Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIA Part 1 > SU 1 - Foundation of Internal Auditing > Flashcards

SU 1 - Foundation of Internal Auditing Flashcards

1
Q

Advisory and related client service activities, the nature and scope of which are agreed with the client and which are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.

A

Consulting Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The highest level governing body (e.g board of directors, a supervisory board, or a board of governors or trustees) charged with the responsibility to direct and/or oversee the organization’s activities and hold senior management accountable.

A

Board

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy.

A

Engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A department, division, team of consultants, or other practitioner(s) that provide independent, objective assurance and consulting services designed to add value and improve an organization’s operations.

A

Internal Audit Activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The top position in an organization responsible for internal audit activities.

A

Chied Audit Executive (CAE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations; brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

A

Internal Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for an organization.

A

Assurance Engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In terms of the internal audit activity, a formal written document that defines the activity’s purpose, authority, and responsibility. It establishes the internal audit activity’s position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.

A

Charter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The conceptual framework that organizes the authoritative guidance promulgated by The IIA.

A

International Professional Practices Framework (IPPF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no significant quality compromises are made. It requires that internal auditors do not subordinate their judgment on audit matters to others.

A

Objectivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Principles relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavior expected of internal auditors.

A

Code of Ethics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The internal audit staff of Jack’s Flooring Emporium consistently struggles to demonstrate the Core Principle of “provides risk-based assurance” while performing audit engagements. Which is an example of a consequence for not demonstrating this Core Principle?

a) The internal audit activity is likely to miss emerging risks, and adding organizational value will be limited.

b) Management and the board will not have independent validation that its controls are designed properly and are working as expected to mitigate risks.

c) The internal audit activity may lose the trust placed in it, and consequently, its credibility to provide independent and objective assurance and advice.

d) Management and the board are unlikely to trust internal audit observations as being accurate and complete.

A

b) Management and the board will not have independent validation that its controls are designed properly and are working as expected to mitigate risks.

Rationale
For an internal audit activity to be considered effective, all Principles should be present and operating effectively.

Missing emerging risks, and limiting organizational value is a consequence of not demonstrating the core principle of “is insightful, proactive, and future-focused.”

Management and the board’s unlikeliness to trust internal audit observations as being accurate and complete is a consequence of not demonstrating the core principle of “is objective, and free from undue influence (independent).

Losing trust place in internal audit, and it credibility to provide independent and objective assurance and advice is a consequence of not demonstrating the core principle of “demonstrates integrity.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

During an audit of the manufacturing division of a defense contractor, the auditor comes across a scheme that looks like the company is inappropriately adding costs to a cost-plus government contract. The auditor discusses the matter with senior management, which suggests that the auditor seek an opinion from legal counsel. The auditor does so, and, upon review of the government contract, legal counsel indicates that the practice is questionable but offers the opinion that it is not technically in violation of the contract. Based on legal counsel’s decision, the auditor decides to omit any discussion of the practice in the formal audit report that goes to management and the audit committee. She does, however, informally communicate legal counsel’s decision to management. Has the auditor violated the The IIA’s Code of Ethics?

a) Yes. It is a violation because all important information, even if resolved, should be reported to the audit committee.

b) No. If a fraud is suspected, it should be resolved at the divisional level where it is taking place.

c) Yes. Internal legal counsel’s opinion is not sufficient. The auditor should have sought advice from outside legal counsel.

d) No. The auditor has followed up on the matter with appropriate personnel in the organization and has reached a conclusion that no fraud is involved.

A

d) No. The auditor has followed up on the matter with appropriate personnel in the organization and has reached a conclusion that no fraud is involved.

Rationale
Although an argument can be made that it would be common sense to bring the issue to both the audit committee and management, there is no evidence that the auditor is deliberately withholding information. Therefore, there is no violation of the Code of Ethics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The accounts payable manager for an airline requests a consulting review of the electronic submission of invoices. Three employees in the department handle this particular function. The manager feels that there is a bottleneck in the process that is caused by poor working practices on the part of the employees. The manager wants internal audit to validate this. Is this an assignment the chief audit executive should undertake?

a) No, the Standards specifically restrict the conduct of such reviews.

b) Yes, the assignment is well defined and has a clear objective.

c) Yes, this is a request that is well suited to be performed by internal audit.

d) No. This is a function of management, and the poor working practices should be reviewed by the accounts payable manager.

A

d) No. This is a function of management, and the poor working practices should be reviewed by the accounts payable manager.

Rationale
Supervision is a function of management, and the poor working practices should be reviewed by the accounts payable manager, not internal audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The purpose of The IIA’s Code of Ethics is to promote an ethical culture in the profession of internal auditing, and is necessary and appropriate for the profession of internal auditing. The Code of Ethics includes Integrity, Confidentiality, Objectivity, and Competency. Which best describes the principle of Integrity?

a) It enables internal auditors to make balanced assessments of all relevant circumstances.

b) It is characterized by respect for the value and ownership of information received during an engagement.

c) It establishes trust, and thus provides the basis for reliance on internal auditor judgment.

d) It requires internal auditors to apply the knowledge, skills, and experience while performing internal audit services.

A

c) It establishes trust, and thus provides the basis for reliance on internal auditor judgment.

Rationale
The integrity of internal auditors establishes trust, and thus provides the basis for reliance on their judgment.

The principle of Objectivity enables internal auditors to make a balanced assessment of all the relevant circumstances, and are not unduly influenced by their own interests or by others in forming judgements.

The principle of Competency requires internal auditors to apply the knowledge, skills, and experience needed in the performance of internal audit services.

The principle of Confidentiality is characterized by respect for the value and ownership of information received during an engagement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following would be an advantage of conducting environmental audits under the direction of the internal audit activity?

a) Technical expertise is more readily available.

b) Independence and authority are already in place.

c) Internal audit work products are confidential.

d) The financial aspects are de-emphasized.

A

b) Independence and authority are already in place.

Rationale
The internal audit activity normally has a broad charter and realm of responsibility and can readily assimilate the new auditing function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which statement best describes the difference between Assurance services and Consulting services?

a) Assurance services are specifically requested by the senior management and the board; whereas, consulting services are specifically requested by senior management and the process owner.

b) Assurance services involve an internal auditor’s objective assessment of evidence to provide an independent opinion or conclusion; whereas, consulting services relate to an internal auditor obtaining advice from an external source.

c) Assurance services involve an internal auditor’s objective assessment of evidence to provide an independent opinion or conclusion; whereas, consulting services are advisory in nature.

d) Assurance services guarantee that the internal auditor’s assessment is full and complete; whereas, consulting services are only advisory in nature and are performed at the specific request of an engagement client.

A

c) Assurance services involve an internal auditor’s objective assessment of evidence to provide an independent opinion or conclusion; whereas, consulting services are advisory in nature.

Rationale
Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function m process system or other subject matters.

Consulting services are advisory in nature and are generally performed at the specific request of an engagement client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An internal auditor has been assigned to audit a foreign subsidiary. The auditor is aware that the social climate of the country is such that “facilitating payments” (bribes) are often used to make things happen and are an accepted part of the society. The auditor has completed an audit of the division and has found significant weaknesses relating to important controls. The division manager offers the auditor a substantial “facilitating payment” to omit the audit findings from the audit report, with the provision that the auditor can revisit the division in six months to verify that the problem areas have been properly addressed. The auditor should

a) not accept the payment, since such acceptance would be in conflict with The IIA’s Code of Ethics.

b) accept the payment, because it has the effect of doing the greatest good for the greatest number. The auditor is better off, the division is better off, and the organization is better off because there is strong motivation to correct the deficiencies found by the auditor.

c) not accept the payment, but omit the findings as long as there is a verification visit in six months.

d) accept the offer, since it is consistent with the ethical concepts of the country in which the division is doing business.

A

a) not accept the payment, since such acceptance would be in conflict with The IIA’s Code of Ethics.

Rationale
The auditor should not accept the payment, since such acceptance would be in conflict with The IIA’s Code of Ethics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The Standards help clarify the nature of the charter by providing guidelines as to its contents. Which of the following is suggested in the Standards as part of the charter?

a) Types of revisions to the charter that are allowed without additional approval

b) Scope of internal auditing activities

c) Department’s ability to generate an internal audit plan without needing further approval

d) Length of tenure for chief audit executive

A

b) Scope of internal auditing activities

Rationale
As described in the interpretation of Standard 1000, “The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.”

It does not specify the length of tenure of any internal audit staff. Revisions to the charter require approval. The annual audit plan will still need approval even with a signed charter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

According to IIA Standard 1010 - Recognizing Mandatory Guidance in the Internal Audit Charter, the mandatory nature of which of the following must be recognized in the internal audit charter?

a) The Mission of Internal Audit.
b) Implementation Guides.
c) Practice Guides.
d) The Standards.

A

d) The Standards.

Rationale
According to IIA Standard 1010 - Recognizing Mandatory Guidance in the Internal Audit Charter, the mandatory nature of the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing must be recognized in the internal audit charter.

Implementation guides and practice guides are supplemental guidance. While the Mission of Internal Auditing is mandatory guidance, there is no requirement for recognition in the internal audit charter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following is true of consulting engagements?

a) Assurance engagements and consulting engagements are mutually exclusive; they must be kept separate and distinct.

b) The auditor engaged in consulting may gain increased knowledge of the organization’s processes while not impairing the attribute of objectivity.

c) Consulting engagements come exclusively from management; it would be inappropriate to use an assurance engagement to promote consulting work.

d) Internal auditors may perform a consulting engagement in lieu of an assurance engagement to avoid providing an opinion.

A

b) The auditor engaged in consulting may gain increased knowledge of the organization’s processes while not impairing the attribute of objectivity.

Rationale
Auditors performing consulting services may gain improved knowledge about the organization and, since this knowledge is gained during auditing activities rather than in management or operations, it should not impair objectivity.

The IIA defines consulting as “advisory and related client services activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.” Oftentimes, consulting engagements are performed at the request of management to help ensure that objectives have been established, risks have been identified, and controls have been put in place to make the operation successful. However, the results of an assurance engagement may suggest possible consulting engagements, and vice versa.

In all situations, a consulting engagement should not be conducted in an attempt to circumvent assurance engagement requirements such as the need to provide an opinion at the end of an engagement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A Code of Ethics Rule of Conduct specifies that “internal auditors be prudent in the use and protection of information acquired in the course of their duties.” To which Code of Ethics does this rule apply?

a) Confidentiality.
b) Objectivity.
c) Competency.
d) Integrity.

A

a) Confidentiality.

Rationale
The Rules of Conduct for Confidentiality state Internal auditors:
3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.
3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A chief audit executive (CAE) tours a company that was just acquired by his company. The existing auditor shows the CAE the different aspects of the plant, including maintenance, inventory, and the shipping department. The CAE notices a revenue room where the day’s cash sales are secured. The CAE asks to tour this room as well. The auditor quickly responds that no one is allowed in there, not even internal audit, due to the amount of cash kept there. The CAE should have an issue with this based on what aspect of the International Professional Practices Framework?

a) Responsibilities
b) Organization and reporting structure
c) Authority
d) Independence and objectivity

A

c) Authority

Rationale
One aspect of authority is that an internal audit activity must have appropriate, unfettered access to records, physical property, and personnel in order to perform engagements and must declare internal auditors’ accountability for safeguarding assets and confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

An internal audit charter is a formal document that defines the internal audit activity’s
a) vision, mission, and goals.
b) purpose, mission, and vision.
c) purpose, authority, and responsibility.
d) uthority, mission, and goals.

A

c) purpose, authority, and responsibility.

Rationale
Per Standard 1000, the purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which consulting activity would be appropriately performed by the internal audit function?

a) Reviewing systems of control before implementation

b) Drafting procedures for systems of control

c) Designing systems of control

d) Installing systems of control

A

a) Reviewing systems of control before implementation

Rationale
Reviewing systems, even before implementation, is an activity appropriately performed by the internal audit function, and it does not impair objectivity.

The other three options are presumed to impair either objectivity or independence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An airline company includes in the data provided to its board of directors the results of customer satisfaction surveys, its lost-and-found statistics, and information on the cleanliness of operations. This is an example of assurance related to
a) external financial reporting.
b) total quality management (TQM) surveys.
c) results of consultant work.
d) non-financial reporting.

A

d) non-financial reporting.

Rationale
Assurance over reporting can include internal and/or external financial and non-financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following would constitute a violation of The IIA’s Code of Ethics?

a) An internal auditor has been assigned to do an audit of the warehousing function six months from now. He has no expertise in this area, but he accepted the assignment anyway. He has signed up for continuing professional education courses in warehousing; the courses will be completed before his assignment begins.

b) An internal auditor is content with her career and has come to look at it as a regular 9-to-5 job. She has not engaged in continuing professional education or other activities to improve her effectiveness during the last three years. However, she feels that she is performing the same quality work she always has.

c) An internal auditor discovers a potential internal financial fraud. The books appear to have been adjusted to properly reflect the loss associated with the potential fraud. The internal auditor discusses the potential fraud with the external auditor when the external auditor reviews the workpapers detailing the incident.

d) An internal auditor has accepted an assignment to audit the electronics manufacturing division. She has recently joined the internal auditing department. However, she was senior auditor for the external audit of the electronics manufacturing division and has audited many electronics companies during the past two years.

A

b) An internal auditor is content with her career and has come to look at it as a regular 9-to-5 job. She has not engaged in continuing professional education or other activities to improve her effectiveness during the last three years. However, she feels that she is performing the same quality work she always has.

Rationale
Not engaging in continuing professional education or similar activities would be a violation of Competency Rule of Conduct 4.3, which requires auditors to continually strive for improvement in their proficiency and in the effectiveness of their audits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

In a review of travel and entertainment expenses, the internal auditor questions the business purposes of an officer’s reimbursed travel expenses. The officer promises to compensate the organization for the questioned amounts by not claiming legitimate expenses in the future. If the officer makes good on the promise, the internal auditor

a) should still include the finding in the audit report.

b) can ignore the original charging of the non-business expenses.

c) should recommend that the officer forfeit any frequent flyer miles received as part of the questionable travel.

d) should inform the tax authorities in any event

A

a) should still include the finding in the audit report.

Rationale
This applies to the integrity and objectivity principles of The IIA’s Code of Ethics. Item 2.3 of the Code requires internal auditors to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review. Item 1.2 also states that internal auditors shall observe the law and make disclosures expected by the law and the profession. The Standards require the chief audit executive to distribute audit reports to those members of the organization who can take appropriate action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Company A has a formal corporate code of ethics; company B does not. Company A’s code of ethics covers purchase agreements and relationships with vendors along with many other issues to guide individual behavior in the company. Which of the following statements can be logically inferred?

a) Company A has a lower need for controls related to purchase agreements and vendor relationships than does company B.

b) Company A exhibits a higher standard of ethical behavior than does company B.

c) The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.

d) Company A has established objective criteria by which an employee’s actions can be evaluated.

A

d) Company A has established objective criteria by which an employee’s actions can be evaluated.

Rationale
A formalized corporate code of ethics presents objective criteria by which actions can be evaluated and would thus serve as criteria against which activities could be evaluated. The existence of a corporate code of ethics, by itself, does not ensure a higher standard of ethical behavior. A code of ethics must be complemented by follow-up policies and monitoring activities to ensure compliance. Standards that would influence individual actions can occur in other places than the corporate code of ethics. The existence of a code of ethics does not remove the need for related controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Abiding by the Mission of Internal Audit, the Core Principles, the Definition of Internal Auditing, the Code of Ethics, and the Standards is mandatory for

a) internal auditors and consultants only.

b) IIA members and practicing internal auditors only.

c) IIA members, practicing internal audit professionals, and Certified Internal Auditors only.

d) Certified Internal Auditors only.

A

c) IIA members, practicing internal audit professionals, and Certified Internal Auditors only.

Rationale
IIA members, practicing internal audit professionals, and Certified Internal Auditors are required to abide by the Mission of Internal Audit, the Core Principles, the Definition of Internal Auditing, the Code of Ethics, and the Standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Participation in a standing committee would refer to what category of consulting services?
a) Formal
b) Emergency
c) Special
d) Informal

A

d) Informal

Rationale
Internal auditors may conduct consulting services as part of their normal or routine activities or in response to management requests. Informal consulting services include routine activities—such as participation in standing committees, limited-life projects, or ad hoc meetings—and routine information exchange.

32
Q

The chief audit executive (CAE) receives a request from the vice president (VP) of human resources. The VP would like the internal audit department to create a pension quality control (QC) unit to perform ongoing reviews of pension calculations made by the pension group. The CAE accepts this responsibility. He sees it as a consulting project, and consulting projects are included in the internal audit department’s charter. Should the CAE have obtained approval from senior management and the board prior to agreeing to perform this pension QC work?

a) Yes. While the CAE included consulting services in the existing audit charter, such a large project still needs individual approval.

b) Yes. The CAE should obtain approval from senior management prior to agreeing to perform any type of consulting work.

c) No. This assignment is outside the services of an internal audit department and is a function of management.

d) No. The CAE included in the existing audit charter that the department will perform consulting work.

A

c) No. This assignment is outside the services of an internal audit department and is a function of management.

Rationale
Establishing a QC function for the pension work should be denied, as it is a function of management. Part of the responsibility of the internal audit activity includes the mandate to not perform management activities.

33
Q

The standards of conduct set forth in The IIA’s Code of Ethics

a) are rules that must be obeyed in all circumstances.

b) are guidelines to assist internal auditors in dealing with auditees.

c) provide a detailed understanding of the responsibility of internal auditing.

d) provide basic principles in the practice of internal auditing.

A

d) provide basic principles in the practice of internal auditing.

Rationale
The IIA’s Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct and addresses behavioral expectations rather than specific activities.

34
Q

An internal auditor is performing an audit of asbestos abatement in the environmental area, which is prone to fraud. Which of the following is true about the Standards in relation to this specialized area?

a) The Standards provide a framework for performing and promoting a broad range of value-added internal auditing and so can be applied to this specialized area. The “interpretation” text for the Standards may likewise be applied, though it will be general rather than specific advice, but it is officially part of the standard.

b) The Standards are rules-based, and if this specialized area is technically in conformance with these rules, any loopholes that are being taken advantage of are out of scope.

c) The Standards provide a framework for performing and promoting a narrow range of value-added internal auditing. The specifics of this specialized area will likely be addressed in “interpretation” text, though this guidance is not officially part of the standard.

d) The Standards provide the specific steps to perform in this specialized area and include descriptions of the red flags to check for.

A

a) The Standards provide a framework for performing and promoting a broad range of value-added internal auditing and so can be applied to this specialized area. The “interpretation” text for the Standards may likewise be applied, though it will be general rather than specific advice, but it is officially part of the standard.

Rationale
The Standards are principles-based mandatory guidance rather than a detailed set of rules and regulations. Some Standards include interpretation text to further explain the guidance description, but this “interpretation” does not provide specific steps to perform in an audit or to identify red flags in a particular area. This italicized text should not be overlooked, as it is part of the standard.

35
Q

The International Professional Practices Framework (IPPF) includes Mandatory Guidance and Recommended Guidance. Which component of Mandatory Guidance describes the minimum requirements for internal auditor conduct and behavioral expectations?

a) The Code of Ethics.
b) The Definition of Internal Auditing.
c) The Core Principles for the Professional Practice of Internal Auditing.
d) Practice Guides.

A

a) The Code of Ethics.

Rationale
The Code of Ethics states the principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities.

Practice guides are considered as Supplemental Guidance, and address internal audits approach and methodologies.

While the Core Principles are mandatory guidance, the Core Principles articulate internal auditor effectiveness.

While the Definition of Internal Auditing is mandatory guidance, the definition is designed to add value and improve an organizations operations.

36
Q

In the internal auditing profession, the Standards refer to which of the following?

a) Criteria that dictate the minimum level of ethical actions to be taken by internal auditors

b) Criteria by which the operations of an internal audit department are evaluated and measured

c) Criteria that are applicable to most, but not all, types of internal audit departments

d) Statements intended to represent the practice of internal auditing as a rules-based system

A

b) Criteria by which the operations of an internal audit department are evaluated and measured

Rationale
The Standards are a set of principles-based, mandatory requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance, and they are internationally applicable at organizational and individual levels.

The Code of Ethics, not the Standards, describes the minimum requirements for the ethical conduct of and the behavioral expectations for internal auditors.

37
Q

In which of the following situations is the internal audit activity most likely to deliver added value to its organization?

a) Senior and line management are primarily interested in confirming the strength of existing controls.

b) The board supports its verbal commitment to governance, risk management, and control with resources and direction.

c) Historically, internal audit has refrained from forming relationships with other functional areas.

d) The chief audit executive has been with the organization less than one year but has significant knowledge of new automated auditing techniques.

A

b) The board supports its verbal commitment to governance, risk management, and control with resources and direction.

Rationale
For internal audit to add value to an organization (per Performance Standard 2000, “Managing the Internal Audit Activity”), it must go beyond assessing present controls toward identifying root causes of problems and recommending solutions and changes. This will require support from the board and senior management in the form of resources and direction. To add value, internal audit must have organizational knowledge and relationships. A new chief audit executive would be less likely to have sufficient organizational and industry knowledge.

38
Q

The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing. Which is a key component of its definition?

a) Assurance and consulting activity designed to add value and improve organizational operations.

b) Assessment procedures designed to ensure all information is available about internal control processes.

c) Measurable and understandable objectives for achieving internal audit objectives.

d) Compliance regulations that help to maintain accurate and timely financial reporting.

A

a) Assurance and consulting activity designed to add value and improve organizational operations.

Rationale
The Definition of Internal Auditing: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

The Definition of Internal Auditing states the fundamental purposes, nature, and scope of internal auditing.

The key components of this definition include: Helping the organization accomplish its goals.
Evaluating and improving the effectiveness of risk management, control, and governance processes.
Assurance and consulting activity designed to add value and improve operations.
Independence and objectivity.
A systematic and disciplined approach (specifically the engagement processes).

39
Q

An auditor with special expertise in financial statement analysis would most likely risk violating The IIA’s Code of Ethics by doing which of the following activities without consulting senior management and the chief audit executive (CAE)?

a) Providing pro bono investment guidance to a local nonprofit organization

b) Charging a fee for evaluating financial risk in a division manager’s personal portfolio

c) Teaching investment seminars for a fee at a local college

d) Founding a charitable foundation with family-owned investments and administering it

A

b) Charging a fee for evaluating financial risk in a division manager’s personal portfolio

Rationale
Performing paid services for a division manager of the organization would create a potential conflict of interest and therefore requires the consent of senior management and the CAE. Even though the internal auditor is providing a personal service that may seem unrelated to the work of the organization, the auditor’s interest in promoting the personal financial success of the executive and the executive’s interest in providing compensation for the auditor’s outside work could impair the independence of both in discharging their responsibilities in the organization.

40
Q

The senior management of an organization has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by

a) a formal consulting engagement agreement.
b) a special consulting engagement agreement.
c) an emergency consulting engagement agreement.
d) an informal consulting engagement agreement.

A

a) a formal consulting engagement agreement.

Rationale
Managerial training should be planned and continuous. It should be subject to a consulting agreement that is formal and is written to ensure that the needs and expectations of those who will be trained are recognized and satisfied.

41
Q

Assurance work is most frequently one or a combination of which services?

a) Operational, compliance, reporting, and IT

b) Operational, compliance, reporting, and fraud detection

c) Entity-level reviews, system implementations, and continuous auditing

d) Due diligence, contract reviews, and third-party provider audits

A

a) Operational, compliance, reporting, and IT

Rationale
Assurance work makes up the majority of internal audit activities and is most frequently one or a combination of operational, compliance, reporting, and IT services.

42
Q

The Mission of Internal Audit articulates what internal audit aspires to accomplish in an organization. What is the correct definition of the Mission of Internal Audit?

a) To enhance and protect organizational value by providing risk-based and objective influence, advice, and insight.

b) To enhance and protect organizational value by providing risk-based and objective assistance, advancement, and insight.

c) To enhance and protect organizational value by providing risk-based and objective assurance, advocacy, and influence.

d) To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

A

d) To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Rationale
The Mission of Internal Audit is “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” While internal audit’s assistance, insight, and possible influence can be valuable within an organization, neither are a part of the Mission of Internal Audit definition.

43
Q

An internal audit engagement can have both assurance and consulting components — often referred to as blended engagements. If assurance and consulting services are blended, the engagement must be sure to adhere to which IIA Standard with regard to roles and responsibilities?

a) IIA Standard 1210: Proficiency.

b) IIA Standard 1112: Chief Audit Executive Roles Beyond Internal Auditing.

c) IIA Standard 2300: Performing the Engagement.

d) IIA Standard 1000: Purpose, Authority, and Responsibility.

A

c) IIA Standard 2300: Performing the Engagement.

Rationale
Engagements are sometimes structured such that there are both significant assurance and insight objectives. Assurance and consulting services are not mutually exclusive, so an audit can have both assurance and consulting components, or individual components of an engagement may be specified as assurance or consulting. In either case, IIA Standard 2300: Performing the Engagement states, “internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives.” Some engagements are designed primarily to provide assurance, although they may also generate insight, as well as thorough recommendations and advice for management. Likewise, while consulting engagements are designed primarily to generate insight into an operation or process, they may provide at least limited assurance regarding the effectiveness of managing risk in that area.

In terms of which set of Implementation Standards apply to an engagement, if the primary objective is assurance, then the Assurance Implementation Standards would apply. If the primary objective is insight, the Consulting Implementation Standards would apply.

44
Q

Internal auditors should review the effectiveness and efficiency of internal controls. A chief audit executive (CAE) emphasizes to her three-person staff that, when possible in performing internal audits, they should identify potential cost savings. What characteristic of an internal audit department’s activity is the CAE emphasizing to her staff?

a) Purpose: Add value and improve an organization’s operations.

b) Responsibility: Document the objectives and scope of the engagement as well as the methodology to be used.

c) Authority: Secure necessary internal and external resources to accomplish audit activity objectives as planned.

d) Responsibility: Do not perform management activities.

A

a) Purpose: Add value and improve an organization’s operations.

Rationale
Identifying potential areas for cost savings is an example of a value-added service that internal audit can provide. For an internal audit activity to best support executive management and boards of directors in accomplishing overall organizational goals and objectives and strengthen internal controls and corporate governance, the purpose, authority, and responsibility of the internal audit activity must be understood.

45
Q

An audit committee should be designed to enhance the independence of both the internal and external audit functions and to insulate the audit functions from undue management pressures. Using these criteria, audit committees should be composed of

a) members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers.

b) only members from the relevant outside regulatory agencies.

c) a rotating subcommittee of the board of directors.

d) only external members of the board of directors or other similar oversight committees.

A

d) only external members of the board of directors or other similar oversight committees.

Rationale
Audit committees should be made up of external members of the board of directors or other similar oversight committees.

46
Q

The IIA’s Definition of Internal Auditing charges internal auditors

a) with a charter to safeguard organizational resources against losses.

b) to review business objectives and ensure that they are measurable and achievable.

c) with an involved role in the organization’s risk management and governance processes.

d) with a responsibility to guarantee that management controls are appropriate.

A

c) with an involved role in the organization’s risk management and governance processes.

Rationale
The IIA defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Delineating this working domain for internal auditors requires understanding that controls help the organization manage risk and promote effective governance.

47
Q

Organizational independence exists if the chief audit executive (CAE)

a) reports administratively to some other organizational level than the chief executive officer or a similar head of the organization, so long as the internal audit activity controls the scope and performance of the work and the reporting of results without interference.

b) reports administratively to some other organizational level than the chief executive officer or a similar head of the organization, so long as the internal audit activity approves the internal audit budget and risk-based internal audit plan without interference.

c) reports functionally to some other organizational level than the chief executive officer or a similar head of the organization, so long as the internal audit activity controls the scope and performance of the work and the reporting of results without interference.

d) reports functionally to some other organizational level than the chief executive officer or a similar head of the organization, so long as the internal audit activity approves the internal audit budget and risk-based internal audit plan without interference.

A

a) reports administratively to some other organizational level than the chief executive officer or a similar head of the organization, so long as the internal audit activity controls the scope and performance of the work and the reporting of results without interference.

Rationale
IIA Standard 1110 states that the CAE “must confirm to the board, at least annually, the organizational independence of the internal audit activity.”

Organizational independence exists if the CAE reports functionally to the board,
has direct and unrestricted access to the board,
and reports administratively to the chief executive officer or a similar head of the organization or to some other organizational level,
so long as the internal audit activity controls the scope of work, the performance of the work, and the reporting of results without interference.

48
Q

Which of the following is an example of a key indicator of independence for the Core Principle “Is objective and free from undue influence”?

a) The board/audit committee formally reviews the chief audit executive’s independence and objectivity on a periodic basis in relation to ongoing employment.

b) Functional reporting to the board is defined in the internal audit charter.

c) The chief audit executive has direct access to the board as defined in the internal audit charter.

d) The board reviews the chief audit executive’s performance and approves his or her appointment, compensation, and termination.

A

d) The board reviews the chief audit executive’s performance and approves his or her appointment, compensation, and termination.

Rationale
Key indicators demonstrate how an internal audit department is measured successful and deemed independent, for example, board review of the chief audit executive’s performance and approval of his or her appointment, compensation, and termination. The other answer choices are enablers of independence—in other words, what should be done to operationalize the principle of independence.

49
Q

Where should an internal auditor look to determine if the nature of consulting services being requested by management is appropriate?

a) Organization’s code of ethics
b) International Professional Practices Framework (IPPF)
c) Annual audit plan
d) Internal audit charter

A

d) Internal audit charter

Rationale
Implementation Standard 1000.C1 states that “the nature of consulting services must be defined in the internal audit charter.”

50
Q

The audit committee approves which of the following in order to establish and maintain the internal audit department and assure that it has sufficient authority to fulfill its duties?

a) Charter
b) Reports
c) Workpapers
d) Project assignments

A

a) Charter

Rationale
Per the IIA Model Charter, the audit committee will:

Approve the internal audit department’s charter.
Approve the risk-based internal audit plan.
Approve the internal audit department’s budget and resource plan.
Receive communications from the chief audit executive on the internal audit department’s performance relative to its plan and other matters.
Approve decisions regarding the appointment and removal of the chief audit executive.
Approve the remuneration of the chief audit executive.
Make appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations.

51
Q

An engineering firm’s management is considering the potential benefits and drawbacks of contracting out the firm’s drafting. Consistent with the Standards, the internal auditing activity could contribute in which of the following ways?

a) Writing a basic contract that would protect the organization against fraudulent work practices

b) Based on the audit activity’s expertise developed for audit interviews, creating an interview guide to use in selecting contractors

c) Assessing the effectiveness of using contractors rather than employees in meeting management’s quality objectives

d) Researching industry-wide best practices for outsourcing and determining pay rates for various types of drafting projects

A

c) Assessing the effectiveness of using contractors rather than employees in meeting management’s quality objectives

Rationale
Assessing the effectiveness of outsourcing in meeting management objectives would be an appropriate consulting engagement for the internal auditing activity. Contracts would be developed by the legal department and interview guides by human resources (though internal audit could review them to identify weaknesses). Internal audit could research best practices and make recommendations, but determining pay rates is a management function.

52
Q

In which of the following instances does the internal auditor violate The IIA’s Code of Ethics in regard to confidentiality?

a) As a witness in court, the internal auditor reveals facts discovered during a fraud investigation that implicate an organization’s vice president and family members in a fraud against the organization.

b) In the midst of an audit interview with the internal auditor, a client staff member breaks down and begins discussing personal problems, including plans to declare personal bankruptcy. No one in the staff member’s family knows about these problems and plans. The internal auditor sends an anonymous warning to the staff member’s spouse.

c) In an interim report to the audit committee, the internal auditor describes discoveries not related to the audit’s objectives that indicate a need to investigate possible criminal acts committed by someone who is a friend of an organization member but otherwise has no connection to the organization.

d) While researching a supplier’s quarterly reports, the internal auditor decides to purchase a unit of the supplier’s main product for personal use, using personal money and a home computer to do so, taking advantage of a discount available on the supplier’s website.

A

b) In the midst of an audit interview with the internal auditor, a client staff member breaks down and begins discussing personal problems, including plans to declare personal bankruptcy. No one in the staff member’s family knows about these problems and plans. The internal auditor sends an anonymous warning to the staff member’s spouse.

Rationale
The auditor may have recognized a red flag in the staff member’s situation and should have made discreet inquiries to look for any further indications of potential fraud, but the note to the spouse, while understandable, was a violation of confidentiality.

Buying a product from a supplier in an operation under audit would not compromise the auditor’s objectivity unless the auditor was given a special discount unavailable to the public (not the case here) or was shown some other type of favoritism.

Criminal acts, no matter who may have committed them, require action.

Providing information related to a legal proceeding does not violate confidentiality.

53
Q

Reviewing a process or function to determine effectiveness and efficiency to achieve organizational objectives is best categorized as

a) a Six Sigma exercise.
b) a consulting project.
c) a financial engagement.
d) an operational engagement.

A

d) an operational engagement.

Rationale
Operational engagements involve reviewing a process or function to determine effectiveness and efficiency to achieve organizational objectives.

54
Q

What do Implementation Standards provide?

a) They describe the nature of internal auditing and provide quality criteria for evaluating audit performance.

b) They provide guidance to help internal auditors interpret and apply the Code of Ethics and the Standards and promote best practices.

c) They provide separate mandatory instructions for implementing the Attribute and Performance Standards.

d) They assist internal auditors in following up on internal audit recommendations.

A

c) They provide separate mandatory instructions for implementing the Attribute and Performance Standards.

Rationale
Implementation Standards expand upon Attribute and Performance Standards. They provide separate mandatory instructions for implementing the Attribute and Performance Standards, depending on whether the engagement is to be for assurance or consulting.

55
Q

The internal audit activity should contribute to the organization’s governance by evaluating the processes through which

a) the effectiveness and efficiency of controls are evaluated.

b) ethics and values are codified in controls.

c) risk and control information is communicated.

d) activities of external and internal auditors and management are kept separate.

A

c) risk and control information is communicated.

Rationale
Part of assessing and improving governance is to evaluate the processes through which risk and control information is communicated to appropriate areas of the organization.

Ethics and values need to be promoted but cannot necessarily be codified in controls.

Another governance evaluation relates to effectively coordinating the activities of communicating information among the board, management, and internal and external auditors.

Evaluating the effectiveness and efficiency of controls is part of contributing to effective controls rather than governance.

56
Q

What type of auditing engagement is considered advisory in nature and is generally performed at the specific request of an engagement client?

a) Implementation
b) Assurance
c) Consulting
d) Attribute

A

c) Consulting

Rationale
Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. The nature and the scope of the consulting engagement are subject to agreement with the engagement client.

Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matter.

The other two answer choices are types of Standards, not types of audit engagements.

57
Q

A staff auditor is assigned to a treasury audit for the second consecutive year. The auditor confirms investment securities held by a brokerage house and realizes that several large securities were improperly used as collateral for personal loans a few years ago by the current treasurer. Last year the staff auditor mistakenly signed off on the audit steps involving the confirmations and verification of the securities without completing all of the steps. The audit manager also mistakenly signed off on the review last year. When the error is detected this year, the audit manager comments, “It was an error, but the loan has been repaid and the securities returned. We’ve corrected the control weakness, and I’m positive it won’t happen again. Pursuit of this issue will embarrass everyone involved. Leave it like it is.” Which of the following should be considered by the staff auditor when deciding whether or not to report the situation?

a) Mistake in signing off on work that was not done

b) Repayment of loans and return of the securities

c) Securities used improperly as collateral

d) Correction of the control weakness

A

c) Securities used improperly as collateral

Rationale
The securities were used improperly, and the fact that they are not now being used improperly should not prevent the internal reporting of the situation. The other items are all facts, but they are not relevant to the decision as to whether to report the improper use of the securities. An auditor may want to include the information in the report, but whether to report should not be based on this information.

58
Q

Which of the following is one of the Core Principles for the Professional Practice of Internal Auditing?

a) Maintains confidentiality

b) Promotes an ethical culture in the internal audit profession

c) Is appropriately positioned and adequately resourced

d) Develops consistency in internal audit practices

A

c) Is appropriately positioned and adequately resourced

Rationale
The Core Principles for the Professional Practice of Internal Auditing articulate internal audit effectiveness. One of the ten Core Principles states that the audit function should be “appropriately positioned and adequately resourced.”

Maintaining confidentiality and promoting an ethical culture are both part of The IIA’s Code of Ethics.

Developing consistency in internal audit practices is not a core principle, nor is it desirable, as practices will vary depending on organizational environment, culture, and level of maturity of the audit function.

59
Q

An auditor has uncovered facts that could be interpreted as indicating unlawful activity on the part of an auditee. The auditor decides not to inform senior management of these facts since he cannot prove that an irregularity occurred. However, he decides that if questions are raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action, the auditor

a) has violated the Code of Ethics, because unlawful acts should be reported to the appropriate regulatory agency to avoid potential “aiding and abetting” by the auditor.

b) has not violated the Code of Ethics or the Standards, because he is committed to answering all questions fully and truthfully.

c) has not violated the Code of Ethics or the Standards, because confidentiality takes precedence in this case.

d) has violated the Standards, because he should inform the appropriate authorities in the organization if fraud may be indicated.

A

d) has violated the Standards, because he should inform the appropriate authorities in the organization if fraud may be indicated.

Rationale
The Standards indicate that the auditor should inform the appropriate authorities in the organization if there are sufficient indicators of the commission of a fraud. The auditor should report the unlawful activities to the appropriate personnel in the organization, not to a regulatory agency.

60
Q

Adherence to the Core Principles for the Professional Practice of Internal Auditing, as a whole, best demonstrates

a) conformance with the profession’s Code of Ethics.

b) the effectiveness of the internal audit activity.

c) the maturity of the internal audit function.

d) the competencies of the chief audit executive (CAE).

A

b) the effectiveness of the internal audit activity.

Rationale
Per the IIA’s Practice Guide “Demonstrating the Core Principles for the Professional Practice of Internal Auditing,” the Core Principles, taken as a whole, characterize the effectiveness of the internal audit activity.

The value added to an organization and the competency of the CAE are attributes of adhering to the Core Principles.

The maturity of an internal audit function entails more than adherence to the Core Principles.

61
Q

During an audit, an auditor discovers that a research and development employee has been patenting new developments that are unrelated to the basic business of the company. The company does not have a specific policy addressing such patents but does have a general policy that all important new discoveries by employees are the property of the company. The employee is considered one of the most prestigious in the field. The employee’s actions have been condoned by local management as an extra incentive to keep the employee at the lab. A decision not to report the employee’s action would be

a) a violation of the reporting requirements in the Standards.

b) a violation of The IIA’s Code of Ethics.

c) justified, because divisional management is aware of the practice and it is not in violation of company policies.

d) a violation of The IIA’s Code of Ethics and the reporting requirements in the Standards.

A

d) a violation of The IIA’s Code of Ethics and the reporting requirements in the Standards.

Rationale
Failure to report the action is a violation of The IIA’s Code of Ethics, which requires the auditor to follow the Standards and to report all information that could distort reports of operations. For the same reason, it represents a violation of the Standards regarding communication of results.

62
Q

IIA Standard 1000 - Purpose, Authority, and Responsibility, requires that the purpose, authority, and responsibility of the internal audit activity be clearly defined and approved by senior management and the board. Which is a key element that characterizes internal audit’s purpose?

a) To secure the necessary internal and external resources to accomplish audit activity objectives as planned.

b) To determine if organizational governance, risk management and control processes are in place and functioning properly.

c) To document the objectives and scope of the engagement, as well as the methodology to be used.

d) To ensure that internal audit’s roles and responsibilities within the organization are documented, reviewed, and approved by senior management and the board.

A

b) To determine if organizational governance, risk management and control processes are in place and functioning properly.

Rationale
IIA Standard 1000 - Interpretation: The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the board. The purpose, authority, and responsibility must be consistent with the Mission of Internal Auditing and the mandatory elements of the IPPF. IIA Standard 1000 states no requirement to document the objectives and the scope of engagement or the methodology to be used.

Further, there is no requirement to secure internal and external resources to accomplish internal audit objectives, and while IIA Standard 1111 outlines the chief audit executive’s direct interaction with the board, and IIA Standard 1112 outlines the chief audit executive’s roles beyond internal auditing, there is no requirement that internal audit’s roles and responsibilities are documented, reviewed, and approved by senior management and the board.

63
Q

An internal auditor who was recently terminated by a company due to downsizing has found a job with another company in the same industry. Which of the following disclosures made by the internal auditor to the new organization would constitute a violation of The IIA’s Code of Ethics?

a) The auditor uses the audit risk approach that was used by his former employer in determining audit priorities in the new job.

b) The new audit department does not use probability-proportionate-to-size (PPS) sampling, and the auditor believes that it has advantages for many of the types of audits conducted by the new employer. He conducts training sessions and develops forms to implement sampling in the same manner as the previous employer.

c) The auditor discloses to the new organization’s senior management that the prior employer has significantly downsized its sales force in the northern region and so this is now a prime target for gains in market share.

d) While at the previous firm, the auditor conducted a great deal of research to identify best practices for the management of the treasury function as part of an audit for that firm. Since most of the research was done at home and during non-office hours, the auditor has retained much of it and plans to use it in conducting an audit of the treasury function at the new employer.

A

c) The auditor discloses to the new organization’s senior management that the prior employer has significantly downsized its sales force in the northern region and so this is now a prime target for gains in market share.

Rationale
Disclosing confidential operating information from a prior employer would violate The IIA’s Code of Ethics’ confidentiality principle.

Common approaches, standard auditing techniques, and industry best practices can be carried to the next employer. They do not involve confidential information.

Research could be viewed as part of the continuing education of the auditor.

64
Q

Which is a quality of the internal audit charter?

a) Defines the chief audit executive (CAE) in the organizational structure at the same level as the chief executive officer (CEO)

b) Provides a basis for evaluating the internal audit activity

c) Specifies the minimum resources needed for the internal audit activity

d) Must be approved by the board only

A

b) Provides a basis for evaluating the internal audit activity

Rationale
The internal audit charter sets a benchmark against which the internal audit activity can be measured.

The charter does not specify the minimum resources needed for an activity; the internal audit manual and the annual audit plan help in determining resource requirements.

The CAE is not at the same level as the CEO.

The charter must be approved by the board and senior management.

65
Q

In some countries, governmental units have established audit standards. For example, in the United States, the General Accounting Office has developed standards for the conduct of governmental audits, particularly those that relate to compliance with government grants. In performing governmental grant compliance audits, the auditor should

a) be guided by the more general standards that have been issued by the public accounting profession.

b) be guided only by the governmental standards.

c) be guided only by The IIA’s Standards because they are more encompassing.

d) follow both The IIA’s Standards and any additional governmental standards.

A

d) follow both The IIA’s Standards and any additional governmental standards.

Rationale
Members and Certified Internal Auditors are required to follow The IIA’s Standards. Additional governmental audit standards should also be followed on governmental grant audits.

66
Q

To promote a greater awareness of the capabilities of the internal audit activity in the various departments of the organization, the chief audit executive (CAE) has instituted several initiatives. Which of the following would be an appropriate marketing tactic and would conform to the Standards?

a) The CAE follows up each assurance audit with a memo to the audit committee, senior management, and department heads with a summary of significant findings.

b) The CAE has appointed an auditor to compile and distribute an intra-organization newsletter including testimonials from audit clients and similar positive items.

c) The CAE has promised all department heads in writing that they will be audited only once every three years.

d) The CAE has made it a policy to buy lunch, from his own funds, for each head of a department at the start of an audit, with the purpose of promoting the resources and expertise of the audit activity.

A

b) The CAE has appointed an auditor to compile and distribute an intra-organization newsletter including testimonials from audit clients and similar positive items.

Rationale
Providing a newsletter with positive responses from audit clients would be a good marketing tactic to show the internal audit activity is adding value, per Performance Standard 2000, Managing the Internal Audit Activity.

Auditing all departments at set intervals without regard to the results of an annual risk assessment is not appropriate.

Promoting the audit activity’s resources and positive accomplishments through free lunches would not be appropriate, especially in relation to government audits.

Revealing compliance audit findings through memos to the audit committee, senior management, and department heads would be likely to violate privacy rights and would publicize, inevitably, the audit consequences the potential clients fear. This is not likely to make the internal auditor’s job easier.

67
Q

DOUBLE
The Standards help clarify the nature of the charter by providing guidelines as to its contents. Which of the following is suggested in the Standards as part of the charter?

a) Types of revisions to the charter that are allowed without additional approval

b) Length of tenure for chief audit executive

c) Department’s ability to generate an internal audit plan without needing further approval

d) Scope of internal auditing activities

A

d) Scope of internal auditing activities

Rationale
As described in the interpretation of Standard 1000, “The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.”

It does not specify the length of tenure of any internal audit staff.
Revisions to the charter require approval. The annual audit plan will still need approval even with a signed charter.

68
Q

Which of the following would be permissible under The IIA’s Code of Ethics?

a) An auditor uses audit-related information in a decision to buy stock issued by the employer corporation.

b) An auditor does not report significant observations about illegal activity to the board because management has indicated that it will resolve the issue.

c) In response to a subpoena, an auditor appears in a court of law and discloses confidential audit-related information that could potentially damage the auditor’s organization.

d) After praising an employee in a recent audit engagement communication, an auditor accepts a gift from the employee.

A

c) In response to a subpoena, an auditor appears in a court of law and discloses confidential audit-related information that could potentially damage the auditor’s organization.

Rationale
Auditors must exhibit loyalty to the organization, but they must not be a party to any illegal activity. Thus, auditors must comply with legal subpoenas. The other options are prohibited by the Rules of Conduct (1.2, 2.3, and 3.2).

69
Q

DOUBLE

The IIA publishes three types of Standards to guide adherence to its International Professional Practices Framework. Which type expands guidance and provides requirements applicable to assurance and consulting engagements?

a) Assurance Standards
b) Attribute Standards
c) Performance Standards
d) Implementation Standards

A

d) Implementation Standards

Rationale
Implementation Standards expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance or consulting services.

70
Q

Which is a characteristic typical of a consulting engagement?

a) There are typically only three parties involved.

b) The scope of the audit is at the discretion of the internal auditor.

c) The internal auditor may assist in the design of corrective actions.

d) Results require mandatory reporting to a third party.

A

c) The internal auditor may assist in the design of corrective actions.

Rationale
In a consulting engagement, the internal auditor may assist in the design of corrective actions. Mandatory reporting to a third party is required in assurance engagements. Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties:

The person or group offering the advice—the internal auditor
The person or group seeking and receiving the advice—the engagement client

71
Q

Which is true with regard to the internal audit charter?

a) It defines the governance, authority, and responsibility for the internal audit activity.

b) It must be reviewed and final approved by senior management and the board before implementation.

c) It serves as guidance for internal audit’s purpose, authority, and restrictions.

d) It authorizes internal audit’s access to records, personnel, and physical properties relevant to the performance of engagements.

A

d) It authorizes internal audit’s access to records, personnel, and physical properties relevant to the performance of engagements.

Rationale
IIA Standard 1000 - Interpretation: The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.

Final approval of the internal audit charter resides with the board.

The internal audit charter does not require review and approval by senior management and the board, and while internal audit’s purpose and authority is defined in the internal audit charter, restrictions are not.

Further, according to IIA Standard 2110: Governance, internal audit must assess and make appropriate recommendations to improve an organization’s governance processes, which is not a part of the internal audit charter.

72
Q

The Core Principles for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, the Code of Ethics, and the International Standards for the Professional Practice of Internal Auditing are _____ elements of the International Professional Practices Framework (IPPF).

a) implementation
b) mandatory
c) supplemental
d) recommended

A

b) mandatory

Rationale
These are mandatory elements of the IPPF.

Recommended guidance includes Implementation Guidance and Supplemental Guidance.

Implementation Guidance is designed to help internal auditors understand how to apply and conform with the requirements of mandatory guidance.

Supplemental Guidance provides additional information, advice, and best practices for providing internal audit services. It supports the Standards by addressing topical areas and sector-specific issues in more detail than Implementation Guidance and is endorsed by The IIA through formal review and approval processes.

73
Q

A service company is currently experiencing significant downsizing and process reengineering, and a more decentralized approach has been adopted to run the business functions by empowering the business branch managers to make decisions and perform functions traditionally done at a higher level. In the past, the primary focus of successful audit activities has been the service branches and the six regional division headquarters that support the branches. These division headquarters are the primary targets for possible elimination. The support functions—such as human resources, accounting, and purchasing—will be brought into the national headquarters. Up to this point, internal auditing has reported to the chief operating officer, even though all members have a financial auditing background. Due to the significant changes, there has been some discussion as to changing this reporting relationship. What would be the best reporting relationship for internal auditing?

a) Administrative reporting to branch managers and functional reporting to the chief financial officer

b) Administrative and functional reporting to the chief executive officer

c) Administrative reporting to the chief financial officer and functional reporting to the chief executive officer

d) Administrative reporting to the chief executive officer and functional reporting to the board

A

d) Administrative reporting to the chief executive officer and functional reporting to the board

Rationale
Independence is less likely to be impaired if the internal auditing department reports to the board.

Functionally reporting to the president would impair independence, because the president is responsible for the areas to be audited.

Functionally reporting to the chief operating officer or chief financial officer may impair independence for all audits of operational areas.

74
Q

Which of the following is an example of a key indicator of competence for the Core Principle “Demonstrates competence and due professional care”?

a) Percentage of team who have earned certifications or designations

b) Preparation and execution of internal audit activity’s annual training plan linked to development needs

c) Internal audit activity structure that is defined and supported with job descriptions

d) Performance management system with key objectives for the internal audit activity that is linked to departmental objectives

A

a) Percentage of team who have earned certifications or designations

Rationale
Key indicators demonstrate how an internal audit department is measured and deemed competent, such as measuring the percentage of team members who have earned certifications or designations.

The other answer choices are enablers of competence—in other words, what should be done to operationalize the principle of competence.

75
Q

Which of the following abilities is important in marketing the internal audit function to executive management?

a) Knowing what executive management wants internal auditors to audit and when

b) Preparing audit reports in a way that consistently highlights items of importance to executive management

c) Explaining the current use of audit software to executive management

d) Knowing who the auditors serve as customers

A

d) Knowing who the auditors serve as customers

Rationale
Knowing who the auditors serve as customers is an important way to show that the internal audit function knows its audience. For example, Implementation Standard 1210.A2 states, “The chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions.”

It would be inappropriate for executive management to dictate the scope and timing of audits.

Audit reports may often need to serve the valuable function of conveying bad news or bringing up issues that management was unaware of.

Knowing about current audit software is irrelevant to executive management.

76
Q

A Code of Ethics Rule of Conduct specifies that “internal auditors shall respect and contribute to the legitimate and ethical objectives of the organization.” To which Code of Ethics does this rule apply?
a) Integrity.
b) Objectivity.
c) Competency.
d) Confidentiality.

A

a) Integrity

Rationale
The rules of conduct for Integrity state:Internal auditors:
1.1 Shall perform their work with honesty, diligence, and responsibility.
1.2 Shall observe the law and make disclosures expected the law and the profession.
1.3 Shall not knowingly be a part to any illegal activity or engage in acts that tare discreditable to the profession of internal auditing or to the organization.
1.4 Shall respect and contribute to the legitimate and ethical objectives of the organization.

CIA Part 1 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions