Exam 2

Question 1

Internal Audit definition

Answer 1

It is an independent, objective, assurance and consulting activity designed to add value and improve an organizations operations

Question 2

How do Internal Auditors remain independent?

Answer 2

They report to the audit committee/board of directors
They are independent in function

Question 3

What types of audits do Internal Auditors do? (READ)

Answer 3

Financial
Compliance
Operational
Governance
Quality Control
Environmental
Sustainability

Question 4

What 3 types of audits do Governmental Auditors perform? (READ)

Answer 4

Financial Statement Audits
Attestation Audits
Performance Audits

Question 5

GAGAS definition

Answer 5

Generally
Accepted
Governmental
Auditing
Standards

Question 6

GAO definition

Answer 6

Governmental Accountability Office
Its the accounting, auditing, and investigative agency of the federal government

Question 7

Predication definition

Answer 7

Hints or clues that fraud may be occuring

Question 8

ACFE definition

Answer 8

Association of Certified Fraud Examiners

Question 9

What group or role (according to the ACFE) is responsible for detecting the most organizational fraud?

Answer 9

Employees at 55%

Question 10

How is Fraud Examination different from Financial Statement Audits?

Answer 10

Fraud Examination specifically checks for fraud
Financial Statement Audits check the financial statements for correctness

Question 11

Four Audit Objectives of an Internal Audit (READ)

Answer 11

1. Recognizing and analyzing the industry, business, and operational risks
2. Improving the effectiveness and efficiency of the operations
3. Ensuring compliance with management directives
4. Serving as managements representative

Question 12

3 IIA standards (READ)

Answer 12

Attribute Standards
Performance Standards
Implementation Standards

Question 13

Three parts of the CIA exam

Answer 13

Internal Audit Basics
Internal Audit Practice
Internal Audit Knowledge Elements

Question 14

Do Internal Audit Reports include both favorable and unfavorable findings?

Answer 14

Yes

Question 15

5 Things Unfavorable Internal Audit findings should include (READ)

Answer 15

1. Condition - what was found
2. Criteria - basis for determining that the condition was improper
3. Cause - Why did this happen
4. Effect - Why is this bad
5. Recommendation - What should be done about it

Question 16

What is known as ‘The Yellow Book’?

Answer 16

GAGAS

Question 17

Extra reports that GAGAS requires (READ)

Answer 17

Report on the fairness of the entity’s financial statements
Report on the entity’s compliance with laws and regulations
Report on the auditee’s internal control and control risk assessment

Question 18

What did the Single Audit Act of 1984 and the Amendments of 1996 accomplish?

Answer 18

They allow organizations to obtain a single audit that all agencies can rely on

Question 19

What is the Chain of Custody?

Answer 19

It is the evidence, interviews, interrogations, confessions, documents obtained by subpoena, and other things that are collected during a fraud case

Question 20

What are the 3 Types of Fraud?

Answer 20

Corruption
Asset Misappropriation
Financial Statement Fraud

Question 21

How long do most fraud cases last for?

Answer 21

About 12 months

Question 22

What are the top 3 departments that commit fraud?

Answer 22

Operations (15%)
Accounting (12%)
Executive/Upper Management (11%)

Question 23

What are the 4 points of the Fraud Diamond?

Answer 23

Pressure/motive
Opportunity
Rationalization
Ability

Question 24

What 3 bits of info is the auditor seeking when talking to a predecessor auditor?

Answer 24

Management integrity
Disagreements with management
Reason for auditor change

Question 25

Audit Plan

Answer 25

The comprehensive list of the specific procedures that the audit team needs to perform

Question 26

What is the overall goal of an audit plan?

Answer 26

To gather sufficient appropriate evidence on which to base an opinion on the financial statements

Question 27

What are some roles that are used to staff an audit? (READ)

Answer 27

Audit engagement partner
Audit manager
IT Auditor
Tax Specialist
Quality Assurance Partner
Audit Staff

Question 27

What role do IT Auditors play in an audit? (READ)

Answer 27

They evaluate the effect of computerized processing on the audit, understand the flow of transactions, and design and perform audit procedures

Question 28

Audit Effeciency

Answer 28

The amount of work an auditor performs

Question 29

Audit Effectiveness

Answer 29

How good the decisions or judgements an auditor makes are

Question 30

Auditor responsibilities when working with an auditor engaged specialist

Answer 30

You must know their qualifications and they should be unrelated to the client

Question 31

Auditor responsibilities when working with a company specialist

Answer 31

You must know their qualifications and consider their objectivity since they work with the company

Question 32

What are the 3 things that Time Reports are used for?

Answer 32

Evaluating efficiency of audit team members
Compiling a record for billing
Compiling a record for planning the next audit

Question 33

Tracing

Answer 33

Looks at the source document info to the financial statements
Front end to Back end
Deals with Completeness assertion

Question 34

Vouching

Answer 34

Looks at financial statement info to the source documents
Back end to Front end
Deals with Existence assertion

Question 35

Control Tests

Answer 35

They test the operating effectiveness of client internal control activities

Question 36

Substantive tests

Answer 36

Produce evidence about managements assertions related to the amounts and disclosures in a client’s financial statements

Question 37

What are the 2 types of substantive tests?

Answer 37

Substantive Analytical Procedures
Tests of Details

Question 38

What 4 audit procedures are related to control testing?

Answer 38

Documentary (inspection of)
Inquiry
Observation
Reperformance

Question 39

Is an attempt to communicate to the previous auditor required?

Answer 39

Yes

Question 40

What is an Engagement Letter

Answer 40

A letter to management that acts as a contract between the auditor and a client

Question 41

3 goals of audit planning (READ)

Answer 41

1. Make sure firm has enough staff to conduct audit in a timely and profitable manner
2. Determine materiality
3. Outline specific audit procedures that need to be executed

Question 42

For new clients do companies use experienced or new staff?

Answer 42

Experienced because of the complex transactions of a new company

Question 43

Do external auditors want to work with internal auditors?

Answer 43

Yes because it helps with effeciency

Question 44

What 2 things do external auditors have to consider before working with internal auditors?

Answer 44

The internal auditors objectivity and competence

Question 45

Are audit specialists usually referred to in the audit report?

Answer 45

Not unless their findings modify the report itself

Question 46

What is the Time Budget used for?

Answer 46

Used to maintain control of the audit by identifying problem areas early on to ensure completion on a timely basis

Question 47

Materiality

Answer 47

An amount that would influence the decisions of users

Question 48

Ultimately, what is materiality subject to?

Answer 48

Professional Judgement

Question 49

Analytical Procedures

Answer 49

When an auditor compares the expectation to a recorded balance

Question 50

When are Analytical Procedures required?

Answer 50

During the planning and review phases of the audit

Question 51

Permanent Files

Answer 51

Information of continuing audit significance

Question 52

Current Files

Answer 52

All documentation that is sufficient to support all conclusions on the audit

Question 53

How long should documentation be retained?

Answer 53

7 years from report release date or last day of fieldwork (if no report)

Question 54

Audit Risk

Answer 54

The risk that the auditor will express an inappropriate audit opinion when the financial statements are materially misstated

Question 55

Detection Risk

Answer 55

The risk that errors or fraud will not be caught by the auditors procedures

Question 56

All 4 types of risk in an audit are what?

Answer 56

Set, assessed, and calculated by the auditor

Question 57

What is the correlation between the nature timing and extent of audit procedures and detection risk?

Answer 57

The better the nature, timing, and extent of procedures the less likely you will not detect something

Question 58

3 characteristics of Fraud Risk Factors

Answer 58

Managements characteristics and influence
Industry conditions
Operating characteristics and financial stability

Question 59

What characteristics of an account balance would affect the inherent risk assessment? (READ)

Answer 59

Dollar size of accounts
Liquidity of accounts
Volume of transactions
Complexity of transactions
Subjective estimates

Question 60

What is the auditors responsibility for revenue in fraud risk assessment?

Answer 60

Revenue is the only account that for every audit must be assessed for improper recognition and must have an explanation why it is not a risk

Question 61

What are the 2 types of noncompliance with laws and regulations

Answer 61

Direct Effect Noncompliance
Indirect Effect Noncompliance

Question 62

Direct Effect Noncompliance

Answer 62

Noncompliance that produces direct and material effects on the financial statements

Question 63

Indirect Effect Noncompliance

Answer 63

Noncompliance that is not related to specific accounts or disclosures on the financial statements

Question 64

Inherent Risk

Answer 64

The possibility that a claim about the financial statements is incorrect

Question 65

Control Risk

Answer 65

The likelihood that the clients internal control system will fail to prevent or detect a material misstatement

Question 66

Fraud

Answer 66

The act of knowingly making material misrepresentations of fact with the intent of inducing someone to believe the falsehood and act on it

Question 67

Employee Fraud

Answer 67

The use of fraudulent means to misappropriate funds or other property from an employer

Question 68

Embezzlement

Answer 68

Type of fraud involving employees or nonemployees wrongfully misappropriating funds or property in their care

Question 69

Larceny

Answer 69

Simple Theft

Question 70

Defalcation

Answer 70

Another name for employee fraud, embezzlement, and larceny

Question 71

Are auditors required to obtain a thorough understanding of their clients business before audit planning?

Answer 71

Yes

Question 72

What do Preliminary Analytical Procedures do? (READ)

Answer 72

They identify potential problem areas
They provide a standard starting place to start examining the financial statements
They help familiarize the auditor with the clients business and identifying areas of risk

Question 73

5 steps of completing analytical procedures (READ)

Answer 73

1. Develop an expectation
2. Define a significant difference
3. Compare expectation with recorded amount
4. Investigate significant differences
5. Document each of the preceding steps

Question 74

Are Audit Team Brainstorming Discussions required?

Answer 74

Yes

Question 75

What is discussed in Audit Team Brainstorming sessions?

Answer 75

Previous experiences with client
How fraud might happen within the client
Procedures that might detect fraud

Question 76

Who should evidence of fraud be taken to by the auditor?

Answer 76

To management that is at least one level above the people involved

Question 77

What level of fraud is material?

Answer 77

ANY fraud committed by management

Question 78

Audit Strategy Memorandum

Answer 78

Memo that establishes an overall audit strategy that sets the scope, timing, and direction for auditing each relevant assertion

Question 79

What are the 3 limitations to an entitys internal control system?

Answer 79

Human error
Management override
Collusion

Question 80

What are the 5 components of an entitys internal control system?

Answer 80

Control activities
Risk assessment
Information and communication
Monitoring
control Environment

Question 81

Internal Control System Control Activities

Answer 81

The specific polices and procedures that help ensure management directives are carried out

Question 82

Internal Control System Risk Assessment

Answer 82

Managements identification, analysis, and management of relevant risks to achieving objectives

Question 83

Internal Control System Information and Communication

Answer 83

Auditors must understand the information systems that are relevant to the financial reporting

Question 84

Internal Control System Monitoring

Answer 84

Good monitoring systems have ongoing and separate evaluations that report on deficiencies

Question 85

Internal Control System Control Environment

Answer 85

Sets the tone at the top of the organization that influences the control consciousness of companies

Question 86

What is the external auditors responsibility for a clients internal control system?

Answer 86

They must audit and issue an opinion on the effectiveness of the internal control over financial reporting (ICFR)
Assess control risk to determine nature timing and extent of procedures performed

Question 87

What is managements responsibility for their own internal control system?

Answer 87

They must establish and maintain adequate internal control over the financial reporting
Also required to issue a self grading report on internal controls

Question 88

Which of the 5 components of an internal control system is considered the foundation and why?

Answer 88

Control Environment because it influences the control consciousness of a company

Question 89

What are some of the responsibilities of the audit committee? (READ)

Answer 89

Appointment, compensation, and oversight of the public accounting firm conducting the entity’s audit
Resolution of disagreements between management and the audit team
Approval of non-audit services provided by the public accounting firm performing the audit

Question 90

What are the 3 functional duties in an organization that must be separated?

Answer 90

Authorization
Recording
Custody

Question 91

Internal Control

Answer 91

A process designed to provide reasonable assurance regarding reliability of financial statements, efficiency of operations, and compliance with laws and regulations

Question 92

COSO Acronym (READ)

Answer 92

Committe Of Sponsoring Organizations of the national commission of fraudelnt financial reporting

Question 93

What is COSO also referred to as?

Answer 93

Treadway Commission

Question 94

Who created the Components of Internal Control?

Answer 94

COSO

Question 95

Audit Committee

Answer 95

Subcommittee of the board of directors
Composed of 3 to 6 outside members of the board
One member must be a financial expert

Question 96

What does the Audit Committee do?

Answer 96

It provides a buffer between the audit tam and the operating management

Question 97

Incompatible Responsibilities

Answer 97

Combinations of responsibilities that place a person alone in a position to create and conceal misstatements

Question 98

4 types of functional responsibilities that should be performed separately of each other

Answer 98

Authorization to execute transactions
Recording transactions
Reconsiliation of existing assets to recorded amounts
custody of assets involved in the transactions

Question 99

What is the main reason an auditor needs to understand a clients internal control system?

Answer 99

To determine the nature, timing, and extent of the audit procedures needed

Question 100

3 ways an auditor can document their understanding of a clients internal control system

Answer 100

Narrative description
Questionnaires
Flowcharts

Question 101

4 primary audit procedures auditors use to test internal controls from least to most persuasive

Answer 101

Documentation
Inquiry of client personnel
Observation of control activity being performed
Reperformance of control activity

Question 102

Entity Level Controls

Answer 102

Controls that are related to the entire internal control system and the reliability of the financial statements as a whole

Question 103

Transaction Level Controls

Answer 103

Controls that pertain to specific classes of transactions, account balances, and disclosures

Question 104

3 reports/opinions available for an auditor to give in an ICFR

Answer 104

Unqualified - Everything is good
Adverse - Something is off
Disclaim - No opinion given

Question 105

What is the main difference between a significant deficiency and a material weakness?

Answer 105

The severity of the deficiency

Question 106

Significant Deficiency

Answer 106

A deficiency that is important enough to merit attention to those charged with governance but is less severe than a material weakness

Question 107

Material Weakness

Answer 107

A weakness that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis

Question 108

What type of SOC Report is required and why?

Answer 108

The SOC 1 Type 2 report because only the type 2 describes the tests of operating effectiveness and provides an opinion on it

Question 109

Compensating control

Answer 109

A control activity that is relied upon because a different control is missing, improperly designed, or operating innefectively

Question 110

3 Phases of Internal Control Evaluation (READ)

Answer 110

1. Understand and document internal controls
2. Assess control risk
3. Identify controls to test and perform a test of controls

Question 111

Which form of Internal Control Documentation is the most common?

Answer 111

Narrative Description, which is usually paired with flowcharts

Question 112

2 situations where auditors can choose not to test internal controls

Answer 112

1. the internal control system is too ineffective to rely on
2. For nonissuers it would take more time to test the control activities than it would to perform the substantive tests

Question 113

What is required under Sarbanes-Oxley Section 404

Answer 113

Management assessment of the effectiveness of their entity’s internal control
Independent Auditor assessment of effectiveness of internal controls

Question 114

What is the auditor’s responsibility for Internal controls

Answer 114

They are required to obtain reasonable assurance of effective controls and to determine whether there is a material weakness at end of year or not

Question 115

Does the same auditor have to do both the financial statement audit and the internal control audit

Answer 115

Yes

Question 116

What is the Top-Down Process for Internal Controls

Answer 116

Starting at the Financial Statements and using them to figure out the risks and what to controls to test

Question 117

When are SOC reports used?

Answer 117

When anything in an internal control system is outsourced, auditors send SOC 1 Types 2 reports to get a good amount of information from the 3rd party

Question 118

Design Deficiency

Answer 118

A problem relating to either a necessary control that is missing or an existing control that is so poorly designed that it fails to satisfy the controls objective

Question 119

Operating Deficiency

Answer 119

When a properly designed control is either ignored or inappropriately applied

Question 120

Is “management review” a valid internal control?

Answer 120

No

Question 121

What is the special provision for issuers with common equity of less than $75 million?

Answer 121

They do not have to have an independent auditor report on the effectiveness of their internal controls