End of chapter MC Flashcards

1
Q

. Which of the following are components of the definition of internal auditing?

a. Independence and objectivity.

b. A systematic and disciplined approach.

c. Helping the organization accomplish its objectives.

d. All of the above.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Assurance, Insight, and Objectivity comprise:

a. The mission of internal auditing.

b. The three lines model.

c. The objectives of internal auditing.

d. The value proposition.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Independent outside auditors provide financial reporting assurance services primarily for:

a. The benefit of third parties.

b. Management.

c. Board of directors.

d. The CEO.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AVF Company’s new CFO has asked the company’s CAE to meet with him to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal audit is to:

a. Serve as an independent assurance and consulting activity designed to add value and improve the company’s operations.

b. Assess the company’s methods for safeguarding its assets and, as appropriate, verify the existence of the assets.

c. Review the integrity of financial and operating information and the methods used to accumulate and report information.

d. Determine whether the company’s system of internal controls provides reasonable assurance that information is effectively and efficiently communicated to management.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following statements is not true about business objectives?

a. Business objectives represent targets of performance.

b. Establishing meaningful business objectives is a prerequisite to effective internal control.

c. Establishing meaningful business objectives is a key component of the management process.

d. Business objectives are management’s means of employing resources and assigning responsibilities.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Within the context of internal auditing, assurance services are best defined as:

a. Objective examinations of evidence for the purpose of providing independent assessments.

b. Advisory services intended to add value and improve an organization’s operations.

c. Professional activities that measure and communicate financial and business data.

d. Objective evaluations of compliance with policies, plans, procedures, laws, and regulations.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is mandatory guidance within the IPPF?

a. Implementation guidance.

b. Supplemental guidance.

c. The value proposition.

d. The core principles.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is recommended guidance within the IPPF?

a. The Definition of Internal Auditing.

b. The Standards.

c. Supplemental guidance.

d. None of the above.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

. The Internal Audit Foundation exists to help audit leaders, practitioners, students, and academics experience continuous growth in their careers to propel them to become:

a. Strong assurance providers.

b. Trusted advisors.

c. Independent outside auditors.

d. CAEs.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

. Which of the following is one of the 5 Cs essential to success as an internal auditor?

a. Courage.

b. Consistency.

c. Collaboration.

d. Candidness.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a framework that can help individual internal auditors and internal audit functions assess their current competency levels and identify areas for improvement?

a. Internal Control – Integrated Framework.

b. International Professional Practices Framework.

c. Internal Audit Competency Framework.

d. Enterprise Risk Management Framework.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Internal auditors must have competent interpersonal skills. Which of the following does not represent an attribute of interpersonal skills?

a. Communication.

b. Leadership.

c. Project management.

d. Team capabilities.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

While planning an internal audit, the internal auditor obtains knowledge about the auditee to, among other things:

a. Develop an attitude of professional skepticism about management’s assertions.

b. Develop an understanding of the auditee’s objectives and risks.

c. Make constructive suggestions to management concerning internal control improvements.

d. Evaluate whether misstatements in the auditee’s performance reports should be communicated to senior management and the audit commitE.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A primary purpose of the Standards is to: IPPF

a. Promote coordination of internal and external audit efforts.

b. Establish a basis for evaluating internal audit performance.

c. Develop consistency in internal audit practices.

d. Provide a codification of existing practices.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following are “mandatory guidance” in The IIA’s IPPF?

I.Implementation Guides.

II.The Code of Ethics.

III. The Definition of Internal Auditing.

IV.The Standards.

A

2,3,4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An internal auditor is auditing a division in which the division’s chief financial officer (CFO) is a close friend. The auditor learns that the friend is to be replaced after a series of critical contract negotiations with the Department of Defense. The auditor relays this information to the friend. Which principle of The IIA’s Code of Ethics has been violated?

a. Integrity.

b. Objectivity.

c. Confidentiality.

d. Privacy.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is not an appropriate governance role for an organization’s board of directors?

a. Evaluating and approving strategic objectives.

b. Influencing the organization’s risk-taking philosophy.

c. Providing assurance directly to third parties that the organization’s governance processes are effective.

d. Establishing broad boundaries of conduct, outside of which the organization should not operate.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following are typically governance responsibilities of executive management?

I.Delegating its tolerance levels to lower-level managers.

II.Monitoring day-to-day performance of specific risk management activities.

III. Establishing a governance committee of the board.

IV.Ensuring that sufficient information is gathered to support reporting to the board.

A

1,4

19
Q

Who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the organization’s governance process?

a. The board of directors.

b. Executive management.

c. Management.

d. The internal audit function

A

B

20
Q

The internal audit function should not:

a. Assess the organization’s governance and risk management processes.

b. Provide advice about how to improve the organization’s governance and risk management processes.

c. Oversee the organization’s governance and risk management processes.

d. Coordinate its governance and risk management-related activities with those of the independent outside auditor.

A

C

21
Q

Which of the following would not be considered a first line role in the Three Lines Model?

a. A divisional controller conducts a peer review of compliance with financial control standards.

b. An accounts payable clerk reviews supporting documents before processing an invoice for payment.

c. An accounting supervisor conducts a monthly review to ensure all reconciliations were completed properly.

d. A production line worker inspects finished goods to ensure the company’s quality standards are met.

A

A

22
Q

Which of the following would be considered a first line role in the Three Lines Model?

a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.

b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training.

c. The external audit team observes the counting of inventory on December 31.

d. An internal audit team conducting an engagement to provide assurance on the company’s Sarbanes-Oxley compliance with internal controls over financial reporting.

A

A

23
Q

Which of the following would be considered a second line role in the Three Lines Model?

a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.

b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training.

c. A shift supervisor inspecting a sample of finished goods to ensure quality standards are met.

d. An internal audit team conducting an engagement to provide assurance on the company’s Sarbanes-Oxley compliance with internal controls over financial reporting.

A

B

24
Q

According to COSO ERM, which of the following is not an inherent challenge that arises as part of establishing strategy and business objectives?

a. Ensuring culture is clearly articulated by the board.

b. Possibility of strategy not aligning.

c. Implications from the strategy chosen.

d. Risk to achieving the strategy.

A

a

25
Q

which of the following risk management activities is out of sequence in terms of timing?

a. Identify, assess, and prioritize risks.

b. Develop risk responses/treatments.

c. Determine key organizational objectives.

d. Monitor the effectiveness of risk responses/treatments.

A

c

26
Q

Who is responsible for implementing ERM?

a. The chief financial officer.

b. The chief audit executive.

c. The chief compliance officer.

d. Management throughout the organization.

A

d

27
Q

Which of the following is not a potential value driver for implementing ERM?

a. Financial results will improve in the short run.

b. There will be fewer surprises from year to year.

c. There will be better information available to make risk decisions.

d. An organization’s risk appetite can be aligned with strategic planning

A

a

28
Q

Which of the following is the best reason for the CAE to consider the organization’s strategic plan in developing the annual internal audit plan?

a. To emphasize the importance of the internal audit function to the organization.

b. To ensure that the internal audit plan will be approved by senior management.

c. To make recommendations to improve the strategic plan.

d. To ensure that the internal audit plan supports the overall business objectives.

A

d

29
Q

When senior management accepts a level of residual risk that the CAE believes is unacceptable to the organization, the CAE should:

a. Report the unacceptable risk level immediately to the chair of the audit committee and the independent outside audit firm partner.

b. Resign his or her position in the organization.

c. Discuss the matter with knowledgeable members of senior management and, if not resolved, take it to the audit committee.

d. Accept senior management’s position because it establishes the risk appetite for the organization.

A

c

30
Q

The CAE is asked to lead the enterprise risk assessment as part of an organization’s implementation of ERM. Which of the following would not be relevant with respect to protecting the internal audit function’s independence and the objectivity of its internal auditors?

a. A cross-section of management is involved in assessing the impact and likelihood of each risk.

b. Risk owners are assigned responsibility for each key risk.

c. A member of senior management presents the results of the risk assessment to the board and communicates that it represents the organization’s risk profile.

d. The internal audit function obtains assistance from an outside consultant in the conduct of the formal risk assessment session.

A

d

31
Q

When assessing the risk associated with an activity, an internal auditor should:

a. Determine how the risk should best be managed.

b. Provide assurance on the management of the risk.

c. Update the risk management process based on risk exposures.

d. Design controls to mitigate the identified risks.

A

B

32
Q

The function of the chief risk officer is most effective when he or she:

a. Manages risk as a member of senior management.

b. Shares the management of risk with line management.

c. Shares the management of risk with the CAE.

d. Monitors risk as part of the ERM team.

A

d

33
Q

Enterprise risk management:

a. Guarantees achievement of business objectives.

b. Requires establishment of risk and control activities by internal auditors.

c. Involves the identification of events with negative impacts on business objectives.

d. Includes selection of best risk response for the organization.

A

c

34
Q

. What is a business process?

a. How management plans to achieve the organization’s objectives.

b. The set of connected activities linked with each other for the purpose of achieving an objective or goal.

c. A group of interacting, interrelated, or interdependent elements forming a complex whole.

d. A finite endeavor (having specific start and completion dates) undertaken to create a unique product or service that brings about beneficial change or added value.

A

b

35
Q

Which of the following symbols in a process map will most likely contain a question?

a. Rectangle.

b. Diamond.

c. Arrow.

d. Oval

A

b

36
Q

After business risks have been identified, they should be assessed in terms of their inherent:

a. Impact and likelihood.

b. Likelihood and probability.

c. Significance and severity.

d. Significance and control effectiveness.

A

a

37
Q

A major upgrade to an important information system would most likely represent a high:

a. External risk factor.

b. Internal risk factor.

c. Other risk factor.

d. Likelihood of future systems problems.

A

b

38
Q

How does a control manage a specific risk?

a. It reduces the likelihood of the event giving rise to the risk.

b. It reduces the impact of the event giving rise to the risk.

c. It reduces either likelihood or impact or both.

d. It prevents the occurrence of the event.

A

c

39
Q

Which of the following best describes an internal auditor’s purpose in reviewing the organization’s existing governance, risk management, and control processes?

a. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives.

b. To ensure that weaknesses in the internal control system are corrected.

c. To provide reasonable assurance that the processes will enable the organization’s objectives and goals to be met efficiently and economically.

d. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated.

A

c

40
Q

An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement?

a. Determine whether policies exist that describe the risks the treasurer may take and the types of instruments in which the treasurer may invest.

b. Determine the extent of management oversight over investments in sophisticated instruments.

c. Determine whether the treasurer is getting higher or lower rates of return on investments than treasurers in comparable organizations.

d. Determine the nature of monitoring activities related to the investment portfolio.

A

c

41
Q

Who has primary responsibility for the monitoring component of internal control?

a. The organization’s independent outside auditor.

b. The organization’s internal audit function.

c. The organization’s management.

d. The organization’s board of directos.

A

c

42
Q

The risk assessment component of internal control involves the:

a. Independent outside auditor’s assessment of residual risk.

b. Internal audit function’s assessment of control deficiencies.

c. Organization’s identification and analysis of the risks that threaten the achievement of its objectives.

d. Organization’s monitoring of financial information for potential material misstatements.

A

c

43
Q

When assessing the risk associated with an activity, an internal auditor should:

a. Determine how the risk should best be managed.

b. Provide assurance on the management of the risk.

c. Update the risk management process based on risk exposures.

d. Design controls to mitigate the identified risks.

A

b

44
Q

Determining that engagement objectives have been met is ultimately the responsibility of the:

a. Internal auditor.

b. Audit committee.

c. Internal audit supervisor.

d. CAE.

A

d