Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ARM 400 > Chapter 7 > Flashcards

Chapter 7 Flashcards

1
Q

A risk-based auditing approach is deemed to be a top-down approach because

Select one:
A. It involves review of each department’s dependence on financial controls, compliance with federal statutes and audit history.
B. It involves identifying and analyzing material risks to the achievement of the organization’s objectives and then determining how the risks should be managed.
C. It involves an external review of known potential threats to the organization and then developing an organizational response to those threats.
D. It involves review of the current financial controls and compliance to regulations as determined by external auditors

A

B. It involves identifying and analyzing material risks to the achievement of the organization’s objectives and then determining how the risks should be managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

One internal control integrated framework consists of five essential components: the control environment, risk assessment, control activities, information and communication, and monitoring activities. When these components are applied across the organization, they create a “cube.” This framework is the

Select one:
A. Financial Accounting Standards Board’s (FASB’s) Internal Control Standard.
B. International Organization for Standardization’s (ISO’s) framework.
C. Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) framework.
D. Institute of International Auditors (IIA) International Standards for the Practice of International Auditing.

A

C. Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Colossal Casualty Insurance Company decided to conduct an internal audit of the company’s operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid. Which one of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) components of internal control was examined by this internal audit test?
A. Monitoring activities.
B. Risk assessment.
C. Information and communication.
D. Control environment.

A

D. Control environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which one of the following best describes why the Institute for Internal Auditors (IIA) has designed standards addressing the need for internal audit to evaluate the effectiveness of risk management?

Select one:
A. Audits may be self-serving to an organization depending on the experience level of an auditor. By indicating specific criteria, an auditor should be able to conduct a valid audit.
B. Audits are objective and independent of the politics of an organization. A pronouncement assists the auditor by defining review criteria.
C. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities.
D. Audits are conducted annually in many organizations. Requiring an auditor to validate the findings of prior years provides a comfort level to stakeholders.

A

C. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Auditing Standard No. 5 (AS 5) calls for a specific fraud assessment because

Select one:
A. Fraud within an organization remains the most serious threat to the economic well-being of society.
B. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors.
C. Of the financial scandals of the late twentieth century; there is now an obligation to detect fraud.
D. Failure to detect fraud through regular transactions in an organization remains the highest risk.

A

B. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which one of the following statements is true with regard to the application of emerging technologies such as artificial intelligence and machine learning to internal auditing of an organization?

Select one:
A. There should be no improvement given that the same practices are subject to internal audit with or without the application of emerging technology.
B. Deviations from desired practices and procedures will be more quickly identified by emerging technologies, and auditors can focus on designing and implementing new systems.
C. Although such techniques are applicable to the risk management function, they are not applicable to internal audit.
D. While the application of such technologies may be beneficial, the cost of implementation makes the use of emerging technologies unrealistic.

A

B. Deviations from desired practices and procedures will be more quickly identified by emerging technologies, and auditors can focus on designing and implementing new systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which one of the following best describes an effective way to construct internal controls?

Select one:
A. The controls should be system based with oversight by one or two individuals.
B. The controls should lend themselves to true risk management concerns.
C. The controls should be quantitative and include segregation and transfer options.
D. The controls should be linear and create checks and balances.

A

D. The controls should be linear and create checks and balances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which one of the following best describes if it is within the scope of duties for an internal auditor to assist the company’s enterprise risk management (ERM) program?

Select one:
A. It is not within the scope. Assisting the ERM program is outside of the functions of internal audit and can compromise the objectivity of internal audit.
B. It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program.
C. It is within the scope. Assisting with implementation of new controls and providing feedback on controls will lend support to the ERM program.
D. It is not within the scope. Assisting with review of key risks, identification and evaluating risks compromises the overall functions of internal audit.

A

B. It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Many banks are using technology to search for and detect cyber-security threats locally and in the cloud. This application of technology, in which machines learn from humans, illustrates the use of

Select one:
A. Risk management information systems.
B. Artificial intelligence.
C. Data analytics.
D. Machine learning.

A

B. Artificial intelligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cheryl Babson works in internal control at Software Company. She contacted company security and asked them to immediately go to the office of a software engineer and to detain him. As part of the internal control process, Cheryl had scanning software installed at the company that randomly searched all e-mails and text messages sent from on-site, searching for key words. The scanning software detected the words: “gun,” “bomb,” “revenge,” and “kill” in communications sent from the engineer’s office. Company security found a loaded assault rifle, two loaded handguns, and a pipe bomb in the engineer’s office. He confessed to planning a workplace attack at the company cafeteria later that day. The emerging technology Cheryl deployed is called

Select one:
A. Radio frequency identification.
B. Computer simulation.
C. Data analytics.
D. Natural language processing.

A

D. Natural language processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which one of the following best describes how internal audit compliments a risk management initiative?

Select one:
A. Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization.
B. Risk managers identify, assess and prioritize risks with the assistance of internal audit. Internal audit requires that the controls for the risks are tested.
C. Internal audit tests controls for risks identified by risk managers. Risk management and internal audit are similar in that they are both charged with protecting the assets of an organization.
D. Internal audit tests the controls initiated by the risk management team. The risk management team reviews the results and responds to internal audit on the control assessment.

A

A. Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

It is necessary to define functions that should be performed by internal audit rather than the enterprise risk management (ERM) team because

Select one:
A. Internal audit and risk managers share responsibilities for governance and compliance for the organization.
B. ERM is all encompassing and if not controlled will absorb internal audit functions.
C. The Institute of Internal Auditors (IIA) guidelines are used to avoid confusion in an organization and clarify financial compliance issues.
D. Clarification of functions helps avoid redundancy and foster a strong working relationship.

A

D. Clarification of functions helps avoid redundancy and foster a strong working relationship.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Developing a risk-based audit plan requires a risk assessment. Under the model of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, which one of the following explains how risk assessment is addressed?

Select one:
A. It is essentially the same as the traditional model, but is codified in steps that are reported.
B. It expands the risk assessment concept by comparing it to competitor audits.
C. It is narrower and it provides concrete steps which are recommended and differ by industry.
D. It expands the risk assessment concept by identifying five interrelated components of internal control.

A

D. It expands the risk assessment concept by identifying five interrelated components of internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Preventive controls assist the overall control environment of an organization by
A. Reducing risk of unauthorized actions.
B. Comparing different sets of data and investigating any differences.
C. Detecting errors or inconsistencies after they occur.
D. Addressing reconciliation of accounting errors.

A

A. Reducing risk of unauthorized actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Martin Pruitt was hired by Regional Bank Company (RBC) to strengthen the company’s internal control efforts. Martin implemented a computer scanning program to detect fraud. The scanning program flagged a suspicious account. When Martin investigated the account, he learned that someone in the bank’s technology department had created the account. When the bank credits monthly interest on depositor accounts, any fractional cents are rounded-down to the nearest cent. The technology department official programmed the system so that any fractional cents lost due to rounding were deposited to the account owned by the technology department official. The scanning program Martin Pruitt implemented used computers to learn from the data analyzed. This application of emerging technology illustrates the use of

Select one:
A. Computer simulation.
B. Machine learning.
C. Artificial intelligence

A

B. machine learning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The importance of strong control environments with independent oversight have become increasingly important

Select one:
A. Because international trade is dependent upon consistent accounting processes.
B. As business complied with the provisions of the Sarbanes Oxley Act.
C. Because the Federation of European Risk Management Associations (FERMA) made it a requirement for international trade.
D. As organizations became more complex.

A

D. As organizations became more complex.

17
Q

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control—Integrated Framework provides

Select one:
A. Not a system of controls, but a framework for auditors to provide independent, objective, and reasonable assurances that management has adopted a system of controls that is effective and functioning as intended.
B. International standards to help ensure that organizations meet the needs of customers and stakeholders while also complying with statutory and regulatory requirements.
C. Guidance on assessing risk and evaluating internal controls to government agencies but not to other organizations.

A

D. Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations.

18
Q

Which one of the following best describes how internal audit supports enterprise risk management (ERM)?

Select one:
A. Internal audit finds risks overlooked by ERM.
B. ERM implements risk management activities and internal audit assesses the results.
C. Internal audit implements the risk assessments provided by ERM.
D. ERM provides the assessments that internal audit uses to test the viability of controls.

A

B. ERM implements risk management activities and internal audit assesses the results.

19
Q

Which one of the following best explains how the role of the internal auditor changed with the passage of the Sarbanes-Oxley Act of 2002?

Select one:
A. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and assessing business and operational risk.
B. The internal auditor must adopt the attitude of an external auditor, carefully reviewing and critiquing the finances of an organization.
C. The internal auditor must adapt to the ever changing environment of risk control through the use of electronic reconciliation programs.
D. The internal auditor must be able to recognize current fraud risks as well computer theft of intellectual property.

A

A. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and assessing business and operational risk.
Correct. The internal auditor must view the organization as a stakeholder. With this view, they can help stakeholders anticipate, monitor and assess business and operational risks.

20
Q

An independent auditor has been given the task of evaluating internal controls at Westside Company (Westside). The auditor has determined that Westside’s board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that

Select one:
A. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.
B. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it is applied at the entity level. Monitoring will be required after the framework has been in place for one year.
C. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework. It must also be applied at the operating unit level, but not the functional level. Regular monitoring must be implemented.
D. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it is applied at the entity level. Monitoring is not a requirement.

A

A. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.

21
Q

Which one of the following best describes why many purchasers require an ISO 9001 certification prior to buying a business?

Select one:
A. To transfer liability should the financial statements prove erroneous.
B. To ensure that internal standards and controls are in place.
C. To obligate the seller to perform audits for conformance prior to the sale.
D. To have an outside audit company attest to its conclusive audit.

A

B. To ensure that internal standards and controls are in place.
CorrectCorrect. Many purchasers require ISO 9001 certification to ensure that internal standards and controls are in place.

22
Q

Which one of the following describes the role of internal audit according to the Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Audit (ECIIA) model?

Select one:
A. Internal audit is the second line of defense providing support for the implementation of controls, particularly with law and regulations.
B. Internal audit is the third line of defense providing assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts.
C. Internal audit is the fourth line of defense providing oversight to the organization as a whole, reporting to the board and senior management on compliance by the various departments with regulations.
D. Internal audit is the first line of defense providing the original risk assessment, control environment as well as maintaining effective internal controls.

A

B. Internal audit is the third line of defense providing assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts.
CorrectCorrect. Internal audit provides assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts. The first line of defense is operational management. The second line of defense is the risk management functions. The fourth line of defense is external audit.

23
Q

In accordance with the Three Lines of Defense Model, how does risk management act as the second line of defense?

Select one:
A. Risk management alerts internal audit of potential threats within a department and works with internal audit to neutralize the threat.
B. Risk management provides oversight to the operational management’s assessment of risk and internal controls.
C. Risk management has authority to initiate activity demanding an external audit should a risk be deemed imminent.
D. Risk management supports and monitors operational management’s implementation of risk management practices.

A

D. Risk management supports and monitors operational management’s implementation of risk management practices.

24
Q

Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts?

Select one:
A. Internal audit is not becoming more involved with ERM efforts because internal audit must remain independent and objective.
B. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks.
C. Internal audit is responsible for the organization’s compliance with all governance issues, including ERM compliance.
D. Internal audit is responsible for reviewing controls in an organization which includes ERM programs.

A

B. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks.

25
Q

Which one of the following best describes how the modern approach to internal auditing differs from the traditional approach?

Select one:
A. The traditional approach uses systems-based controls, determines materiality of potential risks to the organization’s achievement of its objectives rather than reviewing adherence to regulations.
B. The traditional approach confines itself to review of current system controls, compliance with those controls and any potential to bypass those controls rather than the materiality of the risk.
C. The modern approach uses many systems-based techniques, determines activity based on the organization’s business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls.
D. The modern approach uses a systems-based technique, evaluating current controls and threats to the organization, and considers the materiality of risks, but does not consider an organization’s business objectives

A

C. The modern approach uses many systems-based techniques, determines activity based on the organization’s business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls.
CorrectCorrect. The modern approach uses many systems-based techniques, determines activity based on the organization’s business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls.

26
Q

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) describes internal control as consisting of five essential components, one of which is risk assessment. This component

Select one:
A. Sets the tone for internal control by providing resources, discipline, and structure.
B. Verifies adherence to control results and assists in identifying other procedures that the entity may wish to adopt.
C. Should be included in the audit as an internal control to minimize unforeseen events.
D. Considers management’s efforts to identify and analyze risks relevant to achieving predetermined objectives.

A

D. Considers management’s efforts to identify and analyze risks relevant to achieving predetermined objectives.

ARM 400 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions