase stock prices.

Answer 14

To increase stock prices.

Question 15

An organization is considering purchasing a small toxic waste disposal business. The internal auditors are part of the team doing a due diligence review for the acquisition. The scope of the internal auditors’ work will most likely not include

An evaluation of the merit of lawsuits currently filed against the acquiree.
A review of the acquirree’s procedures for acceptance of waste material and comparison with legal requirements.
Analysis of the acquiree’s compliance with, and disclosure of, loan covenants.
Assessment of the efficiency of the operations of the acquiree.

Answer 15

An evaluation of the merit of lawsuits currently filed against the acquiree.

Question 16

The reliability and integrity of all critical information of an organization, regardless of the media in which the information is stored, is the responsibility of

Shareholders.
IT department.
Management.
All employees.

Answer 16

Management.

Question 17

Freedom from monitoring best defines

Personal privacy.
Privacy of space.
Privacy of communication.
Privacy of information.

Answer 17

Privacy of communication.

Question 18

When evaluating management of the organization’s privacy framework, the internal auditor considers

The applicable laws relating to privacy.
Conferring with in-house legal counsel.
Conferring with information technology specialists.
All of the answers are correct.

Answer 18

All of the answers are correct.

Question 19

Using the balanced scorecard approach, an organization evaluates managerial performance based on

A single ultimate measure of operating results, such as residual income.
Multiple financial and nonfinancial measures.
Multiple nonfinancial measures only.
Multiple financial measures only.

Answer 19

Multiple financial and nonfinancial measures.

Question 20

Which type of engagement focuses on operations and how effectively and efficiently the organizational units affected will cooperate?

Program-related engagement.
Process engagement.
Privacy engagement.
Compliance engagement.

Answer 20

Process engagement.

Question 21

Which type of engagement attempts to measure the accomplishment and relative success of undertaking?

Program-results engagement.
Privacy engagement.
Process engagement.
Compliance engagement.

Answer 21

Program-results engagement.

Question 22

Discipline of employee may be limited by all of the following except

Whistleblower laws.
A requirement to report certain employee violations to a governmental entity.
Union contracts.
Exceptions to the employee-at-will doctrine.

Answer 22

A requirement to report certain employee violations to a governmental entity.

Question 23

Compliance programs most directly assist organizations by doing which of the following?

1. Developing a plan for business continuity management.
2. Determining director and officer liability.
3. Planning for disaster recovery.

1 only
2 only
1 and 2 only.
1, 2, and 3.

Answer 23

2 only

Question 24

An organization establishes compliance standards and procedures and develops a written business code of conduct to be followed by its employees. Which of the following is true concerning business codes of conduct and the compliance standards?

Compliance standards should be straightforward and reasonably capable of reducing the prospect of criminal conduct.
The compliance standards should be codified in the charter of the audit committee.
Companies with international operations should institute various compliance programs, based on selective geographic locations, that reflect appropriate local regulations.
In order to prevent future legal liability, the code should consist of legal terms and definitions.

Answer 24

Compliance standards should be straightforward and reasonably capable of reducing the prospect of criminal conduct.

Question 25

Employees have the most confidence in a hotline monitored by which of the following?

An expert from the legal department, backed by a nonretaliation policy.
An in-house representative, backed by a retaliation policy.
An on-site ombudsperson, backed by a nonretaliation policy.
An off-site attorney who can better protect attorney-client privilege.

Answer 25

An on-site ombudsperson, backed by a nonretaliation policy.