Questions and Answers of Internal Auditing Assurance

If a sales transaction record was rejected during input because the customer account number entered was not listed in the customer master file, the error was most likely detected by a:a. Completeness
Visit www.webtrust.org. Read the “Overview of Trust Services” and the following paragraphs of “Principles and Criteria”:■ Introduction (paragraphs. 01–.18).■ Paragraph .19, which
The purpose of logical security controls is to:a. Restrict access to data.b. Limit access to hardware.c. Record processing results.d. Ensure complete and accurate processing of data.
What should IT governance-level controls (that is, IT policies) address?
Which of the following statements regarding an internal audit function’s continuous auditing responsibilities is/are true?I. The internal audit function is responsible for assessing the
What are the three types of IT management controls described in the chapter? Provide two examples of each type.
Which of the following is not one of the top 10 technology risks facing organizations?a. Cybersecurity.b. Use of older technology.c. IT governance.d. Mobile computing.
What are the three types of IT technical controls described in the chapter? Provide two examples of each type.
Requiring a user ID and password would be an example of what type of control?a. Detective.b. Corrective.c. Preventative.d. Reactive.
What is the difference between physical access controls and logical access controls?
Which is NOT a benefit of user-developed applications (UDAs)?a. Quick to develop and use.b. Readily available and at a low cost.c. More configurable and flexible.d. Easy to control access to.
Which of the following is true about new and emerging technologies?a. New technologies have security login controls built into them.b. New technologies take time for the users to transition and adapt
What three Performance Implementation Standards specifically address internal auditors’ assurance engagement responsibilities regarding information systems and technology?
Which of the following is the best source of IT audit guidance within the IPPF?a. Control Objectives for Information and Related Technologies (COBIT).b. GTAG.c. National Institute of Standards and
What must an internal audit function do to fulfill its IT-related responsibilities related to effectively evaluating governance, risk management, and control processes?
Which of the following best describes continuous auditing?a. Development of computer-assisted audit techniques (CAATs).b. Oversight of continuous monitoring.c. The use of continuous risk assessment,
How does IT outsourcing affect the internal audit function?
When discussing integration of IT into audit engagements, which of the following is the most desirable integration of IT into specific engagements?a. Developing and integrating testing of IT controls
Why has cloud computing been so pervasively adopted? What additional risks are introduced and what can the internal audit function do to assist in evaluating controls in the cloud?
In what ways might integrating IT auditing into assurance engagements improve audit effectiveness and efficiency?
Continuous auditing involves what three types of assessments?
What are the two types of IT-related Practice Guides included in The IIA’s International Professional Practices Framework (IPPF)?
Give some examples of how cybersecurity can best be implemented through the three lines of defense?
According to the ACFE’s Report to the Nations, what percentage of their revenues do organizations lose to fraud? Based on the 2015 World GDP, approximately how much is that in dollars?
Predication is a technical term that refers to:a. The ability of internal auditors to predict fraud successfully.b. The ability of a fraud examiner to commence an investigation if a form of evidence
According to the AICPA, by what three ways can fraudulent financial reporting be accomplished?
Which of the following is not a typical “rationalization” of a fraud perpetrator?a. It’s in the organization’s best interest.b. The company owes me because I’m underpaid.c. I want to get
The purpose of this case is to familiarize you with the Benford’s Law functionality of the ACL and CaseWare IDEA software.A. Go to the ACL site. Locate the description of “Benford command” in
According to the ACFE, what four elements characterize an act of occupational fraud?
Which of the following is not something all levels of employees should do?a. Understand their role within the internal control framework.b. Have a basic understanding of fraud and be aware of the red
What are the three elements that may be called the “root causes of fraud” (that is, they are always present, no matter the type of fraud)?
An organization that manufactures and sells computers is trying to boost sales between now and the end of the year. It decides to offer its sales representatives a bonus based on the number of units
What are the five key principles for managing fraud risk outlined in the Fraud Guide?
How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports?a. Assign a staff internal auditor to review all time
What are some examples of strong governance practices?
Which of the following is an example of misappropriation of assets?a. A small amount of petty cash is stolen.b. A journal entry is modified to improve reported financial results.c. A foreign official
What roles and responsibilities should each of the following have in a fraud risk management program?a. The board of directors.b. Management.c. Employees.d. The internal audit function.
Which of the following is not an example of a fraud prevention program element?a. Background investigations of new employees.b. Exit interviews of departing employees.c. Establishing authority limits
Which of the following types of companies would most likely need the strongest anti-fraud controls?a. A manufacturer of popular athletic shoes.b. A grocery store.c. A bank.d. An internet-based
What are the three key steps in a fraud risk assessment?
What elements should be considered while brainstorming fraud risk scenarios to ensure a comprehensive fraud risk universe is compiled?
The internal audit function’s responsibilities with respect to fraud are limited to:a. The organization’s operational and compliance activities only because financial reporting matters are the
What key points should be considered when assessing fraud risks?
From an organization’s standpoint, because internal auditors are seen to be “internal control experts,” they also are:a. Fraud risk management process owners, and hence, the first and most
What are the four possible responses to fraud risks?
According to research in personality psychology, the three “dark triad personalities” do not mention:a. Sociopaths.b. Psychopaths.c. Narcissists.d. Machiavellians.
Why must internal auditors be knowledgeable about the FCPA?
The 17 principles in the updated COSO 2013 Internal Control – Integrated Framework include one devoted specifically to addressing fraud risk:a. True.b. False.
Per the Fraud Guide, what methods can an organization employ to:a. Prevent fraud?b. Detect fraud?
The Cressey Fraud Triangle does not include, as one of its vertices:a. Pressure.b. Opportunity.c. Rationalization.d. Fraudster personality.
What steps are involved in the final stage in an effective fraud risk management program?
Which of the IIA Standards provide specific guidance to internal auditors regarding their fraud-related responsibilities?
What does “professional skepticism” mean?
How might fraud specialists, such as CFEs, assist the internal audit function in combating fraud?
What should internal auditors include in their fraud audit communications? What should they not include?
Per IIA Standards, internal audit functions must establish:a. Internal quality assurance and improvement program assessments.b. External quality assurance and improvement program assessments.c. Both
How do The IIA’s quality assurance and improvement program professional standards (Standard 1300) apply to a fully outsourced internal audit function? Specifically discuss the applicability of, and
What are the advantages of positioning the CAE on a senior management level within the organization?
What information should be included in an internal audit charter?
Discuss the various options for properly positioning an internal audit function within an organization and the related advantages and disadvantages for each identified option. What are the primary
Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for
CPI’s internal audit function uses TeamSchedule and TeamTEC (Time and Expense Capture) to efficiently manage its time and resources. TeamSchedule enables internal audit management to schedule
According to the Interpretation of Standard 2000, the CAE has four specific management responsibilities. What are they?
Who is ultimately responsible for determining that the objectives for an internal audit engagement have been met?a. The individual internal audit staff member.b. The CAE.c. The audit committee.d. The
What are the differences between organizational independence and individual objectivity?
Which of the following is the best reason for the CAE to consider the organization’s strategic plan in developing the annual internal audit plan?a. To emphasize the importance of the internal audit
Many organizations implement assurance layering strategies to mitigate the risks they face to acceptable levels. One such strategy is the Three Lines of Defense model.a. Describe the first and second
What circumstances could cause impairment of internal audit function independence or internal auditor objectivity? How should an identified impairment be handled?
The Standards requires policies and procedures to guide the internal audit staff. Which of the following statements is false with respect to this requirement?a. A small internal audit function may be
Per IIA Standards, internal audit functions are required to evaluate and contribute to the improvement of their organizations’ governance, risk management, and control processes.a. Provide several
Internal audit engagements must be performed with proficiency and due professional care. What do proficiency and due professional care mean?
What is the definition of fraud provided in the Fraud Guide?
What fraud schemes were reported to be most common in the ACFE’s 2016 Report to the Nations?a. Corruption.b. Fraudulent billing.c. Misappropriation of assets by employees.d. Inappropriately
A number of large cases of fraud have come to trial and the postmortems are completed. You have learned a lot related to identifying fraud risk, mitigating control activities, as well as promoting
The process of conducting a fraud risk assessment is similar to that of conducting an enterprise risk assessment. The three key steps are:1. Identify inherent fraud risks.2. Assess impact and
When conducting a consulting engagement to improve the efficiency and quality of a production process, the audit team is faced with a scope limitation because several months of the production data
There are multiple approaches a CAE can use to create an annual internal audit plan. How is a top-down, risk-based approach conducted?
Which of the following is not a responsibility of the CAE?a. To communicate the internal audit function’s plans and resource requirements to senior management and the board for review and
The CAE is required to present the internal audit plan to senior management and the board for approval. What specific information should be communicated to senior management and the board?
The Standards requires the CAE to share information and coordinate activities with other internal and external providers of assurance services. With regard to the independent outside auditor, which
What key elements are taken into consideration when determining how to manage resources in an internal audit function?
Organizational independence exists if the CAE reports <List A> to some other organizational level than the CEO or similar head of the organization as long as the internal audit activity
What is the difference between a flat organization structure and a hierarchical organization structure in an internal audit function and what are the advantages and disadvantages of each?
Audit committees are most likely to participate in the approval of:a. Audit staff promotions and salary increases.b. The internal audit report observations and recommendations.c. Audit work
What are the different positions within a hierarchically structured internal audit function and what are their primary responsibilities?
According to the IPPF, the independence of the internal audit activity is achieved through:a. Staffing and supervision.b. Continuing professional development and due professional care.c. Human
What are the lines of defense in the assurance layering strategy referred to as the Three Lines of Defense model?
Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence?a. Risk management consultant.b. Product development team leader.c. Ethics
What topics are discussed during coordination efforts between the internal audit function and the independent outside auditors?
According to the IPPF, internal auditors should possess which of the following skills?I. Internal auditors should understand human relations and be skilled in dealing with people.II. Internal
What are the CAE’s responsibilities when reporting to the audit committee?
Which of the following best describes an auditor’s responsibility after noting some indicators of fraud?a. Expand activities to determine whether an investigation is warranted.b. Report the
What are the CAE’s and the internal audit function’s responsibilities regarding governance?
Which of the following activities are designed to provide feedback on the effectiveness of an internal audit activity?I. Proper supervision.II. Proper training.III. Internal assessments.IV. External
What is the difference between risk mitigation and risk management?
According to The IIA, how does an internal audit function determine whether risk management processes are effective?
How does the internal audit function assist the organization in maintaining effective controls?
Why is it important for an internal audit function to have an effective quality assurance and improvement program? What aspects of an internal audit function should a quality program assessment cover?
In what ways can technology be used to increase internal audit process productivity and efficiency?
What does “professional skepticism” mean?

Showing 100 - 200 of 602