Operational Role of internal audit 1 Flashcards
An internal auditor is preparing procedures to verify the integrity of data in a database application. Theÿbestsource of information for the auditor to determine data field definitions is the: Data definition language. Data subschemas. Data dictionary. Data manipulation language.
Data dictionary.
Internal auditing departments are often requested to coordinate their work with that of the external auditors. Which of the following activities wouldÿmostlikely be restricted to the external auditor?
Evaluating the system of controls over cash collections and similar transactions
Attesting to the fairness of presentation of cash position
Evaluating the adequacy of the organization?s overall system of internal controls
Reviewing the system established to ensure compliance with policies and procedures that could have a significant impact on operations
Attesting to the fairness of presentation of cash position
Which of the following controls would be most efficient in reducing common data input errors? Keystroke verification. Balancing and reconciliation. Batch totals. A set of well-designed edit checks.
A set of well-designed edit checks.
The consultative approach to auditing emphasizes:
Participation with auditees to improve methods.
Imposition of corrective measures.
Fraud investigation.
Implementation of policies and procedures.
Participation with auditees to improve methods.
Using test data, an auditor has processed both normal and atypical transactions through a computerized payroll system to test calculation of regular and overtime hours. Sufficient competent evidence of controls exists if:
Exceptions are mapped to identify the control logic executed.
Test data results are compared to predetermined expectations.
No other tests are performed.
Test result data are tagged to instigate creation of an audit data file.
Test data results are compared to predetermined expectations.
An audit of the receiving function at the company?s distribution center revealed inadequate control over receipts. Which of the following controls would be appropriate for the receiving function?
Ensure that the warehouse-receiving department has a purchase order copy with the units described omitting both prices and quantities.
Ensure that the warehouse-receiving department has a true copy of the original purchase order.
Require that all receipts receive the approval of the warehouse manager.
To ensure adequate separation of duties, the warehouse-receiving clerk should work independently from the warehouse manager.
Ensure that the warehouse-receiving department has a purchase order copy with the units described omitting both prices and quantities.
An organization uses a service bureau to process its hourly payroll transactions. The internal auditor is concerned that the hourly payroll for the year has been processed correctly and, in particular, the computation of employee withholding for pension contributions is in accordance with the union contract, which specifies charges each quarter. Which of the following audit procedures wouldÿbestaccomplish the audit objective?
Select a random sample of all hourly payroll transactions for the reporting period, recompute pay and withholding items, and compare the result with that obtained from the service bureau.
Select a discovery sampling of all payroll transactions for an entire reporting period and then follow up on any findings.
Select a stratified sample of all hourly and salaried payroll transactions for an entire reporting period, perform the necessary activities, and then compare the result with that obtained from the service bureau.
Submit a set of test data to the service bureau during an annual audit and compare the service bureau?s processing with the auditor?s predetermined computations on the same test data.
Submit a set of test data to the service bureau during an annual audit and compare the service bureau?s processing with the auditor?s predetermined computations on the same test data.
During an audit of environmental protection devices at a hazardous materials research center, the auditor has reviewed the architect?s alarm device specifications, examined invoices for the devices, and interviewed the plant safety officer responsible for installation. The main concern of these procedures is assurance that:
The specified alarm system was purchased and installed.
The alarm system actually works.
The specified alarm system design is adequate.
The alarm system meets statutory requirements.
The specified alarm system was purchased and installed.
An internal auditor is planning an operational audit of a computer center. Which of the following items would normally be consideredÿmostÿimportant?
Ascertaining the existence of adequate measures of operational results.
Conducting a survey of computer vendors to be used in future purchases.
Computing required amounts of diskettes, paper, and other supplies.
Determining the age and condition of the mainframe computer.
Ascertaining the existence of adequate measures of operational results.
An audit assistant found a purchase order form for a regular supplier in the amount of $5,500. The purchase order was dated after receipt of the goods. The purchasing agent explained that he had forgotten to issue the purchase order. Also, a disbursement of $450 for materials did not have a receiving report. The assistant wanted to select additional purchase orders for investigation but was unconcerned about the lack of a receiving report. The audit director should:
Disagree with the assistant since all problems directly related to cost have an equal risk of loss associated with them.
Disagree with the assistant since the lack of a receiving report has a greater risk of loss associated with it.
Agree with the assistant since the amount of the purchase order exception was considerably larger than the receiving report exception.
Agree with the assistant since the receiving clerk had assured the cash disbursement clerk that the failure to fill out a report did not happen very often.
Disagree with the assistant since the lack of a receiving report has a greater risk of loss associated with it.
An auditor is performing an operational audit of a division and observes that an unusually large quantity of goods is on hand in the shipping and materials rework areas. The items are labeled as reship items. Upon inquiry, the auditor is told that they are goods that have been returned by customers and have been either repaired or shipped back to the original customer or repaired and shipped out as new products because they are fully warranted.
Assume that subsequent investigation shows that previously issued financial statements were materially misstated due to the improper recognition of sales. The auditor?s next step should be to:
Inform divisional management as a preliminary finding but wait until a formal audit report is issued to inform the audit committee.
Inform the external auditor, senior management, the board, and the audit committee.
Inform senior management, the board, and the audit committee.
Immediately inform the external auditor and the divisional manager.
Inform senior management, the board, and the audit committee.
An auditor is observing cash sales to determine if customers are given written receipts. The objective of this test is to ensure that:
All cash sales are recorded.
Cash received equals the total of the receipts.
Customers are charged authorized prices.
Cash balances are correct.
All cash sales are recorded.
Inefficient usage of excess computer equipment can be controlled by: System feasibility studies. Capacity planning. Exception reporting. Contingency planning.
Capacity planning.
In planning a system of internal operating controls, the role of the internal auditor is to:
Design the controls.
Establish the policies for controls.
Appraise the effectiveness of the controls.
Create the procedures for the planning process.
Appraise the effectiveness of the controls.
Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system?
Processing time is increased.
The nature of the firm?s risk exposure is reduced.
Processing errors are increased.
Traditional duties are less segregated.
Traditional duties are less segregated.
According to the IIA Standards, a fraud report is required:
At the conclusion of the detection phase.
Neither at the conclusion of the detection phase nor at the conclusion of the investigation phase.
At the conclusion of both the detection and the investigation phases.
At the conclusion of the investigation phase.
At the conclusion of the investigation phase.
Erroneous management decisions might be the result of incomplete information. Theÿbestÿcontrol to detect a failure to process all valid transactions is:
Periodic user submission of test data.
User review of selected output and transactions rejected by edit checks.
Controlled output distribution.
Decollation of output.
User review of selected output and transactions rejected by edit checks.
During the audit of a company?s purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supply firm whose owner was the brother of the director of purchasing. There were no policies or controls in place to restrict such purchases, and no fraud appears to have been committed. In this case, the internal auditor should recommend:
The inspection of all receipts by receiving inspectors.
The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing.
Establishment of a price policy (range) for all goods.
The initiation of a conflict-of-interest policy.
The initiation of a conflict-of-interest policy.
During an audit, the internal auditor found a scheme in which the warehouse director and the purchasing agent for a retail organization diverted approximately $500,000 of goods to their own warehouse, then sold the goods to third parties. The fraud was not noted earlier since the warehouse director forwarded receiving reports (after updating the perpetual inventory records) to the accounts payable department for processing.
Which of the following procedures would haveÿmostÿlikelyÿled to the discovery of the missing materials and the fraud?
Take a random sample of sales invoices and trace to the perpetual records to see if inventory was on hand. Investigate any differences.
Take a random sample of purchase orders and trace them to receiving documents and to the records in the accounts payable department.
Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences, and investigating.
Take a random sample of receiving reports and trace to the recording in the perpetual inventory record. Note differences and investigate by type of product.
Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences, and investigating.
An international nonprofit organization finances medical research. The majority of its revenue and support comes from fundraising activities, investments, and specific grants from an initial sponsoring corporation. The organization has been in operation over 15 years and has a small internal audit department. The organization has just finished a major fundraising drive that raised $500 million for the current fiscal period.
The following are selected data from recent financial statements:
Assume the auditor finds a number of instances in which travel and entertainment reimbursements going to the president seem excessive and inconsistent with the charter of the organization. Before an audit report is issued, a front-page article appears in a major financial newspaper alleging that the president has been using the organization?s funds for personal purposes. The auditor has enough information to confirm the allegations made in the newspaper article. The auditor is called by the newspaper and by a financial magazine in an attempt to confirm the facts. Which of the following would be theÿbestÿresponse by the auditor?
Respond truthfully and fully since the auditor is in a position to confirm the facts that concern the president, not the organization.
Provide information off the record so that the article does not state who gave the information.
Direct the inquiry to the audit committee or the board of directors.
Respond that the investigation is not complete.
Direct the inquiry to the audit committee or the board of directors.
In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The important characteristic that distinguishes fraud from other varieties of white-collar crime is that:
Unlike other white-collar crimes, fraud is always perpetrated against an outside party.
White-collar crime usually is perpetrated for the benefit of an organization, whereas fraud benefits an individual.
Outsiders usually perpetrate white-collar crime to the detriment of an organization, whereas insiders perpetrate fraud to benefit the organization.
Fraud encompasses an array of irregularities and illegal acts that involve intentional deception.
Fraud encompasses an array of irregularities and illegal acts that involve intentional deception.
A determination of cost savings is most likely to be an objective of: Operational auditing. Program results auditing. Compliance auditing. Financial auditing.
Operational auditing.
A company uses a local area network (LAN) to connect its four city area sales offices to the headquarter office. Sales information such as credit approval and other customer information, prices, account information, and so on is maintained at headquarters. This office also houses the inventory and shipping functions. Each area office is connected to the headquarters? office computer, and messages/information between the area offices pass through the headquarters? computer. This communication configuration allows for real-time confirmation of shipments as well as billing and account status. The company is concerned about the accuracy and sensitivity of its information and has implemented controls to protect the database used by the area offices. (1)ÿThe data are modeled after a tree structure, with each record type having any number of lower-level dependent records. The relationship is a one-to-many rather than a many-to-many relationship. When a user enters the system, a series of questions is asked of the user. These (2)ÿquestions include a name and mother?s birth date. The headquarters computer maintains a (3)ÿmatrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program.
A recent addition to the system controls involves a lockout procedure. This procedure (4)ÿlocks out a particular record to other sales offices while a particular sales office is using the record. This control ensures that each transaction has the most recent and accurate information available when the sales office is processing the event.The questions described in (2) are primarily intended to provide:
Authentication of the user.
Data integrity control.
Access control to computer hardware.
Authorization for processing.
Authentication of the user.
A manufacturer of hospital equipment uses three vendors to supply about half of the materials used in its operations. Invoices from these vendors are transmitted directly to the company through electronic data interchange (EDI) with custom-developed software. In a systems development and postimplementation review, the internal auditor was involved with assessing and testing the EDI system and found no significant problems. Other manufacturing materials are obtained through routine purchase orders prepared by buyers in the purchasing department. Materials from EDI vendors are delivered to the receiving dock where personnel verify that the goods are authorized purchases, look for shipping damage, and record receipt into the system using barcode technology. Materials purchased from non-EDI vendors are delivered to the receiving dock and recorded manually on receiving reports. Copies of these reports are given to the purchasing and accounts payable departments. The internal audit department is scheduled to complete a full audit of the purchasing and accounts payable cycle before the end of the year. However, there are severe time pressures because other matters delayed the start of the audit.
The auditor determined that the risks associated with the EDI purchases were less than the risks associated with the purchases made through the traditional system. Which one of the following factorsÿbestÿsupports this prioritization of risks?
The external auditor did not examine EDI purchase controls during the annual financial audit.
There are three vendors connected through EDI.
The internal auditors were involved with systems development and testing of the EDI software.
About half of the materials are purchased through EDI.
The internal auditors were involved with systems development and testing of the EDI software.
An internal auditor is auditing a division?s accounts and is concerned that the division?s management may have shipped poor-quality merchandise in order to boost sales and profitability for the year and thereby boost the division manager?s bonus. Furthermore, the auditor suspects that returned goods are being shipped to other customers as new products without defects being fully corrected. Which of the following audit procedures would be theÿleasteffective in determining whether such shipments took place?
Examine credit memos issued after year-end for goods shipped before year-end.
Interview customer service representatives regarding unusual amounts of customer complaints.
Physically observe the shipping and receiving area for evidence of returned goods.
Require the division to take a complete physical inventory at year-end, and observe the taking of the inventory.
Require the division to take a complete physical inventory at year-end, and observe the taking of the inventory.
In the course of performing an audit, an internal auditor becomes aware of illegal acts being performed by several of the highest-ranking officers of the company. To whom should the findings of the audit report be addressed?
The audit committee of the board of directors.
Members of the news media.
The officers involved in the illegal acts.
Line-level supervision.
The audit committee of the board of directors.
A life insurance company refunds overpayments received from policyholders on their policy loans. The risk of material losses from errors and irregularities related to such refunds are greatest with respect to:
Employing individuals of questionable integrity in the disbursing function.
Retaining employees in the same position over long periods of time.
Posting disbursements of refunds to the wrong policyholder borrower.
Allowing refund checks to be issued before authorization is obtained.
Allowing refund checks to be issued before authorization is obtained.
A rental car company?s fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day?s material request forms and is then forwarded to the fleet manager for approval. The use of transaction codes provides the fleet manager with information concerning the types of inventory activity. The auditor is considering an analytical review of transaction codes and materials used. The objective of this review is to:
Identify possible material lost due to employee theft.
Reveal shortages in perpetual inventory records.
Determine whether inventory items are properly valued.
Provide evidence of inventory items that are overstocked.
Identify possible material lost due to employee theft.
The total interruption of processing throughout a distributed information technology system is minimized by a control or concept referred to as: Backup and recovery. Data file security. Fail-soft protection. The system log.
Fail-soft protection.
The auditor finds a situation where one person has the ability to collect receivables, make deposits, issue credit memos, and record receipt of payments. The auditor suspects the individual may be stealing from cash receipts. Which of the following audit procedures would bemostÿeffective in discovering fraud in this scenario?
Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.
Send positive confirmations to a random selection of customers.
Take a sample of bank deposits and trace the detail in each of the bank deposit back to the corresponding entry in the cash receipts journal.
Send negative confirmations to all outstanding accounts receivable customers.
Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.
A multinational company has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the company?s electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the company performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the company and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the company?s fiscal year. This period was chosen so it would not interfere with processing during the VAN?s peak transaction periods. This provision was not reviewed with internal auditing. The annual audit plan approved by the board of directors specifies that a full audit would be done during the current year.
Which of the following preprocessing controls isÿleastÿlikely to provide the auditor with assurance about the validity of transactions?
Exception processing
Verification of the requestor
Decryption of data
Authentication of information
Decryption of data
Expert systems consist of:
Hardware and software used to automate routine tasks.
Software packages with the ability to make judgment decisions.
A panel of outside consultants.
Hardware designed to make judgment decisions.
Software packages with the ability to make judgment decisions.
A control that prevents purchasing agents from favoring certain suppliers in placing orders is:
Periodic rotation of buyer assignments.
A monthly report of total dollars committed by each buyer.
Monitoring the number of orders placed by each buyer.
Requiring buyers to adhere to detailed product specifications.
Periodic rotation of buyer assignments.
To determine whether there have been any unauthorized program changes since the last authorized program update, theÿbestÿinformation technology audit technique is for the auditor to conduct a(n): Test data run. Code review. Code comparison. Analytical review.
Code comparison.
Contributions to a nonprofit organization have been constant for the past three years. The audit committee has become concerned that the president may have embarked on a scheme in which some of the contributions from many sustaining members have been redirected to other organizations. The audit committee suspects that the scheme may involve taking major contributions and depositing them in alternative accounts or soliciting contributions to be made in the name of another organization. Which of the following audit procedures would bemostÿeffective in detecting the existence of such a fraud?
Use analytical review procedures to compare contributions generated with those of other comparable institutions over the same period of time. If the amount is significantly less, take a detailed sample of cash receipts and trace to the bank statements.
Take a sample that includes all large donors for the past three years and a statistical sample of others, and request a confirmation of total contributions made to the organization or to affiliated organizations.
Take a discovery sample of cash receipts and confirm the amounts of the receipts with the donors. Investigate any differences.
Use generalized audit software to take a sample of pledged receipts not yet collected and confirm the amounts due with the donors.
Take a sample that includes all large donors for the past three years and a statistical sample of others, and request a confirmation of total contributions made to the organization or to affiliated organizations.
An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal auditing department to review the new system. The auditor is concerned that retired employees are not receiving the correct benefits. Which of the following auditing procedures would be theÿleastÿeffective in addressing this concern?
Use generalized audit software to take a classical variables sample of retired employees on the database. Verify that all benefit payments are appropriate.
Use an integrated test facility and submit transactions over a period of time to determine if the system is paying the appropriate benefits.
Take a sample of employees added to the retirement list for a specified time period?for example, a day or a week?and determine that they are scheduled for the appropriate benefits.
Use generalized audit software to take a variables sample stratified on years since retirement and size of benefit payments. Verify that all benefit payments are appropriate.
Take a sample of employees added to the retirement list for a specified time period?for example, a day or a week?and determine that they are scheduled for the appropriate benefits.
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are issued defense contracts on a cost-plus basis. Contracts are clearly written defining acceptable costs, including developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those that had been used for years in the defense industry. The legislative auditors are being called on to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.Assuming that a high degree of security is needed, which of the following potential sources of evidence would also be relevant to the auditor?s assessment of whether the governmental unit is being charged for computer security that exceeds the entity?s needs?
I. Comparison of the security system with best practices implemented for similar systems
II. Comparison of the security system with recent publications on state of the art systems
III. Tests of the functionality of the security system
I and II only.
III only.
I, II, and III.
II only.
I and II only.
During the audit of the receiving department, an internal auditor examined a physical shipment of goods to verify the accuracy of the completed receiving report. Evidence showed that the number of units in the shipment did not agree with the quantity shown on the receiving report. Which of the following may have led to this error?
Displaying amounts ordered on the receiving department?s copy of the purchase order.
Improper authorization of the purchase.
Failure of receiving personnel to compare the quality of goods received with specifications.
Lack of standards for selecting vendors.
Displaying amounts ordered on the receiving department?s copy of the purchase order.
To maximize its cash position and increase earnings on invested cash, management has increased the frequency of billings to customers and eliminated all noninterest-bearing accounts. To maintain an undisturbed maximum cash balance for investment purposes, portions of cash received are used to cover current expenditures. By estimating the float on checks received and deposited, the company has reduced excess cash balances otherwise needed to meet normal transaction needs. Interbank transfers have also been employed to consolidate funds available for investment. A major control weakness in the case described above is the:
Increased frequency of billings.
Use of cash received to cover cash expenditures.
Use of interbank transfers.
Elimination of noninterest-bearing accounts.
Use of cash received to cover cash expenditures.
A manufacturing firm uses hazardous materials in production of its products. An audit of these hazardous materials may include:
I. Recommending an environmental management system as a part of policies and procedures.
II. Verifying the existence of cradle-to-grave (creation to destruction) tracking records for these materials.
III. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit.
IV. Evaluating the cost provided for in an environmental liability accrual account.
III and IV.
II only.
I and II only.
I, II, and IV.
I, II, and IV.
In a comprehensive audit of a not-for-profit activity, an internal auditor would be primarily concerned with the:
Extent of achievement of the organization?s mission.
Accuracy of reports on the source and use of funds.
Extent of compliance with policies and procedures.
Procedures related to the budgeting process.
Extent of achievement of the organization?s mission.
A company uses a local area network (LAN) to connect its four city area sales offices to the headquarter office. Sales information such as credit approval and other customer information, prices, account information, and so on is maintained at headquarters. This office also houses the inventory and shipping functions. Each area office is connected to the headquarters? office computer, and messages/information between the area offices pass through the headquarters? computer. This communication configuration allows for real-time confirmation of shipments as well as billing and account status. The company is concerned about the accuracy and sensitivity of its information and has implemented controls to protect the database used by the area offices. (1)ÿThe data are modeled after a tree structure, with each record type having any number of lower-level dependent records. The relationship is a one-to-many rather than a many-to-many relationship. When a user enters the system, a series of questions is asked of the user. These (2)ÿquestions include a name and mother?s birth date. The headquarters computer maintains a (3)ÿmatrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program.
A recent addition to the system controls involves a lockout procedure. This procedure (4)ÿlocks out a particular record to other sales offices while a particular sales office is using the record. This control ensures that each transaction has the most recent and accurate information available when the sales office is processing the event.
The database system described in (1) above is an example of which type of database model?
Hierarchical.
Relational.
Network.
Distributed.
Hierarchical.
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
Management is exploring different ways of reducing or preventing pollution in manufacturing operations. The objective of a pollution prevention audit is to identify opportunities where waste can be minimized and pollution can be eliminated at the source rather than controlled at the end of a process. In what order should the following opportunities to reduce waste be considered?
I. Recycle and reuse
II. Elimination at the source
III. Energy conservation
IV. Recovery as a usable product
V. Treatment
III, IV, II, V, and I.
IV, II, I, III, and V.
V, II, IV, I, and III.
I, III, IV, II, and V.
IV, II, I, III, and V.
Management believes that some specific sales commissions for the year were too large. The accuracy of the recorded commission expense for specific salespersons is best determined by:
Computation of selected sales commissions.
Tests of overall reasonableness.
Use of analytical procedures.
Calculating commission ratios.
Computation of selected sales commissions.
The auditor?s organization has several decades of experience with computing in mainframe environments. Two years ago, the organization also implemented end-user computing in several departments. In auditing the end-user computing environment, the auditor is concerned that the end-user environment is less likely to have adequate software and hardware facilities for: Change control procedures. Relational database queries. Encryption of sensitive data. Input validation for transactions.
Change control procedures.
To ensure the completeness of a file update, the user department retains copies of all unnumbered documents submitted for processing and checks these off individually against a report of transactions processed. This is an example of the use of: Computer sequence checks. Established batch totals. One-for-one checking. Computer matching.
One-for-one checking.
An internal audit department had been requested to perform an audit to determine whether the organization was in compliance with a particular set of laws and regulations. The audit did not reveal any issues of noncompliance but did reveal that the organization did not have an established system to ensure compliance with the applicable laws and regulations. The auditor?s responsibility is to:
I. Report that no significant compliance issues were noted.
II. Report that the organization has a significant control deficiency because management has not established a system to ensure compliance.
III. Meet with management to determine what follow-up action will be taken.
IV. Monitor to determine that follow-up action has been taken.
I, II, III, and IV.
I and II only.
I only.
II and III only.
I, II, III, and IV.
Management of a manufacturing company has requested the internal auditing department perform an audit of the cash management system to evaluate the adequacy of existing internal controls over cash management and identify opportunities to increase management control and operating efficiency. The company has four manufacturing divisions located in diverse geographic areas. The company has delegated day-to-day cash management to each local operating division. Excess cash is invested in short-term cash management programs of local financial institutions. These short-term investments are the only source of interest income for the operating divisions. Each division has a line of credit with a local financial institution but must arrange long-term financing needs through corporate headquarters.
In performing a review of cash management procedures in the divisions during the preliminary audit planning, the internal auditor has noted that management is concerned that:
‘++ Some divisions have excess cash balances and might not be investing short-term balances in a manner to maximize returns to the company.
‘++One division has automated the processing of cash receipts, but has not implemented proper control procedures to ensure that all cash will be recorded.
‘++The divisions? cash management procedures may not be consistent with overall corporate objectives (i.e., there may not be proper coordination between corporate headquarters and divisions regarding cash management).
Upon investigation, the auditor finds that one division consistently has large amounts of excess cash at a time when the organization is borrowing heavily and using the proceeds to support other divisions. The best control procedure to address this concern, without a major change in procedures, would be to:
Centralize all cash processing.
Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management.
Implement electronic data interchange with major customers to facilitate the timing of cash receipts.
Require each division to handle its own long-term financing, thereby forcing them all to better match their cash needs and sources.
Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management.
To ensure that a computer file is accurately updated in total for a particular field, theÿbestÿcontrol is: Computer matching. Check digit. Run-to-run totals. Transaction log.
Run-to-run totals.
The IIAÿStandardsÿrequire an internal auditor to exercise due professional care in performing internal audits. This includes:
Evaluating established operating standards and determining whether those standards are acceptable and are being met.
Establishing suitable criteria of education and experience for filling internal audit positions.
Establishing direct communication between the director of internal auditing and the board of directors.
Accumulating sufficient evidence so that the auditor can give absolute assurance that irregularities do not exist.
Evaluating established operating standards and determining whether those standards are acceptable and are being met.
Bank tellers might use authorized teller terminals to conceal overdrafts in their personal checking accounts by transferring funds to and from customers? accounts. Theÿbestÿcontrol to detect the tellers? unauthorized actions is requiring:
Overnight balancing of all accounts by the online teller system.
Supervisor-only authorization for transfers between the bank?s customers.
Annual vacations for employees with access to teller functions.
Periodic examination of accounts of employees with access to teller functions.
Periodic examination of accounts of employees with access to teller functions.
To better monitor the performance of operating management, executive management has requested that the internal auditors examine interim financial statements, which are prepared for internal use only. Although interim financial statements have been prepared for several years, this will be the first time that the internal auditors have been involved. The primary reason for this request was that executive management was surprised at the lower-than-anticipated net income eventually reflected in last year?s audited financial statements. Earnings had been artificially manipulated on quarterly financial statements. In their work on this year?s interim financial statements, internal auditors are likely to focus on which of the following?
Whether there have been changes in accounting principles that materially affect the financial statements.
Whether payables have been accrued properly at the end of the interim period.
Whether accounting estimates are reasonable, given past actual results.
The timing of revenue recognition and the valuation of inventories.
The timing of revenue recognition and the valuation of inventories.
Which of the following procedures would beÿmostÿvaluable in an audit of traffic department operations in a large manufacturing company?
Trace selected items from the weekly demurrage (car detention charge) report to supporting documentation.
Obtain written confirmation from the regulatory agencies that all carriers used are properly licensed and bonded.
Verify that all bills of lading are prenumbered.
Review procedures for selection of routes and carriers.
Review procedures for selection of routes and carriers.
Performance auditing has been described as ?evaluating management?s performance against a set of accepted objectives and goals.? Performance audits generally focus on efficiency and effectiveness, with emphasis on effectiveness. Theÿbestÿexample of a performance audit would be an evaluation of:
The staffing level of a committee established to monitor production planning.
The success of a government agency?s objective of improving elevator safety.
How well workers conform to established operating procedures on an assembly line.
The cost of implementing a major change intended to make the cost accounting system more responsive to user needs.
The success of a government agency?s objective of improving elevator safety.
During an audit, an information technology auditor found no written procedures for an application system. What should the auditor do?
Report the issue to management.
Reschedule the audit when the procedures are written.
Document the procedures and audit against them.
Cancel the audit immediately since it is hard to do an audit without documentation.
Document the procedures and audit against them.
Which of the following is theÿmostappropriate activity for an internal auditor to perform during a review of systems development activity?
Recommend specific operational procedures that will ensure that all data submitted for processing is converted to machine-readable form.
Serve on the information technology steering committee that determines what new systems are to be developed.
Review the methodology used to monitor and control the system development function.
Recommend specific automated procedures to be incorporated into new systems that will provide reasonable assurance that all data submitted to an application is converted to machine-readable form.
Review the methodology used to monitor and control the system development function.
An international nonprofit organization finances medical research. The majority of its revenue and support comes from fundraising activities, investments, and specific grants from an initial sponsoring corporation. The organization has been in operation over fifteen years and has a small internal audit department. The organization has just finished a major fundraising drive that raised $500 million for the current fiscal period.
During an examination of grants awarded, the auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization?s charter. All the grants, however, were approved and documented by the president. The chairperson of the grant authorization committee, who is also a member of the board of directors, proposes that the committee meets and retroactively approves all the grants before the audit report is issued. If the committee meets and approves the grants before the issuance of the audit report, the auditor should:
Not report the grants in question because they were approved before the issuance of the audit report.
Discuss the matter with the chairperson of the grant committee to determine the rationale for not approving the grants earlier. If they are routine grants, omit discussion in the audit report.
Include the items in the report as a breakdown of the organization?s controls. Detail the nature of each grant and investigate further for fraud.
Report the breakdown in control structure to the audit committee.
Report the breakdown in control structure to the audit committee.
The internal auditors for a large manufacturing company have been requested to conduct a review of the company?s production planning system. Production data, collected on personal computers (PCs) connected by a local area network (LAN), are used for generating automatic purchases via electronic data interchange. Purchases are made from authorized vendors based on production plans for the next month and on an authorized materials requirement plan (MRP) that identifies the parts needed per unit of production.
The auditor wants to determine if purchasing requirements have been updated for changes in production techniques. Which of the following audit procedures would beÿmostÿeffective in addressing the auditor?s objective?
Use generalized audit software to develop a report of excess inventory. Compare the inventory with current production volume.
Develop test data to input into the LAN and compare purchase orders generated from test data with purchase orders generated from production data.
Take a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate.
Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period.
Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period.
Internal auditors are often called on either to perform or to assist the external auditor in performing a due diligence review. A due diligence review is:
A review of financial statements and related disclosures in conjunction with a potential acquisition.
A review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies.
An operational audit of a division of a company to determine if divisional management is complying with laws and regulations.
A review of interim financial statements as directed by an underwriting firm.
A review of financial statements and related disclosures in conjunction with a potential acquisition.
Which of the following techniques is themostÿpractical one to detect unauthorized changes to programs?
Implement computer program access controls.
Observing activities of computer operators on a surprise basis.
Comparing production programs with independently controlled copies on a regular basis.
Reviewing source code and logic program documentation on a regular basis.
Comparing production programs with independently controlled copies on a regular basis.
Which of the following would be thebestÿprocedure to determine whether purchases were properly authorized?
Discuss authorization procedures with personnel in the controller?s and purchasing functions.
Determine whether a sample of entries in the purchase journal is supported by properly executed purchase orders.
Vouch payments for selected purchases to supporting receiving reports.
Review and evaluate a flowchart of purchasing procedures.
Determine whether a sample of entries in the purchase journal is supported by properly executed purchase orders.
An internal auditor who suspects fraud should:
Interview those who have been involved in the control of assets.
Determine that a loss has been incurred.
Recommend whatever investigation is considered necessary under the circumstances.
Identify the employees who could be implicated in the case.
Recommend whatever investigation is considered necessary under the circumstances.
Passwords for microcomputer software programs are designed to prevent: Incomplete updating of data files. Unauthorized access to the computer. Unauthorized use of the software. Inaccurate processing of data.
Unauthorized use of the software.
To determine if credit controls are inconsistently applied, preventing valid sales to creditworthy customers, the auditor should:
Analyze collection rates and credit histories.
Trace postings on the accounts receivable ledger.
Compare credit histories for those receiving credit and for those denied credit.
Confirm current accounts receivable.
Compare credit histories for those receiving credit and for those denied credit.
Several members of senior management have questioned whether the internal audit department should report to the newly established, quality audit function as part of the total quality management process within the company. The director of internal auditing has reviewed the quality standards and the programs that the quality audit manager has proposed. The director?s response to senior management should include:
Estimating departmental cost savings from eliminating the internal auditing function.
Changing the qualification requirements for new staff members to include quality audit experience.
Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
Changing the applicable standards for internal auditing within the company to provide compliance with quality audit standards.
Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
Rejection of unauthorized modifications to application systems could be accomplished through the use of: Programmed checks. Batch controls. Implementation controls. One-for-one checking.
Implementation controls.
A small city managed its own pension fund. According to the city charter, the funds could be invested in bonds, money market funds, or high-quality stocks only. The auditor has already verified the existence of the pension fund assets. The fund balance was not very large and was managed by the city treasurer. The auditor decided to estimate income from investments for the fund by multiplying the average fund balance by a weighted-average return based on the current portfolio mix. Upon doing so, the auditor found that recorded income was substantially less than was expected. The auditor?s next audit step should be to:
Prepare a more detailed estimate of income by consulting a dividend and reporting service, which lists the interest or dividends paid on specific stocks and bonds.
Ask the treasurer why that income appears to be less than expected.
Inform management and the audit committee that fraud is suspected and suggest that legal counsel be called in to complete the investigation.
Select a sample of entries to the pension fund income account and trace to the cash journal to determine if cash was received.
Prepare a more detailed estimate of income by consulting a dividend and reporting service, which lists the interest or dividends paid on specific stocks and bonds.
A multinational company has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the company?s electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the company performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the company and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the company?s fiscal year. This period was chosen so it would not interfere with processing during the VAN?s peak transaction periods. This provision was not reviewed with internal auditing. The annual audit plan approved by the board of directors specifies that a full audit would be done during the current year.
Which one of the following wouldÿnotbe included as a reason for the company to use EFT with the EDI system?
To allow the company to negotiate discounts with EDI vendors based on prompt payment.
To reduce input time and input errors.
To improve its cash management program.
To take advantage of the time lag associated with negotiable instruments.
To take advantage of the time lag associated with negotiable instruments.
The auditor was reviewing documentation that showed that a customer had recently returned three expensive products to the regional service center for warranty replacement. The documentation showed that the warranty clerk had rejected the claim and sent it to the customer?s local distributor. The claim was rejected because the serial numbers listed in the warranty claim were not found in the computer?s sales history file. Subsequently, the distributor supplied three different serial numbers, all of which were validated by the computer system, and the clerk completed the warranty claim for replacements. Which would be the best course of action for the auditor under the circumstances?
Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records.
Notify the appropriate authorities within the organization that there are sufficient indicators that a fraud has been committed.
Summarize this item along with other valid transactions in the auditor?s test of warranty transactions.
Verify with the appropriate supervisor that the warranty clerk had followed relevant procedures in the processing and disposition of this claim.
Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records.
Which of the following means would be theÿmostÿappropriate to minimize the risk of a company?s buyer purchasing from a vendor who is a relative?
Maintain an approved-vendor file for purchases.
Establish a predetermined reorder point for purchases.
Perform a risk analysis for the purchasing function.
Establish a purchasing economic order quantity.
Maintain an approved-vendor file for purchases.
A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allow is: Overpayment for partial deliveries. Delay in recording purchases. Payment to unauthorized vendors. Payment for unauthorized purchases.
Overpayment for partial deliveries.
A financial institution is overstating revenue by charging too much of each loan payment to interest income and too little to repayment of principal. Which of the following audit procedures would beleastÿeffective in detecting this error?
Use test data and submit interest payments for various loans in the test portfolio to determine if they are recorded correctly.
Use generalized audit software to take a random sample of loan payments made during the period, calculate the correct posting amounts, and trace the postings that were made to the various accounts.
Use an integrated test facility (ITF) and submit interest payments for various loans in the ITF portfolio to determine if they are recorded correctly.
Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period.
Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period.
New credit policies have been implemented in the automated entry order system to control collectability. These policies prevent entering any new sales order that would cause customers? accounts receivable balance to exceed average sales for any two-month period in the prior 12-month period. Divisional sales management has compiled over a dozen examples that show decreased sales and delayed order entry. Division management contends these examples are a direct result of the new credit policy constraints. Sales management?s data and information provide:
A statistically valid conclusion about the impact on customer goodwill concerning the credit policy.
Evidence that the new credit policy is not meeting the stated corporate objective to control the collectability of new sales volume.
Feedback control data on the new corporate credit policy.
Irrelevant argumentative information.
Feedback control data on the new corporate credit policy.
Which account balance isÿmostÿlikely to be misstated if an aging of accounts receivable is not performed? Sales returns and allowances. Allowance for bad debts. Accounts receivable. Sales revenue.
Allowance for bad debts.
An internal auditor is conducting interviews of three employees who had access to a valuable asset that has disappeared. In conducting the interviews, the internal auditor should:
Conduct the interviews in a group.
Allow a suspect to return to work after the interview so as not to arouse suspicions.
Respond to noncooperation by threatening adverse consequences of such behavior.
Not indicate that management will forgo prosecution if restitution is made.
Not indicate that management will forgo prosecution if restitution is made.
Which of the following environmental control risks is more likely in a stand-alone microcomputer environment than in a mainframe environment?
I. Copyright violations due to the use of unauthorized copies of purchased software
II. Unauthorized access to data
III. Lack of data availability due to inadequate data retention policies
IV. I, II, and III
IV.
III.
I.
II.
IV.
A company controller is concerned that parts may be stolen because there is no formal receiving function (i.e., receiving slips are not filled out). Production raw materials are moved from rail cars directly to the production line, and vendors are paid based on actual production. Which of the following comments correctly portrays the current process?
I. Goods can be paid for only if they have been used in production. Stolen goods or goods not shipped will not be paid for.
II. There is less handling of goods received, thereby decreasing the cost associated with processing goods received as well as decreasing the opportunities for errors to enter the system.
III. Shortages of materials in the system will be brought to a supervisor?s attention because of production shutdowns.
Iv. I, II, and III
II only.
IV.
III only.
I only.
IV.
Management of a manufacturing company has requested the internal auditing department perform an audit of the cash management system to evaluate the adequacy of existing internal controls over cash management and identify opportunities to increase management control and operating efficiency. The company has four manufacturing divisions located in diverse geographic areas. The company has delegated day-to-day cash management to each local operating division. Excess cash is invested in short-term cash management programs of local financial institutions. These short-term investments are the only source of interest income for the operating divisions. Each division has a line of credit with a local financial institution but must arrange long-term financing needs through corporate headquarters.
In performing a review of cash management procedures in the divisions during the preliminary audit planning, the internal auditor has noted that management is concerned that:
Some divisions have excess cash balances and might not be investing short-term balances in a manner to maximize returns to the company.
One division has automated the processing of cash receipts, but has not implemented proper control procedures to ensure that all cash will be recorded.
The divisions? cash management procedures may not be consistent with overall corporate objectives (i.e., there may not be proper coordination between corporate headquarters and divisions regarding cash management).
To address management?s concern that a division might not be adequately investing short-term funds, management has developed a model that estimates minimum daily cash balances for each division. To determine whether a specific division is failing to maximize its invested cash, management should implement a control procedure that compares:
Interest income per division with industry averages for similar companies.
Daily cash receipts and interest income across divisions to identify any division with a variance of 5% or more.
Interest income for each division with the other three divisions.
Total daily cash balances at each division and interest income for a period with projected interest income based on its model of minimum cash balances.
Total daily cash balances at each division and interest income for a period with projected interest income based on its model of minimum cash balances.
Two major retail companies, both publicly traded and operating in the same geographic area, have recently merged. Both companies are approximately the same size and have audit departments. Company B has invested heavily in information technology and has electronic data interchange (EDI) connections with its major vendors.
The audit committee has asked the internal auditors from both companies to analyze risk areas that should be addressed after the merger. The director of internal auditing of Company B has suggested that the two audit groups have a planning meeting to share audit programs, scope of audit coverage, and copies of audit reports that were delivered to their audit committees. Management has also suggested that the auditors review the compatibility of the companies? two computer systems and control philosophy for individual store operations.
The audit director for Company B decides to review selected store compliance audit reports issued by the internal audit department of Company A. Upon reviewing the reports, the director comments that most items included in the report are inappropriate because they are very minor and cannot be considered material. The director states that the management of Company B would not tolerate such reports. Which of the following assertions by the audit director of Company A is (are) valid?
I. These are the kinds of reports we have provided since the company has been in operation, and they have served our company well.
II. The reports are consistent with management?s control philosophy and are an integral part of the overall control environment.
III. Materiality is in the eyes of the beholder. Any deviation is considered material by my management.
I only.
III only.
II and III.
II only.
II only.
A retail organization has just implemented electronic data interchange (EDI) to issue purchase orders to major vendors. The client has developed a database of approved vendors. New vendors can be added only after a thorough review by the purchasing manager and marketing director. Only purchasing agents can issue purchase orders, and the amount of purchase orders for a particular product line cannot exceed a budgeted amount specified by the marketing manager.
All purchases go to the distribution center, where they are electronically scanned into the computer system. All incoming items must reference a company purchase order, and any items that do not contain such a reference will not be accepted. Prenumbered receiving slips are not used, but all receipts are referenced to the purchase order. Price tags are generated per the purchase order and for the quantities indicated by the electronically scanned-in receiving report. The number of price tags generated is reconciled with the number of products received.
The vendor sends an invoice to the retailer. The invoices are keypunched and entered into the system. The computer software is programmed to match the vendor invoice, the purchase order, and the receiving report. If the three items are matched within a tolerance of 0.5%, the computer program schedules the items for payment at a time to take advantage of purchase discounts. A check is generated by the cash disbursements program and is electronically signed and mailed. If there is a discrepancy among the three documents, a report is printed and sent to the accounts payable department for investigation.
Which of the following items would be considered a control deficiency in the receiving function?
I. The number of price tags generated is determined by the receiving reports electronically scanned in during the receiving function.
II. Prenumbered receiving documents are not used.
III. There is no inspection of goods for quality.
IV. I, II, and III
I.
I, II, and III.
III.
II.
III.
In an organization that has a separate division that is primarily responsible for fraud deterrence, the internal auditing department is responsible for:
Controlling that division?s fraud deterrence activities.
Planning that division?s fraud deterrence activities.
Examining and evaluating the adequacy and effectiveness of that division?s actions taken to deter fraud.
Establishing and maintaining that division?s system of internal controls.
Examining and evaluating the adequacy and effectiveness of that division?s actions taken to deter fraud.
A rental car company?s fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day?s material request forms and is then forwarded to the fleet manager for approval. The reconciliation of the summary report to the day?s material request forms by the parts room supervisor:
Confirms that all material request forms are entered for all parts issued.
Verifies that all material request forms were approved.
Provides documentation as to what material was available for a specific transaction.
Ensures the accuracy and completeness of data input.
Ensures the accuracy and completeness of data input.
A company uses a local area network (LAN) with one client server. The auditor wishes to determine whether LAN users are complying with company policies related to the documentation of applications developed by end users and shared by other users on the LAN. The most appropriate audit procedure would be to:
Take a random sample of end-user applications stored on the server, and examine the applications for compliance with company policies.
Send a survey to end users to test their knowledge of required application documentation.
Take a random sample of end users, and examine all applications stored on their computers for compliance with existing policies.
Send a questionnaire to end users to determine the extent to which they have developed end-user applications for the LAN.
Take a random sample of end-user applications stored on the server, and examine the applications for compliance with company policies.
A primary concern of an operational audit of the family welfare department of a governmental unit would be:
Determining that proper measures of performances are used.
Adhering to generally accepted accounting principles (GAAP).
Ensuring that persons with direct client contact have at least a bachelor?s degree.
Generating an adequate return on investment.
Determining that proper measures of performances are used.
An audit of the purchasing function disclosed that orders were placed for materials that at that time were being disposed of as surplus. What corrective action should be recommended?
Confirm all orders for replacement material with the user department.
Employ a historical reorder point system.
Have all purchase requisitions approved by the responsible purchasing agent.
Develop and distribute periodic reports of surplus stocks.
Develop and distribute periodic reports of surplus stocks.
An internal auditor is conducting an operational audit of the information system department. Which of the following factors would the auditor give theÿmostÿweight to in evaluating the effectiveness of the department?
It uses leading-edge technology.
It is given top priority in the budgeting process.
It has a large technical staff.
Its objectives and goals are consistent with the overall objectives of its organization.
Its objectives and goals are consistent with the overall objectives of its organization.
The primary objective in the operational audit of an organization?s employee benefits program is to:
Determine that company policies on providing employee benefits are followed.
Be sure that the program is competitive with programs of other area organizations.
Ascertain that the benefits provided are cost effective for the organization.
Check the adequacy and accuracy of accruals of employee benefit costs in books and records.
Ascertain that the benefits provided are cost effective for the organization.
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are issued defense contracts on a cost-plus basis. Contracts are clearly written defining acceptable costs, including developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those that had been used for years in the defense industry. The legislative auditors are being called on to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
The auditor wishes to estimate the additional cost of the added security. Which of the following procedures would be theÿbestÿfirst step in providing that evidence? Compare the total costs of computer security under the new contract with the total computer security costs:
Previously incurred.
Previously incurred, as a percentage of total cost incurred.
Of each other entity managed by this outsourcer.
Of other governmental entities of similar size.
Previously incurred.
The internal audit department can be involved with systems development continuously, at the end of specific stages, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other two types of involvement is that:
The threat of lack of audit independence can be minimized.
The cost of audit involvement can be minimized.
There are clearly defined points at which to issue audit comments.
Redesign costs can be minimized.
Redesign costs can be minimized.
Management asserted that the performance standards the auditors used to evaluate operating performance were inappropriate. Written performance standards that had been established by management were vague and had to be interpreted by the auditor. In such cases auditors may meet their due care responsibility by:
Establishing agreement with auditees as to the standards needed to measure performance.
Assuring themselves that their interpretations are reasonable.
Assuring themselves that their interpretations are in line with industry practices.
Incorporating management?s objections in the audit report.
Establishing agreement with auditees as to the standards needed to measure performance.
An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal auditing department to review the new system. The auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to:
Use generalized audit software to take a dollar-unit sample of retirement pay and determine whether each retired employee was paid correctly.
Use generalized audit software to take an attributes sample of retirement pay, and perform detailed testing to determine whether each person chosen was given the proper benefits.
Review the trend of overall retirement expense over the last ten years. If the retirement expense increased, it would indicate the need for further investigation.
Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
Maintaining a file of purchase orders in the receiving department for merchandise ordered but not yet received helps ensure that:
Goods received are not misappropriated.
Goods are properly counted when they arrive.
Only authorized shipments are accepted.
Goods are delivered to the appropriate department in a timely manner.
Only authorized shipments are accepted.
An unauthorized employee picked up a printout of salary data from the computer center after the last payroll update. Thebestÿcontrol for ensuring that only authorized employees receive sensitive printouts is logging and:
Controlled destruction of obsolete printouts.
Signed confirmation by recipients.
Enforced expiration date on sensitive printouts.
Access control over printout files on disk.
Signed confirmation by recipients.
During an audit of the accounts receivable function, the auditor found that the accounts receivable turnover rate had fallen from 7.3 to 4.3 over the last three years. What is the most likely cause of the decrease in the turnover rate?
A change from net 30 to net 25.
Greater cash sales.
A more liberal credit policy.
An increase in the discount offered for early payment.
A more liberal credit policy.
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
Management is evaluating the need for an environmental audit program. Which one of the following shouldÿnotÿbe included as an overall program objective?
Conduct site assessments at both facilities.
Ensure that management systems are adequate to minimize future environmental risks.
Verify company compliance with all environmental laws.
Evaluate waste minimization opportunities.
Conduct site assessments at both facilities.
Select the appropriate population from which to draw a sample when the audit objective is to evaluate compliance with controls designed to ensure that all shipments are billed. Cash receipts records. Prenumbered shipping documents. Prenumbered customer invoices. Customer accounts receivables.
Prenumbered shipping documents.
A significant employee fraud took place shortly after an internal audit. The internal auditor mayÿnotÿhave properly fulfilled the responsibility for the deterrence of fraud by failing to note and report that:
Policies, practices, and procedures to monitor activities and safeguard assets were less extensive in low-risk areas than in high-risk areas.
There were no written policies describing prohibited activities and the action required whenever violations are discovered.
A system of control that depended on separation of duties could be circumvented by collusion among three employees.
Divisional employees had not been properly trained to distinguish between bona fide signatures and cleverly forged ones on authorization forms.
There were no written policies describing prohibited activities and the action required whenever violations are discovered.
A perpetual inventory system uses a minimum quantity on hand to initiate purchase-ordering procedures for restocking. In reviewing the appropriateness of the minimum quantity level established by the stores department, the auditor would beÿleastlikely to consider:
Available storage space and potential obsolescence.
Stock-out costs, including lost customers.
Seasonal variations in forecasting inventory demand.
Optimal order sizes determined by the economic order quantity model.
Optimal order sizes determined by the economic order quantity model.
The internal auditing department was not involved in a major system conversion in which customer records for $100,000 of receivables were lost. Which of the following internal auditing roles would help prevent such losses in the future?
Performance of a feasibility study.
Use of an integrated test facility.
Management of the conversion process.
Involvement in all phases of the system development life cycle.
Involvement in all phases of the system development life cycle.
