New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
internal auditing assurance
Internal Auditing Assurance & Advisory Services 4th Edition Urton L. Anderson, Michael J. Head, Sridhar Ramamoorti, Cris Riddle, Mark Salamasick, Paul J. Sobel - Solutions
How is “haphazard sampling” defined?
A Business Framework for the Governance and Management of Enterprise IT from the ISACA website (www.isaca.org).a. What does the Executive Summary say about information and IT?b. What is the purpose of COBIT® 5?c. What are the five COBIT 5 principles?d. Per COBIT 5, what is the difference between
A payroll clerk increased the hourly pay rate of a friend and shared the resulting overpayment with the friend. Which of the following controls would have best served to prevent this fraud?a. Requiring that all changes to pay records be recorded on a standard form.b. Limiting the ability to make
The tasks performed during an internal audit assurance engagement should address the following questions:I. What are the reasons for the results?II. How can performance be improved?III. What results are being achieved?The chronological order in which these questions should be addressed is:a. III,
How are internal audit assurance engagements related to senior management’s assertions regarding the organization’s system of internal controls?
When and in what ways do assurance engagement communications occur?
How are assurance engagement observations identified?
What are the steps an internal auditor takes to assess the observations identified during an assurance engagement?
What distinguishes a significant observation from an insignificant observation? What distinguishes a material observation from a significant deficiency?
What information should be included in an assurance engagement audit observation description?
Why is interim and preliminary communication important in an assurance engagement?
What is the purpose of a closing conference?
What information should be included in a well-designed final assurance engagement communication?
What is the difference between providing positive assurance versus negative assurance in an audit report?
What is the difference between final formal communications and final informal communications and when is each appropriate?
What quality characteristics should assurance engagement communications possess? What steps should internal auditors take to ensure that the communications are of high quality?
What actions regarding assurance engagement observations must the internal audit function take after the final engagement communication is disseminated?
What are the six components of modern IT described in this chapter?
The software that manages the interconnectivity of the system hardware devices is the:a. Application software.b. Utility software.c. Operating system software.d. Database management system software.
How has IT enabled opportunities? Provide two examples.
An internet firewall is designed to provide protection against:a. Computer viruses.b. Unauthorized access from outsiders.c. Lightning strikes and power surges.d. Arson.
Risk, Inherent Risk, and Fraud are defined in the textbook Glossary as follows:Risk—The possibility that an event will occur and adversely affect the achievement of objectives. Inherent Risk—The combination of internal and external risk factors in their pure, uncontrolled state, or the gross
Cybersecurity is an ever-increasing risk. In fact, leaders in the profession have identified cybersecurity as the number one technology risk, which is consistent with the findings in The IIA’s 2015 Common Body of Knowledge (CBOK) study, Navigating Technology’s Top 10 Risks: Internal Audit’s
What are the potential effects (adverse consequences) of each of the following types of IT risk?a. Development/acquisition and deployment.b. Hardware/software.c. System reliability and information integrity.d. Fraud and malicious acts.
Which of the following best illustrates the use of EDI?a. Purchasing merchandise from a company’s internet site.b. Computerized placement of a purchase order from a customer to its supplier.c. Transfer of data from a desktop computer to a database server.d. Withdrawing cash from an ATM.
Search for the white paper, “The Risk Intelligent IT Internal Auditor” on the Deloitte United States website (www.deloitte.com). Download and read the white paper.a. What characterizes a “Type 1: Drifting Along” IT internal audit group?b. What issues characterize a:1. “Type 2: Getting
What are typical causes of each of the following types of IT risk?a. Selection.b. Availability.c. Access.d. Confidentiality and privacy.
The possibility of someone maliciously shutting down an information system is most directly an element of:a. Availability risk.b. Access risk.c. Confidentiality risk.d. Deployment risk.
Change management controls are a type of IT organization and management controls, which are a subset of IT management-level (general) controls.a. What are change management controls?b. Assume that an organization’s change management controls pertaining to application software are ineffective.
How does The IIA define IT governance?
An organization’s IT governance committee has several important responsibilities. Which of the following is not normally such a responsibility?a. Aligning investments in IT with business strategies.b. Overseeing changes to IT systems.c. Monitoring IT security procedures.d. Designing IT
How is each of the following COSO enterprise risk management (ERM) components relevant to IT risk management?a. Objective setting.b. Risk assessment.c. Risk response.d. Information and communication.
If a sales transaction record was rejected during input because the customer account number entered was not listed in the customer master file, the error was most likely detected by a:a. Completeness check.b. Limit check.c. Validity check.d. Reasonableness check.
Visit www.webtrust.org. Read the “Overview of Trust Services” and the following paragraphs of “Principles and Criteria”:■ Introduction (paragraphs. 01–.18).■ Paragraph .19, which provides a description of the security principle.■ Paragraphs .21–.22, which provide a description of
The purpose of logical security controls is to:a. Restrict access to data.b. Limit access to hardware.c. Record processing results.d. Ensure complete and accurate processing of data.
What should IT governance-level controls (that is, IT policies) address?
Which of the following statements regarding an internal audit function’s continuous auditing responsibilities is/are true?I. The internal audit function is responsible for assessing the effectiveness of management’s continuous monitoring activities.II. In areas of the organization in which
What are the three types of IT management controls described in the chapter? Provide two examples of each type.
Which of the following is not one of the top 10 technology risks facing organizations?a. Cybersecurity.b. Use of older technology.c. IT governance.d. Mobile computing.
What are the three types of IT technical controls described in the chapter? Provide two examples of each type.
Requiring a user ID and password would be an example of what type of control?a. Detective.b. Corrective.c. Preventative.d. Reactive.
What is the difference between physical access controls and logical access controls?
Which is NOT a benefit of user-developed applications (UDAs)?a. Quick to develop and use.b. Readily available and at a low cost.c. More configurable and flexible.d. Easy to control access to.
Which of the following is true about new and emerging technologies?a. New technologies have security login controls built into them.b. New technologies take time for the users to transition and adapt to the new technology, so training is critical.c. New technologies always come from large
What three Performance Implementation Standards specifically address internal auditors’ assurance engagement responsibilities regarding information systems and technology?
Which of the following is the best source of IT audit guidance within the IPPF?a. Control Objectives for Information and Related Technologies (COBIT).b. GTAG.c. National Institute of Standards and Technology (NIST).d. ITIL.
What must an internal audit function do to fulfill its IT-related responsibilities related to effectively evaluating governance, risk management, and control processes?
Which of the following best describes continuous auditing?a. Development of computer-assisted audit techniques (CAATs).b. Oversight of continuous monitoring.c. The use of continuous risk assessment, continuous controls assessment, and assessment of continuous monitoring.d. The ability of internal
How does IT outsourcing affect the internal audit function?
When discussing integration of IT into audit engagements, which of the following is the most desirable integration of IT into specific engagements?a. Developing and integrating testing of IT controls into process-level audits.b. Developing and performing computer audit software steps into
Why has cloud computing been so pervasively adopted? What additional risks are introduced and what can the internal audit function do to assist in evaluating controls in the cloud?
In what ways might integrating IT auditing into assurance engagements improve audit effectiveness and efficiency?
Continuous auditing involves what three types of assessments?
What are the two types of IT-related Practice Guides included in The IIA’s International Professional Practices Framework (IPPF)?
Give some examples of how cybersecurity can best be implemented through the three lines of defense?
According to the ACFE’s Report to the Nations, what percentage of their revenues do organizations lose to fraud? Based on the 2015 World GDP, approximately how much is that in dollars?
Predication is a technical term that refers to:a. The ability of internal auditors to predict fraud successfully.b. The ability of a fraud examiner to commence an investigation if a form of evidence exists that fraud has occurred.c. The activities of fraud perpetrators in concealing their tracks so
According to the AICPA, by what three ways can fraudulent financial reporting be accomplished?
Which of the following is not a typical “rationalization” of a fraud perpetrator?a. It’s in the organization’s best interest.b. The company owes me because I’m underpaid.c. I want to get back at my boss (revenge).d. I’m smarter than the rest of them.
The purpose of this case is to familiarize you with the Benford’s Law functionality of the ACL and CaseWare IDEA software.A. Go to the ACL site. Locate the description of “Benford command” in ACL Help. Answer the following questions.1. What does the ACL Benford command do?2. What caution is
According to the ACFE, what four elements characterize an act of occupational fraud?
Which of the following is not something all levels of employees should do?a. Understand their role within the internal control framework.b. Have a basic understanding of fraud and be aware of the red flags.c. Report suspicions of incidences of fraud.d. Investigate suspicious activities that they
What are the three elements that may be called the “root causes of fraud” (that is, they are always present, no matter the type of fraud)?
An organization that manufactures and sells computers is trying to boost sales between now and the end of the year. It decides to offer its sales representatives a bonus based on the number of units they deliver to customers before the end of the year. The price of all computers is determined by
What are the five key principles for managing fraud risk outlined in the Fraud Guide?
How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports?a. Assign a staff internal auditor to review all time reports for the past six months in the supervisor’s area.b. Make a record of the accusation but do
What are some examples of strong governance practices?
Which of the following is an example of misappropriation of assets?a. A small amount of petty cash is stolen.b. A journal entry is modified to improve reported financial results.c. A foreign official is bribed by the chief operating officer (COO) to facilitate approval of a new product.d. A
What roles and responsibilities should each of the following have in a fraud risk management program?a. The board of directors.b. Management.c. Employees.d. The internal audit function.
Which of the following is not an example of a fraud prevention program element?a. Background investigations of new employees.b. Exit interviews of departing employees.c. Establishing authority limits related to purchasing commitments.d. Analyzing cash disbursements to determine whether any
Which of the following types of companies would most likely need the strongest anti-fraud controls?a. A manufacturer of popular athletic shoes.b. A grocery store.c. A bank.d. An internet-based electronics retailer.
What are the three key steps in a fraud risk assessment?
What elements should be considered while brainstorming fraud risk scenarios to ensure a comprehensive fraud risk universe is compiled?
The internal audit function’s responsibilities with respect to fraud are limited to:a. The organization’s operational and compliance activities only because financial reporting matters are the responsibility of the independent outside auditor.b. Monitoring any calls received through the
What key points should be considered when assessing fraud risks?
From an organization’s standpoint, because internal auditors are seen to be “internal control experts,” they also are:a. Fraud risk management process owners, and hence, the first and most important line of defense against fraudulent financial reporting or asset misappropriation.b. The best
What are the four possible responses to fraud risks?
According to research in personality psychology, the three “dark triad personalities” do not mention:a. Sociopaths.b. Psychopaths.c. Narcissists.d. Machiavellians.
Why must internal auditors be knowledgeable about the FCPA?
The 17 principles in the updated COSO 2013 Internal Control – Integrated Framework include one devoted specifically to addressing fraud risk:a. True.b. False.
Per the Fraud Guide, what methods can an organization employ to:a. Prevent fraud?b. Detect fraud?
The Cressey Fraud Triangle does not include, as one of its vertices:a. Pressure.b. Opportunity.c. Rationalization.d. Fraudster personality.
What steps are involved in the final stage in an effective fraud risk management program?
Which of the IIA Standards provide specific guidance to internal auditors regarding their fraud-related responsibilities?
What does “professional skepticism” mean?
How might fraud specialists, such as CFEs, assist the internal audit function in combating fraud?
What should internal auditors include in their fraud audit communications? What should they not include?
Per IIA Standards, internal audit functions must establish:a. Internal quality assurance and improvement program assessments.b. External quality assurance and improvement program assessments.c. Both internal and external quality assurance and improvement program assessments.d. Neither internal nor
How do The IIA’s quality assurance and improvement program professional standards (Standard 1300) apply to a fully outsourced internal audit function? Specifically discuss the applicability of, and compliance requirements with, the external assessment procedures (Standard 1312).
What are the advantages of positioning the CAE on a senior management level within the organization?
What information should be included in an internal audit charter?
Discuss the various options for properly positioning an internal audit function within an organization and the related advantages and disadvantages for each identified option. What are the primary factors an organization should consider when establishing an effective internal audit function? Where
Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should:a. Accept the audit
CPI’s internal audit function uses TeamSchedule and TeamTEC (Time and Expense Capture) to efficiently manage its time and resources. TeamSchedule enables internal audit management to schedule projects and assign resources to scheduled engagements. TeamTEC facilitates the recording, tracking, and
According to the Interpretation of Standard 2000, the CAE has four specific management responsibilities. What are they?
Who is ultimately responsible for determining that the objectives for an internal audit engagement have been met?a. The individual internal audit staff member.b. The CAE.c. The audit committee.d. The internal audit engagement supervisor.
What are the differences between organizational independence and individual objectivity?
Which of the following is the best reason for the CAE to consider the organization’s strategic plan in developing the annual internal audit plan?a. To emphasize the importance of the internal audit function to the organization.b. To make recommendations to improve the strategic plan.c. To ensure
Many organizations implement assurance layering strategies to mitigate the risks they face to acceptable levels. One such strategy is the Three Lines of Defense model.a. Describe the first and second lines of defense included in this model.b. Explain what distinguishes the third line of defense
What circumstances could cause impairment of internal audit function independence or internal auditor objectivity? How should an identified impairment be handled?
Showing 600 - 700
of 1134
1
2
3
4
5
6
7
8
9
10
11
12
Step by Step Answers
Get 50% OFF
Claim Now
