Year Test 2

Question 1

Interna auditors should have

Answer 1

-Excellent comm skills
-Listening skills
-Soft skills

Question 2

IA’s should report

Answer 2

-Weaknesses in systems and;
-Make recommendations for improvement

Question 3

CAE reports to…

Answer 3

…the Board

Question 4

What is the board?

Answer 4

Governing body that determines the strat and direction of the org

Question 5

Role of internal auditing in supporting the AC

Answer 5

-Annually review the mandate and charter of AC
-Draft the AC’s meeting agenda for chairmans review and assist w/ distribution
-Enquire fromAC if any training of new members or risk and control is needed

Question 6

Comm btwn AC and Internal auditing

Answer 6

-Ac should meet privately w/ CAE on regular basis to discuss sensitive matters
-CAE should review info submitted to AC for completeness and accuracy
-Ac should be kept informed n emerging trends and successful practices in internal auditing by CAE

Question 7

What factors contribute to the need of governance

Answer 7

-Corporate failures and mismanagement
-Consideration for all stakeholders
-Consideration for the investors
-Need to restore investor confidence

Question 8

What is the origin and meaning of governance

Answer 8

-Origin: Derived from Greek word “gubernare” meaning to steer
Therefore governance means to steer/direct

Question 9

Governance definition according to Sir Cadbury

Answer 9

-Governance is the way in which orgs are directed and controlled

Question 10

What does the Institute of Directors in SA in King IV report state about governance

Answer 10

Corporate governance is the exercise of ethical and effective leadership by the governing body towards the achievement of the following governance outcomes
-ethical culture
-good performance
-effective control
-legitimatacy

Question 11

Define stakeholders

Answer 11

ppl/groups that are either involved in the org, impacted by the org or have an interest in the org

Question 12

Types of stakeholders

Answer 12

-Shareholders
-Board of directors
-Management
-Assurance providers
-Employees
-Lendors
-Suppliers
-Gov’t
-Society and the local community

Question 13

What are shareholders

Answer 13

-Owners of the org and their interest is represented by the shares they hold in the org
-Many investors know get little about the internal operations and management of the org

Question 14

What is management

Answer 14

Group of ppl employed by the org and tasked w/ executing the decisions of the governing body
-Senior management = executives (CEO, CFO, COO etc)
-Some members of management may also be members if the governing body making them executive directors

Question 15

What are assurance providers

Answer 15

-They provide assurance (verification) as a service to an individual stakeholder group/org
-Assurance provers are usually independent and objective
Eg: Internal or External auditors

Question 16

What does principle 7 of King IV state

Answer 16

The governing body (BoD) should comprise of the appropriate balance of knowledge, skills, XP, diversity and independence for it to discharge its governance roles and responsibilities objectively and effectively

Question 17

Board of Directors should comprise of…

Answer 17

…majority non-executive directors
And majority of this majority should be independent non-executive directors

Question 18

How many executives should be in the BoD

Answer 18

2 (CEO and another (preferably CFO)) as it provides BoD w/ a point of interaction w/ management

Question 19

What are executive directors

Answer 19

-They form part of the day-to-day running of the org and receive a salary from the org
Eg: CEO, CFO, COO

Question 20

What are non-executive directors

Answer 20

Don’t form part of day-to-day running of the org
Eg: resigned director

Question 21

What’s an independent non-executive director

Answer 21

-someone w/ no interest or prior involvement in the org
-they aren’t a representative of a shareholder
-have no direct/indirect interest in the org
-in the past 3 financial years they have no been employed by the org or appointed as an external auditor
-they are not a family meme BER if an employee of the org
-free from business relationship

Question 22

Can the CEO be the chairperson of the BoD

Answer 22

NO!!!
Even a retired CEO cannot chair UNLESS 3 full years have passed since they left the org

Question 23

How should the audit committee be compromised of

Answer 23

• 3-5members
  -All independent non-executive directors
  -have at least 1 financial expert
  -Should meet at least 3-4times a year
  -AC performance should be evaluated regularly

Question 24

Functions of AC

Answer 24

-Oversee various reporting initiatives
-Responsible for oversight function
-Report to BoD on activities

Question 25

Function of AC w/ regard to External Auditor

Answer 25

-Assist w/ selection and discharge of EA -Approve each professional service provided by EA -Review preliminary and final and annual financial statements

Question 26

Function of AC w/ regard to Internal Auditor

Answer 26

-Approve internal audit charter -Review scope of internal audit work -Assess level of coordination btwn IAF and EAF

Question 27

When internal and external assurance providers work together it’s called…

Answer 27

Combined assurance

Question 28

What does the IAF have to consider when performing governance assessment

Answer 28

-Relationship btwn governance, risk and control -Result of other assurance providers work -Results of the other governance related engagements

Question 29

Roles of IAF in terms of governance

Answer 29

They have a dual role 1. IAF forms part of governance structure 2. IAF is responsible for performing assurance and advisory services regarding governance

Question 30

When performing governance assessments what do EA have to consider

Answer 30

1. Their focus is on information provided by management and less on auditing or assessing governance 2. Governance issues considered in certain phases 3. Consider governance structures if the integrity of the client is in question

Question 31

What is the nature of the internal audit work

Answer 31

-To audit/assess/evaluate the governance, risk management and control processes of the org

Question 32

For the CAE to understand the orgs GRMC processes, they must consider how the org...

Answer 32

-Oversees risk management and control -Promotes an ethical culture -Delivers effective performance management and accountability -Structures its management and operating functions

Question 33

According to IIA what is internal control

Answer 33

-IC is action taken by management to enhance that the likelihood that established objectives will be achieved

Question 34

According to SAICA what is internal control

Answer 34

-Methods and procedures accepted by management to help in achievement of management's goal

Question 35

According to COSO what is internal control

Answer 35

A process effected by an entity's BoD, management and other personnel to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance

Question 36

What are control objectives

Answer 36

-Operational activities -Reporting objectives -Compliance objectives

Question 37

What are the 5 elements of COSO ll

Answer 37

-Control environment -Risk assessment -Control activities -Information and communication -Monitoring

Question 38

What does COSO stand for

Answer 38

-Committee of Sponsoring Organisations

Question 38

What factors affect control environment

Answer 38

-Philosophy and style of SM -Organisational structure -Methods used for communication -HR management

Question 39

SM philosophy and style has 4 elements...

Answer 39

POLC w/ a D -Planning -Organising -Directing -Controlling

Question 40

What are control activities

Answer 40

Policies (what is XP'd) and procedures (policies in action) that management has put in place to ensure that the necessary actions are take to address risks and achieve managements objectives in the org

Question 41

Classifications of control activities

Answer 41

Preventative Detective corrective

Question 42

Types of control activities

Answer 42

-Segregation of duties -Proper authorisation of transactions and activities -Adequate documents and records -Safeguarding of assets and info -Independent reviews

Question 43

Describe segregation of duties

Answer 43

-Purpose is to reduce the opportunities for an individual to make and conceal errors while performing tasks -To achieve this, no individual should be responsible for more than one of -authorising a transaction -recording a transaction -executing a transaction/having custody of assets -Collusion is when @ least personnel members work together to avoid complying w/ an established control

Question 44

Describe adequate documents and records

Answer 44

-Source documents are any electronic/manual document that could explain/give proof of a transaction -SD's should be ...Sequentially pre-numbered to facilitate control over completeness of recording, unused or missing documents ...Prepared at the time the transaction takes place to increase the likelihood of accurately recording details ...Designed to obtain sufficient details to fulfill business and accounting needs

Question 45

What is the responsibility of management in regards to IC

Answer 45

-Design an implement control activities -Keep in mind objectives of control when designing control systems

Question 46

What is the responsibility of EA in regards to IC

Answer 46

-Focus more on financial controls and accounting systems

Question 47

What is the responsibility of IA in regards to IC

Answer 47

-Assess adequacy and test effectiveness -to achieve engagement objectives -IA's DO NOT IMPLEMENT IC

Question 48

What is the purchases and payments cycle

Answer 48

1. Determine the need for goods/services 2. Ordering of goods/services 3. Receiving of goods/services 4. Record of purchases 5. Payment and recording of credit purchases 6. Goods returned

Question 49

Describe Determining the need for goods and service

Answer 49

-First function of procurement process is to determine need for materials and to communicate this to purchasing section -OG requisition form is forwarded to purchasing dept and the copy is kept for reference purposes

Question 50

Describe process of ordering of goods and service

Answer 50

-On receipt of authorised requisition form, purchasing clerk selects a supplier from a pre-approved suppliers list -Purchases order must be authorised by head of purchasing dept based on availability of funds, supplier used and a duly authorised purchase requisition -Copies of PO's are generated and distributed as follows -->OG goes to supplier --->1x copy goes to acc dept -->1x copy goes to receiving section of warehouse -->1x copy goes to dept requesting the goods -->1x copy is filled for reference

Question 51

Describe process of receiving of goods and service

Answer 51

-The receiving dept of the warehouse is responsible for accepting and acknowledging the delivery of goods from suppliers that match valid POs -Prior to acceptance, physical inspection of quantity, quality and description of goods should be carried out -A good received note (GRN) is generated as proof distributed as follows -->OG goes to supplier -->1x copy goes to purchased dept -->1x copy goes to accounting dept --.1x copy goes used to update warehouse records

Question 52

Describe process of recording of purchase

Answer 52

-Purpose is to record purchase in financial accounting records -After receipt of goods, invoice received from supplier s matched to PO, supplier delivery note and goods received note for the following info -->quality check -->quantity -->supplier info -->dates etc -Creditors recons should be performed on regular basis by independent person to ensure that the journalsing and posting activity is performed accurately

Question 53

Describe process of payment and recording of credit purchases

Answer 53

-Extremely important as invalid payments/fictitious payments to creditors may be made -Timing of payments is important as interest may be charged on late payments -2 senior ppl should review supporting docs before payment is authorised -Independent person should reconcile the creditors control acc and creditors ledger monthly

Question 53

Name risks and controls of determining need for goods/services

Answer 53

Risk >>Incorrect/unnecessary goods ordered >>Wastage and liquidity issues Controls >>Stores/production personnel need to confirm that goods are really needed >>Goods only ordered based on authorized requisition

Question 54

Name risks and controls of ordering goods/services

Answer 54

Risk >>Invalid purchase orders for goods/serv Controls >>PO's should be recorded on pre-numbered forms >>Suppliers should be rotated and reviewed on regular basis >>Approved electronic requisitions should be converted to electronic order forms

Question 55

Name risks and controls of receiving of goods/services

Answer 55

Risk >>Quantities of goods received are incorrect >>Goods received are not in good order Control >>Receiving clerk inspects goods to establish condition >>Pre-numbered GRN's used >>Store man signs transfer note or GRN as proof of receipt

Question 56

Name risks and controls of recording of purchases

Answer 56

Risk >>Purchase transactions are not recorded >>Purchase transactions recorded incorrectly Controls >>Invoiced should be compared to PO's, debit note (DN's) and GRN's >>All GRNs received should be kept in pending file and matched to incoming invoices

Question 57

Name risks and controls of payment and recording of creditors

Answer 57

Risk >>Incorrect payments made >>Transactions recorded inaccurately Controls >>Cheque signatories should agree beneficiary and amount w/ supporting documents >>All supporting doc should be cancelled/stamped "paid" >>EFT payments approved electronically through passwords by 2 supervisor employees

Question 58

Name risks and controls of retruning goods

Answer 58

Risk >>Incorrect goods returned >>Goods that aren't damaged returned >>Inventory records incorrect Controls >>Update inventory records >>Pre numbered DN's are issued

Question 59

Name general risks and controls

Answer 59

Risk >>Collusion btwn 2+ employees >>Staff not being skilled enough Controls >>Competent personnel employed >>Segregation, rotation of duties with adequate supervision

Question 60

Exampled of fraud in terms of purchases and payments cycle

Answer 60

Tender fraud Nepotism Cronyism Purchases for personal use Fictitious suppliers paid

Question 61

What are preventative control activities

Answer 61

They prevent undesirable events before they happen

Question 62

What are detective control activities

Answer 62

They identify undesirable events when they do happen

Question 63

What are corrective control activities

Answer 63

They reverse undesirable events

Question 64

Adv + Disadv/limitations of IC

Answer 64

Adv -Achievement of goal -Builds reputation -Prevention of resource losses Diasadv/Limitations -Does not ensure success for the org -Provides reasonable assurance and not absolute assurance

Question 65

Do IC objectives change in IT environment

Answer 65

NO

Question 66

Name the 2 IT controls

Answer 66

General controls Application controls

Question 67

Describe general controls in IT env

Answer 67

-Applied to whole IT env -Controls relating to facilities and hardware -Not software specific EG: passwords, insurance, keycards etc -Have pervasive effect

Question 68

Describe application controls in IT env

Answer 68

-Relate to specific software -Built into specific system to assist in reaching set objectives -Designed to create completeness, accuracy, authorization and validity of data captured and processed Eg: Edit checks, limit test, value test

Question 69

Steps to writing a weakness

Answer 69

1. Start w/ "Inadequate..." or "Lack of..." 2. Follow w/ control act (Seg of dut, independent rev, safeguarding of assets and info...) "Lack of safegaurding of assests..." 3.Then explain using info from scenario

Question 70

When asked to identify a control...

Answer 70

-Who (control operator) -What (type of ctrl) -How (How ctrl is performed) -When (Frequency)

Question 71

When asked to recommend a control

Answer 71

...Make use of should

Question 72

When asked to identify risk

Answer 72

-Identify what could go wrong -make use of the words "could"/"may" -explain impact of risk on org

Question 73

Name the 5 elements of COSO

Answer 73

1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring