Uploaded by adarabseh

Part 2 Unit 1 - Answer Key

advertisement
PART-2 UNIT 1
1. Internal auditing is an assurance and consulting activity. An example of an assurance service is
a(n)
A.
Advisory engagement.
B.
Facilitation engagement.
C.
Training engagement.
D.
Compliance engagement.
Answer (D) is correct.
According to The IIA Glossary, an assurance service is “an objective examination of evidence for the
purpose of providing an independent assessment of governance, risk management, and control
processes for the organization. Examples may include financial, performance, compliance, system
security, and due diligence engagements.”
A. An advisory engagement is a consulting service.
B. A facilitation engagement is a consulting service.
C. A training engagement is a consulting service.
2.
Which of the following potentially are subject to the internal auditors’ evaluations?
1. The human resources function.
2. The purchasing process.
3. The manufacturing and production database system.
A.
1 only.
B.
2 only.
C.
1, 2, and 3.
D.
None of the answers are correct.
Answer (C) is correct.
Internal auditing is an organizationally independent and individually objective assurance and
consulting activity that adds value and improves operations. It evaluates and contributes to the
improvement of the organization’s governance, risk management, and control processes. When
performing the assurance function, internal auditing evaluates the adequacy and effectiveness of
controls. For example, it evaluates the effectiveness and efficiency of operations and programs.
A. Items 2 and 3 are subject to internal auditor evaluation.
B. Items 1 and 3 are subject to internal auditor evaluation.
D. All of the listed items are subject to internal auditor evaluation.
3. What is the most accurate term for the procedures used by the board to oversee activities
performed to achieve organizational objectives?
A.
Governance.
B.
Control.
C.
Risk management.
D.
Monitor
Answer (A) is correct.
Governance is the “combination of processes and structures implemented by the board to inform, direct,
manage, and monitor the activities of the organization toward the achievement of its objectives” (The
IIA Glossary).
B. Control is “any action taken by management, the board, and other parties to manage risk and
increase the likelihood that established objectives and goals will be achieved. Management plans,
organizes, and directs the performance of sufficient actions to provide reasonable assurance that
objectives and goals will be achieved” (The IIA Glossary).
C. Risk management is “a process to identify, assess, manage, and control potential events or situations
to provide reasonable assurance regarding the achievement of the organization’s objectives” (The IIA
Glossary).
D. Monitoring consists of actions taken by management and others to assess the quality of internal
control performance over time. It is not currently defined in the Standards or The IIA Glossary.
4.
A basic principle of governance is
A.
Assessment of the governance process by an independent internal audit activity.
B. Holding the board, senior management, and the internal audit activity accountable for its
effectiveness.
C.
Exclusive use of external auditors to provide assurance about the governance process.
D.
Separation of the governance process from promoting an ethical culture in the organization.
Answer (A) is correct.
The internal audit activity must assess and make appropriate recommendations for improving the
governance process (Perf. Std. 2110).
B. The internal audit activity is an assessor of the governance process. It is not accountable for that
process.
C. External parties and internal auditors may provide assurance about the governance process.
D. The internal audit activity must assess and make appropriate recommendations for improving the
governance process in its promotion of appropriate ethics and values within the organization.
5. After using the same public accounting firm for several years, the board of directors retained
another public accounting firm to perform the annual financial audit in order to reduce the
annual audit fee. The new firm has now proposed a one-time engagement relating to the
cost-effectiveness of the various operations of the business. The chief audit executive has been
asked to advise management in making a decision on the proposal. An argument can be made
that the internal audit activity is better able to perform such an engagement because
A. External auditors may not possess the same depth of understanding of the organization as the
internal auditors.
B.
Internal auditors are required to be objective in performing engagements.
C. Engagement procedures used by internal auditors are different from those used by external
auditors.
D.
Internal auditors will not be vitally concerned with fraud and waste.
Answer (A) is correct.
Internal auditing evaluates and contributes to the improvement of the organization’s governance, risk
management, and control processes. Accordingly, its scope of work is far broader than that of the
external auditors.
B. Internal and external auditors are required to be objective.
C. Internal and external auditors use the same procedures.
D. Internal auditors are vitally concerned with fraud and waste.
6. A manufacturer has been expanding rapidly and is considering adding a new production line.
Employees are currently working double shifts and receiving large amounts of overtime pay.
Demand for all of the organization’s products is currently high, but management worries about
demand fluctuations with changes in the economy and technological developments by
competitors. Management is concerned with such issues as whether it is efficiently using its
resources, whether it is expanding too rapidly or not rapidly enough, whether employee morale is
decreasing, and whether future expansion should be financed internally or through debt. Of the
following management requests, which is within the normal scope of work of the internal audit
activity as stated in the Standards?
A. Perform an independent evaluation of management’s planning process as a basis for making
recommendations.
B. Talk with banks to identify financing alternatives and negotiate contract alternatives that will be
presented to management for evaluation.
C.
Analyze financing alternatives and present the alternatives to the audit committee.
D. Undertake a make-or-buy decision analysis to determine whether the organization should
subcontract for part of its manufacturing versus adding capacity. Report
the recommendation
to management for approval.
Answer (A) is correct.
Internal auditing is an organizationally independent and individually objective assurance and
consulting activity that adds value and improves operations. It evaluates and contributes to the
improvement of the organization’s governance, risk management, and control processes. Thus,
evaluating the planning process is within the broad scope of work of internal auditing.
B. Discussing financing alternatives with banks is a responsibility of management. Such an activity
also has the potential to impair the independence of the internal
audit activity.
C. Analyzing financing options is a responsibility of the finance function. Moreover, information about
the analysis should be directed to management or a finance
committee of the board. The audit
committee is concerned with oversight of internal and external auditing functions.
D. Make-or-buy decisions are a responsibility of management.
7. Control by management is the result of
A.
Planning, organizing, and directing of organizational activities.
B. Ascertaining needs, identifying alternative courses of action, setting standards for measuring
performance, and comparing outcomes with predetermined
standards.
C. Authorizing and monitoring performance and comparing actual performance with planned
performance.
D.
8.
Determining efficiency and economy of operations, including whether objectives have been met.
Controls should be designed to provide reasonable assurance that
A.
Organizational objectives will be achieved economically and efficiently.
B.
Management’s plans have not been circumvented by worker collusion.
C. The internal audit activity’s guidance and oversight of management’s performance is
accomplished economically and efficiently.
D.
Management’s planning, organizing, and directing processes are properly evaluated.
Answer (A) is correct.
A control is any action taken by management, the board, and other parties to manage risk and increase
the likelihood that established objectives will be achieved. Management plans, organizes, and directs
the performance of sufficient actions to provide reasonable assurance that objectives will be achieved
(The IIA Glossary). Thus, control by management is the result of proper planning, organizing, and
directing.
B. Collusion is an inherent limitation of internal control.
C. Representatives of the organization’s stakeholders (e.g., the board) provide oversight of risk and
control processes administered by management.
D. Internal auditors evaluate management processes to determine whether reasonable assurance exists
that objectives will be achieved.
9. The internal audit activity is responsible for implementing
1. Risk management
2. Governance
3. Control
A.
1 only.
B.
2 only.
C.
3 only.
D.
None of the answers are correct.
Answer (D) is correct.
The internal audit activity is responsible for evaluating and contributing to the improvement of
governance, risk management, and control processes. But management is responsible for implementing
those processes.
A. The internal audit activity is not responsible for implementing risk management.
B. The internal audit activity is not responsible for implementing governance.
C. The internal audit activity is not responsible for implementing controls.
10. When assessing the risk associated with an activity, an internal auditor should
A.
Determine how the risk should best be managed.
B.
Provide assurance on the management of the risk.
C.
Update the risk management process based on risk exposures.
D.
Design controls to mitigate the identified risks.
Answer (B) is correct.
The internal audit activity must evaluate and contribute to the improvement of processes using a
systematic, disciplined, and risk-based approach. Assurance service is an objective of evidence
examination to provide an independent assessment.
A. Risk management is a key responsibility of senior management and the board, not the internal
auditor.
C. Designing and updating the risk management process is a role of management.
D. The design and implementation of controls is the responsibility of management, not internal audit.
11. Which of the following items is least likely to be considered when determining the strategy
for assessing governance, risk management, and control?
A.
The maturity of the processes.
B.
The seniority of the persons responsible.
C.
The organizational culture.
D.
The members of the audit committee.
Answer (D) is correct.
The members of the audit committee, an operating committee of the board of directors, is least likely to
be considered when determining the strategy for assessing governance, risk management, and control.
These three processes are closely related. Ordinarily, the board is responsible for guiding governance
processes, and senior management is responsible for leading risk management and control processes.
The CAE typically considers (1) the maturity of these processes, (2) the seniority of the persons
responsible, and (3) the organizational culture when determining the strategy for assessing governance,
risk management, and control.
A. The maturity of the processes is one of the items that should be considered when determining the
strategy for assessing governance, risk management, and control.
B. The seniority of the persons responsible is one of the items that should be considered when
determining the strategy for assessing governance, risk management, and
control.
C. The organizational culture is one of the items that should be considered when determining the
strategy for assessing governance, risk management, and control.
12. When are governance, risk management, and control processes considered adequate?
A. When management has planned and designed them to provide reasonable assurance of achieving
the organization’s objectives efficiently and economically.
B. When management has planned and designed them to provide absolute assurance of achieving the
organization’s objectives efficiently and economically.
C. When the internal audit activity has planned and designed them to provide reasonable assurance
of achieving the organization’s objectives efficiently and
economically.
D.
When the company is profitable.
Answer (A) is correct.
Governance, risk management, and control processes are adequate if management has planned and
designed the processes to provide reasonable assurance of achieving the organization’s objectives
efficiently and economically. Reasonable assurance is provided if the most cost-effective measures are
taken in the design and implementation of controls to reduce risks and restrict expected deviations to a
tolerable level. Efficient performance accomplishes objectives in an accurate, timely, and economical
fashion while economical performance accomplishes objectives with minimal use of resources (i.e.,
cost) proportionate to the risk exposure.
B. Absolute assurance cannot be provided through governance, risk management, and control
processes.
C. The internal audit activity may consult on the design of governance, risk management, and control
processes. However, the adequacy of these processes is not
contingent on the involvement of the
internal audit activity in planning and designing such processes. Additionally, such involvement could
potentially impair the
independence of the internal audit activity.
D. A company’s profitability does not necessarily indicate that governance, risk management, and
control processes are adequate.
13. Which of the following is most essential for guiding the internal audit staff?
A.
Quality program assessments.
B.
Position descriptions.
C.
Performance appraisals.
D.
Policies and procedures.
Answer (D) is correct.
The chief audit executive must establish policies and procedures to guide the internal audit activity
(Perf. Std. 2040).
A. Quality program assessments do not provide specific daily guidance to the staff with respect to
performance standards.
B. Position descriptions do not provide specific daily guidance to the staff with respect to performance
standards.
C. Performance appraisals do not provide specific daily guidance to the staff with respect to
performance standards.
14. The key factor in the success of an internal audit activity’s human resources program is
A.
An informal program for developing and counseling staff.
B.
A compensation plan based on years of experience.
C.
A well-developed set of selection criteria.
D.
A program for recognizing the special interests of individual staff members.
Answer (C) is correct.
Internal auditors should be qualified and competent. Because the selection of a superior staff is
dependent on the ability to evaluate applicants, selection criteria must be well-developed. Appropriate
questions and forms should be prepared in advance to evaluate, among other things, the applicant’s
technical qualifications, educational background, personal appearance, ability to communicate,
maturity, persuasiveness, self-confidence, intelligence, motivation, and potential to contribute to the
organization.
A. The human resources program should be formal.
B. The quality of the human resources is more significant than compensation.
D. The quality of the human resources is more significant than special interests of the staff.
15. Written policies and procedures relative to managing the internal audit activity should
A.
Ensure compliance with its performance standards.
B.
Give consideration to its structure and the complexity of the work performed.
C.
Result in consistent job performance.
D. Prescribe the format and distribution of engagement communications and the classification of
observations.
Answer (B) is correct.
The form and content of policies and procedures are dependent upon the size and structure of the
internal audit activity and the complexity of its work (Inter. Std. 2040).
A. No written policy or procedure can ensure compliance with standards.
C. Consistent performance depends on various factors, especially adequate training and supervision.
D. The format and distribution of engagement communications and the classification of observations
may vary from engagement to engagement.
16. Which of the following items would not be an appropriate staffing issue?
A.
Selecting qualified and competent individuals.
B.
Providing a competitive selection of employee benefits.
C.
Providing continuing educational opportunities for each internal auditor.
D.
Appraising each internal auditor’s performance at least annually.
Answer (B) is correct.
Internal auditors must have the knowledge, skills, and other competencies to perform their
responsibilities. For example, they (1) might use the competency framework for self-assessment and (2)
should demonstrate proficiency by obtaining professional certifications and qualifications (IG 1210,
Proficiency). But a professional development program for internal auditors does not address employee
compensation.
A. Staffing addresses the proficiency of internal auditors individually and the internal audit activity as a
whole.
C. Internal auditors should enhance their competencies through continuing professional development
(Att. Std. 1230).
D. Regularly reviewing the performance of internal auditors provides insight regarding training
requirements and feedback to aid in their professional development (IG 1210, Proficiency).
17. In most cases, an internal audit activity should document policies and procedures to ensure
the consistency and quality of its work. The exception to this principle is directly related to
A.
Departmentation.
B.
Division of labor.
C.
Size of the internal audit activity.
D.
Authority.
Answer (C) is correct.
The form and content of policies and procedures are dependent upon the size and structure of the
internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, all internal audit
activities are not required to have a detailed policies and procedures manual.
A. Departmentation can improve communications among team members, but sufficient direct
supervision may be lacking if spans of control are large.
B. Division of labor produces highly specialized individuals, but formalized guidance is necessary for
newer employees if the internal audit activity is large.
D. Regardless of the degree of authority wielded by the chief audit executive, formal policies are
needed in a large internal audit activity.
18. Policies and procedures must be established to guide the internal audit activity. Which of
the following statements is false with respect to this requirement?
A. The form and content of written policies and procedures depend on the size of the internal audit
activity.
B.
All internal audit activities must have a detailed policies and procedures manual.
C.
Formal administrative and technical manuals may not be needed by all internal audit activities.
D. A small internal audit activity may be managed informally through close supervision and
memoranda.
Answer (B) is correct.
The form and content of policies and procedures are dependent upon the size and structure of the
internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, all internal audit
activities are not required to have a detailed policies and procedures manual.
A. The form and content of policies and procedures depend on the size of the internal audit activity.
C. Formal administrative and technical manuals may not be needed by all internal audit activities.
D. A small internal audit activity may be managed informally through close supervision and memos
19. Which of the items below most likely reflects differences between the policies of a relatively
large and a relatively small internal audit activity? The policies for the large activity should
A.
Define the scope of internal auditing.
B.
Contain the authority to carry out engagements.
C.
Be specific as to activities to be carried out.
D.
Be in considerable detail.
Answer (D) is correct.
The form and content of policies and procedures are dependent upon the size and structure of the
internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, the policies of a
relatively large internal audit activity are likely to be more detailed than those of a relatively small
internal audit activity.
A. The scope of internal auditing is covered in the charter.
B. The authority to carry out engagements is covered in the charter.
C. Whether the internal audit activity is large or small, it must have policies that specifically state its
functions.
20. The chief audit executive for a large decentralized organization has developed a manual
containing comprehensive detailed written procedures as a guide for the decentralized
engagement work groups, each of which has 20 to 30 internal auditors. The organization recently
acquired a small organization that has an internal audit activity consisting of a supervisor and
two staff personnel. Which of the following actions is the most practical in providing
administrative guidance for this new internal audit activity?
A. Select key procedures from the manual and use informal supervisory direction for other
engagement management issues.
B.
Use informal supervisory direction for engagement management issues.
C.
Use the already developed manual.
D. Adopt the administrative procedures being followed by the internal auditors of the acquired
organization.
Answer (A) is correct.
Orientation to acquaint the acquired organization’s staff with the established environment should be
through exposure to selected key procedures from the formal manual. The form and content of policies
and procedures are dependent upon the size and structure of the internal audit activity and the
complexity of its work (Inter. Std. 2040). Thus, a small internal audit activity may be managed
informally, for example, through daily close supervision and written memoranda.
B. The use of informal supervisory direction alone for new staff is inadequate.
C. Complete reliance on the existing manual would require more formal management than is necessary
for a small internal audit activity.
D. Management of the new internal auditing organization should not be inconsistent with the rest of the
organization.
21. Which of the following, though not appropriate for use with a large internal audit activity, is
an acceptable approach for managing a small internal audit activity?
A.
Preparing comprehensive policies and procedures.
B.
Writing detailed instructions and guidelines for each engagement area.
C.
Using only daily, close supervision and written memoranda.
D.
Developing technical manuals to guide performance.
Answer (C) is correct.
Formal administrative and technical audit manuals may not be needed by all internal audit entities. A
small internal audit activity may be managed informally. Its audit staff may be directed and controlled
through daily, close supervision and written memoranda. In a large internal audit activity, more formal
and comprehensive policies and procedures are essential to guide the internal audit staff in the
execution of the internal audit plan.
A. Preparing comprehensive policies and procedures is more appropriate for managing a large internal
audit activity.
B. Writing detailed instructions and guidelines for each engagement area is more appropriate for
managing a large internal audit activity.
D. Developing technical manuals to guide performance is more appropriate for managing a large
internal audit activity.
22. Any program for selecting and developing the human resources of the internal audit activity
will fail unless compensation is adequate at all levels of responsibility. Policies concerning
compensation should
A. Link internal auditors’ compensation to the pay for comparable positions in the controller’s
department.
B.
Provide for cost-of-living, longevity, and merit increases annually.
C. Be informal and as flexible as possible to allow the chief audit executive to respond to unusual
situations.
D.
Be clearly stated and based on evaluations of position requirements and individual performance.
Answer (D) is correct.
Internal auditing job descriptions are important because, among other things, they may be used to
justify adequate salaries. As part of an overall personnel management and development program, they
should be used together with periodic, formal performance appraisals as a basis for compensation
adjustments and promotions.
A. No necessary correlation exists between the work of internal auditors and of the controller’s staff.
B. Increases need not necessarily be annual.
C. Formal, well-defined policies are preferable to avoid misunderstandings.
23. Inquiring how an employment candidate handled situations in their past is an example of
which interview method?
A.
Behavioral.
B.
Stress.
C.
Structured.
D.
Unstructured.
Answer (A) is correct.
Behavioral interviews determine how candidates handled situations in their past. It is based on the
belief that past performance is generally indicative of future performance. The behavioral interview is a
widely-used interview method and may include questions that ask the candidate to describe a past
situation and how it was handled.
B. Stress interviews deliberately place candidates in a stressful situation to see how they react. For
example, the interviewer may appear distracted or contrary, the questions may be strange, or candidates
may be placed in an uncomfortable situation. The interviewer is looking for candidates who will
remain calm and keep their composure.
C. Structured interviews use a set of job-related questions with standardized answers, which are then
scored. This type of interview is more formal. Questions may focus on job knowledge, job sample
simulations, worker requirements, and hypothetical situational inquiries.
D. Unstructured interviews are informal and more conversational in nature. For example, the candidate
may be asked to talk about themselves and their hobbies. Employers may intentionally use this casual
interview style to put the candidate at ease, and the candidate may say more than they intended. In this
situation, the candidate provides the structure of the conversation and should be sure to convey his or
her skills and qualifications.
24. According to the International Professional Practices Framework, the internal audit activity
is effectively managed when
A. Policies on responsibilities of the internal audit activity are included in the organization’s
operations manual.
B.
Its individual members conform with the Code of Ethics and the Standards.
C.
Management oversees the day-to-day operations of the internal audit activity.
D.
It has the skill set and knowledge to help the organization achieve its objectives.
Answer (B) is correct.
According to the Interpretation of Standard 2000, the internal audit activity is effectively managed
when
It achieves the purpose and responsibility included in the internal audit charter.
It conforms with the Standards.
Its individual members conform with the Code of Ethics and the Standards.
It considers trends and emerging issues that could impact the organization.
The internal audit activity adds value to the organization and its stakeholders when it considers
strategies, objectives, and risks; strives to offer ways to enhance governance, risk management, and
control processes; and objectively provides relevant assurance.
A. A large, mature internal audit activity may have a formal operations manual that includes policies
and procedures. A smaller and less mature internal audit activity’s policies and procedures may reside
in separate documents or in audit management software. The organization is not required to have an
operations manual to be effectively managed by the internal audit activity.
C. Day-to-day operations of the internal audit activity are overseen by management. However,
management overseeing the day-to-day operations does not ensure that the internal audit activity is
effectively managed.
D. Internal auditors should be qualified and competent and possess a diverse set of skills to perform
their jobs effectively. However, merely having the necessary skill set and knowledge does not ensure
that the internal audit activity is effectively managed.
25. Which of the following statements is false regarding the administration of the internal audit
activity?
A.
Management oversees the day-to-day operations of the internal audit activity.
B. An internal audit manager may be assigned to monitor internal audit processes and emerging
issues.
C. The audit committee is responsible for creating the operating and financial budget for the internal
audit function.
D.
Selection criteria for hiring internal auditors should be well-developed.
Answer (C) is correct.
Budgeting is included in the administrative activities of the internal audit activity. The CAE, not the
audit committee, is responsible for creating the operating and financial budget for the internal audit
function. Generally, the CAE, audit managers, and the internal audit activity work together to develop
the budget annually. The budget is then submitted to management and the board for their review and
approval.
A. Management oversees the day-to-day operations of the internal audit activity, including some
administrative activities.
B. Administration of the internal audit activity’s policies and procedures is included in the
administrative activities of the internal audit activity. According to the Interpretation of Standard 2040,
“The form and content of the organization’s policies and procedures are dependent upon the size and
structure of the internal audit activity and the complexity of its work.”
D. Human resource administration, including personnel evaluations and compensation, are included in
the administrative activities of the internal audit activity. Additionally, internal auditors need to possess
a diverse set of skills to perform their jobs effectively. These skills are not always apparent in a
standard resume. Selection of superior staff is dependent on the ability to evaluate applicants and
selection criteria must be well-developed.
26. An audit committee should be designed to enhance the independence of both the internal
and external auditing functions and to insulate these functions from undue management
pressures. Using this criterion, audit committees should be composed of
A.
A rotating subcommittee of the board of directors or its equivalent.
B.
Only members from the relevant outside regulatory agencies.
C. Members from all important constituencies, specifically including representatives from banking,
labor, regulatory agencies, shareholders, and officers.
D.
Only external members of the board of directors or its equivalent.
Answer (D) is correct.
The audit committee of the board of directors should be composed entirely of outside directors. Outside
directors are members of the board who are independent of internal management. Because the primary
purpose of the audit committee is to promote the independence of the internal and external auditors
from management, an audit committee composed of inside directors would be ineffective.
A. The audit committee is not required to be rotated periodically.
B. Regulators ordinarily do not serve as directors.
C. Officers are not outside directors.
27. Audit committees have been identified as a major factor in promoting the independence of
both internal and external auditors. Which of the following is the most important limitation on
the effectiveness of audit committees?
A. Audit committees may be composed of independent directors. However, those directors may have
close personal and professional friendships with management.
B.
Audit committee members are compensated by the organization and thus favor an owner’s view.
C. Audit committees devote most of their efforts to external audit concerns and do not pay much
attention to the internal audit activity and the overall control
environment.
D.
Audit committee members do not normally have degrees in the accounting or auditing fields.
Answer (A) is correct.
The audit committee is a subcommittee made up of outside directors who are independent of
management. Its purpose is to help keep external and internal auditors independent of management and
to ensure that the directors are exercising due care. However, if independence is impaired by personal
and professional friendships, the effectiveness of the audit committee may be limited.
B. The compensation audit committee members receive is usually minimal. They should be
independent and therefore not limited to an owner’s perspective.
C. Although audit committees are concerned with external audits, they also devote attention to the
internal audit activity.
D. Audit committee members do not need degrees in accounting or auditing to understand engagement
communications.
28. The audit committee strengthens the control processes of an organization by
A.
Assigning the internal audit activity responsibility for interaction with governmental agencies.
B.
Using the chief audit executive as a major resource in selecting the external auditors.
C.
Following up on recommendations made by the chief audit executive.
D.
Approving internal audit activity policies.
Answer (C) is correct.
Among the audit committee’s functions are ensuring that engagement results are given due
consideration and overseeing appropriate corrective action for deficiencies noted by the internal audit
activity, which includes following up on recommendations by the CAE.
A. A direct strengthening of controls does not result from this activity.
B. A direct strengthening of controls does not result from this activity.
D. A direct strengthening of controls does not result from this activity.
29. The audit committee may serve several important purposes, some of which directly benefit
the internal audit activity. The most significant benefit provided by the audit committee to the
internal audit activity is
A.
Protecting the independence of the internal audit activity from undue management influence.
B.
Reviewing annual engagement work schedules and monitoring engagement results.
C. Approving engagement work schedules, scheduling, staffing, and meeting with the internal
auditors as needed.
D. Reviewing copies of the procedures manuals for selected organizational operations and meeting
with organizational officials to discuss them.
Answer (A) is correct.
The audit committee is a subcommittee of the board of directors composed of outside directors who are
independent of corporate management. Its purpose is to help keep external and internal auditors
independent of management and to ensure that the directors are exercising due care. This committee
often selects the external auditors, reviews their overall audit plan, and examines the results of external
and internal audits.
B. Reviewing the audit plan and the results can be performed by the entire board.
C. Reviewing the audit plan and staffing requirements can be performed by the entire board.
D. Reviewing procedures manuals can be performed by the entire board.
30. To avoid creating conflict between the chief executive officer (CEO) and the audit
committee, the chief audit executive (CAE) should
A.
Submit copies of all engagement communications to the CEO and audit committee.
B.
Strengthen independence through organizational status.
C.
Discuss all pending engagement communications to the CEO with the audit committee.
D. Request board establishment of policies covering the internal audit activity’s relationships with
the audit committee.
Answer (D) is correct.
Independence is not sufficient to prevent conflict unless reporting relationships are well defined.
A. The CEO and audit committee most likely should receive summary reports. Senior management and
the board ordinarily are not involved in the details of internal audit
work.
B. Independence is not sufficient to prevent conflict unless reporting relationships are well defined.
C. The CEO and audit committee most likely should receive summary reports. Senior management and
the board ordinarily are not involved in the details of internal audit
work.
31. Which of the following actions is an appropriate response by organizations wishing to
improve the public’s perception of their financial reporting?
A.
Increased adoption of audit committees composed of outside directors.
B.
Viewing internal auditing as a transient profession—a stepping stone to managerial positions.
C. Requiring internal auditors to report all significant observations of illegal activity to the chief
executive officer.
D.
Keeping external and internal auditing work separated to maintain independence.
Answer (A) is correct.
The audit committee consists of outside directors who are independent of management. Its purpose is
to help keep external and internal auditors independent of management and to assure that the directors
are exercising due care. This committee (1) selects the external auditors; (2) reviews their overall audit
plan; (3) examines the results of external and internal auditing engagements; (4) meets regularly with
the CAE; and (5) reviews the internal audit activity’s engagement work schedule, staffing plan, and
financial budget. These functions should increase public confidence that financial statements are fairly
presented.
B. Transience of internal auditors impairs the proficiency of the internal audit activity.
c. If illegal activities involve senior management, distribution of engagement communications should
be to the audit committee, not the CEO.
D. The work of the internal and external auditors should be coordinated to minimize duplicate efforts.
Coordination does not impair independence or reduce public
confidence.
32. Which of the following is not an appropriate member of an audit committee?
A.
The vice president of the local bank used by the organization.
B.
An academic specializing in business administration.
C.
A retired executive of a firm that had been associated with the organization.
D.
The organization’s vice president of operations.
Answer (D) is correct.
The audit committee consists of outside directors who are independent of management. Its purpose is
to help keep external and internal auditors independent of management and to assure that the directors
are exercising due care. The organization’s vice president is not an outside director. The vice president
of the local bank used by the organization, an academic specializing in business administration, and a
retired executive of a firm that had been associated with the organization are all external parties who
are usually independent of the organization’s internal operations.
A. The vice president of the local bank used by the organization is an external party who is usually
independent of the organization’s internal operations.
B. An academic specializing in business administration is an external party who is usually independent
of the organization’s internal operations.
C. A retired executive of a firm that had been associated with the organization is an external party who
is usually independent of the organization’s internal
operations.
33. Which of the following audit committee activities is of the greatest benefit to the internal
audit activity?
A.
Review and approval of engagement work programs.
B. Assurance that the external auditor will rely on the work of the internal audit activity whenever
possible.
C. Review and endorsement of all internal auditing engagement communications prior to their
release.
D. Determine whether scope limitations impede the ability of the internal audit activity to execute its
responsibilities.
Answer (D) is correct.
The CAE should report functionally to the board (audit committee) to achieve organizational
independence and allow the internal audit activity to fulfill its responsibilities. Functional reporting to
the board typically involves, among other things, making appropriate inquiries of management and the
CAE to determine whether audit scope or budgetary limitations impede the ability of the internal audit
activity to fulfill its responsibilities.
A. Review and approval of engagement work programs is the responsibility of internal audit
supervisors.
B. Whether the external auditor will make use of the work of internal auditing is not for the audit
committee to decide.
C. Review and approval of internal audit engagement communications is the responsibility of the chief
audit executive or his or her designee.
34. Which of the following features of a large manufacturer’s organizational structure is a
control weakness?
A. The information systems department is headed by a vice president who reports directly to the
president.
B.
The chief financial officer is a vice president who reports to the chief executive officer.
C. The audit committee of the board consists of the chief executive officer, the chief financial officer,
and a major shareholder.
D.
The controller reports to the chief financial officer.
Answer (C) is correct.
The audit committee has a control function because of its oversight of internal as well as external
auditing. It should be made up of directors who are independent of management. The authority and
independence of the audit committee strengthen the position of the internal audit activity.
A. This reporting relationship is a strength. It prevents the information systems operation from being
dominated by a user.
B. It is a normal and appropriate reporting relationship.
D. It is a normal and appropriate reporting relationship.
35. An audit committee of the board of directors of an organization is being established. Which
of the following is normally a responsibility of the committee with regard to the internal audit
activity?
A.
Approval of the selection and dismissal of the chief audit executive.
B.
Development of the annual engagement work schedule.
C.
Approval of engagement work programs.
D.
Determination of engagement observations appropriate for specific engagement communications.
Answer (A) is correct.
Independence is enhanced when the board concurs in the appointment or removal of the CAE. The
audit committee is a subcommittee of outside directors who are independent of management. The term
“board” includes the audit committee.
B. Development of the annual engagement work schedule is an operational function of the CAE and
the internal audit activity staff. A summary of the (1) audit plan, (2) work schedule, (3) staffing plan,
and (4) financial budget is submitted annually to senior management and the board.
C. Approval of engagement work programs is a technical responsibility of the internal audit activity
staff.
D. The determination of engagement observations appropriate
communications is a field operation of the internal audit activity staff.
for
specific
engagement
36. What is the reason the CAE must have direct and unrestricted access to the board?
A. The board is composed of financial experts and are a great resource for collaboration on financial
decisions.
B.
The internal audit activity needs to achieve organizational independence.
C.
Stock exchanges require that all listed organizations have an audit committee.
D. The CAE must build and maintain strong constructive relationships with managers and other
stakeholders.
Answer (B) is correct.
The CAE must have direct and unrestricted access to senior management and the board for the internal
audit activity to achieve organizational independence. The CAE should report functionally to the board.
The IIA defines a board, in part, as “[t]he highest level governing body . . . charged with the
responsibility to direct and/or oversee the organization’s activities and hold senior management
accountable.”
A. Being a financial expert is not a requirement to serve on a board. Boards are often made up of a
diverse group of individuals. The board is the highest level governing body for the organization and is
not a resource for the CAE to assist with the making of financial decisions.
C. Many stock exchanges require that all listed organizations have an audit committee. However, this is
not the reason the CAE must have direct and unrestricted access to senior management and the board.
D. According to Sawyer’s Guide for Internal Auditors, 6th edition, for internal auditors to be effective,
they must build and maintain strong constructive relationships with managers and other stakeholders
within the organization. But this does not explain why the CAE must have direct and unrestricted
access to senior management and the board.
37. Which of the following statements regarding the external auditor is true?
A.
Disputes between the external auditor and management are resolved through an arbitrator.
B. Review of the external auditor’s internal control and audit reports during each engagement is done
by a different accounting firm.
C.
The external auditor’s work is overseen and reviewed by the audit committee.
D.
Negotiation of the external auditor’s fee is the responsibility of the corporate officers.
Answer (C) is correct.
The most important function of the audit committee is to promote the independence of the internal and
external auditors by protecting them from management’s influence. The audit committee (1) selects the
external auditing firm and negotiates its fee, (2) oversees and reviews the work of the external auditor,
(3) resolves disputes between the external auditor and management, and (4) reviews the external
auditor’s internal control and audit reports.
A. Disputes between the external auditor and management are resolved through the audit committee,
not an arbitrator.
B. The audit committee, not a different accounting firm, is responsible for reviewing the external
auditor’s internal control and audit reports. However, accounting
firms often perform peer reviews
on a periodic basis.
C. The audit committee, not the corporate officers, is responsible for negotiating the external audit fee.
38. Johnny Hagert, Chief Audit Executive, is determining the sufficiency of his resource
allocation. Mr. Hagert must consider all of the following except
A.
Communication received from management and the board.
B.
The audit universe.
C.
Knowledge of the internal audit staff.
D.
Consequences of not completing the engagement on time.
Answer (B) is correct.
Sufficiency relates to the quantity of resources needed to accomplish the audit plan. The audit universe
includes all possible audits within an organization. The audit plan only includes a portion of those
audits.
A. To determine the sufficiency of resource allocation, the CAE must consider all relevant factors,
including (1) communications received from management and the board; (2) information about
ongoing and new engagements; (3) consequences of not completing an engagement on time; and (4)
knowledge, skills, and competencies of the internal audit staff.
C. To determine the sufficiency of resource allocation, the CAE must consider all relevant factors,
including (1) communications received from management and the board; (2) information about
ongoing and new engagements; (3) consequences of not completing an engagement on time; and (4)
knowledge, skills, and competencies of the internal audit staff.
D. To determine the sufficiency of resource allocation, the CAE must consider all relevant factors,
including (1) communications received from management and the board; (2) information about
ongoing and new engagements; (3) consequences of not completing an engagement on time; and (4)
knowledge, skills, and competencies of the internal audit staff.
39. Gator Financial Service is considering outsourcing its internal audit activity. Gator Financial
Service
A.
Cannot outsource the activity because it will impair the effectiveness of the engagement.
B. Can outsource the services as long as it places responsibility for maintaining effective internal
controls in the hands of the external auditor.
C.
Must outsource all internal audit activity to maintain independence.
D. Can outsource the services as long as Gator Financial Service continues to have the responsibility
for maintaining effective internal controls.
Answer (D) is correct.
An organization’s governing body may decide that an external service provider is the most effective
means of obtaining internal audit services. In these cases, Performance Standard 2070 requires that the
external audit service provider remind the organization that the responsibility for maintaining effective
internal controls lies with the organization.
A. An organization’s governing body may decide that an external service provider is the most effective
means of obtaining internal audit services.
B. An organization’s governing body may decide that an external service provider is the most effective
means of obtaining internal audit services. In these cases, the
external audit service provider must
remind the organization that the responsibility for maintaining effective internal controls lies with the
organization.
C. The internal audit function is most often performed through internal sources and does not impair the
independence of the engagement.
40. Which of the following parties is (are) primarily responsible for resource management in an
internal auditing engagement?
1. The chief audit executive
2. Senior management
3. The board of directors
A.
1 and 2.
B.
2 and 3.
C.
1 only.
D.
1 and 3.
Answer (C) is correct.
The CAE is primarily responsible for the sufficiency and management of resources of the internal audit
activity, including communication of needs and status to senior management and the board. These
parties must ensure the adequacy of resources.
A. Senior management is not primarily responsible for the sufficiency and management of resources of
the internal audit activity. Senior management and the board must ensure the adequacy of resources.
B. Senior management and the board of directors are not primarily responsible for the sufficiency and
management of resources of the internal audit activity. These parties must ensure the adequacy of
resources.
D. The board of directors is not primarily responsible for the sufficiency and management of resources
of the internal audit activity. Senior management and the board must ensure the adequacy of resources.
41. Which of the following statements about the chief audit executive’s responsibilities for
internal audit resources is most accurate?
A. The CAE is responsible for ensuring that audit coverage is based on the skills of the internal audit
activity.
B.
The CAE is responsible for presenting a detailed summary of audit resources to management.
C. The CAE is responsible for the effective deployment of resources to achieve the approved audit
plan.
D.
The CAE is responsible for administering the organization’s compensation program.
Answer (C) is correct.
The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed
to achieve the approved audit plan. This responsibility includes the effective communication of
resource needs and reporting of status to senior management and the board.
A. The CAE has responsibility for ensuring that the skills assessment is driven by the needs of the audit
coverage, not by the capabilities already present in the internal audit activity.
B. The CAE has responsibility for presenting a detailed summary of the status and adequacy of internal
audit resources to the board.
D. The human resources (personnel) department ordinarily is responsible for administering the
organization’s compensation program.
42. Internal audit resources should be appropriate, sufficient, and effectively deployed.
Consequently,
A.
Resource planning should be limited to expected activities.
B.
The chief audit executive should perform a periodic skills assessment.
C.
Only members of the internal audit staff should perform internal audit activities.
D.
The chief audit executive ultimately must ensure the adequacy of resources.
Answer (B) is correct.
The skills, technical knowledge, and capabilities of the internal audit staff should be appropriate for the
planned work. Thus, the chief audit executive should perform a periodic skills assessment based on the
needs identified in the risk assessment and the audit plan.
A. Resource planning considers (1) the audit universe, (2) relevant risks, (3) the internal audit plan, (4)
coverage expectations, and (5) an estimate of unexpected activities.
C. The CAE’s consideration of resourcing needs and available resources should address whether
needed skills are present. If not, other appropriate ways to meet needs include (1) external service
providers, (2) specialized consultants, or (3) other employees of the organization.
D. The CAE is primarily responsible for the sufficiency and management of internal audit resources,
including communication of needs and status, to senior management and the board. These parties
ultimately must ensure the adequacy of internal audit resources.
43. When determining the number and experience level of an internal audit staff to be assigned to
an engagement, the chief audit executive should consider which of the following?
1. Complexity of the engagement.
2. Length of the engagement.
3. Available internal audit activity resources.
4. Lapsed time since the last engagement.
A.
1 and 2 only.
B.
2 and 3 only.
C.
1 and 3 only.
D.
1, 2, 3, and 4.
Answer (C) is correct.
The complexity of the engagement determines the experience and skills required of the assigned staff.
Available resources also are a factor in a staffing decision.
A. Length of the engagement is not a factor affecting engagement staffing.
B. Length of the engagement is not a factor affecting engagement staffing.
D. Length of the engagement is not a factor affecting engagement staffing. Lapsed time since the last
engagement is a factor affecting engagement scheduling, not staffing.
44. Which of the following statements most accurately reflects the chief audit executive’s
responsibilities for internal audit resources?
A. The CAE is responsible for ensuring that audit coverage is based on the periodic skills
assessment.
B. The CAE is responsible for evaluating the detailed summary of audit resources presented by
management to the board.
C.
The CAE is not responsible for such human resource functions as evaluation and development.
D. The CAE is responsible for communicating resource needs to the board but has no explicit
responsibility for administering the organization’s compensation
program.
Answer (D) is correct.
The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed
to achieve the approved plan. This includes the effective communication of resource needs and
reporting of status to senior management and the board. Responsibility for administering the
organization’s compensation program normally resides in the human resources (personnel) area.
A. The CAE has responsibility for ensuring that the skills assessment is driven by the needs of the audit
coverage, not by the capabilities already present in the internal audit activity.
B. The CAE has responsibility for presenting a detailed summary of the status and adequacy of internal
audit resources to the board.
C. The CAE has responsibility for considering human resource disciplines, such as succession planning
and staff evaluation and development programs.
45. The most important reason for the chief audit executive to ensure that the internal audit
department has adequate and sufficient resources is to
A.
Ensure that the function is adequately protected from outsourcing.
B.
Demonstrate sufficient capability to meet the audit plan requirements.
C.
Establish credibility with the audit committee and management.
D.
Fulfill the need for effective succession planning.
Answer (B) is correct.
The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed
to achieve the approved plan (Perf. Std. 2030).
A. The decision to outsource the internal audit function is not primarily based on existing resources.
C. The amount of resources is not a significant factor in establishing credibility.
D. Succession planning is not related to the amount of audit resources.
46. The internal audit activity has recently experienced the departure of two internal auditors
who cannot be immediately replaced due to budget constraints. Which
of the following
is the least desirable option for efficiently completing future engagements, given this reduction in
resources?
A.
Using self-assessment questionnaires to address audit objectives.
B.
Employing information technology in audit planning, sampling, and documentation.
C.
Eliminating consulting engagements from the engagement work schedule.
D.
Filling vacancies with personnel from operating departments that are not being audited.
Answer (C) is correct.
The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and
effectively deployed to achieve the approved plan (Perf. Std. 2030). The audit schedule is reduced as a
last resort once all other alternatives have been explored, including the request for additional resources.
A. Using self-assessment questionnaires is an efficient means of addressing the objectives of certain
internal audits.
B. Use of technology is an appropriate means of achieving efficiencies in audit execution.
D. Using operating personnel with internal audit expertise and corporate experience is an appropriate
way to enhance internal audit resources.
47. Numerous environmental laws and regulations have recently changed. Senior management
has asked the chief audit executive to perform an environmental audit to be completed as soon as
possible. The internal audit activity currently is performing an operational audit. As a result, the
chief audit executive must make difficult decisions about resource allocation. Which of the
following is the least significant issue in determining whether to reallocate audit resources?
A.
The potential fraud discovered during the operational audit.
B. Potential cost to the organization for noncompliance with the new environmental laws and
regulations.
C.
The knowledge, skills, and competencies of the internal audit staff.
D.
The results from the prior financial audits.
Answer (D) is correct.
When determining resource allocation under time constraints, the auditor must consider all relevant
factors. Relevant factors include (1) information about both the ongoing and new engagement; (2) the
consequences of not completing either engagement in a timely manner; and (3) the knowledge, skills,
and competencies of the internal audit staff. Information about other unrelated engagements, such as
prior financial audits, is irrelevant.
A. The potential fraud or other illegal actions discovered during the operational audit are relevant.
Fraud always must be evaluated for its effect on achievement of organizational objectives.
B. Potential consequences, such as fines, penalties, and legal action, may be material.
C. The knowledge, skills, and competencies of the internal audit staff are crucial. Proficiency is an
ethical obligation of internal auditors.
48. When assigning individual staff members to actual engagements, internal auditing
managers are faced with a number of important considerations related to needs, abilities, and
skills. Which of the following is the least appropriate criterion for assigning a staff internal
auditor to a specific engagement?
A.
The staff internal auditor’s desire for training in the area.
B.
The complexity of the engagement.
C.
The experience level of the internal auditor.
D.
Special skills possessed by the staff internal auditor.
Answer (A) is correct.
A staff internal auditor’s desire for specific training is necessarily secondary to carrying out the
responsibilities of the internal audit activity with regard to proper staffing.
B. The complexity of the engagement determines the experience and skills required of the assigned
staff.
C. Experience is a factor in a staffing decision.
D. Special expertise is a factor in a staffing decision.
49. Staff members of the internal audit activity should be assigned to engagements and training
projects that will enable them to develop their potential. Which of the following should be the
most important consideration in making assignments that will allow staff members to develop
properly?
A.
The skills and experience levels of individual auditors.
B.
Specific training requirements imposed by the Standards.
C.
The importance of giving all staff members extensive supervisory experience.
D.
Special interests of individual staff members.
Answer (A) is correct.
The program for selecting and developing the human resources of the internal audit activity should
provide for written job descriptions for each level of the staff, selection of qualified and competent
individuals, training and continuing educational opportunities, performance appraisals at least annually,
and counsel on performance and professional development. Obviously, work assignments inconsistent
with an internal auditor’s abilities will defeat the purposes of human resources development.
B. The Standards contain no specific requirements.
C. All staff members may not be ready for supervisory responsibility.
D. Although interests are not irrelevant, they are secondary to skills and experience.
50. In selecting an instructional strategy for developing internal audit staff, a chief audit
executive begins by reviewing
A.
Organizational objectives.
B.
Learning content.
C.
Learners’ readiness.
D.
Budget constraints.
Answer (A) is correct.
The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and
effectively deployed to achieve the approved plan (Perf. Std. 2030). The approved plan must be
consistent with the goals of the organization.
B. The learning content cannot be prepared without first reviewing the organizational objectives.
C. Learners’ readiness should be considered later in the program development process.
D. Budget constraints should be considered later in the process.
51. The advantage attributed to the establishment of internal auditing field offices for work at
foreign locations is best described as
A.
The possibility of increased objectivity of personnel assigned to a field office.
B.
A reduction of travel time and related travel expense.
C.
The increased ease of maintaining uniform organization-wide standards.
D.
More contact with senior personnel leading to an increase in control.
Answer (B) is correct.
The advantages of field offices compared with sending internal auditors from the home office include
(1) reduced travel time and expense, (2) improved service in the operating locations served by the field
offices, (3) better morale of internal auditors as a result of increased authority, and (4) the possibility of
employing persons who do not wish to travel.
A. Field office personnel are more likely to lose objectivity through increased contact with engagement
client personnel in the area served.
C. Maintenance of organization-wide standards is more difficult after decentralization.
D. Contact with and control over field office personnel will be reduced.
52. According to the International Professional Practices Framework, the CAE must ensure
that internal audit resources are
A.
Relevant, adequate, and practical.
B.
Applicable, competent, and well-founded.
C.
Appropriate, sufficient, and effectively deployed.
D.
Suitable, satisfactory, and competently displayed.
Answer (C) is correct.
According to Performance Standard 2030, Resource Management, “The chief audit executive must
ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the
approved plan.” As stated in the Interpretation of Standard 2030, “Appropriate refers to the mix of
knowledge, skills, and other competencies needed to perform the plan. Sufficient refers to the quantity
of resources needed to accomplish the plan. Resources are effectively deployed when they are used in a
way that optimizes the achievement of the approved plan.”
A. “Relevant, adequate, and practical” are not attributes of the internal audit resources defined in the
IPPF.
B. “Applicable, competent, and well-founded” are not attributes of the internal audit resources defined
in the IPPF.
D. “Suitable, satisfactory, and competently displayed” are not attributes of the internal audit resources
defined in the IPPF.
53. According to the International Professional Practices Framework, internal audit resources
are effectively deployed when
A.
The internal audit staff has the necessary attributes for the planned activities.
B.
The resources needed to accomplish the plan are adequate.
C.
There are more opportunities to achieve operating benefits for the engagement client.
D.
They are used in a way that optimizes the achievement of the approved plan.
Answer (D) is correct.
According to the Interpretation of Standard 2030, “Resources are effectively deployed when they are
used in a way that optimizes the achievement of the approved plan.” The CAE is primarily responsible
for the sufficiency and management of resources, including communication of needs and status to
senior management and the board. Resources are effectively deployed by assigning qualified auditors
and developing an appropriate resourcing approach and organizational structure.
A. The internal audit staff should have the necessary attributes for the planned audit activities. Whether
or not the audit staff has the attributes needed does not determine whether the audit resources are
effectively allocated.
B. The resources needed to accomplish the approved audit plan must be sufficient. Sufficient refers to
the quantity of resources needed to accomplish the plan. But the sufficiency of internal audit resources
does not indicate that resources are effectively deployed.
C. The achievement of operating benefits for the engagement client is not a consideration in the
effective deployment of audit resources.
54. In managing internal audit resources, the CAE considers all of the following except
A.
Benchmarking.
B.
Succession planning.
C.
Staff evaluation and development.
D.
Resourcing needs.
Answer (A) is correct.
Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the
adaptation of processes to reflect the best of these practices. It is not used in managing internal audit
resources. In managing internal audit resources, the CAE considers succession planning, staff
evaluation and development, and other human resource disciplines. The CAE also addresses resourcing
needs, including whether those skills are present in the internal audit staff.
B. The CAE considers succession planning when managing internal audit resources. Through
succession planning, organizations prepare employees for advancement.
C. The CAE considers staff evaluation and development when managing internal audit resources. The
CAE considers whether the competencies of the internal audit staff are appropriate for the planned
activities
D. The CAE is primarily responsible for the sufficiency and management of resources, including
communication of needs and status to senior management and the board. These parties ultimately must
ensure the adequacy of resources.
55. In addressing internal audit resource needs for a complex engagement, the CAE may include
all of the following except
A.
Other employees of the organization.
B.
Members of the audit committee.
C.
Specialized consultants.
D.
External service providers.
Answer (B) is correct.
Resources must be effectively deployed by assigning qualified auditors and developing an appropriate
resourcing approach and organizational structure. Additionally, resources need to be sufficient for audit
activities to be performed in accordance with the expectations of senior management and the board.
Members of the audit committee may not be employees of the organization except in their capacity as a
board member. Therefore, an audit committee member should not be included in addressing internal
audit resource needs. The CAE may meet these needs through external service providers, specialized
consultants, or other employees of the organization.
A. Using other employees of the organization is an appropriate way to meet the additional resource
needs of the internal audit activity.
C. Specialized consultants may be used as a resource for a complex engagement.
D. External service providers may be considered by the CAE to meet the resource needs for an
engagement.
56.Which of the following is the best source of a chief audit executive’s information for planning
staffing requirements?
A.
Discussions of internal audit needs with senior management and the board.
B.
Review of internal audit staff education and training records.
C. Review internal audit staff size and composition of similarly sized organizations in the same
industry.
D.
Interviews with existing internal audit staff.
Answer (A) is correct.
Ensuring the sufficiency of internal audit resources is ultimately a responsibility of the organization’s
senior management and board. The CAE should assist them in discharging this responsibility (PA
2030-1, para. 1).
B. The scheduled work is the first consideration in determining the number and qualifications of the
staff required. Review of staff education and training records is a subsequent step.
C. The staffing plan must consider the unique needs of a particular organization. The review of staff
size and composition of similarly sized organizations in the same industry may not satisfy the
engagement objectives for a particular organization
D. The scheduled work is the first consideration in determining the number and qualifications of the
staff required. Interviews with existing staff occur later.
57. The capabilities of individual staff members are key features in the effectiveness of an
internal audit activity. What is the primary consideration used when staffing an internal audit
activity?
A.
Background checks.
B.
Job descriptions.
C.
Continuing education.
D.
Organizational orientation.
Answer (B) is correct.
The skills, capabilities, and technical knowledge of the internal audit staff are to be appropriate for the
planned activities (PA 2030-1, para. 2). Properly formulated job descriptions provide a basis for
identifying job qualifications (including training and experience). Hence, they facilitate recruiting
human resources with the necessary attributes.
A. Background checks help ensure that statements made by prospective employees are accurate.
However, they are not the primary requisite.
C. Continuing education occurs after the proper people are hired.
D. A thorough orientation helps the new employee become productive more rapidly. However, it will
not compensate for hiring the wrong person.
58.By comparing job descriptions with the qualifications and duties of the individuals currently
holding those jobs, a manager can
A.
Complete the human resource planning cycle.
B.
Determine whether the organization is appropriately staffed.
C.
Forecast future personnel needs.
D.
Determine which employees should be promoted.
Answer (B) is correct.
A job description summarizes the duties and qualifications required for a job. It is prepared based on a
job analysis, which is a systematic procedure for observing work and determining what tasks should be
accomplished to achieve organizational goals. By comparing the job description with the actual
employees and their qualifications, a manager can determine whether the organization has placed
appropriate individuals in jobs best suited to their abilities.
A. The human resource planning cycle refers to the entire process. Examining job descriptions is
merely a part of the job analysis process.
C. A forecast of future needs requires knowledge of future plans and a projection of resource and staff
requirements.
D. To determine which employees should be promoted, a manager needs performance data.
59. When determining the number and experience level of an internal audit staff to be assigned to
an engagement, the chief audit executive should consider all of the following except the
A.
Complexity of the engagement.
B.
Available internal audit activity resources.
C.
Training needs of internal auditors.
D.
Lapsed time since the last engagement.
Answer (D) is correct.
Lapsed time since the last engagement is a factor affecting engagement scheduling, not staffing.
A. The complexity of the engagement determines the experience and skills required of the assigned
staff.
B. Available resources are a factor in a staffing decision.
C. The training needs of individual auditors are a factor in a staffing decision.
60. In most organizations, the rapidly expanding scope of internal auditing responsibilities
requires continual training. What is the main purpose of such a training program?
A.
To comply with continuing education requirements of professional organizations.
B.
To use slack periods in engagement scheduling.
C.
To help individuals to achieve personal career goals.
D.
To achieve both individual and organizational goals.
Answer (D) is correct.
By being informed and up to date, internal auditors are better prepared to reach their personal goals. In
addition, internal audit responsibilities are more readily discharged by auditors having the required
knowledge, skills, and other competencies.
A. The CAE should establish a program for selecting and developing human resources, but compliance
with continuing education requirements of professional organizations is not the primary purpose.
B. Training can be conducted during slack periods, but this is not the primary objective
C. Both personal and internal audit goals should be achieved.
61. Although all the current members of an internal audit activity have good records of
performance, the manager is not sure if any of the members are ready to assume a management
role. Which of the following is an advantage of bringing in an outsider rather than promoting
from within?
A.
Management training costs are reduced when a qualified outsider is hired.
B.
The manager can be sure that the new position will be filled by a competent employee.
C.
Bringing in an outsider is a less expensive alternative than promoting from within.
D.
The “modeling” effect is strengthened by bringing in a new role model.
Answer (A) is correct.
Hiring an experienced manager reduces management training costs because the person has already
been trained.
B. The manager is relying on outside information to evaluate the candidate and cannot be certain the
employee is competent until (s)he begins work.
C. Hiring an outsider is usually more expensive than promoting from within.
D. The “modeling” effect occurs when employees see that deserving co-workers are promoted to
better-paying, higher-status jobs.
62. Exchange of engagement communications and management letters by internal and external
auditors is
A.
Consistent with the coordination responsibilities of the chief audit executive.
B.
Not consistent with the independence guidelines of the Standards.
C.
A violation of the Code of Ethics.
D.
Not addressed by the Standards
Answer (A) is correct.
Exchange of engagement communications and management letters is properly a component of
coordination between internal and external audit.
B. The standard independence guidelines are not relevant to this exchange between internal and
external auditors.
C. The exchange does not violate the Code of Ethics
D. The Standards address the coordination of internal and external auditing work
63. Coordination of internal and external auditing can reduce the overall costs. Who is
responsible for actual coordination of internal and external auditing efforts?
A.
The chief audit executive.
B.
The external auditor.
C.
The board.
D.
Management.
Answer (A) is correct.
Coordination of internal and external audit work is the responsibility of the CAE. The CAE obtains the
support of the board to coordinate audit work effectively.
B. The external auditor is an interested party but not one that has direct responsibility for coordinating
internal and external auditing efforts.
C. The board has oversight responsibility, but the CAE is responsible for the actual coordination of
internal and external auditing work.
D. Management is an interested party but not one that has direct responsibility for coordinating internal
and external auditing efforts.
64. Which of the following are responsibilities of the chief audit executive (CAE)?
1. Coordinating activities with other providers of assurance and consulting services.
2. Understanding the work of external auditors.
3. Providing sufficient information to the external auditors to permit them to understand the
internal auditors’ work.
A.
1 and 2 only.
B.
2 and 3 only.
C.
1 and 3 only.
D.
1, 2, and 3.
Answer (D) is correct.
Organizations may use the work of external auditors to provide assurance related to activities within
the scope of internal auditing. In these cases, the CAE takes the steps necessary to understand the work
performed by the external auditors. Moreover, the external auditor may rely on the work of the internal
audit activity in performing their work. In this case, the CAE needs to provide sufficient information to
enable external auditors to understand the internal auditor’s techniques, methods, and terminology to
facilitate reliance by external auditors on work performed.
A. Providing sufficient information to the external auditors to permit them to understand the internal
auditors’ work is a responsibility of the CAE when external auditors rely on the internal audit activity’s
work.
B. Coordinating activities with other providers of assurance and consulting services is a responsibility
of the CAE.
C. Understanding the work of external auditors is necessary whenever external auditors provide
assurance about matters within the scope of the internal audit activity.
65. Which of the following is responsible for coordination of internal and external audit work?
A.
The board.
B.
The chief audit executive.
C.
Internal auditors.
D.
External auditors.
Answer (B) is correct.
Oversight of the work of external auditors, including coordination with the internal audit activity, is the
responsibility of the board. Coordination of internal and external audit work is the responsibility of the
chief audit executive (CAE). The CAE obtains the support of the board to coordinate audit work
effectively.
A. The board oversees but is not actually responsible for the coordination.
C. Internal auditors carry out the coordinated directions from the CAE
D. External auditors perform their work in coordination with information provided by the CAE.
66. Coordinating internal and external audit activity can increase efficiency by using which of
the following?
1. Similar techniques
2. Similar methods
3. Similar terminology
A.
1 only.
B.
1 and 3 only.
C.
1 and 2 only.
D.
1, 2, and 3.
Answer (D) is correct.
It may be efficient for internal and external auditors to use similar techniques, methods, and
terminology to coordinate their work effectively and to rely on the work of one another.
A. Similar methods and terminology also increase efficiency.
B. Similar methods also increase efficiency.
C. Similar terminology also increases efficiency.
67. Who has primary responsibility for providing information to the board on the professional
and organizational benefits of coordinating internal audit activities with those of other providers
of similar services?
A.
The external auditor.
B.
The chief audit executive.
C.
The chief executive officer.
D.
Each assurance and consulting function.
Answer (B) is correct.
The chief audit executive should share information and coordinate activities with other internal and
external providers of assurance and consulting services to ensure proper coverage and minimize
duplication of efforts (Perf. Std. 2050). The CAE also must periodically report to the board and senior
management on the internal audit activity’s purpose, authority, responsibility, and performance (Perf.
Std. 2000).
A. The CAE is responsible for ensuring that the internal audit activity’s work maximizes the benefits
achievable from coordination with other assurance and consulting activities. Comments on this
function should always form part of any activity reports by the CAE, not the external auditor, to the
board.
C. The CEO normally is not responsible for planning, work, and coordination related to internal audit
assurance and consulting engagements or coordination with other assurance and consulting activities.
D. Not all other assurance and consulting activities are organizationally responsible to the board for
their work. Moreover, they may not have the opportunity to report information directly to the board.
68. Which of the following is a false statement about the relationship between internal auditors
and external auditors?
A.
Oversight of the work of external auditors is the responsibility of the chief audit executive.
B. Sufficient meetings are scheduled between internal and external auditors to ensure timely and
efficient completion of the work.
C. Internal and external auditors may exchange engagement communications and management
letters.
D. Internal auditors may provide engagement work programs and working papers to external
auditors.
Answer (A) is correct.
Oversight of the work of external auditors, including coordination with the internal audit activity, is the
responsibility of the board. Coordination of internal and external audit work is the responsibility of the
CAE (Perf. Std. 2050).
B. Coordination between internal and external auditors involves, among other things, sufficient
meetings to both ensure coordination of work and efficient and timely completion of activities and to
determine whether observations and recommendations from work performed to date require that the
scope of planned work be adjusted.
C. Coordination between internal and external auditors involves, among other things, access to internal
audit communications and external auditors’ management letters.
D. Coordination between internal and external auditors involves, among other things, access to each
other’s work programs and working papers.
69. To improve their efficiency, internal auditors may rely upon the work of external auditors if
it is
A.
Performed after the internal auditing work.
B.
Primarily concerned with operational objectives and activities.
C.
Coordinated with internal auditing work.
D.
Conducted in accordance with the Code of Ethics.
Answer (C) is correct.
Organizations may use the work of external auditors to provide assurance related to activities within
the scope of internal auditing. Coordination of internal and external audit work is the responsibility of
the CAE (Perf. Std. 2050).
A. Duplication of effort may result if the external audit is performed after the internal auditing
engagement.
B. Internal auditing encompasses both financial and operational objectives and activities. Thus, internal
auditing coverage could also be provided by external audit work that included primarily financial
objectives and activities.
D. External auditing work is conducted in accordance with auditing standards generally accepted in the
host country.
70. Fact Pattern: You are the chief audit executive of a parent organization that has foreign
subsidiaries. Independent external audits performed for the parent are not conducted by the
same firm that conducts the foreign subsidiary audits. Because the internal audit activity
occasionally provides direct assistance to both external firms, you have copies of audit programs
and selected working papers produced by each firm.
The foreign subsidiary’s auditors would like to rely on some of the work performed by the parent
organization’s audit firm, but they need to review the working papers first. They have asked you
for copies of the working papers of the parent organization’s audit firm. What is the most
appropriate response to the foreign subsidiary’s auditors?
A.
Provide copies of the working papers without notifying the parent’s audit firm.
B. Notify the parent’s auditors of the situation and request that they either provide the working
papers or authorize you to do so.
C.
Provide copies of the working papers and notify the parent’s audit firm that you have done so.
D.
Refuse to provide the working papers under any circumstances.
Answer (B) is correct.
Organizations may use the work of external auditors to provide assurance related to activities within
the scope of internal auditing. In these cases, the CAE takes the steps necessary to understand the work
performed by the external auditors, including access to the external auditors’ programs and working
papers. Internal auditors are responsible for respecting the confidentiality of those programs and
working papers.
A. The working papers are the property of the parent’s external auditors, and their confidentiality
should be respected.
C. The external auditors must give prior authorization for the release of their working papers.
D. The CAE has the responsibility to ensure proper coordination with external auditors.
71. Fact Pattern: You are the chief audit executive of a parent organization that has foreign
subsidiaries. Independent external audits performed for the parent are not conducted by the
same firm that conducts the foreign subsidiary audits. Because the internal audit activity
occasionally provides direct assistance to both external firms, you have copies of audit programs
and selected working papers produced by each firm.
The foreign subsidiary’s external audit firm wants to rely on an audit of a function at the parent
organization. The audit was conducted by the internal audit activity. To place reliance on the
work performed, the foreign subsidiary’s auditors have requested copies of the working papers.
What is the most appropriate response to the foreign subsidiary’s auditors?
A.
Provide copies of the working papers.
B.
Ask the parent’s audit firm if it is appropriate to release the working papers.
C.
Ask the board for permission to release the working papers.
D.
Refuse to provide the working papers under any circumstances.
Answer (A) is correct.
Coordination involves access to each other’s work programs, working papers, and reports (IG 2050).
Access is provided to external auditors for them to be satisfied as to the acceptability, for external audit
purposes, of relying on the internal auditors’ work.
B. The working papers are the property of the organization. The responsibility of the CAE is to
maintain the security of the working papers and to coordinate efforts with the external auditors. Thus,
the decision belongs not to the parent’s external auditors but to the CAE.
C. Access to working papers by external auditors is subject to the approval of the CAE.
D. The CAE ensures proper coordination with external auditors by, among other things, granting the
external auditors access to the internal auditors’ working papers.
72. Which of the following is not a true statement about the relationship between internal
auditors and external auditors?
A.
External auditors must assess the competence and objectivity of internal auditors.
B. There may be periodic meetings between internal and external auditors to discuss matters of
mutual interest.
C.
There may be an exchange of engagement communications and management letters.
D. Internal auditors may provide engagement work programs and working papers to external
auditors.
Answer (A) is correct.
The external auditor assesses the objectivity and competence of the internal auditors only if (s)he
intends to rely on their work.
B. The relationship involves intermittent meetings to determine whether the timing of planned work
needs to be revised.
C. The relationship involves reasonable mutual access to engagement communications and
management letters.
D. The relationship involves reasonable mutual access to engagement work programs, working papers,
and reports.
73. Assessments of the work of external auditors may be made by the chief audit executive
A.
When the external auditor is appointed.
B.
When the CAE oversees their work.
C.
When their work is relied upon by the internal auditors.
D.
As part of the evaluation of the coordination between the internal and external auditors.
Answer (D) is correct.
The CAE is responsible for regular evaluations of the coordination between internal and external
auditors. Such evaluations may also include assessments of the overall efficiency and effectiveness of
internal and external audit activities, including aggregate audit cost. The CAE communicates the results
of these evaluations to senior management and the board, including relevant comments about the
performance of external auditors.
A. The assessment is part of the regular evaluation of the coordination of audit work.
B. The board oversees external audit work.
C. The assessment arises from the evaluation of coordination, not reliance.
74. An internal audit activity is often requested to coordinate its work with that of the external
auditors. Which of the following activities is most likely to be restricted to the external auditor?
A.
Evaluating the system of controls over cash collections and similar transactions.
B.
Attesting to the fairness of presentation of cash position.
C.
Evaluating the adequacy of the organization’s overall system of internal controls.
D.
Reviewing the system established to ensure compliance with laws, regulations, and contracts.
Answer (B) is correct.
Professional standards place sole responsibility for the attest function on the external auditors. Only the
external auditors have the necessary independence to permit the provision of assurance to external
parties. Unlike circumstances in which the external auditors use the work of other independent auditors,
the responsibility cannot be shared with the internal auditors.
A. Evaluating controls is part of the internal auditor’s scope of work.
C. Senior management and the board normally expect that the internal audit activity will perform
sufficient engagement work and gather other available information during the year to form an overall
judgment about the adequacy and effectiveness of the control process. The CAE should communicate
that judgment to senior management and the board.
D. Evaluating compliance is part of the internal auditor’s scope of work.
75.Which of the following statements is true regarding coordination of internal and external
auditing efforts?
A. The chief audit executive should not give information about illegal acts to an external auditor
because external auditors may be required to report the matter to the board or regulatory agencies.
B. Ownership and the confidentiality of the external auditor’s working papers prohibit their review
by internal auditors.
C. The chief audit executive should determine that appropriate follow-up and corrective action was
taken by management when required regarding matters discussed in the external auditor’s management
letter.
D. If internal auditors provide assistance to the external auditors in connection with the annual audit,
such assistance is not subject to the Standards.
Answer (C) is correct.
Internal auditors need access to the external auditors’ presentation materials and management letters.
Matters discussed in presentation materials and included in management letters need to be understood
by the CAE and used as input to internal auditors in planning the areas to emphasize in future internal
audit work. After review of management letters and initiation of any needed corrective action by
appropriate members of senior management and the board, the CAE should ensure that appropriate
follow-up and corrective actions have been taken.
A. Internal auditors should give external auditors access to their engagement work programs, working
papers, and communications. Thus, information about illegal acts should be communicated to the
external auditor.
B. Internal auditors and external auditors may grant access to each other’s working papers.
D. All work done by internal auditors should be done in accordance with the Standards.
76. The chief audit executive plans to meet with the independent external auditor to discuss
joint efforts regarding an upcoming external audit of the organization’s pension plan. The
independent external auditor has performed all external audit work in this area in the past. The
CAE’s objective is to
A.
Determine whether work in this area could not be performed exclusively by the internal auditors.
B. Coordinate the external audit so as to fulfill professional responsibilities and not duplicate work of
the independent external auditor.
C. Ascertain which account balances have been tested by the independent external auditor so that the
internal auditors may test the internal controls to determine the reliability of these balances.
D. Determine whether the independent external auditor’s techniques, methods, and terminology
should be used by internal auditors in this area to conform with past work or to use techniques
consistent with those used by other internal auditors.
Answer (B) is correct.
Planned audit activities of internal and external auditors need to be discussed to ensure that audit
coverage is coordinated and duplicate efforts are minimized if possible.
A. The independent external auditor is not permitted to delegate certain work to the internal auditors,
for example, the verification of material account balances related to a pension plan.
C. Testing internal controls to determine the reliability of account balances is an example of duplicate
work.
D. Common understanding of techniques, methods, and terminology is involved in coordination of
activities with other internal and external providers of relevant assurance and consulting services, and
the use of common techniques, methods, and terminology may be efficient. However, the objective of
coordination of efforts is to ensure adequate engagement coverage and to minimize duplication of
efforts, not to determine whether one set of techniques should be used to the exclusion of another.
77. If a department outside of the internal audit activity is responsible for reviewing a function
or process, the internal auditors should
A.
Consider the work of the other department when assessing the function or process.
B.
Ignore the work of the other department and proceed with an independent audit.
C.
Reduce the scope of the audit since the work has already been performed by the other department.
D.
Yield the responsibility for assessing the function or process to the other department.
Answer (A) is correct.
The chief audit executive should share information and coordinate activities with other internal and
external providers of relevant assurance and consulting services to ensure proper coverage and
minimize duplication of efforts (Perf. Std. 2050). This standard applies not only to external auditors but
also to other “providers,” such as regulatory bodies (e.g., governmental auditors) and certain of the
organization’s other subunits (e.g., a health and safety department). Review and testing of the other
department’s work may reduce necessary audit coverage of the function or process.
B. Concentrating on the function or process might lead to a duplication of efforts.
C. The internal auditor cannot rely on the work of others without verifying the results.
D. The internal audit activity’s overall responsibility for assessing the function or process is not
affected by the other department’s coverage.
78. Several members of an organization’s senior management have questioned whether the
internal audit activity should report to the newly established quality audit function as part of the
total quality management process within the organization. The chief audit executive (CAE) has
reviewed the quality audit standards and the programs that the quality audit manager has
proposed. The CAE’s response to senior management should include which of the following?
A. Changing the applicable standards for internal auditing within the organization to provide
compliance with quality audit standards.
B. Changing the qualification requirements for new staff members to include quality audit
experience.
C. Estimating departmental cost savings that would result from the elimination of the internal audit
activity.
D. Identifying appropriate liaison activities with the quality audit function to ensure coordination of
audit schedules and overall audit responsibilities.
Answer (D) is correct.
The CAE should share information, coordinate activities, and consider relying upon the work of other
internal and external assurance and consulting providers to ensure proper coverage and minimize
duplication of efforts (Perf. Std. 2050). The quality audit function is an internal assurance and
consulting provider. Thus, whether reporting administratively to the quality audit function or to senior
management, the CAE should identify appropriate liaison activities with the quality audit function to
ensure coordination of audit schedules and overall audit responsibilities.
A. The quality audit standards proposed by the quality audit manager should comply with the
applicable standards for internal auditing (i.e., the Standards), not vice-versa.
B. The internal audit activity as a whole, not each auditor individually, must be proficient in all
necessary competencies (Attr. Std. 1210).
C. The issue is whether the internal audit activity should report to the quality audit function, not be
replaced by the function. Accordingly, the CAE’s response is not expected to include information on
the cost savings from the elimination of the internal audit activity.
79. Which of the following best describes the purpose of the Three Lines of Defense?
A. To improve stakeholder relationships between the board of directors and senior management and
to clarify the organization’s risk management and control processes.
B. To support the organization through the utilization of specialized skills in monitoring of
noncompliance with applicable laws and regulations.
C. To enhance communications on risk management and control by clarifying how specific duties
should be assigned and coordinated within the organization.
D. To define operational management’s responsibility in the execution of risk and control procedures
for the organization on a day-to-day basis.
Answer (C) is correct.
According to The IIA Position Paper, The Three Lines of Defense in Effective Risk Management and
Control, the Three Lines of Defense model provides a simple and effective way to enhance
communications on risk management and control by clarifying how specific duties should be assigned
and coordinated within the organization. Operational management provides the first line of defense,
business-enabling functions provide the second line of defense, and internal auditors provide the third
line of defense.
A. The board of directors and senior management are the primary stakeholders served by the Three
Lines of Defense, and they are the parties best positioned to help ensure that this model is reflected in
the organization’s risk management and control processes.
B. Business-enabling functions provide the second line of defense and support to the entity through
specialized skills and typically may include various risk management, compliance, inspection, and
financial control functions. A compliance function is established to monitor various risks, such as
noncompliance with applicable laws and regulations or the organization’s ethics program. The Three
Lines of Defense model includes more than the monitoring of noncompliance.
D. To ensure compliance, there should be adequate managerial controls in place. Therefore, operational
management serves as the first line of defense. However, the Three Lines of Defense model includes
more than the responsibilities of operational management.
80. Which of the following is least accurate in describing the functions that serve as the three
lines of defense in an organization?
A.
Functions that calculate and measure risk liability.
B.
Functions that oversee risks.
C.
Functions that provide independent assurance.
D.
Functions that own and manage risk.
Answer (A) is correct.
The calculation and measurement of risk liability is not one of the three lines of defense. According to
the IIA Position Paper, The Three Lines of Defense in Effective Risk Management and Control, the
three lines of defense include functions that (1) own and manage risk, (2) oversee risks, and (3) provide
independent assurance.
B. Functions that oversee risks provide the second line of defense for effective management of risk and
control. These functions support the entity through specialized skills and typically may include various
risk management, compliance, inspection, and financial control functions. Additionally, these functions
are typically responsible for the ongoing monitoring of control and risk.
C. Functions that provide independent assurance provide the third line of defense for effective
management of risk and control. The third line of defense provides assurance on the effectiveness of
governance, risk management, and internal controls, including the manner in which the first and second
lines of defense achieve risk management and control objectives.
D. Functions that own and manage risk provide the first line of defense for effective management of
risk and control. The first line of defense develops and implements control and risk management
processes; it also implements corrective actions to address process and control deficiencies.
81. All of the following are true regarding the process and methods of coordinating assurance
activities except
A.
Assurance mapping connects significant risk categories and sources of assurance.
B. In the combined assurance model, the internal audit activity coordinates with compliance
activities.
C. The formality of assurance activity coordination may vary with the size of the entity and any
regulatory requirements.
D.
Sharing results with other providers violates the coordinating services agreement.
Answer (D) is correct.
The CAE should share information, coordinate activities, and consider relying upon the work of other
internal and external assurance and consulting service providers to ensure proper coverage and
minimize duplication of efforts (Perf. Std. 2050). Coordinating activities include (1) simultaneity of the
nature, extent, and timing of scheduled work; (2) mutual understanding of methods and vocabulary; (3)
the parties’ access to each other’s programs, workpapers, and communications of results; (4) reliance
on others’ work to avoid overlap; and (5) meeting to adjust the timing of scheduled work given results
to date.
A. Assurance mapping is a method of coordinating assurance coverage. It connects significant risk
categories and sources of assurance and assesses each category.
B. The internal audit activity coordinates activities such as compliance to minimize “the nature,
frequency and redundancy of internal audit engagements.”
C. The process and methods of coordinating assurance activities varies by organization. Smaller
entities may have informal coordination. Large or regulated entities may have formal and complex
coordination. Businesses and not-for-profit organizations are subject to governmental regulation in
many countries.
82. Criteria the CAE may consider in determining whether to rely on the work of another service
provider include all of the following except
A.
The due professional care of the service provider relating to the relevant service.
B.
The scope, objectives, and results of the service provider’s work.
C.
Whether the service provider’s findings meet the information criteria in the Standards.
D.
The reasonableness of audit fees.
Answer (D) is correct.
In determining whether to rely on the work of another service provider, the CAE may consider
1.The objectivity, independence, competency, and due professional care of the provider relating to the
relevant assurance or consulting service;
2.The scope, objectives, and results of the service provider’s work to evaluate the degree of reliance;
3.Assessing the service provider’s findings to determine whether they are reasonable and meet the
information criteria in the Standards; and
4.The incremental effort required to obtain sufficient, reliable, relevant, and useful information as a
basis for the degree of planned reliance.
A. The objectivity, independence, competency, and due professional care of the provider relating to the
relevant assurance or consulting service is a criterion that the CAE may consider in determining
whether to rely on the work of another service provider.
B. The scope, objectives, and results of the service provider’s work to evaluate the degree of reliance is
a criterion that the CAE may consider in determining whether to rely on the work of another service
provider
C. Assessing the service provider’s findings to determine whether they are reasonable and meet the
information criteria in the Standards is a criterion that the CAE may consider in determining whether to
rely on the work of another service provider.