QB Chapter 9: Internal Audit Flashcards
The scope and objectives of the internal audit function vary widely and depend on the size
and structure of the entity and the requirements of its management.
Which two of the following functions could internal audit perform and still operate
effectively?
A Examination of financial and operating information
B Review of the company’s compliance with laws and regulations
C Authorisation of unusual transactions
D Development of internal control systems
A,B Authorising unusual transactions and developing internal control systems are part of
the accounting function in an entity. In order for the internal audit function to operate
objectively and independently, it should not be involved in these activities.
Which two of the following roles could internal audit carry out in respect of risk
management and still operate effectively?
A Monitoring the company’s overall risk strategy
B Designing an internal control system in a production department
C Testing internal controls in the purchasing department
D Implementing internal controls in the sales department
A,C Options B and D are not correct as they are too operational and would compromise
internal audit’s monitoring role.
Which three of the following roles could the internal audit function take on to help the
board in its management of the company and still operate effectively?
A Carrying out the statutory audit
B Giving expert advice on technical accounting matters
C Liaising with the external auditors
D Auditing board reports not audited by the external auditors`
B,C,D
Option A is not correct as it is the external auditors who have the legal duty to carry out
the statutory audit. It is, however, usually encouraged that there is some cooperation
between the internal and external auditors where this is possible
Internal audit helps in achieving corporate objectives.
For each of the following statements, select whether or not they are true or false.
Having an internal audit function is a requirement of the UK Corporate Governance Code.
A True
B False
Internal audit can be seen as an internal control in a company.
C True
D False
Internal auditors should not get involved in operational matters.
E True
F False
B,C,E
Having an internal audit function is not a requirement of the UK Corporate Governance
Code but the need for directors to review the need for one annually is. The other
statements are both true.
For each of the following statements, concerning internal audit, select whether they are true
or false.
Internal audit can never be independent of those on whom they are reporting, because
they are employees of the company.
A True
B False
The UK Corporate Governance Code requires all listed companies in the UK to have an
internal audit function.
C True
D False
Internal audit focuses on the efficiency and effectiveness of a company’s operations by
testing its internal controls. They do not carry out substantive testing.
E True
F False
B,D,F
All of the statements are false. Because independence is a concern, internal audit
report to the board of directors or the audit committee. The UK Corporate Governance
Code does not require listed companies to have an internal audit function per se, but
requires companies to consider the need for one annually, in order to maintain an
adequate system of internal controls. Internal audit uses both testing of internal
controls and substantive testing, as appropriate to the task in hand.
Hiltson Hotels is a global group of hotels. The parent company, Hiltson Holdings plc
employs an internal audit function which carries out audits and investigations on the
individual hotels in the group.
Which two of the following could the internal audit function carry out and still operate
effectively?
A Secondment to the accounts department of the Singapore Hiltson to cover the
maternity leave of the financial controller
B Special investigation into the profits of the New York Hiltson where the group directors
suspect a fraud may have been carried out
C Tests of the controls at the Edinburgh Hiltson as part of a routine internal audit cycle
D Identification of risks at the proposed Nairobi Hiltson, which is due to open in nine
months’ time
B,C Secondment to the financial controller role and being involved in the identification of
risks should not be carried out by the internal auditor. This is because these roles are
operational and would compromise the ability of internal audit to provide a monitoring
role. The risk assessment should be undertaken by the risk assessment committee or
whomever is responsible for risk assessment.
Internal and external auditors provide different services to companies.
For each of the following examples, select whether it is a service which would be provided
by internal auditors only, by external auditors only or by either.
Statutory audit
A Internal auditors
B External auditors
C Either
Monitoring of internal controls
D Internal auditors
E External auditors
F Either
B,D External auditors are responsible for carrying out the statutory audit. Internal auditors
are responsible for the monitoring of internal controls. External auditors, as part of their
external audit, will not monitor internal controls but must at least ascertain the controls
in place and document them. They may then choose to test them for purposes of
reliance.
Many of the procedures undertaken by the internal auditor are very similar to those
performed by the external auditor.
Which three of the following may be performed by the internal auditor if he is to operate
effectively?
A Monitoring of internal controls
B Making recommendations regarding improvements to controls
C Examining and testing financial information
D Expressing an opinion on the truth and fairness of the financial statements
A,B,C
Expressing an opinion on the truth and fairness of the financial statements is done by
the external auditor only.
Which one of the following best describes the term ‘operational audit’?
A Any audit performed by the internal auditor
B An audit of the operational processes of the organisation
C An audit performed by the operations director
D A statutory audit
B An operational audit is just one type of work carried out by the internal auditor. Other
audit work might include, for example, investigation into a suspected fraud. Therefore
the term does not apply to all internal audit work
To which two of the following parties would the internal auditor report? A Board of directors B Shareholders C Audit committee D External auditors
A,C Options B and D are incorrect as external auditors report to the shareholders and,
although internal auditors will normally provide information to the external auditors,
they do not formally report to them.
Which three of the following activities would typically be performed by both the internal
and external auditor?
A Review of compliance with laws and regulations
B Assessment of the effectiveness of internal controls
C Review of the efficiency of operations
D Carrying out tests of details on transactions and balances
A,B,D
The external auditor may identify efficiency issues during the course of the statutory
audit but audit work is not specifically planned with this objective.
The scope and objectives of the internal audit function vary widely and depend on the size
and structure of the entity and the requirements of its management.
Which three of the following functions could internal audit perform and still operate
effectively?
A Examination of financial and operational information for management
B Authorisation of transactions in excess of limits set by management
C Review of accounting systems and related controls
D Advising management on cost effective controls for systems and activities
E Routinely preparing bank reconciliations
A,C,D
Internal audit should not have operational responsibilities so should not authorise
transactions or routinely prepare bank reconciliations. SAMPLE PAPER
there are many similarities between the internal auditor and the external auditor. However,
there are some crucial differences that are important to note.
Which two of the following usually only relate to the internal auditor?
A They provide an opinion on the financial statements
B Their work is focused on the operations of the entire business
C The role can be carried out by employees of the entity
D They are appointed by the shareholders of an entity
B,C External auditors do not focus on operations, as their prime focus is providing an
opinion on the financial statements.
External auditors are appointed by the shareholders of an entity and cannot be
employees of the entity in order to maintain their objectivity and independence.
One of the emerging operational issues that internal auditors need to be involved with is
cyber security (defined as the protection of systems, networks and data in cyberspace).
Which three of the following internal audit activities are most likely to feature in relation to
an entity’s cyber security?
A Reviewing the password protocols in place for employees with access to information
systems
B Testing the operating effectiveness of an entity’s firewall and anti-virus software
C Monitoring the entity’s website for signs of unauthorised modification
D Comparing the costs and benefits of the entity’s online social media presence
A,B,C
Cyber security is all about protecting data, systems and networks – firewalls and
password protocols address this at source, while monitoring the website helps to
identify any instances of breaches from other means.
Appraising the success or otherwise of an online social media presence does operate
in the same cyber context, but is more commercial than security driven.
