Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Internal Auditing > Chapter 13: Conducting the Assurance Engagement > Flashcards

Chapter 13: Conducting the Assurance Engagement Flashcards

1
Q

Which of the following is not likely to be an assurance engagement objective?

a. Evaluate the design adequacy of the payroll input process.
b. Guarantee the accuracy of recorded inventory balances.
c. Assess compliance with health and safety laws and regulations.
d. Determine the operating effectiveness of fixed asset controls.

A

B is the best answer. The internal auditor does not guarantee anything. Internal audits provide only reasonable assurance. Each of the other three responses could be a way to phrase an assurance engage-ment objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A process objective stating “All contracts must be approved by an officer of the company before being consummated” is an example of what type of objective?

a. Strategic.
b. Operations.
c. Reporting.
d. Compliance.

A

D is the best answer. The approval is required by policy and, as such, the objective is a compliance objective. It is important to note that if students follow the COSO definitions, they may answer B since COSO more narrowly defines compliance as relating to laws and regulations. However, the authors prefer the broader definition of compliance objectives, as provided by The IIA, which includes compli-ance with outside laws and regulations as well as compliance with internal policies and contracts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Analytical procedures can be applied during which phase(s) of an assurance engagement?

a. Plan phase.
b. Perform phase.
c. Communicate phase.
d. Plan and perform phases.

A

D is the best answer. Analytical procedures can be used during planning to reveal process activities that may warrant closer attention and, accordingly, more detailed testing. Analytical procedures also can be used when performing an engagement to identify anomalies that may indicate 1) a control is not operating effectively or 2) a potential fraud or irregularity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following auditee-prepared documents will likely be of greatest assistance to the internal auditors in their assessment of process design adequacy?

a. Policies and procedures manual.
b. Organization charts and job descriptions.
c. Detailed flowcharts depicting the flow of the process.
d. Narrative memoranda listing key tasks for portions of the process.

A

C is the best answer. While policies and procedures manuals, organization charts and job descriptions, and memoranda listing key tasks will all be helpful, only detailed flowcharts provide the internal audi-tor with a start-to-finish view of how the process operates, including key risks and controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following controls is not likely to be an entity-level control?

a. All employees must receive ongoing training to ensure they maintain their competence.
b. All cash disbursement transactions must be approved before they are paid.
c. All employees must comply with the Code of Ethics and Business Conduct.
d. An organizationwide risk assessment is conducted annually.

A

B is the best answer. The other three are examples of entity-level controls, while B is an example of a process-level control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is not typically a key element of flowcharts or narrative memoranda?

a. Overall process objectives.
b. Key inputs to the process.
c. Key outputs from the process.
d. Key risks and controls.

A

A is the best answer. It is important for the internal auditor to understand the overall process objec-tives, but these are not typically documented in flowcharts or narrative memoranda.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following external risks is least likely to impact the accuracy of financial reporting?

a. The standard-setting body in the organization’s country issues a new financial accounting standard.
b. A recent judicial court case increases the likelihood that pending litigation will result in an unfavorable outcome.
c. Changes in standard industry contracts now allow for netting of payables and receivables.
d. Competitor pressures cause the organization to pursue new sales channels.

A

D is the best answer. The other three choices likely would have some impact on financial reporting, but the pursuit of a new sales channel likely will not have a financial reporting impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following groups’ risk tolerance levels are least relevant when conducting an assurance engagement?

a. Senior management.
b. Process-level management.
c. The internal audit function.
d. Vendors and customers.

A

D is the best answer. The first two choices (senior management and process-level management) should be obvious from the chapter. It is important to remember that the internal audit function’s risk toler-ance level is also important. While the tolerance levels of the others must be understood, the internal audit function still has a fiduciary responsibility to all stakeholders and, thus, should not subordinate its own tolerance levels to those of others. The tolerance levels of vendors and customers, while of some interest, do not really have much bearing on the focus of an assurance engagement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following controls is likely to be least relevant when evaluating the design adequacy of a cash collections process?

a. Calculating the amount of cash received.
b. Documenting the rationale for selecting the bank account into which the deposit will be made.
c. Matching the total deposits to the amounts credited to customers’ accounts receivable balances.
d. Segregating the preparation of deposit slips from the adjustment of customer account balances.

A

B is the best answer. While there may be treasury reasons to direct the deposit to certain accounts, overall this control will likely have little impact on safeguarding of assets or financial reporting objec-tives. Each of the others could be key controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An internal auditor determines that the process is not designed adequately to reduce the underlying risks to an acceptable level. Which of the following should the internal auditor do next?

a. Write the audit report. There’s no reason to test the operating effectiveness of controls that are not designed adequately.
b. Test compensating controls in other (adjacent) processes to see if the impact of the design inadequacy is reduced to an acceptable level.
c. Test the existing key controls anyway to prove that, despite the design inadequacy, the process is still meeting the process objectives.
d. Postpone the engagement until the design inadequacy has been rectified.

A

B is the best answer. Despite the design inadequacy, there is still a possibility that compensating con-trols in other (adjacent) processes (either upstream or downstream) will mitigate the design inade-quacy, resulting in no need to change the process design. Note that some students may argue that such controls should be considered as part of the process. However, the scope of many engagements will not necessarily consider all upstream and downstream controls. The other three options may not be effec-tive or efficient in determining whether the process-level objectives have been achieved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If an internal auditor identifies an exception while testing, which of the following may be appropriate?

a. Test additional items to determine whether the exception is an isolated occurrence or indicative of a control deficiency.
b. Gain an understanding of the root cause, that is, the reason the exception occurred.
c. Draft an observation for the audit report.
d. All of the above.

A

D is the best answer. Some testing exceptions may indicate that a potential exception condition was not adequately contemplated when preparing the test plan and additional testing is required to determine whether a control deficiency exists. In other instances, it is clear that a control deficiency exists, but until the root cause is understood, the nature of a relevant recommendation may not be clear. Finally, some testing exceptions are clear indications of a control deficiency and no additional analysis is neces-sary, so the internal auditor can begin drafting the observation for the report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is an appropriate conclusion that can be drawn when the internal auditor identifies an observation from testing controls?

a. The process objectives cannot be achieved.
b. The area may be vulnerable to fraud.
c. Certain risks are not effectively mitigated.
d. Overall, the process is not operating effectively.

A

C is the best answer. Without evaluating the results of testing for the whole process, the internal audi-tor cannot come to any conclusions regarding the achievement of objectives, the existence of fraud, or the overall effectiveness of internal control activities. An observation is an indication that one or more risks have not been mitigated, although the internal auditor may need to evaluate compensating con-trol activities before finalizing his or her conclusion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Once an observation is identified by the internal auditor, it should be:

a. Documented in the working papers.
b. Discussed with the audit committee.
c. Included in the final audit report.
d. Scheduled for follow-up.

A

A is the best answer. While each of the other answers may be outcomes from an observation, before adequate follow-up and vetting with management is completed, the only requirement is that the inter-nal auditor document the observation in the working papers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A specific objective of an audit of an organization’s expenditure cycle is to determine if all goods paid for have been received and charged to the correct account. This objective would address which of the following primary objectives identified in The IIA’s International Standards for the Professional Practice of Internal Auditing?

I. Reliability and integrity of financial and operational information.

II. Compliance with laws, regulations, and contracts.

III. Effectiveness and efficiency of operations.

IV. Safeguarding of assets.

a. I and II only.
b. I and IV only.
c. I, II, and IV only.
d. II, III, and IV only.

A

B is the best answer. The specific engagement objective of determining if goods are charged to the appropriate account would address the objectives regarding the reliability and integrity of information and safeguarding of assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In an assurance engagement of treasury operations, an internal auditor is required to consider all of the following issues except:

a. The audit committee has requested assurance on the treasury department’s compliance with a new policy on use of financial instruments.
b. Treasury management has not instituted any risk management policies.
c. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350 percent.
d. The external auditors have indicated some difficulties in obtaining account confirmations.

A

D is the best answer. This is the responsibility of the external auditors and should not change what should be considered by the internal auditor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are five types of scope statements?

A

The following are typical scope statements:
■ Boundaries of the process.
■ In-scope versus out-of-scope locations.
■ Subprocesses.
■ Components.
■ Time frame limitations.

17
Q

What are the five typical exceptions that may be identified during testing in an engagement?

A 
The five types of exceptions are:
■ Financial statement errors or misclassifications.
■ Control deficiencies.
■ Shortfalls in objective achievement.
■ Inefficiencies.
■ Out-of-compliance situations.
18
Q

What are the three most common ways of documenting a process flow?

A

The three common ways are high-level flowcharts, detailed flowcharts, and narrative memoranda.

19
Q

What six categories of information should narrative memoranda generally include?

A 
Narrative memoranda generally include the following six categories of information:
■ Overall description of the process.
■ Key inputs.
■ Key steps in the process.
■ Key outputs.
■ Risks that threaten the process.
■ Key controls.
20
Q

What is the difference between a process-level risk scenario and a process-level risk?

A

A process-level risk scenario is any realistic event or situation that could make it difficult to achieve one or more process-level objectives. Process-level risks represent a collection of like scenarios or root causes that have similar characteristics.

21
Q

What three steps are generally involved in conducting a process-level risk assessment?

A

Conducting a process-level risk assessment generally involves the following three steps:
■ Determine the impact of various outcomes associated with each risk.
■ Estimate the likelihood that each risk impact will occur.
■ Combine the assessment of impact and likelihood into a single risk assessment.

22
Q

Which of the nine examples of common control types typically occur before a transaction is completed?

A

Common controls that typically operate before a transaction is completed include approving, examin-ing, matching, and, potentially, supervising.

23
Q

When developing a testing approach, what decisions must be made about the tests to be performed?

A

When developing a testing approach, an internal auditor must consider the nature, extent, and timing of tests to be performed.

24
Q

What information should an internal audit engagement budget include?

A

An internal audit engagement budget should include a reasonable estimate of the number of hours needed to complete the engagement, as well as other costs that may be required such as travel, tech-nology, and supplies.

25
Q

What four items should be considered when scheduling an engagement?

A

The following four items should be considered when scheduling an engagement:

a. Availability of key process personnel.
b. Availability of engagement resources.
c. Availability of outside resources.
d. Availability of key reviewers.

26
Q

What four questions must be answered to evaluate the evidence gathered from audit testing?

A

The internal auditor must consider the following questions when evaluating evidence gathered from audit testing:

a. Are the key controls designed adequately?
b. Are the key controls operating effectively, that is, as they are designed to operate?
c. Are the underlying risks being mitigated to an acceptable level?
d. Overall, do the design and operation of the key controls support achievement of the objectives for the process or area under review?

27
Q

What are the six columns included in a completed Risk and Control Matrix?

A 
A completed Risk and Control Matrix includes the following six columns:
■ Process-Level Risk.
■ Key Control.
■ Design Adequacy.
■ Testing Approach.
■ Results of Testing.
■ Testing Conclusions.
28
Q

What four elements are included in a well-written audit observation?

A

The four key elements of a well-written observation are the condition, criteria, cause, and effect.

Internal Auditing (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions