Add to collection(s) Add to saved
  1. Business
  2. Accounting

pdfcoffee.com 1-764-pdf-free

advertisement 
[1] Gleim #: 1.1.1
The purposes of the Standards include all of the following except
Establishing the basis for the measurement of internal A. audit
performance.
B. Guiding the ethical conduct of internal auditors.
C. Stating basic principles that represent the practice of internal
auditing.
D. Fostering improved organizational processes and operations.
Answer (A) is incorrect. Establishing the basis for the evaluation of
internal audit
performance is one of The IIA’s stated purposes of the Standards.
Answer (B) is correct. Guiding the ethical conduct of internal
auditors is the
purpose of the Code of Ethics, not the Standards.
Answer (C) is incorrect. Delineating basic principles that represent
the practice of
internal auditing is one of The IIA’s stated purposes of the Standards.
Answer (D) is incorrect. Fostering improved organizational
processes and
operations is one of The IIA’s stated purposes of the Standards.
[2] Gleim #: 1.1.2
The proper organizational role of internal auditing is to
A. Assist the external auditor to reduce external audit fees.
B. Perform studies to assist in the attainment of more efficient
operations.
C. Serve as the investigative arm of the board.
Serve as an independent, objective assurance and consulting activity
that adds
value to operations.
D.
Answer (A) is incorrect. Reducing external audit fees may be a
direct result of
internal audit work, but it is not a reason for staffing an internal audit
activity.
Answer (B) is incorrect. The primary role of internal auditing
includes, but is not
limited to, assessing the efficiency of operations.
Answer (C) is incorrect. Internal auditors serve management as well
as the board.
Answer (D) is correct. The Definition of Internal Auditing states, in
part,
“Internal auditing is an independent, objective assurance and
consulting activity
designed to add value and improve an organization’s operations.”
[3] Gleim #: 1.1.3
One of the purposes of the International Standards for the
Professional Practice of
Internal Auditing (“the Standards”) is to
A. Encourage the professionalization of internal auditing.
Establish the independence of the internal audit activity and
emphasize the
objectivity of internal auditing.
B.
Encourage external auditors to make more extensive use of the work
of internal
auditors.
C.
D. Establish the basis for evaluating internal auditing performance.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 1
Printed for Sanja Knezevic
Answer (A) is incorrect. The professionalization of internal auditing
is important but
is not a direct purpose of the Standards.
Answer (B) is incorrect. Independence and objectivity are but two
aspects of the
practice of internal auditing as it should be.
Answer (C) is incorrect. The Standards do not formally encourage
external auditors to
make more extensive use of the work of internal auditors.
Answer (D) is correct. The IIA provides the following purposes of the
Standards:
Delineate basic principles that represent the practice of 1. internal
auditing.
Provide a framework for performing and promoting a broad range of
value-added
internal audit activities.
2.
3. Establish the basis for evaluating internal auditing performance.
4. Foster improved organizational processes and operations.
[4] Gleim #: 1.1.4
Which Standards expand upon the other categories of Standards?
A. Performance Standards.
B. Attribute Standards.
C. Implementation Standards.
D. All of the choices are correct.
Answer (A) is incorrect. Performance Standards apply to all internal
audit
services.
Answer (B) is incorrect. Attribute Standards apply to all internal audit
services.
Answer (C) is correct. Implementation Standards expand upon the
Attribute and
Performance Standards. They provide requirements applicable to
specific
engagements.
Answer (D) is incorrect. Only Implementation Standards expand
upon the
standards in other categories.
[5] Gleim #: 1.1.5
A major reason for establishing an internal audit activity is to
Relieve overburdened management of the responsibility for
establishing effective
controls.
A.
B. Safeguard resources entrusted to the organization.
C. Ensure the reliability and integrity of financial and operational
information.
D. Evaluate and improve the effectiveness of control processes.
Answer (A) is incorrect. Management is responsible for the
establishment of
internal control.
Answer (B) is incorrect. Governance, risk management, and control
processes
ultimately serve to safeguard the organization’s resources.
Answer (C) is incorrect. Ensuring the reliability and integrity of
financial and
operational information is a management responsibility.
Answer (D) is correct. The internal audit activity helps an
organization
accomplish its objectives by bringing a systematic, disciplined
approach to
evaluate and improve the effectiveness of risk management, control,
and
governance processes (Definition of Internal Auditing).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 2
Printed for Sanja Knezevic
fb.com/ciaaofficial
[6] Gleim #: 1.1.6
An internal auditor often faces special problems when performing an
engagement at a
foreign subsidiary. Which of the following statements is false with
respect to the
conduct of international engagements?
The IIA Standards do not apply outside of A. the United States.
The internal auditor should determine whether managers are in
compliance with
local laws.
B.
There may be justification for having different organizational policies
in force in
foreign branches.
C.
It is preferable to have multilingual internal auditors conduct
engagements at
branches in foreign nations.
D.
Answer (A) is correct. Pronouncements by The IIA have no
geographic limits.
Compliance with the concepts in the Standards is essential for the
responsibilities
of internal auditors to be met, regardless of the national environment.
Answer (B) is incorrect. The internal audit activity must evaluate the
adequacy
and effectiveness of controls, including those relating to compliance
with laws,
regulations, policies, procedures, and contracts.
Answer (C) is incorrect. Varying laws and customs and other
environmental
factors justify policy differences.
Answer (D) is incorrect. The internal audit activity collectively must
possess the
knowledge, skills, and other competencies needed to perform its
responsibilities.
[7] Gleim #: 1.1.7
The purpose of the internal audit activity can be best described as
A. Adding value to the organization.
B. Providing additional assurance regarding fair presentation of
financial statements.
Expressing an opinion on the adequate design and functioning of the
system of
internal control.
C.
Assuring the absence of any fraud that would materially affect the
financial
statements.
D.
Answer (A) is correct. Internal auditing is an independent, objective
assurance
and consulting activity designed to add value and improve an
organization’s
operations (Definition of Internal Auditing).
Answer (B) is incorrect. Assisting the external auditors in their audit
of the
financial statements is one of many possible tasks of the internal
audit activity, but
it is not its primary purpose.
Answer (C) is incorrect. Assessing internal control is one of many
tasks of the
internal audit activity, but it is not its primary purpose.
Answer (D) is incorrect. Detecting fraud is one of many possible
tasks of the
internal audit activity, but it is not its primary purpose.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 3
Printed for Sanja Knezevic
[8] Gleim #: 1.1.8
Which of the following best describes the purpose of the internal
audit activity?
To add value and improve an organization’s A. operations.
To assist management with the design and implementation of risk
management
and control systems.
B.
To examine and evaluate an organization’s accounting system as a
service to
management.
C.
D. To monitor the organization’s internal control system for the
external auditors.
Answer (A) is correct. The Definition of Internal Auditing states, in
part,
“Internal auditing is an independent, objective assurance and
consulting activity
designed to add value and improve an organization’s operations.”
Answer (B) is incorrect. Performing the functions of design and
implementation
of risk management and control systems would impair the objectivity
of the
internal auditors. An internal auditor may, however, recommend
control standards
and review procedures prior to their implementation.
Answer (C) is incorrect. Internal auditing is much broader than
examining and
evaluating an organization’s accounting system.
Answer (D) is incorrect. Internal auditing serves the organization,
not the external
auditors.
[9] Gleim #: 1.1.9
The internal audit activity’s scope of responsibilities includes
A. Eliminating risk.
B. Managing risk.
C. Evaluating risk.
D. Controlling risk.
Answer (A) is incorrect. Eliminating risks is a responsibility of
management.
Answer (B) is incorrect. Managing risk is a responsibility of
management.
Answer (C) is correct. The internal audit activity helps an
organization
accomplish its objectives by bringing a systematic, disciplined
approach to
evaluate and improve the effectiveness of risk management, control,
and
governance processes (Definition of Internal Auditing). Managing,
controlling,
and eliminating risk are responsibilities of management.
Answer (D) is incorrect. Controlling risk is a responsibility of
management.
[10] Gleim #: 1.1.10
The Standards consist of three types of Standards. Which Standards
apply to the
characteristics of providers of internal auditing services?
A. Implementation Standards.
B. Performance Standards.
C. Attribute Standards.
D. Independence Standards.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 4
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Implementation Standards apply to specific
types of
engagements.
Answer (B) is incorrect. Performance Standards describe the nature
of internal
auditing and provide quality criteria for evaluation of internal audit
performance.
Answer (C) is correct. Attribute Standards concern the
characteristics of organizations
and parties providing internal auditing services.
Answer (D) is incorrect. The IPPF does not contain Independence
Standards.
[11] Gleim #: 1.1.11
According to The IIA’s International Professional Practices
Framework, which of the
following constitute mandatory guidance for implementing the
Standards?
A. Development Aids.
B. Practice Aids.
C. Performance Standards.
D. Practice Advisories.
Answer (A) is incorrect. Development Aids are not part of the IPPF.
Answer (B) is incorrect. Practice Aids are not part of the IPPF.
Answer (C) is correct. The mandatory guidance portion of the IPPF
consists of
the Definition of Internal Auditing, the Code of Ethics, Attribute
Standards,
Performance Standards, and Implementation Standards.
Answer (D) is incorrect. Practice Advisories are strongly
recommended guidance.
[12] Gleim #: 1.1.12
Under the Sarbanes-Oxley Act of 2002 (SOX),
A. At least one member of the audit committee must be a financial
expert.
B. The chairman of the board of directors must be a financial expert.
C. The audit committee must rotate at least one seat on an annual
basis.
D. All members of the audit committee must be financial experts.
Answer (A) is correct. Under the terms of SOX, at least one member
of the audit
committee must be a financial expert.
Answer (B) is incorrect. The SOX requirement regarding a financial
expert does
not refer to the chairman of the board.
Answer (C) is incorrect. SOX imposes no requirements regarding
membership
rotation of the audit committee.
Answer (D) is incorrect. Under the terms of SOX, only one member
of the audit
committee need be a financial expert.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 5
Printed for Sanja Knezevic
[13] Gleim #: 1.1.13
The Sarbanes-Oxley Act of 2002 (SOX) imposes which of the
following
requirements?
The board of directors must be composed entirely of independent A.
shareholders.
At least one member of the audit committee must be a former partner
of the
independent public accounting firm.
B.
The audit committee must be composed entirely of independent
members of the
board.
C.
Once the audit committee has selected the independent public
accounting firm, the
committee must not interfere with the firm’s conduct of the financial
statement
audit.
D.
Answer (A) is incorrect. The SOX requirement regarding
independent members
refers to the audit committee, not the entire board.
Answer (B) is incorrect. SOX does not impose a requirement
regarding
mandatory former employment with the independent public
accounting firm.
Answer (C) is correct. Under the terms of SOX, each member of the
issuer’s
audit committee must be an independent member of the board of
directors. To be
independent, a director must not be affiliated with, or receive any
compensation
(other than for service on the board) from, the issuer.
Answer (D) is incorrect. The audit committee must be directly
responsible for
appointing, compensating, and overseeing the work of the
independent auditor.
[14] Gleim #: 1.1.14
Which one of the following must be included in the internal audit
charter?
A. Internal audit scope.
B. Internal audit responsibility.
C. Chief audit executive’s compensation plan.
Number of full-time internal audit employees deemed to be the
necessary
minimum.
D.
Answer (A) is incorrect. Scope is an aspect of individual internal
audit
engagements.
Answer (B) is correct. The purpose, authority, and responsibility of
the internal
audit activity must be formally defined in an internal audit charter.
Answer (C) is incorrect. The CAE’s compensation plan is not an
appropriate
matter to include in the internal audit charter.
Answer (D) is incorrect. The staffing of the internal audit activity is
determined
by the CAE and the board; it is not an appropriate matter to include
in the internal
audit charter.
[15] Gleim #: 1.1.15
Which one of the following is not included in the internal audit
charter?
A. Risk assessment of the internal audit activity.
B. Responsibility of the internal audit activity.
C. Purpose of the internal audit activity.
D. Authority of the internal audit activity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 6
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. A risk assessment is not appropriate for
inclusion in the
internal audit charter.
Answer (B) is incorrect. The appropriate contents of the internal
audit charter are the
purpose, authority, and responsibility of the internal audit activity.
Answer (C) is incorrect. The appropriate contents of the internal
audit charter are the
purpose, authority, and responsibility of the internal audit activity.
Answer (D) is incorrect. The appropriate contents of the internal
audit charter are the
purpose, authority, and responsibility of the internal audit activity.
[16] Gleim #: 1.1.16
The transportation department of a publicly held company has asked
the internal audit
activity to review the design specifications for a proposed new
warehouse and repair
facility. The best reason for the internal audit activity to decline the
request is
Such a review does not fall within the authority granted in the internal
audit
charter.
A.
The CEO and the head of the transportation department are
neighbors and belong
to the same social clubs.
B.
The internal audit activity performed a thorough review of the
transportation
department the previous year.
C.
The transportation department’s budget is immaterial to the
organization’s total
budget.
D.
Answer (A) is correct. The internal audit activity’s purpose, authority,
and
responsibility are specifically granted in the form of a written charter
approved by
the board.
Answer (B) is incorrect. An attitude of independence is required for
internal
auditors, not for auditees and management.
Answer (C) is incorrect. Internal audit engagements are scheduled
based on a risk
assessment, not simply time elapsed since the last engagement.
Answer (D) is incorrect. Internal audit engagements are scheduled
based on a risk
assessment, only one of the elements of which is monetary
materiality.
[17] Gleim #: 1.1.17
The purpose, authority, and responsibility of the internal audit activity
are formally
defined in
The records of the proceedings of the A. board of directors.
B. The corporate bylaws.
C. The memorandum of understanding.
D. A formal, written charter.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 7
Printed for Sanja Knezevic
Answer (A) is incorrect. While the records of board meetings do
reflect discussions
related to the internal audit charter, they are no substitute for an
actual formal charter.
Answer (B) is incorrect. The corporate bylaws are not the
appropriate place to define
the purpose, authority, and responsibility of the internal audit activity.
Answer (C) is incorrect. A memorandum of understanding is an
agreement between
parties expressing their common will that does not necessarily
contain the elements of
a contract.
Answer (D) is correct. The purpose, authority, and responsibility of
the internal audit
activity must be formally defined in a written charter, consistent with
the Definition of
Internal Auditing, the Code of Ethics, and the Standards.
[18] Gleim #: 1.1.18
The types of services provided by the internal audit activity can best
be described as
Auditing A. and engagement.
B. Auditing and consulting.
C. Assurance and consulting.
D. Auditing and assurance.
Answer (A) is incorrect. Engagement is not a type of internal audit
service.
Answer (B) is incorrect. The IIA Glossary defines assurance and
consulting, not
auditing and consulting, as the types of services provided by the
internal audit
activity.
Answer (C) is correct. The internal audit activity provides
independent, objective
assurance and consulting services designed to add value and
improve an
organization’s operations (Definition of Internal Auditing).
Answer (D) is incorrect. The IIA Glossary defines assurance and
consulting, not
auditing and assurance, as the types of services provided by the
internal audit
activity.
[19] Gleim #: 1.1.19
Support from which persons or combination of persons listed below
is most important
to the success of the internal audit activity?
A. The chief executive officer and chief financial officer.
B. The chief executive officer.
C. Management and the board.
D. The audit committee.
Answer (A) is incorrect. The support of management and the board
is crucial
when inevitable conflicts arise between the internal audit activity and
the
department or function under review.
Answer (B) is incorrect. The support of management and the board
is crucial
when inevitable conflicts arise between the internal audit activity and
the
department or function under review.
Answer (C) is correct. The support of management and the board is
crucial when
inevitable conflicts arise between the internal audit activity and the
department or
function under review.
Answer (D) is incorrect. The support of management and the board
is crucial
when inevitable conflicts arise between the internal audit activity and
the
department or function under review.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 8
Printed for Sanja Knezevic
fb.com/ciaaofficial
[20] Gleim #: 1.1.20
Which of the following is not appropriate for inclusion in the internal
audit charter?
The nature of the chief audit executive’s functional reporting
relationship with the
board.
A.
Authorization of internal audit access to records, personnel, and
physical
properties.
B.
Definition of the scope of internal C. audit activities.
D. Authorization of the board to approve the charter.
Answer (A) is incorrect. The nature of the chief audit executive’s
functional
reporting relationship with the board is one of the elements to be
included in the
internal audit charter.
Answer (B) is incorrect. Authorization of internal audit access to
records,
personnel, and physical properties is one of the elements to be
included in the
internal audit charter.
Answer (C) is incorrect. Definition of the scope of internal audit
activities is one
of the elements to be included in the internal audit charter.
Answer (D) is correct. Final approval of the internal audit charter
resides with the
board. The board has this power inherently.
[21] Gleim #: 1.2.21
A primary purpose of establishing a code of conduct within a
professional
organization is to
Reduce the likelihood that members of the profession will be sued for
substandard
work.
A.
Ensure that all members of the profession perform at approximately
the same
level of competence.
B.
C. Promote an ethical culture among professionals who serve others.
Require members of the profession to exhibit loyalty in all matters
pertaining to
the affairs of their organization.
D.
Answer (A) is incorrect. Although this result may follow from
establishing a code
of conduct, it is not the primary purpose. To consider it so would be
self-serving.
Answer (B) is incorrect. A code of conduct can help to establish
minimum
standards of competence, but it would be impossible to ensure
equality of
competence by all members of a profession.
Answer (C) is correct. The IIA’s Code of Ethics is typical. Its purpose
is “to
promote an ethical culture in the profession of internal auditing.” The
definition
of internal auditing states that it is “an independent, objective
assurance and
consulting activity.” Moreover, internal auditing is founded on “the
trust placed
in its objective assurance about governance, risk management, and
control.”
Accordingly, internal auditors are professionals who serve others by
providing
assurance and consulting services.
Answer (D) is incorrect. In some situations, responsibility to the
public at large
may conflict with and be more important than loyalty to one’s
organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 9
Printed for Sanja Knezevic
[22] Gleim #: 1.2.22
An accounting association established a code of ethics for all
members. What is one of
the association’s primary purposes of establishing the code of
ethics?
To outline criteria for professional behavior to maintain standards of
integrity and
objectivity.
A.
To establish standards to follow for effective accounting B. practice.
To provide a framework within which accounting policies could be
effectively
developed and executed.
C.
To outline criteria that can be used in conducting interviews of
potential new
accountants.
D.
Answer (A) is correct. The primary purpose of a code of ethical
behavior for a
professional organization is to promote an ethical culture among
professionals
who serve others.
Answer (B) is incorrect. National standards-setting bodies, not a
code of ethics,
provide guidance for effective accounting practice.
Answer (C) is incorrect. A code of ethics does not provide the
framework within
which accounting policies are developed.
Answer (D) is incorrect. The primary purpose is not for interviewing
new
accountants.
[23] Gleim #: 1.2.23
The best reason for establishing a code of conduct within an
organization is that such
codes
A. Are typically required by governments.
B. Express standards of individual behavior for members of the
organization.
C. Provide a quantifiable basis for personnel evaluations.
D. Have tremendous public relations potential.
Answer (A) is incorrect. Governments typically lack the power to
impose ethical
codes on nongovernment personnel (the Sarbanes-Oxley Act of
2002 contains a
partial exception to this general rule).
Answer (B) is correct. An organization’s code of ethical conduct is
the
established general value system the organization wishes to apply to
its members’
activities. It communicates organizational purposes and beliefs and
establishes
uniform ethical guidelines for members, which include guidance on
behavior for
members in making decisions.
Answer (C) is incorrect. Codes of conduct provide qualitative, not
quantitative,
standards.
Answer (D) is incorrect. Other purposes of a code of conduct are
much more
significant.
[24] Gleim #: 1.2.24
The code of ethics of a professional organization sets forth
A. Broad standards of conduct for the members of the organization.
B. The organizational details of the profession’s governing body.
C. A list of illegal activities that are proscribed to the members of the
profession.
D. A basis for the measurement of internal audit performance.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 10
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. An organization’s code of ethical conduct is
the established
general value system the organization wishes to apply to its
members’ activities by
communicating organizational purposes and beliefs and establishing
uniform ethical
guidelines for members, which include guidance on behavior for
members in making
decisions.
Answer (B) is incorrect. The organizational details of the
profession’s governing body
are stated in the by-laws of a professional organization.
Answer (C) is incorrect. Certain actions may be legal, but contrary
to an
organization’s code of ethics. For example, an internal auditor may
not perform a
service for which (s)he does not possess the necessary knowledge,
skills, and
experience.
Answer (D) is incorrect. The Standards establish a basis for the
measurement of
internal audit performance.
[25] Gleim #: 1.2.25
In analyzing the differences between two recently merged
businesses, the chief audit
executive of Organization A notes that it has a formal code of ethics
and Organization
B does not. The code of ethics covers such things as purchase
agreements,
relationships with vendors, and other issues. Its purpose is to guide
individual
behavior within the firm. Which of the following statements regarding
the existence of
the code of ethics in A can be logically inferred?
A exhibits a higher standard of ethical behavior I. than does B.
A has established objective criteria by which an individual’s actions
can be
evaluated.
II.
The absence of a formal code of ethics in B would prevent a
successful review of
ethical behavior in that organization.
III.
A. I and II.
B. II only.
C. III only.
D. II and III.
Answer (A) is incorrect. The mere existence of A’s code of ethics
does not
ensure that its principles are followed.
Answer (B) is correct. A formal code of ethics effectively (1)
communicates
acceptable values to all members, (2) provides a method of policing
and
disciplining members for violations, (3) establishes objective
standards against
which individuals can measure their own performance, and (4)
communicates the
organization’s value system to outsiders.
Answer (C) is incorrect. The absence of a formal code of ethics
does not preclude
a successful review of ethical behavior in an organization. Policies
and procedures
may provide the criteria for such an engagement.
Answer (D) is incorrect. The existence of a code of ethics does
establish
objective criteria by which individual actions can be evaluated.
However, the
absence of a formal code of ethics does not preclude a successful
review of ethical
behavior in an organization. Policies and procedures may provide the
criteria for
such an engagement.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 11
Printed for Sanja Knezevic
[26] Gleim #: 1.2.26
A review of an organization’s code of conduct revealed that it
contained
comprehensive guidelines designed to inspire high levels of ethical
behavior. The
review also revealed that employees were knowledgeable of its
provisions. However,
some employees still did not comply with the code. What element
should a code of
conduct contain to enhance its effectiveness?
Periodic review and acknowledgment A. by all employees.
B. Employee involvement in its development.
C. Public knowledge of its contents and purpose.
D. Provisions for disciplinary action in the event of violations.
Answer (A) is incorrect. Periodic review and acknowledgment would
ensure
employee knowledge and acceptance of the code, which are not at
issue.
Answer (B) is incorrect. Employee involvement in development
would encourage
employee acceptance, which is not at issue.
Answer (C) is incorrect. Public knowledge might affect the behavior
of some
individuals but not to the same extent as the perceived likelihood of
sanctions for
wrongdoing.
Answer (D) is correct. Penalties for violations of a code of conduct
should
enhance its effectiveness. Some individuals will be deterred from
misconduct if
they expect it to be detected and punished.
[27] Gleim #: 1.2.27
A formal code of ethics should do all of the following except
A. Effectively communicate acceptable values to all members.
B. Communicate the organization’s value system to outsiders.
C. Reflect only legal standards of conduct for individuals and the
organization.
Provide a method of policing and disciplining members of the
organization for
violations.
D.
Answer (A) is incorrect. A code of ethics should effectively
communicate
acceptable values to all organization members.
Answer (B) is incorrect. A code of ethics should communicate the
organization’s
value system to those outside the organization.
Answer (C) is correct. An ethical organization aspires to a higher
standard of
behavior than mere legality.
Answer (D) is incorrect. A code of ethics should indeed provide a
method of
policing and disciplining members for violations.
[28] Gleim #: 1.2.28
A typical code of ethical conduct for financial managers or
management accountants
in an organization requires all of the following except
Integrity and a refusal to compromise professional values for the
sake of personal
goals.
A.
B. Independence from conflicts of economic interest.
C. Independence from conflicts of professional interest.
D. Subjectivity in presenting information, preparing reports, and
making analyses.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 12
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. A typical code of ethical conduct for financial
managers or
management accountants in an organization requires integrity and a
refusal to
compromise professional values for the sake of personal goals.
Answer (B) is incorrect. A typical code of ethical conduct for financial
managers or
management accountants requires independence from conflicts of
economic interest.
Answer (C) is incorrect. A typical code of ethical conduct for
financial managers or
management accountants requires independence from conflicts of
professional interest.
Answer (D) is correct. The code of ethical conduct for financial
managers or
management accountants in an organization should require
credibility in presenting
information, preparing reports, and making analyses.
[29] Gleim #: 1.2.29
Objectivity is an ethical requirement for all persons engaged in the
professional
practice of internal auditing. One aspect of objectivity requires
Performance of professional duties in accordance A. with relevant
laws.
B. Avoidance of conflict of interest.
C. Refraining from using confidential information for unethical or
illegal advantage.
D. Maintenance of an appropriate level of professional expertise.
Answer (A) is incorrect. Observing the law is a component of
integrity.
Answer (B) is correct. Commitment to independence from conflicts
of economic
or professional interest is an aspect of objectivity.
Answer (C) is incorrect. Refraining from using confidential
information for
unethical or illegal advantage is an aspect of confidentiality.
Answer (D) is incorrect. Maintenance of an appropriate level of
professional
expertise is an aspect of competency.
[30] Gleim #: 1.3.30
The IIA Rules of Conduct set forth in The IIA’s Code of Ethics
A. Describe behavior norms expected of internal auditors.
B. Are guidelines to assist internal auditors in dealing with
engagement clients.
C. Are interpreted by the Principles.
D. Apply only to particular conduct specifically mentioned.
Answer (A) is correct. The IIA’s Code of Ethics extends beyond the
definition of
internal auditing to include two essential components: (1) Principles
that are
relevant to the profession and practice of internal auditing and (2)
Rules of
Conduct that describe behavior norms expected of internal auditors
(Introduction).
Answer (B) is incorrect. The Rules of Conduct provide guidance to
internal
auditors in the discharge of their responsibility to all those whom they
serve.
Engagement clients are not the only parties served by internal
auditing.
Answer (C) is incorrect. The Rules of Conduct are an aid in
interpreting the
Principles.
Answer (D) is incorrect. The conduct may be unacceptable or
discreditable
although not mentioned in the Rules of Conduct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 13
Printed for Sanja Knezevic
[31] Gleim #: 1.3.31
Today’s internal auditor will often encounter a wide range of potential
ethical
dilemmas, not all of which are explicitly addressed by The IIA’s Code
of Ethics. If the
internal auditor encounters such a dilemma, the internal auditor
should always
Seek counsel from an independent attorney to determine the
personal
consequences of potential actions.
A.
Apply and uphold the principles embodied in The IIA’s B. Code of
Ethics.
C. Seek the counsel of the board before deciding on an action.
Act consistently with the code of ethics adopted by the organization
even if such
action is not consistent with The IIA’s Code of Ethics.
D.
Answer (A) is incorrect. Seeking the advice of legal counsel on all
ethical
decisions is impracticable.
Answer (B) is correct. The Code includes Principles (integrity,
objectivity,
confidentiality, and competency) relevant to the profession and
practice of internal
auditing and Rules of Conduct that describe behavioral norms for
internal auditors
and that interpret the Principles. Internal auditors are expected to
apply and
uphold the Principles. Furthermore, that a particular conduct is not
mentioned in
the Rules does not prevent it from being unacceptable or
discreditable.
Answer (C) is incorrect. Seeking the advice of the board on all
ethical decisions
is impracticable. Furthermore, the advice might not be consistent
with the
profession’s standards.
Answer (D) is incorrect. If the organization’s standards are not
consistent with, or
as high as, the profession’s standards, the internal auditor is held to
the standards
of the profession.
[32] Gleim #: 1.3.32
In complying with The IIA’s Code of Ethics, an internal auditor should
A. Use individual judgment in the application of the principles set
forth in the Code.
Respect and contribute to the objectives of the organization even if it
is engaged
in illegal activities.
B.
Go beyond the limitation of personal technical skills to advance the
interest of the
organization.
C.
D. Primarily apply the competency principle in establishing trust.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 14
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. The IIA’s Code of Ethics includes principles
that internal
auditors are expected to apply and uphold. They are interpreted by
the Rules of
Conduct, behavior norms expected of internal auditors. That a
particular conduct is not
mentioned in the Rules of Conduct does not prevent it from being
unacceptable or
discreditable. Consequently, a reasonable inference is that individual
judgment is
necessary in the application of the principles and the Rules of
Conduct.
Answer (B) is incorrect. An internal auditor “shall not knowingly be a
party to any
illegal activity.” Furthermore, an internal auditor is bound to respect
and contribute
only to the legitimate and ethical objectives of the organization.
Answer (C) is incorrect. Internal auditors “shall engage only in those
services for
which they have the necessary knowledge, skills, and experience.”
Answer (D) is incorrect. Applying and upholding the integrity
principle is the means
by which an internal auditor establishes trust as a basis for reliance
on his/her
judgment.
[33] Gleim #: 1.3.33
An internal auditor, recently terminated by an organization due to
downsizing, has
found a job with another organization in the same industry. Which of
the following
disclosures made by the internal auditor to the new organization
would constitute a
violation of The IIA’s Code of Ethics?
The internal auditor used the risk assessment approach that was
used by the
internal auditor’s former employer in determining priorities in the new
job.
A.
The new internal audit activity does not use PPS sampling, and the
internal
auditor believes PPS sampling has advantages for many of the
engagements
conducted by the new employer. The internal auditor conducts
training sessions
and develops forms to implement sampling in the same manner as
the previous
employer.
B.
While at the previous firm, the internal auditor conducted a great deal
of research
to identify “best practices” for the management of the treasury
function. Because
most of the research was done at home and during non-office hours,
the internal
auditor retained much of the research and plans to use it in
conducting a review of
the treasury function at the new employer.
C.
None of the answers represent a violation D. of the Code.
Answer (A) is incorrect. Disclosing the former employer’s risk
assessment
approach does not violate the Code.
Answer (B) is incorrect. Disclosing sampling methods does not
violate the Code.
Answer (C) is incorrect. Disclosing information about best practices
of other
organizations does not violate the Code.
Answer (D) is correct. The former employer’s risk assessment
approach may be
viewed as general information about “best practices.” Hence,
applying this
approach on behalf of a new employer is acceptable. With regard to
the former
employer’s sampling methods, the internal auditor is applying
knowledge of a
commonly used engagement procedure. It is not confidential
information.
Moreover, gathering information about best practices of other
organizations is part
of the continuing education of the internal auditor. Thus, the listed
responses are
not violations of the Code.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 15
Printed for Sanja Knezevic
[34] Gleim #: 1.3.34
An internal auditor who encounters an ethical dilemma not explicitly
addressed by
The IIA’s Code of Ethics should always
Seek counsel from an independent attorney to determine the
personal
consequences of potential actions.
A.
Take action consistent with the principles embodied in The IIA’s B.
Code of Ethics.
C. Seek the counsel of the audit committee before deciding on an
action.
Act consistently with the employing organization’s code of ethics
even if such
action would not be consistent with The IIA’s Code of Ethics.
D.
Answer (A) is incorrect. The auditor must act consistently with the
spirit of The
IIA’s Code of Ethics. It is not practical to seek the advice of legal
counsel for all
ethical decisions. Moreover, unethical behavior may not be illegal.
Answer (B) is correct. The IIA’s Code of Ethics is based on
principles relevant to
the profession and practice of internal auditing that internal auditors
are expected
to apply and uphold: integrity, objectivity, confidentiality, and
competency.
Furthermore, the Code states that particular conduct may be
unacceptable or
discreditable even if it is not mentioned in the Rules of Conduct.
Answer (C) is incorrect. It is not feasible to seek the audit
committee’s advice for
all potential dilemmas. Furthermore, the advice might not be
consistent with the
profession’s standards.
Answer (D) is incorrect. If the organization’s standards are not
consistent with, or
as high as, the profession’s standards, the internal auditor should
abide by the
latter.
[35] Gleim #: 1.3.35
The IIA’s Code of Ethics does not require
A. Contribution to the legitimate and ethical objectives of the
organization.
B. Objectivity, honesty, and diligence.
C. Continual improvement in proficiency.
D. A report on each engagement.
Answer (A) is incorrect. Rule of Conduct 1.4 states, “Internal
auditors shall
respect and contribute to the legitimate and ethical objectives of the
organization.”
Answer (B) is incorrect. Rule of Conduct 1.1 imposes an obligation
of honesty,
diligence, and responsibility. Moreover, objectivity is one of the four
Principles
stated in the Code.
Answer (C) is incorrect. Continual improvement in proficiency and in
the
effectiveness and quality of services is required by Rule of Conduct
4.3.
Answer (D) is correct. The Standards, not the Code of Ethics,
require internal
auditors to communicate the engagement results.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 16
Printed for Sanja Knezevic
fb.com/ciaaofficial
[36] Gleim #: 1.4.36
An internal auditor working for a chemical manufacturer believed that
toxic waste was
being dumped in violation of the law. Out of loyalty to the
organization, no
information regarding the dumping was collected. The internal
auditor
Violated the Code of Ethics by knowingly becoming a party A. to an
illegal act.
Violated the Code of Ethics by failing to protect the well-being of the
general
public.
B.
Did not violate the Code of Ethics. Loyalty to the employer in all
matters is
required.
C.
Did not violate the Code of Ethics. Conclusive information about
wrongdoing was
not gathered.
D.
Answer (A) is correct. Rule of Conduct 1.3 under the integrity
principle prohibits
knowingly being a party to any illegal activity. By failing to collect
information
about a known violation of law, the auditor became party to the illegal
act.
Answer (B) is incorrect. The IIA’s Code of Ethics does not impose a
duty to the
general public.
Answer (C) is incorrect. The IIA’s Code of Ethics does not impose
an overriding
duty of loyalty to the employer.
Answer (D) is incorrect. The internal auditor should have collected
and reported
such information in accordance with the Standards.
[37] Gleim #: 1.4.37
Which of the following is permissible under The IIA’s Code of Ethics?
In response to a subpoena, an auditor appeared in a court of law and
disclosed
confidential, audit-related information that could potentially damage
the auditor’s
organization.
A.
An auditor used audit-related information in a decision to buy stock
issued by the
employer corporation.
B.
After praising an employee in a recent audit engagement
communication, an
auditor accepted a gift from the employee.
C.
An auditor did not report significant observations about illegal activity
to the
board because management indicated that it would resolve the
issue.
D.
Answer (A) is correct. Rule of Conduct 1.2 under the integrity
principal states,
“Internal auditors shall observe the law and make disclosures
expected by the law
and the profession.” Thus, auditors must comply with subpoenas.
Answer (B) is incorrect. Rule of Conduct 3.2 prohibits auditors from
using audit
information for personal gain.
Answer (C) is incorrect. Rule of Conduct 2.2 prohibits an auditor
from accepting
anything that might be presumed to impair the auditor’s professional
judgment.
Answer (D) is incorrect. Rule of Conduct 1.3 prohibits auditors from
knowingly
being a party to any illegal or improper activity. Significant
observations of illegal
activity should be reported to the board.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 17
Printed for Sanja Knezevic
[38] Gleim #: 1.4.38
The IIA’s Code of Ethics requires internal auditors to perform their
work with
Honesty, diligence, A. and responsibility.
B. Timeliness, sobriety, and clarity.
C. Knowledge, skills, and competencies.
D. Punctuality, objectivity, and responsibility.
Answer (A) is correct. Rule of Conduct 1.1 under the integrity
principle states,
“Internal auditors shall perform their work with honesty, diligence,
and
responsibility.”
Answer (B) is incorrect. Timeliness, sobriety, and clarity are not
mentioned in the
Code.
Answer (C) is incorrect. Knowledge, skills, and competencies are
mentioned in
the Standards.
Answer (D) is incorrect. Punctuality is not mentioned in the Code.
[39] Gleim #: 1.4.39
Which situation is most likely a violation of The IIA’s Code of Ethics?
Reporting apparent violations of antitrust statutes by officers to
government
regulators.
A.
B. Cooperating with the government’s criminal investigation of the
organization.
Reporting apparent violations of antitrust statutes by officers to the
board of
directors.
C.
Immediately reporting a violent crime observed at work to local law
enforcement
agencies.
D.
Answer (A) is correct. An internal auditor must not knowingly be a
party to any
illegal activity (Rule of Conduct 1.3), and (s)he must disclose all
material facts
known to him/her that, if not disclosed, might distort the reporting of
activities
under review (Rule of Conduct 2.3). An internal auditor also must
respect and
contribute to the legitimate and ethical objectives of the organization
(Rule of
Conduct 1.4). Thus, when apparent violations of antitrust statutes by
officers
come to the internal auditor’s attention, (s)he should report to the
board of
directors rather than directly to the government regulators. An
internal auditor
must also observe the law and make any disclosures required by the
law or by the
profession (Rule of Conduct 1.2).
Answer (B) is incorrect. Everyone has a legal obligation to
cooperate with a
criminal investigation. An internal auditor must observe the law and
make any
disclosures required by the law or by the profession (Rule of Conduct
1.2).
Answer (C) is incorrect. An internal auditor should report apparent
improprieties
to the board.
Answer (D) is incorrect. Everyone has a legal and moral obligation
to report
violent crimes immediately.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 18
Printed for Sanja Knezevic
fb.com/ciaaofficial
[40] Gleim #: 1.5.40
In applying the Rules of Conduct set forth in The IIA’s Code of Ethics,
internal
auditors are expected to
Not be unduly influenced by their own interests in A. forming
judgments.
B. Compare them with standards of other professions.
C. Be guided by the desires of the engagement client.
D. Use discretion in deciding whether to use them.
Answer (A) is correct. The objectivity principle contained in The IIA’s
Code of
Ethics states, in part, “Internal auditors make a balanced assessment
of all the
relevant circumstances and are not unduly influenced by their own
interests or by
others in forming judgments.”
Answer (B) is incorrect. Standards of other professions are not
intended to
provide guidance to internal auditors.
Answer (C) is incorrect. Auditors should be independent of the
engagement
client.
Answer (D) is incorrect. Internal auditors must follow The IIA’s Code
of Ethics.
[41] Gleim #: 1.5.41
Which of the following statements is not appropriate to include in a
manufacturer’s
conflict of interest policy? An employee shall not
A. Accept money, gifts, or services from a customer.
B. Participate (directly or indirectly) in the management of a public
agency.
C. Borrow from or lend money to vendors.
D. Use organizational information for private purposes.
Answer (A) is incorrect. A conflict of interest policy should prohibit
the transfer
of benefits between an employee and those with whom the
organization deals.
Answer (B) is correct. A prohibition on public service is ordinarily
inappropriate.
Public service is a right, if not a duty, of all citizens.
Answer (C) is incorrect. A conflict of interest policy should prohibit
financial
dealings between an employee and those with whom the
organization deals.
Answer (D) is incorrect. A conflict of interest policy should prohibit
the use of
organization information for private gain.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 19
Printed for Sanja Knezevic
[42] Gleim #: 1.5.42
A CIA is working in a noninternal-auditing position as the director of
purchasing. The
CIA signed a contract to procure a large order from the supplier with
the best price,
quality, and performance. Shortly after signing the contract, the
supplier presented the
CIA with a gift of significant monetary value. Which of the following
statements
regarding the acceptance of the gift is true?
Acceptance of the gift is prohibited only if it A. is not customary.
Acceptance of the gift violates The IIA’s Code of Ethics and is
prohibited for a
CIA.
B.
Because the CIA is no longer acting as an internal auditor,
acceptance of the gift is
governed only by the organization’s code of conduct.
C.
Because the contract was signed before the gift was offered,
acceptance of the gift
does not violate either The IIA’s Code of Ethics or the organization’s
code of
conduct.
D.
Answer (A) is incorrect. Acceptance of the gift could easily be
presumed to have
impaired the CIA’s professional judgment.
Answer (B) is correct. Members of The Institute of Internal Auditors
and
recipients of, or candidates for, IIA professional certifications are
subject to
disciplinary action for breaches of The IIA’s Code of Ethics. Rule of
Conduct 2.2
under the objectivity principle states, “Internal auditors shall not
accept anything
that may impair or be presumed to impair their professional
judgment.”
Answer (C) is incorrect. The CIA is still governed by The IIA’s code
of conduct.
Answer (D) is incorrect. The timing of signing the contract is
irrelevant.
[43] Gleim #: 1.5.43
The chief audit executive (CAE) has been appointed to a committee
to evaluate the
appointment of the external auditors. The engagement partner for the
external
accounting firm wants the CAE to join her for a week of hunting at
her private lodge.
The CAE should
A. Accept, assuming both their schedules allow it.
B. Refuse on the grounds of conflict of interest.
C. Accept as long as it is not charged to employer time.
Ask the comptroller whether accepting the invitation is a violation of
the
organization’s code of ethics.
D.
Answer (A) is incorrect. The auditor should not accept.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity
principle states,
“Internal auditors shall not participate in any activity or relationship
that may
impair or be presumed to impair their unbiased assessment. This
participation
includes those activities or relationships that may be in conflict with
the interests
of the organization.” Furthermore, under Rule of Conduct 2.2,
“Internal auditors
shall not accept anything that may impair or be presumed to impair
their
professional judgment.”
Answer (C) is incorrect. Not charging the time to the company is not
sufficient to
eliminate conflict-of-interest concerns.
Answer (D) is incorrect. The auditor should know that accepting the
invitation
raises conflict of interest issues.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 20
Printed for Sanja Knezevic
fb.com/ciaaofficial
[44] Gleim #: 1.5.44
In a review of travel and entertainment expenses, a certified internal
auditor
questioned the business purposes of an officer’s reimbursed travel
expenses. The
officer promised to compensate for the questioned amounts by not
claiming legitimate
expenses in the future. If the officer makes good on the promise, the
internal auditor
Can ignore the original charging of the nonbusiness A. expenses.
B. Should inform the tax authorities in any event.
C. Should still include the finding in the final engagement
communication.
Should recommend that the officer forfeit any frequent flyer miles
received as part
of the questionable travel.
D.
Answer (A) is incorrect. The possibly fraudulent behavior of the
officer is a
material fact that should be reported regardless of whether the
questioned
expenses are reimbursed.
Answer (B) is incorrect. Communication of results to parties outside
the
organization is not required in the absence of a legal mandate.
Answer (C) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.”
Answer (D) is incorrect. Management should determine what
constitutes just
compensation.
[45] Gleim #: 1.5.45
During an engagement performed at a manufacturing division of a
defense contractor,
the internal auditor discovered that the organization apparently was
inappropriately
adding costs to a cost-plus governmental contract. The internal
auditor discussed the
matter with senior management, who suggested that the internal
auditor seek an
opinion from legal counsel. Upon review, legal counsel indicated that
the practice was
questionable but was not technically in violation of the government
contract. Based on
legal counsel’s decision, the internal auditor decided to omit any
discussion of the
practice in the final engagement communication sent to senior
management and the
board. However, the internal auditor did informally communicate legal
counsel’s
decision to senior management. Did the internal auditor violate The
IIA’s Code of
Ethics?
No. The internal auditor followed up the matter with appropriate
personnel within
the organization and reached a conclusion that no fraud was
involved.
A.
No. If a fraud is suspected, it should be resolved at the divisional
level where it is
taking place.
B.
Yes. It is a violation because all important information, even if
resolved, should
be reported to the board.
C.
Yes. Internal legal counsel’s opinion is not sufficient. The internal
auditor should
have sought advice from outside legal counsel.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 21
Printed for Sanja Knezevic
Answer (A) is correct. Although an argument can be made that the
internal auditor
should report the matter to the board and senior management, there
is no indication
that the internal auditor is deliberately withholding material facts that,
if not disclosed,
may distort reports of activities under review (Rule of Conduct 2.3).
Hence, no
violation of the Code occurred.
Answer (B) is incorrect. Material fraud, if suspected, should be
brought to the
attention of management. However, in this case, the internal auditor
gathered sufficient
information to dispel the suspicion of fraud.
Answer (C) is incorrect. The internal auditor did not deliberately
withhold important
information.
Answer (D) is incorrect. The internal auditor has gathered sufficient
information.
Internal legal counsel’s opinion appears to be sufficient.
[46] Gleim #: 1.5.46
An internal auditor discovered some material inefficiencies in a
purchasing function.
The purchasing manager is the internal auditor’s next-door neighbor
and best friend. In
accordance with The IIA’s Code of Ethics, the internal auditor should
Objectively include the facts of the case in the engagement A.
communications.
B. Not report the incident because of loyalty to the friend.
Include the facts of the case in a special communication submitted
only to the
friend.
C.
D. Not report the friend unless the activity is illegal.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.”
Answer (B) is incorrect. This action is at variance with the internal
auditor’s
duties.
Answer (C) is incorrect. This action is at variance with the internal
auditor’s
duties.
Answer (D) is incorrect. This action is at variance with the internal
auditor’s
duties.
[47] Gleim #: 1.5.47
An internal auditor for a large regional bank was asked to serve on
the board of
directors of a local bank. The bank competes in many of the same
markets as the
regional bank but focuses more on consumer financing than on
business financing.
In accepting this position, the internal auditor
Violates The IIA’s Code of Ethics because serving on the board may
be in conflict
with the best interests of the internal auditor’s employer
I.
Violates The IIA’s Code of Ethics because the information gained
while serving
on the board of directors of the local bank may influence
recommendations
regarding potential acquisitions
II.
A. I only.
B. II only.
C. I and II.
D. Neither I nor II.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 22
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Serving on the board of the local bank
creates a conflict of
interest and may prejudice the internal auditor’s ability to perform
his/her duties.
Answer (B) is incorrect. Serving on the board of the local bank may
also be in conflict
with the best interests of the auditor’s employer.
Answer (C) is correct. Rule of Conduct 2.1 under the objectivity
principle states,
“Internal auditors shall not participate in any activity or relationship
that may impair or
be presumed to impair their unbiased assessment. This participation
includes those
activities or relationships that may be in conflict with the interests of
the
organization.” Accordingly, service on the board of the local bank
constitutes a
conflict of interest and may prejudice the internal auditor’s ability to
carry out
objectively his/her duties regarding potential acquisitions.
Answer (D) is incorrect. Serving on the board of the local bank
creates a conflict of
interest and may prejudice the internal auditor’s ability to perform
his/her duties.
[48] Gleim #: 1.5.48
Which of the following concurrent occupations could appear to
subvert the ethical
behavior of an internal auditor?
Internal auditor and a well-known charitable organization’s local inhouse
chairperson.
A.
Internal auditor and part-time business B. insurance broker.
Internal auditor and adjunct faculty member of a local business
college that
educates potential employees.
C.
Internal auditor and landlord of multiple housing that publicly
advertises for
tenants in a local community newspaper listing monthly rental fees.
D.
Answer (A) is incorrect. The activities of a charity are unlikely to be
contrary to
the interests of the organization.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity
principle states,
“Internal auditors shall not participate in any activity or relationship
that may
impair or be presumed to impair their unbiased assessment. This
participation
includes those activities or relationships that may be in conflict with
the interests
of the organization.” As a business insurance broker, the internal
auditor may lose
his/her objectivity because (s)he might benefit from a change in the
employer’s
insurance coverage.
Answer (C) is incorrect. Teaching is compatible with internal
auditing.
Answer (D) is incorrect. Whereas dealing in commercial properties
might involve
a conflict, renting residential units most likely does not.
[49] Gleim #: 1.5.49
Internal auditors should be prudent in their relationships with persons
and
organizations external to their employers. Which of the following
activities will most
likely not adversely affect internal auditors’ ethical behavior?
A. Accepting compensation from professional organizations for
consulting work.
B. Serving as consultants to competitor organizations.
C. Serving as consultants to suppliers.
D. Discussing engagement plans or results with external parties.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 23
Printed for Sanja Knezevic
Answer (A) is correct. Professional organizations are unlikely to be
employees,
clients, customers, suppliers, or business associates of the
organization. Hence, the
consulting fees are not likely to impair or be presumed to impair the
internal auditors’
professional judgment (Rule of Conduct 2.2). Moreover, relationships
with
professional organizations are not likely to create a conflict of interest
or impair or be
presumed to impair internal auditors’ unbiased judgment (Rule of
Conduct 2.1). Also,
the consulting engagement should not result in the improper use of
information (Rule
of Conduct 3.2).
Answer (B) is incorrect. Serving as a consultant to competitors
might create a conflict
of interest.
Answer (C) is incorrect. Serving as a consultant to suppliers might
create a conflict of
interest.
Answer (D) is incorrect. Internal auditors should “be prudent in the
use and protection
of information acquired in the course of their duties” (Rule of Conduct
3.1).
Furthermore, such discussion might be “detrimental to the legitimate
and ethical
objectives of the organization” (Rule of Conduct 3.2).
[50] Gleim #: 1.5.50
An internal auditor has been assigned to an engagement at a foreign
subsidiary. The
internal auditor is aware that the social climate of the country is such
that “facilitating
payments” (bribes) are an accepted part of doing business. The
internal auditor has
completed the engagement and has found significant weaknesses
relating to important
controls. The subsidiary’s manager offers the internal auditor a
substantial “facilitating
payment” to omit the observations from the final engagement
communication with a
provision that the internal auditor could revisit the subsidiary in 6
months to verify that
the problem areas have been properly addressed. The internal
auditor should
Not accept the payment because such acceptance is in conflict with
the Code of
Ethics.
A.
Not accept the payment, but omit the observations as long as a
verification visit is
made in 6 months.
B.
Accept the offer because it is consistent with the ethical concepts of
the country in
which the subsidiary is doing business.
C.
Accept the payment because it has the effect of doing the greatest
good for the
greatest number; the internal auditor is better off, the subsidiary is
better off, and
the organization is better off because there is strong motivation to
correct the
deficiencies.
D.
Answer (A) is correct. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to
impair their professional judgment.”
Answer (B) is incorrect. Rule of Conduct 2.3 requires internal
auditors to
“disclose all material facts known to them that, if not disclosed, may
distort the
reporting of activities under review.”
Answer (C) is incorrect. The profession’s standards, not the
customs of
individual countries or regions, should guide the internal auditor’s
conduct.
Answer (D) is incorrect. The action is explicitly prohibited by the
Code of Ethics.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 24
Printed for Sanja Knezevic
fb.com/ciaaofficial
[51] Gleim #: 1.5.51
An internal auditor engages in the preparation of income tax forms
during the tax
season. For which of the following activities will the internal auditor
most likely be in
violation of The IIA’s Code of Ethics?
Writing a tax guide intended for publication and sale to A. the general
public.
Preparing the personal tax return, for a fee, for one of the
organization’s division
managers.
B.
C. Teaching an evening tax seminar, for a fee, at a local university.
Preparing tax returns for elderly citizens, regardless of their
associations, as a
public service.
D.
Answer (A) is incorrect. Writing a tax guide for sale to the general
public is
unlikely to impair the internal auditor’s professional judgment.
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to
impair their professional judgment.” Preparing a personal tax return
for a division
manager for a fee falls under this prohibition.
Answer (C) is incorrect. Teaching an evening tax seminar is unlikely
to impair
the internal auditor’s professional judgment.
Answer (D) is incorrect. Engaging in a public service separate from
the interests
and activities of the organization is unlikely to impair professional
judgment.
[52] Gleim #: 1.5.52
An internal auditing team has made observations and
recommendations that should
significantly improve a division’s operating efficiency. Out of
appreciation of this
work, and because it is the holiday season, the division manager
presents the in-charge
internal auditor with a gift of moderate value. Which of the following
best describes
the action prescribed by The IIA’s Code of Ethics?
A. Not accept it prior to submission of the final engagement
communication.
B. Not accept it if the gift is presumed to impair the internal auditor’s
judgment.
C. Not accept it, regardless of other circumstances, because its
value is significant.
D. Accept it, regardless of other circumstances, because its value is
insignificant.
Answer (A) is incorrect. The timing of the gift is irrelevant.
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to
impair their professional judgment.”
Answer (C) is incorrect. According to Rule of Conduct 2.2, the
decision whether
to accept a gift should be based on the potential impairment of the
auditor’s
judgment.
Answer (D) is incorrect. The decision to accept or reject the gift
should be based
on whether the internal auditor’s professional judgment will be
impaired or be
presumed to be impaired.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 25
Printed for Sanja Knezevic
[53] Gleim #: 1.5.53
During an examination of grants awarded by a not-for-profit
organization, an internal
auditor discovered a number of grants made without the approval of
the grant
authorization committee (which includes outside representatives), as
required by the
organization’s charter. All the grants, however, were approved and
documented by the
president. The chair of the grant authorization committee, who is also
a member of the
board of directors, proposes that the committee meet and
retroactively approve all the
grants before the engagement communication is issued. If the
committee meets and
approves the grants before such issuance, the internal auditor should
Not report the grants in question because they were approved before
the issuance
of the engagement communication.
A.
Discuss the matter with the chair of the grant committee to determine
the rationale
for not approving the grants earlier. If the grants are routine,
discussion of the
grant committee’s inaction should be omitted from the engagement
communication.
B.
Include the items in the communication as an override of the
organization’s
controls. Details about each grant should be reported, and the
internal auditor
should investigate further for fraud.
C.
Report the override of control D. to the board.
Answer (A) is incorrect. The control override should be reported.
Answer (B) is incorrect. The routine nature of the grants is irrelevant
to the issue
of the violation of the charter.
Answer (C) is incorrect. Details about each grant need not be
included unless the
internal auditor believes that fraud may have occurred. Moreover, the
appropriate
organizational authorities should be informed if wrongdoing is
suspected.
Answer (D) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.” The
management
override of an important control over approval of grants created a
material risk
exposure. The internal auditor is ethically obligated to report the
matter to senior
officials charged with performing the governance function.
[54] Gleim #: 1.5.54
An internal auditor, nearly finished with an engagement, discovers
that the director of
marketing has a gambling habit. The gambling issue is not directly
related to the
existing engagement, and the internal auditor is under pressure to
complete it quickly.
The internal auditor notes the problem and passes the information on
to the chief audit
executive but does no further follow-up. The internal auditor’s actions
Are in violation of The IIA’s Code of Ethics for withholding meaningful
information.
A.
Are in violation of the Standards because the internal auditor did not
properly
follow up on a red flag that might indicate the existence of fraud.
B.
C. Are not in violation of either The IIA’s Code of Ethics or the
Standards.
Are in violation of The IIA’s Code of Ethics for withholding meaningful
information and are in violation of the Standards because the internal
auditor did
not properly follow up on a red flag that might indicate the existence
of fraud.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 26
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The internal auditor did not withhold
information but
properly followed up upon learning of the information.
Answer (B) is incorrect. The internal auditor did not withhold
information but
properly followed up upon learning of the information.
Answer (C) is correct. There is no violation of either The IIA’s Code
of Ethics or the
Standards. The internal auditor did not withhold information and
properly followed up
upon learning of the information.
Answer (D) is incorrect. The internal auditor did not withhold
information but
properly followed up upon learning of the information.
[55] Gleim #: 1.5.55
An engagement at a foreign subsidiary disclosed payments to local
government
officials in return for orders. What action does The IIA’s Code of
Ethics suggest for an
internal auditor in such a case?
Refrain from any action that might be detrimental to A. the
organization.
B. Report the incident to appropriate regulatory authorities.
C. Inform appropriate organizational officials.
D. Report the practice to the board of The Institute of Internal
Auditors.
Answer (A) is incorrect. Informing organizational officials is not
detrimental to
the organization.
Answer (B) is incorrect. The Code does not require that the incident
be reported
to regulatory authorities.
Answer (C) is correct. Such payments may be illegal. Rule of
Conduct 2.3 under
the objectivity principle states, “Internal auditors shall disclose all
material facts
known to them that, if not disclosed, may distort the reporting of
activities under
review.”
Answer (D) is incorrect. The Code does not require reporting to The
IIA.
[56] Gleim #: 1.5.56
During an engagement, an employee with whom you have
developed a good working
relationship informs you that she has some information about senior
management that
is damaging to the organization and may concern illegal activities.
The employee does
not want her name associated with the release of the information.
Which of the
following actions is considered to be inconsistent with The IIA’s Code
of Ethics and
the Standards?
Assure the employee that you can maintain her anonymity and listen
to the
information.
A.
B. Suggest that the employee consider talking to legal counsel.
Inform the employee that you will attempt to keep the source of the
information
confidential and will look into the matter further.
C.
D. Inform the employee of other methods of communicating this type
of information.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 27
Printed for Sanja Knezevic
Answer (A) is correct. An internal auditor cannot guarantee
anonymity. Information
communicated to an internal auditor is not deemed to be privileged.
Answer (B) is incorrect. Suggesting that the person seek expert
legal advice from a
qualified individual is appropriate.
Answer (C) is incorrect. Promising merely to attempt to keep the
source of the
information confidential is allowable. This promise is not a guarantee
of
confidentiality.
Answer (D) is incorrect. The employee could be directed to other
methods of
communicating the information in order to maintain her anonymity.
[57] Gleim #: 1.5.57
The chief audit executive is aware of a material inventory shortage
caused by internal
control deficiencies at one manufacturing plant. The shortage and
related causes are of
sufficient magnitude to affect the external auditor’s report. Based on
The IIA’s Code
of Ethics, what is the CAE’s most appropriate course of action?
Say nothing; guard against interfering with the independence of the
external
auditors.
A.
Discuss the issue with management and take appropriate action to
ensure that the
external auditors are informed.
B.
Inform the external auditors of the possibility of a shortage but allow
them to
make an independent assessment of the amount.
C.
Communicate the shortages to the board and allow them to
communicate it to the
external auditor.
D.
Answer (A) is incorrect. The shortage is a material fact that could
distort a report
of activities under review if not revealed.
Answer (B) is correct. All material facts known by the internal
auditors should be
disclosed (Rule of Conduct 2.3). The CAE should share information
and
coordinate activities with other internal and external providers of
relevant
assurance and consulting services (Perf. Std. 2050).
Answer (C) is incorrect. The condition is known and the external
auditors should
be told more than that a possibility of a shortage exists.
Answer (D) is incorrect. Information should be shared and activities
coordinated
with the external auditor.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 28
Printed for Sanja Knezevic
fb.com/ciaaofficial
[58] Gleim #: 1.5.58
Through an engagement performed at the credit department, the
chief audit executive
(CAE) became aware of a material misstatement of the year-end
accounts receivable
balance. The external auditors have completed their engagement
without detecting the
misstatement. What should the CAE do in this situation?
Inform the external auditors of A. the misstatement.
Report the misstatement to management when the external auditors
present a
report.
B.
Exclude the misstatement from the final engagement communication
because the
external auditors are responsible for expressing an opinion on the
financial
statements.
C.
Perform additional engagement procedures on accounts receivable
balances to
benefit the external auditors.
D.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.”
Additionally, the
CAE should share information and coordinate activities with the
external auditors
(Perf. Std. 2050).
Answer (B) is incorrect. The CAE should share information and
coordinate
activities with the external auditors.
Answer (C) is incorrect. Although the internal audit activity’s main
focus may be
on risk management, control, and governance processes, a material
misstatement
must be communicated.
Answer (D) is incorrect. When performing an audit, the external
auditors should
determine what work should be performed by the internal auditor.
[59] Gleim #: 1.5.59
An internal auditor has uncovered facts that could be interpreted as
indicating
unlawful activity on the part of an engagement client. The internal
auditor decides not
to inform senior management and the board of these facts because
of lack of proof.
The internal auditor, however, decides that, if questions are raised
regarding the
omitted facts, they will be answered fully and truthfully. In taking this
action, the
internal auditor
Has not violated The IIA’s Code of Ethics or the Standards because
confidentiality takes precedence over all other standards.
A.
Has not violated The IIA’s Code of Ethics or the Standards because
the internal
auditor is committed to answering all questions fully and truthfully.
B.
Has violated The IIA’s Code of Ethics because unlawful acts should
have been
reported to the appropriate regulatory agency to avoid potential
“aiding and
abetting” by the internal auditor.
C.
Has violated the Standards because the internal auditor should
inform the
appropriate authorities in the organization if fraud may be indicated.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 29
Printed for Sanja Knezevic
Answer (A) is incorrect. Reporting a possible irregularity to the
appropriate
organizational authorities is not a breach of the duty of confidentiality
owed to the
organization.
Answer (B) is incorrect. The internal auditor has an affirmative duty
to report the
results of his/her work.
Answer (C) is incorrect. The possibility of unlawful activities should
be reported to
the appropriate personnel within the organization.
Answer (D) is correct. The internal auditor should inform the
appropriate authorities
in the organization if the indicators of the commission of a fraud are
sufficient to
recommend an investigation. Hence, the internal auditor has a duty
to act even though
the available facts do not prove that an irregularity has occurred.
Moreover, Rule of
Conduct 2.3 states, “Internal auditors shall disclose all material facts
known to them
that, if not disclosed, may distort the reporting of activities under
review.”
[60] Gleim #: 1.5.60
An internal auditor has been assigned to an engagement to evaluate
a possible
acquisition. Coincidentally, a significant portion of this internal
auditor’s personal
investment portfolio is composed of the target organization’s stock.
What is the
internal auditor’s preferable course of action in this situation based
on The IIA’s Code
of Ethics?
Acquaint the chief audit executive with the situation and ask to be
assigned to
another audit.
A.
Acquaint the chief audit executive with the situation and offer
assurance that it
will have no impact on objectivity.
B.
Proceed with the audit because the personal investments C. are not
an issue.
Proceed with the audit because the investment is insignificant
relative to the
whole of the target company’s stock.
D.
Answer (A) is correct. Rule of Conduct 2.1 under the objectivity
principle states,
“Internal auditors shall not participate in any activity or relationship
that may
impair or be presumed to impair their unbiased assessment. This
participation
includes those activities or relationships that may be in conflict with
the interests
of the organization.” In these circumstances, the internal auditor
lacks the
appearance of objectivity because the outcome of the engagement
could directly
affect the acquisition decision and the price of the stock. The use of
the
information also would be a violation of the Code and possibly of
insider trading
rules as well. Rule of Conduct 3.2 under the confidentiality principle
states,
“Internal auditors shall not use information for any personal gain or in
any manner
that would be contrary to the law or detrimental to the legitimate and
ethical
objectives of the organization.”
Answer (B) is incorrect. The appearance as well as the reality of
loss of
independence must be considered.
Answer (C) is incorrect. The internal auditor might be deemed to
have a personal
stake in the results of the engagement.
Answer (D) is incorrect. The investment is significant to the internal
auditor.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 30
Printed for Sanja Knezevic
fb.com/ciaaofficial
[61] Gleim #: 1.5.61
During the course of an engagement, an internal auditor discovered
that a research and
development employee has been patenting new developments that
are unrelated to the
basic business of the organization. The organization does not have a
specific policy
addressing patents on developments that are not related to its basic
business, but it has
a general policy that all important new discoveries by employees are
the property of
the organization. The employee is considered one of the most
prestigious in the field.
The employee’s actions have been condoned by local management
as an extra
incentive to keep the employee at the lab. A decision not to report
the employee’s
action is
A violation of The IIA’s A. Code of Ethics.
B. A violation of the reporting requirements in the Standards.
Justified because divisional management is aware of the practice,
and it is not in
violation of organizational policies.
C.
Both a violation of The IIA’s Code of Ethics AND a violation of the
reporting
requirements in the Standards.
D.
Answer (A) is incorrect. Failing to report the violation of
organizational policy is
contrary to The IIA’s Code of Ethics.
Answer (B) is incorrect. Failing to report the violation of
organizational policy is
contrary to the Standards.
Answer (C) is incorrect. The employee’s patenting of new
developments violates
the general policy that all important new discoveries are the property
of the
organization. Furthermore, if the practice is an alternative way to
provide benefits
to an employee, it may violate employee compensation rules. It may
also need to
be reported to various taxing authorities.
Answer (D) is correct. Under the Standards, internal auditors should
communicate engagement results. Rule of Conduct 4.2 states,
“Internal auditors
shall perform internal auditing services in accordance with the
International
Standards for the Professional Practice of Internal Auditing.” Rule of
Conduct
2.3 under the objectivity principle states, “Internal auditors shall
disclose all
material facts known to them that, if not disclosed, may distort the
reporting of
activities under review.” Hence, the failure to report violates The IIA’s
Code of
Ethics and the Standards.
[62] Gleim #: 1.5.62
Which of the following actions could be construed as a violation of
The IIA’s Code of
Ethics?
Failing to report to management information that would be material to
management’s judgment.
A.
B. Expressing an opinion on internal financial statements.
Turning a case over to the security department when an internal
auditor suspects
fraud but has no proof.
C.
Including an internal control problem in a final engagement
communication when
it has been corrected prior to completion of the engagement.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 31
Printed for Sanja Knezevic
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not disclosed,
may distort the reporting of activities under review.”
Answer (B) is incorrect. Expressing an opinion on internal financial
statements is
acceptable since it is for internal use only.
Answer (C) is incorrect. Turning a case over to the security
department is acceptable
as long as the internal auditor is careful not to state any final
conclusions that are not
supported by factual information.
Answer (D) is incorrect. Such reporting is routine.
[63] Gleim #: 1.5.63
During an engagement, an internal auditor learned that certain
individuals in the
organization were involved in industrial espionage for the benefit of
the organization.
According to The IIA’s Code of Ethics, what is the internal auditor’s
proper course of
action?
Report the facts to the appropriate individuals within A. the
organization.
B. No action is required because this condition is not detrimental to
the organization.
Note the condition in the working papers but refrain from reporting it
because it
benefits the organization.
C.
D. Report the condition to the appropriate governmental regulatory
agency.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.”
Moreover, Rule
of Conduct 1.3 under the integrity principle states, “Internal auditors
shall not
knowingly be a party to any illegal activity, or engage in acts that are
discreditable
to the profession of internal auditing or to the organization.”
Answer (B) is incorrect. Internal auditors must report material facts
that, if not
disclosed, could distort the reporting of activities. They also may not
knowingly
be a party to an illegal activity.
Answer (C) is incorrect. Internal auditors may not knowingly be a
party to an
illegal activity.
Answer (D) is incorrect. Internal auditors ordinarily are not required
to disclose
voluntarily any illegal or improper acts to outside individuals or
organizations.
They should try to work within their organizations. However, under
Rule of
Conduct 1.2, they should make any disclosures expected by the law
or by the
profession.
[64] Gleim #: 1.5.64
Which of the following activities of an internal auditor is most likely to
be acceptable
under The IIA’s Code of Ethics?
Late arrivals and early departures from work because this practice is
common in
the organization.
A.
Frequent luncheons and other socializing with major suppliers of the
organization
without the consent of senior management.
B.
C. Conducting an unrelated business outside of office hours.
D. Acceptance of a material gift from a supplier.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 32
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Internal auditors should exercise diligence
in performing
their duties.
Answer (B) is incorrect. Rule of Conduct 2.1 under the objectivity
principle states,
“Internal auditors shall not participate in any activity or relationship
that may impair or
be presumed to impair their unbiased assessment. This participation
includes those
activities or relationships that may be in conflict with the interests of
the organization.”
Answer (C) is correct. Nothing in The IIA’s Code of Ethics prohibits
operating an
unrelated business outside of regular office hours. The activity does
not, in itself,
constitute a conflict of interest, a use of information for personal gain,
or an
impairment of the internal auditor’s unbiased assessment.
Answer (D) is incorrect. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to impair
their professional judgment.”
[65] Gleim #: 1.5.65
Which of the following items is a violation by an internal auditor of
The IIA’s Code of
Ethics?
Certain facts recorded in the internal auditor’s working papers that
helped to
support the basic allegations made by the internal auditor regarding
a case of fraud
were not included in the final engagement communication.
A.
Information in the internal auditor’s working papers that proved a
criminal act was
included in the internal auditor’s draft communication. The comments
were later
removed by internal audit management.
B.
To keep the engagement effort within the budgeted time, the internal
auditor was
directed to and did curtail testing in an area that looked suspicious
and later was
proved to contain massive irregularities.
C.
A control system that had been recommended by the internal audit
staff during the
previous engagement was found to be defective. The internal auditor
reported the
defective function as an engagement client failure.
D.
Answer (A) is incorrect. Immaterial facts need not be included.
Answer (B) is incorrect. The ethical transgression, if any, was not
made by the
internal auditor but by internal audit management.
Answer (C) is incorrect. The ethical transgression, if any, was not
made by the
internal auditor but by internal audit management.
Answer (D) is correct. Reporting the defective function as an
engagement client
failure is a violation of the internal auditor’s ethical obligation to
disclose all
material facts known to him/her that, if not disclosed, may distort the
reporting of
activities under review (Rule of Conduct 2.3).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 33
Printed for Sanja Knezevic
[66] Gleim #: 1.5.66
Which of the following actions by an internal auditor would violate
The IIA’s Code of
Ethics?
Attendance at an educational program offered by an engagement
client to all
employees.
A.
Acceptance of airline tickets from an B. engagement client.
Disclosure, in an engagement communication, of all material facts
relevant to the
area reviewed.
C.
Disposal of a small ownership interest in the organization prior to
learning of a
business downturn.
D.
Answer (A) is incorrect. Continuing education is consistent with the
duty to
continually improve proficiency and the effectiveness and quality of
services
(Rule of Conduct 4.3).
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to
impair their professional judgment.”
Answer (C) is incorrect. Rule of Conduct 2.3 requires full disclosure
of material
facts when reporting on activities.
Answer (D) is incorrect. A stock transaction not based on insider
information is
not an impropriety.
[67] Gleim #: 1.5.67
An internal auditor may receive which of the following without
violating The IIA’s
Code of Ethics?
A pen received from the sales manager of a subsidiary with the
imprinted name of
the organization’s product and a phone number.
A.
A dinner and baseball tickets from the manager of a department
being reviewed.
The tickets are usually made available to employees of that
department.
B.
A dinner and baseball tickets from the manager of a department that
has never
been reviewed and for which there are no plans for a future
engagement. The
tickets are usually made available to employees of that department.
C.
D. A bottle of whiskey from the organization’s treasurer.
Answer (A) is correct. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to
impair their professional judgment.” A small promotional item, such
as a pen of
minimal value, is unlikely to affect an auditor’s judgment.
Answer (B) is incorrect. A gift from an employee whose department
may be
reviewed most likely violates Rule of Conduct 2.2.
Answer (C) is incorrect. A gift from an employee whose department
may be
reviewed most likely violates Rule of Conduct 2.2.
Answer (D) is incorrect. A gift from an employee whose department
may be
reviewed most likely violates Rule of Conduct 2.2.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 34
Printed for Sanja Knezevic
fb.com/ciaaofficial
[68] Gleim #: 1.5.68
In their reporting, internal auditors are required by The IIA’s Code of
Ethics to
Present sufficient factual information without revealing confidential
matters that
could be detrimental to the organization.
A.
Disclose all material information obtained by the auditor as of the
date of the final
engagement communication.
B.
Obtain factual information within the established time and C. budget
parameters.
Disclose material facts known to the internal auditor that could distort
the final
engagement communication if not revealed.
D.
Answer (A) is incorrect. The Code requires only that internal
auditors be prudent
in the use and protection of information.
Answer (B) is incorrect. The Code does not address disclosure this
specifically.
Answer (C) is incorrect. Time and budget parameters are not
addressed in the
Code.
Answer (D) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.”
[69] Gleim #: 1.5.69
Which of the following actions by an internal auditor is most likely a
violation of The
IIA’s Code of Ethics?
A. Accepting payment for teaching auditing at a local university.
B. Having a material ownership interest in a competitor.
C. Accepting a moderate gift from a customer of his/her organization.
Allowing use of the Certified Internal Auditor designation in a context
not
involving his/her employment.
D.
Answer (A) is incorrect. Teaching is compatible with internal
auditing.
Answer (B) is incorrect. Having a material ownership interest in a
competitor is
more likely to cause a conflict for a director or officer than an internal
auditor. An
internal auditor would seldom be able during the course of his/her
employment to
take action that would enhance the value of the ownership interest.
Answer (C) is correct. Rule of Conduct 2.2 under the objectivity
principle states,
“Internal auditors shall not accept anything that may impair or be
presumed to
impair their professional judgment.”
Answer (D) is incorrect. The IIA’s Code of Ethics does not
specifically mention
use of the CIA designation. Acts discreditable to the profession or the
organization are prohibited, but use of the CIA designation outside
the
employment context is not per se discreditable.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 35
Printed for Sanja Knezevic
[70] Gleim #: 1.5.70
In their communication of results, internal auditors are required by
The IIA’s Code of
Ethics to
Obtain factual information within the established time and A. budget
parameters.
B. Reveal material facts that could distort communications if not
revealed.
Present sufficient factual information without revealing confidential
information
that could be detrimental to the organization.
C.
Disclose all material information obtained as of the date of the final
engagement
communication.
D.
Answer (A) is incorrect. Obtaining information pertains to performing
the
engagement, not communicating results.
Answer (B) is correct. Internal auditors should disclose all material
facts known
to them that, if not disclosed, may distort the reporting of activities
under review
(Rule of Conduct 2.3).
Answer (C) is incorrect. The Code of Ethics does not prohibit
communicating
confidential information to appropriate parties within the organization,
e.g., senior
management and the board.
Answer (D) is incorrect. Disclosures by the internal auditors are not
limited to
information obtained as of the date of the final engagement
communication.
[71] Gleim #: 1.5.71
Which of the following situations is a violation of The IIA’s Code of
Ethics?
An internal auditor, with the knowledge and consent of management,
accepted a
token gift from a customer of the organization that was not presumed
to impair
and did not impair judgment.
A.
Knowing that management was aware of the situation, an internal
auditor
purposely left a description of an unlawful practice out of the final
engagement
communication.
B.
An internal auditor shared techniques with internal auditors from
another
organization.
C.
Based upon knowledge of the probable success of the employer’s
business, an
internal auditor invested in a mutual fund that specialized in the same
industry.
D.
Answer (A) is incorrect. Acceptance of anything from a customer is
prohibited
but only if it would impair or be presumed to impair professional
judgment.
Answer (B) is correct. Rule of Conduct 2.3 under the objectivity
principle states,
“Internal auditors shall disclose all material facts known to them that,
if not
disclosed, may distort the reporting of activities under review.”
Moreover, Rule of
Conduct 1.3 under the integrity principle states, “Internal auditors
shall not
knowingly be a party to any illegal activity, or engage in acts that are
discreditable
to the profession of internal auditing or to the organization.”
Answer (C) is incorrect. Rule of Conduct 4.3 under the competency
principle
states, “Internal auditors shall continually improve their proficiency
and the
effectiveness and quality of their services.”
Answer (D) is incorrect. Although an internal auditor is prohibited
from using
confidential information for personal gain, and an investment in the
organization’s
stock would be questionable, an investment in a mutual fund is
acceptable.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 36
Printed for Sanja Knezevic
fb.com/ciaaofficial
[72] Gleim #: 1.5.72
The chief audit executive (CAE) of a mid-sized internal audit activity
was concerned
that management might outsource the internal auditing function.
Thus, the CAE
adopted a very aggressive program to promote the internal audit
activity within the
organization. The CAE planned to present the results to senior
management and the
board and recommend modification of the internal audit activity’s
charter after using
the new program. The following lists six actions the CAE took to
promote a positive
image within the organization:
Engagement assignments concentrated on efficiency. The
engagements focused
solely on cost savings, and each engagement communication
highlighted potential
costs to be saved. Negative observations were omitted. The focus on
efficiency
was new, but the engagement clients seemed very happy.
1.
Drafts of all engagement communications were carefully reviewed
with the
engagement clients to get their input. Their comments were carefully
considered
when developing the final engagement communication.
2.
The information technology internal auditor participated as part of a
development
team to review the control procedures to be incorporated into a major
computer
application under development.
3.
Given limited resources, the engagement manager performed a risk
assessment to
establish engagement work schedule priorities. This was a marked
departure from
the previous approach of ensuring that all operations are evaluated
on at least a 3year interval.
4.
To save time, the CAE no longer required that a standard internal
control
questionnaire be completed for each engagement.
5.
When the internal auditors found that the engagement client had not
developed
specific criteria or data to evaluate operations, the internal auditors
were
instructed to perform research, develop specific criteria, review the
criteria with
the engagement client, and, if acceptable, use them to evaluate the
engagement
client’s operations. If the engagement client disagreed with the
criteria, a
negotiation took place until acceptable criteria could be agreed upon.
The
engagement communication commented on the engagement client’s
operations in
conjunction with the agreed-upon criteria.
6.
Which of the following elements of Action 1 taken by the CAE would
be considered
inappropriate?
The type of engagements was changed before modifying the internal
audit
activity’s charter and going to the audit committee.
I.
Negative observations were omitted from the engagement II.
communications.
Cost savings and recommendations were highlighted in the
engagement
communication.
III.
A. I and II.
B. I and III.
C. I only.
D. II and III.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 37
Printed for Sanja Knezevic
Answer (A) is correct. The CAE dramatically changed internal
audit’s scope of work
without consulting with the board. A second violation is the omission
of negative
observations. Under The IIA’s Code of Ethics, the auditors must
disclose all material
facts known to them that, if not disclosed, may distort the reporting of
activities under
review (Rule of Conduct 2.3).
Answer (B) is incorrect. Highlighting potential cost savings is
appropriate for an
engagement communication, and material negative observations
must not be omitted.
Answer (C) is incorrect. Omitting negative observations is also a
violation.
Answer (D) is incorrect. The CAE dramatically changed internal
audit’s scope of
work without consulting with the board. Moreover, highlighting
potential cost savings
is appropriate for an engagement communication.
[73] Gleim #: 1.6.73
Which of the following is permissible under The IIA’s Code of Ethics?
Disclosing confidential, engagement-related information that is
potentially
damaging to the organization in response to a court order.
A.
Using engagement-related information in a decision to buy an
ownership interest
in the employer organization.
B.
Accepting an unexpected gift from an employee whom the internal
auditor has
praised in a recent engagement communication.
C.
Not reporting significant observations and recommendations about
illegal activity
to the board because management has indicated it will address the
issue.
D.
Answer (A) is correct. The principle of confidentiality permits the
disclosure of
confidential information if there is a legal or professional obligation to
do so.
Answer (B) is incorrect. Rule of Conduct 3.2 prohibits internal
auditors from
using information for personal gain.
Answer (C) is incorrect. Rule of Conduct 2.2 prohibits internal
auditors from
accepting anything that may impair, or be presumed to impair, their
professional
judgment.
Answer (D) is incorrect. Rule of Conduct 2.3 under the objectivity
principle
requires internal auditors to disclose all material facts known to them
that, if not
disclosed, might distort the reporting of activities under review.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 38
Printed for Sanja Knezevic
fb.com/ciaaofficial
[74] Gleim #: 1.6.74
Which situation most likely violates The IIA’s Code of Ethics and the
Standards?
The chief audit executive (CAE) disagrees with the engagement
client about the
observations and recommendations in a sensitive area. The CAE
discusses the
detail of the observations and the proposed recommendations with a
fellow CAE
from another organization.
A.
An organization’s charter for the internal audit activity requires the
chief audit
executive (CAE) to present the yearly engagement work schedule to
the board for
its approval and suggestions.
B.
The engagement manager has removed the most significant
observations and
recommendations from the final engagement communication. The incharge
internal auditor opposed the removal, explaining that (s)he knows the
reported
conditions exist. The in-charge internal auditor agrees that,
technically,
information is not sufficient to support the observations, but
management cannot
explain the conditions, and the observations are the only reasonable
conclusions.
C.
Because the internal audit activity lacks skill and knowledge in a
specialty area,
the chief audit executive (CAE) has hired an expert. The
engagement manager has
been asked to review the expert’s approach to the assignment.
Although
knowledgeable about the area under review, the manager is hesitant
to accept the
assignment because of lack of expertise.
D.
Answer (A) is correct. Rule of Conduct 3.1 under the confidentiality
principle
states, “Internal auditors shall be prudent in the use and protection of
information
acquired in the course of their duties.” Discussion of sensitive
matters with an
unauthorized party is the situation most likely to be considered a
Code violation.
Answer (B) is incorrect. Approval of the engagement work schedule
by the board
and senior management is required.
Answer (C) is incorrect. Information must be sufficient to achieve
engagement
objectives.
Answer (D) is incorrect. The Standards allow use of experts when
needed.
[75] Gleim #: 1.6.75
Which of the following actions taken by a chief audit executive (CAE)
could be
considered professionally ethical under The IIA’s Code of Ethics?
The CAE decides to delay an engagement at a branch so that his
nephew, the
branch manager, will have time to “clean things up.”
A.
To save organizational resources, the CAE cancels all staff training
for the next 2
years on the basis that all staff are too new to benefit from training.
B.
To save organizational resources, the CAE limits procedures at
foreign branches
to confirmations from branch managers that no major personnel
changes have
occurred.
C.
The CAE refuses to provide information about organizational
operations to his
father, who is a part owner.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 39
Printed for Sanja Knezevic
Answer (A) is incorrect. According to Rule of Conduct 1.1, “Internal
auditors shall
perform their work with honesty, diligence, and responsibility.”
Answer (B) is incorrect. According to Rule of Conduct 4.3, “Internal
auditors shall
continually improve their proficiency and the effectiveness and
quality of their
services.”
Answer (C) is incorrect. According to Rule of Conduct 4.2, “Internal
auditors shall
perform internal audit services in accordance with the International
Standards for the
Professional Practice of Internal Auditing (Standards).” The
Standards require
supporting information to be sufficient, reliable, relevant, and useful.
Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality
principle states,
“Internal auditors shall be prudent in the use and protection of
information acquired in
the course of their duties.” Additionally, Rule of Conduct 3.2 states,
“Internal auditors
shall not use information for any personal gain or in any manner that
would be contrary
to the law or detrimental to the legitimate and ethical objectives of the
organization.”
Thus, such use of information by the CAE might be illegal under
insider trading rules.
[76] Gleim #: 1.6.76
A chief audit executive (CAE) learned that a staff internal auditor
provided
confidential information to a relative. Both the CAE and staff internal
auditor are
CIAs. Although the internal auditor did not benefit from the
transaction, the relative
used the information to make a significant profit. The most
appropriate way for the
CAE to deal with this problem is to
Verbally reprimand the A. internal auditor.
B. Summarily discharge the internal auditor and notify The IIA.
C. Take no action because the internal auditor did not benefit from
the transaction.
Inform The IIA’s Board of Directors and take the personnel action
required by
organizational policy.
D.
Answer (A) is incorrect. The internal auditor has violated Rule of
Conduct 3.2
regarding use of information. The IIA should be notified.
Answer (B) is incorrect. Summary discharge may not be in
accordance with
company personnel policies.
Answer (C) is incorrect. The auditor improperly used information
and violated
The IIA’s Code of Ethics. Some action is warranted.
Answer (D) is correct. The staff internal auditor has violated Rule of
Conduct 3.2
regarding use of information. A violation of The IIA’s Code of Ethics is
the basis
for a complaint to the International Ethics Committee, which is
responsible for
receiving, interpreting, and investigating all complaints against
members or CIAs
on behalf of the Board of Directors of The IIA and making
recommendations to
the Board on actions to be taken (Administrative Directive 5). In
addition,
organizational policy must be followed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 40
Printed for Sanja Knezevic
fb.com/ciaaofficial
[77] Gleim #: 1.6.77
Which of the following situations is a violation of The IIA’s Code of
Ethics?
An internal auditor was ordered to testify in a court case in which a
merger partner
claimed to have been defrauded by the internal auditor’s
organization. The
internal auditor divulged confidential information to the court.
A.
An internal auditor for a manufacturer of office products recently
completed an
engagement to evaluate the marketing function. Based on this
experience, the
internal auditor spent several hours one Saturday working as a paid
consultant to a
hospital in the local area that intended to conduct an engagement to
evaluate its
marketing function.
B.
An internal auditor gave a speech at a local IIA chapter meeting
outlining the
contents of a program the internal auditor had developed for
engagements relating
to electronic data interchange (EDI) connections. Several internal
auditors from
major competitors were in the audience.
C.
During an engagement, an internal auditor learned that the
organization was about
to introduce a new product that would revolutionize the industry.
Because of the
probable success of the new product, the product manager
suggested that the
internal auditor buy an additional interest in the organization, which
the internal
auditor did.
D.
Answer (A) is incorrect. The principle of confidentiality permits the
disclosure of
confidential information if there is a legal or professional obligation to
do so.
Answer (B) is incorrect. The hospital is not a competitor or supplier
of the
internal auditor’s employer. Hence, no conflict of interest is involved.
Answer (C) is incorrect. Giving a speech is not a violation of The
IIA’s Code of
Ethics. In fact, The IIA’s motto is “progress through sharing.”
Answer (D) is correct. Rule of Conduct 3.2 under the confidentiality
principle
states, “Internal auditors shall not use information for any personal
gain or in any
manner that would be contrary to the law or detrimental to the
legitimate and
ethical objectives of the organization.”
[78] Gleim #: 1.6.78
Which of the following most likely constitutes a violation of The IIA’s
Code of Ethics
by an internal auditor?
Discussing at a trade convention the organization’s controls over its
computer
networks.
A.
Purchasing stock in a target entity after overhearing an executive’s
discussion of a
possible acquisition.
B.
Deleting sensitive information from a final engagement
communication at the
request of senior management.
C.
Investigating executive expense reports based completely on D.
rumors of padding.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 41
Printed for Sanja Knezevic
Answer (A) is incorrect. Disclosure of information technology
controls is not
detrimental to the objectives of the organization. They are not likely
to be trade secrets.
Answer (B) is correct. Rule of Conduct 3.2 under the confidentiality
principle states,
“Internal auditors shall not use information for any personal gain or in
any manner that
would be contrary to the law or detrimental to the legitimate and
ethical objectives of
the organization.”
Answer (C) is incorrect. If senior management permits the omission,
the internal
auditor is not guilty of failing to disclose material facts.
Answer (D) is incorrect. An investigation of expense accounts is
within the internal
auditor’s normal responsibilities, but further investigation of fraud
should ordinarily be
made by investigative specialists.
[79] Gleim #: 1.6.79
An internal auditor is performing services in a division in which the
chief financial
officer is a close personal friend, and the internal auditor learns that
the friend is to be
replaced after a series of critical labor negotiations. The internal
auditor relays this
information to the friend. Has a violation of The IIA’s Code of Ethics
occurred?
No. The use of the confidential information resulted in no personal
gain to the
internal auditor.
A.
No. The internal auditor was just being honest with B. his/her friend.
C. Yes. The internal auditor had a conflict of interest with the
organization.
Yes. The internal auditor was not prudent in the use of information
acquired in the
course of his/her duties.
D.
Answer (A) is incorrect. The Rules of Conduct specifically prohibit
using
information in a manner that would be detrimental to the legitimate
and ethical
objectives of the organization.
Answer (B) is incorrect. The Rules of Conduct specifically prohibit
using
information in a manner that would be detrimental to the legitimate
and ethical
objectives of the organization.
Answer (C) is incorrect. The facts do not suggest that a conflict of
interest
existed. However, such a conflict would be present, for example, if
the internal
auditor used confidential information to seize a business opportunity
that
rightfully belonged to the organization.
Answer (D) is correct. These facts constitute a violation of The IIA’s
Code of
Ethics. Rule of Conduct 3.1 under the confidentiality principle states,
“Internal
auditors shall be prudent in the use and protection of information
acquired in the
course of their duties.” Further, Rule of Conduct 3.2 states, “Internal
auditors
shall not use information for any personal gain or in any manner that
would be
contrary to the law or detrimental to the legitimate and ethical
objectives of the
organization.” In this case, the decision whether to notify the financial
officer of
his/her replacement was properly the organization’s. Accordingly, the
internal
auditor was bound not to tell his/her friend.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 42
Printed for Sanja Knezevic
fb.com/ciaaofficial
[80] Gleim #: 1.7.80
During the course of an engagement, an internal auditor discovers
that a clerk is
embezzling funds from the organization. Although this is the first
embezzlement ever
encountered and the organization has a security department, the
internal auditor
decides to interrogate the suspect. If the internal auditor is violating
The IIA’s Code of
Ethics, the rule violated is most likely
Failing to exercise A. due diligence.
B. Lack of loyalty to the organization.
C. Lack of competence in this area.
D. Failing to comply with the law.
Answer (A) is incorrect. The requirement to perform work with
diligence does
not override the competency Rules of Conduct or the need to use
good judgment.
Answer (B) is incorrect. Loyalty is better exhibited by consulting with
professionals and knowing the limits of competence.
Answer (C) is correct. Rule of Conduct 4.1 under the competency
principle
states, “Internal auditors shall engage only in those services for
which they have
the necessary knowledge, skills, and experience.” Internal auditors
may not have,
and are not expected to have, knowledge equivalent to that of a
person whose
primary responsibility is to detect and investigate fraud (Impl. Std.
1210.A2).
Answer (D) is incorrect. The internal auditor may violate the
suspect’s civil rights
as a result of inexperience.
[81] Gleim #: 1.7.81
Internal auditors who fail to maintain their proficiency through
continuing education
could be found to be in violation of
A. The International Standards for the Professional Practice of
Internal Auditing.
B. The IIA’s Code of Ethics.
Both the International Standards for the Professional Practice of
Internal
Auditing and The IIA’s Code of Ethics.
C.
D. None of the answers are correct.
Answer (A) is incorrect. The IIA’s Code of Ethics also is violated.
Rule of
Conduct 4.3 under the competency principle states, “Internal auditors
shall
continually improve their proficiency and the effectiveness and
quality of their
services.”
Answer (B) is incorrect. The Standards also are violated because
they require
auditors to enhance their knowledge, skills, and other competencies
through
continuing professional development.
Answer (C) is correct. Rule of Conduct 4.3 under the competency
principle
states, “Internal auditors shall continually improve their proficiency
and the
effectiveness and quality of their services.” Furthermore, Attr. Std.
1230 states,
“Internal auditors must enhance their knowledge, skills, and other
competencies
through continuing professional development.” Hence, both The IIA’s
Code of
Ethics and the Standards are violated by failing to earn continuing
education
credits.
Answer (D) is incorrect. Both the Code and the Standards would be
violated.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 43
Printed for Sanja Knezevic
[82] Gleim #: 1.7.82
An organization has recently placed a former operating manager in
the position of
chief audit executive (CAE). The new CAE is not a member of The
IIA and is not a
CIA. Henceforth, the internal audit activity will be run strictly by the
CAE’s standards,
not The IIA’s. All four staff internal auditors are members of The IIA,
but they are not
CIAs. According to The IIA’s Code of Ethics, what is the best course
of action for the
staff internal auditors?
The Code does not apply because A. they are not CIAs.
They should comply with the International Standards for the
Professional
Practice of Internal Auditing.
B.
They must respect the legitimate and ethical objectives of the
organization and
ignore the Standards.
C.
D. They must resign their jobs to avoid improper activities.
Answer (A) is incorrect. The IIA’s Code of Ethics may be enforced
against IIA
members and recipients of, or candidates for, IIA professional
certifications.
Answer (B) is correct. Rule of Conduct 4.2 under the competency
principle
states, “Internal auditors shall perform internal audit services in
accordance with
the International Standards for the Professional Practice of Internal
Auditing.”
Because the internal auditors are members of The Institute, The IIA’s
Code of
Ethics is enforceable against them even though they are not CIAs.
Answer (C) is incorrect. Internal auditors should respect and
contribute to the
legitimate and ethical objectives of the organization, but an IIA
member, a holder
of an IIA professional certification, or a candidate for certification may
be liable
for disciplinary action for failure to adhere to the Standards.
Answer (D) is incorrect. The IIA’s Code of Ethics says nothing about
resignation
to avoid improper activities.
[83] Gleim #: 1.7.83
A new staff internal auditor was told to perform an engagement in an
area with which
the internal auditor was not familiar. Because of time constraints, no
supervision was
provided. The assignment represented a good learning experience,
but the area was
clearly beyond the internal auditor’s competence. Nonetheless, the
internal auditor
prepared comprehensive working papers and communicated the
results to
management. In this situation,
The internal audit activity violated the Standards by hiring an internal
auditor
without proficiency in the area.
A.
The internal audit activity violated the Standards by not providing
adequate
supervision.
B.
The chief audit executive has not violated The IIA’s Code of Ethics
because it
does not address supervision.
C.
The Standards and The IIA’s Code of Ethics were followed by the
internal audit
activity.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 44
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. All internal auditors need not be proficient in
all areas. The
internal audit activity as a whole should have an appropriate mix of
skills.
Answer (B) is correct. Rule of Conduct 4.2 under the competency
principle requires
internal auditing services to be performed in accordance with the
Standards.
Attr. Std. 1200 requires engagements to be performed with
proficiency and due
professional care. They also should be properly supervised to ensure
that objectives are
achieved, quality is assured, and staff is developed (Perf. Std. 2340).
Answer (C) is incorrect. The Code requires compliance with the
Standards, and the
Standards require proper supervision.
Answer (D) is incorrect. The Standards and the Code were not
followed.
[84] Gleim #: 1.7.84
Which of the following most likely constitutes a violation of The IIA’s
Code of
Ethics?
Auditor A has accepted an assignment to perform an engagement at
the
electronics manufacturing division. Auditor A has recently joined the
internal
audit activity. But Auditor A was senior auditor for the external audit of
that
division and has audited many electronics organizations during the
past 2 years.
A.
Auditor B has been assigned to perform an engagement at the
warehousing
function 6 months from now. Auditor B has no expertise in that area
but accepted
the assignment anyway. Auditor B has signed up for continuing
professional
education courses in warehousing that will be completed before the
assignment
begins.
B.
Auditor C is content as an internal auditor and has come to look at it
as a regular
9-to-5 job. Auditor C has not engaged in continuing professional
education or
other activities to improve effectiveness during the last 3 years.
However, Auditor
C feels performance of quality work is the same as before.
C.
Auditor D discovered an internal financial fraud during the year. The
books were
adjusted to properly reflect the loss associated with the fraud. Auditor
D discussed
the fraud with the external auditor when the external auditor reviewed
working
papers detailing the incident.
D.
Answer (A) is incorrect. No professional conflict of interest exists per
se,
especially given that the internal auditor was previously in public
accounting.
However, the internal auditor should be aware of potential conflicts.
Answer (B) is incorrect. An internal auditor must possess the
necessary
knowledge, skills, and competencies at the time an engagement is
conducted, not
the time it is accepted.
Answer (C) is correct. Rule of Conduct 4.3 under the competency
principle
states, “Internal auditors shall continually improve their proficiency
and the
effectiveness and quality of their services.”
Answer (D) is incorrect. The information was disclosed as part of
the normal
process of cooperation between the internal and external auditor.
Because the
books were adjusted, the external auditor was expected to inquire as
to the nature
of the adjustment.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 45
Printed for Sanja Knezevic
[85] Gleim #: 1.7.85
Under The IIA’s Code of Ethics, an entity that provides internal
auditing services is
specifically required to
Maintain certain predetermined staffing requirements A. for
engagements.
Comply with the International Standards for the Professional Practice
of Internal
Auditing.
B.
C. Comply with organizational policy.
D. Participate in a formal continuing education program.
Answer (A) is incorrect. Staffing requirements must be determined
based on the
circumstances of each engagement.
Answer (B) is correct. The IIA’s Code of Ethics applies not only to
individuals
but also to entities that provide internal auditing services. Rule of
Conduct 4.2
under the competency principle states, “Internal auditors shall
perform internal
audit services in accordance with the International Standards for the
Professional
Practice of Internal Auditing.”
Answer (C) is incorrect. The Code requires internal auditors to
respect and
contribute to the legitimate and ethical objectives of the organization
and not
engage in acts discreditable to the organization. However, the Code
does not
specifically mention compliance with organizational policy.
Answer (D) is incorrect. The Code requires compliance with the
Standards, and
the Standards require internal auditors to enhance their knowledge,
skills, and
other competencies through continuing professional development,
but neither the
Code nor the Standards require formal continuing education.
[86] Gleim #: 1.7.86
The IIA’s Code of Ethics incorporates by reference which of the
following rules?
A. Duty to disclose all material facts when reporting on activities.
B. Performance with proficiency and due professional care.
C. Prudent and lawful use of information.
D. No acceptance of anything that may impair professional judgment.
Answer (A) is incorrect. Rule of Conduct 2.3 states, “Internal
auditors shall
disclose all material facts known to them that, if not disclosed, may
distort the
reporting of activities under review.”
Answer (B) is correct. Rule of Conduct 4.2 under the competency
principle
states, “Internal auditors shall perform internal audit services in
accordance with
the International Standards for the Professional Practice of Internal
Auditing.”
Attribute Standard 1200 requires engagements to be performed with
proficiency
and due professional care.
Answer (C) is incorrect. Rule of Conduct 3.1 states, “Internal
auditors shall be
prudent in the use and protection of information acquired in the
course of their
duties.” Rule of Conduct 3.2 states, “Internal auditors shall not use
information
for any personal gain or in any manner that would be contrary to the
law or
detrimental to the legitimate and ethical objectives of the
organization.”
Answer (D) is incorrect. Rule of Conduct 2.2 states, “Internal
auditors shall not
accept anything that may impair or be presumed to impair their
professional
judgment.”
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 46
Printed for Sanja Knezevic
fb.com/ciaaofficial
[87] Gleim #: 1.7.87
Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require
that due
professional care be used in obtaining information to support an
engagement opinion?
Sufficient, reliable, relevant, and useful information lends credibility to
the
opinion.
A.
To preclude any conflict B. of interest.
C. To require honesty in performing work.
If internal auditors were permitted to communicate engagement
results without
obtaining sufficient information, they would be in a position to accept
fees or gifts
from engagement clients.
D.
Answer (A) is correct. Engagements must be performed with
proficiency and due
professional care (Attr. Std. 1200), and the engagement results must
be
communicated (Perf. Std. 2400). Engagement results include
observations,
conclusions, opinions, recommendations, and action plans (PA 24101). If internal
auditors expressed opinions or otherwise communicated
engagement results
without substantive investigation and compliance with the Standards,
such
communications would be meaningless. The Standards are therefore
incorporated
by reference into The IIA’s Code of Ethics by Rule of Conduct 4.2.
Thus, internal
auditors must identify sufficient, reliable, relevant, and useful
information to
achieve the engagement’s objectives (Perf. Std. 2310).
Answer (B) is incorrect. A separate ethics rule prohibits conflicts of
interest. Rule
of Conduct 2.1 states, “Internal auditors shall not participate in any
activity or
relationship that may impair or be presumed to impair their unbiased
assessment.
This participation includes those activities or relationships that may
be in conflict
with the interests of the organization.”
Answer (C) is incorrect. Rule of Conduct 1.1 requires honesty,
diligence, and
responsibility in the performance of work.
Answer (D) is incorrect. Rule of Conduct 2.2 prohibits accepting
anything that
may impair or be presumed to impair the professional judgment of an
internal
auditor.
[88] Gleim #: 1.8.88
During an engagement to evaluate the organization’s accounts
payable function, an
internal auditor plans to confirm balances with suppliers. What is the
source of
authority for such contacts with units outside the organization?
A. Internal audit activity policies and procedures.
B. The Standards.
C. The Code of Ethics.
D. The internal audit activity’s charter.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 47
Printed for Sanja Knezevic
Answer (A) is incorrect. Policies and procedures guide the internal
auditors in their
consistent compliance with the internal audit activity’s standards of
performance.
Answer (B) is incorrect. The internal audit activity’s authority is
defined in a charter
approved by the board.
Answer (C) is incorrect. The purpose of the Code of Ethics is to
promote an ethical
culture in the profession of internal auditing.
Answer (D) is correct. The charter establishes the internal audit
activity’s position
within the organization, including the nature of the chief audit
executive’s functional
reporting relationship with the board; authorizes access to records,
personnel, and
physical properties relevant to the performance of engagements; and
defines the scope
of internal audit activities (Inter. Std. 1000). Thus, the charter
prescribes the internal
audit activity’s relationships with other units within the organization
and with those
outside.
[89] Gleim #: 1.8.89
The board of an organization has charged the chief audit executive
(CAE) with
upgrading the internal audit activity. The CAE’s first task is to develop
a charter. What
item should be included in the statement of objectives?
Report all engagement results to the board A. every quarter.
Notify governmental regulatory agencies of unethical business
practices by
organization management.
B.
C. Evaluate the adequacy and effectiveness of the organization’s
controls.
D. Submit budget variance reports to management every month.
Answer (A) is incorrect. Only significant engagement results are
discussed with
the board.
Answer (B) is incorrect. Internal auditors ordinarily are not required
to report
deficiencies in regulatory compliance to the appropriate agencies.
However, they
must observe the law and make disclosures expected by the law and
profession
(Rule of Conduct 1.2).
Answer (C) is correct. The charter establishes the internal audit
activity’s position
within the organization, including the nature of the chief audit
executive’s
functional reporting relationship with the board; authorizes access to
records,
personnel, and physical properties relevant to the performance of
engagements;
and defines the scope of internal audit activities (Inter. Std. 1000).
Internal
auditing brings a systematic, disciplined approach to evaluating and
improving
risk management, control, and governance processes (Definition of
Internal
Auditing).
Answer (D) is incorrect. Submission of budgetary variance reports is
not a
primary objective of internal auditing. It is a budgetary control that
management
may require on a periodic basis.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 48
Printed for Sanja Knezevic
fb.com/ciaaofficial
[90] Gleim #: 1.8.90
An element of authority that must be included in the charter of the
internal audit
activity is
Identification of the organizational units where engagements are A. to
be performed.
B. Identification of the types of disclosures that should be made to
the board.
Access to records, personnel, and physical properties relevant to the
performance
of engagements.
C.
D. Access to the external auditor’s engagement records.
Answer (A) is incorrect. The audit schedule is based on a risk
assessment; it is
thus inappropriate to designate specific engagement areas in the
internal audit
charter.
Answer (B) is incorrect. Disclosure to the board is an obligation, not
an element
of authority.
Answer (C) is correct. The charter establishes the internal audit
activity’s position
within the organization, including the nature of the chief audit
executive’s
functional reporting relationship with the board; authorizes access to
records,
personnel, and physical properties relevant to the performance of
engagements;
and defines the scope of internal audit activities (Inter. Attr. Std.
1000).
Answer (D) is incorrect. Access to the external auditor’s
engagement records
cannot be guaranteed.
[91] Gleim #: 1.8.91
The authority of the internal audit activity is limited to that granted by
A. The board and the controller.
B. Senior management and the Standards.
C. Management and the board.
D. The board and the chief financial officer.
Answer (A) is incorrect. The controller is not the only member of
management.
Answer (B) is incorrect. The Standards cannot provide actual
authority to an
internal audit activity.
Answer (C) is correct. The purpose, authority, and responsibility of
the internal
audit activity must be formally defined in a charter. The CAE must
periodically
review and present the charter to senior management and the board
for approval
(Attr. Std. 1000).
Answer (D) is incorrect. Management and the board, not a particular
manager,
give the internal audit activity its authority.
[92] Gleim #: 1.8.92
A charter is one of the more important factors positively affecting the
internal audit
activity’s independence. Which of the following is least likely to be
part of the
charter?
A. Access to records within the organization.
B. The scope of internal audit activities.
C. The length of tenure of the chief audit executive.
D. Access to personnel within the organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 49
Printed for Sanja Knezevic
Answer (A) is incorrect. The charter establishes the internal audit
activity’s position
within the organization and authorizes access to records.
Answer (B) is incorrect. The charter establishes the internal audit
activity’s position
within the organization and defines the scope of internal audit
activities.
Answer (C) is correct. The length of the CAE’s employment should
not be codified in
the charter; it is a matter of ongoing judgment for the board.
Answer (D) is incorrect. The charter establishes the internal audit
activity’s position
within the organization and authorizes access to personnel.
[93] Gleim #: 1.8.93
Internal auditing has planned an engagement to evaluate the
effectiveness of the
quality assurance function as it affects the receipt of goods, the
transfer of the goods
into production, and the scrap costs related to defective items. The
engagement client
argues that such an engagement is not within the scope of the
internal audit activity
and should come under the purview of the quality assurance
department only. What is
the most appropriate response?
Refer to the internal audit activity’s charter and the approved
engagement plan
that includes the area designated for evaluation in the current time
period.
A.
Because quality assurance is a new function, seek the approval of
management as
a mediator to set the scope of the engagement.
B.
Indicate that the engagement will evaluate the function only in
accordance with
the standards set by, and approved by, the quality assurance
function before
beginning the engagement.
C.
Terminate the engagement because it will not be productive without
the client’s
cooperation.
D.
Answer (A) is correct. The written charter, approved by the board,
defines the
scope of internal audit activities (Inter. Std. 1000).
Answer (B) is incorrect. The engagement client does not determine
the scope of
this type of assurance engagement. A scope limitation imposed by
the client might
prevent the internal audit activity from achieving its objectives.
Answer (C) is incorrect. Other objectives may be established by
management and
the internal auditors. The engagement is not limited to the specific
standards set
by the quality assurance department. It considers such standards in
the
development of the engagement program.
Answer (D) is incorrect. The internal auditors must conduct the
engagement and
communicate any scope limitations to management and the board.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 50
Printed for Sanja Knezevic
fb.com/ciaaofficial
[94] Gleim #: 1.8.94
The chief audit executive has assigned an internal auditor to perform
a year-end
engagement to evaluate payroll records. The internal auditor has
contacted the director
of compensation and has been refused access to necessary
documents. To avoid this
problem,
Access to records relevant to performance of engagements should
be specified in
the internal audit activity’s charter.
A.
Internal auditing should be required to report to the CEO of B. the
organization.
By following the long-range planning process, access to all relevant
records
should be guaranteed.
C.
D. Board approval should be required for all scope limitations.
Answer (A) is correct. Specific guidelines are written in the internal
audit
activity’s charter authorizing access to records, personnel, and
physical properties
relevant to the performance of engagements (Inter. Attr. Std. 1000).
Such
provisions reduce the likelihood of scope limitations.
Answer (B) is incorrect. The internal audit activity need not report to
a specific
individual in the organization, although reporting administratively to
the CEO is
desirable.
Answer (C) is incorrect. Following the long-range planning process
provides no
guarantee of access.
Answer (D) is incorrect. The internal audit activity must inform the
board of any
scope limitations, but the board’s approval is not required.
[95] Gleim #: 1.8.95
The organizational position of the internal audit activity should be
free from the effects
of irresponsible policy changes by management. The most effective
way to ensure that
freedom is to
A. Have the internal audit charter approved by the board.
B. Adopt policies for the functioning of the internal audit activity.
C. Establish an audit committee within the board.
Develop written policies and procedures to serve as standards of
performance for
the internal audit activity.
D.
Answer (A) is correct. The internal audit charter is a formal
document that
defines the internal audit activity’s purpose, authority, and
responsibility. Final
approval of the internal audit charter resides with the board (Inter.
Attr. Std.
1000).
Answer (B) is incorrect. Adoption of policies for the functioning of
the internal
audit activity does not protect its organizational position.
Answer (C) is incorrect. The establishment of an audit committee
alone does not
ensure the status of the internal audit activity.
Answer (D) is incorrect. Written policies and procedures serve to
guide the
internal auditor but have little effect on management.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 51
Printed for Sanja Knezevic
[96] Gleim #: 1.8.96
Which of the following is not true with regard to the internal audit
charter?
It defines the authorities and responsibilities for the internal A. audit
activity.
B. It specifies the minimum resources needed for the internal audit
activity.
C. It provides a basis for evaluating the internal audit activity.
D. It should be approved by the board.
Answer (A) is incorrect. The charter formally defines the purpose,
authority, and
responsibilities of the internal audit activity.
Answer (B) is correct. The charter formally defines the purpose,
authority, and
responsibility of the internal audit activity. Resource requirements are
based on
risk-based plans that are consistent with organizational objectives;
they are not an
appropriate topic to codify in the internal audit charter.
Answer (C) is incorrect. The board can use the written charter as a
basis for
evaluating the internal audit activity.
Answer (D) is incorrect. Final approval of the internal audit charter
resides with
the board.
[97] Gleim #: 1.8.97
The chief audit executive (CAE) is best defined as the
A. Inspector general.
B. Person responsible for the internal audit function.
C. Outside provider of internal audit services.
Person responsible for overseeing the contract with the outside
provider of
internal audit services.
D.
Answer (A) is incorrect. The specific job title of the chief audit
executive may
vary across organizations (The IIA Glossary).
Answer (B) is correct. The CAE is a person in a senior position
responsible for
effectively managing the internal audit activity in accordance with the
internal
audit charter and the Definition of Internal Auditing, the Code of
Ethics, and the
Standards (The IIA Glossary).
Answer (C) is incorrect. The internal audit activity may be insourced.
Answer (D) is incorrect. The term “chief audit executive” is defined
broadly
because (1) the internal audit activity may be insourced or
outsourced and (2)
many different titles are used in practice.
[98] Gleim #: 1.8.98
After the chief audit executive receives approval from the board to
offer consulting
services, what should be done?
A. The CAE should begin performing consulting services.
B. The CAE should get approval from the internal auditors.
C. The internal audit charter should be amended.
The board should develop appropriate policies and procedures for
conducting
such engagements.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 52
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. After the CAE receives board approval, the
internal audit
charter must be amended and the CAE must establish policies and
procedures.
Answer (B) is incorrect. The CAE does not need to get additional
approval from the
internal auditors. Only board approval is required.
Answer (C) is correct. The purpose, authority, and responsibility of
the internal audit
activity must be formally defined in an internal audit charter (Attr. Std.
1000). The
nature of consulting services must be defined in the internal audit
charter (Impl. Std.
1000.C1).
Answer (D) is incorrect. The CAE must establish policies and
procedures to guide the
internal audit activity.
[99] Gleim #: 1.8.99
Staff members should be afforded an appropriate means through
which they can
discuss problems and receive updates regarding the internal audit
activity’s policies.
The most appropriate forum for this objective is
The internal audit activity’s informal communication A. lines.
B. Internal memoranda.
C. Staff meetings.
D. Employee evaluation conferences.
Answer (A) is incorrect. Informal communication is not the most
appropriate
forum.
Answer (B) is incorrect. Memoranda are usually impersonal and do
not afford a
good opportunity for maximum exchange of ideas.
Answer (C) is correct. Formal staff meetings provide the best
opportunity for
ensuring that issues are addressed timely and efficiently. In The
Practice of
Modern Internal Auditing, Sawyer states that one reason for staff
meetings is to
explain “routine administrative matters, to teach new techniques, and
even to let
off steam.” For example, staff members should be able to raise
questions about
ineffective procedures, promotions, salaries, or other problems.
Answer (D) is incorrect. The employee evaluation conference is not
a timely
place to discuss problems and receive updates.
[100] Gleim #: 1.8.100
The chief audit executive meets with the members of the internal
audit activity at
scheduled staff meetings. Which of the following is the most
appropriate function of
such a staff meeting?
A. Developing the engagement work schedule.
B. Revising travel, promotion, and compensation policies.
C. Explaining administrative policies and obtaining suggestions from
the staff.
D. Developing long-range training programs that will meet the staff’s
needs.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 53
Printed for Sanja Knezevic
Answer (A) is incorrect. Management of the internal audit activity
should develop
engagement work schedules.
Answer (B) is incorrect. Management of the internal audit activity
should revise
travel, promotion, and compensation policies.
Answer (C) is correct. In The Practice of Modern Internal Auditing,
Sawyer states
that one reason for staff meetings is to explain “routine administrative
matters, to teach
new techniques, and even to let off steam.” For example, staff
members should be able
to raise questions about ineffective procedures, promotions, salaries,
or other
problems.
Answer (D) is incorrect. Developing long-range training programs
that will meet the
staff’s needs should be done by management of the internal audit
activity.
[101] Gleim #: 1.8.101
Any program for selecting and developing the human resources of
the internal audit
activity will fail unless compensation is adequate at all levels of
responsibility.
Policies concerning compensation should
Link internal auditors’ compensation to the pay for comparable
positions in the
controller’s department.
A.
Provide for cost-of-living, longevity, and merit B. increases annually.
Be informal and as flexible as possible to allow the chief audit
executive to
respond to unusual situations.
C.
Be clearly stated and based on evaluations of position requirements
and individual
performance.
D.
Answer (A) is incorrect. No necessary correlation exists between
the work of
internal auditors and of the controller’s staff.
Answer (B) is incorrect. Increases need not necessarily be annual.
Answer (C) is incorrect. Formal, well-defined policies are preferable
to avoid
misunderstandings.
Answer (D) is correct. Internal auditing job descriptions are
important because,
among other things, they may be used to justify adequate salaries.
As part of an
overall personnel management and development program, they
should be used
together with periodic, formal performance appraisals as a basis for
compensation
adjustments and promotions.
[102] Gleim #: 2.1.1
Which of the following facts, by themselves, could contribute to a
lack of
independence of the internal audit activity?
The CEO accused the new auditor of not operating “in the best
interests of the
organization.”
I.
II. The majority of audit committee members come from within the
organization.
III. The internal audit activity’s charter has not been approved by the
board.
A. I only.
B. II only.
C. II and III only.
D. I, II, and III.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 54
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The other facts listed could also contribute
to a lack of
independence.
Answer (B) is incorrect. Lack of support by the CEO and lack of a
charter weaken the
internal audit activity’s position.
Answer (C) is incorrect. Lack of support by the CEO weakens the
internal audit
activity’s position.
Answer (D) is correct. The CEO’s statement suggests that the
internal audit activity
lacks the support of senior management and the board. Furthermore,
the lack of
outside audit committee members may contribute to a loss of
independence. The
board’s failure to approve the charter may have the same effect. The
charter enhances
the independence of the internal audit activity. By specifying the
purpose, authority,
and responsibility of the internal audit activity, it establishes the
position of internal
audit in the organization, including the nature of the chief audit
executive’s functional
reporting relationship with the board (Inter. Std. 1000).
[103] Gleim #: 2.1.2
To avoid being the apparent cause of conflict between an
organization’s senior
management and the board, the chief audit executive should
Communicate all engagement results to both senior management A.
and the board.
Strengthen the independence of the internal audit activity through
organizational
position.
B.
C. Discuss all reports to senior management with the board first.
Request board approval of policies that include internal audit activity
relationships
with the board.
D.
Answer (A) is incorrect. Receipt of all engagement results by senior
management
and the board is unnecessary and inefficient.
Answer (B) is incorrect. Organizational position helps the internal
audit activity
to achieve independence but is not, by itself, enough to avoid
conflict.
Answer (C) is incorrect. The board essentially has an oversight
rather than an
operational role.
Answer (D) is correct. To achieve the degree of independence
necessary to
effectively carry out the responsibilities of the internal audit activity,
the chief
audit executive has direct and unrestricted access to senior
management and the
board. This can be achieved through a dual-reporting relationship
(Inter. Std. 1100).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 55
Printed for Sanja Knezevic
[104] Gleim #: 2.1.3
An organization is in the process of establishing its new internal audit
activity. The
controller has no previous experience with internal auditors. Due to
this lack of
experience, the controller advised the applicants that the CAE will be
reporting to the
external auditors. However, the new chief audit executive will have
free access to the
controller to report anything important. The controller will then convey
the CAE’s
concerns to the board of directors. The internal audit activity will
Be independent because the CAE has direct access A. to the board.
B. Not be independent because the CAE reports to the external
auditors.
Not be independent because the controller has no experience with
internal
auditors.
C.
Not be independent because the organization did not specify that the
applicants
must be certified internal auditors.
D.
Answer (A) is incorrect. Under this arrangement, the internal audit
activity will
not have direct access to the board; the access will be indirect via
the controller.
Answer (B) is correct. To achieve the degree of independence
necessary to
effectively carry out the responsibilities of the internal audit activity,
the CAE has
direct and unrestricted access to senior management and the board
(Inter. Std. 1100). Also, the CAE must communicate and interact
directly with the
board (Attr. Std. 1111).
Answer (C) is incorrect. Whether the controller has experience with
internal
auditors does not affect the internal audit activity’s independence.
Answer (D) is incorrect. Although desirable, the CIA designation is
not
mandatory for a person to become an internal auditor. A CIA should
insist on
independence for the internal audit activity.
[105] Gleim #: 2.1.4
A medium-sized publicly owned organization operating in Country X
has grown to a
size that the governing authority believes warrants the establishment
of an internal
audit activity. Country X has legislated internal audit requirements for
governmentowned
organizations. The organization changed the bylaws to reflect the
establishment
of the internal audit activity. The governing authority decided that the
chief audit
executive (CAE) must be a certified internal auditor and will report
directly to the
newly established audit committee. Which of the items discussed
above will
contribute the most to the new CAE’s independence?
A. The establishment of the internal audit activity is documented in
the bylaws.
B. Country X has legislated internal auditing requirements.
C. The CAE will report to the audit committee.
D. The CAE is to be a certified internal auditor.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 56
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Documentation in the bylaws does little to
promote
independence.
Answer (B) is incorrect. Legislated internal audit requirements in
Country X do not
promote independence.
Answer (C) is correct. Independence is effectively achieved when
the CAE reports
functionally to the board (Inter. Std. 1110). The audit committee is a
subset of the
board.
Answer (D) is incorrect. Independence requires support from senior
management and
the board.
[106] Gleim #: 2.1.5
Which of the following activities undertaken by the internal auditor
might be in
conflict with the standard of independence?
Risk management A. consultant.
B. Product development team leader.
C. Ethics advocate.
D. External audit liaison.
Answer (A) is incorrect. An internal auditor’s acting as a risk
management
consultant does not impair the independence of the internal audit
activity.
Answer (B) is correct. Independence precludes internal auditors
from assuming
management roles. Product development team leader is a
management role.
Answer (C) is incorrect. Internal auditors and the internal audit
activity should
take an active role in support of an organization’s ethical culture,
assuming the
role of ethics advocate does not impair the internal auditor’s
independence.
Answer (D) is incorrect. The internal and external audit functions
share
information and work collaboratively outside of the influence of
management.
This role does not conflict with the independence standard.
[107] Gleim #: 2.1.6
The reporting relationship within the organization’s management
structure that
facilitates the day-to-day operations of the internal audit activity is
A. Administrative reporting.
B. Financial reporting.
C. Management reporting.
D. Functional reporting.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 57
Printed for Sanja Knezevic
Answer (A) is correct. Administrative reporting is the reporting
relationship within
the organization’s management structure that facilitates the day-today operations of
the internal audit activity. Administrative reporting typically includes
(1) budgeting
and management accounting; (2) human resource administration,
including personnel
evaluations and compensation; (3) internal communications and
information flows;
and (4) administration of the organization’s internal policies and
procedures (PA 11101, para. 4).
Answer (B) is incorrect. Financial reporting focuses primarily on
reporting
information about performance provided by measures of earnings
and its components.
Answer (C) is incorrect. A form of management reporting is issuance
of financial
statements, which report on the organization’s performance to
external parties.
Answer (D) is incorrect. Functional reporting involves reporting to
the board to
facilitate the internal audit activity’s independence.
[108] Gleim #: 2.1.7
An external quality assessment team was evaluating the
independence of an internal
audit activity. The internal audit activity performs engagements
concerning all of the
elements included in its scope. Which of the following reporting
responsibilities is
most likely to threaten the internal audit activity’s independence?
Reporting to the
A. President.
B. Treasurer.
C. Executive vice president.
D. Audit committee.
Answer (A) is incorrect. Being responsible to the president helps
preserve the
internal audit activity’s independence by enhancing its position in the
organization.
Answer (B) is correct. The CAE must report to a level within the
organization
that allows the internal audit activity to fulfill its responsibilities (Attr.
Std. 1110).
The higher the level to which the internal audit activity reports, the
more likely
that independence will be assured. Reporting to the treasurer limits
the influence
and independence of the internal audit activity.
Answer (C) is incorrect. The executive vice president is higher
ranking than the
treasurer.
Answer (D) is incorrect. Because the audit committee is a subset of
the board,
independence is enhanced when the internal audit activity reports to
the audit
committee.
[109] Gleim #: 2.1.8
The CAE should report functionally to the board. The board is
responsible for which
of the following activities?
I. Internal communication and information flows
II. Approval of the internal audit risk assessment and related audit
plan
III. Approval of annual compensation and salary adjustments for the
CAE
A. I and II.
B. II and III.
C. I and III.
D. I, II, and III.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 58
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Internal communication and information
flows are
administrative reporting items. Administrative reporting is the
reporting relationship
within the management structure. Furthermore, functional reporting
also involves the
board’s approval of annual compensation and salary adjustments for
the CAE.
Answer (B) is correct. Organizational independence is effectively
achieved when the
CAE reports functionally to the board. Examples of functional
reporting to the board
involve the board
Approving the internal audit charter
Approving the risk-based internal audit plan
Receiving communications from the CAE on the internal audit
activity’s
performance
Approving decisions regarding the appointment and removal of the
CAE
Making appropriate inquiries of management and the CAE to
determine whether
there are inappropriate scope or resource limitations (Inter. Attr. Std.
1110)
Answer (C) is incorrect. Internal communication and information
flows are
administrative reporting items. Moreover, functional reporting also
involves the
board’s approval of the internal audit risk assessment and related
audit plan.
Answer (D) is incorrect. Internal communication and information
flows are
administrative reporting items.
[110] Gleim #: 2.1.9
Independence permits internal auditors to render impartial and
unbiased judgments.
The best way to achieve independence is through
Individual knowledge A. and skills.
B. A dual-reporting relationship.
C. Supervision within the organization.
D. Organizational knowledge and skills.
Answer (A) is incorrect. Individual knowledge and skills allow
individual
auditors to achieve professional proficiency.
Answer (B) is correct. Independence is the freedom from conditions
that threaten
the ability of the internal audit activity to carry out internal audit
responsibilities
in an unbiased manner. To achieve the degree of independence
necessary to
effectively carry out the responsibilities of the internal audit activity,
the CAE has
direct and unrestricted access to senior management and the board.
This can be
achieved through a dual-reporting relationship (Inter. Std. 1100).
Answer (C) is incorrect. Supervision ensures that engagement
objectives are
achieved, quality is assured, and staff is developed.
Answer (D) is incorrect. Organizational knowledge and skills allow
the internal
audit activity collectively to achieve professional proficiency.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 59
Printed for Sanja Knezevic
[111] Gleim #: 2.1.10
When evaluating the independence of an internal audit activity, a
quality assurance
review team performing an external assessment considers several
factors. Which of the
following factors has the least amount of influence when judging an
internal audit
activity’s independence?
Criteria used in making internal auditors’ A. assignments.
B. The extent of internal auditor training in communications skills.
C. Relationship between engagement records and engagement
communications.
D. Impartial and unbiased judgments.
Answer (A) is incorrect. How individual internal auditors are
assigned relates to
independence. The auditor’s personal relationships with operating
personnel,
work experience with the engagement client, etc., affect
independence.
Answer (B) is correct. Training in communication relates to the
knowledge,
skills, and other competencies needed to perform engagements, not
to
independence.
Answer (C) is incorrect. If significant engagement observations
found in the
engagement records are omitted from the engagement
communications,
independence becomes an issue.
Answer (D) is incorrect. Unbiased judgment is an aspect of
independence.
[112] Gleim #: 2.1.11
The optimal administrative reporting line of the CAE is to
A. The audit committee.
B. Line management.
C. Board of directors.
D. CEO or equivalent.
Answer (A) is incorrect. Functional reporting is to the board.
Answer (B) is incorrect. Administrative reporting preferably is to the
CEO.
Answer (C) is incorrect. The CAE must communicate and interact
directly with
the board. Functional reporting needs to be to the board.
Answer (D) is correct. Administrative reporting is the reporting
relationship
within the organization’s management structure that facilitates the
day-to-day
operations of the internal audit activity. Administrative reporting
typically
includes (1) budgeting and management accounting; (2) human
resource
administration, including personnel evaluations and compensation;
(3) internal
communications and information flows; and (4) administration of the
organization’s internal policies and procedures (PA 1110-1, para. 4).
Reporting
functionally to the board and administratively to the CEO facilitates
organizational independence (PA 1110-1, para. 2).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 60
Printed for Sanja Knezevic
fb.com/ciaaofficial
[113] Gleim #: 2.1.12
Regardless of which reporting relationship the organization chooses,
several key
actions can help ensure that the reporting lines support and enable
the effectiveness
and independence of the internal auditing activity. Which key action
will not achieve
its functional reporting purpose?
Organizational independence is effectively achieved when the CAE
reports
functionally to the board (Interpretation of Standard 1110).
A.
The CAE should meet with the board, with management present, to
reinforce the
independence of the internal audit activity.
B.
The board should have the final authority to approve the internal
audit risk
assessment.
C.
The board should approve the CAE’s performance D. evaluation.
Answer (A) is incorrect. Functional reporting to the board facilitates
the
independence of the internal audit activity.
Answer (B) is correct. Private meetings between the CAE and the
board without
management present are an essential part of the functional reporting
relationship
(PA 1110-1, para. 3).
Answer (C) is incorrect. The board approves all decisions regarding
the
performance evaluation, appointment, or removal of the CAE.
Answer (D) is incorrect. The board approves the internal audit risk
assessment
and the related audit plan.
[114] Gleim #: 2.1.13
A formal document (charter) approved by the board that defines the
internal audit
activity’s purpose, authority, and responsibility enhances its
A. Exercise of due professional care.
B. Proficiency.
C. Relationship with management.
D. Independence.
Answer (A) is incorrect. Due professional care is an attribute of work
performed.
Answer (B) is incorrect. Proficiency results from possessing the
knowledge,
skills, and other competencies required for internal auditors to
perform their
individual responsibilities.
Answer (C) is incorrect. The internal audit activity’s relationship with
management is a function of professionalism. The charter
establishes
independence, not a working relationship.
Answer (D) is correct. The charter establishes the internal audit
activity’s
position within the organization, including the nature of the chief audit
executive’s functional reporting relationship with the board (Inter. Attr.
Std.
1000). To achieve the degree of independence necessary to
effectively carry out
the responsibilities of the internal audit activity, the CAE has direct
and
unrestricted access to senior management and the board (Inter. Attr.
Std. 1100).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 61
Printed for Sanja Knezevic
[115] Gleim #: 2.1.14
The reporting structure that is most likely to allow the internal audit
activity to
accomplish its responsibilities is to report administratively to the
Board and functionally to the chief A. executive officer.
B. Controller and functionally to the chief financial officer.
C. Chief executive officer and functionally to the board of directors.
D. Chief executive officer and functionally to the external auditor.
Answer (A) is incorrect. The reverse arrangement is appropriate.
The board is not
involved in the routine management of the firm.
Answer (B) is incorrect. Reporting administratively to the controller
and
functionally to the chief financial officer would result in insufficient
organizational status for internal auditing.
Answer (C) is correct. Reporting functionally to the board and
administratively to
the organization’s CEO facilitates organizational independence (PA
1110-1,
para. 2).
Answer (D) is incorrect. The external auditor is not part of the
organizational
hierarchy.
[116] Gleim #: 2.1.15
The organizational level to which the internal audit activity reports
A. Must be sufficient to permit the accomplishment of the activity’s
responsibilities.
B. Is best when the reporting relationship is direct to the board of
directors.
Requires only the board’s annual approval of the engagement work
schedule,
staffing plan, and financial budget.
C.
D. Is guaranteed when the charter specifically defines the activity’s
independence.
Answer (A) is correct. The CAE must report to a level within the
organization
that allows the internal audit activity to fulfill its responsibilities (Attr.
Std. 1110).
Answer (B) is incorrect. The internal audit activity requires day-today support
that cannot be provided by the board. For this reason, the internal
audit activity
should report administratively to the CEO of the organization.
Answer (C) is incorrect. Independence requires reporting to a level
that can deal
with more than simple administrative concerns.
Answer (D) is incorrect. A statement in the charter does not
guarantee
independence.
[117] Gleim #: 2.1.16
The board is most likely to participate in approving
A. Staff promotions and salary increases.
B. Engagement communication observations, conclusions, and
recommendations.
C. Engagement work programs.
D. Appointment of the chief audit executive.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 62
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The organization’s CAE is responsible for
staff promotions.
Answer (B) is incorrect. The organization’s CAE is responsible for
approving
engagement communication observations, conclusions, and
recommendations.
Answer (C) is incorrect. The CAE or designee provides appropriate
engagement
supervision, which includes providing appropriate instructions during
the planning of
the engagement and approving the engagement program.
Answer (D) is correct. Organizational independence is effectively
achieved when the
CAE reports functionally to the board. Examples of functional
reporting to the board
involve the board
Approving the internal audit charter
Approving the risk-based internal audit plan
Receiving communications from the CAE on the internal audit
activity’s
performance
Approving decisions regarding the appointment and removal of the
CAE
Making appropriate inquiries of management and the CAE to
determine whether
there are inappropriate scope or resource limitations (Inter. Attr. Std.
1110)
[118] Gleim #: 2.1.17
The IIA has indicated that to achieve necessary independence, the
CAE should report
functionally to whom?
A. Senior management.
B. Shareholders.
C. Chief executive officer.
D. The board.
Answer (A) is incorrect. Organizational independence is facilitated
when the
CAE reports functionally to the board and administratively to the
CEO.
Answer (B) is incorrect. The CAE should report to the audit
committee (i.e., the
board).
Answer (C) is incorrect. The CAE optimally reports to the CEO for
administrative purposes.
Answer (D) is correct. Organizational independence is effectively
achieved when
the CAE reports functionally to the board (Inter. Attr. Std. 1110).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 63
Printed for Sanja Knezevic
[119] Gleim #: 2.1.18
A service organization is currently experiencing a significant
downsizing and process
reengineering. Its board of directors has redefined the business
goals and established
initiatives using in-house developed technology to meet these goals.
As a result, a
more decentralized approach has been adopted to run the business
functions by
empowering the business branch managers to make decisions and
perform functions
traditionally done at a higher level. The internal auditing staff is made
up of the chief
audit executive, two managers, and five staff auditors, all with
financial background.
In the past, the primary focus of successful internal audit activities
has been the service
branches and the six regional division headquarters that support the
branches. These
division headquarters are the primary targets for possible elimination.
The support
functions such as human resources, accounting, and purchasing will
be brought into
the national headquarters, and technology will be enhanced to
enable and augment
these operations. Up to this point, the internal audit activity has
reported to the chief
operating officer. Due to the significant changes, there has been
some discussion as to
changing this reporting relationship. What would be the best
reporting relationship?
Administratively and functionally A. to the president.
B. Administratively to the president and functionally to the board.
C. Administratively to the chief financial officer and functionally to the
president.
D. Administratively and functionally to the chief operating officer.
Answer (A) is incorrect. Organizational independence is effectively
achieved
when the CAE reports functionally to the board.
Answer (B) is correct. The chief audit executive must report to a
level within the
organization that allows the internal audit activity to fulfill its
responsibilities
(Attr. Std. 1110). The chief audit executive (CAE), reporting
functionally to the
board and administratively to the organization’s chief executive
officer, facilitates
organizational independence (PA 1110-1, para. 2).
Answer (C) is incorrect. The CAE, reporting functionally to the board
and
administratively to the organization’s chief executive officer,
facilitates
organizational independence.
Answer (D) is incorrect. The best reporting relationship is
administratively to the
president, functionally to the board.
[120] Gleim #: 2.1.19
A charter is being drafted for a newly formed internal audit activity.
Which of the
following best describes an appropriate organizational position to be
incorporated into
the charter?
The chief audit executive reports to the chief executive officer but
has access to
the board.
A.
B. The chief audit executive is a member of the board.
C. The chief audit executive is a staff officer reporting to the chief
financial officer.
D. The chief audit executive reports to an administrative vice
president.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 64
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. The CAE, reporting functionally to the board
and
administratively to the organization’s CEO, facilitates organizational
independence
(PA 1110-1, para. 2). The CAE must communicate and interact
directly with the board
(Attr. Std. 1111).
Answer (B) is incorrect. Placing the CAE in a governance position
impairs his/her
objectivity.
Answer (C) is incorrect. Serving as a staff officer and reporting to
the CFO limit the
influence and independence of the internal audit activity.
Answer (D) is incorrect. Reporting to an administrative vice
president limits the
influence and independence of the internal audit activity.
[121] Gleim #: 2.1.20
According to the International Professional Practices Framework, the
independence of
the internal audit activity is achieved through
Staffing A. and supervision.
B. Continuing professional development and due professional care.
C. Human relations and communications.
D. Organizational status and objectivity.
Answer (A) is incorrect. Staffing and supervision relate to
proficiency rather than
independence.
Answer (B) is incorrect. Continuing professional development and
due
professional care relate to proficiency rather than independence.
Answer (C) is incorrect. Human relations and communications relate
to to
proficiency rather than independence.
Answer (D) is correct. The organizational status most conducive to
this degree of
independence is a dual-reporting relationship. Objectivity is an
individual attribute
of each internal auditor. Objectivity requires that internal auditors do
not
subordinate their judgment on audit matters to others (Inter. Attr. Std.
1100, para.
2).
[122] Gleim #: 2.1.21
Freedom from conditions that threaten internal auditors’ ability to do
unbiased work is
A. Control.
B. Compliance.
C. Independence.
D. Avoidance of conflicts of interest.
Answer (A) is incorrect. Control is “any action taken by
management, the board,
or other parties to manage risk and increase the likelihood that
established
objectives and goals will be achieved” (The IIA Glossary).
Answer (B) is incorrect. Compliance is “adherence to policies, plans,
procedures,
laws, regulations, contracts, or other requirements” (The IIA
Glossary).
Answer (C) is correct. Independence is “the freedom from conditions
that
threaten the ability of the internal audit activity to carry out internal
audit
responsibilities in an unbiased manner” (The IIA Glossary).
Answer (D) is incorrect. Conditions other than conflicts of interest
may create
bias or the appearance of bias.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 65
Printed for Sanja Knezevic
[123] Gleim #: 2.1.22
In some cultures and organizations, managers insist that an internal
audit activity is not
needed to provide a critical assessment of the organization’s
operations. This kind of
management attitude will most probably have an adverse effect on
the internal audit
activity’s
Operating A. budget variance.
B. Effectiveness.
C. Performance appraisals.
D. Policies and procedures.
Answer (A) is incorrect. An operating budget variance report is a
control device
used to monitor actual performance. Lack of management
cooperation could cause
unfavorable variances, but favorable variances also could occur if
many
engagements were subject to scope impairments.
Answer (B) is correct. In this situation, management is highly averse
to analysis
or possible criticism of its actions. Consequently, the internal audit
activity will
most likely not report to an organizational level that will allow it to
fulfill its
responsibilities (Attr. Std. 1110). Furthermore, engagement
communications are
unlikely to receive adequate consideration, and appropriate action is
unlikely to be
taken on engagement recommendations (PA 1110-1, para. 2).
Answer (C) is incorrect. Evaluation of the internal auditing staff
should not be
affected by lack of cooperation on the part of noninternal auditing
management.
Answer (D) is incorrect. Policies and procedures of the internal audit
activity are
developed by the internal audit activity. They should not be affected
by
noninternal auditing management.
[124] Gleim #: 2.2.23
During the performance of an engagement to evaluate a division’s
controls over
purchasing, the chief purchasing agent asked why the internal
auditor had requested
documents pertaining to transactions with a particular supplier. The
internal auditor’s
proper response is to
A. Treat the inquiry as a scope limitation.
Explain the reasons for the information request to promote
cooperation with the
engagement client.
B.
Refuse to explain the information request to preserve the integrity of
the
engagement process.
C.
Consider the specific circumstances before deciding whether to
disclose the
reasons for the information request.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 66
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. A scope limitation is a restriction placed
upon the internal
audit activity that precludes it from accomplishing its objectives and
plans.
Answer (B) is incorrect. The CAE should consider the specific
circumstances before
deciding whether to disclose the reasons for the information request.
Answer (C) is incorrect. It is not always necessary or desirable to
refuse to explain an
information request.
Answer (D) is correct. At times, an internal auditor may be asked by
the engagement
client or other parties to explain why a document that has been
requested is relevant to
an engagement. Disclosure or nondisclosure during the engagement
of the reasons
documents are needed should be determined based on the
circumstances. Significant
irregularities may dictate a less open environment than would
normally contribute to a
cooperative engagement. However, that is a judgment that should be
made by the chief
audit executive in light of the specific circumstances. Moreover, the
internal audit
activity must be free from interference in determining the scope of
internal auditing,
performing work, and communicating results (Impl. Std. 1110.A1).
[125] Gleim #: 2.2.24
An appropriate internal auditing role in a feasibility study is to
Serve on the task force for the A. preliminary survey.
B. Ascertain if the feasibility study addresses cost-benefit
relationships.
C. Determine the requirements for preparing a manual of
specifications.
Participate in the drafting of recommendations for the computer
acquisition and
implementation.
D.
Answer (A) is incorrect. Serving on the task force for the preliminary
survey is
appropriate for users and functional management.
Answer (B) is correct. Assessing the adequacy of a feasibility study
is properly
within the scope of work of internal audit. The other three choices
involve internal
audit participation in decisions that are properly those of
management.
Answer (C) is incorrect. Determining the requirements for preparing
a manual of
specifications is appropriate for users and functional management.
Answer (D) is incorrect. Computer experts should participate in the
drafting of
recommendations for the computer acquisition and implementation.
[126] Gleim #: 2.2.25
Internal auditors must be objective in performing their work. Assume
that the chief
audit executive received an annual bonus as part of that individual’s
compensation
package. The bonus may impair the CAE’s objectivity if
The bonus is administered by the board of directors or its salary
administration
committee.
A.
The bonus is based on monetary amounts recovered or
recommended future
savings as a result of engagements.
B.
C. The scope of internal auditing is evaluating control rather than
account balances.
D. All of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 67
Printed for Sanja Knezevic
Answer (A) is incorrect. The board of directors needs to determine
the CAE’s
compensation.
Answer (B) is correct. Internal auditors must have an impartial,
unbiased attitude and
avoid any conflict of interest (Attr. Std. 1120). Conflict of interest is a
situation in
which an internal auditor, who is in a position of trust, has a
competing professional or
personal interest (Inter. Std. 1120). In this case, the CAE’s objectivity
could be
impaired if the bonus, a competing personal interest, is based on
monetary amounts
recovered or recommended future savings as a result of
engagements.
Answer (C) is incorrect. The internal audit activity’s scope of work
includes
evaluating and contributing to the improvement of risk management,
control, and
governance processes.
Answer (D) is incorrect. Objectivity is not impaired if the board
determines the
director’s compensation or if the scope of work is evaluating control
rather than
account balances.
[127] Gleim #: 2.2.26
Objectivity is most likely impaired by an internal auditor’s
Continuation on an engagement at a division for which (s)he will
soon be
responsible as the result of a promotion.
A.
Reduction of the scope of an engagement due to budget B.
restrictions.
Participation on a task force that recommends standards for control
of a new
distribution system.
C.
D. Review of a purchasing agent’s contract drafts prior to their
execution.
Answer (A) is correct. Internal auditors must have an impartial,
unbiased attitude
and avoid any conflict of interest (Attr. Std. 1120). Conflict of interest
is a
situation in which an internal auditor, who is in a position of trust, has
a
competing professional or personal interest (Inter. Std. 1120). The
internal
auditor’s promotion may create a bias.
Answer (B) is incorrect. Budget restrictions do not constitute an
impairment of
independence or objectivity.
Answer (C) is incorrect. An internal auditor may recommend, but not
implement,
standards of control and still maintain objectivity.
Answer (D) is incorrect. An internal auditor may review contracts
prior to their
execution.
[128] Gleim #: 2.2.27
In which of the following scenarios does the auditor most likely have
organizational
independence but lack objectivity?
Reports to the audit client but does not report fully about the reason
for corrective
action taken.
A.
B. Reports to the board and reports fully about corrective action
taken.
C. Reports to the audit client and reports fully about corrective action
taken.
Reports to the board but does not report fully about the reason for
corrective
action taken.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 68
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Reporting to the audit client does not allow
the internal audit
activity to fulfill its responsibilities.
Answer (B) is incorrect. When the auditor reports to the board and
reports fully about
the corrective action taken, no apparent independence or objectivity
issue arises.
Answer (C) is incorrect. Reporting to the client indicates a lack of
independence.
Answer (D) is correct. Organizational independence is effectively
achieved when the
CAE reports functionally to the board (Inter. Attr. Std. 1110). Failing to
report fully
about the reason for corrective action may imply bias (a loss of
objectivity) with regard
to the audit client.
[129] Gleim #: 2.2.28
An internal auditor most likely will have a conflict of interest by
providing an
assurance service with regard to a
Financial activity in which the internal auditor had been a key
employee 5 years
previously.
A.
Purchasing activity if a major supplier is owned by the internal
auditor’s sister-inlaw.
B.
Data processing center for which the internal auditor had performed
the service
three times previously.
C.
Computer system for which the internal auditor had been the internal
audit
activity’s representative on the design team.
D.
Answer (A) is incorrect. Objectivity is presumed to be impaired if an
internal
auditor provides assurance services for an activity for which the
internal auditor
had responsibility within the previous year. Thus, 5 years is a
reasonable lapse of
time to safeguard the employee from a charge of conflict of interest.
Answer (B) is correct. The CAE makes staff assignments so that
potential and
actual conflicts of interest and bias are avoided (PA 1120-1, para. 2).
A close
relative’s involvement with a supplier of an engagement client is an
apparent
conflict of interest.
Answer (C) is incorrect. Although rotation of assignments is
preferable, no
conflict of interest is involved in performing an assurance service for
the same
activity repeatedly.
Answer (D) is incorrect. Objectivity is not impaired if the internal
auditor’s
responsibility was limited to recommending standards of control for
systems or
reviewing procedures before implementation.
[130] Gleim #: 2.2.29
Management has requested the internal audit activity to perform an
engagement to
recommend procedures and policies for improving management
control over the
telephone marketing operations of a major division. The chief audit
executive should
Not accept the engagement because recommending controls would
impair future
objectivity regarding this operation.
A.
Not accept the engagement because internal audit activities are
presumed to have
expertise regarding accounting controls, not marketing controls.
B.
Accept the engagement, but indicate to management that, because
recommending
controls impairs independence, future engagements in the area will
be impaired.
C.
Accept the engagement because objectivity will D. not be impaired.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 69
Printed for Sanja Knezevic
Answer (A) is incorrect. The CAE should accept the engagement.
Recommending
controls is not considered to impair independence or objectivity.
Answer (B) is incorrect. The engagement should be accepted. The
internal audit
activity must have or obtain the knowledge, skills, and competencies
to evaluate and
improve all of the organization’s risk management, control, and
governance processes.
Answer (C) is incorrect. Independence is not impaired by making
control
recommendations.
Answer (D) is correct. The CAE should accept the engagement.
Recommending
standards of control for systems or reviewing procedures prior to
implementation does
not impair objectivity (PA 1120-1, para. 4).
[131] Gleim #: 2.2.30
Which of the following statements is an appropriate reason for the
internal audit
activity not to participate in the systems development process?
Recommendations prior to implementation will affect independence,
and the
internal auditors will not be able to perform an objective evaluation
after the
system is implemented.
A.
Participation will delay implementation B. of the project.
Participation will cause the internal auditors to be labeled as partial
owners of the
application, and they will then have to share the blame for any
problems that
remain in the system.
C.
D. None of the answers are correct.
Answer (A) is incorrect. Internal audit activity independence is not
affected by
recommending control standards or reviewing procedures before
implementation.
Answer (B) is incorrect. Internal audit activity participation will not
delay the
project unless needed controls were absent.
Answer (C) is incorrect. The internal auditors may participate in
systems
development but must not draft procedures or design, install, or
operate the
system.
Answer (D) is correct. Objectivity is not adversely affected when the
internal
auditors recommend standards of control for systems or review
procedures before
they are implemented. Designing, installing, drafting procedures for,
or operating
systems is presumed to impair objectivity (PA 1120-1, para. 4).
[132] Gleim #: 2.2.31
Assessing individual objectivity of internal auditors is the
responsibility of
A. The chief executive officer.
B. The board.
C. The audit committee.
D. The chief audit executive.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 70
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Assessing individual objectivity of internal
auditors is the
responsibility of the chief audit executive.
Answer (B) is incorrect. Assessing individual objectivity of internal
auditors is the
responsibility of the chief audit executive.
Answer (C) is incorrect. Assessing individual objectivity of internal
auditors is the
responsibility of the chief audit executive.
Answer (D) is correct. The CAE must establish policies and
procedures to assess the
objectivity of individual internal auditors.
[133] Gleim #: 2.2.32
Which of the following activities is not presumed to impair the
objectivity of an
internal auditor?
Recommending standards of control for a new information I. system
application
Drafting procedures for running a new computer application to
ensure that proper
controls are installed
II.
Performing reviews of procedures for a new computer application
before it is
installed
III.
A. I only.
B. II only.
C. III only.
D. I and III.
Answer (A) is incorrect. Performing reviews of procedures is
presumed not to
impair objectivity.
Answer (B) is incorrect. Drafting procedures is presumed to impair
objectivity.
Answer (C) is incorrect. Recommending standards of control is
presumed not to
impair objectivity.
Answer (D) is correct. The internal auditor’s objectivity is not
adversely affected
when the auditor recommends standards of control for systems or
reviews
procedures before they are implemented. Designing, installing, or
drafting
procedures for operating systems is presumed to impair objectivity
(PA 1120-1,
para. 4).
[134] Gleim #: 2.2.33
Reengineering is the thorough analysis, fundamental rethinking, and
complete
redesign of essential business processes. The intended result is a
dramatic
improvement in service, quality, speed, and cost. An internal auditor’s
involvement in
reengineering should include all of the following except
A. Determining whether the process has senior management’s
support.
B. Recommending areas for consideration.
C. Developing audit plans for the new system.
D. Directing the implementation of the redesigned process.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 71
Printed for Sanja Knezevic
Answer (A) is incorrect. Internal auditors may perform the function
of determining
whether the process has senior management’s support.
Answer (B) is incorrect. Internal auditors may perform the function
of recommending
areas for consideration.
Answer (C) is incorrect. Internal auditors may perform the function
of developing
audit plans for the new system.
Answer (D) is correct. Designing, installing, or drafting procedures
for operating
systems is presumed to impair objectivity (PA 1120-1, para. 4).
[135] Gleim #: 2.2.34
An activity appropriately performed by the internal audit activity is
Designing A. systems of control.
B. Drafting procedures for systems of control.
C. Reviewing systems of control before implementation.
D. Installing systems of control.
Answer (A) is incorrect. Designing systems is presumed to impair
objectivity.
Answer (B) is incorrect. Drafting procedures for systems is
presumed to impair
objectivity.
Answer (C) is correct. The internal auditor’s objectivity is not
adversely affected
when the auditor recommends standards of control for systems or
reviews
procedures before they are implemented (PA 1120-1, para. 4).
Answer (D) is incorrect. Installing systems of control is presumed to
impair
objectivity.
[136] Gleim #: 2.2.35
Which of the following most seriously compromises confidence in the
internal audit
activity?
Internal auditors frequently draft revised procedures for departments
whose
procedures have been criticized in an engagement communication.
A.
The chief audit executive has dual reporting responsibility to the
organization’s
chief executive officer and the board of directors.
B.
The internal audit activity and the organization’s external auditors
engage in joint
planning of total engagement coverage to avoid duplicating each
other’s work.
C.
The internal audit activity is included in the review cycle of the
organization’s
contracts with other organizations before the contracts are executed.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 72
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Confidence in the internal audit activity
derives from
independence (an attribute of the internal audit activity as a whole),
and objectivity (an
attribute of individual internal auditors). Because designing, installing,
drafting
procedures for, or operating systems impairs the objectivity of
internal auditors (PA
1120-1, para. 4), such services may create a conflict of interest, a
situation in which
internal auditors have a competing professional or personal interest.
This may create an
appearance of impropriety that undermines confidence in the internal
audit activity
(Inter. Attr. Std. 1120).
Answer (B) is incorrect. Dual reporting to the CEO and the board of
directors is ideal.
Answer (C) is incorrect. The CAE should share information and
coordinate activities
with other internal and external providers to ensure proper coverage
and minimize
duplication of efforts.
Answer (D) is incorrect. Including the internal audit activity in the
review cycle of the
organization’s contracts is appropriate.
[137] Gleim #: 2.2.36
An organization is planning to develop and implement a new
computerized purchase
order system in one of its manufacturing subsidiaries. The vice
president of
manufacturing has requested that internal auditors participate on a
team consisting of
representatives from finance, manufacturing, purchasing, and
marketing. This team
will be responsible for the implementation effort. Eager to take on this
high profile
project, the chief audit executive assigns a senior internal auditor to
the project to
assist “as needed.” Assuming the senior internal auditor performed
all of the
following activities, which one will impair objectivity if the internal
auditor is asked to
review the purchase order system on a post-engagement basis?
Helping to identify and define A. control objectives.
B. Testing for compliance with system development standards.
C. Evaluate risk exposures of systems and programming standards.
D. Drafting operating procedures for the new system.
Answer (A) is incorrect. Helping to identify and define control
objectives is an
appropriate internal audit function.
Answer (B) is incorrect. Internal auditors should evaluate risk
exposures and the
controls relating to compliance with laws, regulations, and contracts.
Answer (C) is incorrect. Internal auditors evaluate risk exposures of
information
systems. They may also recommend standards of control or review
procedures
before implementation without adversely affecting their objectivity.
Answer (D) is correct. An internal auditor’s objectivity is not
adversely affected
when the auditor recommends standards of control for systems or
reviews
procedures before they are implemented. Designing, installing,
drafting
procedures for, or operating systems, however, are presumed to
impair the internal
auditor’s objectivity (PA 1120-1, para. 4).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 73
Printed for Sanja Knezevic
[138] Gleim #: 2.2.37
The major reason for the internal auditor’s involvement in information
systems
development is for the internal auditor to
Gain familiarity with systems for use in A. subsequent reviews.
B. Help assure that systems have adequate control procedures.
C. Help minimize the cost and development time for new systems.
D. Propose enhancements for subsequent development and
implementation.
Answer (A) is incorrect. Gaining familiarity with systems for use in
subsequent
reviews is not the major reason for the internal auditor’s involvement
in
information systems development.
Answer (B) is correct. The internal audit activity evaluates and
improves risk
management, control, and governance processes. The internal
auditor’s objectivity
is not adversely affected when the auditor recommends standards of
control for
systems or reviews procedures before they are implemented. The
auditor’s
objectivity is considered to be impaired if the auditor designs, installs,
drafts
procedures for, or operates such systems (PA 1120-1, para. 4).
Answer (C) is incorrect. Minimizing the cost and development time
for new
systems is not the major reason for the internal auditor’s involvement
in
information systems development.
Answer (D) is incorrect. Proposing enhancements for subsequent
development
and implementation is a managerial, not an internal auditing,
function.
[139] Gleim #: 2.2.38
Assuming that the internal auditing staff possesses the necessary
experience and
training, which of the following services is most appropriate for a staff
internal auditor
to undertake?
A. Substitute for the accounts payable supervisor while (s)he is on
sick leave.
Determine the profitability of alternative investment acquisitions and
select the
best alternative.
B.
As part of an evaluation team, review vendor accounting software
internal
controls and rank according to exposures.
C.
Participate in an internal audit of the accounting department shortly
after
transferring from the accounting department.
D.
Answer (A) is incorrect. An internal auditor’s objectivity is presumed
to be
impaired for at least 1 year with respect to activities (s)he previously
performed.
Answer (B) is incorrect. Investment decisions are management’s
responsibility.
Answer (C) is correct. An internal auditor’s objectivity is not impaired
when the
auditor recommends standards of control for systems or reviews
procedures before
they are implemented (PA 1120-1, para. 4).
Answer (D) is incorrect. An internal auditor should not be assigned
to
engagements concerning activities (s)he previously performed until
at least 1 year
has elapsed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 74
Printed for Sanja Knezevic
fb.com/ciaaofficial
[140] Gleim #: 2.2.39
Internal auditors should be objective. Objectivity
Requires internal auditors not to subordinate their judgment on audit
matters to
that of others.
A.
Is required only in assurance B. engagements.
C. Is freedom from threats to the ability to perform audit work without
bias.
Prohibits internal auditors from providing consulting services relating
to
operations for which they had previous responsibility.
D.
Answer (A) is correct. Objectivity is “an unbiased mental attitude that
allows
internal auditors to perform engagements in such a manner that they
believe in
their work product and that no quality compromises are made.
Objectivity requires
that internal auditors do not subordinate their judgment on audit
matters to others”
(The IIA Glossary).
Answer (B) is incorrect. Objectivity also is required in a consulting
engagement.
Answer (C) is incorrect. Independence is freedom from threats to
the ability to
perform audit work without bias.
Answer (D) is incorrect. Internal auditors may provide consulting
services
relating to operations for which they had previous responsibility.
[141] Gleim #: 2.2.40
The CAE bears the responsibility to do which of the following?
A. Assess the level of independence of the board.
Assess the level of knowledge, skills, and competencies of the chief
financial
officer.
B.
C. Foster collective objectivity.
D. Foster individual objectivity.
Answer (A) is incorrect. Independence is a quality of the internal
audit activity,
not the board.
Answer (B) is incorrect. The concept of knowledge, skills, and
competencies
applies to individual internal auditors.
Answer (C) is incorrect. Objectivity is an individual, not a collective,
quality.
Answer (D) is correct. The CAE must establish policies and
procedures to assess
the objectivity of individual internal auditors.
[142] Gleim #: 2.2.41
Which of the following is a true statement regarding the timing of
assessments of
individual objectivity on the part of internal auditors?
A. It must be performed annually.
B. It must be performed in conjunction with the audit risk
assessment.
C. It is performed at the discretion of the board.
D. It is performed at the discretion of the CAE.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 75
Printed for Sanja Knezevic
Answer (A) is incorrect. The CAE determines the appropriate time
frame for
assessing the objectivity of internal audit staff.
Answer (B) is incorrect. The CAE determines the appropriate time
frame for assessing
the objectivity of internal audit staff.
Answer (C) is incorrect. The CAE determines the appropriate time
frame for assessing
the objectivity of internal audit staff.
Answer (D) is correct. The CAE must establish policies and
procedures to assess the
objectivity of individual internal auditors. These can take the form of
periodic reviews
of conflicts of interest or as-needed assessments during the staffing
requirements phase
of each engagement.
[143] Gleim #: 2.2.42
Which of the following actions is required of the CAE in regard to the
objectivity of
internal auditors?
A. Maximize.
B. Prioritize.
C. Manage.
D. Assess.
Answer (A) is incorrect. The CAE’s responsibility with regard to the
objectivity
of internal auditors is to assess and maintain.
Answer (B) is incorrect. The CAE’s responsibility with regard to the
objectivity
of internal auditors is to assess and maintain.
Answer (C) is incorrect. The CAE’s responsibility with regard to the
objectivity
of internal auditors is to assess and maintain.
Answer (D) is correct. The CAE must establish policies and
procedures to assess
the objectivity of individual internal auditors.
[144] Gleim #: 2.2.43
The CAE bears the responsibility to do which of the following?
A. Encourage the objectivity of the board.
B. Encourage the objectivity of the CEO.
C. Foster an attitude of professional skepticism among members of
the board.
D. Maintain individual objectivity.
Answer (A) is incorrect. Objectivity is a quality of individual internal
auditors,
not the board.
Answer (B) is incorrect. Objectivity is a quality of individual internal
auditors,
not the CEO.
Answer (C) is incorrect. The CAE must establish policies and
procedures to
assess the objectivity of individual internal auditors.
Answer (D) is correct. The CAE must establish policies and
procedures to assess
the objectivity of individual internal auditors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 76
Printed for Sanja Knezevic
fb.com/ciaaofficial
[145] Gleim #: 2.2.44
Maintaining individual objectivity of internal auditors is the
responsibility of
The chairperson of the A. board of directors.
B. The chairperson of the audit committee.
C. The external assessment team.
D. The chief audit executive.
Answer (A) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (B) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity. The factor
most important
to the maintenance of individual objectivity.
Answer (C) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (D) is correct. The responsibility rests with the CAE and with
internal
auditors themselves to maintain a sense of objectivity.
[146] Gleim #: 2.2.45
Maintaining individual objectivity is most dependent on
Clearly informing auditee departments and functions of The IIA
definition of
conflict of interest.
A.
B. An annual evaluation by the board.
C. An annual evaluation by an external assessment team.
D. Internal auditors avoiding conflicts of interest.
Answer (A) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (B) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (C) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (D) is correct. Internal auditors should be aware of the
possibility of new
conflicts of interest that may arise owing to changes in personal
circumstances or
the particular auditees to which an auditor may be assigned.
[147] Gleim #: 2.2.46
Which of the following actions is required of the CAE and internal
auditors
themselves in regard to the objectivity of internal auditors?
A. Maintain.
B. Delegate.
C. Enhance.
D. Promote.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 77
Printed for Sanja Knezevic
Answer (A) is correct. The responsibility rests with the CAE and with
internal
auditors themselves to maintain a sense of objectivity.
Answer (B) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (C) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
Answer (D) is incorrect. The responsibility rests with the CAE and
with internal
auditors themselves to maintain a sense of objectivity.
[148] Gleim #: 2.3.47
When faced with an imposed scope limitation, the chief audit
executive needs to
Refuse to perform the engagement until the scope limitation A. is
removed.
B. Communicate the potential effects of the scope limitation to the
board.
C. Increase the frequency of engagements concerning the activity in
question.
D. Assign more experienced personnel to the engagement.
Answer (A) is incorrect. The engagement may be conducted under
a scope
limitation.
Answer (B) is correct. A scope limitation, along with its potential
effect, needs to
be communicated, preferably in writing, to the board (PA 1130-1,
para. 3).
Answer (C) is incorrect. A scope limitation does not necessarily
require more
frequent engagements.
Answer (D) is incorrect. A scope limitation does not necessarily
require more
experienced personnel.
[149] Gleim #: 2.3.48
In which of the following situations does an internal auditor potentially
lack
objectivity?
An internal auditor reviews the procedures for a new electronic data
interchange
(EDI) connection to a major customer before it is implemented.
A.
A former purchasing assistant performs a review of internal controls
over
purchasing 4 months after being transferred to the internal auditing
department.
B.
An internal auditor recommends standards of control and
performance measures
for a contract with a service organization for the processing of payroll
and
employee benefits.
C.
A payroll accounting employee assists an internal auditor in verifying
the physical
inventory of small motors.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 78
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Objectivity is not adversely affected when
the internal
auditor recommends standards of control for systems or reviews
procedures before
they are implemented.
Answer (B) is correct. Persons transferred to or temporarily engaged
by the internal
audit activity should not be assigned to audit those activities they
previously performed
until at least 1 year has elapsed. Such assignments are presumed to
impair objectivity
(PA 1130.A1-1, para. 1).
Answer (C) is incorrect. Objectivity is not adversely affected when
the internal auditor
recommends standards of control for systems or reviews procedures
before they are
implemented.
Answer (D) is incorrect. Use of staff from other areas to assist the
internal auditor
does not impair objectivity, especially when the staff is from outside
of the area where
the engagement is being performed.
[150] Gleim #: 2.3.49
The internal auditors must be able to distinguish carefully between a
scope limitation
and other limitations. Which of the following is not considered a
scope limitation?
The divisional management of an engagement client has indicated
that the
division is in the process of converting a major computer system and
has indicated
that the information systems portion of the planned engagement will
have to be
postponed until next year.
A.
The board reviews the engagement work schedule for the year and
deletes an
engagement that the chief audit executive thought was important to
conduct.
B.
The engagement client has indicated that certain customers cannot
be contacted
because the organization is in the process of negotiating a long-term
contract with
the customers and they do not want to upset the customers.
C.
None of the answers D. are correct.
Answer (A) is incorrect. Postponing the portion of an engagement
concerning a
major computer system is a scope limitation. This delay restricts the
performance
of engagement procedures.
Answer (B) is correct. The board’s decision to delete an
engagement from the
annual engagement work schedule is not a scope limitation. The
board’s approval
of the internal audit plan is part of the functional reporting relationship
of the
internal audit activity to the board (PA 1110-1, para. 3).
Answer (C) is incorrect. Prohibiting contact with certain customers is
a scope
limitation. This prohibition restricts the performance of specific
procedures.
Answer (D) is incorrect. Other answer choices state scope
limitations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 79
Printed for Sanja Knezevic
[151] Gleim #: 2.3.50
During the course of an engagement, an internal auditor makes a
preliminary
determination that a major division has been inappropriately
capitalizing research and
development expense. The engagement is not yet completed, and
the internal auditor
has not documented the problem or determined that it really is a
problem. However,
the internal auditor is informed that the chief audit executive has
received the
following communication from the president of the organization:
“The controller of Division B informs me that you have discovered a
questionable
account classification dealing with research and development
expense. We are aware
of the issue. You are directed to discontinue any further investigation
of this matter
until informed by me to proceed. Under the confidentiality standard of
your
profession, I also direct you not to communicate with the outside
auditors regarding
this issue.”
Which of the following is an appropriate action for the CAE to take
regarding the
questionable item?
Immediately report the communication to The IIA and ask for an
ethical
interpretation and guidance.
A.
Inform the president that this scope limitation will need to be reported
to the
board.
B.
Continue to investigate the area until all the facts are determined and
document all
the relevant facts in the engagement records.
C.
Immediately notify the external auditors of the problem to avoid
aiding and
abetting a potential crime by the organization.
D.
Answer (A) is incorrect. The IIA has no authority in this matter.
Answer (B) is correct. A scope limitation along with its potential
effect need to
be communicated, preferably in writing, to the board (PA 1130-1,
para. 3).
Answer (C) is incorrect. The CAE needs first to consult the board.
The CAE adds
value by serving the organization, and the board may, in fact, be fully
aware of the
problem and may not want to incur additional costs.
Answer (D) is incorrect. The engagement work is preliminary, and
the internal
auditor has not yet formed a basis for an opinion. Thus, contacting
the external
auditors is premature. However, if an inquiry is made by the external
auditors, the
internal auditors should share the work done to date.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 80
Printed for Sanja Knezevic
fb.com/ciaaofficial
[152] Gleim #: 2.3.51
Which of the following combinations best illustrates a scope limitation
and the appropriate
response by the CAE?
Nature of Internal
Limitation Audit Action
A. Engagement client limits scope based upon
proprietary information
Report only to the controller
B. Engagement client will not provide access to records
needed for approved work schedule
Report to the board
C. Engagement client requests that the engagement be
delayed for 2 weeks to allow it to close its books
Report directly to the CEO and controller
D. Engagement client will not allow internal auditor to
contact major customers as part of an engagement to
evaluate the efficiency of operations
No reporting needed because the
operational engagement concerns
operational efficiency
Answer (A) is incorrect. A scope limitation needs to be reported to
the board.
Answer (B) is correct. A scope limitation is a restriction placed on the
internal audit activity
that precludes it from accomplishing its objectives and plans. Among
other things, a scope
limitation may restrict the internal audit activity’s access to records,
personnel, and physical
properties relevant to the performance of engagements (PA 1130-1,
para. 2). A scope
limitation and its potential effect need to be communicated,
preferably in writing, to the board
(PA 1130-1, para. 3).
Answer (C) is incorrect. Merely delaying the engagement to permit
closing the books is not
usually considered a scope limitation.
Answer (D) is incorrect. Reporting is necessary.
[153] Gleim #: 2.3.52
An internal auditor who had been supervisor of the accounts payable
section should
not perform an assurance review of that section
Because a reasonable period of time in which to establish
independence cannot be
determined.
A.
Until at least B. 1 year has elapsed.
C. Until after the next annual review by the external auditors.
D. Until it is clear that the new supervisor has assumed the
responsibilities.
Answer (A) is incorrect. The issues are whether (1) objectivity (not
independence) has been restored and (2) at least 1 year has
elapsed.
Answer (B) is correct. Persons transferred to, or temporarily
engaged by, the
internal audit activity should not be assigned to audit activities they
previously
performed until at least 1 year has elapsed. Such assignments are
presumed to
impair objectivity (PA 1130.A1-1, para. 1).
Answer (C) is incorrect. The external review does not bear any
relation to
restoring the internal auditor’s objectivity.
Answer (D) is incorrect. The new supervisor presumably would have
assumed
his/her responsibilities immediately. Hence, 1 year could not have
elapsed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 81
Printed for Sanja Knezevic
[154] Gleim #: 2.3.53
A treasury department employee transferred to the internal audit
activity of the same
organization last month. The chief financial officer of the organization
has suggested
that, because of the employee’s significant knowledge in this area, it
would be a good
idea for the employee to immediately begin an engagement to
evaluate the treasury
department. In this circumstance, the employee should
Accept the engagement and begin A. work immediately.
Discuss the need for such an engagement with the employee’s
former superior, the
treasurer.
B.
Suggest that the engagement be performed by another member of
the internal
audit staff.
C.
Offer to prepare an engagement work program but suggest that
interviews with the
employee’s former co-workers be conducted by other members of
the internal
audit staff.
D.
Answer (A) is incorrect. The proposed engagement is presumed to
impair
objectivity.
Answer (B) is incorrect. Internal auditors are not to subordinate their
judgment
on engagement matters to that of others.
Answer (C) is correct. Another internal auditor should be assigned.
Persons
transferred to or temporarily engaged by the internal audit activity
should not be
assigned to audit those activities they previously performed until at
least 1 year
has elapsed. Such assignments are presumed to impair objectivity,
and additional
consideration should be exercised when supervising the engagement
work and
communicating engagement results (PA 1130.A1-1, para. 1).
Answer (D) is incorrect. The preparation of the engagement work
program offers
significant opportunities for bias.
[155] Gleim #: 2.3.54
The internal audit activity encounters a scope limitation from senior
management that
will affect the activity’s ability to meet its goals and objectives for a
potential
engagement client. The nature of the scope limitation needs to be
Noted in the engagement working papers, but the engagement
should be carried
out as scheduled and the scope limitation worked around, if possible.
A.
Communicated to the external auditors, so they can investigate the
area in more
detail.
B.
C. Communicated, preferably in writing, to the board.
Communicated to management stating that the limitation will not be
accepted
because it would impair the internal audit activity’s independence.
D.
Answer (A) is incorrect. The limitation needs to be communicated
first to the
board.
Answer (B) is incorrect. No requirement or need to communicate the
limitation to
the external auditor exists.
Answer (C) is correct. A scope limitation, along with its potential
effect, needs to
be communicated, preferably in writing, to the board (PA 1130-1,
para. 3).
Answer (D) is incorrect. The internal audit activity exists to help the
organization
achieve its objectives. Thus, the internal auditors must communicate
with the
board about conflicts with management.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 82
Printed for Sanja Knezevic
fb.com/ciaaofficial
[156] Gleim #: 2.3.55
A multinational organization has an agreement with a value-added
network (VAN)
that provides the encoding and communications transfer for the
organization’s
electronic data interchange (EDI) and electronic funds transfer (EFT)
transactions.
Before transfer of data to the VAN, the organization performs online
preprocessing of
the transactions. The internal auditor is responsible for assessing
preprocessing
controls. In addition, the agreement between the organization and
the VAN states that
the internal auditor is allowed to examine and report on the controls
in place at the
VAN on an annual basis. The contract specifies that access to the
VAN can occur on a
surprise basis during the second or third quarter of the fiscal year.
This period was
chosen so it would not interfere with processing during the VAN’s
peak transaction
periods. This provision was not reviewed with internal auditing. The
annual
engagement work schedule approved by the board of directors
specifies that a full
review would be done during the current year.
When the internal auditor called to arrange the annual control review
during the third
quarter, the VAN stated that it could not accommodate the internal
auditor because the
peak processing period started earlier than normal this year and all
VAN personnel
were occupied. This scope limitation, along with its potential effect,
must be
communicated to which one of the following?
The organization’s A. board of directors.
B. The board of directors of the VAN.
C. The board of directors of both the organization and the VAN.
D. The limitation does not need to be communicated at the board of
directors level.
Answer (A) is correct. The scope limitation and its potential effect
should be
communicated, preferably in writing, to the board. However, the chief
audit
executive needs to consider whether it is appropriate to inform the
board
regarding scope limitations that were previously communicated to
and accepted
by the board (PA 1130-1, para. 3).
Answer (B) is incorrect. The internal auditor should not
communicate directly
with the board of the VAN.
Answer (C) is incorrect. The internal auditor should not
communicate directly
with the board of the VAN.
Answer (D) is incorrect. A scope limitation must be communicated to
the board.
[157] Gleim #: 2.3.56
An internal auditor assigned to audit a vendor’s compliance with
product quality
standards is the brother of the vendor’s controller. The auditor should
A. Accept the assignment but avoid contact with the controller during
fieldwork.
Accept the assignment but disclose the relationship in the
engagement final
communication.
B.
C. Notify the vendor of the potential conflict of interest.
D. Notify the chief audit executive of the potential conflict of interest.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 83
Printed for Sanja Knezevic
Answer (A) is incorrect. Given a family connection with the auditee,
even if the
auditor avoids contact with the controller, the appearance of a conflict
of interest
exists.
Answer (B) is incorrect. Situations of potential conflict of interest or
bias should be
avoided, not merely disclosed.
Answer (C) is incorrect. Conflicts of interest are to be reported to the
chief audit
executive, not the vendor or engagement client.
Answer (D) is correct. Internal auditors are to report to the chief
audit executive
(CAE) any situations in which an actual or potential impairment to
independence or
objectivity may reasonably be inferred, or if they have questions
about whether a
situation constitutes an impairment to objectivity or independence
(PA 1130-1,
para. 1).
[158] Gleim #: 2.3.57
The internal audit activity should be free to audit and report on any
activity that also
reports to its administrative head if it considers such coverage to be
appropriate for its
audit plan. Any limitation in scope or reporting of results of these
activities needs to be
brought to the attention of the
Chief A. executive officer.
B. Chief financial officer.
C. External auditor.
D. Board.
Answer (A) is incorrect. The CEO may be the administrative head of
the internal
audit activity.
Answer (B) is incorrect. The CFO is also responsible for the
organization’s
accounting functions. Thus, when a scope or reporting limitation
exists, the CFO
may be responsible for it.
Answer (C) is incorrect. The external auditor should not be notified
unless the
board believes it is necessary.
Answer (D) is correct. A scope limitation, along with its potential
effect needs to
be communicated, preferably in writing, to the board (PA 1130-1,
para. 3).
[159] Gleim #: 2.3.58
Independence is freedom from conditions that threaten the ability of
the internal audit
activity to carry out internal audit responsibilities in an unbiased
manner. Which
policy best promotes independence?
Requiring internal auditors to report to the chief audit executive any
conflicts of
interest or bias.
A.
Preventing the internal audit activity from recommending standards
of control for
systems that it evaluates.
B.
C. Allowing engagements concerning sensitive operations to be
outsourced.
Preventing personnel transfers from operating activities to the
internal audit
activity.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 84
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Internal auditors are to report to the chief
audit executive
(CAE) any situation in which (1) an actual or potential impairment of
independence or
objectivity may reasonably be inferred or (2) they have questions
about whether the
situation constitutes an impairment of objectivity or independence. If
the CAE
determines that impairment exists or may be inferred, (s)he needs to
reassign the
auditor(s) (PA 1130-1, para. 1).
Answer (B) is incorrect. Internal auditing may recommend standards
of control for
systems that it evaluates.
Answer (C) is incorrect. Outsourcing certain engagements does not
promote the
independence of the internal audit activity.
Answer (D) is incorrect. Transfers from operating activities to the
internal audit
activity usually are permitted. However, transferees should not be
assigned to
engagements concerning activities they previously performed until at
least 1 year has
elapsed.
[160] Gleim #: 2.3.59
An internal auditor has recently received an offer from the manager
of the marketing
department of a weekend’s free use of his beachfront condominium.
No engagement is
currently being conducted in the marketing department, and none is
scheduled. The
internal auditor
Should reject the offer and report it to the appropriate A. supervisor.
B. May accept the offer because its value is immaterial.
C. May accept the offer because no engagement is being conducted
or planned.
D. May accept the offer if approved by the appropriate supervisor.
Answer (A) is correct. An internal auditor is not to accept fees, gifts,
or
entertainment from an employee, client, customer, supplier, or
business associate.
Accepting a fee or gift may imply that the auditor’s objectivity has
been impaired.
Even though an engagement is not being conducted in the applicable
area at that
time, a future engagement may result in the appearance of
impairment of
objectivity. Thus, no consideration should be given to the
engagement status as
justification for receiving fees or gifts. The receipt of promotional
items (such as
pens, calendars, or samples) that are available to the general public
and have
minimal value do not hinder internal auditors’ professional judgments
(PA 11301, para. 4). Impairment of independence or objectivity, in fact or
appearance, must
be disclosed to appropriate parties (Attr. Std. 1130).
Answer (B) is incorrect. The value of a weekend vacation is not
immaterial.
Answer (C) is incorrect. The status of engagements is not a
justification for
receiving fees or gifts.
Answer (D) is incorrect. A supervisor may not approve unethical
behavior.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 85
Printed for Sanja Knezevic
[161] Gleim #: 2.3.60
As part of a company-sponsored award program, an internal auditor
was offered an
award of significant monetary value by a division in recognition of the
cost savings
that resulted from the auditor’s recommendations. According to the
International
Professional Practices Framework, what is the most appropriate
action for the auditor
to take?
Accept the gift because the engagement is already concluded and
the report
issued.
A.
Accept the award under the condition that any proceeds B. go to
charity.
C. Inform audit management and ask for direction on whether to
accept the gift.
D. Decline the gift and advise the division manager’s superior.
Answer (A) is incorrect. The auditor should not accept the gift,
despite the
previous completion of the engagement and issuance of the report.
Answer (B) is incorrect. The auditor should not accept the award
without first
informing and consulting audit management.
Answer (C) is correct. Internal auditors are not to accept fees, gifts,
or
entertainment from an employee, client, customer, supplier, or
business associate
that may create the appearance that the auditor’s objectivity has
been impaired.
The status of engagements is not to be considered as justification for
receiving
fees, gifts, or entertainment. Internal auditors are to report
immediately the offer
of all material fees or gifts to their supervisors. (PA 1130-1, para. 4).
Answer (D) is incorrect. Declining the gift and advising the division
manager’s
superior could erode the audit function’s relationship with the division
in
question. The auditor should inform and consult audit management
for guidance.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 86
Printed for Sanja Knezevic
fb.com/ciaaofficial
[162] Gleim #: 2.3.61
An internal audit activity is currently undergoing its first external
quality assurance
review since its formation 3 years ago. From interviews, the review
team is informed
of certain internal auditor activities over the past year. Which of the
following
activities could affect the quality assurance review team’s evaluation
of the objectivity
of the internal auditors?
One internal auditor told the review team that, during an engagement
to review the
payroll function, the payroll manager approached the auditor. The
manager
indicated the need for an accountant to prepare financial statements
for the
manager’s part-time business. The internal auditor agreed to perform
this work for
a reduced fee during non-work hours.
A.
During an engagement to review the construction of a building
addition to the
organization’s headquarters, the vice president of facilities
management gave the
internal auditor a commemorative mug with the organization’s logo.
These mugs
were distributed to all employees present at the ground-breaking
ceremony.
B.
After reviewing the installation of a data processing system, the
internal auditor
made recommendations on standards of control. Three months after
completion of
the engagement, the engagement client requested the internal
auditor’s review of
certain procedures for adequacy. The internal auditor agreed and
performed this
review.
C.
An internal auditor’s participation was requested on a task force to
reduce the
organization’s inventory losses from theft and shrinkage. This is the
first
consulting assignment undertaken by the internal audit activity. The
internal
auditor’s role is to advise the task force on appropriate control
procedures.
D.
Answer (A) is correct. An internal auditor is not to accept a fee, gift,
or
entertainment from an employee, client, customer, supplier, or
business associate
that may create the appearance that the auditor’s objectivity has
been impaired
(PA 1130-1, para. 4).
Answer (B) is incorrect. The receipt of promotional items with
minimal value
does not impair objectivity.
Answer (C) is incorrect. Recommending standards of control before
implementation does not impair the internal auditor’s objectivity as
long as (s)he
does not assume operating responsibilities.
Answer (D) is incorrect. Reviewing procedures before
implementation does not
impair the internal auditor’s objectivity as long as (s)he does not
assume operating
responsibilities.
[163] Gleim #: 2.3.62
George is the new internal auditor for XYZ Corporation. George was
in charge of
payroll for XYZ just 10 months ago. Performing what services in
regard to payroll is
considered an impairment of independence or objectivity if performed
by George?
A. Consulting services.
B. Assurance services.
C. Assurance or consulting services.
D. Neither assurance nor consulting services.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 87
Printed for Sanja Knezevic
Answer (A) is incorrect. Providing assurance services but not
consulting services
regarding payroll will impair the independence or objectivity of
George.
Answer (B) is correct. Objectivity is presumed to be impaired if an
internal auditor
provides assurance services for an activity for which the internal
auditor had
responsibility within the previous year (PA 1130.A1-1, para. 1). Thus,
if George
provides assurance services for payroll, his objectivity is presumed to
be impaired.
However, internal auditors may provide consulting services relating
to operations for
which they had previous responsibilities (Impl. Std. 1130.C1).
Answer (C) is incorrect. Providing assurance services regarding
payroll will impair
the independence or objectivity of George.
Answer (D) is incorrect. Providing consulting services regarding
payroll will not
impair the objectivity of George.
[164] Gleim #: 2.4.63
An organization has two manufacturing facilities. Each facility has
two manufacturing
processes and a separate packaging process. The processes are
similar at both
facilities. Raw materials used include aluminum, materials to make
plastic, various
chemicals, and solvents. Pollution occurs at several operational
stages, including raw
materials handling and storage, process chemical use, finished
goods handling, and
disposal. Waste products produced during the manufacturing
processes include several
that are considered hazardous. The nonhazardous waste is
transported to the local
landfill. An outside waste vendor is used for the treatment, storage,
and disposal of all
hazardous waste.
Management is aware of the need for compliance with environmental
laws. The
organization recently developed an environmental policy including a
statement that
each employee is responsible for compliance with environmental
laws.
If the internal audit activity is assigned the responsibility of
conducting an
environmental audit, which of the following actions should be
performed first?
Conduct risk assessments A. for each site.
B. Review organizational policies and procedures and verify
compliance.
C. Provide the assigned staff with technical training.
D. Review the environmental management system.
Answer (A) is incorrect. The internal auditors should conduct risk
assessments
for each site only after qualified people have been assigned to the
project.
Answer (B) is incorrect. Audit procedures to verify compliance with
company
policies and procedures are performed only after an audit staff with
the needed
knowledge, skills, and other competencies is assigned to the audit.
Answer (C) is correct. The internal audit activity collectively must
possess or
obtain the necessary knowledge, skills, and other competencies
needed to conduct
the audit properly (Attr. Std. 1210). Thus, providing the assigned staff
with
adequate training or employing qualified external service providers is
a first step
in an environmental audit.
Answer (D) is incorrect. Internal auditors should review the
environmental
management system only after qualified people have been assigned
to the project.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 88
Printed for Sanja Knezevic
fb.com/ciaaofficial
[165] Gleim #: 2.4.64
When hiring entry-level internal auditing staff, which of the following
will most likely
predict the applicant’s success as an internal auditor?
Grade point average on college A. accounting courses.
B. Ability to fit well socially into a group.
C. Ability to organize and express thoughts well.
D. Level of detailed knowledge of the organization.
Answer (A) is incorrect. Although accounting educational
performance is
undoubtedly one criterion that must be examined, performance in
one subject area
is much too limited a basis for predicting an applicant’s success
given the broad
scope of internal auditing work.
Answer (B) is incorrect. Social skills are a benefit to any internal
auditor but
cannot be considered the most important characteristic of a good
candidate.
Answer (C) is correct. Internal auditors must have skills in oral and
written
communications to clearly and effectively convey such matters as
engagement
objectives, evaluations, conclusions, and recommendations (PA
1210-1, para. 1).
Answer (D) is incorrect. Entry-level internal auditors typically have
relatively
little knowledge of the organization. Applicants should demonstrate a
general
knowledge of the organization, but this factor is not the most reliable
predictor of
successful performance as an internal auditor.
[166] Gleim #: 2.4.65
A chief audit executive (CAE) for a very small internal audit
department has just
received a request from management to perform an audit of an
extremely complex area
in which the CAE and the department have no expertise. The nature
of the audit
engagement is within the scope of internal audit activities.
Management has expressed
a desire to have the engagement conducted in the very near future
because of the high
level of risk involved. Which of the following responses by the CAE
would be in
violation of the Standards?
Discuss with management the possibility of outsourcing the audit of
this complex
area.
A.
Add an outside consultant to the audit staff to assist in the
performance of the
audit engagement.
B.
C. Accept the audit engagement and begin immediately, since it is a
high-risk area.
Discuss the timeline of the audit engagement with management to
determine if
sufficient time exists in which to develop appropriate expertise.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 89
Printed for Sanja Knezevic
Answer (A) is incorrect. Outsourcing (delegating the engagement to
an outside service
provider) is an appropriate response when auditors do not possess
the needed
background or skills and cannot develop such skills in a timely
fashion.
Answer (B) is incorrect. Adding a consultant (cosourcing) is an
appropriate response
when auditors do not possess the needed background or skills and
cannot develop such
skills in a timely fashion.
Answer (C) is correct. The internal audit activity collectively must
possess or obtain
the knowledge, skills, and other competencies needed to perform its
responsibilities
(Attr. Std. 1210). The auditors in this situation do not have such
expertise. Thus,
planning and executing the audit engagement without the
appropriate background and
skills is a violation of this standard.
Answer (D) is incorrect. Determining whether time is sufficient to
develop necessary
expertise is an appropriate response. Internal auditors should be
committed to life-long
learning. Thus, it is not unreasonable to require them to expand their
knowledge, skills,
and other competencies.
[167] Gleim #: 2.4.66
Your organization has selected you to develop an internal audit
activity. Your
approach will most likely be to hire
Internal auditors, each of whom possesses all the skills required to
handle all
engagements.
A.
Inexperienced personnel and train them the way the organization
wants them
trained.
B.
Degreed accountants because most internal audit work is C.
accounting related.
Internal auditors who collectively have the knowledge and skills
needed to
perform the responsibilities of the internal audit activity.
D.
Answer (A) is incorrect. The scope of internal auditing is so broad
that one
individual cannot have the requisite expertise in all areas.
Answer (B) is incorrect. The internal audit activity should have
personnel with
various skill levels to permit appropriate matching of internal auditors
with
varying engagement complexities. Furthermore, experienced internal
auditors
should be available to train and supervise less experienced staff
members.
Answer (C) is incorrect. Many skills are needed in internal auditing.
For example,
computer skills are needed in engagements involving information
technology.
Answer (D) is correct. The internal audit activity collectively must
possess or
obtain the knowledge, skills, and other competencies needed to
perform its
responsibilities (Attr. Std. 1210).
[168] Gleim #: 2.4.67
The internal audit activity collectively must possess or obtain certain
competencies,
including proficiency in
A. Internal audit procedures and techniques.
B. Accounting principles and techniques.
C. Management principles.
D. Marketing techniques.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 90
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Proficiency means the ability to apply
knowledge to situations
likely to be encountered and to deal with them without extensive
recourse to technical
research and assistance. Internal auditors must be proficient in
applying internal audit
standards, procedures, and techniques in performing engagements
(PA 1210-1,
para. 1).
Answer (B) is incorrect. Only if internal auditors work extensively
with financial
records and reports must they have proficiency in accounting
principles and
techniques.
Answer (C) is incorrect. The required competencies include an
understanding of, not
proficiency in, management principles.
Answer (D) is incorrect. Internal auditors ordinarily need not be
proficient in
marketing techniques.
[169] Gleim #: 2.4.68
The internal audit activity collectively must possess or obtain certain
competencies,
including an understanding of
Internal audit procedures A. and techniques.
B. Accounting principles and techniques.
C. Management principles.
D. Marketing techniques.
Answer (A) is incorrect. The required competencies include
proficiency in, not an
understanding of, internal audit standards, procedures, and
techniques.
Answer (B) is incorrect. The internal audit activity collectively must
have
proficiency in, not merely an understanding of, accounting principles
and
techniques.
Answer (C) is correct. An understanding means the ability to apply
broad
knowledge to situations likely to be encountered, to recognize
significant
deviations, and to be able to carry out the research necessary to
arrive at
reasonable solutions. The required competencies include an
understanding of
management principles to recognize and evaluate the materiality and
significance
of deviations from good business practice (PA 1210-1, para. 1).
Answer (D) is incorrect. Internal auditors ordinarily need not be
proficient in, or
have an understanding or appreciation of, marketing techniques.
[170] Gleim #: 2.4.69
Internal auditing is unique in that its scope often encompasses all
areas of an
organization. Thus, it is not possible for each internal auditor to
possess detailed
competence in all areas that might be the subject of engagements.
Which of the
following competencies must the internal audit activity possess
collectively?
A. Understanding of taxation and law as it applies to operation of the
organization.
B. Proficiency in accounting principles.
C. Understanding of management principles.
D. Proficiency in information technology.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 91
Printed for Sanja Knezevic
Answer (A) is incorrect. Internal auditors are required to have only
an appreciation of
taxation and law.
Answer (B) is incorrect. Only if internal auditors work extensively
with financial
records and reports must they have proficiency in accounting
principles.
Answer (C) is correct. An understanding is the ability to apply broad
knowledge to
situations likely to be encountered, to recognize significant
deviations, and to be able
to carry out the research necessary to arrive at reasonable solutions.
The required
competencies include an understanding of management principles to
recognize and
evaluate the materiality and significance of deviations from good
business practice.
Answer (D) is incorrect. Only a knowledge of key IT risks and
controls and available
technology-based audit techniques is required of internal auditors.
[171] Gleim #: 2.4.70
The internal audit activity collectively must possess or obtain certain
competencies,
including an appreciation of
Internal audit procedures A. and techniques.
B. Accounting principles and techniques.
C. Management principles.
D. Marketing techniques.
Answer (A) is incorrect. The required competencies include
proficiency in
applying internal audit standards, procedures, and techniques.
Answer (B) is correct. An appreciation means the ability to recognize
the
existence of problems or potential problems and to identify the
additional research
to be undertaken or the assistance to be obtained. Internal auditors
must have an
appreciation of the fundamentals of business subjects, such as
accounting,
economics, commercial law, taxation, finance, quantitative methods,
information
technology, risk management, and fraud (PA 1210-1, para. 1).
Answer (C) is incorrect. The required competencies include an
understanding,
not an appreciation, of management principles.
Answer (D) is incorrect. Internal auditors ordinarily need not be
proficient in, or
have an understanding or appreciation of, marketing techniques.
[172] Gleim #: 2.4.71
The internal audit activity collectively must possess or obtain certain
competencies,
excluding
A. Proficiency in applying internal audit standards.
B. An understanding of management principles.
C. The ability to maintain good interpersonal relations.
D. The ability to conduct training sessions in quantitative methods.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 92
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Proficiency in applying internal audit
standards, procedures,
and techniques is among the required competencies.
Answer (B) is incorrect. An understanding of management principles
sufficient to
recognize and evaluate the materiality and significance of deviations
from good
business practices is among the required competencies.
Answer (C) is incorrect. Skills in dealing with people, understanding
human relations,
and maintaining satisfactory relationships with engagement clients
are among the
required competencies.
Answer (D) is correct. The ability to conduct training sessions in
specific areas is not
among the required competencies.
[173] Gleim #: 2.4.72
Internal auditors must possess the knowledge, skills, and other
competencies essential
to the performance of their individual responsibilities. Consequently,
all internal
auditors should be proficient in applying
Internal A. auditing standards.
B. Quantitative methods.
C. Management principles.
D. Structured systems analysis.
Answer (A) is correct. All internal auditors should be proficient in
applying
internal auditing standards, procedures, and techniques required in
performing
engagements. Proficiency means the ability to apply knowledge to
situations likely
to be encountered and to deal with them without extensive recourse
to technical
research and assistance (PA 1210-1, para. 1).
Answer (B) is incorrect. Internal auditors must have an appreciation
of, not
proficiency in, the fundamentals of business subjects such as
quantitative
methods.
Answer (C) is incorrect. Internal auditors must have an
understanding of, not
proficiency in, management principles to recognize and evaluate the
materiality
and significance of deviations from good business practices.
Answer (D) is incorrect. Internal auditors must have an appreciation
of, not
proficiency in, the fundamentals of business subjects such as
accounting,
economics, commercial law, taxation, finance, quantitative methods,
information
technology, risk management, and fraud.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 93
Printed for Sanja Knezevic
[174] Gleim #: 2.4.73
The Standards require that internal auditors possess which of the
following skills?
Internal auditors should understand human relations and be skilled in
dealing with
people.
I.
Internal auditors should be able to recognize and evaluate the
materiality and
significance of deviations from good business practices.
II.
Internal auditors should be experts on subjects such as economics,
commercial
law, taxation, finance, and information technology.
III.
Internal auditors should be skilled in oral and written IV.
communication.
A. II only.
B. I and III only.
C. III and IV only.
D. I, II, and IV only.
Answer (A) is incorrect. Internal auditors also should understand
human relations
and be skilled in dealing with people and in oral and written
communication.
Answer (B) is incorrect. Internal auditors are expected to have an
appreciation of
(not be experts in) fields related to their audit responsibilities.
Moreover, internal
auditors should be able to recognize and evaluate the materiality and
significance
of deviations from good business practices.
Answer (C) is incorrect. Internal auditors must have an appreciation
of, not
expertise in, the fundamentals of fields related to their audit
responsibilities. They
also should understand human relations and be skilled in dealing
with people.
Furthermore, they should be able to recognize and evaluate the
materiality and
significance of deviations from good business practices.
Answer (D) is correct. Skills required by the Standards for internal
auditors
include
Skills in dealing with people, understanding human relations, and
maintaining
satisfactory relationships with engagement clients.
Skills in oral and written communications to clearly and effectively
convey
such matters as engagement objectives, evaluations, conclusions,
and
recommendations.
An understanding of management principles to recognize and
evaluate the
materiality and significance of deviations from good business
practices.
An appreciation of (not expertise in) of the fundamentals of business
subjects
such as accounting, economics, commercial law, taxation, finance,
quantitative methods, information technology, risk management, and
fraud
(PA 1210-1, para. 1).
[175] Gleim #: 2.4.74
Communication skills are important to internal auditors. They should
be able to
convey effectively all of the following to engagement clients except
A. The objectives designed for a specific engagement.
B. The engagement evaluations based on a survey.
C. The risk assessment used in selecting the area for investigation.
Recommendations that are generated in relationship to a specific
engagement
client.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 94
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The internal auditors should be able to
convey effectively
engagement objectives.
Answer (B) is incorrect. The internal auditors should be able to
convey effectively
engagement evaluations.
Answer (C) is correct. Internal auditors must be skilled in oral and
written
communications so that they can clearly and effectively convey such
matters as
engagement objectives, evaluations, conclusions, and
recommendations (PA 1210-1,
para. 1). The risk assessment used in selecting the area for
investigation is not
necessarily a matter that must be communicated to an engagement
client.
Answer (D) is incorrect. The internal auditors should be able to
convey effectively
engagement recommendations.
[176] Gleim #: 2.4.75
Internal auditors must have the knowledge, skills, and other
competencies needed to
perform their individual responsibilities. Which of the following
properly describes
the level of knowledge, skill, or other competency required? Internal
auditors must
have
Proficiency in applying internal auditing standards and procedures
without
extensive recourse to technical research and assistance.
A.
Proficiency in applying knowledge of accounting and information
technology to
specific or potential problems.
B.
An understanding of broad techniques used in supporting and
developing
engagement observations and the ability to research the proper
procedures to be
used in any engagement situation.
C.
A broad appreciation of accounting principles and techniques during
engagements
involving the financial records and reports of the organization.
D.
Answer (A) is correct. Proficiency means the ability to apply
knowledge to
situations likely to be encountered and to deal with them without
extensive
recourse to technical research and assistance. An internal auditor
must be
proficient in applying internal auditing standards, procedures, and
techniques in
performing engagements (PA 1210-1, para. 1).
Answer (B) is incorrect. An appreciation of the fundamentals of, not
proficiency
in, information technology is required. Proficiency in accounting
principles and
techniques is required only if the internal auditor works extensively
with financial
records and reports.
Answer (C) is incorrect. Proficiency in, not an understanding of,
internal auditing
standards, procedures, and techniques is required.
Answer (D) is incorrect. Proficiency in, not an appreciation of,
accounting
principles and techniques is required when the internal auditor works
extensively
with financial records and reports.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 95
Printed for Sanja Knezevic
[177] Gleim #: 2.4.76
What is the most appropriate preventive measure for staff
communication problems
with engagement clients?
Provide staff with sufficient training to enhance communication A.
skills.
B. Avoid unnecessary communication with engagement clients.
C. Discuss communication problems with staff auditors.
D. Meet with engagement clients to resolve communication
problems.
Answer (A) is correct. Internal auditors must be skilled in oral and
written
communications so that they can clearly and effectively convey such
matters as
engagement objectives, evaluations, conclusions, and
recommendations (PA
1210-1, para. 1).
Answer (B) is incorrect. The issue is the quality rather than the
quantity of
communication.
Answer (C) is incorrect. Communication problems should be
resolved through
effective training.
Answer (D) is incorrect. Meeting with engagement clients will not
resolve
problems caused by poor staff communication skills.
[178] Gleim #: 2.5.77
As part of the process to improve internal auditor-engagement client
relations, it is
very important to deal with how the internal audit activity is
perceived. Certain types
of attitudes in the work performed will help create these perceptions.
From a
management perspective, which attitude is likely to be the most
conducive to a
positive perception?
A. Objective.
B. Investigative.
C. Interrogatory.
D. Consultative.
Answer (A) is incorrect. Objectivity is desirable but, by itself, will not
lead to a
more positive relationship.
Answer (B) is incorrect. An investigative attitude is not likely to
enhance the
relationship.
Answer (C) is incorrect. An interrogatory attitude is not likely to
enhance the
relationship.
Answer (D) is correct. A consultative attitude leads to two-way
communication.
Consultation considers the client’s viewpoint, helps to dispel fear and
mistrust,
and demonstrates the value of internal auditing to the client.
[179] Gleim #: 2.5.78
The consultative approach to internal auditing emphasizes
A. Imposition of corrective measures.
B. Participation with engagement clients to improve methods.
C. Fraud investigation.
D. Implementation of policies and procedures.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 96
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Imposition of changes implies an
adversarial relationship.
Answer (B) is correct. Consultation with the engagement client not
only facilitates the
planning and performance of the engagement but is a courtesy that
enhances the
internal auditor-client relationship. Developing a positive relationship
produces a more
favorable environment for the engagement effort. Moreover, involving
the client in the
engagement process is likely to increase acceptance of
recommended changes.
Answer (C) is incorrect. Consultation is less likely when the client is
suspected of
fraud.
Answer (D) is incorrect. Internal auditors are not independent if they
implement
policies and procedures.
[180] Gleim #: 2.5.79
Which one of the following is responsible for determining the
appropriate levels of
education and experience needed for the internal audit staff?
Human A. resource manager.
B. Chief audit executive.
C. Chief executive officer.
D. Treasurer.
Answer (A) is incorrect. Hiring practices are an essential part of
understanding
the internal audit staff’s background, but the human resource
manager is not
responsible for determining the appropriate levels of education and
experience
needed for the internal audit staff.
Answer (B) is correct. The CAE must ensure that the internal audit
activity is
able to fulfill its responsibilities. The CAE must determine the
appropriate levels
of education and experience needed for the internal audit staff to
fulfill that
responsibility.
Answer (C) is incorrect. The chief executive officer is not directly
responsible for
determining the appropriate levels of education and experience
needed for the
internal audit staff.
Answer (D) is incorrect. The treasurer is not responsible for
determining the
appropriate levels of education and experience needed for the
internal audit staff.
[181] Gleim #: 2.5.80
All of the following will help the CAE identify the available knowledge,
skills, and
competencies of the internal audit staff except
A. Hiring practices.
B. Periodic skills assessment.
C. External service provider.
D. Staff performance appraisals.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 97
Printed for Sanja Knezevic
Answer (A) is incorrect. Hiring practices are an essential part of
understanding the
background of the internal audit staff.
Answer (B) is incorrect. The CAE should conduct periodic skills
assessments to
determine the specific resources available.
Answer (C) is correct. External service providers are used when the
internal audit staff
does not have the necessary knowledge, skills, and competencies to
fulfill the
responsibilities of the internal audit activity.
Answer (D) is incorrect. Staff performance appraisals are completed
at the end of any
major internal audit engagement. These appraisals help the CAE
assess future training
needs and current staff abilities.
[182] Gleim #: 2.5.81
Use of external service providers with expertise in healthcare
benefits is appropriate
when the internal audit activity is
Evaluating the organization’s estimate of its liability for postretirement
benefits,
which include healthcare benefits.
A.
Comparing the cost of the organization’s healthcare program with
other programs
offered in the industry.
B.
Training its staff to conduct an audit of healthcare costs in a major
division of the
organization.
C.
All of the answers D. are correct.
Answer (A) is incorrect. Use of external service providers with
expertise in
healthcare benefits is also appropriate when comparing healthcare
costs with those
of other programs and training staff to conduct healthcare audits.
Answer (B) is incorrect. Use of external service providers with
expertise in
healthcare benefits is also appropriate when evaluating the
estimated liability for
postretirement benefits and training staff to conduct healthcare
audits.
Answer (C) is incorrect. Use of external service providers with
expertise in
healthcare benefits is also appropriate when comparing healthcare
costs with those
of other programs and evaluating the estimated liability for
postretirement
benefits.
Answer (D) is correct. If the internal auditors lack the necessary
expertise,
external service providers should be employed who can provide the
requisite
knowledge, skills, and other competencies. Thus, external service
providers may
provide assistance in (1) estimating the liability for postretirement
benefits,
(2) developing a comparative analysis of healthcare costs, and (3)
training the staff
to audit healthcare costs.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 98
Printed for Sanja Knezevic
fb.com/ciaaofficial
[183] Gleim #: 2.5.82
A chief audit executive has reviewed credentials, checked
references, and interviewed
a candidate for a staff position. The CAE concludes that the
candidate has a thorough
understanding of internal audit techniques, accounting, and finance.
However, the
candidate has limited knowledge of economics and information
technology. Which
action is most appropriate?
Reject the candidate because of the lack of knowledge required A. by
the Standards.
B. Offer the candidate a position despite lack of knowledge in certain
essential areas.
Encourage the candidate to obtain additional training in economics
and
information technology and then reapply.
C.
Offer the candidate a position if other staff members possess
sufficient knowledge
in economics and information technology.
D.
Answer (A) is incorrect. The Standards do not require each internal
auditor to
possess a knowledge of all relevant subjects.
Answer (B) is incorrect. The internal audit activity’s needs may be
for additional
expertise in economics or information technology.
Answer (C) is incorrect. Encouraging the candidate to obtain
additional training
does not adequately address the internal audit activity’s current
needs.
Answer (D) is correct. Each member of the internal audit activity
need not be
qualified in all disciplines (PA 1210.A1-1, para. 1).
[184] Gleim #: 2.5.83
An internal audit activity has scheduled an engagement relating to a
construction
contract. One portion of this engagement will include comparing
materials purchased
with those specified in the engineering drawings. The internal audit
activity does not
have anyone on staff with sufficient expertise to complete this
procedure. The chief
audit executive should
A. Delete the engagement from the schedule.
B. Perform the entire engagement using current staff.
C. Engage an engineering consultant to perform the comparison.
D. Accept the contractor’s written representations.
Answer (A) is incorrect. The engagement is within the scope of the
internal audit
activity.
Answer (B) is incorrect. Performing the engagement using the
current
(unqualified) staff is inappropriate.
Answer (C) is correct. If the internal auditors lack the necessary
expertise,
external service providers should be employed who can provide the
requisite
knowledge, skills, and other competencies.
Answer (D) is incorrect. Accepting the contractor’s representations
without
adequate testing is inappropriate.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 99
Printed for Sanja Knezevic
[185] Gleim #: 2.5.84
If the internal audit activity of a nonpublic company does not have the
skills to
perform a particular task, an external service provider (ESP) could be
brought in from
The organization’s I. external audit firm
II. An external consulting firm
III. The engagement client
IV. A college or university
A. I and II only.
B. II and IV only.
C. I, II, and III only.
D. I, II, and IV only.
Answer (A) is incorrect. An ESP from a college or university is also
acceptable.
Answer (B) is incorrect. An ESP from a nonpublic organization’s
external audit
firm is also acceptable.
Answer (C) is incorrect. An ESP from the engagement client is not
independent.
Answer (D) is correct. Qualified ESPs may be recruited from many
sources.
However, an ESP associated with the engagement client is
unacceptable because
the person would not be independent or objective.
[186] Gleim #: 2.5.85
A chief audit executive for a large manufacturer is considering
revising the internal
audit activity’s charter with respect to the minimum educational and
experience
qualifications required. The CAE wants to require all staff auditors to
possess
specialized training in accounting and a professional auditing
certification such as the
Certified Internal Auditor or the Chartered Accountant. One of the
disadvantages of
imposing this requirement is that the policy
Might negatively affect the internal audit activity’s ability to perform
quality
engagements relating to the organization’s financial and accounting
systems.
A.
B. Does not promote the professionalism of the internal audit activity.
Would prevent the internal audit activity from using external service
providers
when it did not have the knowledge, skills, and other competencies
required in
certain engagements.
C.
Could limit the range of services that could be performed due to the
internal audit
activity’s narrow expertise and backgrounds.
D.
Answer (A) is incorrect. The policy might result in better
engagements relating to
financial and accounting systems.
Answer (B) is incorrect. Setting minimum professional standards
promotes
professionalism.
Answer (C) is incorrect. This requirement does not affect use of
external service
providers.
Answer (D) is correct. Each member of the internal audit activity
need not be
qualified in all disciplines (PA 1210.A1-1, para. 1). The internal audit
activity
should have an appropriate balance of experience, training, and
skills to permit the
performance of a wide range of services. Requiring certain
professional
certifications could limit the range of services offered by the internal
audit
activity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 100
Printed for Sanja Knezevic
fb.com/ciaaofficial
[187] Gleim #: 2.5.86
A professional engineer applied for a position in the internal audit
activity of a high
technology firm. The engineer became interested in the position after
observing
several internal auditors while they were performing an engagement
in the engineering
department. The chief audit executive
Should not hire the engineer because of the lack of knowledge of
internal audit
standards.
A.
May hire the engineer despite the lack of knowledge of internal B.
audit standards.
Should not hire the engineer because of the lack of knowledge of
accounting and
taxes.
C.
May hire the engineer because of the knowledge of internal auditing
gained in the
previous position.
D.
Answer (A) is incorrect. Each new employee of an internal audit
activity is not
required to have knowledge of internal audit standards. However, the
internal
audit activity collectively must have this knowledge.
Answer (B) is correct. Each member of the internal audit activity
need not be
qualified in all disciplines (PA 1210.A1-1, para. 1).
Answer (C) is incorrect. Each individual internal auditor is not
required to have
knowledge of accounting or taxes.
Answer (D) is incorrect. The knowledge acquired by observation is
irrelevant to
the skills necessary for internal auditing.
[188] Gleim #: 2.5.87
Reasonable assurance should be obtained as to each prospective
internal auditor’s
qualifications and proficiency. Which of the following is the least
useful application
of this principle?
A. Determining that all applicants have an accounting degree.
B. Obtaining college transcripts.
C. Checking an applicant’s references.
D. Determining previous job experience.
Answer (A) is correct. Internal auditors must possess the
knowledge, skills, and
other competencies needed to perform their individual
responsibilities. The
internal audit activity collectively must possess or obtain the
knowledge, skills,
and other competencies needed to perform its responsibilities (Attr.
Std. 1210).
Each member of the internal audit activity, however, need not be
qualified in all
disciplines (PA 1210.A1-1, para. 1).
Answer (B) is incorrect. Obtaining college transcripts is an
appropriate procedure
to determine a prospective auditor’s qualifications.
Answer (C) is incorrect. Checking an applicant’s references is an
appropriate
procedure to determine a prospective auditor’s qualifications.
Answer (D) is incorrect. Determining previous job experience is
appropriate
during the hiring process.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 101
Printed for Sanja Knezevic
[189] Gleim #: 2.5.88
A chief audit executive (CAE) has been requested by the audit
committee to conduct
an engagement at a chemical factory as soon as possible. The
engagement will include
reviews of health, safety, and environmental (HSE) management and
processes. The
CAE knows that the internal audit activity does not possess the HSE
knowledge
necessary to conduct such an engagement. The CAE must
Begin the engagement and incorporate HSE training into next year’s
planning to
prepare for a follow-up engagement.
A.
Suggest to the audit committee that the factory’s own HSE staff
conduct the
engagement.
B.
Seek permission from the audit committee to obtain appropriate
support from an
HSE professional.
C.
Defer the engagement and tell the audit committee that it will take
several months
to train internal audit staff for such an engagement.
D.
Answer (A) is incorrect. The CAE should not begin the audit without
notifying
the audit committee of the knowledge issue and attempting to
resolve it.
Answer (B) is incorrect. A review by the factory’s HSE staff will not
provide the
audit committee with an independent review.
Answer (C) is correct. The chief audit executive must obtain
competent advice
and assistance if the internal auditors lack the knowledge, skills, or
other
competencies needed to perform all or part of the engagement
(Impl. Std. 1210.A1).
Answer (D) is incorrect. Delaying the engagement may have serious
consequences given the nature of the HSE issues involved.
[190] Gleim #: 2.5.89
When the engagement was assigned, management asked the
internal auditor to
evaluate the appropriateness of using self-insurance to minimize risk
to the
organization. Given the scope of the engagement requested by
management, should
the internal auditor engage an actuarial consultant to assist in the
engagement if these
skills do not exist on staff?
No. The internal audit activity is skilled in assessing controls, and the
insurance
control concepts are not distinctly different from other control
concepts.
A.
No. It is a normal internal auditor function to assess risk; this
engagement is
therefore not unique.
B.
Yes. An actuary is essential to determine whether the healthcare
costs are
reasonable.
C.
Yes. The actuary has skills not usually found among internal auditors
to identify
and quantify self-insurance risks.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 102
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Assessing self-insurance controls is outside
the normal scope
of the internal audit activity. The internal auditor may need to engage
an actuary.
Answer (B) is incorrect. Assessing self-insurance risks is outside the
normal scope of
the internal audit activity. The internal auditor may need to engage an
actuary.
Answer (C) is incorrect. An internal auditor might be able to
determine whether the
healthcare costs are reasonable.
Answer (D) is correct. The internal audit activity may use external
service providers
or internal sources that are qualified in disciplines such as
accounting, auditing,
economics, finance, statistics, information technology, engineering,
taxation, law,
environmental affairs, and other areas as needed to meet the internal
audit activity’s
responsibilities (PA 1210.A1-1, para. 1). Thus, unless the internal
audit activity has an
employee with actuarial skills, an actuarial consultant should be hired
to assess selfinsurance
risks.
[191] Gleim #: 2.5.90
The internal audit activity is considering hiring a person who has a
thorough
understanding of internal auditing techniques, accounting, and
principles of
management but has nonspecialized knowledge of economics and
information
technology. Hiring the person is most appropriate if
A professional development program is agreed to in advance A. of
actual hiring.
A mentor is assigned to ensure completion of an individually
designed
professional development program.
B.
Other internal auditors possess sufficient knowledge of economics
and
information technology.
C.
The prospective employee could reasonably be expected to gain
sufficient
knowledge of these competencies in the long run.
D.
Answer (A) is incorrect. Regardless of their backgrounds, all internal
auditors
must enhance their knowledge, skills, and other competencies
through continuing
professional development.
Answer (B) is incorrect. The use of a mentor is encouraged
regardless of the new
internal auditor’s background.
Answer (C) is correct. Internal auditors must possess the
knowledge, skills, and
other competencies needed to perform their individual
responsibilities. The
internal audit activity collectively must possess or obtain the
knowledge, skills,
and other competencies needed to perform its responsibilities (Attr.
Std. 1210).
However, each member of the internal audit activity need not be
qualified in all
disciplines (PA 1210.A1-1, para. 1).
Answer (D) is incorrect. Unless other internal auditors possess
sufficient
knowledge of these competencies, hiring this person would
accentuate staffing
deficiencies.
[192] Gleim #: 2.5.91
At a minimum, how often should the skills of the internal audit staff
be assessed?
A. Annually.
B. Every 5 years.
C. Quarterly.
D. Semi-annually.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 103
Printed for Sanja Knezevic
Answer (A) is correct. The CAE should conduct periodic skills
assessments to
determine the specific resources available. Assessments should be
performed at least
annually.
Answer (B) is incorrect. Periodic skills assessments should be
performed more
frequently than every 5 years.
Answer (C) is incorrect. Periodic skills assessments do not need to
be performed
quarterly.
Answer (D) is incorrect. Periodic skills assessments do not need to
be performed
semiannually.
[193] Gleim #: 2.5.92
An internal auditor’s objectivity could be compromised in all of the
following
situations except
A conflict A. of interest.
An engagement client’s familiarity with the internal auditor due to lack
of rotation
in assignments.
B.
C. The internal auditor’s assumption of operational duties on a
temporary basis.
D. Reliance on an outside service provider when appropriate.
Answer (A) is incorrect. By definition, a conflict of interest can
compromise an
internal auditor’s objectivity.
Answer (B) is incorrect. The CAE can prevent potential and actual
conflicts of
interest by, when practicable, rotating internal audit staff assignments
periodically.
Answer (C) is incorrect. Persons transferred to, or temporarily
engaged by, the
internal audit activity should not be assigned to audit those activities
they
previously performed until at least 1 year has elapsed.
Answer (D) is correct. The CAE must obtain competent advice and
assistance if
the internal auditors lack the knowledge, skills, or other
competencies needed to
perform all or part of the engagement (Impl. Std. 1210.A1).
Consulting an outside
service provider is therefore appropriate in these circumstances.
[194] Gleim #: 2.5.93
The CAE determines that an external service provider (ESP)
possesses the necessary
knowledge, skills, and other competencies to perform the
engagement. The most
effective procedure to evaluate the ESP is
A. Considering the current compensation of the potential ESP.
Verifying that no financial, organizational, or personal relationships
will prevent
the ESP from rendering impartial and unbiased judgments.
B.
C. Contacting others familiar with the ESP’s work.
D. Determining the financial interest the ESP may have in the
organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 104
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Considering the current compensation of
the potential ESP
relates to assessing independence and objectivity.
Answer (B) is incorrect. Verifying that no financial, organizational, or
personal
relationships will prevent the ESP from rendering impartial and
unbiased judgments
relates to assessing independence and objectivity.
Answer (C) is correct. To evaluate the ESP’s reputation, the CAE
should interview
independent sources. Previous customers or clients who are familiar
with the ESP’s
work can provide feedback based on their direct experience. The
consensus of these
opinions is likely to be reliable.
Answer (D) is incorrect. Determining the financial interest the ESP
may have in the
organization relates to assessing independence and objectivity.
[195] Gleim #: 2.5.94
In some organizations, internal audit functions are outsourced.
Management in a large
organization should recognize that the external auditor may have an
advantage,
compared with the internal auditor, because of the external auditor’s
Familiarity with the organization. Its annual audits provide an indepth knowledge
of the organization.
A.
Size. It can hire experienced, knowledgeable, and B. certified staff.
Size. It is able to offer continuous availability of staff unaffected by
other
priorities.
C.
Structure. It may more easily accommodate engagement
requirements in distant
locations.
D.
Answer (A) is incorrect. The internal auditors are likely to be more
familiar with
the organization than the external auditors, given the continuous
nature of their
responsibilities.
Answer (B) is incorrect. The internal auditor also can hire
experienced,
knowledgeable, and certified staff.
Answer (C) is incorrect. The internal auditor is more likely to be
continuously
available. The external auditor has responsibilities to many other
clients.
Answer (D) is correct. Large organizations that are geographically
dispersed may
find outsourcing internal audit functions to external auditors to be
effective. A
major public accounting firm ordinarily has operations that are
national or
worldwide in scope.
[196] Gleim #: 2.6.95
Which of the following statements is true with respect to due
professional care?
An internal auditor should perform detailed tests of all transactions
before
communicating results.
A.
An item should not be mentioned in an engagement communication
unless the
internal auditor is absolutely certain of the item.
B.
An engagement communication should never be viewed as providing
an infallible
truth about a subject.
C.
D. An internal auditor has no responsibility to recommend
improvements.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 105
Printed for Sanja Knezevic
Answer (A) is incorrect. An internal auditor must conduct reasonable
examinations
and verifications, but detailed tests of all transactions are not
required.
Answer (B) is incorrect. Absolute assurance need not, and cannot,
be given.
Answer (C) is correct. Due professional care implies reasonable
care and competence,
not infallibility or extraordinary performance. Thus, it requires the
internal auditor to
conduct examinations and verifications to a reasonable extent.
Accordingly, internal
auditors cannot give absolute assurance that noncompliance or
irregularities do not
exist (PA 1220-1, para. 2).
Answer (D) is incorrect. An internal auditor must recommend
improvements to
promote conformance with acceptable procedures and practices.
[197] Gleim #: 2.6.96
An internal auditor observes that a receivables clerk has physical
access to and control
of cash receipts. The auditor worked with the clerk several years
before and has a high
level of trust in the individual. Accordingly, the auditor notes in the
engagement
working papers that controls over receipts are adequate. Has the
auditor exercised due
professional care?
Yes, reasonable care A. has been taken.
B. No, irregularities were not noted.
C. No, alertness to conditions most likely indicative of irregularities
was not shown.
D. Yes, the engagement working papers were annotated.
Answer (A) is incorrect. The auditor’s engagement observation is
inappropriate
given the lack of segregation of functions.
Answer (B) is incorrect. No indication is given that irregularities have
occurred.
Answer (C) is correct. Internal auditors must be alert to those
conditions and
activities where irregularities are most likely to occur and must
identify
inadequate controls (PA 1220-1, para. 1). Thus, the internal auditor
did not
exercise due professional care. Cash has a high degree of inherent
risk and should
therefore be subject to strict controls. Access to cash and the
recordkeeping
functions should be separated regardless of the personal qualities of
the
individuals involved. That the internal auditor trusts the clerk is
irrelevant.
Management still needs to be aware that internal control over
receivables is
inadequate.
Answer (D) is incorrect. Annotating the working papers does not
indicate that the
auditor exercised due professional care. Cash has a high inherent
risk of
irregularities, and professional judgment and alertness are
necessary.
[198] Gleim #: 2.6.97
Due professional care implies reasonable care and competence, not
infallibility or
extraordinary performance. Thus, which of the following is
unnecessary?
A. The conduct of examinations and verifications to a reasonable
extent.
B. The conduct of extensive examinations.
C. The reasonable assurance that compliance does exist.
D. The consideration of the possibility of material irregularities.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 106
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Examination and verification need only be
undertaken to a
reasonable extent.
Answer (B) is correct. Due professional care implies reasonable
care and competence,
not infallibility or extraordinary performance. It requires the internal
auditor to conduct
examinations and verifications to a reasonable extent (PA 1220-1,
para. 2).
Answer (C) is incorrect. An internal auditor cannot give absolute
assurance.
Answer (D) is incorrect. The possibility of material irregularities must
be considered.
[199] Gleim #: 2.6.98
An internal auditor judged an item to be immaterial when planning an
assurance
engagement. However, the assurance engagement may still include
the item if it is
subsequently determined that
Sufficient A. staff is available.
B. Adverse effects related to the item are likely to occur.
C. Related information is reliable.
D. Miscellaneous income is affected.
Answer (A) is incorrect. In the absence of other considerations,
devoting
additional engagement effort to an immaterial item is inefficient.
Answer (B) is correct. Internal auditors must exercise due
professional care by
considering the relative complexity, materiality, or significance of
matters to
which assurance procedures are applied (Impl. Std. 1220.A1).
Materiality
judgments are made in the light of all the circumstances and involve
qualitative as
well as quantitative considerations. Moreover, internal auditors also
must consider
the interplay of risk with materiality. Consequently, engagement effort
may be
required for a quantitatively immaterial item if adverse effects are
likely to occur,
for example, a material contingent liability arising from an illegal
payment that is
otherwise immaterial.
Answer (C) is incorrect. Additional engagement procedures might
not be needed
if related information is reliable.
Answer (D) is incorrect. The item is more likely to be included if it
affects
recurring income items rather than miscellaneous income.
[200] Gleim #: 2.6.99
With regard to the exercise of due professional care, an internal
auditor should
Consider the relative materiality or significance of matters to which
assurance
procedures are applied.
A.
B. Emphasize the potential benefits of an engagement without regard
to the cost.
Consider whether criteria have been established to determine
whether goals are
achieved, not whether those criteria are adequate.
C.
Select procedures that are likely to provide absolute assurance that
irregularities
do not exist.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 107
Printed for Sanja Knezevic
Answer (A) is correct. Exercising due professional care means
applying the care and
skill expected of a reasonably prudent and competent internal auditor
(Attr. Std. 1220).
Internal auditors must exercise due professional care by considering,
among other
things, the relative complexity, materiality, or significance of matters
to which
assurance procedures are applied (Impl. Std. 1220.A1).
Answer (B) is incorrect. The internal auditor should consider the
cost in relation to the
potential benefits before beginning an engagement.
Answer (C) is incorrect. Adequate criteria are needed to evaluate
controls. If
determined to be adequate, internal auditors must use such criteria
in their evaluation.
If inadequate, internal auditors must work with management to
develop appropriate
evaluation criteria.
Answer (D) is incorrect. Internal auditors cannot give absolute
assurance that
noncompliance or irregularities do not exist.
[201] Gleim #: 2.6.100
The internal audit activity can perform an important role in preventing
and detecting
significant fraud by being assigned all but which one of the following
tasks?
Review large, abnormal, or unexplained A. expenditures.
Review sensitive expenses, such as legal fees, consultant fees, and
foreign sales
commissions.
B.
C. Review every control feature pertaining to petty cash receipts.
D. Review contributions by the organization that appear to be
unusual.
Answer (A) is incorrect. To prevent or detect significant fraud, the
internal
auditor should review large, abnormal, or unexplained expenditures.
Answer (B) is incorrect. To prevent or detect significant fraud, the
internal
auditor should review sensitive expenses.
Answer (C) is correct. The internal auditor must exercise due
professional care by
considering the relative complexity, materiality, or significance of
matters to
which assurance procedures are applied. The cost of assurance in
relation to its
benefits also should be considered (Impl. Std. 1220.A1). Hence, an
exhaustive
review of petty cash is not an efficient and effective use of limited
internal audit
resources because it will not prevent or detect significant fraud. The
amount of
any theft of petty cash will not be substantial.
Answer (D) is incorrect. To prevent or detect significant fraud, the
internal
auditor should review unusual contributions.
[202] Gleim #: 2.6.101
To ensure that due professional care has been taken at all times
during an engagement,
the internal auditor should always
Ensure that all financial information related to the audit is included in
the audit
plan and examined for nonconformance or irregularities.
A.
B. Ensure that all audit tests are fully documented.
Consider the possibility of nonconformance or irregularities at all
times during an
engagement.
C.
Communicate any noncompliance or irregularity discovered during
an
engagement promptly to the audit committee.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 108
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The automatic inclusion of relevant financial
information in
an audit plan does not guarantee that due professional care has
been exercised over the
audit as a whole.
Answer (B) is incorrect. Keeping detailed working papers does not
ensure that due
professional care has been exercised during the tests.
Answer (C) is correct. Due professional care implies reasonable
care and competence,
not infallibility or extraordinary performance. Thus, due professional
care requires the
internal auditor to conduct examinations and verifications to a
reasonable extent.
Accordingly, internal auditors cannot give absolute assurance that
noncompliance or
irregularities do not exist. Nevertheless, the possibility of material
irregularities or
noncompliance needs to be considered whenever the internal auditor
undertakes an
internal auditing assignment (PA 1220-1, para. 2). Thus, considering
the possibility of
nonconformance or material irregularities at all times during an
engagement is the only
way of demonstrating that due professional care has been taken in
an internal audit
assignment.
Answer (D) is incorrect. Due professional care does not require that
immaterial
instances of noncompliance or irregularity be reported to the audit
committee.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 109
Printed for Sanja Knezevic
[203] Gleim #: 2.6.102
A staff internal auditor performed a portion of an engagement to
review an
organization’s marketing function. In particular, the internal auditor
evaluated the
function’s effective and efficient use of resources to identify
I. Underused facilities
II. Overstaffing or understaffing
III. Nonproductive work
IV. Procedures that were not cost justified
To test for underused facilities, the internal auditor performed a
complete walkthrough
of all spaces assigned to the marketing function and evaluated the
use of both
space and capital equipment. The internal auditor analyzed reports
on space usage for
the last year and concluded that facilities were neither underused nor
used at maximum
capacity.
To test for overstaffing or understaffing, the internal auditor compared
current staffing
levels with a staffing analysis recently completed by an independent
contractor.
Because the staffing analysis used work standards and service
demands to provide
factual and reliable information on staffing requirements, the internal
auditor was able
to conclude that staffing levels were optimal.
To test for nonproductive work, the internal auditor interviewed an
employee from
each level and, based upon their responses, concluded that no
significant amount of
nonproductive work was being performed. Thus, the internal auditor
concluded that
additional engagement work to search for procedures that were not
cost-justified
would not be necessary.
In reference to requirements I and II, due professional care
Was exercised because the internal auditor applied reasonable care
and
competence in both areas.
A.
Was not exercised because the internal auditor failed to apply
reasonable care
regarding requirement II.
B.
Was not exercised because the internal auditor failed to apply
reasonable care
regarding requirements I and II.
C.
Was not exercised because the internal auditor failed to apply
reasonable care
regarding requirement I.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 110
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Due professional care implies reasonable
care and competence,
not infallibility or extraordinary performance. Thus, due professional
care requires the
internal auditor to conduct examinations and verifications to a
reasonable extent.
Accordingly, internal auditors cannot give absolute assurance that
noncompliance or
irregularities do not exist. Nevertheless, the possibility of material
irregularities or
noncompliance needs to be considered whenever the internal auditor
undertakes an
internal audit assignment (PA 1220-1, para. 2). Accordingly, the work
performed with
regard to facilities usage and staffing was adequate and would
withstand normal
scrutiny.
Answer (B) is incorrect. The work performed in both areas was
adequate and would
withstand normal scrutiny.
Answer (C) is incorrect. The work performed in both areas was
adequate and would
withstand normal scrutiny.
Answer (D) is incorrect. The work performed in both areas was
adequate and would
withstand normal scrutiny.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 111
Printed for Sanja Knezevic
[204] Gleim #: 2.6.103
A staff internal auditor performed a portion of an engagement to
review an
organization’s marketing function. In particular, the internal auditor
evaluated the
function’s effective and efficient use of resources to identify
I. Underused facilities
II. Overstaffing or understaffing
III. Nonproductive work
IV. Procedures that were not cost justified
To test for underused facilities, the internal auditor performed a
complete walkthrough
of all spaces assigned to the marketing function and evaluated the
use of both
space and capital equipment. The internal auditor analyzed reports
on space usage for
the last year and concluded that facilities were neither underused nor
used at maximum
capacity.
To test for overstaffing or understaffing, the internal auditor compared
current staffing
levels with a staffing analysis recently completed by an independent
contractor.
Because the staffing analysis used work standards and service
demands to provide
factual and reliable information on staffing requirements, the internal
auditor was able
to conclude that staffing levels were optimal.
To test for nonproductive work, the internal auditor interviewed an
employee from
each level and, based upon their responses, concluded that no
significant amount of
nonproductive work was being performed. Thus, the internal auditor
concluded that
additional engagement work to search for procedures that were not
cost-justified
would not be necessary.
In reference to requirements III and IV, due professional care
Was exercised because the internal auditor applied reasonable care
and
competence in both areas.
A.
Was not exercised because the internal auditor failed to apply
reasonable care and
competence regarding requirement III.
B.
Was not exercised because the internal auditor failed to apply
reasonable care and
competence regarding both requirements III and IV.
C.
Was not exercised because the internal auditor failed to apply
reasonable care and
competence regarding requirement IV.
D.
Answer (A) is incorrect. Due professional care was not exercised in
regard to
requirements III and IV.
Answer (B) is incorrect. Due professional care was not exercised in
regard to
requirements III and IV.
Answer (C) is correct. The procedures performed as a basis for
concluding that
no nonproductive work was accomplished resulted in a failure to
identify
sufficient, reliable, relevant, and useful information to achieve the
engagement’s
objectives (Perf. Std. 2310). The opinions of individuals whose work
was in
question lacks reliability. Given that the information regarding area IV
was based
on that for area III, it also is suspect.
Answer (D) is incorrect. Due professional care was not exercised in
regard to
requirements III and IV.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 112
Printed for Sanja Knezevic
fb.com/ciaaofficial
[205] Gleim #: 2.6.104
Due professional care calls for
Detailed reviews of all transactions related to a particular A. function.
Infallibility and extraordinary performance when the system of
internal control is
known to be weak.
B.
Consideration of the possibility of material irregularities during every
engagement.
C.
Testing in sufficient detail to give absolute assurance that
noncompliance does not
exist.
D.
Answer (A) is incorrect. Detailed reviews of all transactions are not
required.
Answer (B) is incorrect. Reasonable care and skill, not infallibility or
extraordinary performance, are necessary.
Answer (C) is correct. Due care implies reasonable care and
competence, not
infallibility or extraordinary performance. Due care requires the
internal auditor to
conduct examinations and verifications to a reasonable extent, but
does not
require detailed reviews of all transactions. Accordingly, internal
auditors cannot
give absolute assurance that noncompliance or irregularities do not
exist.
Nevertheless, the possibility of material irregularities or
noncompliance should be
considered whenever an internal auditor undertakes an internal
auditing
assignment (PA 1220-1, para. 2).
Answer (D) is incorrect. Only reasonable, not absolute, assurance
can be given.
[206] Gleim #: 2.6.105
A certified internal auditor performed an assurance engagement to
review a
department store’s cash function. Which of the following actions will
be deemed
lacking in due professional care?
Organizational records were reviewed to determine whether all
employees who
handle cash receipts and disbursements were bonded.
A.
A flowchart of the entire cash function was developed, but only a
sample of
transactions was tested.
B.
The final engagement communication included a well-supported
recommendation
for the reduction in staff, although it was known that such a reduction
would
adversely affect morale.
C.
Because of a highly developed system of internal control over the
cash function,
the final engagement communication assured senior management
that no
irregularities existed.
D.
Answer (A) is incorrect. This review is a standard procedure.
Answer (B) is incorrect. Sampling is permissible. Detailed reviews of
all
transactions are often not required or feasible.
Answer (C) is incorrect. In exercising due professional care, internal
auditors
should be alert to inefficiency.
Answer (D) is correct. Internal auditors cannot give absolute
assurance that
noncompliance or irregularities do not exist (PA 1220-1, para. 2).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 113
Printed for Sanja Knezevic
[207] Gleim #: 2.6.106
In exercising due professional care, internal auditors must consider
which of the
following?
The relative complexity, materiality, or significance of matters to
which assurance
procedures are applied
I.
The extent of assurance procedures necessary to ensure that all
significant risks
will be identified
II.
The probability of significant errors, irregularities, III. or
noncompliance
A. I and II only.
B. II and III only.
C. I and III only.
D. I, II, and III.
Answer (A) is incorrect. The internal auditors need not consider the
extent of
assurance procedures necessary to ensure that all significant risks
will be
identified when exercising due professional care. But the internal
auditors must
consider the probability of significant errors, irregularities, or
noncompliance.
Answer (B) is incorrect. The internal auditors need not consider the
extent of
assurance procedures necessary to ensure that all significant risks
will be
identified when exercising due professional care. But the internal
auditors must
consider the relative complexity, materiality, or significance of matters
to which
assurance procedures are applied.
Answer (C) is correct. Internal auditors must exercise due
professional care by
considering the
Extent of work needed to achieve the engagement’s objectives
Relative complexity, materiality, or significance of matters to which
assurance procedures are applied
Adequacy and effectiveness of governance, risk management, and
control
processes
Probability of significant errors, fraud, or noncompliance
Cost of assurance in relation to potential benefits (Impl. Std.
1220.A1)
Assurance procedures alone, even when performed with due
professional care, do
not guarantee that all significant risks will be identified (Impl. Std.
1220.A3).
Answer (D) is incorrect. The internal auditors need not consider the
extent of
assurance procedures necessary to ensure that all significant risks
will be
identified when exercising due professional care.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 114
Printed for Sanja Knezevic
fb.com/ciaaofficial
[208] Gleim #: 2.6.107
Assurance engagements must be performed with proficiency and
due professional
care. Accordingly, the Standards require internal auditors to
Consider the probability of significant I. noncompliance
Perform assurance procedures with due professional care so that all
significant
risks are identified
II.
III. Weigh the cost of assurance against the benefits
A. I and II only.
B. I and III only.
C. II and III only.
D. I, II, and III.
Answer (A) is incorrect. Assurance procedures alone, even when
performed with
due professional care, do not guarantee that all significant risks will
be identified.
Moreover, internal auditors must weigh the cost of assurance against
the benefits.
Answer (B) is correct. Internal auditors must exercise due
professional care by
considering the
Extent of work needed to achieve the engagement’s objectives
Relative complexity, materiality, or significance of matters to which
assurance procedures are applied
Adequacy and effectiveness of governance, risk management, and
control
processes
Probability of significant errors, fraud, or noncompliance
Cost of assurance in relation to potential benefits (Impl. Std.
1220.A1)
Assurance procedures alone, even when performed with due
professional care, do
not guarantee that all significant risks will be identified (Impl. Std.
1220.A3).
Answer (C) is incorrect. Assurance procedures alone, even when
performed with
due professional care, do not guarantee that all significant risks will
be identified.
Furthermore, internal auditors must consider the probability of
significant
noncompliance.
Answer (D) is incorrect. Assurance procedures alone, even when
performed with
due professional care, do not guarantee that all significant risks will
be identified.
[209] Gleim #: 2.6.108
Internal auditors are responsible for continuing their education to
maintain their
proficiency. Which of the following is true regarding the continuing
education
requirements of the practicing internal auditor?
Internal auditors are required to obtain 40 hours of continuing
professional
education each year and a minimum of 120 hours over a 3-year
period.
A.
B. CIAs have formal requirements that must be met in order to
continue as CIAs.
Attendance, as an officer or committee member, at formal IIA
meetings does not
meet the criteria of continuing professional development.
C.
In-house programs meet continuing professional education
requirements only if
they have been preapproved by The IIA.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 115
Printed for Sanja Knezevic
Answer (A) is incorrect. The Standards do not state formal hour
requirements for
internal auditors. The intent of the Standards is to provide flexibility in
meeting the
requirements.
Answer (B) is correct. Internal auditors must enhance their
knowledge, skills, and
other competencies through continuing professional development
(Attr. Std. 1230). To
maintain the CIA designation, the CIA must commit to a formal
program of continuing
professional development and report to the Certification Department
of The IIA.
Answer (C) is incorrect. Continuing education may be obtained by
participation in
professional organizations.
Answer (D) is incorrect. Prior approval by The IIA is not necessary
for CPE courses.
[210] Gleim #: 2.6.109
During a consulting engagement, an internal auditor should exercise
due professional
care by considering which of the following?
Needs and expectations of I. engagement clients
II. Relative complexity and extent of work needed
III. Cost of the consulting engagement
A. I and II.
B. II and III.
C. I and III.
D. I, II, and III.
Answer (A) is incorrect. The internal auditor also must consider the
cost of the
consulting engagement in relation to the potential benefits when
exercising due
professional care on a consulting engagement.
Answer (B) is incorrect. The internal auditor also must consider the
needs and
expectations of engagement clients, including the nature, timing, and
communication of engagement results, when exercising due
professional care on a
consulting engagement.
Answer (C) is incorrect. The internal auditor also must consider the
relative
complexity and extent of work needed to achieve the engagement’s
objectives
when exercising due professional care on a consulting engagement.
Answer (D) is correct. The internal auditor must exercise due
professional care
during a consulting engagement by considering the
Needs and expectations of engagement clients, including the nature,
timing,
and communication of engagement results.
Relative complexity and extent of work needed to achieve the
engagement’s
objectives.
Cost of the consulting engagement in relation to potential benefits
(Impl. Std.
1220.C1).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 116
Printed for Sanja Knezevic
fb.com/ciaaofficial
[211] Gleim #: 2.6.110
An internal auditor must exercise due professional care in performing
engagements.
Due professional care includes
Establishing direct communication between the chief audit executive
and the
board.
A.
Evaluating established operating standards and determining whether
those
standards are adequate.
B.
Accumulating sufficient information so that the internal auditor can
give absolute
assurance that irregularities do not exist.
C.
Establishing suitable criteria of education and experience for filling
internal
auditing positions.
D.
Answer (A) is incorrect. Direct communication between the CAE
and the board
relates to independence rather than to due professional care.
Answer (B) is correct. In the exercise of due professional care, an
internal auditor
must, among other things, consider the adequacy and effectiveness
of governance,
risk management, and control processes (Impl. Std. 1220.A1).
Establishing
adequate operating standards is a governance process.
Answer (C) is incorrect. Internal auditors cannot provide absolute
assurance
regarding irregularities.
Answer (D) is incorrect. Establishing suitable criteria of education
and
experience for filling internal auditing positions pertains to
proficiency, not due
professional care.
[212] Gleim #: 2.6.111
An internal auditor has some suspicion of, but no information about,
potential
misstatement of financial statements. The internal auditor fails to
exercise due
professional care by
Identifying potential ways in which a misstatement could occur and
ranking the
items for investigation.
A.
Informing the engagement manager of the suspicions and asking for
advice on
how to proceed.
B.
Not testing for possible misstatement because the engagement work
program had
already been approved by engagement management.
C.
Expanding the engagement work program, without the engagement
client’s
approval, to address the highest ranked ways in which a
misstatement may have
occurred.
D.
Answer (A) is incorrect. Ranking the ways in which a misstatement
could occur
is consistent with the standard of due professional care.
Answer (B) is incorrect. Seeking advice is consistent with exercising
the standard
of due professional care.
Answer (C) is correct. Internal auditors must apply the care and skill
expected of
a reasonably prudent and competent internal auditor (Attr. Std.
1220).
Engagement work programs are expected to be modified to reflect
changing
circumstances. Thus, the internal auditor fails to exercise due
professional care by
not investigating a suspected misstatement solely because the work
program had
already been approved.
Answer (D) is incorrect. The internal auditor does not need the
engagement
client’s approval to expand the engagement work program.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 117
Printed for Sanja Knezevic
[213] Gleim #: 2.7.112
A quality assurance and improvement program of an internal audit
activity provides
reasonable assurance that internal auditing work is performed in
accordance with its
charter. Which of the following are designed to provide feedback on
the effectiveness
of an internal audit activity?
I. Proper supervision
II. Proper training
III. Internal reviews
IV. External reviews
A. I, II, and III only.
B. II, III, and IV only.
C. I, III, and IV only.
D. I, II, III, and IV.
Answer (A) is incorrect. Proper training is a feedforward, not a
feedback, control.
Answer (B) is incorrect. Proper training is a feedforward, not a
feedback, control.
Answer (C) is correct. A quality assurance and improvement
program is designed
to provide reasonable assurance to the various stakeholders of the
internal audit
activity that it (1) performs in accordance with its charter, (2) operates
effectively
and efficiently, and (3) is perceived by the stakeholders as adding
value and
improving operations. These processes include appropriate
supervision, periodic
internal assessments and ongoing monitoring of quality assurance,
and periodic
external assessments (PA 1300-1, para. 2).
Answer (D) is incorrect. Proper training is a feedforward, not a
feedback, control.
[214] Gleim #: 2.7.113
An individual became head of the internal audit activity of an
organization 1 week
ago. An engagement client has come to the person complaining
vigorously that one of
the internal auditors is taking up an excessive amount of client time
on an engagement
that seems to be lacking a clear purpose. In handling this conflict
with a client, the
person should consider
A. Discounting what is said, but documenting the complaint.
Whether existing procedures within the internal audit activity provide
for proper
planning and quality assurance.
B.
Presenting an immediate defense of the internal auditor based upon
currently
known facts.
C.
D. Promising the client that the internal auditor will finish the work
within 1 week.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 118
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The CAE has responsibilities for planning
engagement work
schedules and maintaining a quality assurance and improvement
program and cannot
afford to ignore a potentially valid complaint.
Answer (B) is correct. The CAE should examine departmental
procedures and the
conduct of the specific engagement mentioned to ascertain that
proper planning and
quality assurance procedures are in place and are being followed.
Answer (C) is incorrect. Taking a defensive position with the client
stifles
communication, hampers future engagement involvements, and
ignores basic
responsibilities for managing the internal audit activity.
Answer (D) is incorrect. Making a promise to end the work within a
specified time
without knowledge of the work schedule jeopardizes the authority of
the CAE and the
internal audit activity in the current and future engagements. The
CAE has an
obligation to assure that adequate time is allowed for achieving
engagement objectives.
[215] Gleim #: 2.7.114
The chief audit executive should develop and maintain a quality
assurance and
improvement program that covers all aspects of the internal audit
activity and
continuously monitors its effectiveness. All of the following are
included in a quality
program except
Annual appraisals of individual internal auditors’ A. performance.
B. Periodic internal assessment.
C. Supervision.
D. Periodic external assessments.
Answer (A) is correct. Appraising each internal auditor’s work at
least annually is
properly a function of the human resources program of the internal
audit activity.
Answer (B) is incorrect. Internal assessment is an element of a
quality program.
Answer (C) is incorrect. Supervision is an element of a quality
program. Ongoing
reviews are internal assessments that include engagement
supervision.
Answer (D) is incorrect. External assessment is an element of a
quality program.
[216] Gleim #: 2.7.115
Assessment of a quality assurance and improvement program
should include
evaluation of all of the following except
A. Adequacy of the oversight of the work of external auditors.
B. Conformance with the Standards and Code of Ethics.
C. Adequacy of the internal audit activity’s charter.
D. Contribution to the organization’s governance processes.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 119
Printed for Sanja Knezevic
Answer (A) is correct. Oversight of the work of external auditors,
including
coordination with the internal audit activity, is the responsibility of the
board (PA
2050-1, para. 1). It is not within the scope of the process for
monitoring and assessing
the quality program.
Answer (B) is incorrect. Conformance with the Definition of Internal
Auditing,
Standards, and Code of Ethics, including timely corrective actions to
remedy any
significant instances of nonconformance, is an element of the
assessment of a quality
program.
Answer (C) is incorrect. Adequacy of the internal audit activity’s
charter, goals,
objectives, policies, and procedures is an element of the assessment
of a quality
program.
Answer (D) is incorrect. Contribution to the organization’s
governance, risk
management, and control processes is an element of the
assessment of a quality
program.
[217] Gleim #: 2.7.116
The internal audit activity’s quality assurance and improvement
program is the
responsibility of
A. External auditors.
B. The chief audit executive.
C. The board.
D. The audit committee.
Answer (A) is incorrect. External auditors may perform an external
assessment,
but the CAE is responsible for it.
Answer (B) is correct. The chief audit executive must develop and
maintain a
quality assurance and improvement program that covers all aspects
of the internal
audit activity (Attr. Std. 1300).
Answer (C) is incorrect. The CAE may report results to the board,
but the
program is the CAE’s responsibility.
Answer (D) is incorrect. The CAE may report results to the audit
committee, but
the program is the CAE’s responsibility.
[218] Gleim #: 2.7.117
Which of the following is responsible for developing and maintaining
a quality
assurance and improvement program that covers all aspects of the
internal audit
activity and continuously monitors its effectiveness?
A. Senior management.
B. Chief audit executive.
C. The board of directors.
D. Audit committee.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 120
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Senior management is not responsible for
the quality
assurance and improvement program for the internal audit activity.
Answer (B) is correct. The chief audit executive must develop and
maintain a quality
assurance and improvement program that covers all aspects of the
internal audit
activity (Attr. Std.1300).
Answer (C) is incorrect. The directors are not responsible for the
quality assurance
and improvement program for the internal audit activity.
Answer (D) is incorrect. The audit committee is not responsible for
the quality
assurance and improvement program for the internal audit activity.
[219] Gleim #: 2.8.118
At what minimal required frequency does the chief audit executive
report the results of
internal assessments in the form of ongoing monitoring to senior
management and the
board?
A. Monthly.
B. Quarterly.
C. Annually.
D. Biennially.
Answer (A) is incorrect. The CAE may report on a monthly basis,
but the
minimal requirement for reporting is annually.
Answer (B) is incorrect. The CAE may report on a quarterly basis,
but the
minimal requirement for reporting is annually.
Answer (C) is correct. To demonstrate conformance with the
mandatory IIA
guidance, the results of external and periodic internal assessments
are
communicated upon completion of such assessments and the results
of ongoing
monitoring are communicated at least annually (Inter. Std. 1320).
Answer (D) is incorrect. The CAE is required to report more
frequently than
every 2 years.
[220] Gleim #: 2.8.119
Internal auditors may report that their activities conform with the
Standards. They may
use this statement only if
A. It is supported by the results of the quality program.
An independent external assessment of the internal audit activity is
conducted
annually.
B.
Senior management or the board is accountable for implementing a
quality
program.
C.
D. External assessments of the internal audit activity are made by
external auditors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 121
Printed for Sanja Knezevic
Answer (A) is correct. The chief audit executive may state that the
internal audit
activity conforms with the International Standards for the
Professional Practice of
Internal Auditing only if the results of the quality assurance and
improvement program
support this statement (Attr. Std. 1321).
Answer (B) is incorrect. An independent external assessment of the
internal audit
activity must be conducted at least once every 5 years.
Answer (C) is incorrect. The CAE must develop and maintain a
QAIP that covers all
aspects of the internal audit activity.
Answer (D) is incorrect. Assessments also may be made by others
who are (1)
independent, (2) qualified, and (3) from outside the organization.
[221] Gleim #: 2.8.120
When is initial use of the conformance phrase by internal auditors
appropriate?
After an internal review completed within A. the past 5 years.
B. After an external review completed within the past 10 years.
C. After an internal review completed within the past 10 years.
D. After an external review completed within the past 5 years.
Answer (A) is incorrect. An internal audit activity must have an
external
assessment every 5 years.
Answer (B) is incorrect. Initial use of the conformance phrase
requires the
completion of an external assessment within the past 5 years.
Answer (C) is incorrect. Initial use of the conformance phrase
requires the
completion of an external assessment within the past 5 years.
Answer (D) is correct. The chief audit executive may state that the
internal audit
activity conforms with the International Standards for the
Professional Practice
of Internal Auditing only if the results of the quality assurance and
improvement
program support this statement (Attr. Std. 1321). To use the phrase,
the chief audit
executive of an internal audit activity in existence for at least 5 years
must have
the results of an external assessment within that period.
[222] Gleim #: 2.8.121
Following an external assessment of the internal audit activity, who is
(are)
responsible for communicating the results to the board?
A. Internal auditors.
B. Audit committee.
C. Chief audit executive.
D. External auditors.
Answer (A) is incorrect. The chief audit executive (not internal
auditors) is
responsible for communicating the results of external assessments to
the board.
Answer (B) is incorrect. The chief audit executive (not the audit
committee) is
responsible for communicating the results of external assessments to
the board.
Answer (C) is correct. The chief audit executive must communicate
the results of
the QAIP to senior management and the board (Attr. Std. 1320).
Answer (D) is incorrect. The chief audit executive (not external
auditors) is
responsible for communicating the results of external assessments to
the board.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 122
Printed for Sanja Knezevic
fb.com/ciaaofficial
[223] Gleim #: 2.8.122
To demonstrate conformance of the internal audit activity with the
mandatory
guidance of The IIA,
The chief audit executive determines the form and content of the
results
communicated.
A.
The results of external assessments are communicated upon B. their
completion.
C. The results of periodic internal assessments are communicated at
least annually.
D. The results of ongoing monitoring are communicated upon their
completion.
Answer (A) is incorrect. The form, content, and frequency of
communicating the
results of the quality assurance and improvement program is
established through
discussions with senior management and the board and considers
the
responsibilities of the internal audit activity and chief audit executive
as contained
in the internal audit charter.
Answer (B) is correct. “To demonstrate conformance with the
Definition of
Internal Auditing and the Standards, and application of the Code of
Ethics, the
results of external and periodic internal assessments are
communicated upon
completion of such assessments and the results of ongoing
monitoring are
communicated at least annually. The results include the assessor’s
or assessment
team’s evaluation with respect to the degree of conformance” (Inter.
Std. 1320).
Answer (C) is incorrect. The results of periodic internal assessments
are
communicated upon their completion.
Answer (D) is incorrect. The results of ongoing monitoring are
communicated at
least annually.
[224] Gleim #: 2.9.123
Which of the following is part of an internal audit activity’s quality
assurance
program, rather than being included as part of other responsibilities
of the chief audit
executive (CAE)?
The CAE provides information about and access to internal audit
working papers
to the external auditors to enable them to understand and determine
the degree to
which they may rely on the internal auditors’ work.
A.
Management approves a formal charter establishing the purpose,
authority, and
responsibility of the internal audit activity.
B.
C. Each individual internal auditor’s performance is appraised at
least annually.
Supervision of an internal auditor’s work is performed throughout
each audit
engagement.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 123
Printed for Sanja Knezevic
Answer (A) is incorrect. Providing working papers to the external
auditors relates to
the responsibility of the CAE to coordinate with external auditors.
Answer (B) is incorrect. A CAE’s responsibility to seek approval of a
charter to
establish the authority, purpose, and responsibility of the internal
audit activity is not
part of a quality assurance program.
Answer (C) is incorrect. Individual performance appraisals are part
of a CAE’s
responsibility for personnel management and development.
Answer (D) is correct. The CAE develops and maintains a quality
assurance and
improvement program (Attr. Std. 1300) that includes ongoing and
periodic
assessments (PA 1300-1, para. 2). Ongoing monitoring is
incorporated into the routine
policies and practices used to manage the internal audit activity.
Engagement
supervision is among the processes and tools used in ongoing
internal assessments (PA
1311-1, para. 1).
[225] Gleim #: 2.9.124
Ordinarily, those conducting internal quality program assessments
report to
A. The board.
B. The chief audit executive.
C. Senior management.
D. The internal audit staff.
Answer (A) is incorrect. At least annually, the CAE reports the
results of internal
assessments to the board.
Answer (B) is correct. The CAE establishes a structure for reporting
results of
internal assessments that maintains appropriate credibility and
objectivity.
Generally, those assigned responsibility for conducting ongoing and
periodic
reviews report to the CAE while performing the reviews and
communicate results
directly to the CAE (PA 1311-1, para. 7).
Answer (C) is incorrect. The CAE shares information about internal
assessments
with appropriate persons outside the internal audit activity, such as
senior
management.
Answer (D) is incorrect. Results ordinarily are communicated
directly to the
CAE. Given a self-assessment, reporting to the internal audit staff
essentially
involves having the staff report to itself.
[226] Gleim #: 2.9.125
As a part of a quality program, internal assessment teams most likely
will examine
which of the following to evaluate the quality of engagement planning
and
documentation for individual engagements?
A. Written engagement work programs.
B. Project assignment documentation.
C. Weekly status reports.
D. The long-range engagement work schedule.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 124
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Internal assessments must include ongoing
monitoring of the
performance of the internal audit activity and periodic selfassessments or assessments
by other persons within the organization with sufficient knowledge of
internal auditing
practices (Attr. Std. 1311). The processes and tools used in ongoing
internal
assessments include, among other things, selective peer reviews of
working papers by
staff not involved in the respective audits (PA 1311-1, para. 1).
Answer (B) is incorrect. Project assignment documentation contains
less relevant
information for assessment purposes than work programs.
Answer (C) is incorrect. Status reports do not bear directly on
planning.
Answer (D) is incorrect. The long-range engagement work schedule
does not relate to
planning and documentation for individual engagements.
[227] Gleim #: 2.9.126
Periodic internal assessments of the internal audit activity primarily
serve the needs of
The A. board of directors.
B. The internal audit activity’s staff.
C. The chief audit executive (CAE).
D. Senior management.
Answer (A) is incorrect. The directors are secondary users of a
periodic internal
assessment.
Answer (B) is incorrect. The internal audit activity staff are
secondary users of a
periodic internal assessment.
Answer (C) is correct. Those conducting internal assessments
generally should
report to the CAE while performing the reviews and communicate
directly to the
CAE (PA 1311-1, para. 7).
Answer (D) is incorrect. Senior management is a secondary user of
a periodic
internal assessment.
[228] Gleim #: 2.9.127
Quality program assessments may be performed internally or
externally. A
distinguishing feature of an external assessment is its objective to
A. Identify tasks that can be performed better.
B. Determine whether internal audit services meet professional
standards.
C. Set forth the recommendations for improvement.
D. Provide independent assurance.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 125
Printed for Sanja Knezevic
Answer (A) is incorrect. An internal assessment will identify tasks
that can be
performed better.
Answer (B) is incorrect. An internal assessment will determine
whether internal audit
services meet professional standards.
Answer (C) is incorrect. An internal assessment will set forth
recommendations for
improvement.
Answer (D) is correct. External assessments must be conducted at
least once every 5
years by a qualified, independent reviewer or review team from
outside the
organization (Attr. Std. 1312). Individuals who perform the external
assessment are
free of any obligation to, or interest in, the organization whose
internal audit activity is
assessed (PA 1312-1, para. 5).
[229] Gleim #: 2.9.128
External assessment of an internal audit activity is not likely to
evaluate
Adherence to the internal audit A. activity’s charter.
B. Conformance with the Standards.
C. Detailed cost-benefit analysis of the internal audit activity.
D. The tools and techniques employed by the internal audit activity.
Answer (A) is incorrect. Adherence to the internal audit activity’s
charter is
within the broad scope of coverage of the external assessment.
Answer (B) is incorrect. Conformance with the Standards is within
the broad
scope of coverage of the external assessment.
Answer (C) is correct. The external assessment has a broad scope
of coverage
that includes, among other things, conformance with The IIA’s
mandatory
guidance and the internal audit activity’s charter, plans, policies,
procedures,
practices, and applicable legislative and regulatory requirements;
and the
expectations of the internal audit activity expressed by the board,
senior
management, and operational managers (PA 1312-1, para. 10).
However, the costs
and benefits of internal auditing are neither easily quantifiable nor the
subject of
an external assessment.
Answer (D) is incorrect. The tools and techniques of the internal
audit activity are
within the broad scope of coverage of the external assessment.
[230] Gleim #: 2.9.129
An external assessment of an internal audit activity contains an
expressed opinion. The
opinion applies
A. Only to the internal audit activity’s conformance with the
Standards.
B. Only to the effectiveness of the internal auditing coverage.
C. Only to the adequacy of internal control.
D. To the entire spectrum of assurance and consulting work.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 126
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. An opinion is expressed on all assurance
and consulting
work performed (or that should have been performed under its
charter).
Answer (B) is incorrect. The scope of an external assessment
extends to more than the
effectiveness of the internal auditing coverage.
Answer (C) is incorrect. An external assessment addresses the
internal audit activity,
not the adequacy of the organization’s controls.
Answer (D) is correct. External assessments of an internal audit
activity contain an
expressed opinion as to the entire spectrum of assurance and
consulting work
performed (or that should have been performed under its charter),
including (but not
limited to) conformance with the Definition of Internal Auditing, the
Code of Ethics,
and the Standards. An external assessment also includes, as
appropriate,
recommendations for improvement (PA 1312-1, para. 2).
[231] Gleim #: 2.9.130
The interpretation related to quality assurance given by the
Standards is that
External assessments can provide senior management and the
board with
independent assurance about the quality of the internal audit activity.
A.
Appropriate follow-up to an external assessment is the responsibility
of the chief
audit executive’s immediate supervisor.
B.
The internal audit activity is primarily measured against The IIA’s C.
Code of Ethics.
Supervision is limited to the planning, examination, evaluation,
communication,
and follow-up process.
D.
Answer (A) is correct. External assessments provide an
independent and
objective evaluation of the internal audit activity’s compliance with
the Standards
and Code of Ethics.
Answer (B) is incorrect. The communication of final results of an
external
assessment should include the CAE’s responses. These include an
action plan and
implementation dates. Moreover, the results are communicated to
the stakeholders
of the internal audit activity, such as senior management, the board,
and the
external auditors.
Answer (C) is incorrect. The external assessment considers the
internal audit
activity’s conformance with the Definition of Internal Auditing, the
Standards,
and the Code of Ethics.
Answer (D) is incorrect. Supervision begins with planning and
continues
throughout the engagement.
[232] Gleim #: 3.1.1
Which of the following is not implied by the definition of control?
A. Measurement of progress toward goals.
B. Uncovering of deviations from plans.
C. Assignment of responsibility for deviations.
D. Indication of the need for corrective action.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 127
Printed for Sanja Knezevic
Answer (A) is incorrect. Measurement of progress toward goals is
implied by the
definition of control.
Answer (B) is incorrect. Uncovering of deviations from plans is
implied by the
definition of control.
Answer (C) is correct. The elements of control include (1)
establishing standards for
the operation to be controlled, (2) measuring performance against
the standards, (3)
examining and analyzing deviations, (4) taking corrective action, and
(5) reappraising
the standards based on experience. Thus, assigning responsibility
for deviations found
is not a part of the controlling function.
Answer (D) is incorrect. Indication of the need for corrective action
is implied by the
definition of control.
[233] Gleim #: 3.1.2
Controls provide assurance to management that desired actions will
be accomplished
when objectives are established in writing and
Standards are adopted, results are compared with the standards,
and corrective
actions are undertaken.
A.
Are communicated to employees in writing and are updated by
operating
personnel as conditions change.
B.
Policies and procedures for activities are set out in manuals for use
by properly
trained personnel.
C.
Internal reviews as to the propriety and effectiveness of the
objectives are
undertaken on a periodic basis by the internal audit activity.
D.
Answer (A) is correct. The elements of control include (1)
establishing standards
for the operation to be controlled, (2) measuring performance against
the
standards, (3) examining and analyzing deviations, (4) taking
corrective action,
and (5) reappraising the standards based on experience. These
elements of control
provide reasonable assurance to management that established
objectives and goals
will be achieved.
Answer (B) is incorrect. More than simply the establishment and
communication
of objectives is required for effective control.
Answer (C) is incorrect. The essential elements of adoption of
standards,
comparison, and corrective action are also needed.
Answer (D) is incorrect. The essential elements of adoption of
standards,
comparison, and corrective action are also needed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 128
Printed for Sanja Knezevic
fb.com/ciaaofficial
[234] Gleim #: 3.1.3
An internal auditor is examining inventory control in a merchandising
division with
annual sales of US $3,000,000 and a 40% gross profit rate. Tests
show that 2% of the
monetary amount of purchases do not reach inventory because of
breakage and
employee theft. Adding certain controls costing US $35,000 annually
could reduce
these losses to .5% of purchases. Should the controls be
recommended?
Yes, because the projected saving exceeds the cost of A. the added
controls.
B. No, because the cost of the added controls exceeds the projected
savings.
C. Yes, because the ideal system of internal control is the most
extensive one.
Yes, regardless of cost-benefit considerations, because the situation
involves
employee theft.
D.
Answer (A) is incorrect. The cost exceeds the benefit.
Answer (B) is correct. Controls must be subject to the cost-benefit
criterion. The
annual cost of these inventory controls is US $35,000, but the cost
savings is only
US $27,000 {(2.0% – 0.5%) × [$3,000,000 sales × (1.0 – 0.4 gross
profit rate)]}.
Hence, the cost exceeds the benefit, and the controls should not be
recommended.
Answer (C) is incorrect. The ideal system is subject to the costbenefit criterion.
The most extensive system of internal controls may not be cost
effective.
Answer (D) is incorrect. Cost-benefit considerations apply even to
employee
theft.
[235] Gleim #: 3.1.4
Which of the following statements best describes the relationship
between planning
and controlling?
A. Planning looks to the future; controlling is concerned with the past.
B. Planning and controlling are completely independent of each
other.
Planning prevents problems; controlling is initiated by problems that
have
occurred.
C.
D. Controlling cannot operate effectively without the tools provided
by planning.
Answer (A) is incorrect. A control system looks to the future when it
provides for
corrective action and review and revision of standards.
Answer (B) is incorrect. Planning and controlling overlap.
Answer (C) is incorrect. Comprehensive planning includes creation
of controls.
Answer (D) is correct. Control is the process of making certain that
plans are
achieving the desired objectives. The elements of control include (1)
establishing
standards for the operation to be controlled, (2) measuring
performance against
the standards, (3) examining and analyzing deviations, (4) taking
corrective
action, and (5) reappraising the standards based on experience.
Planning provides
needed tools for the control process by establishing standards, i.e.,
the first step.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 129
Printed for Sanja Knezevic
[236] Gleim #: 3.1.5
Which of the following best defines control?
Control is the result of proper planning, organizing, and directing A.
by management.
B. Controls are statements of what the organization chooses to
accomplish.
Control is provided when cost-effective measures are taken to
restrict deviations
to a tolerable level.
C.
Control accomplishes objectives and goals in an accurate, timely,
and economical
fashion.
D.
Answer (A) is correct. A control is “any action taken by management,
the board,
and other parties to manage risk and increase the likelihood that
established
objectives and goals will be achieved” (The IIA Glossary). Thus,
control is the
result of proper planning, organizing, and directing by management.
Answer (B) is incorrect. Established objectives and goals are what
the
organization chooses to accomplish.
Answer (C) is incorrect. The internal audit activity evaluates the
efficiency of
controls, but the definition of control addresses effectiveness in
achieving
objectives and goals.
Answer (D) is incorrect. Efficient performance accomplishes
objectives and goals
in an accurate, timely, and economical fashion.
[237] Gleim #: 3.1.6
Internal auditors regularly evaluate controls. Which of the following
best describes the
concept of control as recognized by internal auditors?
Management regularly discharges personnel who do not perform up
to
expectations.
A.
Management takes action to enhance the likelihood that established
goals and
objectives will be achieved.
B.
Control represents specific procedures that accountants and internal
auditors
design to ensure the correctness of processing.
C.
Control procedures should be designed from the “bottom up” to
ensure attention
to detail.
D.
Answer (A) is incorrect. Termination of employees who perform
unsatisfactorily
is not a comprehensive definition of control.
Answer (B) is correct. A control is any action taken by management,
the board,
and other parties to manage risk and increase the likelihood that
established
objectives and goals will be achieved (IIA Glossary).
Answer (C) is incorrect. Control is not limited to processing.
Moreover, it should
be designed by management, the board, and others, not by internal
auditors. The
internal auditor’s objectivity is impaired by designing such systems.
Answer (D) is incorrect. Some control procedures may be designed
from the
bottom up, but the concept of control flows from management and
the board down
through the organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 130
Printed for Sanja Knezevic
fb.com/ciaaofficial
[238] Gleim #: 3.1.7
Specific airline ticket information, including fare, class, purchase
date, and lowest
available fare options, as prescribed in the organization’s travel
policy, is obtained and
reported to department management when employees purchase
airline tickets from the
organization’s authorized travel agency. Such a report provides
information for
Quality of performance in relation to the organization’s A. travel
policy.
B. Identifying costs necessary to process employee business
expense report data.
C. Departmental budget-to-actual comparisons.
D. Supporting employer’s business expense deductions.
Answer (A) is correct. Comparison of actual performance against a
standard
provides information for assessing quality of performance.
Answer (B) is incorrect. This ticket information is preliminary;
employees may
change tickets and routings prior to their trip.
Answer (C) is incorrect. Departmental budget-to-actual comparisons
do not
necessarily reflect the actual costs ultimately incurred.
Answer (D) is incorrect. Supporting expense deductions may not
necessarily
reflect actual costs.
[239] Gleim #: 3.1.8
The actions taken to manage risk and increase the likelihood that
established
objectives and goals will be achieved are best described as
A. Supervision.
B. Quality assurance.
C. Control.
D. Compliance.
Answer (A) is incorrect. Supervision is just one means of achieving
control.
Answer (B) is incorrect. Quality assurance relates to just one set of
objectives and
goals. It does not pertain to achievement of all established
organizational
objectives and goals.
Answer (C) is correct. Control is “any action taken by management,
the board,
and other parties to manage risk and increase the likelihood that
established
objectives and goals will be achieved” (The IIA Glossary).
Answer (D) is incorrect. Compliance is “adherence to policies,
plans, procedures,
laws, regulations, contracts, or other requirements” (The IIA
Glossary).
[240] Gleim #: 3.1.9
According to The IIA Glossary appended to the Standards, which of
the following are
most directly designed to ensure that risks are contained?
A. Risk management processes.
B. Internal audit activities.
C. Control processes.
D. Governance processes.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 131
Printed for Sanja Knezevic
Answer (A) is incorrect. Risk management is a process to identify,
assess, manage,
and control potential events or situations to provide reasonable
assurance regarding the
achievement of the organization’s objectives.
Answer (B) is incorrect. An internal audit activity is a department,
division, team of
consultants, or other practitioner(s) that provides independent,
objective assurance and
consulting services designed to add value and improve an
organization’s operations.
Answer (C) is correct. Control processes are the policies,
procedures, and activities
that are part of a control framework, designed to ensure that risks are
contained within
the risk tolerances established by the risk management process.
Answer (D) is incorrect. Governance is the combination of
processes and structures
implemented by the board to inform, direct, manage, and monitor the
activities of the
organization toward the achievement of its objectives.
[241] Gleim #: 3.2.10
The requirement that purchases be made from suppliers on an
approved vendor list is
an example of a
A. Preventive control.
B. Detective control.
C. Corrective control.
D. Monitoring control.
Answer (A) is correct. Preventive controls are actions taken prior to
the
occurrence of transactions with the intent of stopping events that will
have
negative effects from occurring. Use of an approved vendor list is a
control to
prevent the use of unacceptable suppliers.
Answer (B) is incorrect. A detective control identifies errors after
they have
occurred.
Answer (C) is incorrect. Corrective controls correct the problems
identified by
detective controls.
Answer (D) is incorrect. Monitoring controls are designed to ensure
the quality of
the control system’s performance over time.
[242] Gleim #: 3.2.11
Controls that are designed to provide management with assurance of
the realization of
specified minimum gross margins on sales are
A. Directive controls.
B. Preventive controls.
C. Detective controls.
D. Output controls.
Answer (A) is correct. The objective of directive controls is to cause
or encourage
desirable events to occur, e.g., providing management with
assurance of the
realization of specified minimum gross margins on sales.
Answer (B) is incorrect. Preventive controls deter undesirable
events from
occurring.
Answer (C) is incorrect. Detective controls uncover and correct
undesirable
events that have occurred.
Answer (D) is incorrect. Output controls relate to the accuracy and
reasonableness of information processed by a system, not to
operating controls.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 132
Printed for Sanja Knezevic
fb.com/ciaaofficial
[243] Gleim #: 3.2.12
The procedure requiring preparation of a prelisting of incoming cash
receipts, with
copies of the prelist going to the cashier and to accounting, is an
example of which
type of control?
A. Preventive.
B. Corrective.
C. Detective.
D. Directive.
Answer (A) is correct. A prelisting of cash receipts in the form of
checks is a
preventive control. It is intended to deter undesirable events from
occurring.
Because irregularities involving cash most likely take place before
receipts are
recorded, either remittance advices or a prelisting of checks should
be prepared in
the mailroom so as to establish recorded accountability for cash as
soon as
possible. A cash register tape is a form of prelisting for cash received
over the
counter. One copy of a prelisting will go to accounting for posting to
the cash
receipts journal, and another is sent to the cashier for reconciliation
with checks
and currency received.
Answer (B) is incorrect. A corrective control remedies an error or
irregularity.
Answer (C) is incorrect. A detective control uncovers an error or
irregularity that
has already occurred.
Answer (D) is incorrect. A directive control causes or encourages a
desirable
event.
[244] Gleim #: 3.2.13
Controls may be classified according to the function they are
intended to perform, for
example, as detective, preventive, or directive. Which of the following
is a directive
control?
A. Monthly bank statement reconciliations.
B. Dual signatures on all disbursements over a specific amount.
C. Recording every transaction on the day it occurs.
D. Requiring all members of the internal audit activity to be CIAs.
Answer (A) is incorrect. Monthly bank statement reconciliation is a
detective
control. The events audited have already occurred.
Answer (B) is incorrect. Requiring dual signatures on all
disbursements over a
specific amount is a preventive control. The control is designed to
deter an
undesirable event.
Answer (C) is incorrect. Recording every transaction on the day it
occurs is a
preventive control. The control is designed to deter an undesirable
event.
Answer (D) is correct. Requiring all members of the internal audit
activity to be
CIAs is a directive control. The control is designed to cause or
encourage a
desirable event to occur. The requirement enhances the
professionalism and level
of expertise of the internal audit activity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 133
Printed for Sanja Knezevic
[245] Gleim #: 3.2.14
An organization’s policies and procedures are part of its overall
system of internal
controls. The control function performed by policies and procedures
is
A. Feedforward control.
B. Implementation control.
C. Feedback control.
D. Application control.
Answer (A) is correct. Feedforward controls anticipate and prevent
problems.
Policies and procedures serve as feedforward controls because they
provide
guidance on how an activity should be performed to best ensure that
an objective
is achieved.
Answer (B) is incorrect. Implementation controls are applied during
systems
development.
Answer (C) is incorrect. Policies and procedures provide primary
guidance before
and during the performance of some task rather than give feedback
on its
accomplishment.
Answer (D) is incorrect. Application controls apply to specific
applications, e.g.,
payroll or accounts payable.
[246] Gleim #: 3.2.15
Managerial control can be divided into feedforward, concurrent, and
feedback
controls. Which of the following is an example of a feedback control?
A. Quality control training.
B. Budgeting.
C. Forecasting inventory needs.
D. Variance analysis.
Answer (A) is incorrect. Quality control training is a feedforward, or
futuredirected,
control.
Answer (B) is incorrect. Budgeting is a feedforward, or futuredirected, control.
Answer (C) is incorrect. Forecasting inventory needs is a
feedforward, or futuredirected,
control.
Answer (D) is correct. A feedback control measures actual
performance, i.e.,
something that has already occurred, to ensure that a desired future
state is
attained. It is used to evaluate past activity to improve future
performance. A
variance is a deviation from a standard. Hence, variance analysis is
a feedback
control.
[247] Gleim #: 3.2.16
The operations manager of a company notified the treasurer of that
organization 60
days in advance that a new, expensive piece of machinery was going
to be purchased.
This notification allowed the treasurer to make an orderly liquidation
of some of the
company’s investment portfolio on favorable terms. What type of
control was
involved?
A. Feedback.
B. Strategic.
C. Concurrent.
D. Feedforward.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 134
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Feedback controls apply to decision making
based on
evaluations of past performance.
Answer (B) is incorrect. Strategic controls are broad-based and
affect an organization
over a long period. They apply to such long-term variables as quality
and R&D.
Answer (C) is incorrect. Concurrent controls adjust ongoing
processes.
Answer (D) is correct. Feedforward controls provide for the active
anticipation of
problems so that they can be avoided or resolved in a timely manner.
Another example
is the quality control inspection of raw materials and work-in-process
to avoid
defective finished goods.
[248] Gleim #: 3.2.17
As part of a total quality control program, a firm not only inspects
finished goods but
also monitors product returns and customer complaints. Which type
of control best
describes these efforts?
A. Feedback control.
B. Feedforward control.
C. Production control.
D. Inventory control.
Answer (A) is correct. A feedback control measures actual
performance,
something that has already occurred, to ensure that a desired future
state is
attained. It is used to evaluate the past to improve future
performance. Inspecting
finished goods, monitoring product returns, and evaluating
complaints are postaction
controls intended to eliminate deviations in future cycles of the
process
under control.
Answer (B) is incorrect. Feedforward controls anticipate problems
before they
occur.
Answer (C) is incorrect. Customer complaints are not part of
production control.
Answer (D) is incorrect. The three types of control are feedforward,
concurrent,
and feedback.
[249] Gleim #: 3.2.18
The use of financial statement analysis, quality control procedures,
and employee
performance evaluations are all examples of
A. Preliminary controls.
B. Concurrent controls.
C. Feedback controls.
D. Feedforward controls.
Answer (A) is incorrect. Feedforward (preliminary) controls
anticipate and avoid
future performance problems, e.g., budgeting.
Answer (B) is incorrect. Concurrent controls are applied midstream,
e.g.,
inspection on an assembly line.
Answer (C) is correct. A feedback control operates to provide
information about
processes that have already occurred.
Answer (D) is incorrect. Feedforward (preliminary) controls
anticipate and avoid
future performance problems, e.g., budgeting.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 135
Printed for Sanja Knezevic
[250] Gleim #: 3.2.19
The internal audit activity of an organization is an integral part of the
organization’s
risk management, control, and governance processes because it
evaluates and
contributes to the improvement of those processes. Select the type
of control provided
when the internal audit activity conducts a systems development
analysis.
A. Feedback control.
B. Strategic plans.
C. Policies and procedures.
D. Feedforward control.
Answer (A) is incorrect. A feedback control provides information on
the results
of a completed activity.
Answer (B) is incorrect. Strategic plans are developed by senior
management to
provide long-range guidance for the organization.
Answer (C) is incorrect. Policies and procedures are developed by
management.
They are the most basic control subsystem of an organization.
Answer (D) is correct. A feedforward control provides information on
potential
problems so that corrective action can be taken in anticipation, rather
than as a
result, of a problem.
[251] Gleim #: 3.2.20
Of the following, the controls that are often difficult for internal
auditors to evaluate
because of the lack of criteria or standards are
A. Preventive controls.
B. Financial controls.
C. Corrective controls.
D. Operating controls.
Answer (A) is incorrect. Preventive controls keep loss exposures
from occurring.
They include not only operating controls but also those for which
quantifiable
standards are readily determined.
Answer (B) is incorrect. Financial controls, e.g., a budget, are
subject to
quantifiable standards that are relatively easy to measure.
Answer (C) is incorrect. Corrective controls are post-detection or
remedial
controls. They may include controls for which standards are easily
defined, such
as financial controls.
Answer (D) is correct. Operating controls are those used in the
management
processes of directing and controlling and are based on comparison
of results with
standards. As an activity becomes less mechanical, however,
standards become
more difficult to determine. Control standards for security, for
example, are less
easily developed than for the output per hour of a machine because
the degree of
security achieved is not readily measurable.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 136
Printed for Sanja Knezevic
fb.com/ciaaofficial
[252] Gleim #: 3.2.21
Which of the following operating controls relate to the organizing
function?
Formal procedures for selecting potential A. suppliers.
Procedures providing for clear levels of purchase order approvals
based on the
value of the requisition.
B.
C. Written objectives and goals for the department.
D. Timely materials reporting to buyers.
Answer (A) is incorrect. Establishing procedures is a function of
planning, which
is the determination of how an individual activity is to be done.
Answer (B) is correct. Organizing is the intentional design and
structuring of
tasks and roles to accomplish organizational goals. An arrangement
that requires
purchases of greater value to be authorized at higher management
levels is an
example of an organizational control.
Answer (C) is incorrect. Establishing objectives and goals is also a
planning
function.
Answer (D) is incorrect. Provision of timely information is a control
function.
[253] Gleim #: 3.2.22
Which of the following is an operating control relating to
management’s directing
function?
Informing purchasing personnel of the future need for long-lead-time
products in
ample time.
A.
Supplying buyers with timely, accurate, and useful reports on
products received,
accepted, or rejected.
B.
C. Prescribing formal procedures for selecting potential suppliers.
D. Establishing measurable goals for the department.
Answer (A) is correct. Directing is the process of motivating people
in an
organization to contribute effectively and efficiently to the
achievement of the
entity’s objectives and goals. Of the controls listed, only the timely
sharing of
scheduling information with purchasing personnel fits this
description.
Answer (B) is incorrect. Providing timely feedback relates to the
control function,
not the directing function.
Answer (C) is incorrect. Prescribing formal procedures for selecting
potential
suppliers is a part of the planning function, not the directing function.
Answer (D) is incorrect. Establishing measurable goals for the
department is a
part of the planning function, not the directing function.
[254] Gleim #: 3.2.23
Which of the following is not a type of control?
A. Preventive.
B. Reactive.
C. Detective.
D. Directive.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 137
Printed for Sanja Knezevic
Answer (A) is incorrect. Controls may be preventive.
Answer (B) is correct. Controls may be preventive (to deter
undesirable events from
occurring), detective (to detect and correct undesirable events which
have occurred), or
directive (to cause or encourage a desirable event to occur).
“Reactive” is not a
specified type of control. However, controls may be reactive in the
sense that they
detect an undesirable event and react to it or correct it.
Answer (C) is incorrect. Controls may be detective.
Answer (D) is incorrect. Controls may be directive.
[255] Gleim #: 3.2.24
An adequate and effective system of internal control provides
reasonable assurance
that objectives will be achieved. Controls may be preventive,
detective, or directive.
Which of the following is a detective control for the procurement
function?
Goods received are counted and compared with quantities on
purchase order and
receiving reports.
A.
The procurement function is organizationally separate from receiving,
disbursing,
and accounting.
B.
Review and approval of each procurement action is required prior to
the final
issuance of a purchase order.
C.
Prenumbered standard purchase order forms include all relevant
terms required to
be used in all applicable instances.
D.
Answer (A) is correct. Detective controls are designed to detect and
correct
undesirable events that have occurred. Accounting for all goods
received and
comparing quantities on purchase orders and receiving reports is an
example.
Answer (B) is incorrect. Segregation of duties is a preventive
control. Preventive
controls deter undesirable events from occurring.
Answer (C) is incorrect. Review and approval of each procurement
action is a
preventive control.
Answer (D) is incorrect. Using prenumbered standard purchase
order forms is a
preventive control.
[256] Gleim #: 3.2.25
When a copy of the sale invoice is not received by an organization’s
shipping
department, an employee requests the document from the proper
authority. This
process is a(n)
Directive, A. detective control.
B. Passive, mitigating control.
C. Active, detective control.
D. Detective, preventive control.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 138
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The control is detective, but it is not
directive. A directive
control causes or encourages a desirable event to occur.
Answer (B) is incorrect. The control is neither passive nor mitigating.
It is detected by
the clerk in a conscious effort to maintain proper documentation.
Moreover, a
mitigating (compensating) control is used when other controls are not
feasible, for
example, supervisory review when segregation of duties is absent.
Answer (C) is correct. When shipping documents are not received in
the shipping
department (such as copies of the sales invoice, customer order
form, and bill of
lading), the clerk should attempt to obtain the proper documentation
from the
originating organization. This type of control is detective because it
detects and
attempts to correct an undesirable event that has occurred. It is also
active because it
takes a conscious intervention by the clerk to ensure the
documentation is received.
Answer (D) is incorrect. The control is not preventive. It does not
deter an undesirable
event.
[257] Gleim #: 3.2.26
Which of the following is a feedback control?
Preventive A. maintenance.
B. Inspection of completed goods.
C. Close supervision of production-line workers.
D. Measuring performance against a standard.
Answer (A) is incorrect. Preventive maintenance is a feedforward
control. It
attempts to anticipate and prevent problems.
Answer (B) is correct. Feedback controls obtain information about
completed
activities. They permit improvement in future performance by
learning from past
mistakes. Thus, corrective action occurs after the fact. Inspection of
completed
goods is an example of a feedback control.
Answer (C) is incorrect. The close supervision of production-line
workers is a
concurrent control. It adjusts an ongoing process.
Answer (D) is incorrect. Measuring performance against a standard
is a general
aspect of control.
[258] Gleim #: 3.3.27
An adequate system of internal controls is most likely to detect a
fraud perpetrated by
a
A. Group of employees in collusion.
B. Single employee.
C. Group of managers in collusion.
D. Single manager.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 139
Printed for Sanja Knezevic
Answer (A) is incorrect. A group has a better chance of successfully
perpetrating a
fraud than does an individual employee.
Answer (B) is correct. Segregation of duties and other control
processes serve to
prevent or detect a fraud committed by an employee acting alone.
One employee may
not have the ability to engage in wrongdoing or may be subject to
detection by other
employees in the course of performing their assigned duties.
However, collusion may
circumvent controls. For example, comparison of recorded
accountability for assets
with the assets known to be held may fail to detect fraud if persons
having custody of
assets collude with recordkeepers.
Answer (C) is incorrect. Management can override controls.
Answer (D) is incorrect. Even a single manager may be able to
override controls.
[259] Gleim #: 3.3.28
An organization has grown rapidly and has just automated its human
resource system.
The organization has developed a large database that tracks
employees, employee
benefits, payroll deductions, job classifications, ethnic code, age,
insurance, medical
protection, and other similar information. Management has asked the
internal audit
activity to review the new system. The automated system contains a
table of pay rates
matched with the employee job classifications. The best control to
ensure that the table
is updated correctly for only valid pay changes is to
Limit access to the data table to management and line supervisors
who have the
authority to determine pay rates.
A.
Require a supervisor in the department, who does not have the
ability to change
the table of pay rates, to compare the changes with a signed
management
authorization.
B.
Ensure that adequate edit and reasonableness checks are built into
the automated
system.
C.
Require that all pay changes be signed by the employee to verify that
the change
goes to a bona fide employee.
D.
Answer (A) is incorrect. Access to the database should be severely
restricted to
personnel within the human resources or payroll departments.
Answer (B) is correct. To maintain a proper segregation of duties,
changes in pay
rates should be authorized by someone outside the human
resources department.
Furthermore, authorization should be independently verified by an
individual who
does not have a recording function.
Answer (C) is incorrect. Edit checks will not detect unauthorized
changes.
Answer (D) is incorrect. The control must ensure that changes in the
table of pay
rates are properly authorized and entered into the system.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 140
Printed for Sanja Knezevic
fb.com/ciaaofficial
[260] Gleim #: 3.3.29
An organization has grown rapidly and has just automated its human
resource system.
The organization has developed a large database that tracks
employees, employee
benefits, payroll deductions, job classifications, ethnic code, age,
insurance, medical
protection, and other similar information. Management has asked the
internal audit
activity to review the new system. An employee in the payroll
department is
contemplating a fraud involving the addition of a fictitious employee
and the entry of
fictitious hours worked. The paycheck would then be sent to the
payroll employee’s
home address. The most effective control procedure to prevent this
type of fraud is to
require that
A report of all new employees added be approved by someone
outside of the
payroll department. Also, a report showing all employees and hours
worked
should be sent to the supervisor’s department for review.
A.
All new employees and their hours worked be entered by the human
resources
department.
B.
All changes to employee records be approved by supervisors outside
of both
human resources and payroll.
C.
The payroll department physically delivers paychecks to employees
rather than
mailing them.
D.
Answer (A) is correct. The payroll department has a recording
function. It should
not authorize pay rate changes or the addition or deletion of
employees from the
payroll. Accordingly, authorization of such changes should be made
by an
individual outside the department. Verification of payroll data should
also be
made outside the department. Proper segregation of duties is critical
in the
prevention of payroll fraud.
Answer (B) is incorrect. The entry of new employees and their hours
should be
segregated. The human resources department should not be
responsible for both
activities.
Answer (C) is incorrect. Approving changes in existing employee
records does
not prevent the fraud of entering a fictitious employee.
Answer (D) is incorrect. Physical delivery of paychecks does not
prevent the
payroll employee from withholding the fictitious employee’s check.
Moreover, a
department with a recording function should not have an asset
custody function.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 141
Printed for Sanja Knezevic
[261] Gleim #: 3.3.30
An organization has grown rapidly and has just automated its human
resource system.
The organization has developed a large database that tracks
employees, employee
benefits, payroll deductions, job classifications, ethnic code, age,
insurance, medical
protection, and other similar information. Management has asked the
internal audit
activity to review the new system. Human resources and payroll are
separate
departments. Which of the following combinations provides the best
segregation of
duties?
Human resources adds employees, payroll processes hours, and
human resources
delivers the paychecks to employees.
A.
Human resources adds employees, reviews and submits payroll
hours to payroll
for processing, and delivers paychecks to employees.
B.
Human resources adds employees, and payroll processes hours and
enters
employee bank account numbers. Paychecks are automatically
deposited in the
employee’s bank account.
C.
Payroll adds employees and enters employees’ bank account
numbers but
processes hours only as approved by human resources. Paychecks
are
automatically deposited in the employee’s bank account.
D.
Answer (A) is incorrect. The human resources department should
not add
employees and deliver paychecks. These two duties should be
segregated.
Answer (B) is incorrect. The functions are all performed by human
resources.
There is no segregation of duties.
Answer (C) is correct. The functions of transaction authorization and
recording
should be segregated to minimize opportunities for fraud.
Furthermore, automatic
check deposit reduces asset custody risk.
Answer (D) is incorrect. Payroll is adding employees and processing
hours.
These two duties should be performed by different departments.
[262] Gleim #: 3.3.31
Internal control should follow certain basic principles to achieve its
objectives. One of
these principles is the segregation of functions. Which one of the
following examples
does not violate the principle of segregation of functions?
The treasurer has the authority to sign checks but gives the signature
block to the
assistant treasurer to run the check-signing machine.
A.
The warehouse clerk, who has the custodial responsibility over
inventory in the
warehouse, may authorize disposal of damaged goods.
B.
The sales manager has the responsibility to approve credit and the
authority to
write off accounts.
C.
The department time clerk is given the undistributed payroll checks
to mail to
absent employees.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 142
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. The treasurer’s department should have
custody of assets but
should not authorize or record transactions. Because the assistant
treasurer reports to
the treasurer, the treasurer is merely delegating an assigned duty
related to asset
custody.
Answer (B) is incorrect. Authorization to dispose of damaged goods
could be used to
cover thefts of inventory for which the warehouse clerk has custodial
responsibility.
Transaction authorization is inconsistent with asset custody.
Answer (C) is incorrect. The sales manager could approve credit to
a controlled
organization and then write off the account as a bad debt. The sales
manager’s
authorization of credit is inconsistent with his/her indirect access to
assets.
Answer (D) is incorrect. The time clerk could conceal the
termination of an employee
and retain that employee’s paycheck. Recordkeeping is inconsistent
with asset custody.
[263] Gleim #: 3.3.32
Upon receipt of purchased goods, receiving department personnel
match the quantity
received with the packing slip quantity and mark the retail price on
the goods based on
a master price list. The annotated packing slip is then forwarded to
inventory control
and goods are automatically moved to the retail sales area. The most
significant
control strength of this activity is
Immediately pricing goods A. for retail sale.
B. Matching quantity received with the packing slip.
C. Using a master price list for marking the sale price.
D. Automatically moving goods to the retail sales area.
Answer (A) is incorrect. Timing is not as important as the accuracy
of prices.
Answer (B) is incorrect. Matching quantity received with the packing
slip does
not ensure receipt of the quantity ordered.
Answer (C) is correct. Use of the master price list ensures that the
correct retail
price is marked.
Answer (D) is incorrect. Goods may or may not be needed in retail
sales.
[264] Gleim #: 3.3.33
The manager of a production line has the authority to order and
receive replacement
parts for all machinery that requires periodic maintenance. The
internal auditor
received an anonymous tip that the manager ordered substantially
more parts than
were necessary from a family member in the parts supply business.
The unneeded
parts were never delivered. Instead, the manager processed
receiving documents and
charged the parts to machinery maintenance accounts. The
payments for the
undelivered parts were sent to the supplier, and the money was
divided between the
manager and the family member. Which of the following internal
controls would have
most likely prevented this fraud from occurring?
Establishing predefined spending levels for all vendors during the
bidding
process.
A.
B. Segregating the receiving function from the authorization of parts
purchases.
C. Comparing the bill of lading for replacement parts to the approved
purchase order.
Using the company’s inventory system to match quantities requested
with
quantities received.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 143
Printed for Sanja Knezevic
Answer (A) is incorrect. Predefined spending levels would probably
already include
the fraudulent amounts and would only limit the size of the fraud.
Answer (B) is correct. Segregating the parts authorization and
receiving functions
would have improved internal control. If the parts in question had
been sent to the
company and a receiving report had been prepared by an employee
other than the one
ordering the goods, the fraud could not have occurred. Moreover, the
receiving
department should not accept goods unless it has a blind copy of a
properly approved
purchase order for the items.
Answer (C) is incorrect. The bill of lading would agree with the
purchase order. The
quantity received (verified by a third party) should be compared to
both the bill of
lading and the purchase order.
Answer (D) is incorrect. The computer matching would only verify
the fraudulent
paperwork.
[265] Gleim #: 3.3.34
Which one of the following is most likely to be considered an internal
control
weakness?
The petty cash custodian has the ability to steal petty cash.
Documentation for all
disbursements from the fund must be submitted with the request for
replenishment
of the fund.
A.
An inventory control clerk at a manufacturing plant has the ability to
steal one
completed television set from inventory a year. The theft probably will
never be
detected.
B.
An accounts receivable clerk, who approves sales returns and
allowances, receives
customer remittances and deposits them in the bank. Limited
supervision is
maintained over the employee.
C.
A clerk in the invoice processing department fails to match a
vendor’s invoice
with its related receiving report. Checks are not signed unless all
appropriate
documents are attached to a voucher.
D.
Answer (A) is incorrect. The requirement for documentation will
reveal a theft
when the fund is reimbursed unless the documents can be falsified.
Answer (B) is incorrect. The amount involved is probably not
material.
Answer (C) is correct. Segregation of duties among key functions is
an important
control procedure. An accounts receivable clerk who is permitted to
approve sales
returns and allowances and also receive customer remittances could
misappropriate funds received and cover the shortage by debiting
sales returns and
allowances. Limited supervision is insufficient to compensate for lack
of
segregation of duties.
Answer (D) is incorrect. The requirement for documentation will
uncover the
oversight.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 144
Printed for Sanja Knezevic
fb.com/ciaaofficial
[266] Gleim #: 3.3.35
One characteristic of an effective internal control structure is the
proper segregation of
duties. The combination of responsibilities that would not be
considered a violation of
segregation of functional responsibilities is
Signing of paychecks and custody of blank A. payroll checks.
B. Preparation of paychecks and check distribution.
C. Approval of time cards and preparation of paychecks.
D. Timekeeping and preparation of payroll journal entries.
Answer (A) is incorrect. Persons with recordkeeping but not custody
of assets
responsibilities should have access to blank checks, while the duty of
signing
checks (custodianship) should be assigned to persons (e.g., the
treasurer) with no
recordkeeping function.
Answer (B) is incorrect. Payroll preparation and payment to
employees should be
segregated since they are incompatible recordkeeping and
custodianship functions.
Answer (C) is incorrect. Approval of time cards is an authorization
function that
is incompatible with the recordkeeping function of preparation of
paychecks.
Answer (D) is correct. Combining the timekeeping function and the
preparation
of the payroll journal entries would not be improper because the
employee has no
access to assets or to employee records in the human resources
department. Only
through collusion could an embezzlement be perpetrated.
Accordingly, the
functions of authorization, recordkeeping, and custodianship remain
separate.
[267] Gleim #: 3.3.36
An internal auditor noted that the accounts receivable department is
separate from
other accounting activities. Credit is approved by a separate credit
department. Control
accounts and subsidiary ledgers are balanced monthly. Similarly,
accounts are aged
monthly. The accounts receivable manager writes off delinquent
accounts after 1 year,
or sooner if a bankruptcy or other unusual circumstances are
involved. Credit
memoranda are prenumbered and must correlate with receiving
reports. Which of the
following areas could be viewed as an internal control weakness of
the above
organization?
A. Write-offs of delinquent accounts.
B. Credit approvals.
C. Monthly aging of receivables.
D. Handling of credit memos.
Answer (A) is correct. The accounts receivable manager has the
ability to
perpetrate irregularities because (s)he performs incompatible
functions.
Authorization and recording of transactions should be separate.
Thus, someone
outside the accounts receivable department should authorize writeoffs.
Answer (B) is incorrect. Credit approval is an authorization function
that is
properly segregated from the recordkeeping function.
Answer (C) is incorrect. Monthly aging is appropriate.
Answer (D) is incorrect. The procedures regarding credit
memoranda are
standard controls.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 145
Printed for Sanja Knezevic
[268] Gleim #: 3.3.37
Which of the following controls would prevent the ordering of
quantities in excess of
an organization’s needs?
Review of all purchase requisitions by a supervisor in the user
department prior to
submitting them to the purchasing department.
A.
Automatic reorder by the purchasing department when low inventory
level is
indicated by the system.
B.
A policy requiring review of the purchase order before receiving C. a
new shipment.
A policy requiring agreement of the receiving report and packing slip
before
storage of new receipts.
D.
Answer (A) is correct. Supervisory review at the originating
department level is
one means of control over the number of items ordered. This control
is an
example of the segregation of duties. Authorization should be
separate from
recordkeeping and asset custody.
Answer (B) is incorrect. Automatic reordering does not consider
future plans,
which could lead to purchases of excess material.
Answer (C) is incorrect. Review of the purchase order before
receiving a new
shipment is a control for the risk of accepting unordered goods.
Answer (D) is incorrect. A policy requiring agreement of the
receiving report and
packing slip before storage of new receipts is a control over the risk
of receiving
an amount other than that ordered.
[269] Gleim #: 3.3.38
Which of the following describes the most effective preventive control
to ensure
proper handling of cash receipt transactions?
Have bank reconciliations prepared by an employee not involved
with cash
collections and then have them reviewed by a supervisor.
A.
One employee issues a prenumbered receipt for all cash collections;
another
employee reconciles the daily total of prenumbered receipts to the
bank deposits.
B.
C. Use predetermined totals (hash totals) of cash receipts to control
posting routines.
The employee who receives customer mail receipts prepares the
daily bank
deposit, which is then deposited by another employee.
D.
Answer (A) is incorrect. The bank reconciliation is a detective, not a
preventive,
control.
Answer (B) is correct. Sequentially numbered receipts should be
issued to
maintain accountability for cash collected. Such accountability should
be
established as soon as possible because cash has a high inherent
risk. Daily cash
receipts should be deposited intact so that receipts and bank
deposits can be
reconciled. The reconciliation should be performed by someone
independent of
the cash custody function.
Answer (C) is incorrect. Use of hash totals is a control over the
completeness of
posting routines, not cash receipts.
Answer (D) is incorrect. A cash remittance list should be prepared
before a
separate employee prepares the bank deposit. The list and deposit
represent
separate records based on independent counts made by different
employees.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 146
Printed for Sanja Knezevic
fb.com/ciaaofficial
[270] Gleim #: 3.3.39
Checks from customers are received in the organization’s mail room
each day. What
controls should be in place to safeguard them?
Establishing a separate post office box for A. customer payments.
B. Forwarding all checks to the cashier upon receipt.
C. Requiring a specific mail clerk to list and restrictively endorse
each check.
D. Providing bonding protection for mail clerks.
Answer (A) is incorrect. Requiring a specific mail clerk to list and
restrictively
endorse each check provides more protection than establishing a
separate post
office box for customer payments.
Answer (B) is incorrect. The same person should not both receive
and deposit
checks.
Answer (C) is correct. An employee who does not have access to
other records
should open the mail and prepare a list of checks received. The
check listing will
later be reconciled with the daily bank deposit and entries to
accounts receivable.
A restrictive endorsement (“for deposit only”) will put transferees on
notice to act
accordingly (that is, deposit the check in the organization’s account).
Answer (D) is incorrect. Bonding insures against, but does not
directly prevent,
losses.
[271] Gleim #: 3.3.40
Which of the following activities performed by a payroll clerk is a
control weakness
rather than a control strength?
A. Has custody of the check signature stamp machine.
B. Prepares the payroll register.
C. Forwards the payroll register to the chief accountant for approval.
D. Draws the paychecks on a separate payroll checking account.
Answer (A) is correct. Payroll checks should be signed by the
treasurer, i.e., by
someone who is not involved in timekeeping, recordkeeping, or
payroll
preparation. The payroll clerk performs a recordkeeping function.
Answer (B) is incorrect. Preparing the payroll register is one of the
recordkeeping
tasks of the payroll clerk.
Answer (C) is incorrect. The payroll register should be approved by
an officer of
the organization. This control is a strength.
Answer (D) is incorrect. Paychecks should be drawn on a separate
payroll
checking account. This control is a strength.
[272] Gleim #: 3.3.41
The internal auditor recognizes that certain limitations are inherent in
any system of
internal controls. Which one of the following scenarios is the result of
an inherent
limitation of internal control?
A. The comptroller both makes and records cash deposits.
A security guard allows one of the warehouse employees to remove
assets from
the premises without authorization.
B.
C. The organization sells to customers on account, without credit
approval.
An employee who is unable to read is assigned custody of the
organization’s
computer tape library and run manuals that are used during the third
shift.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 147
Printed for Sanja Knezevic
Answer (A) is incorrect. Segregating the functions of recording and
asset custody is
customary. That the comptroller both makes and records cash
deposits is an avoidable
control weakness.
Answer (B) is correct. Inherent limitations in internal control arise
from mistakes in
judgment, misunderstandings of instructions, personnel
carelessness, distraction,
fatigue, collusion, perpetrations by management, changing
conditions, and
deterioration of degrees of compliance. Thus, a control (use of
security guards) based
on segregation of functions may be overcome by collusion among
two or more
employees.
Answer (C) is incorrect. Transactions can and should be authorized
before execution.
The security guard’s failure to obtain authorization for removal of
assets is an
avoidable control weakness.
Answer (D) is incorrect. Assignment of an unqualified employee is
an avoidable
control weakness.
[273] Gleim #: 3.3.42
One payroll engagement objective is to determine whether
segregation of duties is
proper. Which of the following activities is incompatible?
Hiring employees and authorizing changes A. in pay rates.
B. Preparing the payroll and filing payroll tax forms.
C. Signing and distributing payroll checks.
D. Preparing attendance data and preparing the payroll.
Answer (A) is incorrect. Hiring employees and authorizing changes
in pay rates
are both personnel functions.
Answer (B) is incorrect. Preparing the payroll and filing payroll tax
forms are
both functions of the payroll department.
Answer (C) is incorrect. Proper treasury functions include signing
and
distributing payroll checks.
Answer (D) is correct. Attendance data are accumulated by the
timekeeping
function. Preparing the payroll is a payroll department function. For
control
purposes, these two functions should be separated to avoid the
perpetration and
concealment of irregularities.
[274] Gleim #: 3.3.43
Which of the following observations made during the preliminary
survey of a local
department store’s disbursement cycle reflects a control strength?
Individual department managers use prenumbered forms to order
merchandise
from vendors.
A.
The receiving department is given a copy of the purchase order
complete with a
description of goods, quantity ordered, and extended price for all
merchandise
ordered.
B.
The treasurer’s office prepares checks for suppliers based on
vouchers prepared by
the accounts payable department.
C.
Individual department managers are responsible for the movement of
merchandise
from the receiving dock to storage or sales areas as appropriate.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 148
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The managers should submit purchase
requisitions to the
purchasing department. The purchasing function should be separate
from operations.
Answer (B) is incorrect. To encourage a fair count, the receiving
department should
receive a copy of the purchase order from which the quantity has
been omitted.
Answer (C) is correct. Accounting for payables is a recording
function. The matching
of the supplier’s invoice, the purchase order, and the receiving report
(and usually the
purchase requisition) should be the responsibility of the accounting
department. These
are the primary supporting documents for the payment voucher
prepared by the
accounts payable section that will be relied upon by the treasurer in
making payment.
Answer (D) is incorrect. The receiving department should transfer
goods directly to
the storeroom to maintain security. A copy of the receiving report
should be sent to the
storeroom so that the amount stored can be compared with the
amount in the report.
[275] Gleim #: 3.3.44
Which of the following controls would help prevent overpaying a
vendor?
Reviewing and canceling supporting documents when A. a check is
issued.
B. Requiring the check signer to mail the check directly to the vendor.
C. Reviewing the accounting distribution for the expenditure.
D. Approving the purchase before ordering from the vendor.
Answer (A) is correct. Reviewing and canceling the supporting
documents
prevents paying a vendor twice for the same purchase. If the person
who signs the
check cancels the required documents, they cannot be recycled in
support of a
duplicate payment voucher. Securing the paid voucher file from
access by the
accounts payable clerk is another effective control.
Answer (B) is incorrect. Requiring the check signer to mail the
check directly to
the vendor would prevent the check from being misappropriated.
Answer (C) is incorrect. Reviewing the accounting distribution for
the
expenditure would ensure that the expenditure is debited to the
proper account(s).
Answer (D) is incorrect. Approving the purchase before ordering
from the vendor
would ensure that only authorized purchases are made.
[276] Gleim #: 3.3.45
A receiving department receives copies of purchase orders for use in
identifying and
recording inventory receipts. The purchase orders list the name of
the vendor and the
quantities of the materials ordered. A possible error that this system
could allow is
A. Payment to unauthorized vendors.
B. Payment for unauthorized purchases.
C. Overpayment for partial deliveries.
D. Delay in recording purchases.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 149
Printed for Sanja Knezevic
Answer (A) is incorrect. Comparing receipts with purchase orders
will help detect
unauthorized vendors.
Answer (B) is incorrect. Comparing receipts with purchase orders
will help detect
unauthorized purchases.
Answer (C) is correct. To ensure a fair count, the copy of the
purchase order sent to
the receiving clerk should not include quantities. The receiving clerk
should count the
items in the shipment and prepare a receiving report. Copies are
sent to inventory
control and accounts payable.
Answer (D) is incorrect. Using purchase orders to identify receipts
will not cause a
delay in recording purchases.
[277] Gleim #: 3.3.46
Which of the following situations will cause an internal auditor to
question the
adequacy of controls over a purchasing function?
The original and one copy of the purchase order are mailed to the
vendor. The
copy on which the vendor acknowledges acceptance is returned to
the purchasing
department.
A.
Receiving reports are forwarded to purchasing where they are
matched with
purchase orders and sent to accounts payable.
B.
The accounts payable section prepares documentation C. for
payments.
Unpaid voucher files and perpetual inventory records are
independently
maintained.
D.
Answer (A) is incorrect. This practice ensures accurate
communication.
Answer (B) is correct. Purchasing and receiving should be
organizationally
independent. Moreover, comparing the purchase order and the
receiving report
should be the responsibility of a third person. Fraud perpetrated by a
purchasing
department employee could be concealed if (s)he is the first to obtain
the
receiving report.
Answer (C) is incorrect. Accounts payable may prepare
documentation but
should not sign checks.
Answer (D) is incorrect. Separately maintaining unpaid vouchers
and perpetual
inventory records is acceptable.
[278] Gleim #: 3.3.47
Which of the following ensures that all inventory shipments are billed
to customers?
Shipping documents are prenumbered and are independently
accounted for and
matched with sales invoices.
A.
Sales invoices are prenumbered and are independently accounted
for and traced to
the sales journal.
B.
Duties for recording sales transactions and maintaining customer
account balances
are separated.
C.
D. Customer billing complaints are investigated by the controller’s
office.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 150
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Shipping documents are prepared at the time
of shipment. They
are prenumbered to facilitate detection of unrecorded shipments. A
gap in the sequence
of documents may indicate an irregularity. An employee outside the
shipping
department should account for these documents. Sales invoices are
generated by the
organization’s computer system at the same time as the shipping
documents and
should have the same numbers. Thus, every shipping document
should be matched
with a sales invoice to ensure proper billing.
Answer (B) is incorrect. Accounting for sales invoices alone does
not prevent or
detect unbilled shipments.
Answer (C) is incorrect. Segregating the duties for recording sales
transactions and
maintaining customer accounts does not ensure that all shipments
are invoiced.
Answer (D) is incorrect. Customers who are not billed may not notify
the
organization.
[279] Gleim #: 3.3.48
If internal control is well designed, two tasks that should be
performed by different
persons are
Approval of bad debt write-offs, and reconciliation of the accounts
payable
subsidiary ledger and controlling account.
A.
Distribution of payroll checks and approval of sales B. returns for
credit.
Posting of amounts from both the cash receipts journal and cash
payments journal
to the general ledger.
C.
D. Recording of cash receipts and preparation of bank
reconciliations.
Answer (A) is incorrect. There is no conflict between writing off bad
debts
(accounts receivable) and reconciling accounts payable, which are
liabilities.
Answer (B) is incorrect. Distribution of payroll checks and approval
of sales
returns are independent functions. People who perform such
disparate tasks are
unlikely to be able to perpetrate and conceal a fraud. In fact, some
organizations
use personnel from an independent function to distribute payroll
checks.
Answer (C) is incorrect. Posting both ledgers would cause no
conflict as long as
the individual involved did not have access to the actual cash. If a
person has
access to records but not the assets, no danger exists of
embezzlement without
collusion.
Answer (D) is correct. Recording of cash establishes accountability
for assets.
The bank reconciliation compares that recorded accountability with
actual assets.
The recording of cash receipts and preparation of bank
reconciliations should
therefore be performed by different individuals because the preparer
of a
reconciliation could conceal a cash shortage. For example, if a
cashier both
prepares the bank deposit and performs the reconciliation, (s)he
could embezzle
cash and conceal the theft by falsifying the reconciliation.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 151
Printed for Sanja Knezevic
[280] Gleim #: 3.3.49
Which one of the following situations represents an internal control
weakness in the
payroll department?
Payroll department personnel are rotated A. in their duties.
B. Paychecks are distributed by the employees’ immediate
supervisor.
C. Payroll records are reconciled with quarterly tax reports.
D. The timekeeping function is independent of the payroll
department.
Answer (A) is incorrect. Periodic rotation of payroll personnel
inhibits the
perpetration and concealment of fraud.
Answer (B) is correct. Paychecks should not be distributed by
supervisors
because an unscrupulous person could terminate an employee and
fail to report the
termination. The supervisor could then clock in and out for the
employee and keep
the paycheck. A person unrelated to either payroll recordkeeping or
the operating
department should distribute checks.
Answer (C) is incorrect. This analytical procedure may detect a
discrepancy.
Answer (D) is incorrect. Timekeeping should be independent of
asset custody
and employee records.
[281] Gleim #: 3.3.50
Which of the following activities represents both an appropriate
human resources
department function and a deterrent to payroll fraud?
A. Distribution of paychecks.
B. Authorization of overtime.
C. Authorization of additions and deletions from the payroll.
D. Collection and retention of unclaimed paychecks.
Answer (A) is incorrect. The treasurer should perform the asset
custody function
regarding payroll.
Answer (B) is incorrect. Authorizing overtime is a responsibility of
operating
management.
Answer (C) is correct. The payroll department is responsible for
assembling
payroll information (recordkeeping). The human resources
department is
responsible for authorizing employee transactions, such as hiring,
firing, and
changes in pay rates and deductions. Segregating the recording and
authorization
functions helps prevent fraud.
Answer (D) is incorrect. Unclaimed checks should be in the custody
of the
treasurer until they can be deposited in a special bank account.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 152
Printed for Sanja Knezevic
fb.com/ciaaofficial
[282] Gleim #: 3.3.51
An organization has computerized sales and cash receipts journals.
The computer
programs for these journals have been properly debugged. The
internal auditor
discovered that the total of the accounts receivable subsidiary
accounts differs
materially from the accounts receivable control account. This
discrepancy could
indicate
Credit memoranda being improperly A. recorded.
B. Receivables being lapped.
C. Receivables not being properly aged.
D. Statements being intercepted prior to mailing.
Answer (A) is correct. Sales returns and allowances require the
crediting of
accounts receivable. Thus, the recording of unauthorized credit
memoranda is one
explanation for the discrepancy if sales and cash receipts are
properly recorded.
Answer (B) is incorrect. Lapping entails the theft of cash receipts
and the use of
subsequent receipts to conceal the theft. The effect is to overstate
receivables, but
no difference between the control total and the total of subsidiary
amounts would
arise.
Answer (C) is incorrect. Aging does not involve accounting entries.
Answer (D) is incorrect. Interception of customer statements might
indicate
fraudulent receivables but would not cause the subsidiary ledger
discrepancy.
[283] Gleim #: 3.3.52
An internal auditor noted that several shipments were not billed. To
prevent recurrence
of such nonbilling, the organization should
Numerically sequence and independently account for all controlling
documents
(such as packing slips and shipping orders) when sales journal
entries are
recorded.
A.
B. Undertake a validity check with customers as to orders placed.
Release product for shipment only on the basis of credit approval by
the credit
manager or other authorized person.
C.
Undertake periodic tests of gross margin rates by product line and
obtain
explanations of significant departures from planned rates.
D.
Answer (A) is correct. The sequential numbering of documents
provides a
standard control over transactions. The numerical sequence should
be accounted
for by an independent party. A major objective is to detect
unrecorded and
unauthorized transactions.
Answer (B) is incorrect. This check would not prevent or detect
unrecorded and
unauthorized transactions.
Answer (C) is incorrect. Credit approval does not ensure billing.
Answer (D) is incorrect. Testing gross margin rates is an analytical
procedure, not
a preventive control.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 153
Printed for Sanja Knezevic
[284] Gleim #: 3.3.53
A preliminary survey of the purchasing function indicates that
Department managers initiate purchase requests that must be
approved by the
plant superintendent,
Purchase orders are typed by the purchasing department using
prenumbered and
controlled forms,
Buyers regularly update the official vendor listing as new sources of
supply
become known,
Rush orders can be placed with a vendor by telephone but must be
followed by a
written purchase order before delivery can be accepted, and
Vendor invoice payment requests must be accompanied by a
purchase order and
receiving report.
One possible fault of this system is that
Purchases could be made from a vendor controlled by a buyer at
prices higher than
normal.
A.
Unnecessary supplies can be purchased by department B.
managers.
C. Payment can be made for supplies not received.
Payment can be made for supplies received but not ordered by the
purchasing
department.
D.
Answer (A) is correct. A risk exposure typical of the purchasing
function is that
purchases may be made from vendors with respect to whom buyers
or other
employees have a conflict of interest. The result may be excessive
prices or
amounts, or poor quality of goods and services acquired.
Accordingly, additions to
the vendor file should be authorized at an appropriate level and not
by the buyers.
Similarly, bidders’ lists should be approved by supervisory personnel.
Answer (B) is incorrect. The requirement of a written purchase order
approved by
the plant superintendent is a satisfactory control to prevent
unnecessary purchases.
Answer (C) is incorrect. Payment is not made without a receiving
report.
Answer (D) is incorrect. Payment requests must be supported by an
approved
purchase order.
[285] Gleim #: 3.3.54
Management is concerned with the potential for unauthorized
changes in the payroll.
Which of the following is the proper organizational structure to
prevent such
unauthorized changes?
The payroll department maintains and authorizes all changes in the
personnel
records.
A.
The payroll department is supervised by the management of the
human resources
division.
B.
The payroll department’s functions are limited to maintaining the
payroll records,
distributing paychecks, and posting the payroll entries to the general
ledger.
C.
D. The personnel department authorizes the hiring and pay levels of
all employees.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 154
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The personnel department should be
responsible for these
functions.
Answer (B) is incorrect. The payroll and personnel departments
should be
independent.
Answer (C) is incorrect. The payroll department should not post the
payroll entries to
the general ledger or distribute the paychecks. These functions are
the responsibility of
the accounting department and the treasurer’s office, respectively.
Answer (D) is correct. The payroll department is responsible for
assembling payroll
information (recordkeeping). The personnel department is
responsible for authorizing
and executing employee transactions such as hiring, firing, and
changes in pay rates
and deductions. Segregating these functions helps prevent fraud.
Thus, the payroll for
each period should be compared with the active employment files of
the personnel
department.
[286] Gleim #: 3.3.55
In a well-designed internal control structure in which the cashier
receives remittances
from the mail room, the cashier should not
A. Endorse the checks.
B. Prepare the bank deposit slip.
C. Deposit remittances daily at a local bank.
D. Post the receipts to the accounts receivable subsidiary ledger
cards.
Answer (A) is incorrect. It is a part of the custodial function, which is
the primary
responsibility of a cashier.
Answer (B) is incorrect. It is a part of the custodial function, which is
the primary
responsibility of a cashier.
Answer (C) is incorrect. It is a part of the custodial function, which is
the primary
responsibility of a cashier.
Answer (D) is correct. The cashier is an assistant to the treasurer
and thus
performs an asset custody function. Individuals with custodial
functions should
not have access to the accounting records. If the cashier were
allowed to post the
receipts to the accounts receivable subsidiary ledger, an opportunity
for
embezzlement would arise that could be concealed by falsifying the
books.
[287] Gleim #: 3.3.56
Which one of the following situations represents an internal control
weakness in
accounts receivable?
A. Internal auditors confirm customer accounts periodically.
B. Delinquent accounts are reviewed only by the sales manager.
C. The cashier is denied access to customers’ records and monthly
statements.
D. Customers’ statements are mailed monthly by the accounts
receivable department.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 155
Printed for Sanja Knezevic
Answer (A) is incorrect. Periodic confirmation of accounts receivable
is an internal
control strength.
Answer (B) is correct. Internal control over accounts receivable
begins with a proper
segregation of duties. Hence, the cashier, who performs an asset
custody function,
should not be involved in recordkeeping. Accounts should be
periodically confirmed
by an auditor, and delinquent accounts should be reviewed by the
head of accounts
receivable and the credit manager. Customer statements should be
mailed monthly by
the accounts receivable department without allowing access to the
statements by
employees of the cashier’s department. The sales manager should
not be the only
person to review delinquent accounts because (s)he may have an
interest in not
declaring an account uncollectible.
Answer (C) is incorrect. An employee with asset-custody
responsibilities should not
have access to records for that asset.
Answer (D) is incorrect. Monthly account statements give customers
an opportunity to
complain about incorrect billings or missing payments.
[288] Gleim #: 3.3.57
Which one of the following situations represents a strength of internal
control for
purchasing and accounts payable?
Prenumbered receiving reports are A. issued randomly.
B. Invoices are approved for payment by the purchasing department.
C. Unmatched receiving reports are reviewed on an annual basis.
Vendors’ invoices are matched against purchase orders and
receiving reports
before a liability is recorded.
D.
Answer (A) is incorrect. Prenumbered receiving reports should be
issued
sequentially. A gap in the sequence may indicate an erroneous or
fraudulent
transaction.
Answer (B) is incorrect. Invoices should not be approved by
purchasing. That is
the job of the accounts payable department.
Answer (C) is incorrect. Annual review of unmatched receiving
reports is too
infrequent. More frequent attention is necessary to remedy
deficiencies in internal
control.
Answer (D) is correct. A voucher should not be prepared for
payment until the
vendor’s invoice has been matched against the corresponding
purchase order and
receiving report. This procedure provides assurance that a valid
transaction has
occurred and that the parties have agreed on the terms, such as
price and quantity.
[289] Gleim #: 3.3.58
To control purchasing and accounts payable, an information system
must include
certain source documents. For a manufacturing organization, these
documents should
include
A. Purchase orders, receiving reports, and vendor invoices.
B. Receiving reports and vendor invoices.
C. Purchase requisitions, purchase orders, receiving reports, and
vendor invoices.
Purchase requisitions, purchase orders, inventory reports of goods
needed, and
vendor invoices.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 156
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. A purchase requisition is also needed.
Answer (B) is incorrect. A purchase order and requisition are also
necessary.
Answer (C) is correct. Before ordering an item, the purchasing
department should
have on hand a purchase requisition reflecting an authorized request
by a user
department. Before a voucher is prepared for paying an invoice, the
accounts payable
department should have the purchase requisition, a purchase order
(to be certain the
items were indeed ordered), the vendor’s invoice, and a receiving
report (to be certain
the items were received).
Answer (D) is incorrect. A receiving report is needed.
[290] Gleim #: 3.3.59
Auditors document their understanding of internal control with
questionnaires,
flowcharts, and narrative descriptions. A questionnaire consists of a
series of questions
concerning controls that auditors consider necessary to prevent or
detect errors and
fraud. The most appropriate question designed to contribute to the
auditors’
understanding of the completeness of the expenditure (purchasespayables) cycle
concerns the
Internal verification of quantities, prices, and mathematical accuracy
of sales
invoices.
A.
Use and accountability of B. prenumbered checks.
C. Disposition of cash receipts.
D. Qualifications of accounting personnel.
Answer (A) is incorrect. Determination of proper amounts of sales
invoices
concerns the valuation assertion. Also, sales invoices are part of the
salesreceivables
(revenue) cycle.
Answer (B) is correct. A completeness assertion concerns whether
all
transactions and accounts that should be presented in the financial
statements are
so presented. The exclusive use of sequentially numbered
documents facilitates
control over expenditures. An unexplained gap in the sequence alerts
the auditor
to the possibility that not all transactions have been recorded. A
failure to use
prenumbered checks would therefore suggest a higher assessment
of control risk.
If a company uses prenumbered checks, it should be easy to
determine exactly
which checks were used during a period.
Answer (C) is incorrect. Cash receipts are part of the revenue cycle.
Answer (D) is incorrect. Consideration of the qualifications of
accounting
personnel is not a test of controls over the completeness of any
cycle. This
procedure is appropriate during the consideration of the control
environment.
[291] Gleim #: 3.3.60
The initiation of the purchase of materials and supplies would be the
responsibility of
the
A. Purchasing department.
B. Stores control department.
C. Inventory control department.
D. Production department.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 157
Printed for Sanja Knezevic
Answer (A) is incorrect. The purchasing department places orders
that have been
initiated and authorized by others.
Answer (B) is incorrect. The stores control department has custody
of materials; it
does not maintain inventory records.
Answer (C) is correct. The inventory control department would be
responsible for
initiating a purchase. It has access to the inventory records and
would therefore know
when stocks were getting low.
Answer (D) is incorrect. The production department manufactures
goods and obtains
materials from stores control.
[292] Gleim #: 3.3.61
Multiple copies of the purchase order are prepared for recordkeeping
and distribution
with a copy of the purchase order sent to the vendor and one
retained by the
purchasing department. In addition, for proper informational flow and
internal control
purposes, a version of the purchase order would be distributed to the
Accounts payable, receiving, and stores control A. departments.
B. Accounts payable, receiving, and inventory control departments.
C. Accounts payable, accounts receivable, and receiving
departments.
D. Accounts payable, receiving, and production planning
departments.
Answer (A) is incorrect. The stores control department does not
need to know
that a purchase has been initiated.
Answer (B) is correct. The accounts payable department should
receive a copy of
the purchase order for internal control purposes to ensure that all
invoices paid are
for properly authorized items. The receiving department should
receive a copy
(with the quantity omitted to encourage an honest count) so that its
employees will
know that incoming shipments were authorized and should be
accepted. In
addition, the department issuing the purchasing requisition (the
inventory control
department) should receive a copy as a notification that the order
has been placed.
Answer (C) is incorrect. The accounts receivable department does
not need a
copy.
Answer (D) is incorrect. The production planning department does
not need a
copy.
[293] Gleim #: 3.3.62
Organizational independence in the processing of payroll is achieved
by segregation of
functions that are built into the system. Which one of the following
functional
segregations is not required for internal control purposes?
A. Segregation of timekeeping from payroll preparation.
B. Segregation of personnel function from payroll preparation.
C. Segregation of payroll preparation and paycheck distribution.
D. Segregation of payroll preparation and maintenance of year-todate records.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 158
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Segregating timekeeping and payroll
preparation is an
effective control. It prevents one person from claiming that an
employee worked
certain hours and then writing a check to that employee. Payment to
an absent or
fictitious employee would therefore require collusion between two
employees.
Answer (B) is incorrect. Personnel should be separate from payroll.
The former
authorizes the calculation of the payroll by the latter.
Answer (C) is incorrect. Segregating paycheck preparation from
distribution makes it
more difficult for checks to be made out to fictitious employees.
Answer (D) is correct. Most companies have their payrolls prepared
by the same
individuals who maintain the year-to-date records. There is no need
for this
segregation of functions because both duties involve recordkeeping.
[294] Gleim #: 3.3.63
If employee paychecks are distributed by hand to employees, which
one of the
following departments should be responsible for the safekeeping of
unclaimed
paychecks?
A. Payroll department.
B. Timekeeping department.
C. Production department in which the employee works or worked.
D. Cashier department.
Answer (A) is incorrect. The payroll department was responsible for
causing the
check to be written.
Answer (B) is incorrect. The timekeeping department authorized
payment based
on a certain number of hours worked.
Answer (C) is incorrect. A production supervisor or fellow worker
has an
opportunity to intercept the check of a fictitious or terminated
employee.
Answer (D) is correct. The responsibility for unclaimed paychecks
should be
given to a department that has no opportunity to authorize or write
those checks.
Because the treasury function serves only an asset custody function
and thus has
had no input into the paycheck process, it is the logical repository of
unclaimed
checks.
[295] Gleim #: 3.3.64
Organizational independence is required in the processing of
customers’ orders in
order to maintain an internal control structure. Which one of the
following situations is
not a proper segregation of duties in the processing of orders from
customers?
A. Approval by credit department of a sales order prepared by the
sales department.
Shipping of goods by the shipping department that have been
retrieved from stock
by the finished goods storeroom department.
B.
Invoice preparation by the billing department and posting to
customers’ accounts
by the accounts receivable department.
C.
Approval of a sales credit memo because of a product return by the
sales
department with subsequent posting to the customer’s account by
the accounts
receivable department.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 159
Printed for Sanja Knezevic
Answer (A) is incorrect. Ensuring that a sales order is for a
legitimate, creditworthy
customer is a function of the credit department.
Answer (B) is incorrect. To maintain proper segregation of functions,
goods should be
pulled by the storeroom department and shipped by the shipping
department.
Answer (C) is incorrect. Invoice preparation and account updating
should be
performed by two different departments.
Answer (D) is correct. Allowing a sales department employee to
approve a credit
memo without a receiving report would be unacceptably risky. Sales
personnel could
overstate sales in one period and then reverse them in subsequent
periods. Thus, a copy
of the receiving report for returned goods should be sent to billing for
preparation of a
credit memo after approval by a responsible supervisor who is
independent of sales.
[296] Gleim #: 3.4.65
An organization’s directors, management, external auditors, and
internal auditors all
play important roles in creating a proper control environment. Senior
management is
primarily responsible for
Establishing a proper organizational culture and specifying a system
of internal
control.
A.
Designing and operating a control system that provides reasonable
assurance that
established objectives and goals will be achieved.
B.
Ensuring that external and internal auditors adequately monitor the
control
environment.
C.
Implementing and monitoring controls designed by the D. board of
directors.
Answer (A) is correct. Senior management is primarily responsible
for
establishing a proper organizational culture and specifying a system
of internal
control.
Answer (B) is incorrect. Senior management is not likely to be
involved in the
detailed design and day-to-day operation of a control system.
Answer (C) is incorrect. Management administers risk and control
processes. It
cannot delegate this responsibility to the external auditors or to the
internal audit
activity.
Answer (D) is incorrect. The board has oversight governance
responsibilities but
ordinarily does not become involved in the details of operations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 160
Printed for Sanja Knezevic
fb.com/ciaaofficial
[297] Gleim #: 3.4.66
The marketing department for a major retailer assigns separate
product managers for
each product line. Product managers are responsible for ordering
products and
determining retail pricing. Each product manager’s purchasing
budget is set by the
marketing manager. Products are delivered to a central distribution
center where goods
are segregated for distribution to the company’s 52 department
stores. Because
receipts are recorded at the distribution center, the company does
not maintain a
receiving function at each store. Product managers are evaluated on
a combination of
sales and gross profit generated from their product lines. Many
products are seasonal
and individual store managers can require that seasonal products be
removed to make
space for the next season’s products. Which of the following is a
control deficiency in
this situation?
The store manager can require items to be removed, thus affecting
the potential
performance evaluation of individual product managers.
A.
The product manager negotiates the purchase price and sets B. the
selling price.
Evaluating product managers by total gross profit generated by
product line will
lead to dysfunctional behavior.
C.
D. There is no receiving function located at individual stores.
Answer (A) is incorrect. Goods are seasonal, and store space is
limited. This is a
constraint that is consistent with maximizing revenue and profitability
for the
organization.
Answer (B) is incorrect. The product manager is evaluated based on
sales and
gross profit; thus, performing both of these duties is not a conflict.
Answer (C) is incorrect. Evaluating the product managers on gross
profit and
budgeted sales holds them accountable for profitability. This
approach is
consistent with their authority over ordering and pricing.
Answer (D) is correct. The receiving function verifies that the goods
received are
those actually sent by the shipper. Without this function being
performed at the
store, goods could be lost, pilfered, or simply sent to the wrong store
without it
being discovered.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 161
Printed for Sanja Knezevic
[298] Gleim #: 3.4.67
The marketing department for a major retailer assigns separate
product managers for
each product line. Product managers are responsible for ordering
products and
determining retail pricing. Each product manager’s purchasing
budget is set by the
marketing manager. Products are delivered to a central distribution
center where goods
are segregated for distribution to the company’s 52 department
stores. Because
receipts are recorded at the distribution center, the company does
not maintain a
receiving function at each store. Product managers are evaluated on
a combination of
sales and gross profit generated from their product lines. Many
products are seasonal
and individual store managers can require that seasonal products be
removed to make
space for the next season’s products. Requests for purchases
beyond those initially
budgeted must be approved by the marketing manager. This
procedure
Should provide for the most efficient allocation of scarce
organizational I. resources.
II. Is a detective control procedure.
III. Is unnecessary because each product manager is evaluated on
profit generated.
A. I only.
B. III only.
C. II and III only.
D. I, II, and III.
Answer (A) is correct. The organization has two scarce resources to
allocate: its
purchasing budget and the space available in its retail stores. The
marketing
manager is high enough in the organization to coordinate this
allocation. Allowing
individual product managers to approve their own requests to exceed
budget
would almost certainly result in misallocation. Thus, Item I is a valid
choice.
Item II is not a valid choice because the marketing manager asserts
his/her
authority before an unwanted event has taken place. Item III is not a
valid choice
because product managers may be tempted to commit the company
to buy more
product than it can finance. The marketing manager is in a position to
coordinate
these requests and reconcile them with the budget.
Answer (B) is incorrect. The gross profit evaluation is effective in
evaluating
product managers, but it does not necessarily restrain excess
spending.
Answer (C) is incorrect. Approval by the marketing manager is a
preventive
control, which deters undesirable events from occurring. A detective
control
detects and corrects undesirable events that have occurred. Also, the
gross profit
evaluation is effective only in evaluating the manager.
Answer (D) is incorrect. Approval by the marketing manager is a
preventive
control, which deters undesirable events from occurring. A detective
control
detects and corrects undesirable events that have occurred. Also, the
gross profit
evaluation is effective only in evaluating the manager.
[299] Gleim #: 3.4.68
Which of the following would minimize defects in finished goods
caused by poor
quality raw materials?
A. Documented procedures for the proper handling of work-inprocess inventory.
B. Required material specifications for all purchases.
C. Timely follow-up on all unfavorable usage variances.
D. Determination of the amount of spoilage at the end of the
manufacturing process.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 162
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Documented procedures for handling workin-process
inventory do not ensure that materials are of sufficient quality.
Answer (B) is correct. A preventive control is required in this
situation, i.e., one that
ensures an unwanted event does not take place. The most costeffective way of
achieving the goal is to keep poor quality raw materials from entering
the warehouse to
begin with. Of the controls listed, only required specifications will
accomplish this.
Answer (C) is incorrect. Follow-up on unfavorable usage variances
may lead to
detection and correction of use of substandard materials but does
not prevent or
minimize defects in products already processed.
Answer (D) is incorrect. Determination of spoilage after raw
materials have been used
in production is not a preventive control.
[300] Gleim #: 3.4.69
An internal auditor notes year-to-year increases for small tool
expense at a
manufacturing facility that has produced the same amount of
identical product for the
last 3 years. Production inventory is kept in a controlled staging area
adjacent to the
receiving dock, but the supply of small tools is kept in an
unsupervised area near the
exit to the plant employees’ parking lot. After determining that all of
the following
alternatives are equal in cost and are also feasible for local
management, the internal
auditor would best address the security issue by recommending that
plant management
Move the small tools inventory to the custody of the production
inventory staging
superintendent and implement the use of a special requisition to
issue small tools.
A.
Initiate a full physical inventory of small tools B. on a monthly basis.
Place supply of small tools in a secured area, install a key-access
card system for
all employees, and record each key-access transaction on a report
for the
production superintendent.
C.
Close the exit to the employee parking lot and require all plant
employees to use a
doorway by the receiving dock that also provides access to the plant
employees’
parking area.
D.
Answer (A) is correct. Minimizing the loss of assets requires a
preventive
control. Giving responsibility for custody of small tools to one
individual
establishes accountability. Requiring that requisitions be submitted
ensures that
their use is properly authorized.
Answer (B) is incorrect. A full physical inventory of small tools on a
monthly
basis is a periodic, detective control that is effective only in
determining the
amount of losses.
Answer (C) is incorrect. Placing small tools in a secured area,
installing a keyaccess
system, and recording access transactions are preventive and
detective
controls but do not record the amount of tools removed from the
inventory.
Answer (D) is incorrect. Closing the exit to the employee parking lot
does not
limit access to the small tools inventory.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 163
Printed for Sanja Knezevic
[301] Gleim #: 3.4.70
Which of the following control procedures does an internal auditor
expect to find
during an engagement to evaluate risk management and insurance?
Periodic internal review of the in-force list to evaluate the adequacy
of insurance
coverage.
A.
Required approval of all new insurance policies by the B.
organization’s CEO.
C. Policy of repetitive standard journal entries to record insurance
expense.
D. Cutoff procedures with regard to insurance expense reporting.
Answer (A) is correct. Obtaining insurance and periodically
reviewing its
adequacy are among management’s responses to the findings of a
risk assessment.
Insurance coverage should be sufficient to ensure that the relevant
assessed risks
are managed in accordance with the organization’s risk appetite.
Answer (B) is incorrect. CEO approval is an operational decision
ordinarily
delegated to a lower level manager.
Answer (C) is incorrect. A policy concerning standard journal entries
is an
accounting control, not a risk management and insurance control.
Answer (D) is incorrect. Cutoff procedures with regard to insurance
expense
reporting are an accounting control, not a risk management and
insurance control.
[302] Gleim #: 3.4.71
Which of the following is an operating control for a research and
development
department?
A. Research and development personnel are hired by the payroll
department.
B. Research and development expenditures are reviewed by an
independent person.
All research and development costs are charged to expense in
accordance with the
applicable accounting principles.
C.
The research and development budget is properly allocated between
new products,
product maintenance, and cost reduction programs.
D.
Answer (A) is incorrect. Only the human resources department
should be
responsible for hiring. A department responsible for recordkeeping
(e.g., payroll)
should not authorize transactions.
Answer (B) is incorrect. Reviewing monetary amounts is a financial
control.
Answer (C) is incorrect. Expensing R&D costs is an accounting
treatment rather
than a control.
Answer (D) is correct. Operating controls are those applicable to
production and
support activities. Because they may lack established criteria or
standards, they
should be based on management principles and methods. The
appropriate
allocation of R&D costs to new products, product maintenance, and
cost reduction
programs is an example. This is in contrast to the expensing of R&D
costs, which
is required by the rules of external financial reporting.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 164
Printed for Sanja Knezevic
fb.com/ciaaofficial
[303] Gleim #: 3.4.72
Obsolete or scrap materials are charged to a predefined project
number. The materials
are segregated into specified bin locations and eventually
transported to a public
auction for sale. To reduce the risks associated with this process, an
organization
should employ which of the following procedures?
Require managerial approval for materials to be declared I. scrap or
obsolete.
II. Permit employees to purchase obsolete or scrap materials prior to
auction.
III. Limit obsolete or scrap materials sales to a pre-approved buyer.
IV. Specify that a fixed fee, rather than a commission, be paid to the
auction firm.
A. II and III.
B. I only.
C. II and IV.
D. I, III, and IV.
Answer (A) is incorrect. Permitting employees to purchase obsolete
or scrap
materials prior to auction provides even more incentive for
misappropriation.
Limiting obsolete or scrap materials sales to a pre-approved buyer
does not
mitigate the risk of misappropriation before the materials are sold.
Moreover,
these procedures may be less effective than an auction for obtaining
the best price.
Answer (B) is correct. A preventive control is needed. Management
approval for
materials to be declared scrap or obsolete reduces the risk of
misappropriation.
Otherwise, materials may be more easily misclassified.
Answer (C) is incorrect. Permitting employees to purchase obsolete
or scrap
materials prior to auction provides even more incentive for
misappropriation.
Specifying that a commission be paid to the auction firm creates an
incentive to
maximize the organization’s return.
Answer (D) is incorrect. Limiting obsolete or scrap materials sales to
a preapproved
buyer does not mitigate the risk of misappropriation before the
materials
are sold. It also may be less effective than an auction for obtaining
the best price.
Specifying that a commission be paid to the auction firm creates an
incentive to
maximize the organization’s return.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 165
Printed for Sanja Knezevic
[304] Gleim #: 3.4.73
While performing analytical procedures related to an engagement
involving a social
services agency of a government entity, the internal auditor noted an
unusually large
increase in payments to individual recipients who are under the
direction of a
particular social worker in the agency. The internal auditor is
considering making a
recommendation about appropriate controls to address a potential
problem of fictitious
recipients. The internal auditor has identified the following control
procedures as
potential items to include in the recommendation.
Require that all additions to the recipient file be independently
investigated and
approved by a supervisor of the social workers.
I.
Require the use of self-checking digits on the account numbers of all
recipients so
that any duplicates will be immediately noted by the system.
II.
Incorporate a code into the computer program to search for duplicate
names and
addresses. Develop an exception report that will go to the section
supervisor
whenever duplicates are noted.
III.
Require that social workers be rotated IV. among recipients.
Which of the following control combinations would effectively address
the internal
auditor’s concerns and improve control over valid recipients?
A. I, II, III, and IV.
B. I, II, and III.
C. I and IV.
D. I, III, and IV.
Answer (A) is incorrect. Duplicate recipient account numbers are not
the risk in
this situation. The appropriate controls prevent or detect payments to
nonexistent
recipients that are sent to actual addresses under the social worker’s
control.
Answer (B) is incorrect. Duplicate recipient account numbers are not
the risk in
this situation. The appropriate controls prevent or detect payments to
nonexistent
recipients that are sent to actual addresses under the social worker’s
control.
However, rotating social workers among recipients may prevent or
detect fraud.
Answer (C) is incorrect. A programmed control that searches for and
reports
exceptions (e.g., duplicate names and addresses) detects payments
to multiple
recipients at a single or a few addresses.
Answer (D) is correct. A supervisory review of all additions to the
recipient file is
a detective control that alerts management to nonexistent recipients.
Once it
becomes widely understood that this review will always be
performed, it becomes
a preventive control. A programmed control that searches for and
reports
exceptions (e.g., duplicate names and addresses) detects payments
to multiple
recipients at a single or a few addresses. Rotating social workers
among recipients
may prevent or detect fraud. The probability of detection is greater
when the
wrongdoer’s opportunity to conceal fraud is reduced. However,
duplicate recipient
account numbers are not the risk in this situation. The appropriate
controls prevent
or detect payments to nonexistent recipients that are sent to actual
addresses under
the social worker’s control.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 166
Printed for Sanja Knezevic
fb.com/ciaaofficial
[305] Gleim #: 3.4.74
The most appropriate method to prevent fraud or theft during the
frequent movement
of trailers loaded with valuable metal scrap from the manufacturing
plant to the
organization’s scrap yard about 10 miles away would be to
Perform complete physical inventory of the scrap trailers before
leaving the plant
and upon arrival at the scrap yard.
A.
Require existing security guards to log the time of plant departure
and scrap yard
arrival. The elapsed time should be reviewed by a supervisor for
fraud.
B.
Use armed guards to escort the movement of the trailers from the
plant to the
scrap yard.
C.
Contract with an independent hauler for the D. removal of scrap.
Answer (A) is incorrect. Performing a complete physical inventory of
the scrap at
both locations would not be economically feasible.
Answer (B) is correct. Having the security guards record the times of
departure
and arrival is a cost-effective detective control because it entails no
additional
expenditures. Comparing the time elapsed with the standard time
allowed and
investigating material variances may detect a diversion of part of the
scrap.
Answer (C) is incorrect. Hiring armed guards to escort the scrap
trailers is
unlikely to be cost-effective unless the scrap is extremely valuable.
Logging
departures and arrivals will be sufficient in most cases.
Answer (D) is incorrect. Using an independent hauler would provide
no
additional assurance of prevention or detection of wrongdoing.
[306] Gleim #: 3.4.75
A utility with a large investment in repair vehicles would most likely
implement which
internal control to reduce the risk of vehicle theft or loss?
A. Review insurance coverage for adequacy.
B. Systematically account for all repair work orders.
Physically inventory vehicles and reconcile the results with the
accounting
records.
C.
Maintain vehicles in a secured location with release and return
subject to approval
by a custodian.
D.
Answer (A) is incorrect. Insurance provides for indemnification if
loss or theft
occurs. It thus reduces financial exposure but does not prevent the
actual loss or
theft.
Answer (B) is incorrect. An internal control designed to ensure
control over
repair work performed has no bearing on the risk of loss.
Answer (C) is incorrect. Taking an inventory is a detective, not a
preventive,
control.
Answer (D) is correct. Physical safeguarding of assets is enacted
through the use
of preventive controls that reduce the likelihood of theft or other loss.
Keeping the
vehicles at a secure location and restricting access establishes
accountability by
the custodian and allows for proper authorization of their use.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 167
Printed for Sanja Knezevic
[307] Gleim #: 3.4.76
Which of the following controls could be used to detect bank deposits
that are
recorded but never made?
Establishing accountability for receipts at the earliest A. possible
time.
Linking receipts to other internal accountabilities, for example,
collections to
either accounts receivable or sales.
B.
C. Consolidating cash receiving points.
D. Having bank reconciliations performed by a third party.
Answer (A) is incorrect. Early establishment of accountability will not
help
detect bank deposits recorded on the books but not deposited in the
bank.
Answer (B) is incorrect. The issue is not accountability for receipts
but detection
of failure to make deposits.
Answer (C) is incorrect. The number of receiving points does not
impact the
failure to make recorded deposits.
Answer (D) is correct. Having an independent third party prepare the
bank
reconciliations would reveal any discrepancies between recorded
deposits and the
bank statements. A bank reconciliation compares the bank statement
with
organization records and resolves differences caused by deposits in
transit,
outstanding checks, NSF checks, bank charges, errors, etc.
[308] Gleim #: 3.4.77
To minimize the risk that agents in the purchasing department will
use their positions
for personal gain, the organization should
A. Rotate purchasing agent assignments periodically.
B. Request internal auditors to confirm selected purchases and
accounts payable.
C. Specify that all items purchased must pass value-per-unit-of-cost
reviews.
Direct the purchasing department to maintain records on purchase
prices paid,
with review of such being required each 6 months.
D.
Answer (A) is correct. The risk of favoritism is increased when
buyers have longterm
relationships with specific vendors. Periodic rotation of buyer
assignments
will limit the opportunity to show favoritism. This risk is also reduced
if buyers
are required to take vacations.
Answer (B) is incorrect. Confirmation does not enable internal
auditors to detect
inappropriate benefits received by purchasing agents or deter longterm
relationships.
Answer (C) is incorrect. Value-per-unit-of-cost reviews could be
helpful in
ensuring a certain level of value received for price paid but do not
directly focus
on receipt of inappropriate benefits by purchasing agents.
Answer (D) is incorrect. Review of records every 6 months does not
enable the
organization to detect receipt of inappropriate benefits by an agent or
deter
relationships that could lead to such activity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 168
Printed for Sanja Knezevic
fb.com/ciaaofficial
[309] Gleim #: 3.4.78
Management can best strengthen internal control over the custody of
inventory stored
in an off-site warehouse by implementing
Reconciliations of transfer slips to/from the warehouse with A.
inventory records.
B. Increases in insurance coverage.
C. Regular reconciliation of physical inventories to accounting
records.
D. Regular confirmation of the amount on hand with the custodian of
the warehouse.
Answer (A) is incorrect. A control over the movement of inventory to
and from
the warehouse provides no assurance over the custody of the
inventory while in
the warehouse.
Answer (B) is incorrect. Increasing insurance coverage helps
protect the
organization against losses but does not strengthen internal control
over the
custody of inventory.
Answer (C) is correct. A detective control that will reveal, on a
regular basis, any
discrepancies between the inventory records and the actual
inventory on hand is
needed. Periodic comparison of the recorded accountability for
inventory with the
actual physical inventory will accomplish this.
Answer (D) is incorrect. Confirming with the custodian the amount of
inventory
on hand does not verify that the inventory is actually at the
warehouse.
[310] Gleim #: 3.4.79
When a supplier of office products is unable to fill an order
completely, it marks the
out-of-stock items as back ordered on the customer’s order and
enters these items in a
back order file that management can view or print. Customers are
becoming
disgruntled with the supplier because it seems unable to keep track
of and ship out-ofstock
items as soon as they are available. The best approach for ensuring
prompt
delivery of out-of-stock items is to
A. Match the back order file to goods received daily.
Increase inventory levels to minimize the number of times that out-ofstock
conditions occur.
B.
Implement electronic data interchange with supply vendors to
decrease the time to
replenish inventory.
C.
Reconcile the sum of filled and back orders with the total of all orders
placed
daily.
D.
Answer (A) is correct. A directive control is appropriate, i.e., one
designed to
cause or encourage the occurrence of a desirable event. Matching
the back order
file with goods received daily is the surest way of facilitating prompt
delivery of
out-of-stock items.
Answer (B) is incorrect. An increase in inventory minimizes out-ofstock
conditions but has no effect on tracking and shipping goods as soon
as they are
available.
Answer (C) is incorrect. More efficient replenishment of its own
inventory has no
effect on tracking and shipping goods as soon as they are available.
Answer (D) is incorrect. Reconciling the sum of filled and back
orders with the
total of all orders placed daily ensures that orders were either filled or
back
ordered but will not affect delivery of the items that are out of stock.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 169
Printed for Sanja Knezevic
[311] Gleim #: 3.4.80
Which of the following observations by an auditor is most likely to
indicate the
existence of control weaknesses over safeguarding of assets?
A service department’s location is not well suited to allow adequate
service to
other units.
I.
Employees hired for sensitive positions are not subjected to II.
background checks.
Managers do not have access to reports that profile overall
performance in relation
to other benchmarked organizations.
III.
Management has not taken corrective action to resolve past
engagement
observations related to inventory controls.
IV.
A. I and II only.
B. I and IV only.
C. II and III only.
D. II and IV only.
Answer (A) is incorrect. A service department’s location concerns
achieving
organizational objectives, not safeguarding of assets.
Answer (B) is incorrect. A service department’s location concerns
achieving
organizational objectives, not safeguarding of assets. But failure to
do background
checks is a control weakness related to asset security.
Answer (C) is incorrect. Managers not having access to reports
profiling overall
performance concerns achieving organizational objectives.
Answer (D) is correct. Internal auditors evaluate risk exposures and
the adequacy
and effectiveness of controls relating to, among other things,
safeguarding of
assets (Perf. Std. 2130.A1). Lack of background checks for
employees hired for
sensitive positions and failure to take corrective action on past
engagement
observations relating to safeguarding of assets are red flags
signifying control
weaknesses. Regular reference and background checks, integrity
tests, and drug
screening are hiring procedures that may be part of an effective
ethical culture.
Furthermore, internal auditors follow up on engagement results to
determine what
corrective actions have been taken or whether management or the
board has
assumed the risk of not taking action. If the CAE believes the risk
assumed may
be unacceptable to the organization, (s)he must discuss the matter
with senior
management and the board (Perf. Stds. 2500.A1 and 2600).
[312] Gleim #: 3.4.81
A control likely to prevent purchasing agents from favoring specific
suppliers is
Requiring management’s review of a monthly report of the totals
spent by each
buyer.
A.
B. Requiring buyers to adhere to detailed material specifications.
C. Rotating buyer assignments periodically.
D. Monitoring the number of orders placed by each buyer.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 170
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Requiring review of a monthly report of the
totals spent by
each buyer does not enable the organization to detect receipt of
inappropriate benefits
by an agent or deter relationships that could lead to such activity.
Answer (B) is incorrect. Detailed material specifications will not
prevent buyer
favoritism in placing orders.
Answer (C) is correct. The risk of favoritism is increased when
buyers have long-term
relationships with specific vendors. Periodic rotation of buyer
assignments will limit
the opportunity for any buyer to show favoritism to a particular
supplier.
Answer (D) is incorrect. The number of orders placed is not relevant
to preventing
favoritism.
[313] Gleim #: 3.4.82
Appropriate internal control for a multinational corporation’s branch
office that has a
monetary transfer unit requires that
The individual who initiates wire transfers not reconcile A. the bank
statement.
B. The branch manager receive all wire transfers.
C. Foreign currency rates be computed separately by two different
employees.
D. Corporate management approve the hiring of monetary transfer
unit employees.
Answer (A) is correct. A control is any action taken by management
to enhance
the likelihood that established goals and objectives will be achieved.
Controls
include segregation of duties to reduce the risk that any person may
be able to
perpetrate and conceal errors or fraud in the normal course of his/her
duties.
Different persons should authorize transactions, record transactions,
and maintain
custody of the assets associated with the transaction. Independent
reconciliation of
bank accounts is necessary for good internal control.
Answer (B) is incorrect. Having the branch manager receive all wire
transfers is
not an important internal control consideration.
Answer (C) is incorrect. Foreign currency translation rates are
verified, not
computed. Having two employees in the same department perform
the same task
will not significantly enhance internal control.
Answer (D) is incorrect. Corporate management approval of hiring
monetary
transfer unit employees is not an important internal control
consideration.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 171
Printed for Sanja Knezevic
[314] Gleim #: 3.4.83
An internal auditor is assigned to perform an engagement to evaluate
the
organization’s insurance program, including the appropriateness of
the approach to
minimizing risks. The organization self-insures against large casualty
losses and health
benefits provided for all its employees. The organization is a large
national firm with
over 15,000 employees located in various parts of the country. It
uses an outside
claims processor to administer its healthcare program. The
organization’s medical
costs have been rising by approximately 8% per year for the past 5
years, and
management is concerned with controlling these costs. The
healthcare processor
wishes to implement controls that would help prevent fraud by
dentists who are
submitting billings for services not provided. Assume further that all
the claims are
submitted electronically to the healthcare processor. Which of the
following control
procedures would be the most effective?
Develop a program that identifies procedures performed on an
individual in
excess of expectations based on the age of the employee, whether a
similar
procedure was performed recently, or the average cost per claim.
A.
Require all submitted claims to be accompanied by a signed
statement by the
dentist testifying that the claimed procedures were performed.
B.
Send confirmations to the dentists requesting them to confirm the
exact nature of
the claims submitted to the healthcare processor.
C.
Develop an integrated test facility and submit false claims to verify
that the system
is detecting such claims on a consistent basis.
D.
Answer (A) is correct. Under this detective control, unusual claims
could be
identified and followed up to determine if they are legitimate. This
control is a
type of IT input control known as a reasonableness test.
Answer (B) is incorrect. Requiring a signed statement does not
prevent the
dentist from filing a false claim.
Answer (C) is incorrect. Sending confirmations to the dentists does
not prevent
the filing of false claims or a false response to the confirmation.
Answer (D) is incorrect. An integrated test facility would only provide
information about the correctness of the processing of the claim or a
false
response to the confirmation, not on the propriety of the claim.
[315] Gleim #: 3.4.84
An internal auditor is reviewing the organization’s policy regarding
investing in
financial derivatives. The internal auditor normally expects to find all
of the following
in the policy except
A statement indicating whether derivatives are to be used for hedging
or
speculative purposes.
A.
A specific authorization limit for the amount and types of derivatives
that can be
used by the organization.
B.
A specific limit on the amount authorized for C. any single trader.
A statement requiring board review of each transaction because of
the risk
involved in such transactions.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 172
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. A policy specifying whether derivatives are
to be used for
hedging or speculating is a crucial directive control.
Answer (B) is incorrect. A policy specifying the authorization limits
for derivatives is
an appropriate directive control.
Answer (C) is incorrect. A policy specifying the authorization limits
for derivatives is
an appropriate directive control.
Answer (D) is correct. A policy requiring board review of every
derivatives
transaction is cost ineffective. Management is responsible for daily
operations and is
expected to conform to the policies of the board.
[316] Gleim #: 3.4.85
Which of the following control procedures provides the greatest
assurance that all
donations to a not-for-profit organization are immediately deposited
to the
organization’s account?
Use a lockbox to receive A. all donations.
Perform periodic reviews of the organization’s cash receipts by
tracing deposits to
the original posting in the cash receipts records.
B.
C. Require that all donations be made by check.
Require issuance of a confirmation receipt to all donors, with the
receipt issued by
the person who opens and deposits the cash receipts.
D.
Answer (A) is correct. A lockbox system expedites receipt of funds
and provides
effective control over cash receipts. Donors send their payments to
mailboxes,
often in numerous locations, that are checked by a bank several
times a day.
Hence, payments are deposited before being processed by the
organization’s
accounting system.
Answer (B) is incorrect. The flaw in this procedure is that it focuses
only on
deposits that were made. The concern is with cash receipts that were
not
deposited.
Answer (C) is incorrect. An individual may deposit a check to a
similarly named
organization.
Answer (D) is incorrect. The same person should not be responsible
for the cash
receipts and the confirmations. The person could confirm receipts
even if they
were diverted.
[317] Gleim #: 3.4.86
A rental car agency’s fleet maintenance division uses a different code
for each type of
inventory transaction. A daily summary report lists activity by part
number and
transaction code. The report is reconciled by the parts room
supervisor to the day’s
material request forms and is then forwarded to the fleet manager for
approval. The
reconciliation of the summary report to the day’s material request
forms by the parts
room supervisor
A. Verifies that all material request forms were approved.
Provides documentation as to what material was available for a
specific
transaction.
B.
C. Confirms that all material request forms are entered for all parts
issued.
D. Ensures the accuracy and completeness of data input.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 173
Printed for Sanja Knezevic
Answer (A) is incorrect. This reconciliation would not necessarily
include a review of
authorizations.
Answer (B) is incorrect. The material available for a specific
transaction is not part of
the reconciliation.
Answer (C) is incorrect. Not all request forms may have been
submitted.
Answer (D) is correct. This reconciliation is an input control to verify
that data entry
is accurate and complete. The parts requested should be consistent
with the parts used
in the maintenance activities. Unexplained variances should be
investigated.
[318] Gleim #: 3.4.87
During an engagement involving a construction contract, the internal
auditor
discovered that the contractor was being paid for each ton of dirt
removed. The
contract called for payment based on cubic yards removed. Which
internal control
might have prevented this error?
Comparison of invoices with purchase orders A. or contracts.
B. Comparison of invoices with receiving reports.
C. Comparison of actual costs with budgeted costs.
D. Extension checks of invoice amounts.
Answer (A) is correct. This detective control would have revealed
that the
contractor’s invoice used a unit of measure different from that in the
contract.
Thus, the basis of payment was not what was called for in this unitprice contract.
Answer (B) is incorrect. The dirt removed would not have been
received by the
organization. Hence, no receiving reports would have existed.
Answer (C) is incorrect. This comparison would not have detected
the specific
reason for a variance.
Answer (D) is incorrect. The problem was not a mathematical error
but an
erroneous basis for payment.
[319] Gleim #: 3.4.88
During an engagement involving a purchasing department, an
internal auditor
discovered that many purchases were made (at normal prices) from
an office supplier
whose owner was the brother of the director of purchasing. Controls
were in place to
restrict such purchases and no fraud appears to have been
committed. In this case, the
internal auditor should recommend
The development of an approved-vendor file initiated by the buyer
and approved
by the director of purchasing.
A.
B. Establishment of a price policy (range) for all goods.
C. The initiation of a conflict-of-interest policy.
D. The inspection of all receipts by receiving inspectors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 174
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. An approved-vendor file approved by the
director would not
prevent a conflict of interest.
Answer (B) is incorrect. Price is not a factor when dealing with
conflicts of interest.
Answer (C) is correct. A policy is one means of achieving control. It
is a general guide
to and limit on action that should be clearly stated in writing and
systematically
communicated to appropriate parties. A conflict-of-interest policy
should contain
directives that restrict business dealings with relatives unless
otherwise disclosed to
and approved by senior management.
Answer (D) is incorrect. The inspection of all receipts by receiving
inspectors is an
appropriate receiving control that does not pertain to this situation.
[320] Gleim #: 3.4.89
Which of the following policies and procedures is consistent with
effective
administration of the insurance function?
Billings for insurance coverage are received and payments disbursed
by the
insurance manager.
A.
Policy coverages are adjusted each year by applying a price index to
previous year
coverages.
B.
Final settlements are negotiated after claims are developed C. and
submitted.
Policies are always placed with the carrier that offers the lowest rate
for a
specified level of coverage.
D.
Answer (A) is incorrect. The manager has too many responsibilities;
there is no
separation of duties. The receipt of billings and the disbursement of
payments
should be done by different people.
Answer (B) is incorrect. While policy coverages should be
systematically
evaluated each year to assure appropriate coverage, mere
adjustment for inflation
is not adequate to determine the degree of risk that should be
insured.
Answer (C) is correct. The claims handling process begins with
prompt reporting
by the affected operational unit of the organization of any basis for a
claim.
Prompt reporting is required to permit the insurer to take whatever
steps it may
deem necessary to reduce the ultimate compensable loss. The
insurance function
then cooperates with the operational unit to document and formally
submit the
claim to the carrier. Subsequently, the insurance function will be
involved in any
required review of the claim and negotiation of a settlement.
Answer (D) is incorrect. Prudence dictates that other factors, e.g.,
the financial
resources of the carrier and the fairness and efficiency of claims
handling, be
considered in addition to rates.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 175
Printed for Sanja Knezevic
[321] Gleim #: 3.4.90
A recent inventory shortage at XYZ Corp., an unaffiliated supplier,
contributed to
production failures at OPS Corp. in the current period. To avoid
future production
failures because of supplier inventory shortages, the most
appropriate method is for
OPS to
Establish an inventory control A. framework at XYZ.
B. Increase the size of orders.
C. Produce the inventory items instead of purchasing from suppliers.
D. Inform XYZ about its risk appetite regarding supply failures.
Answer (A) is incorrect. OPS has no authority to establish an
inventory control
framework at XYZ.
Answer (B) is incorrect. Increasing order size does not address the
cause of
supplier failures.
Answer (C) is incorrect. Although in-house production will eliminate
the external
parties, it may not be the most cost-effective method. The external
party may have
cost advantages the organization does not.
Answer (D) is correct. The risk appetite is the level of risk that an
organization is
willing to accept (The IIA Glossary). Thus, communicating about the
risk appetite
with external parties is an important aspect of risk management. It
allows the
organization to develop strategies to work with suppliers who may
have different
objectives.
[322] Gleim #: 3.4.91
A system of internal control includes physical controls over access to
and use of assets
and records. A departure from the purpose of such procedures is that
A. Access to the safe-deposit box requires two officers.
Only storeroom personnel and line supervisors have access to the
raw materials
storeroom.
B.
C. The mailroom compiles a list of the checks received in the
incoming mail.
D. Only salespersons and sales supervisors use sales department
vehicles.
Answer (A) is incorrect. It is appropriate for two officers to be
required to open
the safe-deposit box. One supervises the other.
Answer (B) is correct. Storeroom personnel have custody of assets,
and
supervisors are in charge of execution functions. To give supervisors
access to the
raw materials storeroom is a violation of the essential internal control
principle of
segregation of functions.
Answer (C) is incorrect. The mailroom typically compiles a prelisting
of cash.
The list is sent to the accountant as a control for actual cash sent to
the cashier.
Answer (D) is incorrect. Use of sales department vehicles by only
sales personnel
is appropriate.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 176
Printed for Sanja Knezevic
fb.com/ciaaofficial
[323] Gleim #: 3.4.92
An employee should not be able to visit the organization’s safe
deposit box containing
investment securities without being accompanied by another
employee. What would
be a possible consequence of an employee’s being able to visit the
safe deposit box
unaccompanied?
The employee could pledge organizational investments as security
for a short-term
personal bank loan.
A.
The employee could steal securities and the theft would never B. be
discovered.
C. It would be impossible to obtain a fidelity bond on the employee.
There would be no record of when organizational personnel visited
the safe
deposit box.
D.
Answer (A) is correct. The bank should maintain a record, which can
be
inspected by organizational personnel, of all safe deposit box visits.
Access should
be limited to authorized officers. Organizations typically require the
presence of
two authorized persons for access to the box. This precaution
provides
supervisory control over, for example, the temporary removal of the
securities to
serve as a pledge for a loan (hypothecation of securities).
Answer (B) is incorrect. An engagement involving investment
securities would
eventually uncover an outright theft assuming no alteration of the
asset records.
Answer (C) is incorrect. Obtaining a fidelity bond is contingent upon
the
character of the employee, not the presence of a specific control.
Answer (D) is incorrect. The bank maintains a record of visits.
[324] Gleim #: 3.4.93
One of two office clerks in a small organization prepares a sales
invoice; however, the
invoice is incorrectly entered by the bookkeeper in the general ledger
and the accounts
receivable subsidiary ledger for a smaller amount resulting from a
transposition of
digits. The customer subsequently remits the amount on the monthly
statement.
Assuming only three employees are in the department, the most
effective control to
prevent this type of error is
Assigning the second office clerk to make an independent check of
prices,
discounts, extensions, footings, and invoice serial numbers.
A.
Requiring that monthly statements be prepared by the bookkeeper
and verified by
one of the other office clerks prior to mailing.
B.
C. Using predetermined totals to control posting routines.
Requiring the bookkeeper to perform periodic reconciliations of the
accounts
receivable subsidiary ledger and the general ledger.
D.
Answer (A) is incorrect. The misposting was an error that occurred
subsequent to
this step.
Answer (B) is incorrect. These controls will not detect an initial
misposting. The
statements and the reconciliation are based on the misposted
records.
Answer (C) is correct. A control total should be generated for the
transactions to
be posted. It should then be compared with the total of items posted
to the
individual accounts.
Answer (D) is incorrect. These controls will not detect an initial
misposting. The
statements and the reconciliation are based on the misposted
records.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 177
Printed for Sanja Knezevic
[325] Gleim #: 3.4.94
Which of the following aspects of the administration of a
compensation program is the
most important control in the long run?
An informal wage and salary policy to be competitive with the A.
industry average.
B. A plan of job classifications based on predefined evaluation
criteria.
C. A wage and salary review plan for individual employee
compensation.
D. A level of general compensation that is reasonably competitive.
Answer (A) is incorrect. A vague policy would contribute little if
anything to the
fair administration of compensation programs.
Answer (B) is correct. Job classifications and grades are established
during the
job analysis phase and the general level of compensation in the
community and in
the industry must be determined. Compensation is then fixed based
on the plan of
job classifications, usually within a range for each grade. A range is
necessary to
allow for flexibility. Compensation should be low enough to avoid
excess cost
and to permit competitive pricing but high enough to attract needed
personnel.
Answer (C) is incorrect. A plan for reviewing individual
compensation
presupposes a classification plan.
Answer (D) is incorrect. Reasonably competitive compensation is
predicated on a
classification plan.
[326] Gleim #: 3.4.95
To minimize potential financial losses associated with physical
assets, the assets
should be insured in an amount that is
A. Supported by periodic appraisals.
B. Determined by the board of directors.
Automatically adjusted by an economic indicator such as the
consumer price
index.
C.
D. Equal to the book value of the individual assets.
Answer (A) is correct. Based on the results of the risk assessment,
the internal
audit activity should evaluate the adequacy and effectiveness of
controls
encompassing the organization’s governance, operations, and
information
systems. This should include, among other things, safeguarding of
assets (Impl.
Std. 2120.A1). Safeguarding assets includes insuring them. The
types and
amounts of insurance should be supported by periodic appraisals.
Answer (B) is incorrect. The determination of insurance coverage is
not a
function of the board of directors.
Answer (C) is incorrect. The consumer price index generally does
not provide an
appropriate adjustment factor for fixed assets.
Answer (D) is incorrect. Book values may not reflect the
replacement or real
value of an asset.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 178
Printed for Sanja Knezevic
fb.com/ciaaofficial
[327] Gleim #: 3.4.96
One control objective of the financing/treasury cycle is the proper
authorization of
transactions involving debt and equity instruments. Which of the
following controls
would best meet this objective?
Segregation of responsibility for custody of funds from recording of
the
transaction.
A.
Written policies requiring review of major funding/repayment
proposals by the
board.
B.
Use of an underwriter in all cases of new issue of debt or C. equity
instruments.
D. Requiring two signatures on all checks of a material amount.
Answer (A) is incorrect. Segregation of responsibility for custody of
funds from
recording of the transaction concerns the objective of safeguarding of
assets, not
authorization.
Answer (B) is correct. The control objective of authorization
concerns the proper
execution of transactions in accordance with management’s wishes.
One means of
achieving this control objective is the establishment of policies as
guides to
action. When a decision affects the capitalization of the entity, a
policy should be
in force requiring review at the highest level.
Answer (C) is incorrect. Use of an underwriter in all cases of new
issue of debt or
equity instruments does not state a control but rather a specific
means of issuing
securities.
Answer (D) is incorrect. Requiring two signatures on all checks of a
material
amount concerns the objective of safeguarding of assets, not
authorization.
[328] Gleim #: 3.4.97
Which of the following describes a control weakness?
Purchasing procedures are well designed and are followed unless
otherwise
directed by the purchasing supervisor.
A.
B. Prenumbered blank purchase orders are secured within the
purchasing department.
Normal operational purchases fall in the range from US $500 to US
$1,000 with
two signatures required for purchases over US $1,000.
C.
The purchasing agent invests in a publicly traded mutual fund that
lists the stock
of one of the organization’s suppliers in its portfolio.
D.
Answer (A) is correct. Well-designed procedures that are set aside
at
management’s discretion are not adequate controls. Control
procedures must be
followed consistently to be effective. However, the possibility of
management
override is an inherent limitation of internal control.
Answer (B) is incorrect. Use of prenumbered blank purchase orders
secured
within the purchasing department is a common control.
Answer (C) is incorrect. Requiring a more stringent authorization
procedure for
larger purchases is an appropriate control as long as documentation
supports the
purchases.
Answer (D) is incorrect. The purchasing agent’s mutual fund
investment should
not be a conflict of interest. The relationship between the return on
the investment
and any possible action by the agent to favor the supplier is very
weak.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 179
Printed for Sanja Knezevic
[329] Gleim #: 3.4.98
A manufacturer uses large quantities of small, inexpensive items,
such as nuts, bolts,
washers, and gloves, in the production process. As these goods are
purchased, they are
recorded in inventory in bulk amounts. Bins are located on the shop
floor to provide
timely access to these items. When necessary, the bins are refilled
from inventory, and
the cost of the items is charged to a consumable supplies account,
which is part of
shop overhead. Which of the following would be an appropriate
improvement of
controls in this environment?
Relocate bins to the inventory A. warehouse.
Require management review of reports on the cost of consumable
items used in
relation to budget.
B.
C. Lock the bins during normal working hours.
D. None of these controls are needed for items of minor cost and
size.
Answer (A) is incorrect. The bins should be on the shop floor where
the nuts,
bolts, etc., are needed.
Answer (B) is correct. In accordance with the cost-benefit criterion,
control
expenditures for manufacturing supplies (nuts, bolts, etc.) should be
minimal.
Nevertheless, some controls should be implemented. For example,
usage should
be estimated and compared with stock balances and also with the
number of using
personnel. Moreover, variances should be calculated for the
difference between
costs incurred and budgeted amounts.
Answer (C) is incorrect. Locking the bins would limit the efficiency
and
effectiveness of shop personnel.
Answer (D) is incorrect. Controls are needed even for items of minor
cost and
size.
[330] Gleim #: 4.1.1
The COSO framework treats internal control as a process designed
to provide
reasonable assurance regarding the achievement of objectives
related to
A. Reliability of financial reporting.
B. Effectiveness and efficiency of operations.
C. Compliance with applicable laws and regulations.
D. All of the answers are correct.
Answer (A) is incorrect. The effectiveness and efficiency of
operations and
compliance with applicable laws and regulations are also correct.
Answer (B) is incorrect. The reliability of financial reporting and
compliance
with applicable laws and regulations are also correct.
Answer (C) is incorrect. Reliability of financial reporting and
effectiveness and
efficiency of operations are also correct.
Answer (D) is correct. The COSO framework treats internal control
as a process
designed to provide reasonable assurance regarding the
achievement of objectives
related to reliability of financial reporting, effectiveness and efficiency
of
operations, and compliance with applicable laws and regulations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 180
Printed for Sanja Knezevic
fb.com/ciaaofficial
[331] Gleim #: 4.1.2
Which of the following are elements of the control environment?
Integrity A. and ethical values.
B. Organizational structure.
C. Assignment of authority and responsibility.
D. All of the answers are correct.
Answer (A) is incorrect. Organizational structure and assignment of
authority and
responsibility are also part of the control environment.
Answer (B) is incorrect. Integrity and ethical values and assignment
of authority
and responsibility are also part of the control environment.
Answer (C) is incorrect. Integrity and ethical values and
organizational structure
are also part of the control environment.
Answer (D) is correct. The COSO internal control framework lists the
following
seven elements of the control environment:
Integrity and ethical values
Commitment to competence
Board of directors or audit committee
Management’s philosophy and operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
[332] Gleim #: 4.1.3
Which of the following is not a component of the CoCo model?
A. Commitment.
B. Capability.
C. Control environment.
D. Monitoring and learning.
Answer (A) is incorrect. Commitment is a component of the CoCo
model.
Answer (B) is incorrect. Capability is a component of the CoCo
model.
Answer (C) is correct. The control environment is not one of the four
components
of the CoCo model. The four components are commitment,
capability, monitoring
and learning, and purpose.
Answer (D) is incorrect. Monitoring and learning is a component of
the CoCo
model.
[333] Gleim #: 4.1.4
In regard to The IIA’s Electronic Systems Assurance and Control
study, which of the
following is not a business assurance objective?
A. Recordability.
B. Capability.
C. Protectability.
D. Functionality.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 181
Printed for Sanja Knezevic
Answer (A) is correct. Recordability is not a business assurance
objective.
Answer (B) is incorrect. Capability is one of the five business
assurance objectives.
Answer (C) is incorrect. Protectability is one of the five business
assurance objectives.
Answer (D) is incorrect. Functionality is one of the five business
assurance objectives.
[334] Gleim #: 4.1.5
Which of the following statements is correct regarding corporate
compensation
systems and related bonuses?
A bonus system should be considered part of the control
environment of an
organization and should be considered in formulating a report on
internal control.
I.
Compensation systems are not part of an organization’s control
system and should
not be reported as such.
II.
An audit of an organization’s compensation system should be
performed
independently of an audit of the control system over other functions
that impact
corporate bonuses.
III.
A. I only.
B. II only.
C. III only.
D. II and III only.
Answer (A) is correct. The control environment includes, among
other things, the
element of human resource policies and practices. Thus, hiring,
orientation,
training, evaluation, counseling, promotion, compensation, and
remedial actions
must be considered by management.
Answer (B) is incorrect. Compensation systems are part of the
organization’s
control systems.
Answer (C) is incorrect. Audits of the compensation systems can be
combined
with an audit of other functions that affect corporate bonuses.
Answer (D) is incorrect. Compensation systems are part of the
organization’s
control systems, and they may be audited in combination with other
functions that
affect corporate bonuses.
[335] Gleim #: 4.1.6
The policies and procedures helping to ensure that management
directives are
executed and actions are taken to address risks to achievement of
objectives describes
A. Risk assessments.
B. Control environments.
C. Control activities.
D. Monitoring.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 182
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Risk assessment identifies and analyzes
external or internal
risks to achievement of the objectives at the activity level as well as
the entity level.
Answer (B) is incorrect. Control environments reflect the attitude
and actions of the
board and management regarding the significance of control within
the organization.
Answer (C) is correct. Control activities are the policies and
procedures helping to
ensure that management directives are executed and actions are
taken to address risks
to achievement of objectives.
Answer (D) is incorrect. Monitoring is a process that assesses the
quality of the
system’s performance over time.
[336] Gleim #: 4.1.7
An organization’s directors, management, external auditors, and
internal auditors all
play important roles in creating a proper control environment. Senior
management is
primarily responsible for
Establishing a proper organizational culture and specifying a system
of internal
control.
A.
Designing and operating a control system that provides reasonable
assurance that
established objectives and goals will be achieved.
B.
Ensuring that external and internal auditors adequately monitor the
control
environment.
C.
Implementing and monitoring controls designed by the D. board of
directors.
Answer (A) is correct. Senior management is primarily responsible
for
establishing a proper organizational culture and specifying a system
of internal
control.
Answer (B) is incorrect. Senior management is not likely to be
involved in the
detailed design and day-to-day operation of a control system.
Answer (C) is incorrect. Management administers risk and control
processes. It
cannot delegate this responsibility to the external auditors or to the
internal audit
activity.
Answer (D) is incorrect. The board has oversight governance
responsibilities but
ordinarily does not become involved in the details of operations.
[337] Gleim #: 4.1.8
Which term best reflects the attitude and actions of the board and
management
regarding the significance of control within the organization?
A. Risk assessment.
B. Control activities.
C. Control environment.
D. Monitoring.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 183
Printed for Sanja Knezevic
Answer (A) is incorrect. Risk assessment identifies and analyzes
external or internal
risks to achievement of the objectives at the activity level as well as
the entity level.
Answer (B) is incorrect. Control activities are the policies and
procedures helping to
ensure that management directives are executed and actions are
taken to address risks
to achievement of objectives.
Answer (C) is correct. A control environment reflects the attitude and
actions of the
board and management regarding the significance of control within
the organization.
Answer (D) is incorrect. Monitoring is a process that assesses the
quality of the
system’s performance over time.
[338] Gleim #: 4.1.9
Internal control can provide only reasonable assurance that the
organization’s
objectives will be met efficiently and effectively. One factor limiting
the likelihood of
achieving those objectives is that
The internal auditor’s primary responsibility is the A. detection of
fraud.
B. The board is active and independent.
C. The cost of internal control should not exceed its benefits.
D. Management monitors performance.
Answer (A) is incorrect. The internal audit activity’s responsibility
regarding
controls is to evaluate effectiveness and efficiency and to promote
continuous
improvement.
Answer (B) is incorrect. An effective governance function
strengthens the control
environment.
Answer (C) is correct. A limiting factor is that the cost of internal
control should
not exceed its expected benefits. Thus, the potential loss associated
with any
exposure or risk is weighed against the cost to control it. Although
the cost-benefit
relationship is a primary criterion that should be considered in
designing and
implementing internal control, the precise measurement of costs and
benefits
usually is not possible.
Answer (D) is incorrect. Senior management’s role is to oversee the
establishment, administration, and assessment of the system of risk
management
and control processes.
[339] Gleim #: 4.1.10
Which of the following statements is not accurate with regard to soft
controls?
A. The COSO and CoCo models emphasize soft controls.
The communication of ethical values and the fostering of mutual trust
are soft
controls in the CoCo model.
B.
Soft controls have become more necessary as technology advances
have
empowered employees.
C.
D. Control self-assessment is not an approach to audit soft controls.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 184
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The COSO and CoCo models emphasize
soft controls.
Answer (B) is incorrect. The communication of ethical values and
the fostering of
mutual trust are soft controls in the CoCo model.
Answer (C) is incorrect. Soft controls have become more necessary
as technology
advances have empowered employees.
Answer (D) is correct. One approach to auditing soft controls is
control selfassessment,
which is the involvement of management and staff in the assessment
of
internal controls within their work group.
[340] Gleim #: 4.1.11
Which of the following broad control objectives listed in The IIA’s
Electronic Systems
Assurance and Control differs from the objectives found in the COSO
internal control
framework?
Effectiveness A. and efficiency.
B. Financial reporting.
C. Compliance.
D. Safeguarding of assets.
Answer (A) is incorrect. Effectiveness and efficiency of operations is
addressed
in both models.
Answer (B) is incorrect. Financial reporting is addressed in both
models.
Answer (C) is incorrect. Compliance with laws and regulations is
addressed in
both models.
Answer (D) is correct. Safeguarding of assets is not among the
objectives of
control found in the COSO internal control framework.
[341] Gleim #: 4.1.12
Which of the following is the common name for Internal Control:
Guidance for
Directors on the Combined Code?
A. COSO.
B. COBIT.
C. The Turnbull Report.
D. CoCo.
Answer (A) is incorrect. The COSO (Committee of Sponsoring
Organizations of
the Treadway Commission) issued Internal Control – Integrated
Framework.
Answer (B) is incorrect. COBIT is the integrated framework for
information
technology controls issued by the IT Governance Institute.
Answer (C) is correct. One of the three most recognized internal
control
frameworks is Internal Control: Guidance for Directors on the
Combined Code.
It is commonly known as the Turnbull Report and was issued by the
Institute of
Chartered Accountants in England and Wales.
Answer (D) is incorrect. CoCo refers to Guidance on Control
(original title:
Criteria of Control) issued by the Canadian Institute of Chartered
Accountants.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 185
Printed for Sanja Knezevic
[342] Gleim #: 4.1.13
A restaurant chain has over 680 restaurants. All food orders for each
restaurant are
required to be entered into an electronic device that records all food
orders by food
servers and transmits the order to the kitchen for preparation. All
food servers are
responsible for collecting cash for all their orders and must turn in
cash at the end of
their shift equal to the sales value of food ordered for their I.D.
number. The manager
then reconciles the cash received for the day with the computerized
record of food
orders generated. All differences are investigated immediately by the
restaurant.
Organizational headquarters has established monitoring controls to
determine when an
individual restaurant might not be recording all its revenue and
transmitting the
applicable cash to the corporate headquarters. Which one of the
following is the best
example of a monitoring control?
The restaurant manager reconciles the cash received with the food
orders recorded
on the computer.
A.
All food orders must be entered on the computer, and segregation of
duties is
maintained between the food servers and the cooks.
B.
Management prepares a detailed analysis of gross margin per store
and
investigates any store that shows a significantly lower gross margin.
C.
Cash is transmitted to corporate headquarters D. on a daily basis.
Answer (A) is incorrect. The manager’s activity is an example of a
reconciliation
control applied at the store level. Monitoring is an overall control that
determines
whether other controls are operating effectively.
Answer (B) is incorrect. The division of duties is an operational
control.
Answer (C) is correct. Monitoring is a process that assesses the
quality of internal
control over time. It involves assessment by appropriate personnel of
the design
and operation of controls and the taking of corrective action.
Monitoring can be
done through ongoing activities or separate evaluations. Ongoing
monitoring
procedures are built into the normal recurring activities of an entity
and include
regular management and supervisory activities. Thus, analysis of
gross margin
data and investigation of significant deviations is a monitoring
process.
Answer (D) is incorrect. Daily transmission of cash is an operational
control.
[343] Gleim #: 4.1.14
Management has a role in the maintenance of control. In fact,
management sometimes
is a control. Which of the following most likely involves managerial
functions as a
control?
A. Monitoring performance.
B. Board approval of the charter of the internal audit activity.
C. Maintenance of a quality assurance program.
D. Establishment of an internal audit activity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 186
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Monitoring is a component of the control
environment. It is a
process that assesses the quality of the system’s performance over
time. It consists of
ongoing activities built into normal operations to ensure that they
continue to be
performed effectively. Supervision and other ordinary management
functions,
consideration of communications with external parties, and the
actions of internal and
external auditors are examples.
Answer (B) is incorrect. The board is the entity’s governing body, not
its
management.
Answer (C) is incorrect. A quality assurance program is a form of
internal assessment.
The manager of the program should be independent of the
operations assessed.
Answer (D) is incorrect. An internal audit activity should be
independent of the
operations reviewed and is not a managerial function.
[344] Gleim #: 4.1.15
Which of the following are elements included in the control
environment described in
the COSO internal control framework?
Organizational structure, management philosophy, A. and planning.
B. Integrity and ethical values, assignment of authority, and human
resource policies.
C. Competence of personnel, backup facilities, laws, and regulations.
D. Risk assessment, assignment of responsibility, and human
resource practices.
Answer (A) is incorrect. Planning is not an element of the control
environment.
Answer (B) is correct. The COSO internal control framework lists the
following
seven elements of the control environment:
Integrity and ethical values
Commitment to competence
Board of directors or audit committee
Management’s philosophy and operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices
Answer (C) is incorrect. Backup facilities, laws, and regulations are
not elements
of the control environment.
Answer (D) is incorrect. Risk assessment is part of planning the
internal audit
activity and specific engagements.
[345] Gleim #: 4.2.16
The function of the chief risk officer (CRO) is most effective when the
CRO
A. Manages risk as a member of senior management.
B. Shares the management of risk with line management.
C. Shares the management of risk with the chief audit executive.
D. Monitors risk as part of the enterprise risk management team.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 187
Printed for Sanja Knezevic
Answer (A) is incorrect. Senior management has an oversight role
in risk
management.
Answer (B) is incorrect. The risk knowledge at the line level is
specific only to that
area of the organization.
Answer (C) is incorrect. The CAE should not be accountable for a
management
function.
Answer (D) is correct. A CRO is a member of management assigned
primary
responsibility for enterprise risk management processes. The CRO is
most effective
when supported by a specific team with the necessary expertise and
experience related
to organization-wide risk.
[346] Gleim #: 4.2.17
Enterprise risk management
Guarantees achievement of organizational A. objectives.
B. Requires establishment of risk and control activities by internal
auditors.
Involves the identification of events with negative impacts on
organizational
objectives.
C.
D. Includes selection of the best risk response for the organization.
Answer (A) is incorrect. Risk management processes cannot
guarantee
achievement of objectives.
Answer (B) is incorrect. Involvement of internal auditors in
establishing control
activities impairs their independence and objectivity.
Answer (C) is correct. The COSO document, Enterprise Risk
Management –
Integrated Framework, defines enterprise risk management (ERM)
as “a process,
effected by an entity’s board of directors, management, and other
personnel,
applied in strategy setting and across the enterprise, designed to
identify potential
events that may affect the entity and manage risk to be within its risk
appetite, to
provide reasonable assurance regarding the achievement of entity
objectives.”
The emphasis is on (1) the objectives of a specific entity and (2)
establishing a
means for evaluating the effectiveness of ERM.
Answer (D) is incorrect. Enterprise risk management is concerned
with selecting
not the best risk response but the risk response that falls within the
enterprise’s
risk tolerances and appetite.
[347] Gleim #: 4.2.18
Many organizations use electronic funds transfer to pay their
suppliers instead of
issuing checks. Regarding the risks associated with issuing checks,
which of the
following risk management techniques does this represent?
A. Controlling.
B. Accepting.
C. Transferring.
D. Avoiding.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 188
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Eliminating checks does not represent an
ongoing control.
Answer (B) is incorrect. Eliminating checks avoids instead of
accepts the associated
risk.
Answer (C) is incorrect. Eliminating checks does not transfer risk to
anyone else.
Risk is eliminated.
Answer (D) is correct. Risk responses may include avoidance,
acceptance, sharing,
and reduction. By eliminating checks, the organization avoids all risk
associated with
them.
[348] Gleim #: 4.2.19
Which of the following is a factor affecting risk?
A. New personnel.
B. New or revamped information systems.
C. Rapid growth.
D. All of the answers are correct.
Answer (A) is incorrect. New or revamped information systems and
rapid growth
are also factors affecting risk.
Answer (B) is incorrect. New personnel and rapid growth are also
factors
affecting risk.
Answer (C) is incorrect. New personnel and new or revamped
information
systems are also factors affecting risk.
Answer (D) is correct. New personnel, new or revamped information
systems,
and rapid growth are all factors that affect risk.
[349] Gleim #: 4.2.20
What is residual risk?
A. Impact of risk.
B. Risk that is under control.
C. Risk that is not managed.
D. Underlying risk in the environment.
Answer (A) is incorrect. The impact of risk is its consequence.
Answer (B) is incorrect. Risk that is under control is managed risk.
Answer (C) is correct. Residual risk is the risk remaining after
management takes
action to reduce the impact and likelihood of an adverse event. Such
action
includes control activities in responding to a risk.
Answer (D) is incorrect. The underlying risk is the inherent risk.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 189
Printed for Sanja Knezevic
[350] Gleim #: 4.2.21
Components of enterprise risk management (ERM) are integrated
with the
management process. Which of the following correctly states four of
the eight
components of ERM according to the COSO’s framework?
Event identification, risk assessment, control activities, and A.
objective setting.
B. Internal environment, risk responses, monitoring, and risk
minimization.
External environment, information and communication, monitoring,
and event
identification.
C.
Objective setting, response to opportunities, risk assessment, and
control
activities.
D.
Answer (A) is correct. ERM ensures that (1) a process is established
and (2)
objectives align with the mission and the risk appetite. Event
identification, risk
assessment, control activities, and objective setting are components
of ERM.
Event identification relates to internal and external events affecting
the
organization. Risk assessment considers likelihood and impact (see
the definitions
of risk in The IIA Glossary) as a basis for risk management. Control
activities are
policies and procedures to ensure the effectiveness of risk
responses. Objective
setting precedes event identification.
Answer (B) is incorrect. Risk assessment, not minimization, is a
component of
ERM.
Answer (C) is incorrect. The internal, not external, environment is a
component
of ERM.
Answer (D) is incorrect. Response to opportunities is a capability of
ERM.
[351] Gleim #: 4.2.22
Which of the following control models is fully incorporated into the
broader integrated
framework of enterprise risk management (ERM)?
A. CoCo.
B. COSO.
C. Electronic Systems Assurance and Control.
D. COBIT.
Answer (A) is incorrect. ERM extends the COSO, not the CoCo,
model.
Answer (B) is correct. The Committee of Sponsoring Organizations
of the
Treadway Commission published Enterprise Risk Management –
Integrated
Framework. This document describes a model that incorporates the
earlier COSO
internal control framework while extending it to the broader area of
enterprise risk
management.
Answer (C) is incorrect. ERM extends the COSO, not the eSAC,
model.
Answer (D) is incorrect. ERM extends the COSO, not the COBIT,
model.
[352] Gleim #: 4.2.23
Limitations of enterprise risk management (ERM) may arise from
A. Faulty human judgment.
B. Cost-benefit considerations.
C. Collusion.
D. All of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 190
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Limitations of ERM can also arise from costbenefit
considerations and collusion.
Answer (B) is incorrect. Limitations of ERM can also arise from
faulty human
judgment and collusion.
Answer (C) is incorrect. Limitations of ERM can also arise from
faulty human
judgment and cost-benefit considerations.
Answer (D) is correct. The limitations of ERM are the same as those
for control in
general. They arise from the possibility of (1) faulty human judgment,
(2) cost-benefit
considerations, (3) simple errors or mistakes, (4) collusion, and (5)
management
override.
[353] Gleim #: 4.2.24
Management considers risk appetite for all of the following reasons
except
Evaluating A. strategic options.
B. Setting objectives.
C. Developing risk management techniques.
D. Increasing the net present value of investments.
Answer (A) is incorrect. Management considers risk appetite when
evaluating
strategic options.
Answer (B) is incorrect. Management considers risk appetite when
setting
objectives.
Answer (C) is incorrect. Management considers risk appetite when
developing
risk management techniques.
Answer (D) is correct. Risk appetite should be considered in
1. Evaluating strategies,
2. Setting related objectives, and
3. Developing risk management methods.
Increasing the net present value of investments is an operational
objective. It
would be determined after consideration of the entity’s risk appetite
and other
strategic factors.
[354] Gleim #: 4.2.25
Inherent risk is
A. A potential event that will adversely affect the organization.
B. Risk response risk.
The risk after management takes action to reduce the impact or
likelihood of an
adverse event.
C.
The risk when management has not taken action to reduce the
impact or likelihood
of an adverse event.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 191
Printed for Sanja Knezevic
Answer (A) is incorrect. A risk event is a potential event that will
affect the entity
adversely.
Answer (B) is incorrect. A risk response is an action taken to reduce
the impact or
likelihood of an adverse event, including a control activity. “Risk
response risk” is a
nonsense term.
Answer (C) is incorrect. The risk after management takes action to
reduce the impact
or likelihood of an adverse event in responding to a risk is residual
risk.
Answer (D) is correct. Inherent risk is the risk when management
has not taken action
to reduce the impact or likelihood of an adverse event. Thus, it is risk
in the absence of
a risk response.
[355] Gleim #: 4.2.26
The internal auditors are assessing the risk of fraud involving senior
management. An
impact factor is
Nonretention A. of customers.
B. Inadequacy of internal controls.
C. Unusual transactions.
D. Potential override of internal controls.
Answer (A) is correct. An impact factor is a potential result of an
event. These
events are usually identified through the risk assessment process.
For example, the
consequences of fraud may include direct financial loss and harm to
its reputation,
which in turn may lead to inability to attract skilled employees or
customers.
Answer (B) is incorrect. Inadequacy of internal controls is a risk that
normally is
identified during risk assessment.
Answer (C) is incorrect. The existence of complex or unusual
transactions is a
risk that normally is identified during risk assessment.
Answer (D) is incorrect. Potential override of internal controls is a
risk that
normally is identified during risk assessment.
[356] Gleim #: 4.2.27
Which risk response reflects a change from acceptance to sharing?
A. An insurance policy on a manufacturing plant was not renewed.
B. Management purchased insurance on previously uninsured
property.
C. Management sold a manufacturing plant.
After employees stole numerous inventory items, management
implemented
mandatory background checks on all employees.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 192
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Not renewing insurance represents a
change from risk
sharing to risk acceptance.
Answer (B) is correct. The categories of risk responses under the
COSO ERM model
are avoidance, retention (acceptance), reduction, sharing, and
exploitation. If
management does not insure a building, the response is acceptance.
Ordinarily,
acceptance is based on a judgment that the cost of another response
is excessive.
However, once management purchases insurance, the risk is shared
with an outside
party.
Answer (C) is incorrect. Selling property avoids all the risks of
ownership.
Answer (D) is incorrect. Management originally accepted the risk of
employee theft
by not implementing pre-hire investigation. Conducting background
checks on all
employees reduces the risk of theft.
[357] Gleim #: 4.2.28
Under the COSO’s ERM framework, which of the following most
accurately describes
risk management responsibilities?
In practice, management has primary A. responsibility.
B. The internal audit activity has an oversight role.
C. The board provides assurance about the effectiveness of ERM.
D. The chief audit executive should serve as chief risk officer.
Answer (A) is correct. The board has overall responsibility. However,
in practice,
the board delegates responsibility for ERM to senior management,
which should
ensure that sound processes are in place and functioning.
Answer (B) is incorrect. The internal audit activity provides objective
assurance
that (1) ERM processes are effective and (2) key risks are managed
at an
acceptable level.
Answer (C) is incorrect. The board has overall responsibility.
Answer (D) is incorrect. The CAE must not be the CRO because
managing risk is
a responsibility of management, not internal audit.
[358] Gleim #: 4.2.29
Which of the following is closely related to traditional risk
management instead of
enterprise risk management (ERM)?
A. Rapid response to opportunities.
B. Organization-level view of risk.
C. Emphasis on specific functions.
D. Achieving financial goals.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 193
Printed for Sanja Knezevic
Answer (A) is incorrect. Rapid response to opportunities is a
characteristic of ERM,
which tries to offset potential risks with opportunities.
Answer (B) is incorrect. ERM tries to view risk as it affects every
level of an
organization.
Answer (C) is correct. The enterprise risk management approach
set forth by the
committee of Sponsoring Organizations of the Treadway
Commission (COSO)
attempts to approach an organization as a whole instead of focusing
on any specific
area or risk.
Answer (D) is incorrect. Financial goals are an example of the
methods ERM uses to
achieve objectives in one or more separate but overlapping
categories.
[359] Gleim #: 4.2.30
Which of the following members of an organization has ultimate
ownership
responsibility of the enterprise risk management, provides leadership
and direction to
senior managers, and monitors the entity’s overall risk activities in
relation to its risk
appetite?
A. Chief risk officer.
B. Chief executive officer.
C. Internal auditors.
D. Chief financial officer.
Answer (A) is incorrect. The risk officer works in assigned areas of
responsibility
in a staff function. The work of a risk officer often extends beyond
one specific
area because the officer will have the necessary resources to work
across many
segments or divisions.
Answer (B) is correct. The chief executive officer (CEO) sets the
tone at the top
of the organization and has ultimate responsibility for ownership of
the ERM. The
CEO will influence the composition and conduct of the board, provide
leadership
and direction to senior managers, and monitor the entity’s overall risk
activities in
relation to its risk appetite. If any problems arise with the
organization’s risk
appetite, the CEO will also take any measures to adjust the
alignment to better suit
the organization.
Answer (C) is incorrect. The internal auditors evaluate the ERM and
may provide
recommendations.
Answer (D) is incorrect. The CFO is subordinate to the CEO, who
has ultimate
responsibility for ERM.
[360] Gleim #: 4.3.31
When assessing the risk associated with an activity, an internal
auditor should
A. Determine how the risk should best be managed.
B. Provide assurance on the management of the risk.
C. Update the risk management process based on risk exposures.
D. Design controls to mitigate the identified risks.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 194
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Risk management is a key responsibility of
senior
management and the board, not the internal auditor.
Answer (B) is correct. The internal audit activity must evaluate and
contribute to the
improvement of governance, risk management, and control
processes using a
systematic and disciplined approach (Perf. Std. 2100). Assurance
services involve the
internal auditor’s objective assessment of management’s risk
management activities
and the degree to which they are effective.
Answer (C) is incorrect. Designing and updating the risk
management process is a
role of management.
Answer (D) is incorrect. The design and implementation of controls
is the
responsibility of management, not internal audit.
[361] Gleim #: 4.3.32
The primary reason that a bank would maintain a separate
compliance function is to
Better manage perceived A. high risks.
B. Strengthen controls over the bank’s investments.
C. Ensure the independence of line and senior management.
D. Better respond to shareholder expectations.
Answer (A) is correct. The risk management process identifies,
assesses,
manages, and controls potential risk exposures. Organizations such
as brokers,
banks, and insurance companies may view risks as sufficiently
critical to warrant
continuous oversight and monitoring.
Answer (B) is incorrect. A separate compliance function may help
strengthen
controls, but this is not its primary purpose.
Answer (C) is incorrect. Risk management is the direct responsibility
of
management.
Answer (D) is incorrect. A separate compliance function will help
respond to
shareholder needs, but this is not its primary purpose.
[362] Gleim #: 4.3.33
Which of the following goals sets risk management strategies at the
optimum level?
A. Minimize costs.
B. Maximize market share.
C. Minimize losses.
D. Maximize shareholder value.
Answer (A) is incorrect. Minimizing costs is not a comprehensive
approach.
Answer (B) is incorrect. Maximizing market share is not a
comprehensive
approach.
Answer (C) is incorrect. Minimizing losses is not a comprehensive
approach.
Answer (D) is correct. The risk management processes chosen
depend on the
organization’s culture, management style, and business objectives.
These choices
should optimize stakeholder (for example, shareholder) value by
coping
effectively with uncertainty, risks, and opportunities. Thus,
maximizing
shareholder value is a comprehensive approach that relates to risk
management
strategies across the organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 195
Printed for Sanja Knezevic
[363] Gleim #: 4.3.34
Which of the following represents the best statement of
responsibilities for risk
management?
Internal
Management Auditing Board
A. Responsibility for risk Oversight role Advisory role
B. Oversight role Responsibility for risk Advisory role
C. Responsibility for risk Advisory role Oversight role
D. Oversight role Advisory role Responsibility for risk
Answer (A) is incorrect. Internal auditors are generally involved in
the assurance
and advisory role. The board has an oversight role.
Answer (B) is incorrect. Management performs the implementation
role in risk
management, and the board has an oversight role. Internal auditors
are generally
involved in the assurance and advisory role.
Answer (C) is correct. Risk management is a key responsibility of
senior
management and the board. To achieve its business objectives,
management
ensures that sound risk management processes are in place and
functioning.
Boards have an oversight role to determine that appropriate risk
management
processes are in place and that these processes are adequate and
effective. In this
role, they may direct the internal audit activity to assist them by
examining,
evaluating, reporting, and/or recommending improvements to the
adequacy and
effectiveness of risk management processes (PA 2120-1, para. 1).
Management
and the board are responsible for their organization’s risk
management and control
processes. However, internal auditors acting in a consulting role can
assist the
organization in identifying, evaluating, and implementing risk
management
methodologies and controls to address those risks (PA 2120-1, para.
2).
Answer (D) is incorrect. Management is responsible for risk
management, not the
oversight role performed by the board.
[364] Gleim #: 4.3.35
An internal auditor plans to conduct an audit of the adequacy of
controls over
investments in new financial instruments. Which of the following
would not be
required as part of such an engagement?
Determine if policies exist which describe the risks the treasurer may
take and the
types of instruments in which the treasurer may make investments.
A.
Determine the extent of management oversight over investments in
sophisticated
instruments.
B.
Determine whether the treasurer is getting higher or lower rates of
return on
investments than are treasurers in comparable organizations.
C.
Determine the nature of controls established by the treasurer to
monitor the risks
in the investments.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 196
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The first step of such an engagement
should be to determine
the nature of policies established to manage the risks associated
with the investments.
New financial instruments are very risky.
Answer (B) is incorrect. Sophisticated financial instruments are
complex by their
nature and can carry a high level of risk. Thus, the auditor should
determine the nature
of the risk management process established to monitor and authorize
such investments.
Answer (C) is correct. For this particular engagement, the auditor
does not need to
develop a comparison of investment returns with those of other
organizations. In fact,
some financial investment scandals show that such comparisons can
be highly
misleading because high returns were due to taking on a high level
of risk. Also, this
determination does not test the adequacy of the controls.
Answer (D) is incorrect. A fundamental control concept over cashlike assets is the
treasurer’s establishment of a mechanism to monitor the risks.
[365] Gleim #: 4.3.36
When the executive management of an organization decided to form
a team to
investigate the adoption of an activity-based costing (ABC) system,
an internal auditor
was assigned to the team. The best reason for including an internal
auditor is the
internal auditor’s knowledge of
Activities A. and cost drivers.
B. Information processing procedures.
C. Current product cost structures.
D. Risk management processes.
Answer (A) is incorrect. An engineer has more knowledge than an
internal
auditor about activities and cost drivers.
Answer (B) is incorrect. An information systems expert has more
knowledge than
an internal auditor about information needs and information
processing
procedures.
Answer (C) is incorrect. A management accountant has more
knowledge than an
internal auditor about a company’s current product cost.
Answer (D) is correct. The internal audit activity’s scope of work
extends to
evaluating the organization’s risk management processes. The
internal audit
activity should assist the organization by identifying and evaluating
significant
exposures to risk and contributing to the improvement of risk
management and
control systems.
[366] Gleim #: 4.3.37
Internal auditors should review the means of physically safeguarding
assets from
losses arising from
A. Misapplication of accounting principles.
B. Procedures that are not cost justified.
C. Exposure to the elements.
D. Underusage of physical facilities.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 197
Printed for Sanja Knezevic
Answer (A) is incorrect. Misapplication of accounting principles
relates to the
reliability of information and not physical safeguards.
Answer (B) is incorrect. Procedures that are not cost justified relate
to efficiency, not
effectiveness, of operations.
Answer (C) is correct. The internal audit activity must evaluate risk
exposures relating
to governance, operations, and information systems regarding the
safeguarding of
assets (Impl. Std. 2120.A1). For example, internal auditors evaluate
risk arising from
the possibilities of theft, fire, improper or illegal activities, and
exposure to the
elements.
Answer (D) is incorrect. Underusage of facilities relates to efficiency
of operations.
[367] Gleim #: 4.3.38
Which of the following activities is outside the scope of internal
auditing?
Evaluating risk exposures regarding compliance with policies,
procedures, and
contracts.
A.
Safeguarding B. of assets.
C. Evaluating risk exposures regarding compliance with laws and
regulations.
Ascertaining the extent to which management has established
criteria to determine
whether objectives have been accomplished.
D.
Answer (A) is incorrect. Internal auditors must evaluate risk
exposures relating
to, among other things, the organization’s compliance with laws,
regulations,
policies, procedures, and contracts.
Answer (B) is correct. Safeguarding assets is an operational activity
and is
therefore beyond the scope of the internal audit activity.
Answer (C) is incorrect. The internal audit activity must evaluate risk
exposures
relating to, among other things, the organization’s compliance with
laws,
regulations, policies, procedures, and contracts.
Answer (D) is incorrect. Ascertaining the extent to which
management has
established adequate criteria to determine whether objectives and
goals have been
accomplished is within the scope of internal auditing.
[368] Gleim #: 4.3.39
In the risk management process, management’s view of the internal
audit activity’s
role is likely to be determined by all of the following factors except
A. Organizational culture.
B. Preferences of the independent auditor.
C. Ability of the internal audit staff.
D. Local conditions and customs of the country.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 198
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Organizational culture is a factor that
influences
management’s view of the role of internal auditing.
Answer (B) is correct. Ultimately, the role of internal auditing in the
risk management
process is determined by senior management and the board. Their
view on internal
auditing’s role is likely to be determined by factors such as the
culture of the
organization, ability of the internal audit staff, and local conditions
and customs (PA
2120-1, para. 5).
Answer (C) is incorrect. The ability of the internal audit staff is a
factor that
influences management’s view of the role of internal auditing.
Answer (D) is incorrect. Local conditions and customs of the country
influence
management’s view of the role of internal auditing.
[369] Gleim #: 4.3.40
Which of the following threatens the independence of an internal
auditor who had
participated in the initial establishment of a risk management
process?
Developing assessments and reports on the risk A. management
process.
B. Managing the identified risks.
C. Evaluating the adequacy and effectiveness of management’s risk
processes.
D. Recommending controls to address the risks identified.
Answer (A) is incorrect. Developing assessments and reports on the
organization’s risk management processes is not only an internal
audit role but
normally also a high audit priority.
Answer (B) is correct. Assuming management’s responsibility for the
risk
management process is a potential threat to the internal audit
activity’s
independence. It requires a full discussion and board approval (PA
2120-1,
para. 5).
Answer (C) is incorrect. Internal auditors assist both management
and the board
by examining, evaluating, reporting, and recommending
improvements on the
adequacy and effectiveness of risk management processes.
Answer (D) is incorrect. Internal auditors may recommend controls.
[370] Gleim #: 4.3.41
Which of the following may be assessed by the internal auditor to
determine the
effectiveness of the risk management process?
I. Significant risks
II. Ongoing monitoring activities
Previous risk evaluation reports by management, internal auditors,
external
auditors, and any other sources
III.
A. I and II only.
B. I and III only.
C. II and III only.
D. I, II, and III.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 199
Printed for Sanja Knezevic
Answer (A) is correct. Significant risks and ongoing management
activities are
assessed by the internal audit activity as part of the risk management
process (Inter.
Std. 2120). But review of previous risk evaluation reports is a means
of obtaining
evidence for an assessment.
Answer (B) is incorrect. Review of previous risk evaluation reports
by management,
internal auditors, external auditors, and any other sources is an audit
procedure, a
means of obtaining evidence for an assessment. Moreover, internal
auditors assess
ongoing monitoring activities.
Answer (C) is incorrect. Review of previous risk evaluation reports
by management,
internal auditors, external auditors, and any other sources is an audit
procedure, a
means of obtaining evidence for an assessment. Moreover, internal
auditors assess
significant risks.
Answer (D) is incorrect. Review of previous risk evaluation reports
by management,
internal auditors, external auditors, and any other sources is an audit
procedure.
[371] Gleim #: 4.3.42
The board’s expectations of the internal audit activity regarding the
risk management
process is
Noted in the work programs for formal consulting A. engagements.
B. Included in the business continuity plan.
C. Codified in the charters of the internal audit activity and the board.
D. Reviewed by the internal auditors immediately following a
disaster.
Answer (A) is incorrect. A work program is a listing of specific
procedures.
Answer (B) is incorrect. Business continuity planning is just one
element of risk
management.
Answer (C) is correct. The chief audit executive (CAE) is to obtain
an
understanding of senior management’s and the board’s expectations
of the internal
audit activity in the organization’s risk management process. This
understanding
is then codified in the charters of the internal audit activity and the
board (PA
2120-1, para. 4).
Answer (D) is incorrect. The internal audit activity’s role needs to be
understood
before a crisis.
[372] Gleim #: 4.3.43
Which of the following is the most accurate term for a process to
identify, assess,
manage, and control potential events or situations to provide
reasonable assurance
regarding the achievement of the organization’s objectives?
A. The internal audit activity.
B. Control process.
C. Risk management.
D. Consulting service.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 200
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The internal audit activity assists in risk
management; it is
not the same thing as risk management.
Answer (B) is incorrect. Control processes are “the policies,
procedures, and activities
that are part of a control framework designed to ensure that risks are
contained within
the risk tolerances established by the risk management process”
(The IIA Glossary).
Answer (C) is correct. Risk management is “a process to identify,
assess, manage, and
control potential events or situations to provide reasonable
assurance regarding the
achievement of the organization’s objectives” (The IIA Glossary).
Answer (D) is incorrect. Consulting services are “advisory and
related client service
activities, the nature and scope of which are agreed with the client”
(The IIA
Glossary).
[373] Gleim #: 4.3.44
Risk management is the responsibility of management. The role of
the internal audit
activity in the risk management process may include which of the
following?
Monitoring I. activities.
II. Evaluating the risk management process as part of the
engagement plan.
Participating on oversight committees, monitoring of activities, and
status
reporting.
III.
IV. Managing and coordinating the process.
A. I only.
B. II only.
C. I, II, and III only.
D. I, II, III, and IV.
Answer (A) is incorrect. The internal audit activity’s role in the risk
management
process may extend on a continuum from no role to managing and
coordinating
the process.
Answer (B) is incorrect. The internal audit activity’s role in the risk
management
process also may extend to monitoring activities; participating on
oversight
committees, monitoring of activities, and status reporting; and
managing and
coordinating the process.
Answer (C) is incorrect. The internal audit activity’s role in the risk
management
process also may extend to managing and coordinating the process.
Answer (D) is correct. The internal audit activity’s role in the risk
management
process of an organization can change over time and may include
responsibilities
along a continuum that extends from (1) no role; (2) auditing the risk
management
process as part of the internal audit plan; (3) active, continuous
support and
involvement in the risk management process, such as participation
on oversight
committees, monitoring activities, and status reporting; and (4)
managing and
coordinating the process (PA 2120-1, para. 4).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 201
Printed for Sanja Knezevic
[374] Gleim #: 4.3.45
The internal audit activity must evaluate the effectiveness and
contribute to the
improvement of risk management processes. With respect to
evaluating the adequacy
of risk management processes, internal auditors most likely should
Recognize that organizations should use similar techniques A. for
managing risk.
B. Determine that the key objectives of risk management processes
are being met.
C. Determine the level of risks acceptable to the organization.
Treat the evaluation of risk management processes in the same
manner as the risk
analysis used to plan engagements.
D.
Answer (A) is incorrect. Risk management processes vary with the
size and
complexity of an organization’s business activities.
Answer (B) is correct. Internal auditors need to obtain sufficient and
appropriate
evidence to determine that key objectives of the risk management
processes are
being met to form an opinion on the adequacy of risk management
processes
(PA 2120-1, para. 8).
Answer (C) is incorrect. Management and the board determine the
level of
acceptable organizational risks.
Answer (D) is incorrect. Evaluating management’s risk processes
differs from the
internal auditors’ risk assessment used to plan an engagement, but
information
from a comprehensive risk management process is useful in such
planning.
[375] Gleim #: 4.3.46
If an organization has no formal risk management processes, the
chief audit executive
should
A. Establish risk management processes based on industry norms.
Formulate hypothetical results of possible consequences resulting
from risks not
being managed.
B.
C. Inform regulators that the organization is guilty of an infraction.
Formally discuss with the directors their obligations for risk
management
processes.
D.
Answer (A) is incorrect. Internal auditors have no authority to
establish risk
management processes. They must seek direction from
management and the board
as to their role in the process.
Answer (B) is incorrect. Internal auditors are not required to perform
a risk
analysis of the possible consequences of not establishing a risk
management
process. However, such a request might be made by management.
Answer (C) is incorrect. In the absence of a specific legal
requirement, internal
auditors are not required to report to outside parties.
Answer (D) is correct. In situations where the organization does not
have formal
risk management processes, the chief audit executive formally
discusses with
management and the board their obligations to understand, manage,
and monitor
risks within the organization and the need to satisfy themselves that
there are
processes operating within the organization, even if informal, that
provide the
appropriate level of visibility into the key risks and how they are being
managed
and monitored (PA 2120-1, para. 3).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 202
Printed for Sanja Knezevic
fb.com/ciaaofficial
[376] Gleim #: 4.3.47
Quantitative risk management methods are most appropriate for
Assessing A. personnel risks.
B. Developing a risk matrix.
C. The use of derivatives by the organization.
D. Identifying risks from the COSO’s enterprise risk management
framework.
Answer (A) is incorrect. Matters addressed in the control
environment, e.g.,
integrity and ethical values, human resources, and organizational
structure are
subject to soft controls and soft risk management approaches.
Answer (B) is incorrect. A risk matrix links identified risks to, for
example,
controls or business processes.
Answer (C) is correct. The organization designs risk management
processes
based on its culture, management style, and business objectives. For
example, the
use of derivatives or other sophisticated capital market products by
the
organization could require the use of quantitative risk management
tools. But the
internal auditor determines that the methodology chosen is
sufficiently
comprehensive and appropriate for the nature of the organization (PA
2120-1,
para. 7).
Answer (D) is incorrect. An ERM framework contains broad
statements of
classes of risks. They are not stated in the detail (quantitative or not)
required by a
specific organization.
[377] Gleim #: 4.3.48
Which of the following is not a responsibility of the chief audit
executive?
To communicate the internal audit activity’s plans and resource
requirements to
senior management and the board for review and approval.
A.
To coordinate with other internal and external providers of audit and
consulting
services to ensure proper coverage and minimize duplication.
B.
To oversee the establishment, administration, and assessment of the
organization’s system of risk management processes.
C.
To follow up on whether appropriate management actions have been
taken on
significant reported risks.
D.
Answer (A) is incorrect. The CAE should communicate the internal
audit
activity’s plans and resource requirements, including significant
interim changes,
to senior management and to the board for review and approval. The
CAE also
should communicate the impact of resource limitations.
Answer (B) is incorrect. The CAE should share information and
coordinate
activities with other internal and external providers of relevant
assurance and
consulting services to ensure proper coverage and minimize
duplication of efforts.
Answer (C) is correct. Overseeing the establishment, administration,
and
assessment of the organization’s system of risk management
processes is the role
of senior management, not the CAE (PA 2120-1, para. 2).
Answer (D) is incorrect. The CAE should establish and maintain a
system to
monitor the disposition of results communicated to management.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 203
Printed for Sanja Knezevic
[378] Gleim #: 4.4.49
In the course of their work, internal auditors must be alert for fraud
and other forms of
white-collar crime. The important characteristic that distinguishes
fraud from other
varieties of white-collar crime is that
Fraud is characterized by deceit, concealment, or A. violation of trust.
Unlike other white-collar crimes, fraud is always perpetrated against
an outside
party.
B.
White-collar crime is usually perpetrated for the benefit of an
organization, but
fraud benefits an individual.
C.
White-collar crime is usually perpetrated by outsiders to the
detriment of an
organization, but fraud is perpetrated by insiders to benefit the
organization.
D.
Answer (A) is correct. Fraud is defined in The IIA Glossary as “any
illegal act
characterized by deceit, concealment, or violation of trust. These
acts are not
dependent upon the threat of violence or physical force.”
Answer (B) is incorrect. Fraud may be perpetrated internally.
Answer (C) is incorrect. Fraud may be perpetrated for the
organization’s benefit
or for otherwise unselfish reasons.
Answer (D) is incorrect. Fraud may be perpetrated by insiders and
outsiders, and
it may be either beneficial or detrimental to an organization.
[379] Gleim #: 4.4.50
Which of the following wrongful acts committed by an employee
constitutes fraud?
A. Libel.
B. Embezzlement.
C. Assault.
D. Harassment.
Answer (A) is incorrect. Defamation is the unjustifiable
communication
(publication) to a third party of a false statement that injures the
plaintiff’s
reputation and holds him/her up to hatred, contempt, or ridicule. Oral
defamation
is slander. Defamation published in more permanent form
(newspaper, letter, film)
is libel.
Answer (B) is correct. Fraud is defined in The IIA Glossary as “any
illegal act
characterized by deceit, concealment, or violation of trust. These
acts are not
dependent upon the threat of violence or physical force. Frauds are
perpetrated by
parties and organizations to obtain money, property, or services; to
avoid payment
or loss of services; or to secure personal or business advantage.”
Embezzlement is
the intentional appropriation of property entrusted to one’s care. The
embezzler
converts property to his/her own use and conceals the theft.
Answer (C) is incorrect. The tort of assault entails placing another in
reasonable
fear of a harmful or offensive bodily contact.
Answer (D) is incorrect. Harassment is the act of persistently
annoying another.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 204
Printed for Sanja Knezevic
fb.com/ciaaofficial
[380] Gleim #: 4.4.51
Internal auditors need to ascertain the extent to which management
has established
adequate control criteria. For this purpose, which of the following
actions may be
appropriate?
Determining whether objectives have I. been accomplished
II. Using the criteria in their evaluation
III. Working with management to develop appropriate control
evaluation criteria
A. I only.
B. I and II only.
C. I, II, and III.
D. II only.
Answer (A) is incorrect. The internal auditors also may take the
actions described
in statements II and III.
Answer (B) is incorrect. The internal auditors also may take the
action described
in statement III.
Answer (C) is correct. “Adequate criteria are needed to evaluate
controls. Internal
auditors must ascertain the extent to which management has
established adequate
criteria to determine whether objectives and goals have been
accomplished. If
adequate, internal auditors must use such criteria in their evaluation.
If inadequate,
internal auditors must work with management to develop appropriate
evaluation
criteria” (Impl. Std. 2210.A3).
Answer (D) is incorrect. The internal auditors also may take the
actions described
in statements I and III.
[381] Gleim #: 4.4.52
A key feature that distinguishes fraud from other types of crime or
impropriety is that
fraud always involves the
A. Violent or forceful taking of property.
B. Deceitful wrongdoing of management-level personnel.
C. Unlawful conversion of property that is lawfully in the custody of
the perpetrator.
D. False representation or concealment of a material fact.
Answer (A) is incorrect. Fraud usually does not involve force or
violence.
Answer (B) is incorrect. Employees at any level in an organization
can commit
fraud.
Answer (C) is incorrect. Embezzlement is the unlawful conversion of
property
that is lawfully in the custody of the perpetrator.
Answer (D) is correct. Fraud is defined in The IIA Glossary as “any
illegal act
characterized by deceit, concealment, or violation of trust. These
acts are not
dependent upon the threat of violence or physical force.”
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 205
Printed for Sanja Knezevic
[382] Gleim #: 4.4.53
One factor that distinguishes fraud from other employee crimes is
that fraud involves
Intentional A. deception.
B. Personal gain for the perpetrator.
C. Collusion with a party outside the organization.
D. Malicious motives.
Answer (A) is correct. Fraud is defined in The IIA Glossary as “any
illegal act
characterized by deceit, concealment, or violation of trust. These
acts are not
dependent upon the threat of violence or physical force.”
Answer (B) is incorrect. Fraud may be perpetrated for the
organization’s benefit
or for otherwise unselfish reasons.
Answer (C) is incorrect. An employee may act alone.
Answer (D) is incorrect. Fraud may be perpetrated for the
organization’s benefit
or for otherwise unselfish reasons.
[383] Gleim #: 4.4.54
In an organization with a separate division that is primarily
responsible for the
prevention of fraud, the internal audit activity is responsible for
Examining and evaluating the adequacy and effectiveness of that
division’s
actions taken to prevent fraud.
A.
B. Establishing and maintaining that division’s system of internal
control.
C. Planning that division’s fraud prevention activities.
D. Controlling that division’s fraud prevention activities.
Answer (A) is correct. Control is the principal means of preventing
fraud.
Management is primarily responsible for the establishment and
maintenance of
control. Internal auditors are primarily responsible for preventing
fraud by
examining and evaluating the adequacy and effectiveness of control.
Answer (B) is incorrect. Establishing and maintaining control is a
responsibility
of management.
Answer (C) is incorrect. Planning fraud prevention activities is a
responsibility of
management.
Answer (D) is incorrect. Controlling fraud prevention activities is a
responsibility
of management.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 206
Printed for Sanja Knezevic
fb.com/ciaaofficial
[384] Gleim #: 4.4.55
Which of the following statements is(are) true regarding the
prevention of fraud?
The primary means of preventing fraud is through internal control
established and
maintained by management.
I.
Internal auditors are responsible for assisting in the prevention of
fraud by
examining and evaluating the adequacy of the internal control
system.
II.
Internal auditors should assess the operating effectiveness of fraudrelated
communication systems.
III.
A. I only.
B. I and II only.
C. II only.
D. I, II, and III.
Answer (A) is incorrect. Internal auditors are responsible for
assisting in the
prevention of fraud by examining and evaluating the adequacy of the
internal
control system, and internal auditors should assess the operating
effectiveness of
fraud-related communication systems.
Answer (B) is incorrect. Internal auditors should assess the
operating
effectiveness of fraud-related communication systems.
Answer (C) is incorrect. The primary means of preventing fraud is
through
internal control established and maintained by management, and
internal auditors
should assess the operating effectiveness of fraud-related
communication systems.
Answer (D) is correct. Control is the principal means of preventing
fraud.
Management, in turn, is primarily responsible for the establishment
and
maintenance of control. Internal auditors are primarily responsible for
preventing
fraud by examining and evaluating the adequacy and effectiveness
of control.
Internal auditors also should assess the operating effectiveness of
fraud-related
communication systems and practices, and they should support
fraud-related
training.
[385] Gleim #: 4.4.56
A significant employee fraud took place shortly after an internal
auditing engagement.
The internal auditor may not have properly fulfilled the responsibility
for the
prevention of fraud by failing to note and report that
Policies, practices, and procedures to monitor activities and
safeguard assets were
less extensive in low-risk areas than in high-risk areas.
A.
A system of control that depended upon separation of duties could
be
circumvented by collusion among three employees.
B.
There were no written policies describing prohibited activities and the
action
required whenever violations are discovered.
C.
Divisional employees had not been properly trained to distinguish
between bona
fide signatures and cleverly forged ones on authorization forms.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 207
Printed for Sanja Knezevic
Answer (A) is incorrect. For cost-benefit reasons, controls should be
more extensive
in high-risk areas.
Answer (B) is incorrect. Even the best system of control can often
be circumvented by
collusion.
Answer (C) is correct. Management is responsible for establishing
and maintaining
internal control. Thus, management also is responsible for the fraud
prevention
program. The control environment element of this program includes a
code of conduct,
ethics policy, or fraud policy to set the appropriate tone at the top.
Moreover,
organizations should establish effective fraud-related information and
communication
practices, for example, documentation and dissemination of policies,
guidelines, and
results.
Answer (D) is incorrect. Forgery, like collusion, can circumvent even
an effective
control.
[386] Gleim #: 4.4.57
Internal auditors have a responsibility for helping to deter fraud.
Which of the
following best describes how this responsibility is usually met?
By coordinating with security personnel and law enforcement
agencies in the
investigation of possible frauds.
A.
By testing for fraud in every engagement and following B. up as
appropriate.
C. By assisting in the design of control systems to prevent fraud.
By evaluating the adequacy and effectiveness of controls in light of
the potential
exposure or risk.
D.
Answer (A) is incorrect. Investigating possible frauds involves
detection, not
deterrence.
Answer (B) is incorrect. Testing for fraud in every engagement is not
required.
Answer (C) is incorrect. Designing control systems impairs an
internal auditor’s
objectivity.
Answer (D) is correct. Control is the principal means of preventing
fraud.
Management is primarily responsible for the establishment and
maintenance of
control. Internal auditors are primarily responsible for preventing
fraud by
examining and evaluating the adequacy and effectiveness of control.
[387] Gleim #: 4.4.58
Which of the following describes one of the responsibilities of the
internal auditor for
the deterrence of fraud in an organization?
A. Implementation of systems to discourage fraud.
B. Prosecuting perpetrators of fraud.
C. Reporting suspected fraud to law enforcement personnel.
D. Evaluating the adequacy of controls to prevent fraud.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 208
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Implementing systems is an operating
function for which
management is responsible.
Answer (B) is incorrect. Prosecuting perpetrators of fraud is a
responsibility of
management.
Answer (C) is incorrect. Reporting suspected fraud to law
enforcement personnel is a
responsibility of management.
Answer (D) is correct. Internal auditors are responsible for assisting
in the deterrence
of fraud by examining and evaluating the adequacy and the
effectiveness of controls.
[388] Gleim #: 4.4.59
Internal auditing is responsible for assisting in the prevention of fraud
by
Informing the appropriate authorities within the organization and
recommending
whatever investigation is considered necessary in the circumstances
when
wrongdoing is suspected.
A.
Establishing the organization’s governance, operations, and
information systems
concerning compliance with laws, regulations, and contracts.
B.
Examining and evaluating the adequacy and the effectiveness of
control,
commensurate with the extent of the potential exposure or risk in the
various
segments of the organization’s operations.
C.
Determining whether operating standards are acceptable D. and are
being met.
Answer (A) is incorrect. Informing appropriate authorities in the
organization
when the internal auditor suspects wrongdoing concerns the internal
auditor’s
obligation for detecting, not preventing, fraud.
Answer (B) is incorrect. Management is responsible for establishing
these
systems.
Answer (C) is correct. Internal auditors are responsible for assisting
in the
prevention of fraud by examining and evaluating the adequacy and
the
effectiveness of controls.
Answer (D) is incorrect. These standards are criteria to determine
whether
operational objectives and goals have been accomplished. They do
not concern
prevention of fraud.
[389] Gleim #: 4.4.60
The internal auditors’ responsibility regarding fraud includes all of the
following
except
A. Determining whether the control environment sets the appropriate
tone at top.
B. Ensuring that fraud will not occur.
C. Being aware of activities in which fraud is likely to occur.
D. Evaluating the effectiveness of control activities.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 209
Printed for Sanja Knezevic
Answer (A) is incorrect. Internal auditing is responsible for
evaluating the
organization’s control environment.
Answer (B) is correct. Control is the principal means of preventing
fraud, and
management is responsible for establishing and maintaining internal
control. Thus,
internal auditors cannot give absolute assurance that noncompliance
or fraud does not
exist.
Answer (C) is incorrect. The internal auditor should have sufficient
knowledge of
fraud indicators and be alert to opportunities that could allow fraud.
Answer (D) is incorrect. Assessing the design and operating
effectiveness of fraudrelated
controls is the responsibility of internal auditing.
[390] Gleim #: 4.4.61
The internal audit activity’s responsibility for preventing fraud is to
Establish A. internal control.
B. Maintain internal control.
C. Evaluate the system of internal control.
D. Exercise operating authority over fraud prevention activities.
Answer (A) is incorrect. Establishing internal control is
management’s
responsibility.
Answer (B) is incorrect. Maintaining internal control is
management’s
responsibility.
Answer (C) is correct. Control is the principal means of preventing
fraud.
Management, in turn, is primarily responsible for the establishment
and
maintenance of control. Internal auditors are primarily responsible for
preventing
fraud by examining and evaluating the adequacy and effectiveness
of control.
Answer (D) is incorrect. Operating authority is a management
function.
[391] Gleim #: 4.4.62
An internal auditor who suspects fraud should
A. Determine that a loss has been incurred.
B. Interview those who have been involved in the control of assets.
C. Identify the employees who could be implicated in the case.
D. Recommend an investigation if appropriate.
Answer (A) is incorrect. Determining the loss could alert the
perpetrator of the
fraud. The perpetrator could then destroy or compromise evidence.
Answer (B) is incorrect. Interviewing those who have been involved
in the
control of assets is part of the fraud investigation.
Answer (C) is incorrect. Identifying the employees who could be
implicated in
the case is part of the fraud investigation.
Answer (D) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 210
Printed for Sanja Knezevic
fb.com/ciaaofficial
[392] Gleim #: 4.4.63
An international nonprofit organization finances medical research.
The majority of its
revenue and support comes from fundraising activities, investments,
and specific
grants from an initial sponsoring corporation. The organization has
been in operation
over 15 years and has a small internal audit department. The
organization has just
finished a major fundraising drive that raised US $500 million for the
current fiscal
period.
The following are selected data from recent financial statements (US
dollar figures in
millions):
Current Past
Year Year
Revenue US $500 US $425
Investments (average balances) 210 185
Medical research grants made 418 325
Investment income 16 20
Administrative expense 10 6
Auditors must always be alert for the possibility of fraud. Assume the
controls over
each risk listed below are marginal. Which of the following possible
frauds or misuses
of organization assets should be considered the area of greatest
risk?
The president is using company travel and entertainment funds for
activities that
might be considered questionable.
A.
Purchases of supplies are made from B. fictitious vendors.
Grants are made to organizations that might be associated with the
president or are
not for purposes dictated in the organization’s charter.
C.
D. The payroll clerk has added ghost employees.
Answer (A) is incorrect. Administrative expense is 2% (US $10 ÷
$500) of
current revenue.
Answer (B) is incorrect. Purchases of supplies from fictitious
vendors involve
risk exposures that are far smaller than those arising from
inappropriate grants.
Answer (C) is correct. Grants represent 83.6% (US $418 ÷ $500) of
current
revenue. Consequently, fraudulent grants constitute a much greater
risk exposure
than any of the other items listed.
Answer (D) is incorrect. The payroll clerk’s addition of ghost
employees involves
risk exposures that are far smaller than those arising from
inappropriate grants.
[393] Gleim #: 4.4.64
Internal auditors are more likely to detect fraud by
developing/strengthening their
ability to
A. Recognize and question changes that occur in organizations.
B. Interrogate fraud perpetrators to discover why the fraud was
committed.
C. Develop internal controls to prevent the occurrence of fraud.
D. Document computerized operating system programs.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 211
Printed for Sanja Knezevic
Answer (A) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Answer (B) is incorrect. Interrogation of fraud perpetrators occurs
after detection. The
danger signals of fraud often involve negative organizational
changes.
Answer (C) is incorrect. The controls mentioned are preventive, not
detective.
Answer (D) is incorrect. Documentation of operating systems is not
within the scope
of internal auditing and would do little to enhance fraud detection
skills.
[394] Gleim #: 4.4.65
After noting some red flags, an internal auditor has an increased
awareness that fraud
may be present. Which of the following best describes the internal
auditor’s
responsibility?
Expand activities to determine whether an investigation A. is
warranted.
Report the possibility of fraud to senior management and the board
and ask them
how they would like to proceed.
B.
Consult with external legal counsel to determine the course of action
to be taken,
including the approval of the proposed engagement work program to
make sure it
is acceptable on legal grounds.
C.
Report the matter to the audit committee and request funding for
outside service
providers to help investigate the possible fraud.
D.
Answer (A) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Answer (B) is incorrect. The internal auditor should notify the
appropriate
authorities within the organization if (s)he has determined that the
indicators of
fraud are sufficient to recommend an investigation.
Answer (C) is incorrect. The internal auditor is responsible for
determining the
appropriate response to indicators of fraud. Legal counsel can act
only in an
advisory capacity.
Answer (D) is incorrect. The internal auditor should report the matter
and request
funding for outside service providers only if (s)he has determined that
the
indicators of fraud are sufficient to recommend an investigation.
[395] Gleim #: 4.4.66
When an internal auditor identifies multiple factors that have been
linked with
possible fraudulent conditions and suspects that fraud has taken
place, the auditor
should
A. Immediately report to senior management and the board.
B. Immediately report to the board.
C. Recommend an investigation.
D. Extend tests to determine the extent of the fraud.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 212
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Immediate reporting by the CAE to senior
management and
the board is required only after a sufficient investigation has been
made to establish
reasonable certainty that a significant fraud has occurred. Thus,
reasonable certainty is
necessary before any fraud reporting is made.
Answer (B) is incorrect. Immediate reporting by the CAE to senior
management and
the board is required only after a sufficient investigation has been
made to establish
reasonable certainty that a significant fraud has occurred. Thus,
reasonable certainty is
necessary before any fraud reporting is made.
Answer (C) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Answer (D) is incorrect. Extended tests to determine the extent of
fraud are performed
after the fraud has in fact been determined, not suspected.
[396] Gleim #: 4.4.67
An internal auditor suspects that a mailroom clerk is embezzling
funds. In exercising
due professional care, the internal auditor should
Reassign the clerk to A. another department.
B. Institute stricter controls over mailroom operations.
C. Evaluate fraud indicators and decide whether further action is
necessary.
D. Confront the clerk with the auditor’s suspicions.
Answer (A) is incorrect. Personnel assignments are the
responsibility of
management.
Answer (B) is incorrect. The system of internal controls is
management’s
responsibility.
Answer (C) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Answer (D) is incorrect. An internal auditor should not confront a
suspect until
the proper authorities have been notified and have determined the
appropriate
action.
[397] Gleim #: 4.4.68
An internal auditor’s field work uncovers a series of transactions that
indicate a
possible embezzlement. Which of the following actions should the
chief audit
executive take?
A. Confront the suspected embezzler to determine that the facts are
correct.
Review the finding with the suspect’s fellow workers to see whether
the workers
can furnish additional evidence.
B.
C. Decide whether to recommend an investigation.
D. Discuss the case with the board.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 213
Printed for Sanja Knezevic
Answer (A) is incorrect. The internal auditor should avoid
confronting suspected
employees. Employees suspected of theft or fraud have certain
common law and
statutory rights that, if infringed upon, can be costly to the
organization.
Answer (B) is incorrect. Fellow workers may also be involved in the
embezzlement.
Answer (C) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Answer (D) is incorrect. The CAE should determine the extent, if
any, of the fraud
before presenting it to the board.
[398] Gleim #: 4.4.69
Which of the following best describes an auditor’s responsibility after
noting some
indicators of fraud?
Expand activities to determine whether an investigation A. is
warranted.
B. Report the possibility of fraud to senior management and ask how
to proceed.
C. Consult with external legal counsel to determine the course of
action to be taken.
Report the matter to the audit committee and request funding for
outside
specialists to help investigate the possible fraud.
D.
Answer (A) is correct. An internal auditor’s responsibilities for
detecting fraud
include evaluating fraud indicators and deciding whether any
additional action is
necessary or whether an investigation should be recommended.
Answer (B) is incorrect. The internal auditor should notify senior
management
and the board only if (s)he has determined that the indicators of fraud
are
sufficient to recommend an investigation.
Answer (C) is incorrect. The internal auditor does not have the
authority to
consult with external legal counsel.
Answer (D) is incorrect. The internal auditor should notify the audit
committee
only if (s)he has determined that the indicators of fraud are sufficient
to
recommend an investigation.
[399] Gleim #: 4.4.70
What is the responsibility of the internal auditor with respect to fraud?
The internal auditor should have sufficient knowledge to identify the
indicators of
fraud but is not expected to be an expert.
A.
The internal auditor should have the same ability to detect fraud as a
person whose
primary responsibility is detecting and investigating fraud.
B.
An internal auditor should have sufficient knowledge and training so
that (s)he is
able to detect fraud.
C.
D. An internal auditor’s primary role is to detect and investigate fraud.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 214
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Internal auditors must have sufficient
knowledge to evaluate
the risk of fraud and the manner in which it is managed by the
organization. They are
not expected to have the expertise of a person whose primary
responsibility is
detecting and investigating fraud (Impl. Std. 1210.A2).
Answer (B) is incorrect. The internal auditor is not expected to have
the expertise of a
person whose primary responsibility is detecting and investigating
fraud.
Answer (C) is incorrect. An internal auditor must have sufficient
knowledge to
identify the indicators of fraud but is not required to have sufficient
knowledge and
training to be able to detect fraud.
Answer (D) is incorrect. Detecting and investigating fraud is not a
primary role of an
internal auditor.
[400] Gleim #: 4.5.71
Red flags are conditions that indicate a higher likelihood of fraud.
Which of the
following is not considered a red flag?
Management has delegated the authority to make purchases under a
certain value
to subordinates.
A.
An individual has held the same cash-handling job for an extended
period without
any rotation of duties.
B.
An individual handling marketable securities is responsible for
making the
purchases, recording the purchases, and reporting any discrepancies
and
gains/losses to senior management.
C.
The assignment of responsibility and accountability in the accounts
receivable
department is not clear.
D.
Answer (A) is correct. Delegating the authority to make purchases
under a certain
value to subordinates is an acceptable and common practice
intended to limit risk
while promoting efficiency. It is not, by itself, considered a red flag.
Answer (B) is incorrect. Lack of rotation of duties or cross-training
for sensitive
jobs is a red flag. Such a person may have a greater opportunity to
commit and
conceal fraud.
Answer (C) is incorrect. An inappropriate combination of duties is a
red flag.
Answer (D) is incorrect. Establishing clear lines of authority and
accountability
not only helps to assign culpability but also has preventive effects.
[401] Gleim #: 4.5.72
Which of the following policies is most likely to result in an
environment conducive to
the occurrence of fraud?
Budget preparation input by the employees who are responsible for
meeting the
budget.
A.
Unreasonable sales and B. production goals.
The division’s hiring process frequently results in the rejection of
adequately
trained applicants.
C.
D. The application of some accounting controls on a sample basis.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 215
Printed for Sanja Knezevic
Answer (A) is incorrect. Participatory budgeting can reduce
resistance to budgets and
reduce the likelihood of inappropriate means being taken to meet the
budget.
Answer (B) is correct. Unrealistically high sales or production quotas
can be an
incentive to falsify the records or otherwise take inappropriate action
to improve
performance measures so that the quotas appear to have been met.
Answer (C) is incorrect. Hiring policies should be based on factors
other than
adequate training, such as the applicants’ personal integrity.
Furthermore, hiring of all
adequately trained applicants is unlikely to be necessary.
Answer (D) is incorrect. Under the reasonable assurance concept,
the cost of controls
should not exceed their benefits. The cost of applying controls to all
relevant
transactions rather than a sample may be greater than the resultant
savings.
[402] Gleim #: 4.5.73
Internal auditors have been advised to consider red flags to
determine whether
management is involved in a fraud. Which of the following does not
represent a
difficulty in using the red flags as fraud indicators?
Many common red flags are also associated with situations in which
no fraud
exists.
A.
Some red flags are difficult to quantify B. or to evaluate.
C. Red flag information is not gathered as a normal part of an
engagement.
The red flags literature is not well enough established to have a
positive impact on
internal auditing.
D.
Answer (A) is incorrect. Red flags are developed by correlation
analysis, not
necessarily by causation analysis.
Answer (B) is incorrect. Many red flags, such as management’s
attitude, are
difficult to quantify.
Answer (C) is incorrect. Internal auditors should be able to identify
fraud
indicators and should be alert to opportunities that could allow fraud.
However,
internal auditors do not normally perform procedures specifically to
gather red
flag information.
Answer (D) is correct. The state of red flags literature is an aid, not a
difficulty, in
internal auditing. It is well established and will be refined in the future
as research
is done.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 216
Printed for Sanja Knezevic
fb.com/ciaaofficial
[403] Gleim #: 4.5.74
The following are facts about a subsidiary:
The subsidiary has been in business for several years and enjoyed
good profit
margins although the general economy was in a recession, which
affected
competitors.
1.
The working capital ratio has declined from a healthy 2. 3:1 to 0.9:1.
Turnover for the last several years has included three controllers, two
supervisors
of accounts receivable, four payables supervisors, and numerous
staff in other
financial positions.
3.
Purchasing policy requires three bids. However, the supervisor of
purchasing at
the subsidiary has instituted a policy of sole-source procurement to
reduce the
number of suppliers.
4.
When conducting a financial audit of the subsidiary, the internal
auditor should
A. Most likely not detect 1., 2., or 3.
B. Ignore 2. since the economy had a downturn during this period.
Consider 3. to be normal turnover, but be concerned about 2. and 4.
as warning
signals of fraud.
C.
D. Consider 1., 2., 3., and 4. as warning signals of fraud.
Answer (A) is incorrect. The items described can be detected
through usual
procedures in a financial audit.
Answer (B) is incorrect. Although the economy suffered a downturn,
the change
in working capital is unusual in light of the continuing strong profit
margins and
should be investigated.
Answer (C) is incorrect. The working capital ratio, the high
employee turnover
rate, and the sole-source procurement policy are all warning signals
of fraud.
Answer (D) is correct. The fact that the organization has reported
high profits
when competitors have not may indicate a material misstatement in
the financial
statements. Insufficient working capital may indicate such problems
as
overexpansion, decreases in revenues, transfers of funds to other
organizations,
insufficient credit, and excessive expenditures. The internal auditor
should be alert
for the diversion of funds for personal use through such methods as
unrecorded
sales and falsified expenditures. Rapid turnover in financial positions
may signify
existing problems with which the individuals feel uncomfortable but
that they do
not want to disclose. Accountability for funds and other resources
should be
determined upon termination of employment. Use of sole-source
procurement
does not encourage competition to ensure that the organization is
obtaining the
required materials or equipment at the best price. Sole-source
procurement, if not
adequately justified, indicates potential favoritism or kickbacks.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 217
Printed for Sanja Knezevic
[404] Gleim #: 4.5.75
An internal auditor should be concerned about the possibility of fraud
if
Cash receipts, net of the amounts used to pay petty cash-type
expenditures, are
deposited in the bank daily.
A.
The monthly bank statement reconciliation is performed by the same
employee
who maintains the perpetual inventory records.
B.
The accounts receivable subsidiary ledger and accounts payable
subsidiary ledger
are maintained by the same person.
C.
One person, acting alone, has sole access to the petty cash fund
(except for a
provision for occasional surprise counts by a supervisor or auditor).
D.
Answer (A) is correct. Paying petty cash expenditures from cash
receipts
facilitates the unauthorized removal of cash before deposit. All cash
receipts
should be deposited intact daily. Petty cash expenditures should be
handled
through an imprest fund.
Answer (B) is incorrect. The monthly bank reconciliation should not
be
performed by a person who makes deposits or writes checks, but the
inventory
clerk has no such responsibilities.
Answer (C) is incorrect. There is no direct relationship between the
transactions
posted to the accounts receivable and accounts payable subsidiary
ledgers; having
the same person maintain both does not create a control weakness.
Answer (D) is incorrect. To establish accountability for petty cash,
only one
person should have access to the fund.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 218
Printed for Sanja Knezevic
fb.com/ciaaofficial
[405] Gleim #: 4.5.76
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 1, “John was trusted completely . . .,” is an example of a(n)
A. Document symptom.
B. Situational pressure.
C. Opportunity to commit.
D. Physical symptom.
Answer (A) is incorrect. Complete trust is an opportunity to commit a
fraud.
Answer (B) is incorrect. Complete trust is an opportunity to commit a
fraud.
Answer (C) is correct. Complete trust in an individual is an
opportunity to
commit fraud. John’s actions went unscrutinized because of the
absence of an
appropriate segregation of functions and his ability to override
whatever control
procedures were in place.
Answer (D) is incorrect. Complete trust is an opportunity to commit
a fraud.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 219
Printed for Sanja Knezevic
[406] Gleim #: 4.5.77
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 2, “Randy was always handling the most urgent . . .,” is an
example of a(n)
Opportunity A. to commit.
B. Analytical symptom.
C. Situational pressure.
D. Rationalization.
Answer (A) is correct. When a manager continually handles the
most pressing
issues of a company, an opportunity for the manager to commit fraud
is created.
The lack of long-range planning creates a potential for fraud because
organizational objectives may have been replaced with individual
initiatives.
Answer (B) is incorrect. Crisis management provides an opportunity
to commit
fraud.
Answer (C) is incorrect. Crisis management provides an opportunity
to commit
fraud.
Answer (D) is incorrect. Crisis management provides an opportunity
to commit
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 220
Printed for Sanja Knezevic
fb.com/ciaaofficial
[407] Gleim #: 4.5.78
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 3, “Difficulties with personal financial problems,” is an
example of a(n)
A. Behavioral symptom.
B. Situational pressure.
C. Rationalization.
D. Opportunity to commit.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 221
Printed for Sanja Knezevic
Answer (A) is incorrect. Personal financial problems are a
situational pressure to
commit a fraud.
Answer (B) is correct. Financial difficulties create situational
pressures or temptations
that may contribute to fraud. These situational pressures result from
high personal
indebtedness, extravagant lifestyles, gambling problems, etc.
Answer (C) is incorrect. Personal financial problems are a
situational pressure to
commit a fraud.
Answer (D) is incorrect. Personal financial problems are a
situational pressure to
commit a fraud.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 222
Printed for Sanja Knezevic
fb.com/ciaaofficial
[408] Gleim #: 4.5.79
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 4, “and that he contributed much more . . .,” is an example of
a
A. Rationalization.
B. Behavioral symptom.
C. Situational pressure.
D. Physical symptom.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 223
Printed for Sanja Knezevic
Answer (A) is correct. Rationalization occurs when a person
attributes his/her actions
to rational and creditable motives without analysis of one’s true and
especially
unconscious motives. Feeling that one is not being paid as much as
one is worth is a
common rationalization for low-level fraud.
Answer (B) is incorrect. The belief that compensation is inadequate
is a possible
rationalization for improprieties.
Answer (C) is incorrect. The belief that compensation is inadequate
is a possible
rationalization for improprieties.
Answer (D) is incorrect. The belief that compensation is inadequate
is a possible
rationalization for improprieties.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 224
Printed for Sanja Knezevic
fb.com/ciaaofficial
[409] Gleim #: 4.5.80
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 5, “he made the books balance,” is an example of a(n)
A. Physical symptom.
B. Analytical symptom.
C. Lifestyle symptom.
D. Document symptom.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 225
Printed for Sanja Knezevic
Answer (A) is incorrect. Making the “books balance” is an example
of a document
symptom.
Answer (B) is incorrect. Making the “books balance” is an example
of a document
symptom.
Answer (C) is incorrect. Making the “books balance” is an example
of a document
symptom.
Answer (D) is correct. Tampering with the company’s books is a
document symptom.
In other words, the indicator of fraud consists of the changes in
actual company
records.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 226
Printed for Sanja Knezevic
fb.com/ciaaofficial
[410] Gleim #: 4.5.81
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 6, “He also joined an expensive country club,” is an example
of a
A. Rationalization.
B. Lifestyle symptom.
C. Behavioral symptom.
D. Physical symptom.
Answer (A) is incorrect. Joining an expensive country club is an
example of a
lifestyle symptom.
Answer (B) is correct. John was living beyond his means. The
change in lifestyle
was a symptom that indicated the presence of fraud.
Answer (C) is incorrect. Joining an expensive country club is an
example of a
lifestyle symptom.
Answer (D) is incorrect. Joining an expensive country club is an
example of a
lifestyle symptom.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 227
Printed for Sanja Knezevic
[411] Gleim #: 4.5.82
Randy and John had known each other
for many years. They had become best
friends in college, where they both
majored in accounting. After graduation,
Randy took over the family business from
his father. His family had been in the
grocery business for several generations.
When John had difficulty finding a job,
Randy offered him a job in the family
store. John proved to be a very capable
employee. As John demonstrated his
abilities, Randy began delegating more
and more responsibility to him. After a
period of time, John was doing all of the
general accounting and authorization
functions for checks, cash, inventories,
documents, records, and bank
reconciliations. (1) John was trusted
completely and handled all financial
functions. No one checked his work.
Randy decided to expand the business
and opened several new stores. (2) Randy
was always handling the most urgent
problem . . . “crisis management” is
what his college professors had termed it.
John assisted with the problems when his
other duties allowed him time.
Although successful at work, John had
(3) difficulties with personal financial
problems.
At first, the amounts stolen by John were
small. John didn’t even worry about
making the accounts balance. But John
became greedy. “How easy it is to take the
money,” he said. He felt that he was a
critical member of the business team
(4) and that he contributed much more to
the success of the company than was
represented by his salary. “It would take
two or three people to replace me,” he
often thought to himself. As the amounts
became larger and larger, (5) he made the
books balance. Because of these
activities, John was able to purchase an
expensive car and take his family on
several trips each year. (6) He also joined
an expensive country club. Things were
changing at home, however. (7) John’s
family observed that he was often
argumentative and at other times very
depressed.
The fraud continued for 6 years. Each
year, the business performed more and
more poorly. In the last year, the stores
had a substantial net loss. Randy’s bank
required an audit. John confessed when he
thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures,
opportunities, and rationalizations that
cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of
fraud are also studied.
Number 7, “John’s family observed that he was often argumentative .
. .,” is an
example of a
A. Rationalization.
B. Lifestyle symptom.
C. Behavioral symptom.
D. Physical symptom.
Answer (A) is incorrect. Being argumentative is an example of a
behavioral
symptom.
Answer (B) is incorrect. Being argumentative is an example of a
behavioral
symptom.
Answer (C) is correct. A drastic change in an employee’s behavior
may indicate
the presence of fraud. The guilt and the other forms of stress
associated with
perpetrating and concealing the fraud may induce noticeable
changes in behavior.
Answer (D) is incorrect. Being argumentative is an example of a
behavioral
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 228
Printed for Sanja Knezevic
fb.com/ciaaofficial
[412] Gleim #: 4.5.83
When comparing perpetrators who have embezzled an
organization’s funds with
perpetrators of financial statement fraud (falsified financial
statements), those who
have falsified financial statements are less likely to
Have experienced an autocratic A. management style.
B. Be living beyond their obvious means of support.
C. Rationalize the fraudulent behavior.
D. Use organizational expectations as justification for the act.
Answer (A) is incorrect. Autocratic management styles have been
linked to
management (financial statement) fraud.
Answer (B) is correct. Living beyond one’s means has been linked
to employee
fraud (embezzlement), not to financial statement fraud. Fraud
perpetrated for the
benefit of the organization ordinarily benefits the wrongdoer
indirectly, whereas
fraud that is detrimental to the organization provides immediate,
direct benefits to
the employee.
Answer (C) is incorrect. Rationalization is common to all fraud.
Answer (D) is incorrect. High expectations are often given as a
motivating factor
by those who have committed financial statement fraud.
[413] Gleim #: 4.5.84
Internal auditors should have knowledge about factors (red flags)
that have proven to
be associated with management fraud. Which of the following factors
have generally
not been associated with management fraud?
A. Generous performance-based reward systems.
B. A domineering management.
C. Regular comparison of actual results with budgets.
D. A management preoccupation with increased financial
performance.
Answer (A) is incorrect. Generous reward systems provide
incentives for
management to distort performance.
Answer (B) is incorrect. Pressure from superiors provides an
incentive for
management to distort performance.
Answer (C) is correct. Regular comparison of actual results to
budgets provides
feedback and is a normal and necessary part of the control loop.
Ineffective
control is an indicator of possible fraud.
Answer (D) is incorrect. A management preoccupation with
increased financial
performance provides an incentive for managers to distort
performance.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 229
Printed for Sanja Knezevic
[414] Gleim #: 4.5.85
Which of the following is an indicator of possible financial reporting
fraud being
perpetrated by management of a manufacturer?
A trend analysis discloses (1) sales increases of 50% and (2) cost of
goods sold
increases of 25%.
A.
A ratio analysis discloses that cost of goods sold B. is 50% of sales.
A cross-sectional analysis of common size statements discloses that
(1) the firm’s
percentage of cost of goods sold to sales is 40% and (2) the industry
average
percentage of cost of goods sold to sales is 50%.
C.
A cross-sectional analysis of common size statements discloses that
(1) the firm’s
percentage of cost of goods sold to sales is 50% and (2) the industry
average
percentage of cost of goods sold to sales is 40%.
D.
Answer (A) is correct. An increase in sales far out of proportion to
the increase in
cost of goods sold is an indicator of possible fraud.
Answer (B) is incorrect. A gross profit margin of 50% is not an
indicator of
fraud. Manufacturers can expect a range of 40-60% for this ratio.
Answer (C) is incorrect. These data indicate an industry gross profit
margin of
50% and host firm gross profit margin of 40%. The greater gross
profit margin
realized by the host firm may result from any number of reasonable
causes. These
include (1) greater efficiencies exercised by the host firm, (2) greater
sales effort
(or a more highly accepted product), and (3) measurement errors.
Answer (D) is incorrect. These data indicate an industry gross profit
margin of
40% and a host firm gross profit margin of 50%. The lower gross
profit margin
realized by the host firm may result from such causes as (1) host firm
inefficiencies; (2) less acceptance of host firm product, or less sales
effort; and
(3) measurement errors.
[415] Gleim #: 4.5.86
Which of the following would indicate that fraud may be taking place
in a marketing
department?
There is no documentation for some fairly large expenditures made
to a new
vendor.
A.
A manager appears to be living a lifestyle that is in excess of what
could be
provided by a marketing manager’s salary.
B.
The control environment can best be described as “very loose.”
However, this
attitude is justified by management on the grounds that it is needed
for creativity.
C.
D. All of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 230
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. A manager’s excessive lifestyle and a loose
control
environment are also possible fraud indicators.
Answer (B) is incorrect. Large undocumented purchases and a
loose control
environment are also possible fraud indicators.
Answer (C) is incorrect. Large undocumented purchases and a
manager’s excessive
lifestyle are also possible fraud indicators.
Answer (D) is correct. Among the many indicators of possible fraud
are lack of timely
and appropriate documentation (including information about
authorization) for
material transactions, suspicious lifestyle characteristics of
employees in a position to
commit fraud, and management’s failure to display and communicate
an appropriate
attitude toward internal control.
[416] Gleim #: 4.5.87
When an internal auditor followed up on a significant increase in
maintenance supplies
during the past year, a purchasing agent explained to the internal
auditor that the
primary reason for the increase was painting services and supplies.
The internal
auditor found a blanket purchase order without the normal bid or
quote
documentation. The blanket purchase order had been signed by the
general manager
and named the general manager’s father as the sole contractor for
painting services on
the organization’s projects. The auditor also found a number of large
invoices,
authorized for payment by the general manager, that showed the
general manager’s
father as the person who signed for the receipt of the material at the
supplier. Which is
not a symptom of fraud as described in this situation?
Purchased material is not received by authorized organizational A.
personnel.
B. Routine controls are suspended for certain transactions.
Purchased material is not delivered to a central location on the
organization’s
premises.
C.
D. The use of blanket purchase orders.
Answer (A) is incorrect. The receipt of goods or services by nonorganizational
personnel is a symptom of fraud.
Answer (B) is incorrect. Suspension of normal and appropriate
procedures is a
fraud indicator.
Answer (C) is incorrect. The receipt of goods or services off-site is a
symptom of
fraud.
Answer (D) is correct. Fraud is characterized by intentional
deception and can be
perpetrated for the benefit or to the detriment of the organization.
The use of
blanket purchase orders is a normal business practice.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 231
Printed for Sanja Knezevic
[417] Gleim #: 4.5.88
When an internal auditor followed up on a significant increase in
maintenance supplies
during the past year, a purchasing agent explained to the internal
auditor that the
primary reason for the increase was painting services and supplies.
The internal
auditor found a blanket purchase order without the normal bid or
quote
documentation. The blanket purchase order had been signed by the
general manager
and named the general manager’s father as the sole contractor for
painting services on
the organization’s projects. The auditor also found a number of large
invoices,
authorized for payment by the general manager, that showed the
general manager’s
father as the person who signed for the receipt of the material at the
supplier. What is
the common indicator of fraud recognized by the internal auditor in
this scenario?
Analytical procedures revealed an extraordinary increase in A.
account balances.
B. Paint and supplies are being purchased for a contractor.
The purchasing agent is selecting the contractor on the basis of a
blanket purchase
order.
C.
D. Invoices are being authorized for payment by the general
manager.
Answer (A) is correct. Analytical procedures are commonly
performed by
internal auditors to assess information collected in an engagement.
The
assessment results from comparing information with expectations
identified or
developed by the internal auditor. Thus, an extraordinary increase in
an account
balance should be detected and investigated as the result of applying
analytical
methods.
Answer (B) is incorrect. The provision of paint is not an issue.
Answer (C) is incorrect. The purchasing agent is fulfilling this
responsibility in
accordance with the authority of a purchasing agent’s position.
Answer (D) is incorrect. The general manager may appropriately
authorize
payment.
[418] Gleim #: 4.5.89
Bank management suspects that a bank loan officer frequently made
loans to fictitious
entities, disbursed loan proceeds to personally established accounts,
and then let the
loans go into default. Some pertinent facts about the loan officer
include
A high standard of living, explained as the result of sound
investments and not
taking vacations;
An expensive personal car obtained through business contacts;
Gasoline and repair bills submitted for a car assigned by the bank
that are higher
than the organization’s average (mileage logs were submitted on a
quarterly
basis); and
Marked annoyance with questions from internal auditors.
In this situation, typical indicators of the suspected fraud include all of
the following
except
A. Not taking an annual vacation.
B. Becoming easily annoyed with auditor inquiries about
questionable loans.
C. Explaining a high standard of living as the result of investments.
D. Submitting gasoline and repair bills that are higher than company
average.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 232
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Not taking an annual vacation suggests that
the loan officer
fears discovery of wrongdoing in his/her absence.
Answer (B) is incorrect. Becoming defensive may indicate a guilty
conscience.
Answer (C) is incorrect. A high standard of living may be
inconsistent with the loan
officer’s income.
Answer (D) is correct. Submitting gasoline and repair bills that are
higher than
average is not correlated with making fraudulent loans. These factors
are not
controllable by the loan officer, so they cannot be indicators of
unusual activity by
him/her.
[419] Gleim #: 4.5.90
Bank management suspects that a bank loan officer frequently made
loans to fictitious
entities, disbursed loan proceeds to personally established accounts,
and then let the
loans go into default. Some pertinent facts about the loan officer
include
A high standard of living, explained as the result of sound
investments and not
taking vacations;
An expensive personal car obtained through business contacts;
Gasoline and repair bills submitted for a car assigned by the bank
that are higher
than the organization’s average (mileage logs were submitted on a
quarterly
basis); and
Marked annoyance with questions from internal auditors.
The most appropriate trend analysis to indicate this potential fraud is
Loan default rates A. by loan officer.
B. Accumulation of unpaid vacation days.
C. Automobile operating expenses by loan officer.
D. Total monetary volume of loans by loan officer.
Answer (A) is correct. Trend analysis would detect an unexplained
increase in the
default rate caused by bogus loans.
Answer (B) is incorrect. Trend analysis would not detect annual
vacation not
taken.
Answer (C) is incorrect. Although trend analysis could detect higher
than average
expenses for operation of the car, these expenses have no
relationship to suspected
fraudulent loans.
Answer (D) is incorrect. The default rate is a better indicator than
monetary
volume.
[420] Gleim #: 4.5.91
An unexpected decrease in which of the following ratios could
indicate that fictitious
inventory has been recorded?
A. Average collection period.
B. Total asset turnover.
C. Price-earnings.
D. Current.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 233
Printed for Sanja Knezevic
Answer (A) is incorrect. The average collection period equals
average receivables
divided by average daily net sales. An increase in reported inventory
does not affect it.
Answer (B) is correct. The total asset turnover ratio equals sales
divided by total
assets. An increase in reported inventory will increase total assets
and decrease the
ratio.
Answer (C) is incorrect. The price-earnings ratio (price per share ÷
EPS) is not
directly affected by fictitious inventory.
Answer (D) is incorrect. The current ratio (current assets ÷ current
liabilities) is
increased when fictitious inventory is recorded.
[421] Gleim #: 4.5.92
Which of the following is an indicator of increased risk of fraud? The
treasurer
Takes all vacations and has just accepted a promotion to vice
president A. of finance.
B. Takes no vacations and has just accepted a promotion to vice
president of finance.
C. Takes all vacations and has refused promotion to vice president of
finance.
D. Takes no vacations and has refused promotion to vice president of
finance.
Answer (A) is incorrect. This combination of behaviors is not
unusual.
Answer (B) is incorrect. This combination of behaviors is not
unusual.
Answer (C) is incorrect. This combination of behaviors is not
unusual.
Answer (D) is correct. An employee who refuses to take vacations
and turns
down promotions is engaging in classic behavior that indicates the
need to conceal
an ongoing fraud.
[422] Gleim #: 4.5.93
An engagement had been scheduled by the chief audit executive to
address unusual
inventory shortages revealed in the annual physical inventory
process at a large
consumer goods warehouse operation. A cycle count program had
been installed in the
storeroom at the beginning of the year in place of the disruptive
process of counting
one entire product line at the end of each month. The cycle count
program appeared
effective because only nine minor adjustments had been made for
the entire year on
the several thousand different products located in the storeroom. The
storeroom
supervisor explained that each of the 15 stockroom personnel
selected one item each
day for cycle count based on how efficiently the item could be
counted. The
opportunity for control-related problems including fraud has been
increased in the
stockroom because
A. Items for cycle count are selected by stockroom personnel.
B. A cycle count program has been installed in place of a less
efficient program.
Only nine minor adjustments have been recorded as a result of the
cycle count
process.
C.
D. Stockroom personnel record cycle count information.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 234
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. The opportunity for fraud has been increased
because
stockroom personnel select the items for cycle count (poor internal
control). Selection
of items should be based on relative values or the relationship of an
item to the total
volume of transactions. Moreover, personnel who do not have
custodial or
recordkeeping responsibilities should control the counts.
Answer (B) is incorrect. An appropriate and effective cycle count
process should
improve control.
Answer (C) is incorrect. The number of adjustments is not indicative
of the level of
control in this situation.
Answer (D) is incorrect. A properly controlled cycle count process
could involve
stockroom personnel in performing counts.
[423] Gleim #: 4.5.94
The internal audit activity has been assigned to perform an
engagement involving a
division. Based on background review, the internal auditor knows the
following about
management policies:
Organizational policy is to rapidly promote divisional managers who
show
significant success. Thus, successful managers rarely stay at a
division for more
than 3 years.
A significant portion of division management’s compensation comes
in the form
of bonuses based on the division’s profitability.
The division was identified by senior management as a turnaround
opportunity. The
division is growing but is not scheduled for a full audit by the external
auditors this
year. The division has been growing about 7% per year for the past 3
years and uses a
standard cost system.
During the preliminary review, the internal auditor notes the following
changes in
financial data compared with the prior year:
Sales have increased by 10%.
Cost of goods sold has increased by 2%.
Inventory has increased by 15%.
Divisional net profit has increased by 8%.
Which of the following items might alert the internal auditor to the
possibility of fraud
in the division?
The division is not scheduled for an external A. audit this year.
B. Sales have increased by 10%.
A significant portion of management’s compensation is directly tied to
reported
net profit of the division.
C.
D. All of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 235
Printed for Sanja Knezevic
Answer (A) is incorrect. The lack of a scheduled external audit is not
an indicator of
fraud.
Answer (B) is incorrect. Sales have normally been increasing by
about 7% at this
division. Thus, an increase of 10%, by itself, is not unexpected and
does not raise a red
flag.
Answer (C) is correct. The internal auditor’s responsibilities for
detecting fraud
include having sufficient knowledge of fraud to be able to identify
indicators that fraud
may have been committed. This knowledge includes the
characteristics of fraud, the
techniques used to commit fraud, and the types of frauds associated
with the activities
reviewed. For example, performance may be distorted because
promotion and
compensation (e.g., bonuses) are tied to profitability.
Answer (D) is incorrect. Not all responses are red flags.
[424] Gleim #: 4.5.95
An internal auditor is investigating the performance of a division with
an unusually
large increase in sales, gross margin, and profit. Which of the
following indicators is
least likely to indicate the possibility of sales-related fraud in the
division?
A significant portion of divisional management’s compensation is
based on
reported divisional profits.
A.
There is an unusually large amount of sales returns recorded B. after
year end.
The internal auditor has taken a random sample of sales invoices but
cannot locate
a shipping document for a number of the sales transactions selected
for November
and December.
C.
D. One of the division’s major competitors went out of business
during the year.
Answer (A) is incorrect. Basing management compensation on
reported profits
creates an incentive for fraud.
Answer (B) is incorrect. An unusually large amount of sales returns
after year end
may indicate that invalid sales were recorded near the end of the
year.
Answer (C) is incorrect. The lack of shipping documents may
indicate that
invalid sales were recorded during November and December.
Answer (D) is correct. A decrease in the number of competitors
during the year is
a potential explanation for the increase in sales and profits.
[425] Gleim #: 4.5.96
Which of the following is most likely to be considered an indication of
possible fraud?
A. The replacement of the management team after a hostile
takeover.
B. Rapid turnover of the organization’s financial executives.
C. Rapid expansion into new markets.
D. A government audit of the organization’s tax returns.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 236
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The replacement of the management team
after a hostile
takeover is not unusual.
Answer (B) is correct. Even the most effective internal control can
sometimes be
circumvented, perhaps by collusion of two or more employees. Thus,
an auditor must
be sensitive to certain conditions that might indicate the existence of
fraud, including
high personnel turnover. In the case of financial executives, high
turnover may suggest
a pattern of inflation of profits to obtain bonuses or other benefits, to
secure
advantages in the marketplace, or to conceal incompetence or rash
actions.
Answer (C) is incorrect. Rapid expansion into new markets is not
unusual.
Answer (D) is incorrect. A government audit of the organization’s tax
returns is not
unusual.
[426] Gleim #: 4.5.97
Which of the following would not be considered a condition that
indicates a higher
likelihood of fraud?
Management has delegated the authority to make purchases under a
certain
monetary limit to subordinates.
A.
An individual has held the same cash-handling job for an extended
period without
any rotation of duties.
B.
An individual handling marketable securities is responsible for
making the
purchases, recording the purchases, and reporting any discrepancies
and gains or
losses to senior management.
C.
The assignment of responsibility and accountability in the accounts
receivable
department is not clear.
D.
Answer (A) is correct. Delegating authority for purchases below a
certain limit is
a common and an acceptable control procedure aimed at limiting risk
while
promoting efficiency. It is not, by itself, considered a condition that
indicates a
higher likelihood of fraud.
Answer (B) is incorrect. Lack of rotation of duties or cross-training
for sensitive
jobs is an identified red flag.
Answer (C) is incorrect. An inappropriate segregation of duties is an
identified
red flag. The same person should not authorize, execute, and
account for
transactions and have custody of the assets.
Answer (D) is incorrect. Lack of recorded accountability for assets is
an
identified red flag.
[427] Gleim #: 4.5.98
The most common motivation for management fraud is the existence
of
Vices, such as A. a gambling habit.
B. Job dissatisfaction.
C. Financial pressures on the organization.
D. The challenge of committing the perfect crime.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 237
Printed for Sanja Knezevic
Answer (A) is incorrect. Vices are an example of motivators of fraud
perpetratedrfor
the benefit of individuals and to the organization’s detriment.
Answer (B) is incorrect. Job dissatisfaction is an example of
motivators of fraud
perpetrated for the benefit of individuals and to the organization’s
detriment.
Answer (C) is correct. Management fraud benefits organizations
rather than
individuals, so the existence of financial pressures is the most
common motivation.
Management perpetrators attempt to make their financial statements
appear more
attractive because of the financial pressures of restrictive loan
covenants, a poor cash
position, loss of significant customers, etc.
Answer (D) is incorrect. The challenge of committing the perfect
crime is an example
of motivators of fraud perpetrated for the benefit of individuals and to
the
organization’s detriment.
[428] Gleim #: 4.5.99
Which of the following fraudulent entries is most likely to be made to
conceal the theft
of an asset?
Debit expenses and A. credit the asset.
B. Debit the asset and credit another asset account.
C. Debit revenue and credit the asset.
D. Debit another asset account and credit the asset.
Answer (A) is correct. Most fraud perpetrators attempt to conceal
their theft by
charging it against an expense account. The result is that the
recorded asset
balance equals the actual amount on hand, and applying procedures
to it will not
detect the theft.
Answer (B) is incorrect. Debiting the stolen asset account simply
increases the
discrepancy between the recorded amount and the amount on hand.
Answer (C) is incorrect. An entry decreasing revenue is unusual and
would
attract attention.
Answer (D) is incorrect. This entry would not permanently conceal
the fraud. It
would simply shift the irreconcilable balance to another asset
account.
[429] Gleim #: 5.1.1
In a sampling application, the group of items about which the auditor
wants to
estimate some characteristic is called the
A. Population.
B. Attribute of interest.
C. Sample.
D. Sampling unit.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 238
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. The population is the group of items about
which an auditor
wishes to draw conclusions.
Answer (B) is incorrect. The attribute of interest is the characteristic
of the population
the auditor wants to estimate.
Answer (C) is incorrect. The sample is a subset of the population
used to estimate the
characteristic.
Answer (D) is incorrect. A sampling unit is the item that is actually
selected for
examination. It is a subset of the population.
[430] Gleim #: 5.1.2
The variability of a population, as measured by the standard
deviation, is the
Extent to which the individual values of the items in the population
are spread
about the mean.
A.
Degree of asymmetry B. of a distribution.
Tendency of the means of large samples (at least 30 items) to be
normally
distributed.
C.
Measure of the closeness of a sample estimate to a corresponding
population
characteristic.
D.
Answer (A) is correct. The standard deviation measures the degree
of dispersion
of items in a population about its mean.
Answer (B) is incorrect. The dispersion of items in a population is
not a function
of the degree of asymmetry of the distribution. For example, a
distribution may be
skewed (positively or negatively) with a large or small standard
deviation.
Answer (C) is incorrect. The central limit theorem states that the
distribution of
sample means for large samples should be normally distributed even
if the
underlying population is not.
Answer (D) is incorrect. Precision is the interval about the sample
statistic within
which the true value is expected to fall.
[431] Gleim #: 5.1.3
The measure of variability of a statistical sample that serves as an
estimate of the
population variability is the
A. Basic precision.
B. Range.
C. Standard deviation.
D. Confidence interval.
Answer (A) is incorrect. Basic precision is the range around the
sample statistic
that is expected to contain the true population parameter.
Answer (B) is incorrect. The range is the difference between the
largest and
smallest values in a sample. It is a crude measure of variability but is
not used to
estimate population variability.
Answer (C) is correct. The standard deviation is a measure of
variability. If the
sample is representative, its standard deviation will approximate that
of the
population.
Answer (D) is incorrect. Confidence interval is a synonym for
precision. It is the
range around a sample statistic that is expected to contain the true
population
parameter.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 239
Printed for Sanja Knezevic
[432] Gleim #: 5.1.4
The measure of variability most useful in variables sampling is the
A. Median.
B. Range.
C. Standard deviation.
D. Mean.
Answer (A) is incorrect. The median (the value at the 50th
percentile) measures
central tendency, not variability.
Answer (B) is incorrect. The range (difference between the largest
and smallest
values) has far less significance than the standard deviation.
Answer (C) is correct. The standard deviation is a mathematical
measure of the
variability of items in a population about its mean.
Answer (D) is incorrect. The mean (arithmetic average) measures
central
tendency, not variability.
[433] Gleim #: 5.1.5
In sampling applications, the standard deviation represents a
measure of the
A. Expected error rate.
B. Level of confidence desired.
C. Degree of data variability.
D. Extent of precision achieved.
Answer (A) is incorrect. The expected error rate is associated with
attribute
sampling.
Answer (B) is incorrect. The desired confidence level is determined
by the
internal auditor’s judgment.
Answer (C) is correct. The standard deviation measures the
variability within a
population.
Answer (D) is incorrect. The extent of precision achieved in
variables sampling is
computed using the standard deviation.
[434] Gleim #: 5.1.6
A specified range is based on an estimate of a population
characteristic calculated
from a random sample. The probability that the range contains the
true population
value is the
A. Error rate.
B. Lower precision limit.
C. Confidence level.
D. Standard error of the mean.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 240
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The error rate in an attribute sampling
application is the
proportion of incorrect items in a population.
Answer (B) is incorrect. The lower precision limit is the lower bound
of the interval
constructed from the sample result at a specified confidence level.
Answer (C) is correct. In principle, given repeated sampling and a
normally
distributed population, the confidence level is the percentage of all
the precision
intervals that may be constructed from simple random samples that
will include the
population value. In practice, the confidence level is regarded as the
probability that a
precision interval calculated from a simple random sample drawn
from a normally
distributed population will contain the population value.
Answer (D) is incorrect. The standard error of the mean is the
standard deviation of
the distribution of sample means.
[435] Gleim #: 5.1.7
A 90% confidence interval for the mean of a population based on the
information in a
sample always implies that there is a 90% chance that the
Estimate is equal to the true A. population mean.
B. True population mean is no larger than the largest endpoint of the
interval.
C. Standard deviation will not be any greater than 10% of the
population mean.
D. True population mean lies within the specified confidence interval.
Answer (A) is incorrect. Computation of a confidence interval
permits the
probability that the interval contains the population value to be
quantified.
Answer (B) is incorrect. Two-sided confidence intervals are more
common. The
area in each tail of a two-sided, 90% interval is 5%.
Answer (C) is incorrect. The confidence interval is based on the
standard
deviation, but it has no bearing on the size of the standard deviation.
Answer (D) is correct. The confidence level, e.g., 90%, is specified
by the
auditor. A confidence interval based on the specified confidence
level, also called
precision, is the range around a sample value that is expected to
contain the true
population value. In this situation, if the population is normally
distributed and
repeated simple random samples are taken, the probability is that
90% of the
confidence intervals constructed around the sample results will
contain the
population value.
[436] Gleim #: 5.1.8
The degree to which the auditor is justified in believing that the
estimate based on a
random sample will fall within a specified range is called
A. Sampling risk.
B. Non-sampling risk.
C. Confidence level.
D. Precision.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 241
Printed for Sanja Knezevic
Answer (A) is incorrect. Sampling risk is the complement of the
confidence level.
Answer (B) is incorrect. Non-sampling risk is the risk of improperly
auditing the
sampled items. It cannot be quantified.
Answer (C) is correct. The confidence level is the percentage of
times that one would
expect the sample to adequately represent the population. Thus, a
confidence level of
90% should result in samples that adequately represent the
population 90% of the time.
In other words, given repeated random sampling from a normally
distributed
population, 90% of the confidence intervals that may be constructed
from simple
random samples will contain the population mean.
Answer (D) is incorrect. Precision is the confidence interval.
[437] Gleim #: 5.2.9
If an internal auditor is sampling to test compliance with a particular
company policy,
which of the following factors should not affect the allowable level of
sampling risk?
The experience and knowledge A. of the auditor.
B. The adverse consequences of noncompliance.
C. The acceptable level of risk of making an incorrect audit
conclusion.
D. The cost of performing auditing procedures on sample selections.
Answer (A) is correct. Sampling risk is the possibility that
engagement
conclusions based on a sample may differ from those reached if the
test were
applied to all items in the population. The experience and knowledge
of the
auditor are elements of nonsampling risk.
Answer (B) is incorrect. As the adverse consequences of
noncompliance increase,
the allowable level of sampling risk tends to decrease.
Answer (C) is incorrect. The acceptable level of sampling risk is one
element of
the acceptable level of risk of drawing an incorrect audit conclusion.
The other
element is nonsampling risk.
Answer (D) is incorrect. The cost of performing procedures on
sample selections
is weighed against the benefit of minimizing the chance of making an
incorrect
decision.
[438] Gleim #: 5.2.10
In preparing a sampling plan for an inventory pricing test, which of
the following
describes an advantage of statistical sampling over nonstatistical
sampling?
A. Requires nonquantitative expression of sample results.
B. Provides a quantitative measure of sampling risk.
C. Minimizes nonsampling risk.
D. Reduces the level of tolerable error.
Answer (A) is incorrect. Statistical sampling provides quantified
results.
Answer (B) is correct. Statistical and nonstatistical sampling are
both used to
project the characteristics of a population. However, statistical
sampling permits
the internal auditor to make a quantitative assessment of how closely
the sample
represents the population for a given level of reliability.
Answer (C) is incorrect. Nonsampling risk exists in both statistical
and
nonstatistical sampling.
Answer (D) is incorrect. Tolerable error is related to materiality and
auditor
judgment.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 242
Printed for Sanja Knezevic
fb.com/ciaaofficial
[439] Gleim #: 5.2.11
An auditor tested a population by examining 60 items selected
judgmentally and found
one error. The main limitation of the auditor’s sample is the inability
to
Quantify A. sampling risk.
B. Quantify the acceptable error rate.
C. Project the population’s error rate.
D. Determine whether the sample is random.
Answer (A) is correct. The limitation of all nonstatistical sampling
techniques is
the auditor’s inability to quantify sampling risk. Based on past
experience and
intuition, the auditor may conclude that the sampling risk is
acceptable, but the
auditor is not able to quantify this risk.
Answer (B) is incorrect. The auditor could quantify the acceptable
error rate
independently of the sample design.
Answer (C) is incorrect. The auditor can project an error rate of
1/60, or .0167.
The problem is that the auditor cannot quantify the risk that the rate
in the sample
is significantly different from the rate in the population.
Answer (D) is incorrect. A mathematician may be able to determine
whether the
auditor’s selections are random, although it is unlikely that they are.
If the sample
is representative, it does not matter whether it is random.
[440] Gleim #: 5.2.12
An important difference between a statistical and a judgmental
sample is that with a
statistical sample,
A. No judgment is required because everything is computed
according to a formula.
B. A smaller sample can be used.
C. More accurate results are obtained.
D. Population estimates with measurable reliability can be made.
Answer (A) is incorrect. Judgment is needed to determine
confidence levels and
sample unit definition.
Answer (B) is incorrect. A statistical sample may result in either a
smaller or
larger sample.
Answer (C) is incorrect. Either method may produce greater
accuracy.
Answer (D) is correct. The principal benefit of statistical sampling is
that it
permits the auditor to make a quantitative assessment of how closely
the sample
represents the population for a given level of reliability, i.e., how
unbiased the
sample is.
[441] Gleim #: 5.2.13
Statistical sampling is appropriate to estimate the value of an auto
dealer’s 3,000 lineitem
inventory because statistical sampling is
A. Reliable and objective.
B. Thorough and complete.
C. Thorough and accurate.
D. Complete and precise.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 243
Printed for Sanja Knezevic
Answer (A) is correct. The results of statistical (probability) sampling
are objective
and subject to the laws of probability. Hence, sampling risk can be
quantified and
controlled at a specified level of confidence (reliability). Sampling risk
is the risk that
the sample selected does not represent the population.
Answer (B) is incorrect. By definition, a sample is not complete or
thorough.
Answer (C) is incorrect. By definition, a sample is not thorough.
Also, it cannot be
considered accurate because of the existence of sampling risk.
Answer (D) is incorrect. By definition, a sample is not complete.
[442] Gleim #: 5.2.14
To project the frequency of shipments to wrong addresses, an
internal auditor chose a
random sample from the busiest month of each of the four quarters
of the most recent
year. What underlying concept of statistical sampling did the auditor
violate?
Attempting to project a rate of occurrence rather A. than an error
rate.
B. Failing to give each item in the population an equal chance of
selection.
C. Failing to adequately describe the population.
D. Using multistage sampling in conjunction with attributes.
Answer (A) is incorrect. Randomness is not associated with a rate
of occurrence
(often referred to as an error rate).
Answer (B) is correct. A random sample is one in which every item
in the
population has an equal and nonzero chance of being selected for
the sample.
Here, the auditor deliberately excluded shipments from the slower
months.
Answer (C) is incorrect. The population is adequately described as
the four
quarters of the most recent year.
Answer (D) is incorrect. Multistage sampling is appropriate when
homogeneous
subpopulations can be identified and sampled from; sample items
are then
selected from the randomly selected subpopulations.
[443] Gleim #: 5.2.15
A distinguishing characteristic of random number sample selection is
that each
A. Item is selected from a stratum having minimum variability.
B. Item’s chance for selection is proportional to its dollar value.
C. Item in the population has an equal chance of being selected.
D. Stratum in the population has an equal number of items selected.
Answer (A) is incorrect. Stratifying the population does not ensure
random
selection.
Answer (B) is incorrect. Deliberately biasing the sample makes
random selection
impossible.
Answer (C) is correct. A random sample is one in which every item
in the
population has an equal and nonzero chance of being selected.
Answer (D) is incorrect. Stratifying the population does not ensure
random
selection.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 244
Printed for Sanja Knezevic
fb.com/ciaaofficial
[444] Gleim #: 5.2.16
Using random numbers to select a sample
Is required for a variables A. sampling plan.
B. Is likely to result in an unbiased sample.
C. Results in a representative sample.
D. Allows auditors to use smaller samples.
Answer (A) is incorrect. Although random-number sampling may be
used for a
variables sampling plan, it is not required. Systematic selection is
also acceptable
unless the population is not randomly organized.
Answer (B) is correct. The principal issue in statistical sampling is
selecting a
sample that is representative of the population, i.e., unbiased. This
can be
achieved by ensuring the sample is drawn randomly.
Answer (C) is incorrect. The use of random numbers does not
always result in a
representative sample. Statistical methods allow auditors to estimate
the
probability that a random sample is not representative.
Answer (D) is incorrect. The use of random numbers does not affect
sample size.
[445] Gleim #: 5.2.17
Which one of the following statements about sampling is true?
A larger sample is always more representative of the underlying
population than a
smaller sample.
A.
For very large populations, the absolute size of the sample has more
impact on the
precision of its results than does its size relative to its population.
B.
For a given sample size, a simple random sample always produces
the most
representative sample.
C.
The limitations of an incomplete sample frame can almost always be
overcome by
careful sampling techniques.
D.
Answer (A) is incorrect. A large sample selected in a biased way is
often less
representative than a smaller but more carefully selected sample.
Answer (B) is correct. When the size of the population is very large,
the absolute
size of the sample may vary considerably even though its size
relative to the
population does not.
Answer (C) is incorrect. Simple random sampling does not eliminate
sampling
risk. Proper execution of a simple random sample increases the
probability of
drawing a representative sample.
Answer (D) is incorrect. Items excluded from the sampling frame
cannot be
included by an appropriate sampling technique.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 245
Printed for Sanja Knezevic
[446] Gleim #: 5.2.18
Random numbers can be used to select a sample only when each
item in the
population
Can be assigned to A. a specific stratum.
B. Is independent of outside influence.
C. Can be identified with a unique number.
Is expected to be within plus or minus three standard deviations of
the population
mean.
D.
Answer (A) is incorrect. Random-number sampling applies to both
simple and
stratified sampling.
Answer (B) is incorrect. No such requirement exists.
Answer (C) is correct. A random sample is one in which every item
in the
population has an equal and nonzero chance of being selected and
that selection is
not influenced by whether any other item is selected.
Answer (D) is incorrect. By definition, there are a few population
items outside
plus or minus three standard deviations from the population mean.
[447] Gleim #: 5.2.19
A company is simulating the actions of a government agency in
which 50% of the time
a recall of a product is required, 40% of the time only notification of
the buyer about a
potential defect is required, and 10% of the time no action on its part
is required.
Random numbers of 1 to 100 are being used. An appropriate
assignment of random
numbers for the recall category would be
A. 1-40
B. 40-90
C. 61-100
D. 11-60
Answer (A) is incorrect. It is an appropriate assignment of random
numbers for
the notification category.
Answer (B) is incorrect. This range includes 51 numbers.
Answer (C) is incorrect. It is an appropriate assignment of random
numbers for
the notification category.
Answer (D) is correct. Given a 50% chance of a recall, 50 different
numbers
should be assigned to that alternative. This answer is the only
alternative with 50
numbers (11-60).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 246
Printed for Sanja Knezevic
fb.com/ciaaofficial
[448] Gleim #: 5.2.20
As part of an internal audit, a benchmark must be established for the
defect rate for an
innovative new production process. The auditor can either use a
large sample that is
already available from other production processes in the same plant
or draw a fresh
sample from the new process. However, a fresh sample would be
expensive, time
consuming, and much smaller in size. Which one of the following is
the best course of
action for the auditor?
The auditor should accept this large historical sample because
analyses based on it
will have high statistical power.
A.
The auditor should draw a fresh sample and combine it with B. the
old sample.
The auditor should accept the historical sample but use
nonparametric statistics to
analyze it.
C.
The auditor should first determine how similar the new process is to
the old
process before deciding what to do.
D.
Answer (A) is incorrect. High statistical power based on an
inappropriate sample
will only provide a very precise wrong answer.
Answer (B) is incorrect. A fresh sample may not be cost effective if
the old
sample is representative of the new process.
Answer (C) is incorrect. Nonparametric statistics is applied to
problems for
which specific distributions are not known.
Answer (D) is correct. If the old and new processes are not
substantially similar,
the existing sample will not be representative.
[449] Gleim #: 5.3.21
When planning an attribute sampling application, the difference
between the expected
error rate and the maximum tolerable error rate is the planned
A. Precision.
B. Reliability.
C. Dispersion.
D. Skewness.
Answer (A) is correct. The precision of an attribute sample (also
called the
confidence interval or allowance for sampling risk) is an interval
around the
sample statistic that the auditor expects to contain the true value of
the population.
In attribute sampling (used for tests of controls), precision is
determined by
subtracting the expected error rate from the tolerable error rate in the
population.
Answer (B) is incorrect. Reliability is the confidence level. It is the
percentage of
times that repeated samples will be representative of the population
from which
they are taken.
Answer (C) is incorrect. Dispersion is the degree of variation in a set
of values.
Answer (D) is incorrect. Skewness is the lack of symmetry in a
frequency
distribution.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 247
Printed for Sanja Knezevic
[450] Gleim #: 5.3.22
In evaluating an attribute sample, the range within which the estimate
of the
population characteristic is expected to fall is called
A. Confidence level.
B. Precision.
C. Upper error limit.
D. Expected error rate.
Answer (A) is incorrect. The confidence level is the specified
measure of how
reliable the auditor wants the sample results to be.
Answer (B) is correct. The precision of an attribute sample (also
called the
confidence interval or allowance for sampling risk) is an interval
around the
sample statistic that the auditor expects to contain the true value of
the population.
In attribute sampling (used in tests of controls), precision is
determined by
subtracting the expected error rate from the tolerable error rate in the
population.
Answer (C) is incorrect. The confidence interval (precision) is the
range between
the lower and upper error limits.
Answer (D) is incorrect. The expected error rate is a measure of
how frequently
the auditor expects the characteristic of interest to exist in the
population prior to
selecting and evaluating the sample.
[451] Gleim #: 5.3.23
In selecting a sample of items for attributes testing, an auditor must
consider the
confidence level factor, the desired precision, and the
A. Recorded monetary amount of the population.
B. Sampling interval.
C. Expected occurrence rate.
D. Standard deviation in the population.
Answer (A) is incorrect. The monetary amount of the population
relates to testing
for variables.
Answer (B) is incorrect. The sampling interval is used in monetaryunit
sampling.
Answer (C) is correct. The expected occurrence rate, also called the
expected
deviation rate, is one of the three necessary factors in determining
sample size for
an attribute test.
Answer (D) is incorrect. The standard deviation is an element in the
variables
sampling formula.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 248
Printed for Sanja Knezevic
fb.com/ciaaofficial
[452] Gleim #: 5.3.24
The size of a given sample is jointly a result of characteristics of the
population of
interest and decisions made by the internal auditor. Everything else
being equal,
sample size will
Increase if the internal auditor decides to accept more risk of
incorrectly
concluding that controls are effective when they are in fact
ineffective.
A.
Double if the internal auditor finds that the variance of the population
is twice as
large as was indicated in the pilot sample.
B.
Decrease if the internal auditor increases the tolerable C. rate of
deviation.
D. Increase as sampling risk increases.
Answer (A) is incorrect. An increase in allowable risk decreases
sample size.
Answer (B) is incorrect. Doubling the variability of the population will
cause the
sample size to more than double.
Answer (C) is correct. In an attribute test, the tolerable deviation rate
is inversely
related to sample size. If it is increased, sample size will decrease.
Answer (D) is incorrect. Sampling risk increases as the sample size
decreases.
[453] Gleim #: 5.3.25
An internal auditor is planning to use attribute sampling to test the
effectiveness of a
specific internal control related to approvals for cash disbursements.
In attribute
sampling, decreasing the estimated occurrence rate from 5% to 4%
while keeping all
other sample size planning factors exactly the same would result in a
revised sample
size that would be
A. Larger.
B. Smaller.
C. Unchanged.
D. Indeterminate.
Answer (A) is incorrect. Increasing the expected error rate increases
the sample
size.
Answer (B) is correct. In an attribute test, the expected deviation
rate is directly
related to sample size. If it is decreased, sample size will decrease.
Answer (C) is incorrect. Changing one variable while holding all
other factors
constant changes the sample size.
Answer (D) is incorrect. Decreasing the expected error rate while
holding all
other factors constant decreases the sample size.
[454] Gleim #: 5.3.26
If all other sample size planning factors were exactly the same in
attribute sampling,
changing the confidence level from 95% to 90% and changing the
desired precision
from 2% to 5% would result in a revised sample size that would be
A. Larger.
B. Smaller.
C. Unchanged.
D. Indeterminate.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 249
Printed for Sanja Knezevic
Answer (A) is incorrect. Increasing the confidence level while
narrowing the precision
interval would result in a larger sample size.
Answer (B) is correct. In an attribute test, the confidence level is
directly related, and
the precision is inversely related, to sample size. Thus, if the
confidence level is
reduced and precision is widened, sample size will be smaller.
Answer (C) is incorrect. Decreasing the confidence level while
widening the precision
interval would allow the sample size to be decreased.
Answer (D) is incorrect. The revised sample size is determinable.
[455] Gleim #: 5.3.27
If all other factors specified in an attribute sampling plan remain
constant, decreasing
the confidence level from 95% to 90% would cause the required
sample size to
A. Increase.
B. Decrease.
C. Change by 5%.
D. Remain the same.
Answer (A) is incorrect. Decreasing the confidence level permits a
smaller
sample size.
Answer (B) is correct. In an attribute test, the confidence level is
directly related
to sample size. Hence, decreasing the confidence level permits a
smaller sample
size to be used.
Answer (C) is incorrect. The percentage change is not
proportionate.
Answer (D) is incorrect. Decreasing the confidence level permits a
smaller
sample size.
[456] Gleim #: 5.3.28
In an attribute sampling application, holding other factors constant,
sample size will
increase as which of the following becomes smaller?
A. Confidence coefficient.
B. Population.
C. Planned precision.
D. Expected rate of occurrence.
Answer (A) is incorrect. A decrease in a numerator factor will
decrease the
sample size.
Answer (B) is incorrect. A population decrease permits a decrease
in sample size.
Answer (C) is correct. In an attribute test, planned precision is
inversely related to
sample size; its decrease (tightening) will increase sample size.
Answer (D) is incorrect. A decrease in a numerator factor will
decrease the
sample size.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 250
Printed for Sanja Knezevic
fb.com/ciaaofficial
[457] Gleim #: 5.3.29
An auditor has to make a number of decisions when using attribute
sampling. The
term efficiency is used to describe anything that affects sample size.
The term
effectiveness is used to describe the likelihood that the statistical
sample result will be
a more accurate estimate of the true population error rate. Assume
an auditor expects a
control procedure failure rate of 0.5%. The auditor is making a
decision on whether to
use a 90% or a 95% confidence level and whether to set the
tolerable control failure
rate at 3% or 4%. Which of the following statements regarding
efficiency and
effectiveness of an attribute sample is true?
Decreasing the confidence level to 90% and decreasing the tolerable
control
failure rate to 3% will result in both increased efficiency and
effectiveness.
A.
Decreasing the tolerable failure rate from 4% to 3% will increase B.
audit efficiency.
Increasing the confidence level to 95% and decreasing the tolerable
control failure
rate to 3% will increase audit effectiveness.
C.
D. Increasing the confidence level to 95% will increase audit
efficiency.
Answer (A) is incorrect. Decreasing the confidence level reduces
the sample size
and thus decreases effectiveness.
Answer (B) is incorrect. Decreasing the tolerable failure rate
increases the sample
size and thus decreases efficiency.
Answer (C) is correct. In an attribute test, confidence level and
expected
deviation rate are in the numerator, while the tolerable deviation rate
is in the
denominator. Hence, increasing the confidence level increases the
sample size,
and decreasing the tolerable rate also increases the sample size. A
larger sample
increases audit effectiveness.
Answer (D) is incorrect. Increasing the confidence level increases
the sample size
and thus decreases audit efficiency.
[458] Gleim #: 5.3.30
Which of the following must be known to evaluate the results of an
attribute sample?
A. Estimated dollar value of the population.
B. Standard deviation of the sample values.
C. Actual size of the sample selected.
D. Finite population correction factor.
Answer (A) is incorrect. Dollar values are irrelevant to attribute
sampling.
Answer (B) is incorrect. The standard deviation is an element in the
variables
sampling formula.
Answer (C) is correct. Sample size is used to evaluate the actual
occurrence rate
(number of a particular attribute identified ÷ actual sample size) of
the attribute of
interest, such as a control deviation.
Answer (D) is incorrect. The finite population correction factor is
used to adjust
an initial computed sample size.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 251
Printed for Sanja Knezevic
[459] Gleim #: 5.3.31
An individual is an internal auditor for a car rental agency that
operates a fleet of
75,000 vehicles in 1,000 cities throughout North America. As a part of
an operational
audit, the auditor tested the impact of vehicle age on the incidence of
major repairs. A
computer program showed that 20% of the fleet has been in service
for more than
12 months. A sample of 375 is drawn based on
Confidence level = 95%
Expected rate of occurrence = 10%
Precision = ±3%
The records related to repairs completed after 12 months of service
for the selected
vehicles were reviewed to determine if major repairs were needed.
Assuming that all
other factors remain constant, how would sample size and achieved
precision be
affected by a change in confidence level from 95% to 90%?
Sample size would be smaller; achieved precision A. would be larger.
B. Both sample size and achieved precision would be larger.
C. Both sample size and achieved precision would be smaller.
D. Sample size would be larger; achieved precision would be
smaller.
Answer (A) is correct. Because the confidence coefficient of an
attribute test is
directly related to the sample size, a smaller coefficient would result
in a smaller
sample. Also, since sample size is inversely related to precision, a
larger precision
would result from using a smaller sample.
Answer (B) is incorrect. Sample size would be smaller, not larger.
Answer (C) is incorrect. Achieved precision would be larger, not
smaller.
Answer (D) is incorrect. The opposite is true: sample size would be
smaller and
achieved precision larger.
[460] Gleim #: 5.3.32
An internal auditor, testing to determine if a division is shipping goods
to customers
without making the prescribed credit check, decides to use attribute
sampling. Each
sales order in the sample is examined for credit approval. Using an
initial estimate of
the occurrence rate of 4%, desired precision of 2.5%, and a
confidence level of 95%,
the required sample size is 214. The total population size is 2,305.
Sample items are
selected, and seven sales without the required credit approval are
noted. Reducing the
desired confidence level from 95% to 90% will result in
A. Less achieved precision (i.e., higher than 2.5%) if the sample size
remains at 214.
B. An unchanged sample size if the desired precision remains at
2.5%.
C. A larger sample size if the desired precision remains at 2.5%.
D. A smaller sample size if the desired precision remains at 2.5%.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 252
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Lowering the confidence level while leaving
the sample size
unchanged will decrease achieved precision.
Answer (B) is incorrect. Lowering the confidence level while holding
precision
constant will allow the sample size to decrease.
Answer (C) is incorrect. Lowering the confidence level while holding
precision
constant will allow the sample size to decrease.
Answer (D) is correct. Because the confidence coefficient of an
attribute test is
directly related to the sample size, a smaller coefficient results in a
smaller sample
(holding all other factors constant).
[461] Gleim #: 5.3.33
An auditor applying a discovery-sampling plan with a 5% risk of
overreliance may
conclude that there is
A 95% probability that the actual rate of occurrence in the population
is less than
the critical rate if only one exception is found.
A.
A 95% probability that the actual rate of occurrence in the population
is less than
the critical rate if no exceptions are found.
B.
A 95% probability that the actual rate of occurrence in the population
is less than
the critical rate if the occurrence rate in the sample is less than the
critical rate.
C.
Greater than a 95% probability that the actual rate of occurrence in
the population
is less than the critical rate if no exceptions are found.
D.
Answer (A) is incorrect. The probability is 95% that the actual rate of
occurrence
is equal to or greater than the critical rate if one exception is found.
Answer (B) is correct. Discovery sampling is a form of attribute
sampling that is
appropriate when even a single deviation would be critical. The
sample size is
calculated so that it will include at least one instance of a deviation if
deviations
occur in the population at a given rate. If no exceptions are found,
the correct
conclusion is that the probability is 95% that the occurrence rate is
less than the
critical rate.
Answer (C) is incorrect. The probability is 95% that the actual rate is
equal to or
exceeds the critical rate if any exceptions are found.
Answer (D) is incorrect. The probability does not increase if no
exceptions are
found.
[462] Gleim #: 5.3.34
How does stop-or-go attribute sampling differ from fixed-sample-size
attribute
sampling?
Nonsampling A. error is smaller.
B. Total expected sample size will always be smaller.
C. Desired reliability does not have to be specified in advance.
D. It cannot be used to determine the assessed level of control risk.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 253
Printed for Sanja Knezevic
Answer (A) is incorrect. Nonsampling error is not affected by the
sampling method.
Answer (B) is correct. The objective of stop-or-go sampling,
sometimes called
sequential sampling, is to reduce the sample size when the auditor
believes the error
rate in the population is low. Thus, total expected sample size is
always lower for stoporgo sampling.
Answer (C) is incorrect. Both methods require desired reliability to
be specified in
advance.
Answer (D) is incorrect. It expresses the principal objective of stopor-go attribute
sampling.
[463] Gleim #: 5.3.35
What is the chief advantage of stop-or-go sampling?
The error rate in the population can be projected to within certain A.
precision limits.
Stop-or-go sampling may reduce the size of the sample that needs to
be taken
from a population, thus reducing sampling costs.
B.
Stop-or-go sampling allows sampling analysis to be performed on
populations that
are not homogeneous.
C.
Stop-or-go sampling allows the sampler to increase the confidence
limits of the
analysis without sacrificing precision.
D.
Answer (A) is incorrect. In stop-or-go sampling, only enough items
are examined
to permit the auditor to state that the error rate is below a
prespecified rate with a
prespecified level of confidence. Although other methods also
accomplish this
result, stop-or-go sampling has the advantage of greater efficiency.
Answer (B) is correct. The objective of stop-or-go sampling,
sometimes called
sequential sampling, is to reduce the sample size when the auditor
believes the
error rate in the population is low. Thus, it may reduce the sample
size because
sample items are examined only until enough evidence has been
gathered to reach
the desired conclusion.
Answer (C) is incorrect. Stratified sampling is more appropriate for
heterogeneous populations. Stop-or-go sampling might then be used
for each
stratum.
Answer (D) is incorrect. The confidence limits define precision. An
increase in
the confidence limits will result in a loss of precision (assuming
constant sample
size).
[464] Gleim #: 5.4.36
In a variables sampling application, which of the following will result
when
confidence level is changed from 90% to 95%?
A. Standard error of the mean will not be affected.
B. Nonsampling error will decrease.
C. Sample size will increase.
D. Point estimate of the arithmetic mean will increase.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 254
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The standard error of the mean is the
standard deviation of
the distribution of sample means. The larger the sample, the lower
the degree of
variability in the sample. An increase in confidence level from 90% to
95% requires a
larger sample. Thus, the standard error of the mean will be affected.
Answer (B) is incorrect. By definition, nonsampling error is
unaffected by changes in
sampling criteria.
Answer (C) is correct. In any sampling application (attribute or
variables), an increase
in the confidence level requires a larger sample.
Answer (D) is incorrect. The estimate of the mean may increase or
decrease if sample
size changes.
[465] Gleim #: 5.4.37
In selecting a sample of items for variables testing, an auditor must
consider the
desired precision, the standard deviation, and the
Recorded monetary amount A. of the population.
B. Acceptable risk level.
C. Expected occurrence rate.
D. Sampling interval.
Answer (A) is incorrect. The recorded monetary amount is not
needed for
variables testing.
Answer (B) is correct. Four factors determine the size of a classical
variables
sample: the confidence coefficient, the estimated standard deviation
of the
population, the population size, and the tolerable misstatement
(desired precision).
Answer (C) is incorrect. The expected occurrence rate is a factor in
the samplesize
formula for attribute sampling.
Answer (D) is incorrect. The sampling (skip) interval is the dollar
interval
calculated for monetary-unit sampling.
[466] Gleim #: 5.4.38
If all other factors in a sampling plan are held constant, changing the
measure of
tolerable misstatement to a smaller value will cause the sample size
to be
A. Smaller.
B. Larger.
C. Unchanged.
D. Indeterminate.
Answer (A) is incorrect. The relationship is inverse.
Answer (B) is correct. The size of the precision interval in a
variables test is
based upon the tolerable misstatement that is determined by
materiality
judgments. As this value decreases, for example, because of a
decrease in
tolerable misstatement, the size of the required sample increases
accordingly, and
vice versa. Hence, tolerable misstatement (precision) and sample
size are
inversely related.
Answer (C) is incorrect. The relationship is inverse.
Answer (D) is incorrect. The relationship is inverse.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 255
Printed for Sanja Knezevic
[467] Gleim #: 5.4.39
Using mean-per-unit sampling to estimate the value of inventory, an
internal auditor
had the following results:
Projected inventory value US $3,000,000
Confidence level 95%
Confidence interval $2,800,000 to $3,200,000
Standard error $100,000
Z-value (approximate) 2.0
Precision $200,000
The recorded value of inventory was US $3,075,000. Which of the
following changes
will result in a narrower confidence interval?
An increase in the confidence level A. from 95% to 99%.
B. A decrease in the confidence level from 95% to 90%.
C. A decrease in the allowable risk of incorrect rejection.
D. An increase in the precision.
Answer (A) is incorrect. Increasing the confidence level results in a
wider
confidence interval if the standard error is constant.
Answer (B) is correct. Decreasing the confidence level of any
variables sample
allows the auditor to narrow the confidence interval.
Answer (C) is incorrect. Decreasing the allowable risk of incorrect
rejection (the
complement of the confidence level) increases the confidence level
and results in
a wider confidence interval if the standard error is constant.
Answer (D) is incorrect. Increasing the precision makes the
confidence interval
wider.
[468] Gleim #: 5.4.40
Using mean-per-unit sampling to estimate the value of inventory, an
internal auditor
had the following results:
Projected inventory value US $3,000,000
Confidence level 95%
Confidence interval $2,800,000 to $3,200,000
Standard error $100,000
Z-value (approximate) 2.0
Precision $200,000
The recorded value of inventory was US $3,075,000. If the internal
auditor had used
nonstatistical sampling instead of statistical sampling, which of the
following would
be true?
A. The confidence level could not be quantified.
B. The precision would be larger.
C. The projected value of inventory would be less reliable.
D. The risk of incorrect acceptance would be higher.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 256
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. One advantage of statistical sampling is that it
allows the
auditor to quantify sampling risk and the confidence level. An auditor
should never
attempt to quantify the sampling risk or confidence level of a
nonstatistically drawn
sample.
Answer (B) is incorrect. Unless the auditor uses statistical sampling,
(s)he cannot
quantify precision.
Answer (C) is incorrect. Nonstatistical sampling does not always
result in less reliable
estimates. However, reliability cannot be quantified.
Answer (D) is incorrect. The risk of incorrect acceptance is not
quantified in
nonstatistical sampling.
[469] Gleim #: 5.4.41
An auditor is using the mean-per-unit method of variables sampling
to estimate the
correct total value of a group of inventory items. Based on the
sample, the auditor
estimates, with precision of ±4% and confidence of 90%, that the
correct total is
US $800,000. Accordingly,
There is a 4% chance that the actual correct total is less than US
$720,000 or more
than US $880,000.
A.
The chance that the actual correct total is less than US $768,000 or
more than
US $832,000 is 10%.
B.
The probability that the inventory is not significantly overstated is
between 6%
and 14%.
C.
The inventory is not likely to be overstated by more than 4.4% (US
$35,200) or
understated by more than 3.6% (US $28,800).
D.
Answer (A) is incorrect. The precision, not the confidence level, is
±4%.
Answer (B) is correct. A 90% confidence level implies that 10% of
the time the
true population total will be outside the computed range. Precision of
±4% gives
the boundaries of the computed range: US $800,000 × 4% = US
$32,000. Hence,
the range is US $768,000 to US $832,000.
Answer (C) is incorrect. Precision is a range of values, not the
probability
(confidence level) that the true value will be included within that
range.
Answer (D) is incorrect. The precision percentage is not multiplied
by the
confidence percentage.
[470] Gleim #: 5.4.42
When relatively few items of high monetary value constitute a large
proportion of an
account balance, stratified sampling techniques and complete testing
of the high
monetary-value items will generally result in a
Simplified evaluation A. of sample results.
B. Smaller nonsampling error.
C. Larger estimate of population variability.
D. Reduction in sample size.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 257
Printed for Sanja Knezevic
Answer (A) is incorrect. While stratifying reduces sample size,
stratification requires
a combination of sample results from more than one sample, in
contrast to simple
random sampling.
Answer (B) is incorrect. A nonsampling error is an error in
“performing” audit
procedures, which is independent of sample selection.
Answer (C) is incorrect. Stratified sampling, when properly used, will
result in a
smaller estimate of population variability.
Answer (D) is correct. Stratifying a population means dividing it into
subpopulations,
thereby reducing sample size. Stratifying allows for greater emphasis
on larger or more
important items.
[471] Gleim #: 5.4.43
To use stratified variables sampling to evaluate a large,
heterogeneous inventory, an
appropriate criterion for classifying inventory items into strata is
A. Monetary values.
B. Number of items.
C. Turnover volume.
D. Storage locations.
Answer (A) is correct. In variables sampling, the objective is to
estimate the
dollar value of the population, in this case, inventory. Strata based on
dollar
values are the usual population characteristic.
Answer (B) is incorrect. Monetary values are the usual characteristic
to create
strata in variables sampling, not number of items.
Answer (C) is incorrect. Turnover volume is a characteristic of
interest in
attribute sampling but not in variables sampling.
Answer (D) is incorrect. Storage location is not a relevant
characteristic when
creating strata for variables sampling.
[472] Gleim #: 5.4.44
Which one of the following is not an important consideration in
determining the
appropriate sample size?
A. Whether the sample is designed to estimate a mean or a
proportion.
B. The amount of variability in the population under study.
C. The sensitivity of the decision using this sample to errors of
estimation.
D. The cost per sample observation.
Answer (A) is correct. Difference and ratio estimation use the same
variables
sampling formula. Hence, sample size considerations are the same
for both.
Answer (B) is incorrect. The greater the variability, the greater the
required
sample size.
Answer (C) is incorrect. The more sensitive the decision is to
estimation errors,
the greater the appropriate sample size.
Answer (D) is incorrect. In accordance with the cost-benefit
principle, the greater
the cost per observation, the smaller the appropriate sample size.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 258
Printed for Sanja Knezevic
fb.com/ciaaofficial
[473] Gleim #: 5.4.45
Difference estimation sampling would be appropriate to use to
project the monetary
error in a population if
Subsidiary ledger book balances for some individual inventory items
are
unknown.
A.
Virtually no differences between the individual carrying amounts and
the audited
amounts exist.
B.
A number of nonproportional differences between carrying amounts
and audited
amounts exist.
C.
Observed differences between carrying amounts and audited
amounts are
proportional to carrying amounts.
D.
Answer (A) is incorrect. Individual carrying amounts must be known
to use
difference estimation.
Answer (B) is incorrect. Sufficient misstatements must exist to
generate a reliable
sample.
Answer (C) is correct. Difference estimation of population error
entails
determining the differences between the audit and carrying amounts
for items in
the sample, calculating the mean difference, and multiplying the
mean by the
number of items in the population. This method is used when the
population
contains sufficient misstatements to provide a reliable sample and
when
differences between carrying and audit amounts are not proportional.
If
differences are proportional, ratio estimation is used. A sufficient
number of
nonproportional errors must exist to generate a reliable sample
estimate.
Answer (D) is incorrect. Ratio estimation is appropriate for
proportional
differences.
[474] Gleim #: 5.4.46
Ratio estimation sampling would be inappropriate to use to project
the monetary error
in a population if
The recorded carrying amounts and audited amounts are
approximately
proportional.
A.
A number of observed differences exist between carrying amounts
and audited
amounts.
B.
Observed differences between carrying amounts and audited
amounts are
proportional to carrying amounts.
C.
Subsidiary ledger book balances for some inventory D. items are
unknown.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 259
Printed for Sanja Knezevic
Answer (A) is incorrect. Proportional relationships tend to support
the use of ratio
estimation.
Answer (B) is incorrect. A minimum number of differences must be
present to use
ratio estimation.
Answer (C) is incorrect. The existence of proportional differences
favors the use of
ratio estimation.
Answer (D) is correct. Ratio estimation is similar to difference
estimation except that
it estimates the population error by multiplying the carrying amount of
the population
by the ratio of the total audit amount of the sample items to their total
carrying amount.
It has been demonstrated that both ratio and difference estimation
are reliable and
efficient when small errors predominate and the errors are not
skewed. Moreover, audit
amounts should be proportional to carrying amounts. Consequently,
ratio estimation
requires that carrying amounts be known.
[475] Gleim #: 5.4.47
Which of the following techniques could be used to estimate the
standard deviation for
a sampling plan?
Difference A. estimation.
B. Pilot sample.
C. Regression.
D. Discovery sampling.
Answer (A) is incorrect. Difference estimation is a type of variables
sampling
plan that calculates the mean difference between audit and recorded
amounts in
the sample and then multiplies by the number of items in the
population. It is not a
technique for estimating the standard deviation.
Answer (B) is correct. Auditors may use the standard deviation of a
pilot sample
to estimate the standard deviation of a population.
Answer (C) is incorrect. Auditors use regression (an extension of
correlation
analysis) to project balances of accounts or other populations.
Answer (D) is incorrect. Discovery sampling is a type of attribute
sampling plan
used for detection of critical deviations. Attribute sampling applies to
binary
(yes/no or error/nonerror) propositions.
[476] Gleim #: 5.4.48
When an internal auditor uses monetary-unit statistical sampling to
examine the total
value of invoices, each invoice
A. Has an equal probability of being selected.
B. Can be represented by no more than one monetary unit.
C. Has an unknown probability of being selected.
D. Has a probability proportional to its monetary value of being
selected.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 260
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Each monetary unit, not each invoice, has
an equal
probability of being selected (unless all invoices are for the same
amount).
Answer (B) is incorrect. It is possible for two or more monetary units
to be selected
from the same item; e.g., a US $4,500 item will be represented by
four monetary units
if every 1,000th dollar is selected.
Answer (C) is incorrect. The probability of selection can be
calculated using the
monetary value of the item and the monetary value of the population.
Answer (D) is correct. Monetary-unit sampling, also called
probability-proportionaltosize sampling, results in the selection of every nth monetary unit.
Thus, a US $1,000
item is 1,000 times more likely to be selected than a US $1 monetary
unit item. The
probability of selection of a sampled item is directly proportional to
the size of the
item.
[477] Gleim #: 5.4.49
Monetary-unit sampling (MUS) is most useful when the internal
auditor
Is testing the accounts A. payable balance.
B. Cannot cumulatively arrange the population items.
C. Expects to find several material misstatements in the sample.
D. Is concerned with overstatements.
Answer (A) is incorrect. An audit of accounts payable is primarily
concerned
with understatements.
Answer (B) is incorrect. The items in the population must be
arranged by
cumulative monetary total. The first monetary unit is chosen
randomly, the second
equals the random start plus the sample interval in monetary units,
etc.
Answer (C) is incorrect. As the expected amount of misstatement
increases, the
MUS sample size increases. MUS may also overstate the upper
misstatement limit
when misstatements are found. The result might be rejection of an
acceptable
balance.
Answer (D) is correct. MUS, also called probability-proportional-tosize (PPS)
sampling, is a modified version of attribute sampling that relates
deviation rates to
monetary amounts. It uses the monetary unit as the sampling unit.
MUS is
appropriate for testing account balances, such as those for inventory
and
receivables, in which some items may be far larger than others in the
population.
In effect, MUS stratifies the population because the larger account
balances have a
greater chance of being selected.
[478] Gleim #: 5.4.50
The use of probability-proportional-to-size sampling is inefficient if
A. Bank accounts are being examined.
B. Statistical inferences are to be made.
C. Each account is of equal importance.
D. The number of sampling units is large.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 261
Printed for Sanja Knezevic
Answer (A) is incorrect. PPS sampling could be appropriate in an
examination of
bank accounts if larger items are more important than smaller items
(which is usually
true in variables sampling).
Answer (B) is incorrect. PPS sampling permits statistical inferences
to be made.
Answer (C) is correct. Probability-proportional-to-size sampling, also
called
monetary-unit sampling, gives greater weight to larger, more
significant items. If all
items are of the same importance, PPS is inappropriate.
Answer (D) is incorrect. PPS sampling could be appropriate with a
large number of
sampling units if larger items are more important than smaller items.
[479] Gleim #: 5.4.51
Which of the following factors would most likely preclude the auditor
from using
monetary-unit sampling?
The auditor expects to find a limited number of understatements of
individual
account balances.
A.
The auditor expects to find that a large percentage of items sampled
have
misstatements.
B.
Individual accounts are not assigned a number, but are listed only C.
alphabetically.
The auditor expects to find more errors in the larger dollar value
items than in the
smaller dollar value items.
D.
Answer (A) is incorrect. Monetary-unit sampling can effectively
handle a small
number of understatement errors.
Answer (B) is correct. Monetary-unit sampling, also called
probabilityproportionalto-size sampling, combines attribute and variables sampling
techniques. It uses the monetary unit as the sampling unit and
effectively stratifies
the population because larger items are more likely to be selected.
Monetary-unit
sampling is most useful when few misstatements are expected and
overstatements
are more likely than understatements.
Answer (C) is incorrect. Account numbers do not have to be
assigned to use
monetary-unit sampling.
Answer (D) is incorrect. Misstatements in larger balances indicate
that monetaryunit
sampling should be used.
[480] Gleim #: 5.4.52
An internal auditor is planning to use monetary-unit sampling for
testing the monetary
value of a large accounts receivable population. The advantages of
using monetaryunit
sampling (MUS) include all of the following except that it
Is an efficient model for establishing that a low error rate population
is not
materially misstated.
A.
Does not require the normal distribution approximation required by
variables
sampling.
B.
Can be applied to a group of accounts because the sampling units
are
homogenous.
C.
Results in a smaller sample size than classical variables sampling for
larger
numbers of misstatements.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 262
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. MUS is efficient when few misstatements
are expected.
Answer (B) is incorrect. MUS does not assume normally distributed
populations.
Answer (C) is incorrect. MUS uses monetary units as sampling
units.
Answer (D) is correct. MUS, also called probability-proportional-tosize (PPS)
sampling, is a modified version of attribute sampling that relates
deviation rates to
monetary amounts. It uses a monetary unit as the sampling unit. In
effect, MUS
stratifies the population because the larger account balances have a
greater chance of
being selected. However, as the number of expected misstatements
increases, MUS
requires a larger sample size than classical variables sampling.
[481] Gleim #: 5.4.53
What effect does an increase in the standard deviation have on the
required sample
size of mean-per-unit estimation and probability-proportional-to-size
sampling?
Assume no change in any of the other characteristics of the
population and no change
in desired precision and confidence.
Probability
Mean-per-Unit Estimation Proportional to Size
A. Increase in sample size Increase in sample size
B. No change in sample size Decrease in sample size
C. Increase in sample size No change in sample size
D. Decrease in sample size No change in sample size
Answer (A) is incorrect. An increase in standard deviation has no
effect on the
required sample size for PPS sampling.
Answer (B) is incorrect. An increase in standard deviation increases
sample size
for mean-per-unit estimation but has no effect on the required
sample size for PPS
sampling.
Answer (C) is correct. An increase in the standard deviation reflects
an increase
in the variability of the population. This increase in the variability of
the sampling
units increases sample size in a mean-per-unit test. However, a
change in the
standard deviation has no effect on the required sample size when
PPS sampling
is used because the sampling units (monetary units) are not variable.
Answer (D) is incorrect. An increase in standard deviation increases
sample size
for mean-per-unit estimation.
[482] Gleim #: 5.4.54
In which of the following situations will monetary-unit sampling be
more effective
and efficient than ratio estimation?
The population contains a large number of differences between the
recorded
amount and the actual amount.
A.
The population is expected to contain few differences between the
recorded
amount and the actual amount.
B.
The population has a high degree of variability C. in monetary
amount.
D. The population has a low degree of variability in monetary
amount.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 263
Printed for Sanja Knezevic
Answer (A) is incorrect. Monetary-unit sampling, also called
probability-proportionaltosize sampling, is inefficient compared with classical variables
sampling when many
differences exist.
Answer (B) is correct. Monetary-unit sampling, also called
probability-proportionalto-
size sampling, is especially efficient and effective when the
population contains few
differences. However, variables sampling approaches (e.g., ratio
estimation) tend to be
more efficient (samples are smaller) as the amount of misstatement
increases.
Monetary-unit sampling is also inefficient when understatements and
negative
amounts are expected.
Answer (C) is incorrect. A high degree of variability in the monetary
amount of items
in the population is not a basis for preferring one of these methods to
another.
Answer (D) is incorrect. A low degree of variability in the monetary
amount of items
in the population is not a basis for preferring one of these methods to
the other.
[483] Gleim #: 5.5.55
An auditor for the state highway and safety department needs to
estimate the average
highway weight of tractor-trailer trucks using the state’s highway
system. Which
estimation method must be used?
A. Mean-per-unit.
B. Difference.
C. Ratio.
D. Probability-proportional-to-size.
Answer (A) is correct. Mean-per-unit sampling estimates the
average value of
population items, in this case, truck weight.
Answer (B) is incorrect. Difference estimation compares recorded
and audit
amounts. Recorded amounts are not relevant to the current
procedure.
Answer (C) is incorrect. Ratio estimation compares recorded and
audit amounts.
Recorded amounts are not relevant to the current procedure.
Answer (D) is incorrect. Probability-proportional-to-size estimation
compares
recorded and audit amounts. Recorded amounts are not relevant to
the current
procedure.
[484] Gleim #: 5.5.56
An auditor is designing a sampling plan to test the accuracy of daily
production reports
over the past 3 years. All of the reports contain the same information
except that
Friday reports also contain weekly totals and are prepared by
managers rather than by
supervisors. Production normally peaks near the end of a month. If
the auditor wants
to select two reports per month using an interval sampling plan,
which of the
following techniques reduces the likelihood of bias in the sample?
A. Estimating the error rate in the population.
B. Using multiple random starts.
C. Increasing the confidence level.
D. Increasing the precision.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 264
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Estimating the deviation rate in the
population has no effect
on bias. Bias is related to the selection method.
Answer (B) is correct. Systematic (interval) sampling involves
choosing a random
start and then selecting subsequent items at fixed intervals.
However, if the population
is not random, for example, because it exhibits cyclical variation, the
results will be
biased. This bias may be overcome by taking repeated systematic
samples, each with a
random start. In effect, each possible systematic sample in the
population is a cluster.
Thus, the repeated systematic samples, each with a random start,
constitute a random
sample of clusters.
Answer (C) is incorrect. Increasing the confidence level has no
effect on bias.
Answer (D) is incorrect. Increasing the precision has no effect on
bias.
[485] Gleim #: 5.5.57
Systematic selection can be expected to produce a representative
sample when
Random number tables are used to determine the items included A.
in the sample.
B. The population is arranged randomly with respect to the audit
objective.
The sample is determined using multiple random starts and includes
more items
than required.
C.
D. Judgmental sampling is used by the auditor to offset any sampling
bias.
Answer (A) is incorrect. Systematic selection is random only with
respect to the
start.
Answer (B) is correct. A sample selected using a systematic
sampling procedure
and a random start will behave as if it were a random sample when
the population
is randomly ordered with respect to the audit objective. Sampling
bias due to
systematic selection will be small when the population items are not
arranged in a
pattern.
Answer (C) is incorrect. The number of items in a sample is not
relevant to the
procedures used to select the specific items in the sample. The use
of multiple
random starts might increase the chance that a sample will behave
randomly, but
only if the population is arranged randomly.
Answer (D) is incorrect. Judgmental sampling will not increase the
randomness
of a sample but will introduce sampling bias into the sample.
[486] Gleim #: 5.5.58
The most appropriate methodology for drawing a sample from 3,000
time cards to
check for signatures would be
A. Interval sampling.
B. Cluster sampling.
C. Stratified sampling.
D. Variables sampling.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 265
Printed for Sanja Knezevic
Answer (A) is correct. Systematic (interval) sampling is
accomplished by selecting a
random start and taking every nth item in the population, if n is the
sampling interval,
computed by dividing the population by the size of the sample. The
random start
should be within the first interval. A systematic sampling plan
assumes the items are
arranged randomly in the population. If the auditor discovers that this
is not true, a
random selection method should be used. The population of time
cards may be in
random order.
Answer (B) is incorrect. The time cards are not arranged in clusters
(blocks).
Answer (C) is incorrect. The time cards are not arranged in strata or
subpopulations.
Answer (D) is incorrect. The purpose of the sample is to estimate
the rate at which a
control (presumably supervisors’ signatures) has been applied, not
the value of the
population.
[487] Gleim #: 5.5.59
An auditor is testing on a company’s large, normally distributed
accounts receivable
file. The objectives of the audit are to test end-of-period monetary
balances and
accounts receivable posting exception (error) rates. The accounts
receivable file
contains a large number of small monetary balances and a small
number of large
monetary balances, and the auditor expects to find numerous errors
in the account
balances. The most appropriate sampling technique to estimate the
monetary amount
of errors is
Difference or A. ratio estimation.
B. Unstratified mean-per-unit.
C. Probability-proportional-to-size.
D. Attribute.
Answer (A) is correct. Difference estimation calculates the average
difference
between the audit and recorded amounts of sample items and
multiplies by the
number of items in the population. Ratio estimation multiplies the
recorded
amount of the population by the ratio of the observed amount of the
sample to its
total recorded amount. These methods are useful when small errors
predominate
and the errors are not skewed. If the number of errors is small, a very
large sample
is required to provide a representative difference between audit and
recorded
amounts.
Answer (B) is incorrect. Mean-per-unit estimation is used to project
a total
monetary amount by multiplying the mean sample value by the
number of items in
the population. Unstratified means that the population is not divided
into
subpopulations. This method is inappropriate when many small
balance account
errors exist.
Answer (C) is incorrect. Probability-proportional-to-size sampling is
used for
estimating monetary amounts of errors when the expected error
frequency is low.
Because the sampling unit is the monetary unit, this method
increases the
likelihood of selecting large items.
Answer (D) is incorrect. Attribute sampling does not involve
estimation of
monetary amounts.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 266
Printed for Sanja Knezevic
fb.com/ciaaofficial
[488] Gleim #: 5.5.60
An auditor is testing on a company’s large, normally distributed
accounts receivable
file. The objectives of the audit are to test end-of-period monetary
balances and
accounts receivable posting exception (error) rates. The expected
population exception
rate is 3% for the accounts receivable posting processes. If the
auditor has established
a 5% tolerable rate, the auditor would use which sampling plan for
testing the actual
exception rate?
Difference or mean-A. per-unit estimation.
B. Discovery.
C. Stratified.
D. Attribute.
Answer (A) is incorrect. Difference or mean estimation is used when
sampling
for monetary values.
Answer (B) is incorrect. Discovery sampling is only used when
exception rates
are expected to be very low.
Answer (C) is incorrect. Stratified sampling arranges populations for
more
efficient sampling.
Answer (D) is correct. The accounts receivable posting exception
rate would be
determined using attribute sampling. Attribute sampling is used for
applications
involving binary (yes/no or right/wrong) propositions. Whether an
item has been
posted requires a yes/no answer.
[489] Gleim #: 5.5.61
An auditor is testing on a company’s large, normally distributed
accounts receivable
file. The objectives of the audit are to test end-of-period monetary
balances and
accounts receivable posting exception (error) rates. To test the
accounts receivable file
to compute an estimated monetary total, the auditor could use any
one of the following
sampling techniques except
A. Difference or ratio estimation.
B. Unstratified mean-per-unit estimation.
C. Probability-proportional-to-size sampling.
D. Attribute sampling.
Answer (A) is incorrect. Difference or ratio estimation can be used
to estimate
population dollar values. Both methods involve determining the
difference
between the audit and recorded amounts of items in the sample.
Answer (B) is incorrect. Mean-per-unit estimation averages audit
values and
multiplies them by the units in the population to estimate the account
balance.
Answer (C) is incorrect. Probability-proportional-to-size sampling
uses the
monetary unit as the sampling unit. It is a means of testing account
balances.
Answer (D) is correct. Attribute sampling is used for applications
involving
binary (yes/no or right/wrong) propositions. Attribute sampling does
not involve
estimation of monetary amounts.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 267
Printed for Sanja Knezevic
[490] Gleim #: 5.5.62
An internal auditor uses a number of techniques to select samples. A
frequently, and
appropriately, used technique is random selection. In which of the
following situations
would random selection be least justified? The auditor needs to
Test sales transactions to determine that they were properly
authorized and are
supported by shipping documents.
A.
Confirm accounts receivable and has already selected the 10 largest
accounts for
confirmation. The remaining accounts are not numbered. The auditor
only has a
computer listing of the accounts in alphabetical order approximately
250 pages
long with 50 account balances on every page.
B.
Obtain evidence on the proper sales cut-off by sampling items from
the monthly
sales journal to determine if the items were recorded in the correct
time period.
C.
Test the perpetual inventory records to ensure that the sample
covers the largest
monetary value items in the account.
D.
Answer (A) is incorrect. Testing controls over sales is ideal for
random selection.
This type of sampling provides evidence about the quality of
processing
throughout the year.
Answer (B) is incorrect. Confirming receivables is appropriate for
use of random
selection. Individual account balances could be selected by using
probabilityproportionalto-size (monetary-unit) sampling or by randomly choosing a page
number and then selecting an account item (1-50) on each page.
Answer (C) is correct. A sales cutoff test is the least justified
situation for use of
random selection because the auditor is concerned that the monthly
sales journal
has been held open to record the next month sales. The auditor
should select
transactions from the latter part of the month and examine supporting
evidence to
determine if they were recorded in the proper period.
Answer (D) is incorrect. The auditor can audit the largest monetaryvalue items
and then randomly sample small items.
[491] Gleim #: 5.5.63
The auditor wishes to sample the perpetual inventory records to
develop an estimate of
the monetary amount of misstatement, if any, in the account balance.
The account
balance is made up of a large number of small-value items and a
small number of
large-value items. The auditor has decided to audit all items over US
$50,000 plus a
random selection of others. This audit decision is made because the
auditor expects to
find a large amount of errors in the perpetual inventory records but is
not sure that it
will be enough to justify taking a complete physical inventory. The
auditor expects the
errors to vary directly with the value recorded in the perpetual
records. The most
efficient sampling procedure to accomplish the auditor’s objectives is
Monetary-A. unit sampling.
B. Ratio estimation.
C. Attribute sampling.
D. Stratified mean-per-unit sampling.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 268
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Monetary-unit (probability-proportional-tosize) sampling
becomes less accurate when many errors are expected.
Answer (B) is correct. Ratio estimation estimates the population
misstatement by
multiplying the recorded amount of the population by the ratio of the
total audit
amount of the sample to its total recorded amount. It is reliable and
efficient when
small errors predominate and are not skewed. Thus, ratio estimation
should be used in
this situation because the auditor is not sampling the very large items
and the errors are
not skewed (they vary directly with the size of the recorded values).
Answer (C) is incorrect. Attribute sampling is not used to estimate a
monetary
amount.
Answer (D) is incorrect. Mean-per-unit (MPU) variables sampling
averages audit
values in the sample and multiplies by the number of items in the
population to
estimate the population value. When many errors are expected, MPU
and stratified
MPU are not as efficient as ratio estimation.
[492] Gleim #: 5.5.64
An auditor is conducting a survey of perceptions and beliefs of
employees concerning
an organization health care plan. The best approach to selecting a
sample is to
Focus on people who are likely to respond so that a larger sample A.
can be obtained.
Focus on managers and supervisors because they can also reflect
the opinions of
the people in their departments.
B.
Use stratified sampling where the strata are defined by marital and
family status,
age, and salaried/hourly status.
C.
D. Use monetary-unit sampling according to employee salaries.
Answer (A) is incorrect. This convenience sample is likely to
emphasize people
with the time to respond at the expense of employees who are too
busy with
company work to respond.
Answer (B) is incorrect. Managers and supervisors often do not
have the same
needs and perceptions as their subordinates and also often
misperceive the views
of employees.
Answer (C) is correct. Stratified sampling divides a population into
subpopulations, thereby permitting the application of different
techniques to each
stratum. This approach reduces the effect of high variability if the
strata are
selected so that variability among the strata is greater than variability
within each
stratum. For example, one expects to find greater similarities among
married
people than between married people and unmarried people.
Answer (D) is incorrect. The survey tests perceptions and beliefs,
not monetary
amounts.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 269
Printed for Sanja Knezevic
[493] Gleim #: 5.5.65
The appropriate sampling plan to use to identify at least one
irregularity, assuming
some number of such irregularities exist in a population, and then to
discontinue
sampling when one irregularity is observed is
A. Stop-or-go sampling.
B. Discovery sampling.
C. Variables sampling.
D. Attribute sampling.
Answer (A) is incorrect. Stop-or-go sampling is a variant of attribute
sampling
intended to reduce sample sizes when the population is relatively
deviation free. It
allows for discontinuing sampling when few or no errors are found or
for
expanding the sample if the initial sample does not provide sufficient
assurance.
Answer (B) is correct. Discovery sampling is a form of attribute
sampling applied
when a control is critical and a single deviation is important, for
example,
commission of a material fraud. The expected deviation rate should
be at or near
zero, and the sample size is calculated so that the sample will
include at least one
example of a deviation if it occurs in the population at a given rate.
Answer (C) is incorrect. Variables sampling estimates the value of a
population.
Answer (D) is incorrect. Most attribute sampling applications are not
discontinued when a single deviation is found.
[494] Gleim #: 5.5.66
A bank’s internal auditor wishes to determine whether all loans are
supported by
sufficient collateral, properly aged regarding current payments, and
accurately
categorized as current or noncurrent. The best audit procedure to
accomplish these
objectives would be to
Use generalized audit software to read the total loan file, age the file
by last
payment due, and extract a statistical sample stratified by the current
and aged
population. Examine each loan selected for proper collateralization
and aging.
A.
Select a block sample of all loans in excess of a specified monetary
limit and
determine if they are current and properly categorized. For each loan
approved,
verify aging and categorization.
B.
Select a discovery sample of all loan applications to determine
whether each
application contains a statement of collateral.
C.
Select a sample of payments made on the loan portfolio and trace
them to loans to
see if the payments are properly applied. For each loan identified,
examine the
loan application to determine that the loan has proper
collateralization.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 270
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. In some cases, stratifying the population is
done to reduce the
effect of high variability by dividing the population into
subpopulations. Reducing the
variance within each subpopulation allows the auditor to sample a
smaller number of
items while holding precision and confidence level constant. This
procedure is the
most appropriate in this situation because it takes a sample from the
total loan file and
tests to determine that each sampling unit is properly categorized as
well as properly
collateralized and aged.
Answer (B) is incorrect. Block sampling (cluster sampling) randomly
selects groups
of items as the sampling units. For this plan to be effective, variability
within the
blocks should be greater than variability among them. If blocks of
homogeneous
samples are selected, the sample will be biased. Furthermore, this
sample only consists
of large loan amounts and does not test for proper collateralization.
Answer (C) is incorrect. Discovery sampling is a form of attribute
sampling used to
identify critical deviations in a population. The occurrence rate is
assumed to be at or
near 0%, and the method cannot be used to evaluate results
statistically if deviations
are found in the sample. Hence, discovery sampling is used for tests
of controls, but it
is appropriate only when one deviation is critical. Moreover, this
procedure is
inefficient because it samples from loan applications, not loans
approved.
Answer (D) is incorrect. This procedure is ineffective. It is based
only on loans for
which payments are currently being made. It does not include loans
that should have
been categorized differently because payments are not being made.
It also does not
address whether the loans are properly classified as current or
noncurrent.
[495] Gleim #: 5.5.67
Which sampling plan requires no additional sampling once the first
error is found?
A. Stratified sampling.
B. Attribute sampling.
C. Stop-or-go sampling.
D. Discovery sampling.
Answer (A) is incorrect. Stratifying the population is done to reduce
the effect of
high variability by dividing the population into subpopulations. It is not
concerned
with errors in the population, and sampling would not stop when the
first error is
encountered.
Answer (B) is incorrect. The goal of attribute sampling is to arrive at
an estimate
of the rate of occurrence of some characteristic in a population.
Hence, the entire
sample size must be taken, regardless of when the first error occurs.
Answer (C) is incorrect. Stop-or-go sampling is a sequential
sampling procedure.
The next step is determined by the results of the previous step. Once
a step is
initiated, it is carried out until it is completed. Each phase of the
sample is
conducted without reference to when the first error is observed.
Answer (D) is correct. Discovery sampling is a form of attribute
sampling used to
identify critical deviations in a population. The occurrence rate is
assumed to be at
or near 0%, and the method cannot be used to evaluate results
statistically if
deviations are found in the sample. Hence, discovery sampling is
used for tests of
controls, but it is appropriate only when one deviation is critical. The
sample size
is calculated so that the sample will contain at least one example of a
deviation if
it occurs in the population at a given rate.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 271
Printed for Sanja Knezevic
[496] Gleim #: 5.5.68
The supervisor of claims processing for a health insurance firm
selects all claims
processed in the past 2 days by a particular employee for audit.
From this sample, the
supervisor can develop
An overall representative view of employee A. work for the year.
B. A quantification of sampling error.
C. Conclusions about the correctness of processing for the
department.
D. An understanding of the details contained in the processing task.
Answer (A) is incorrect. The sample is not representative of the
employee’s work
for the whole year.
Answer (B) is incorrect. The sample is a judgment, not a statistical,
sample.
Answer (C) is incorrect. Conclusions about the whole department
cannot be
drawn from a sample of one employee’s work.
Answer (D) is correct. The auditor has used judgment sampling, not
statistical
sampling. Thus, (s)he cannot quantitatively assess precision and
confidence level
and therefore is precluded from drawing valid statistical inferences
about the
population. However, this sample should assist the auditor in
obtaining a
preliminary understanding of the system and in determining whether
a statistical
sample will be needed.
[497] Gleim #: 5.5.69
When an internal auditor’s sampling objective is to obtain a
measurable assurance that
a sample will contain at least one occurrence of a specific critical
exception existing in
a population, the sampling approach to use is
A. Random.
B. Discovery.
C. Probability-proportional-to-size.
D. Variables.
Answer (A) is incorrect. Random sampling is a method used to
choose the
sample.
Answer (B) is correct. Discovery sampling is a form of attribute
sampling used to
identify critical deviations in a population. The occurrence rate is
assumed to be at
or near 0%, and the method cannot be used to evaluate results
statistically if
deviations are found in the sample. Hence, discovery sampling is
used for tests of
controls, but it is appropriate only when one deviation is critical. The
sample size
is calculated so that the sample will contain at least one example of a
deviation if
it occurs in the population at a given rate.
Answer (C) is incorrect. Probability-proportional-to-size (monetaryunit)
sampling is a modified version of attribute sampling that relates
deviation rates to
monetary amounts.
Answer (D) is incorrect. Variables sampling is used to estimate the
value of a
population, not the occurrence rate of deviations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 272
Printed for Sanja Knezevic
fb.com/ciaaofficial
[498] Gleim #: 5.5.70
Assume the internal auditor becomes concerned that significant
fraud may be taking
place by dentists who are billing the health care processor for
services that were not
provided. For example, employees may have their teeth cleaned, but
the dentist
charges the processor for pulling teeth and developing dentures. The
most effective
procedure to determine whether such a fraud exists is to
Develop a schedule of payments made to individual dentists. Verify
that payments
were made to the dentists by confirming the payments with the
health care
processor.
A.
Take a random sample of payments made to dentists and confirm the
amounts
paid with the dentists’ offices to determine that the amounts agree
with the
amounts billed by the dentists.
B.
Take a random sample of claims submitted by dentists and trace
through the
system to determine whether the claims were paid at the amounts
billed.
C.
Take a discovery sample of employee claims that were submitted
through dentist
offices, and confirm the type of service performed by the dentist
through direct
correspondence with the employee who had the service performed.
D.
Answer (A) is incorrect. Developing a schedule of payments and
verifying that
the payments were made does not reveal whether the claims were
proper or
fraudulent.
Answer (B) is incorrect. Verifying that dentists were paid the
amounts that they
billed does not reveal whether the claims were proper or fraudulent.
Answer (C) is incorrect. Verifying that claims were paid at the
amounts billed
does not reveal whether the claims were proper or fraudulent.
Answer (D) is correct. A discovery sample is used to identify critical
errors or
irregularities, that is, when a single deviation is critical. This method
cannot be
used to evaluate the results statistically if deviations are found.
Because dentists
are suspected of filing fraudulent claims, the auditor should take a
discovery
sample of employee claims. The internal auditor should then confirm
the work
done by the dentist according to the claim with the employee. The
employee is the
best source of information as to whether the service was provided.
[499] Gleim #: 5.5.71
After partially completing an internal control review of the accounts
payable
department, an auditor suspects that some type of fraud has
occurred. To ascertain
whether the fraud is present, the best sampling approach is to use
Simple random sampling to select a sample of vouchers processed
by the
department during the past year.
A.
Probability-proportional-to-size sampling to select a sample of
vouchers
processed by the department during the past year.
B.
Discovery sampling to select a sample of vouchers processed by the
department
during the past year.
C.
Judgmental sampling to select a sample of vouchers processed by
clerks identified
by the department manager as acting suspiciously.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 273
Printed for Sanja Knezevic
Answer (A) is incorrect. Simple random sampling is appropriate if
the extent of fraud
is to be estimated.
Answer (B) is incorrect. Probability-proportional-to-size sampling is
appropriate if the
monetary value of fraud is to be estimated.
Answer (C) is correct. The purpose is to determine whether fraud
has occurred rather
than to estimate its overall frequency. Discovery sampling is a
method designed
specifically for this purpose. It is a form of attribute sampling used to
identify critical
deviations in a population. The occurrence rate is assumed to be 0%,
and statistical
evaluation of results is impossible if deviations are found. Thus,
discovery sampling is
only appropriate when one deviation is critical.
Answer (D) is incorrect. Restricting the population to the vouchers
processed by
suspicious workers presents a significant potential for biasing the
sample. The
department manager may be the guilty party.
[500] Gleim #: 5.5.72
Management is legally required to prepare a shipping document for
all movement of
hazardous materials. The document must be filed with bills of lading.
Management
expects 100% compliance with the procedure. Which of the following
sampling
approaches is most appropriate?
A. Attribute sampling.
B. Discovery sampling.
C. Targeted sampling.
D. Variables sampling.
Answer (A) is incorrect. The particular type of attribute sampling that
is
appropriate in this situation is discovery sampling.
Answer (B) is correct. Discovery sampling is a form of attribute
sampling used to
identify critical errors or irregularities, i.e., when the occurrence rate
is assumed to
be 0%.
Answer (C) is incorrect. Targeted sampling is a nonsense answer.
Answer (D) is incorrect. Variables sampling concerns amounts.
[501] Gleim #: 5.5.73
Variability of the monetary amount of individual items in a population
affects sample
size in which of the following sampling plans?
A. Attribute sampling.
B. Monetary-unit sampling.
C. Mean-per-unit sampling.
D. Discovery sampling.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 274
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Attribute sampling tests binary (yes/no)
propositions. It is not
used for tests of monetary amounts, so the variability of monetary
amounts is not an
issue in determining sample size.
Answer (B) is incorrect. Monetary-unit (probability-proportional-tosize) sampling
neutralizes variability by defining the sampling unit as an individual
monetary unit.
Answer (C) is correct. The sample size for a variable test depends
on confidence level,
population size, precision, and variability of the population. The
standard deviation
measures variability. The larger the standard deviation, the larger the
sample size that
is required to achieve specified levels of precision and confidence.
Answer (D) is incorrect. The objective of discovery sampling is to
select items until at
least one item is discovered with a particular characteristic, such as
evidence of fraud.
[502] Gleim #: 5.5.74
An internal auditor is performing a test to determine whether a gas
and electric
appliance manufacturer should move its service center from one
location to another.
The service center houses the service trucks that are used to drive to
the customers’
locations to service their appliances. The internal auditor wants to
determine the
reduction in average miles driven as a result of moving to the other
location. Which of
the following statistical sampling methods would be most appropriate
for this test?
A. Attribute sampling.
B. Discovery sampling.
C. Probability-proportional-to-size (monetary-unit) sampling.
D. Mean-per-unit sampling.
Answer (A) is incorrect. Attribute sampling will not produce a
quantitative value.
Answer (B) is incorrect. Discovery sampling is used to uncover an
attribute that
exists in the population with a low rate of occurrence, not to estimate
a variable.
Answer (C) is incorrect. Individual carrying amounts adding up to a
total carrying
amount are required for probability-proportional-to-size (monetaryunit) sampling
to be used.
Answer (D) is correct. Mean-per-unit sampling is the only variables
sampling
method designed to estimate a variable for which individual carrying
amounts of
items in a population are not available.
[503] Gleim #: 5.5.75
The internal auditor for an insurance company is conducting an audit
of claims
processing and wants to assess the average length of time taken to
process automobile
claims to determine whether processing is being completed within
standards set by
company policy. The auditor plans to take a sample of claims made
during the year
and perform the needed analysis. The most appropriate sampling
method is
A. Mean-per-unit variables sampling.
B. Probability-proportional-to-size sampling.
C. Attribute sampling.
D. Discovery sampling.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 275
Printed for Sanja Knezevic
Answer (A) is correct. Mean-per-unit (MPU) variables sampling
averages audit values
in the sample and multiplies by the number of items in the population
to estimate the
population value. This is the most appropriate sampling procedure
because it allows
the auditor to calculate the mean for the processing time and
construct a confidence
interval around the mean.
Answer (B) is incorrect. Probability-proportional-to-size sampling
uses attribute
sampling methods to estimate monetary amounts. It is not
appropriate in this situation.
Answer (C) is incorrect. Attribute sampling tests binary propositions
and therefore
cannot estimate the average length of time to process the claims. It
could, however, be
used to estimate the probability that a claim is not processed within
the company’s
defined standard.
Answer (D) is incorrect. Discovery sampling is used to determine if
an isolated event
is occurring in the population. It would be used here only if exceeding
the policy for
claims processing were expected to be extremely rare and extremely
important.
[504] Gleim #: 5.5.76
An auditor is checking the accuracy of a computer-printed inventory
listing to
determine whether the total monetary value of inventory is
significantly overstated.
Because there is not adequate time or resources to check all items in
the warehouse, a
sample of inventory items must be used. If the sample size is fixed,
which one of the
following would be the most accurate sampling approach in this
case?
Select those items that are most A. easily inspected.
B. Employ simple random sampling.
Sample so that the probability of a given inventory item being
selected is
proportional to the number of units sold for that item.
C.
Sample so that the probability of a given inventory item being
selected is
proportional to its book value.
D.
Answer (A) is incorrect. Using ease of inspection as a selection
criterion provides
no statistical validity.
Answer (B) is incorrect. Simple random sampling selects units of
inventory.
Large and small items are equally likely to be chosen. Thus, it will
probably result
in a sample that accounts for a lesser percentage of the total
monetary value than
PPS sampling.
Answer (C) is incorrect. Although better than simple random
sampling, selection
of items with high sales volumes may result in a sample with a
relatively small
monetary value.
Answer (D) is correct. The audit objective is to determine whether
the total
monetary amount of inventory is significantly overstated. Hence,
monetary-unit
(probability-proportional-to-size) sampling is appropriate. It increases
the
likelihood that a sample of a given size will include high monetaryvalue
inventory items.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 276
Printed for Sanja Knezevic
fb.com/ciaaofficial
[505] Gleim #: 5.6.77
An organization has collected data on the complaints made by
personal computer users
and has categorized the complaints.
(Refer to Figure FIGURE18_12.)
Using the information collected, the organization should focus on
The total number of personal computer complaints A. that occurred.
The number of computer complaints associated with CD-ROM
problems and new
software usage.
B.
The number of computer complaints associated with the lack of user
knowledge
and hardware problems.
C.
D. The cost to alleviate all computer complaints.
Answer (A) is incorrect. The organization should focus its scarce
resources on
those areas generating the highest levels of dissatisfaction. Pareto
diagrams such
as this one are tools for facilitating this kind of analysis.
Answer (B) is incorrect. Complaints about CD-ROMs and software
are
infrequent.
Answer (C) is correct. Complaints based on lack of user knowledge
and hardware
problems are by far the most frequent according to this chart.
Consequently, the
company should devote its resources primarily to these issues.
Answer (D) is incorrect. Cost information is not provided.
[506] Gleim #: 5.6.78
An organization has collected data on the complaints made by
personal computer users
and has categorized the complaints.
(Refer to Figure FIGURE18_12.)
The chart displays the
A. Arithmetic mean of each computer complaint.
B. Relative frequency of each computer complaint.
C. Median of each computer complaint.
D. Absolute frequency of each computer complaint.
Answer (A) is incorrect. The chart does not display arithmetic
means, relative
frequencies, or medians of each type of complaint.
Answer (B) is incorrect. The chart does not display arithmetic
means, relative
frequencies, or medians of each type of complaint.
Answer (C) is incorrect. The chart does not display arithmetic
means, relative
frequencies, or medians of each type of complaint.
Answer (D) is correct. This Pareto diagram depicts the frequencies
of complaints
in absolute terms. It displays the actual number of each type of
complaint. The
chart does not display arithmetic means, relative frequencies, or
medians of each
type of complaint.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 277
Printed for Sanja Knezevic
[507] Gleim #: 5.6.79
Statistical quality control often involves the use of control charts
whose basic purpose
is to
Determine when accounting control procedures A. are not working.
B. Control labor costs in production operations.
C. Detect performance trends away from normal operations.
D. Monitor internal control applications of information technology.
Answer (A) is incorrect. Quality control concerns product quality, not
controls
over accounting procedures.
Answer (B) is incorrect. Quality control concerns product quality, not
costs.
Answer (C) is correct. Statistical control charts are graphic aids for
monitoring
the status of any process subject to random variations. The
processes are measured
periodically, and the values are plotted on the chart. If the value falls
within the
control limits, no action is taken. If the value falls outside the limits,
the process is
considered “out of control,” and an investigation is made for possible
corrective
action. Another advantage of the chart is that it makes trends visible.
Answer (D) is incorrect. Quality control concerns product quality, not
information technology.
[508] Gleim #: 5.6.80
The statistical quality control department prepares a control chart
showing the
percentages of defective production. Simple statistical calculations
provide control
limits that indicate whether assignable causes of variation are
explainable on chance
grounds. The chart is particularly valuable in determining whether the
quality of
materials received from outside vendors is consistent from month to
month. What is
the best term for this chart?
A. C chart.
B. P chart.
C. R chart.
D. X-bar chart.
Answer (A) is incorrect. A C chart is also an attribute control chart. It
shows
defects per item.
Answer (B) is correct. A P chart is based on an attribute
(acceptable/not
acceptable) rather than a measure of a variable, specifically, the
percentage of
defects in a sample.
Answer (C) is incorrect. An R chart displays the range of dispersion
of a variable,
such as size or weight.
Answer (D) is incorrect. An X-bar chart plots the sample mean for a
variable.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 278
Printed for Sanja Knezevic
fb.com/ciaaofficial
[509] Gleim #: 5.6.81
A health insurer uses a computer application to monitor physician bill
amounts for
various surgical procedures. This program allows the organization to
better control
reimbursement rates. The X-bar chart below is an example of the
output from this
application.
(Refer to Figure CIA2_7_59.)
Select the interpretation that best explains the data plotted on the
chart.
A. Random variation.
B. Abnormal variation.
C. Normal variation.
D. Cyclic variation.
Answer (A) is incorrect. Random variations should fall within
realistically
determined control limits.
Answer (B) is correct. Statistical quality control charts are graphic
aids for
monitoring the status of any process subject to random variations.
The X-bar chart
presented here depicts the sample means for a variable. If the values
fall within
the upper and lower control limits, no action is taken. Accordingly,
values outside
these limits are abnormal and should be investigated for possible
corrective
action.
Answer (C) is incorrect. Normal variations should fall within
realistically
determined control limits.
Answer (D) is incorrect. In time series analysis, cyclic variation is
the fluctuation
in the value of a variable caused by change in the level of general
business
activity.
[510] Gleim #: 5.6.82
The most important component of quality control is
A. Ensuring that goods and services conform to the design
specifications.
B. Satisfying upper management.
C. Conforming with ISO-9000 specifications.
D. Determining the appropriate timing of inspections.
Answer (A) is correct. The intent of quality control is to ensure that
goods and
services conform to the design specifications. Whether the focus is
on
feedforward, feedback, or concurrent control, the emphasis is on
ensuring product
or service conformity.
Answer (B) is incorrect. Quality control is geared toward satisfying
the customer,
not upper management.
Answer (C) is incorrect. Ensuring the conformance with ISO-9000
specifications
is a component of a compliance audit, not quality control.
Answer (D) is incorrect. Determining the appropriate timing of
inspections is
only one step toward approaching quality control. Consequently, it is
not the
primary component of the quality control function.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 279
Printed for Sanja Knezevic
[511] Gleim #: 5.6.83
An automobile parts manufacturer has received complaints from
customers about
declining quality. After a quick review, management realizes the
problem has no
single source. To perform a thorough process of problem
identification, the most
appropriate tool is a(n)
Fishbone A. (Ishikawa) diagram.
B. Histogram.
C. Pareto diagram.
D. ISO 9000 audit.
Answer (A) is correct. A fishbone diagram (also called a cause-andeffect
diagram or an Ishikawa diagram) is a total quality management
process
improvement technique. It is useful in studying causation (why the
actual and
desired situations differ). This format organizes the analysis of
causation and
helps to identify possible interactions among causes.
Answer (B) is incorrect. A histogram displays the continuum of
values for an
independent variable. It is useful for visually inspecting the range of a
quantifiable
variable.
Answer (C) is incorrect. A Pareto diagram (also known as 80:20
analysis)
displays the values of an independent variable such that managers
can quickly
identify the areas most in need of attention. The variables involved
must be
quantifiable.
Answer (D) is incorrect. An ISO 9000 audit focuses on process, not
product,
quality.
[512] Gleim #: 5.6.84
A manufacturer mass produces nuts and bolts on its assembly line.
The line
supervisors sample every nth unit for conformance with
specifications. Once a
nonconforming part is detected, the machinery is shut down and
adjusted. The most
appropriate tool for this process is a
A. Fishbone (Ishikawa) diagram.
B. Cost of quality report.
C. ISO 9000 audit.
D. Statistical quality control chart.
Answer (A) is incorrect. A fishbone diagram is useful for determining
the
unknown causes of problems, not routine mechanical adjustments.
Answer (B) is incorrect. The contents of a cost of quality report are
stated in
monetary terms. This tool is not helpful for determining when to
adjust
machinery.
Answer (C) is incorrect. An ISO 9000 audit focuses on the quality of
the
organization’s total process, not the routine adjustment of machinery.
Answer (D) is correct. Statistical quality control is a method of
determining
whether the shipment or production run of units lies within acceptable
limits. It is
also used to determine whether production processes are out of
control. Statistical
control charts are graphic aids for monitoring the status of any
process subject to
random variations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 280
Printed for Sanja Knezevic
fb.com/ciaaofficial
[513] Gleim #: 5.6.85
The director of sales asks for a count of customers grouped in
descending numerical
rank by (1) the number of orders they place during a single year and
(2) the dollar
amounts of the average order. The visual format of these two pieces
of information is
most likely to be a
Fishbone A. (Ishikawa) diagram.
B. Cost of quality report.
C. Kaizen diagram.
D. Pareto diagram.
Answer (A) is incorrect. A fishbone diagram is useful for determining
the
unknown causes of problems, not for stratifying quantifiable
variables.
Answer (B) is incorrect. The contents of a cost of quality report are
stated in
monetary terms. This report is not helpful for determining when to
adjust
machinery.
Answer (C) is incorrect. Kaizen diagram is not a meaningful term in
this context.
Answer (D) is correct. A Pareto diagram (also known as 80:20
analysis) displays
the values of an independent variable such that managers can
quickly identify the
areas most in need of attention.
[514] Gleim #: 6.1.1
In planning an assurance engagement, a survey could assist with all
of the following
except
A. Obtaining engagement client comments and suggestions on
control problems.
B. Obtaining preliminary information on controls.
C. Identifying areas for engagement emphasis.
D. Evaluating the adequacy and effectiveness of controls.
Answer (A) is incorrect. A survey could assist with obtaining client
comments
and suggestions on control problems.
Answer (B) is incorrect. A survey could assist with obtaining
preliminary
information on controls.
Answer (C) is incorrect. A survey could assist with identifying areas
for
engagement emphasis.
Answer (D) is correct. Internal auditors conduct a survey to (1)
become familiar
with activities, risks, and controls to identify areas for engagement
emphasis and
(2) invite comments and suggestions from engagement clients (PA
2210.A1-1,
para. 3). A survey is not sufficient for evaluating the adequacy and
effectiveness
of controls. Evaluation requires testing.
[515] Gleim #: 6.1.2
An assurance engagement in the quality control department is being
planned. Which of
the following is least likely to be used in the preparation of a
preliminary survey
questionnaire?
A. An analysis of quality control documents.
B. The permanent engagement file.
C. The prior engagement communications.
D. Management’s charter for the quality control department.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 281
Printed for Sanja Knezevic
Answer (A) is correct. Internal auditors conduct a survey to (1)
become familiar with
activities, risks, and controls to identify areas for engagement
emphasis and (2) invite
comments and suggestions from engagement clients (PA 2210.A1-1,
para. 3). An
analysis of quality control documents is a part of field work, which
follows the survey.
Answer (B) is incorrect. The permanent engagement file probably
contains
information, such as problems detected in prior years that will help in
the development
of appropriate questions to ask this year.
Answer (C) is incorrect. The prior engagement communications will
likely assist in
developing the current year’s questionnaire.
Answer (D) is incorrect. Knowing what the department is supposed
to do will help the
internal auditor develop knowledgeable questions.
[516] Gleim #: 6.1.3
During which phase of the engagement does the internal auditor
identify the objectives
and related controls of the activity being examined?
A. Preliminary survey.
B. Staff selection.
C. Work program preparation.
D. Final communication of results.
Answer (A) is correct. If appropriate, internal auditors conduct a
survey to (1)
become familiar with activities, risks, and controls to identify areas for
engagement emphasis and (2) invite comments and suggestions
from engagement
clients (PA 2210.A1-1, para. 3).
Answer (B) is incorrect. Staff selection is the process of deciding
which internal
auditors will work on the engagement.
Answer (C) is incorrect. The work program is prepared after the
preliminary
survey.
Answer (D) is incorrect. Final communication of results occurs after
the
completion of the engagement.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 282
Printed for Sanja Knezevic
fb.com/ciaaofficial
[517] Gleim #: 6.1.4
The preliminary survey indicates that severe staff reductions at the
engagement
location have resulted in extensive amounts of overtime among
accounting staff.
Department members are visibly stressed and very vocal about the
effects of the
cutbacks. Accounting payrolls are nearly equal to prior years, and
many key controls,
such as segregation of duties, are no longer in place. The accounting
supervisor now
performs all operations within the cash receipts and posting process
and has no time to
review and approve transactions generated by the remaining
members of the
department. Journal entries for the last 6 months since the staff
reductions show
increasing numbers of prior-month adjustments and corrections,
including revenues,
cost of sales, and accruals that had been misstated or forgotten
during month-end
closing activity. The internal auditor should
Discuss these observations with management of the internal audit
activity to
determine whether further work would be an efficient use of internal
auditing
resources at this time.
A.
Proceed with the scheduled engagement but add personnel based
on the expected
number of observations and anticipated lack of assistance from local
accounting
management.
B.
Research temporary help agencies and evaluate the cost and benefit
of outsourcing
needed services.
C.
Suspend further engagement work and issue the final
communication of results
because the conclusions are obvious.
D.
Answer (A) is correct. A preliminary survey allows the internal
auditor to (1)
become familiar with activities, risks, and controls to identify areas for
engagement emphasis and (2) invite comments and suggestions
from engagement
clients (PA 2210.A1-1, para. 3). In this case, additional planning is
necessary to
modify the engagement for the difficult circumstances discovered
during the
preliminary survey and to address the responsibilities of the internal
audit activity.
Answer (B) is incorrect. What additional work will be necessary is
not clear in
these circumstances.
Answer (C) is incorrect. Management has not accepted this plan of
action.
Answer (D) is incorrect. Issuing a final communication of results at
this point
would violate the Standards, including those relating to objectivity,
due
professional care, and performance of the engagement.
[518] Gleim #: 6.1.5
Which of the following best describes a preliminary survey?
A standardized questionnaire used to obtain an understanding of
management
objectives.
A.
A statistical sample of key employee attitudes, skills, B. and
knowledge.
A “walk-through” of the financial control system to identify risks and
the controls
that can address those risks.
C.
A process used to become familiar with activities and risks to identify
areas for
engagement emphasis.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 283
Printed for Sanja Knezevic
Answer (A) is incorrect. A preliminary survey covers many areas
besides management
objectives.
Answer (B) is incorrect. A preliminary survey would not normally
include statistical
sampling.
Answer (C) is incorrect. A walk-through of controls is merely one
possible
component of a preliminary survey.
Answer (D) is correct. If appropriate, internal auditors conduct a
survey to (1) become
familiar with the activities, risks, and controls to identify areas for
engagement
emphasis and (2) invite comments and suggestions from
engagement clients
(PA 2210.A1-1, para. 3).
[519] Gleim #: 6.1.6
The internal auditors of a financial institution are performing an
engagement to
evaluate the institution’s investing and lending activities. During the
last year, the
institution has adopted new policies and procedures for monitoring
investments and
the loan portfolio. The internal auditors know that the organization
has invested in
new types of financial instruments during the year and is heavily
involved in the use of
financial derivatives to appropriately hedge risks. If the internal
auditors were to
conduct a preliminary review, which of the following procedures
should be
performed?
Review reports of engagements performed by regulatory and
external auditors
since the last internal audit engagement.
A.
Interview management to identify changes made in policies
regarding investments
or loans.
B.
Review minutes of board meetings to identify changes in policies
affecting
investments and loans.
C.
All of the answers D. are correct.
Answer (A) is incorrect. The internal auditors should also interview
management
and review board minutes.
Answer (B) is incorrect. The internal auditors should also review
reports of other
auditors and review board minutes.
Answer (C) is incorrect. The internal auditors should also review
reports of other
auditors and interview management.
Answer (D) is correct. Typical components of a preliminary survey
include,
among other things, interviews and reviews of prior audit reports and
other
relevant documentation.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 284
Printed for Sanja Knezevic
fb.com/ciaaofficial
[520] Gleim #: 6.1.7
An internal auditor conducts a preliminary survey and identifies a
number of
significant engagement issues and reasons for pursuing them in
more depth. The
engagement client informally communicates concurrence with the
preliminary survey
results and asks that the internal auditor not report on the areas of
significant concern
until the client has an opportunity to respond to the problem areas.
Which of the
following engagement responses is not appropriate?
Keep the engagement on schedule and discuss with management
the need for
completing the engagement on a timely basis.
A.
Consider the risk involved in the areas involved, and, if the risk is
high, proceed
with the engagement.
B.
Consider the engagement to be terminated with no communication of
results
needed because the engagement client has already agreed to take
constructive
action.
C.
Work with the engagement client to keep the engagement on
schedule and address
the significant issues in more depth, as well as the client’s
responses, during the
course of the engagement.
D.
Answer (A) is incorrect. The internal auditor has identified significant
engagement issues. No basis is given for not pursuing the
engagement.
Answer (B) is incorrect. The internal auditor should always consider
the risk
associated with the potential observations as a basis for determining
the need for
more immediate attention.
Answer (C) is correct. The apparently constructive action by the
engagement
client may be a delaying tactic intended to conceal more serious
problems after the
internal auditor has identified significant engagement issues.
Moreover, no basis
is given for not pursuing the engagement. The internal auditor always
considers
the risk associated with the potential observations as a basis for
determining the
need for more immediate attention.
Answer (D) is incorrect. The internal auditor has identified significant
engagement issues. No basis is given for not pursuing the
engagement.
[521] Gleim #: 6.1.8
During a preliminary survey, an auditor found that several accounts
payable vouchers
for major suppliers required adjustments for duplicate payment of
prior invoices. This
would indicate
A need for additional testing to determine related controls and the
current
exposure to duplicate payments made to suppliers.
A.
The possibility of unrecorded liabilities for the amount of B. the
overpayments.
Insufficient controls in the receiving area to ensure timely notice to
the accounts
payable area that goods have been received and inspected.
C.
The existence of a sophisticated accounts payable system that
correlates
overpayments to open invoices and therefore requires no further
audit concern.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 285
Printed for Sanja Knezevic
Answer (A) is correct. One reason for conducting a preliminary
survey is to become
familiar with the activities, risks, and controls to identify areas for
engagement
emphasis (PA 2210.A1-1, para. 3). Accordingly, this preliminary
survey information
should prompt the auditor to identify the magnitude of duplicate
payments.
Answer (B) is incorrect. Unrecorded liabilities are not likely to result
in the generation
of duplicate accounts payable vouchers.
Answer (C) is incorrect. The existence of duplicate payments is
most likely related to
a problem in accounts payable.
Answer (D) is incorrect. Duplicate payments are not overpayments.
Duplicate
payments are exceptions and should be handled as such.
[522] Gleim #: 6.1.9
You are an internal auditing supervisor who is reviewing the working
papers of a staff
internal auditor’s overall examination of the firm’s sales function. The
pages are not
numbered or cross-referenced. Furthermore, the working papers
were dropped and
reassembled at random before they were brought to you. You decide
to put the
working papers in the proper order according to the Standards. The
first stage of this
activity is to identify each page as a part of (1) the preliminary survey,
(2) the review
of the adequacy of control processes, (3) the review for effectiveness
of control
processes, or (4) the review of results. The second page the
supervisor selects
documents an interview with a salesperson discussing the overall
sales cycle. This
page belongs with which activity?
A. Preliminary survey.
B. Review for adequacy of control processes.
C. Review for effectiveness of control processes.
D. Review of results.
Answer (A) is correct. Planning includes performing, if appropriate, a
survey to
(1) become familiar with the activities, risks, and controls to identify
areas for
engagement emphasis and (2) invite comments and suggestions
from engagement
clients (PA 2210.A1-1, para. 3). Interviews with the engagement
client may be
conducted as part of the survey to obtain an overall understanding of
operations.
Answer (B) is incorrect. The review for adequacy determines
whether control
processes exist that are properly planned and designed.
Answer (C) is incorrect. The review for effectiveness determines
whether
management has directed processes to provide reasonable
assurance that goals and
objectives will be achieved.
Answer (D) is incorrect. Internal auditors review operations and
programs to
ascertain the extent to which results are consistent with goals and
objectives.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 286
Printed for Sanja Knezevic
fb.com/ciaaofficial
[523] Gleim #: 6.1.10
During an operational engagement, an internal auditor compares the
inventory
turnover rate of a subsidiary with established industry standards to
Evaluate the accuracy of the subsidiary’s internal A. financial reports.
B. Test the subsidiary’s controls designed to safeguard assets.
Determine if the subsidiary is complying with organizational
procedures regarding
inventory levels.
C.
Assess the performance of the subsidiary and indicate where
additional
engagement work may be needed.
D.
Answer (A) is incorrect. Evaluating the reliability and integrity of
financial
records is one component of a financial, not an operational,
engagement.
Answer (B) is incorrect. Evaluating the safeguarding of assets is
one component
of a financial, not an operational, engagement.
Answer (C) is incorrect. Testing inventory turnover addresses
economy and
efficiency issues, not compliance.
Answer (D) is correct. Analytical procedures are often used during
the
preliminary survey to identify potential areas for additional
engagement work.
[524] Gleim #: 6.1.11
In advance of a preliminary survey, a chief audit executive sends a
memorandum and
questionnaire to the supervisors of the department to be evaluated.
What is the most
likely result of that procedure?
A. It creates apprehension about the engagement.
B. It involves the engagement client’s supervisory personnel in the
engagement.
C. It is an uneconomical approach to obtaining information.
D. It is only useful for engagements of distant locations.
Answer (A) is incorrect. Greater knowledge of the upcoming
engagement is more
likely to remove some of the apprehension about the engagement.
Answer (B) is correct. Sending a memorandum and questionnaire to
the
engagement client is part of a participative approach. It helps involve
the
supervisors of the engagement client’s department and thereby
encourages a more
collegial approach to the engagement. Obtaining the assistance of
the engagement
client in data gathering, evaluating operations, and solving problems
should result
in improved relations and in more effective and efficient
engagements.
Answer (C) is incorrect. Sending a memorandum and questionnaire
to the
engagement client is normally more economical. Some of the basic
data gathering
will be done by those most competent to do it rapidly.
Answer (D) is incorrect. Sending a memorandum and questionnaire
is
advantageous in most circumstances.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 287
Printed for Sanja Knezevic
[525] Gleim #: 6.1.12
The audit committee has raised a few issues that the internal audit
activity will
examine during an operational audit for the current year. When
performing the
preliminary survey, which of the following is not an appropriate
technique?
Performing A. interviews.
B. Developing questionnaires.
C. Determining the largest risk of financial statement misstatement.
D. All of the answers are appropriate techniques.
Answer (A) is incorrect. Performing interviews allows the auditor to
explore
objectives, goals, and standards of operation, along with risks. The
interview also
allows the auditor to gain insights into management’s style.
Answer (B) is incorrect. Questionnaires can trigger appropriate
preparation for
the auditor’s arrival as well as give the auditor insight into the
organization’s
operations.
Answer (C) is correct. Determining potential misstatements is not
the objective of
an operational audit. Additionally, a final risk analysis is developed at
a later time
in the audit, not during the preliminary survey. A preliminary risk
assessment is
appropriate during this stage.
Answer (D) is incorrect. The development and use of risk analysis to
determine
the largest risk of misstatement is not an appropriate preliminary
survey
technique.
[526] Gleim #: 6.2.13
A well-designed internal control questionnaire should
Elicit “yes” or “no” responses rather than narrative responses and be
organized by
department.
A.
B. Be a sufficient source of data for assessment of control risk.
C. Help evaluate the effectiveness of internal control.
D. Be independent of the objectives of the internal auditing
engagement.
Answer (A) is incorrect. Yes/no question formats and organizing
question
sequence by department may facilitate administering the
questionnaire, but other
formats and methods of question organization are possible.
Answer (B) is incorrect. The questionnaire is a tool to help
understand and
document internal control but is not sufficient as the sole source of
information to
support the assessment of control risk.
Answer (C) is correct. An internal control questionnaire consists of a
series of
questions about the organization’s controls designed to prevent or
detect errors or
fraud. Answers to the questions help the internal auditor to identify
specific
controls relevant to specific assertions and to design tests of controls
to evaluate
the effectiveness of their design and operation.
Answer (D) is incorrect. The internal control questionnaire must be
designed to
achieve the engagement objectives.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 288
Printed for Sanja Knezevic
fb.com/ciaaofficial
[527] Gleim #: 6.2.14
Management answered “yes” to every question when filling out an
internal control
questionnaire and stated that all listed requirements and control
activities were part of
their procedures. An internal auditor retrieved this questionnaire from
management
during the preliminary survey visit but did not review the responses
with management
while on site. The internal auditor’s supervisor should be critical of
the above
procedure because
Engagement information must be corroborated A. in some way.
B. Internal control questionnaires cannot be relied upon.
The internal auditors were not present while the questionnaire was
being filled
out.
C.
D. The questionnaire was not designed to address accounting
operations and controls.
Answer (A) is correct. Self-assessment questionnaires provide
indirect
information. Because this information is provided by engagement
client personnel
and not by independent sources, it must be confirmed.
Answer (B) is incorrect. The adaptability of general-purpose internal
control
questionnaires to different organizational units, personnel, and
functional units is
one of their strengths.
Answer (C) is incorrect. Internal control questionnaires can be
designed so that
the engagement client can answer the questions without the internal
auditor’s
presence.
Answer (D) is incorrect. An internal control questionnaire does not
need to
address accounting information to ensure integrity.
[528] Gleim #: 6.2.15
Management answered “yes” to every question when filling out an
internal control
questionnaire and stated that all listed requirements and control
activities were part of
their procedures. An internal auditor retrieved this questionnaire from
management
during the preliminary survey visit but did not review the responses
with management
while on site. The auditor’s supervisor is writing the performance
assessment for the
auditor on this preliminary survey assignment. The supervisor cites
the need to review
management’s responses on the control questionnaire. The auditor
should have
interviewed management for additional information because the
interview technique
A. Provides the opportunity to insert questions to probe promising
areas.
Is the most efficient way to upgrade the information to the level of
objective
evidence.
B.
C. Is the least costly audit technique when a large amount of
information is involved.
Is the only audit procedure that does not require confirmation and
walk-through of
the information obtained.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 289
Printed for Sanja Knezevic
Answer (A) is correct. During face-to-face contact, a skilled
interviewer can react to
potential problems and expand questioning of more relevant
subjects. Thus, the
interview allows for cross-examination. Moreover, the interview
provides an
opportunity to observe body language.
Answer (B) is incorrect. Interviews do not produce objective
evidence unless the
information corroborates facts already in evidence.
Answer (C) is incorrect. Interviews tend to be more costly in relation
to the amount of
information generated. They involve more preparation and
discussion time than other
techniques.
Answer (D) is incorrect. Critical information obtained during an
interview must be
followed up and confirmed.
[529] Gleim #: 6.2.16
Which of the following statements indicates the wrong way to use an
internal control
questionnaire?
Clarifying all answers with written remarks A. and explanations.
Filling out the questionnaire during an interview with the person who
has
responsibility for the area that is being reviewed.
B.
C. Constructing the questionnaire so that a “no” response requires
attention.
Supplementing the completed questionnaire with a narrative
description or
flowchart.
D.
Answer (A) is correct. Only those answers that appear inappropriate
should be
pursued by asking for clarification or explanation. In this way,
problem areas may
be pinpointed and either compensating controls identified or
extensions to the
engagement procedures planned.
Answer (B) is incorrect. Filling out the questionnaire during an
interview with
the person who has responsibility for the area that is being reviewed
is an
appropriate use of an internal control questionnaire.
Answer (C) is incorrect. Constructing the questionnaire so that a
“no” response
requires attention is an appropriate use of an internal control
questionnaire.
Answer (D) is incorrect. Supplementing the completed questionnaire
with a
narrative description or flowchart is an appropriate use of an internal
control
questionnaire.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 290
Printed for Sanja Knezevic
fb.com/ciaaofficial
[530] Gleim #: 6.2.17
An internal auditing manager is conducting the annual meeting with
manufacturing
division management to discuss proposed engagement plans and
activities for the next
year. After some discussion about the past year’s activity at 12 plants
in the division,
the divisional vice president agrees that all significant
recommendations made by the
internal auditing staff refer to key controls and related operating
activities that are
correctly described for local management within the volume of
standard operating
procedures for the division. The vice president proposes to transcribe
key control
activities from the division’s extensive written procedures to a selfassessment
standard operating procedure (SOP) questionnaire. What
significance should the
internal auditing manager attach to such SOP questionnaires in
relation to the
proposed engagement schedule for the next year?
The SOP questionnaires should improve control adequacy, but the
internal
auditors need to verify that controls are working as documented in
the SOP.
A.
Adding this control should eliminate significant engagement
recommendations in
the coming year, so the scope of engagement activities can be
reduced
accordingly.
B.
Engagement activity can be reduced if the vice president agrees to
require the
internal audit activity’s approval of all divisional standard operating
procedures.
C.
SOP questionnaires must be mailed and controlled by the internal
audit activity to
be considered in relation to the proposed engagement schedule.
D.
Answer (A) is correct. A specific advantage of an SOP questionnaire
is that it
may be used by local management to periodically ensure that
employee practices
remain current with relevant, valid, and up-to-date standard operating
procedures.
The overall level of control and the control environment improve
when follow-up
activities are performed to determine that controls are being
implemented as
intended.
Answer (B) is incorrect. SOP questionnaires have no effect on
inherent risk, and
the internal auditors have no information that such a control will be
effective.
Answer (C) is incorrect. Standard operating procedures, as
described, provide
directive controls that appear to be adequate. Approval by the
internal audit
activity does not affect the operation of these controls.
Answer (D) is incorrect. Control of SOP questionnaires by the
internal audit
activity does not affect the information obtained. Such information
must be
verified to be considered objective.
[531] Gleim #: 6.2.18
An auditor is considering developing a questionnaire to research
employee attitudes
toward control procedures. Which of the following is a criterion that
should not be
considered in designing the questionnaire?
Questions must be worded to ensure a valid interpretation A. by the
respondents.
Questions must be reliably worded so that they measure what was
intended to be
measured.
B.
C. The questionnaire should be short to increase the response rate.
D. Questions should be worded such that a “No” answer indicates a
problem.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 291
Printed for Sanja Knezevic
Answer (A) is incorrect. The validity and reliability of each question
are extremely
important. Bias and ambiguity must be avoided.
Answer (B) is incorrect. The validity and reliability of each question
are extremely
important. Bias and ambiguity must be avoided.
Answer (C) is incorrect. When questionnaires are too long, people
tend not to fill
them out.
Answer (D) is correct. Many types of questions can be used.
Questions can be
multiple-choice, checklists, fill-in-the-blank, essay, Likert scales,
items (options
indicating degrees of agreement or disagreement), etc.
[532] Gleim #: 6.2.19
The auditor used a questionnaire during interviews to gather
information about the
nature of claims processing. Unfortunately, the questionnaire did not
cover a number
of pieces of information offered by the person being interviewed.
Consequently, the
auditor did not document the potential problems for further audit
investigation. The
primary deficiency with the process is that
The auditor failed to consider the importance of the information A.
offered.
A questionnaire was used in a situation in which a structured
interview should
have been used.
B.
C. Questionnaires do not allow for opportunities to document other
information.
D. All of the answers are correct.
Answer (A) is correct. The major problem is that the auditor was too
oriented to
the questionnaire and failed to give appropriate consideration to the
other
information offered. Questionnaires are limited, and the auditor
needs to be
flexible enough to gather other information when it is offered.
Answer (B) is incorrect. A questionnaire’s advantage is that it
provides a
structured, comprehensive approach to evidence gathering.
Answer (C) is incorrect. Questionnaires are limited, but the problem
is with their
application, not necessarily with their nature.
Answer (D) is incorrect. Two of the responses are not appropriate
conclusions.
[533] Gleim #: 6.2.20
Which of the following is not an advantage of sending an internal
control
questionnaire prior to an audit engagement?
The engagement client can use the questionnaire for self-evaluation
prior to the
auditor’s visit.
A.
The questionnaire will help the engagement client understand the
scope of the
engagement.
B.
Preparing the questionnaire will help the auditor plan the scope of
the engagement
and organize the information to be gathered.
C.
The engagement client will respond only to the questions asked,
without
volunteering additional information.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 292
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Answering the questionnaire will help the
engagement client
identify areas where procedures are weak or not properly
documented.
Answer (B) is incorrect. The questionnaire will communicate the
areas that the
auditor plans to evaluate.
Answer (C) is incorrect. The auditor can use the preparation of the
questionnaire to
organize the information to be gathered.
Answer (D) is correct. An internal control questionnaire consists of a
series of
questions about the organization’s controls designed to prevent or
detect errors or
fraud. Answers to the questions help the internal auditor to identify
specific controls
relevant to specific assertions and to design tests of controls to
evaluate the
effectiveness of their design and operation. However, the information
obtained is
limited to that elicited by the questions asked.
[534] Gleim #: 6.2.21
A questionnaire consists of a series of questions relating to controls
normally required
to prevent or detect errors and fraud that may occur for each type of
transaction.
Which of the following is not an advantage of a questionnaire?
A questionnaire provides a framework that minimizes the possibility
of
overlooking aspects of internal control.
A.
A questionnaire can be B. easily completed.
C. A questionnaire is flexible in design and application.
The completed questionnaire provides documentation that the
internal auditor
become familiar with internal control.
D.
Answer (A) is incorrect. A questionnaire provides a framework to
assure that
control concerns are not overlooked.
Answer (B) is incorrect. A questionnaire is relatively easy to
complete. For the
most part, only yes/no responses are elicited from management and
employees.
Answer (C) is correct. Questionnaires are designed to be inflexible
in that the
responses to certain questions are expected. Questionnaires are not
easily adapted
to unique situations. The approach that offers the most flexibility is a
narrative
memorandum describing internal control. The next most flexible
approach is a
flowchart.
Answer (D) is incorrect. The completed questionnaire can become
part of the
working papers to document the internal auditor’s becoming familiar
with the
engagement client’s activities, risks, and controls.
[535] Gleim #: 6.2.22
Which of the following statements describes an internal control
questionnaire? It
A. Provides detailed evidence regarding the substance of the control
system.
Takes less of the engagement client’s time to complete than other
control
evaluation devices.
B.
C. Requires that the internal auditor be in attendance to properly
administer it.
D. Provides indirect evidence that might need corroboration.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 293
Printed for Sanja Knezevic
Answer (A) is incorrect. Questionnaires usually provide for yes/no
responses and
therefore provide less detailed evidence than some other
procedures.
Answer (B) is incorrect. Questionnaires tend to be lengthy, and their
completion is
time-consuming.
Answer (C) is incorrect. An auditor need not be present.
Answer (D) is correct. An internal control questionnaire consists of a
series of
questions about the controls designed to prevent or detect errors or
irregularities.
Answers to the questions help the internal auditor to identify specific
internal control
policies and procedures relevant to specific assertions and to design
tests of controls to
evaluate the effectiveness of their design and operation. The
questionnaire provides a
framework to assure that specific concerns are not overlooked, but it
is not a sufficient
means of understanding the entire system. Thus, the evidence
obtained is indirect and
requires corroboration by means of observation, interviews,
flowcharting, examination
of documents, etc.
[536] Gleim #: 6.2.23
As part of a payroll engagement, an internal auditor used an internal
control
questionnaire. Positive responses were given to each of the following
questions by the
payroll department manager:
Is authorization by the personnel department required to make
additions to the
payroll and to change pay rates?
1.
Are check totals reconciled to payroll register data before checks are
distributed to
employees?
2.
Are the functions of preparing the payroll and distributing paychecks
performed
by different persons?
3.
In which phase of the engagement will the internal auditor confirm
these responses?
A. Planning.
B. Identifying, analyzing, evaluating, and recording.
C. The survey.
D. Preliminary preparation.
Answer (A) is incorrect. The internal auditor obtains responses to
the internal
control questionnaire during the planning phase. These responses
will be
confirmed during the performance of the engagement.
Answer (B) is correct. During the performance of the engagement,
“internal
auditors must identify, analyze, evaluate, and document sufficient
information to
achieve the engagement’s objectives” (Perf. Std. 2300). This process
includes
confirming compliance with internal controls. An example is validating
the
responses to the internal control questionnaire.
Answer (C) is incorrect. The planning phase includes the survey, if
appropriate.
The survey includes becoming familiar with the activity to be
reviewed,
identifying areas for special emphasis, obtaining information for use
in
engagement performance, and determining whether further work is
necessary. For
example, the survey might include seeking answers to the internal
control
questionnaire.
Answer (D) is incorrect. The planning phase includes the survey
(preliminary
preparation).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 294
Printed for Sanja Knezevic
fb.com/ciaaofficial
[537] Gleim #: 6.3.24
When conducting interviews during the early stages of an internal
auditing
engagement, it is more effective to
Ask for specific answers that A. can be quantified.
B. Ask people about their jobs.
C. Ask surprise questions about daily procedures.
D. Take advantage of the fact that fear is an important part of the
engagement.
Answer (A) is incorrect. Later field work will cover information that
can be
quantified. Building rapport is more important in the early interviews.
Answer (B) is correct. To improve internal auditor-client cooperation,
the internal
auditor should, to the extent feasible, humanize the engagement
process. For
example, individuals feel more important being asked people-type
questions, such
as asking people about their jobs, rather than control-type questions.
Answer (C) is incorrect. Unless fraud is suspected or the
engagement concerns
cash or negotiable securities, the more effective approach is to
defuse the
engagement client anxiety that results from anticipating the
engagement.
Answer (D) is incorrect. Although engagement client fear is a natural
part of
anticipating the engagement, the internal auditor should keep it from
playing an
important role by using good interpersonal skills to build a positive,
participative
relationship with the engagement client.
[538] Gleim #: 6.3.25
When an internal auditor is interviewing to gain information, (s)he will
not be able to
remember everything that was said in the interview. The most
effective way to record
interview information for later use is to
Write notes quickly, trying to write down everything in detail as it is
said; then
highlight important points after the meeting.
A.
Electronically record the interview to capture everything that
everyone says; then
type everything said into a computer for documentation.
B.
Hire a professional secretary to take notes, allowing complete
concentration on the
interview; then delete unimportant points after the meeting.
C.
Organize notes around topics on the interview plan and note
responses in the
appropriate area, reviewing the notes after the meeting to make
additions.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 295
Printed for Sanja Knezevic
Answer (A) is incorrect. Extensive note taking may interfere with
communication
with the respondent. Maintaining eye contact and observing
nonverbal signals is
difficult if the interviewer is preoccupied with his/her notes.
Answer (B) is incorrect. Recording might be used for controversial
material, but it
usually will not elicit positive feelings from the respondent. For most
organizational
purposes, exact quotes are unnecessary.
Answer (C) is incorrect. Aside from cost, this option is unworkable
given the loss of
confidentiality and the probable negative reaction from the
respondent.
Answer (D) is correct. Preparing for the interview is crucial. The
internal auditor
should have learned as much as possible about the engagement
client, determined the
engagement objectives, and prepared questions. During the
interview, the internal
auditor should record notes on a split page, which lists the questions
on one side and
contains space for responses on the other. After the interview, the
internal auditor
should expand on the notes while the material is still fresh.
[539] Gleim #: 6.3.26
As part of an engagement to evaluate safety management programs,
an internal auditor
interviews the individual responsible for writing, issuing, and
maintaining safety
procedures. While the internal auditor’s primary interest is to identify
the controls
ensuring that procedures are kept current, the individual has a
tremendous amount of
information and seems intent on telling the internal auditor most of it.
What might the
internal auditor do to guard against missing what is important?
Write down everything the individual says. If the internal auditor gets
behind, ask
for a pause and catch up. After the interview, the internal auditor can
sift through
the notes and be confident of finding the key information.
A.
Tape record the interview and later extract the relevant B.
information.
Do not sort through extraneous information. Revisit the topic with the
individual’s
supervisor and obtain any needed information at that time.
C.
During the conversation, make an effort to anticipate the approach of
a point of
critical interest.
D.
Answer (A) is incorrect. The internal auditor will probably miss
important points
in the effort to write everything down.
Answer (B) is incorrect. Recording the entire interview is inefficient.
Answer (C) is incorrect. This procedure would be a waste of
everyone’s time, and
the internal auditor still may not obtain the information sought.
Answer (D) is correct. Anticipation is one approach the internal
auditor can use
to maintain focus during a far-ranging discussion. It assumes that the
internal
auditor has done some homework and is prepared to listen
intelligently. Active
listening permits anticipation because the mind can process
information more
rapidly than most people speak. Thus, the listener has time to
analyze the
information and determine what is most important.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 296
Printed for Sanja Knezevic
fb.com/ciaaofficial
[540] Gleim #: 6.3.27
To elicit views on broad organizational risks and objectives from the
board and senior
management, an internal auditor should
List specific risk factors A. for consideration.
B. Develop spreadsheets with quantitative data relevant to the
industry.
C. Use a nondirective approach to initiating discussion of mitigating
risks.
Ask each member of management about specific risks listed in an
industry
reference.
D.
Answer (A) is incorrect. Although such factors may be relevant, they
will not
necessarily create an opportunity for management to brainstorm.
Answer (B) is incorrect. Facts provide more of a teaching tool than a
proper
means to start relevant discussion.
Answer (C) is correct. Effective interview planning includes
formulating basic
questions. An internal auditor may use a directive approach by
asking narrowly
focused questions. A preferable alternative given the interviewees
and the subject
matter is a nondirective approach using broad questions that are
more likely to
provide clarification and yield unexpected observations.
Answer (D) is incorrect. Although an industry reference may raise
many valid
points, it may not address concerns specific to the organization.
[541] Gleim #: 6.3.28
Tolerating silence, asking open-ended questions, and paraphrasing
are three aids to
more effective
A. Meetings.
B. Listening.
C. Interviews.
D. Feedback.
Answer (A) is incorrect. These methods may slow down a meeting.
Answer (B) is correct. Listening entails decoding and understanding
the first
message sent. The sender then becomes a listener with respect to
the feedback.
Hence, listening is necessary at both ends of the communication
channel. Other
aids to effective listening are using body language to encourage the
speaker,
showing appropriate emotion to signify empathy, understanding and
correcting for
one’s biases, avoiding making premature judgments, and briefly
summarizing
what has been said.
Answer (C) is incorrect. These methods may or may not help
depending on the
purpose of the interview.
Answer (D) is incorrect. Only paraphrasing relates to feedback.
[542] Gleim #: 6.3.29
Auditors must be effective listeners, especially when asking complex
questions. To
improve their listening, auditors should take care to do all the
following except
A. Stop talking. It is very difficult to listen and talk at the same time.
B. Be patient. Allow the speaker ample time to respond.
C. Avoid all questions until the speaker has concluded.
D. Put the speaker at ease. A nervous speaker will be difficult to
understand.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 297
Printed for Sanja Knezevic
Answer (A) is incorrect. Listening tends to be more difficult than
talking. Most people
prefer to express their own ideas rather than listen.
Answer (B) is incorrect. A good listener does not interrupt and
makes smooth
transitions between listening and speaking.
Answer (C) is correct. Questions asked at appropriate times during
the interview can
indicate that the interviewer is listening attentively. When done
correctly, this also
allows the interviewer to probe deeper when additional clarification is
needed.
Answer (D) is incorrect. Making eye contact and using other
appropriate nonverbal
cues characteristic of attentive listening will tend to put the speaker
at ease and
enhance the communication process.
[543] Gleim #: 6.3.30
Listening effectiveness is best increased by
Resisting both internal and external A. distractions.
B. Waiting to review key concepts until the speaker is through
talking.
C. Tuning out messages that do not seem to fit the meeting purpose.
D. Factoring in biases to evaluate the information being given.
Answer (A) is correct. Concentrating on what the speaker is saying
is critical to
effective listening. This result is best achieved by resisting internal
and external
distractions. Physical distractions such as noise, a tendency to be
overly aware of
the speaker’s physical and other differences from the listener,
focusing on
interesting details at the expense of major points, or emotional
reactions to a
statement with which the listener disagrees should be avoided.
Answer (B) is incorrect. Given that a person listens faster than a
speaker talks,
(s)he can review the key concepts silently without waiting for the
speaker to
conclude. This process helps the listener remember them better
without notes.
Answer (C) is incorrect. Seemingly unrelated information may be
important.
Answer (D) is incorrect. The listener should concentrate on the
information while
listening. Later, that person can allow for bias on both the listener’s
part and the
speaker’s part.
[544] Gleim #: 6.3.31
An internal auditor is interviewing an employee. While listening to the
interviewee,
the internal auditor should
A. Prepare a response to the interviewee.
Take mental notes on the speaker’s nonverbal communication
because it is more
important than what is being said.
B.
Make sure all details, as well as the main ideas of the interviewee,
are
remembered.
C.
Integrate the incoming information from the interviewee with
information that is
already known.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 298
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Planning a reply before the speaker has
finished may cause
the listener to miss an important point or make an unfounded
assumption. Thinking
about a reply is not listening.
Answer (B) is incorrect. The nonverbal messages are not always
more important.
Answer (C) is incorrect. An effective listener tries to remember the
important points.
Being distracted by interesting details is a mistake because of the
danger of missing
critical information.
Answer (D) is correct. The mind can process information more
rapidly than most
people speak. Thus, the listener has time to analyze the information
and determine
what is most important and how it relates to known information. This
process of active
listening helps the interviewer maintain focus.
[545] Gleim #: 6.3.32
A supportive behavior that a listener, such as an auditor or a
supervisor, can use to
encourage a speaker is to
Look away from the speaker to avoid A. any intimidation.
B. Interject a similar incident or experience.
C. Stop other activity or work while the person is talking.
D. Not respond verbally until the speaker stops talking.
Answer (A) is incorrect. Looking away is discouraging.
Answer (B) is incorrect. Interruptions devalue the speaker and the
speaker’s
message.
Answer (C) is correct. An effective listener enhances the
communication process
by sending appropriate nonverbal signals to the speaker. Thus, even
though a
person can probably listen and do some routine work, a listener who
wishes to
convey a positive and encouraging message should stop other
activities and focus
complete attention on the speaker.
Answer (D) is incorrect. Complete silence may appear disapproving.
[546] Gleim #: 6.3.33
When evaluating communication, the internal auditor should be
aware that nonverbal
communication
A. Is independent of a person’s cultural background.
B. Is often imprecise.
C. Always conveys a more truthful response than verbal
communication.
D. Always conveys less information than verbal communication.
Answer (A) is incorrect. Nonverbal communication is heavily
influenced by
culture. For example, a nod of the head may have opposite
meanings in different
cultures.
Answer (B) is correct. Nonverbal communication (body language)
consists of
facial expressions, vocal intonations, posture, gestures, appearance,
and physical
distance. Thus, by its nature, nonverbal communication is much less
precise than
verbal communication.
Answer (C) is incorrect. Nonverbal communication is not necessarily
more
truthful than verbal communication.
Answer (D) is incorrect. Nonverbal communication can sometimes
convey more
information than verbal communication.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 299
Printed for Sanja Knezevic
[547] Gleim #: 6.3.34
Internal auditors should be active listeners to gain the most
information in an internal
audit interview. Which of the following best describes how an active
listener behaves
in an interview? The listener
Judges and evaluates the information A. as it is presented.
B. Listens with acceptance, empathy, and intensity.
C. Avoids looking directly at the speaker and interrupting his or her
train of thought.
Formulates arguments and conclusions as pieces of the speaker’s
information fit
together.
D.
Answer (A) is incorrect. Good listeners are objective, not
judgmental.
Answer (B) is correct. Active listening involves acceptance of the
speaker’s
ideas, that is, deferring judgment until the speaker has finished.
Empathy is a
sensitive awareness of the speaker’s feelings, thoughts, and
experience. An
empathic listener understands what the speaker wants to
communicate rather than
what the listener wants to understand. Listening with intensity
involves
concentrating on the speaker’s message and disregarding
distractions. An active
listener also is responsible for completeness. (S)he considers
nonverbal and
emotional content and asks questions to clarify the communication.
Answer (C) is incorrect. A good listener makes eye contact.
Answer (D) is incorrect. Formulating arguments and conclusions
before the
speaker has finished is the antithesis of acceptance.
[548] Gleim #: 6.4.35
An internal auditor must weigh the cost of an engagement procedure
against the
persuasiveness of the evidence to be gathered. Observation is one
engagement
procedure that involves cost-benefit trade-offs. Which of the following
statements
regarding observation as an engagement technique is (are) true?
Observation is limited because individuals may react differently when
being
observed.
I.
When testing financial statement balances, observation is more
persuasive for the
completeness assertion than it is for the existence assertion.
II.
Observation is effective in providing information about how the
organization’s
processes differ from those specified by written policies.
III.
A. I only.
B. II only.
C. I and III only.
D. I, II, and III.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 300
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Observation also is effective for determining
whether written
policies have been put into practice.
Answer (B) is incorrect. Observation is more persuasive for the
existence assertion
than for the completeness assertion.
Answer (C) is correct. Observation consists of watching the physical
activities of the
employees in the organization to see how they perform their duties.
The internal
auditor can determine whether written policies have been put into
practice.
Observation is limited because employees who know they are being
observed may
behave differently while being observed. Moreover, observation is
more persuasive for
the existence or occurrence assertion (whether assets or liabilities
exist and whether
transactions have occurred) than for the completeness assertion
(whether all
transactions that should be reported are reported).
Answer (D) is incorrect. Observation is more persuasive for the
existence assertion
than for the completeness assertion.
[549] Gleim #: 6.4.36
An internal auditing team has been assigned to review “the customer
satisfaction
measurement system” that the Industrial Products Division
implemented 2 years ago.
This system consists of an annual mail survey conducted by the
division’s customer
service office. A survey is sent to 100 purchasing departments
randomly selected from
all customers who made purchases in the prior 12 months. The
survey is three pages
long, and its 30 questions use a mixture of response modes (e.g.,
some questions are
open-ended, some are multiple-choice, and others use a response
scale). The customer
service office mails the survey in September and tabulates the
results for
questionnaires returned by October 15. Only one mailing is sent. If
the customer does
not return the questionnaire, no follow-up is conducted. When the
survey was last
conducted, 45 of the questionnaires were not returned. Nonresponse
bias is often a
concern in conducting mail surveys. The main reason that
nonresponse bias can cause
difficulties in a sample such as the one taken by the customer
service office is that
The sample means and standard errors are A. harder to compute.
B. Those who did not respond may be systematically different from
those who did.
C. The questionnaire is too short.
D. Confidence intervals are narrower.
Answer (A) is incorrect. Formulas are as easy to use with bad data
as with good
data.
Answer (B) is correct. The sample will not be truly random if
respondents as a
group differ from nonrespondents. Thus, people may choose not to
respond for
reasons related to the purpose of the questionnaire.
Answer (C) is incorrect. Longer questionnaires increase
nonresponse bias.
Answer (D) is incorrect. Nonresponse decreases sample size, so
confidence
intervals would be wider rather than narrower.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 301
Printed for Sanja Knezevic
[550] Gleim #: 6.4.37
An internal auditing team has been assigned to review “the customer
satisfaction
measurement system” that the Industrial Products Division
implemented 2 years ago.
This system consists of an annual mail survey conducted by the
division’s customer
service office. A survey is sent to 100 purchasing departments
randomly selected from
all customers who made purchases in the prior 12 months. The
survey is three pages
long, and its 30 questions use a mixture of response modes (e.g.,
some questions are
open-ended, some are multiple-choice, and others use a response
scale). The customer
service office mails the survey in September and tabulates the
results for
questionnaires returned by October 15. Only one mailing is sent. If
the customer does
not return the questionnaire, no follow-up is conducted. When the
survey was last
conducted, 45 of the questionnaires were not returned. Which of the
following is not
an advantage of face-to-face interviews over mail surveys?
The response rate is A. typically higher.
B. Interviewers can increase a respondent’s comprehension of
questions.
C. Survey designers can use a wider variety of types of questions.
D. They are less expensive because mailing costs are avoided.
Answer (A) is incorrect. Mail surveys often have low response rates.
Answer (B) is incorrect. The interviewer’s ability to interpret
responses and
rephrase questions increases response quality.
Answer (C) is incorrect. Audiovisual aids, complex sequences, and
other
varieties of questions are made possible by the interactive nature of
interviews.
Answer (D) is correct. One of the principal advantages of mail
surveys is their
cost efficiency. Mailing costs are lower than the costs of telephone
interviews and
still lower than the costs of face-to-face interviews.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 302
Printed for Sanja Knezevic
fb.com/ciaaofficial
[551] Gleim #: 6.4.38
An internal auditing team has been assigned to review “the customer
satisfaction
measurement system” that the Industrial Products Division
implemented 2 years ago.
This system consists of an annual mail survey conducted by the
division’s customer
service office. A survey is sent to 100 purchasing departments
randomly selected from
all customers who made purchases in the prior 12 months. The
survey is three pages
long, and its 30 questions use a mixture of response modes (e.g.,
some questions are
open-ended, some are multiple-choice, and others use a response
scale). The customer
service office mails the survey in September and tabulates the
results for
questionnaires returned by October 15. Only one mailing is sent. If
the customer does
not return the questionnaire, no follow-up is conducted. When the
survey was last
conducted, 45 of the questionnaires were not returned. Many
questionnaires are made
up of a series of different questions that use the same response
categories (e.g.,
strongly agree, agree, neither, disagree, strongly disagree). Some
designs will have
different groups of respondents answer alternative versions of the
questionnaire that
present the questions in different orders and reverse the orientation
of the endpoints of
the scale (e.g., agree on the right and disagree on the left or vice
versa). The purpose of
such questionnaire variations is to
Eliminate intentional A. misrepresentations.
B. Reduce the effects of pattern response tendencies.
C. Test whether respondents are reading the questionnaire.
Make it possible to get information about more than one population
parameter
using the same questions.
D.
Answer (A) is incorrect. Questionnaire variations cannot eliminate
intentional
misrepresentations.
Answer (B) is correct. The sequence and format of questions have
many known
effects. For example, questions should be in a logical order, and
personal
questions should be asked last because of the emotions they may
evoke. One
method for reducing these effects is to use questionnaire variations
that cause
these biases to average out across the sample.
Answer (C) is incorrect. Questionnaire variations cannot test
whether respondents
are reading the questionnaire.
Answer (D) is incorrect. Questionnaire variations cannot make it
possible to get
information about more than one population parameter using the
same questions.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 303
Printed for Sanja Knezevic
[552] Gleim #: 6.4.39
An internal auditing team has been assigned to review “the customer
satisfaction
measurement system” that the Industrial Products Division
implemented 2 years ago.
This system consists of an annual mail survey conducted by the
division’s customer
service office. A survey is sent to 100 purchasing departments
randomly selected from
all customers who made purchases in the prior 12 months. The
survey is three pages
long, and its 30 questions use a mixture of response modes (e.g.,
some questions are
open-ended, some are multiple-choice, and others use a response
scale). The customer
service office mails the survey in September and tabulates the
results for
questionnaires returned by October 15. Only one mailing is sent. If
the customer does
not return the questionnaire, no follow-up is conducted. When the
survey was last
conducted, 45 of the questionnaires were not returned. Several of
the internal auditing
team members are concerned about the low response rate, the poor
quality of the
questionnaire design, and the potentially biased wording of some of
the questions.
They suggest that the customer service office might want to
supplement the survey
with some unobtrusive data collection such as observing customer
interactions in the
office or collecting audiotapes of phone conversations with
customers. Which of the
following is not a potential advantage of unobtrusive data collection
compared to
surveys or interviews?
Interactions with customers can be observed as they occur in their A.
natural setting.
B. It is easier to make precise measurements of the variables under
study.
C. Unexpected or unusual events are more likely to be observed.
D. People are less likely to alter their behavior because they are
being studied.
Answer (A) is incorrect. Observing the phenomenon in its natural
setting
eliminates some aspects of experimental bias.
Answer (B) is correct. Lack of experimental control and
measurement precision
are weaknesses of observational research. Another is that some
things, such as
private behavior, attitudes, feelings, and motives, cannot be
observed.
Answer (C) is incorrect. The possibility of observing unexpected or
unusual
behavior makes unobtrusive measures useful for exploratory
investigations.
Answer (D) is incorrect. If research subjects are unaware of being
studied, they
are less likely to do what they think the researcher wants, censor
their comments,
etc.
[553] Gleim #: 6.4.40
An internal auditing team developed a preliminary questionnaire with
the following
response choices:
I. Probably not a problem
II. Possibly a problem
III. Probably a problem
The questionnaire illustrates the use of
A. Trend analysis.
B. Ratio analysis.
C. Unobtrusive measures or observations.
D. Rating scales.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 304
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Trend analysis extrapolates past and
current conditions.
Answer (B) is incorrect. Ratio analysis considers the internal
relationships of financial
data.
Answer (C) is incorrect. Use of rating scales requires the participant
to participate
actively. Thus, it is not unobtrusive.
Answer (D) is correct. A rating scale may be used when a range of
opinions is
expected. The scale represents a continuum of responses. In this
case, it reflects
probability statements.
[554] Gleim #: 6.4.41
Which of the following procedures is the least effective in gathering
information about
the nature of the processing and potential problems?
Interview supervisors in the claims department to find out more about
the
procedures used, and the rationale for the procedures, and obtain
their
observations about the nature and efficiency of processing.
A.
Send an email message to all clerical personnel detailing the alleged
problems and
request them to respond.
B.
Interview selected clerical employees in the claims department to
find out more
about the procedures used, and the rationale for the procedures, and
obtain their
observations about the nature and efficiency of processing.
C.
Distribute a questionnaire to gain a greater understanding of the
responsibilities
for claims processing and the control procedures utilized.
D.
Answer (A) is incorrect. Interviewing supervisors and employees is
a good
method of learning more about the nature of processing and
soliciting input as to
the potential causes of the problems being investigated. These
individuals are
intimately involved with the processing of transactions.
Answer (B) is correct. Sending an email message to clerical staff is
the least
effective communication and information-gathering technique. It is
impersonal
and alleges inefficiencies before evidence has indicated that the
problems are
caused by inefficiencies in processing. This impersonal method
might have been
useful if the auditor wished to solicit open responses, but not enough
guidance is
given to encourage that kind of response.
Answer (C) is incorrect. Interviewing supervisors and employees is
a good
method of learning more about the nature of processing and
soliciting input as to
the potential causes of the problems being investigated. These
individuals are
intimately involved with the processing of transactions.
Answer (D) is incorrect. Using a questionnaire is a procedure that is
not as
effective as interviewing individuals, but it is an efficient method of
gathering
preliminary information that would be useful in structuring the
interviews.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 305
Printed for Sanja Knezevic
[555] Gleim #: 6.4.42
Checklists used to assess risk have been criticized for all of the
following reasons
except
Providing a false sense of security that all relevant factors A. are
addressed.
B. Inappropriately implying equal weight to each item on the
checklist.
C. Decreasing the uniformity of data acquisition.
Being incapable of translating the experience or sound reasoning
intended to be
captured by each item on the checklist.
D.
Answer (A) is incorrect. A checklist may omit factors the importance
of which
could not be foreseen.
Answer (B) is incorrect. Each item will not be of equal significance.
Answer (C) is correct. Checklists increase the uniformity of data
acquisition.
They ensure that a standard approach to assessing risk is taken and
minimize the
possibility of omitting consideration of factors that can be anticipated.
Answer (D) is incorrect. A checklist does not substitute for the sound
professional judgment needed to understand the process of
assessing risk.
[556] Gleim #: 6.5.43
The chief audit executive was reviewing recent reports that had
recommended
additional engagements because of risk exposures to the
organization. Which of the
following represents the greatest risk and should be the next
assignment?
A. Three prenumbered receiving reports were missing.
B. There were several purchase orders issued without purchase
requisitions.
Payment had been made for routine inventory items without a
purchase order or
receiving report.
C.
D. Several times cash receipts had been held over an extra day
before depositing.
Answer (A) is incorrect. The absence of a receiving report or
purchase requisition
will prevent payment if disbursements are properly controlled.
Answer (B) is incorrect. Certain routine purchases may not require
requisitions.
Answer (C) is correct. Payment vouchers for merchandise should be
supported by
(1) a properly authorized purchase requisition, (2) a purchase order
executing the
transaction, (3) a receiving report indicating all goods ordered have
been received
in good condition, and (4) a vendor invoice confirming the amount
owed. Lack of
such support for cash payments suggests a high risk of fraud.
Answer (D) is incorrect. Assuming other controls are in place, the
extent of the
risk is the loss of 1 day’s receipts.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 306
Printed for Sanja Knezevic
fb.com/ciaaofficial
[557] Gleim #: 6.5.44
During a preliminary survey of the accounts receivable function, an
internal auditor
discovered a potentially major control deficiency while preparing a
flowchart. What
immediate action should the internal auditor take regarding the
weakness?
Perform sufficient testing to determine its A. cause and effect.
B. Report it to the level of management responsible for corrective
action.
Schedule a separate engagement to evaluate that segment of the
accounts
receivable function.
C.
Highlight the weakness to ensure that procedures to test it are
included in the
engagement work program.
D.
Answer (A) is incorrect. Testing of the control will be performed
during the field
work phase of the engagement.
Answer (B) is incorrect. There is no need to report the potential
defect. Testing is
needed before reporting the defect to management.
Answer (C) is incorrect. A separate engagement is not needed.
Answer (D) is correct. One purpose of the risk assessment is to
highlight areas
that should be addressed during the engagement. A potentially major
control
deficiency is a significant area warranting special emphasis and
should be noted to
ensure the needed coverage in the engagement work program.
[558] Gleim #: 6.5.45
Data-gathering activities such as interviewing operating personnel,
identifying
standards to be used to evaluate performance, and assessing risks
inherent in a
department’s operations are typically performed in which phase of an
audit
engagement?
A. Field work.
B. Preliminary survey.
C. Engagement program development.
D. Examination and evaluation of evidence.
Answer (A) is incorrect. The preliminary survey must be performed
before the
field work can be undertaken.
Answer (B) is correct. Internal auditors must conduct a preliminary
assessment of
the risks relevant to the activity under review. Engagement objectives
must reflect
the results of this assessment (Impl. Std. 2210.A1). Moreover,
planning should
include performing, as appropriate, a survey to (1) become familiar
with the
activities, risks, and controls to identify areas for engagement
emphasis and
(2) invite comments and suggestions from engagement clients (PA
2210.A1-1,
para. 3). Thus, among many other things, a survey should include
discussions with
the engagement client (e.g., interviews with operating personnel) and
documenting key control activities (including identifying performance
standards).
Answer (C) is incorrect. The preliminary survey must be performed
before the
engagement program can be developed.
Answer (D) is incorrect. The preliminary survey must be performed
before the
evidence can be examined or evaluated.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 307
Printed for Sanja Knezevic
[559] Gleim #: 6.5.46
Internal auditors must make a preliminary assessment of risks when
conducting an
assurance engagement. This assessment may involve quantitative
(objective) and
subjective factors. The least subjective factor is
The organization’s recognized losses A. on derivatives.
B. The auditor’s assessment of management responses.
C. Changes in the auditee’s business forecast.
D. The evaluation of internal control.
Answer (A) is correct. In planning the engagement, internal auditors
must
consider the significant risks and the means by which the potential
impact of risk
is kept to an acceptable level (Perf. Std. 2201). Risk factors have
differing degrees
of objectivity. The most objective (least subjective) factors are facts.
The
organization’s losses on derivatives are facts and therefore objective
to the extent
measurable. Objective information is such that it can be supported by
facts or
numbers. Subjective information is a judgment and may be
interpreted differently
by different people.
Answer (B) is incorrect. The auditor’s assessment of management
responses is a
professional judgment.
Answer (C) is incorrect. The business forecast is not a fact.
Answer (D) is incorrect. The evaluation of internal control is based
on
professional judgment. Information based on judgment is subjective.
[560] Gleim #: 6.5.47
Levels of production stoppages over the past year at a large
laminating business were
abnormally high due to machine malfunctions. Would it be
appropriate for the internal
auditing function to develop a survey examining attitudes toward line
operations,
rotation of work zones, training, maintenance schedule, etc., for the
machine operators
to complete?
A. Yes, the survey is reliable without corroboration.
B. Yes, the examined areas are relevant to the malfunctions.
C. No, the examined areas are irrelevant to the malfunctions.
D. No, the survey is inappropriate without corroboration.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 308
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Reliability without corroboration is not the
reason why the
use of the survey is appropriate. The auditors should keep in mind
the potential need to
corroborate the information before making any final assessment.
Answer (B) is correct. Internal auditors must conduct a preliminary
assessment of the
risks relevant to the activity under review. Engagement objectives
must reflect the
results of this assessment (Impl. Std. 2210.A1). If appropriate,
internal auditors
conduct a survey to (1) become familiar with the activities, risks, and
controls to
identify areas for engagement emphasis and (2) invite comments
and suggestions from
engagement clients (PA 2210.A1-1, para. 3). The survey is
appropriate as a means to
conduct a preliminary assessment because the examined areas are
relevant. The
auditors should keep in mind the potential need to corroborate the
information before
making any final assessment, but this does not prevent use of the
survey.
Answer (C) is incorrect. The examined areas are relevant to the
malfunctions.
Answer (D) is incorrect. The need for corroboration will be
determined after the
survey is completed. The possible need for corroboration does not
preclude the use of
the survey.
[561] Gleim #: 6.5.48
In planning an engagement, the internal auditor establishes
objectives to address the
risk associated with the activity. Risk is the
Possibility that the balance or class of transactions and related
assertions contains
misstatements that could be material to the financial statements.
A.
Uncertainty of the occurrence of an event that could affect the
achievement of
objectives.
B.
Failure to adhere to organizational policies, plans, and procedures or
to comply
with relevant laws and regulations.
C.
Failure to accomplish established objectives and goals for operations
D. or programs.
Answer (A) is incorrect. The risk of material misstatement in
financial statement
assertions is just one adverse effect that can result from unmitigated
risk.
Answer (B) is correct. Risk is the possibility that an event having an
impact on
the achievement of objectives will occur. Risk is measured in terms
of impact and
likelihood (The IIA Glossary).
Answer (C) is incorrect. The failure to adhere to organizational
policies, plans,
and procedures or to comply with relevant laws and regulations is
just one type of
adverse effect that can result from unmitigated risk.
Answer (D) is incorrect. The failure to accomplish established
objectives and
goals for operations or programs is just one type of adverse effect
that can result
from unmitigated risk.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 309
Printed for Sanja Knezevic
[562] Gleim #: 6.5.49
Which of the following activities represents the greatest risk to a
post-merger
manufacturing organization and is therefore most likely to be the
subject of an internal
audit engagement?
Combining A. imprest funds.
B. Combining purchasing functions.
C. Combining legal functions.
D. Combining marketing functions.
Answer (A) is incorrect. Imprest funds are typically immaterial in
amount.
Answer (B) is correct. Purchasing functions ordinarily represent the
greatest
exposure to loss of the items listed and are therefore most likely to
be evaluated.
The financial exposure in the purchasing function is ordinarily greater
than in, for
example, the legal and marketing functions. After a merger, risk is
heightened
because of the difficulty of combining the systems of the two
organizations. Thus,
the likelihood of an engagement is increased.
Answer (C) is incorrect. Legal functions do not typically represent a
risk of loss
as great as the purchasing functions.
Answer (D) is incorrect. Marketing functions do not typically
represent a risk of
loss as great as the purchasing functions.
[563] Gleim #: 6.6.50
An auditor is least likely to use computer software to
A. Construct parallel simulations.
B. Access client data files.
C. Prepare spreadsheets.
D. Assess computer control risk.
Answer (A) is incorrect. Parallel simulation involves using an
auditor’s program
to reproduce the logic of management’s program.
Answer (B) is incorrect. Computer software makes accessing
company files
much faster and easier.
Answer (C) is incorrect. Many audit spreadsheet programs are
available.
Answer (D) is correct. The auditor is required to evaluate the
adequacy and
effectiveness of the system of internal control and to assess risk to
plan the audit.
This assessment is a matter of professional judgment that cannot be
accomplished
with a computer alone.
[564] Gleim #: 6.6.51
When an auditor performs tests on a computerized inventory file
containing over
20,000 line items, that auditor can maintain independence and
perform most
efficiently by
A. Asking the console operator to print every item that costs more
than US $100.
B. Using a generalized audit software package.
C. Obtaining a printout of the entire file and then selecting each nth
item.
D. Using the systems department’s programmer to write an
extraction program.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 310
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Independence is jeopardized when an
operator is involved in
the process.
Answer (B) is correct. Independence can be preserved when the
auditor acquires
general audit software (GAS) from an external source rather than
relying on auditeedeveloped
audit software. Also, efficiency is enhanced to the extent GAS can be
used
(as compared to manual auditing or writing special audit programs).
The leading GAS
packages are currently ACL and IDEA.
Answer (C) is incorrect. Printing out the entire file is both
unnecessary and inefficient.
Answer (D) is incorrect. Overreliance on an auditee’s programmer
impairs
independence.
[565] Gleim #: 6.6.52
Which of the following cannot be performed by an auditor using
generalized audit
software (GAS)?
Identifying missing A. check numbers.
B. Correcting erroneous data elements, making them suitable for
audit testwork.
C. Matching identical product information in separate data files.
D. Aging accounts receivable.
Answer (A) is incorrect. Identifying gaps is a function of major GAS
packages.
Answer (B) is correct. GAS can help an auditor identify erroneous
data, but
correcting them before performing testwork is inappropriate.
Answer (C) is incorrect. Merging files is a function of GAS
packages.
Answer (D) is incorrect. Aging is a function of GAS packages.
[566] Gleim #: 6.6.53
Which of the following is not true about audit use of the Internet?
A. It is a useful research tool for gathering audit-related information.
B. It provides a secure medium to transmit confidential information.
C. Electronic communication is the major use of the Internet by
internal auditors.
D. An electronic record of a user’s web browsing activities is created.
Answer (A) is incorrect. The Internet is a useful audit tool for
gathering and
disseminating audit-related information.
Answer (B) is correct. Users transmitting sensitive information
across the Internet
must understand the threats that arise that could compromise the
confidentiality of
the data. Security measures, such as encryption technology, need to
be taken to
ensure that the information is viewed only by those authorized to
view it.
Answer (C) is incorrect. The major use of the Internet by internal
auditors is
electronic communication.
Answer (D) is incorrect. Web browsing leaves an electronic record
of the user’s
search path.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 311
Printed for Sanja Knezevic
[567] Gleim #: 6.6.54
A primary advantage of using generalized audit software (GAS)
packages in auditing
the financial statements of a client that uses a computer system is
that the auditor may
Substantiate the accuracy of data through self-checking digits A. and
hash totals.
B. Reduce the level of required tests of controls to a relatively small
amount.
Access information stored on computer files without a complete
understanding of
the client’s hardware and software features.
C.
Consider increasing the use of substantive tests of transactions in
place of
analytical procedures.
D.
Answer (A) is incorrect. Self-checking digits and hash totals are
application
controls used by clients.
Answer (B) is incorrect. GAS may permit far more comprehensive
tests of
controls than in a manual audit.
Answer (C) is correct. A detailed knowledge of the client’s system is
unnecessary
because a generalized audit software package is designed to
process data files
from almost any platform. The leading packages are currently ACL
(Audit
Command Language) and IDEA (Interactive Data Extraction and
Analysis).
Answer (D) is incorrect. The auditor is required to apply analytical
procedures in
the planning and overall review phases of the audit.
[568] Gleim #: 6.6.55
Which of the following strategies will an auditor most likely consider
in auditing an
entity that processes most of its financial data only in electronic form,
such as a
paperless system?
Continuous monitoring and analysis of transaction processing with
an embedded
audit module.
A.
Increased reliance on internal control activities that emphasize the
segregation of
duties.
B.
Verification of encrypted digital certificates used to monitor the
authorization of
transactions.
C.
Extensive testing of firewall boundaries that restrict the recording of
outside
network traffic.
D.
Answer (A) is correct. An audit module embedded in the client’s
software
routinely selects and abstracts certain transactions. They may be
tagged and traced
through the information system. An alternative is recording in an
audit log, that is,
in a file accessible only by the auditor.
Answer (B) is incorrect. The same level of segregation of duties as
in a manual
system is not feasible in highly sophisticated computer systems.
Answer (C) is incorrect. Encrypted digital signatures help ensure the
authenticity
of the sender of information, but verifying them is a less pervasive
and significant
procedure than continuous monitoring of transactions.
Answer (D) is incorrect. Firewalls exclude unauthorized activity from
entering a
system; however, such activity would be independent of the internal
processing of
financial information.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 312
Printed for Sanja Knezevic
fb.com/ciaaofficial
[569] Gleim #: 6.6.56
Which of the following is the primary reason that many auditors
hesitate to use
embedded audit modules?
Embedded audit modules cannot be protected from A. computer
viruses.
Auditors are required to monitor embedded audit modules
continuously to obtain
valid results.
B.
C. Embedded audit modules can easily be modified through
management tampering.
Auditors are required to be involved in the system design of the
application to be
monitored.
D.
Answer (A) is incorrect. Embedded audit modules are no more
vulnerable to
computer viruses than any other software.
Answer (B) is incorrect. The advantage of embedded audit modules
is that
auditors are not required to monitor them continuously to obtain valid
results.
Answer (C) is incorrect. Embedded audit modules cannot be easily
modified
through management tampering.
Answer (D) is correct. Continuous monitoring and analysis of
transaction
processing can be achieved with an embedded audit module. To be
successful, the
internal auditor may need to be involved in the design of the
application.
Designing the system may impair independence unless the client
makes all
management decisions.
[570] Gleim #: 6.6.57
If a financial institution overstated revenue by charging too much of
each loan
payment to interest income and too little to repayment of principal,
which of the
following audit procedures would be least likely to detect the error?
Performing an analytical review by comparing interest income this
period as a
percentage of the loan portfolio with the interest income percentage
for the prior
period.
A.
Using an integrated test facility (ITF) and submitting interest
payments for various
loans in the ITF portfolio to determine if they are recorded correctly.
B.
Using test data and submitting interest payments for various loans in
the test
portfolio to determine if they are recorded correctly.
C.
Using generalized audit software to select a random sample of loan
payments
made during the period, calculating the correct posting amounts, and
tracing the
postings that were made to the various accounts.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 313
Printed for Sanja Knezevic
Answer (A) is correct. Analytical review is the least effective
procedure. It provides
only a comparison with the prior period when the same error may
have been made.
Moreover, it is a global test that does not isolate the cause of a
suspected misstatement.
Answer (B) is incorrect. The concern is whether the interest rate
calculation is made
correctly. Using an ITF, the auditor creates a test record within the
client’s actual
system. Fictitious transactions affecting the test record along with
actual transactions
are processed. Client operating personnel need not be aware of the
testing process.
Accordingly, an ITF is an effective way to detect computational
errors.
Answer (C) is incorrect. Using the test data approach, the auditor
develops and
processes a set of valid and invalid transactions using the client’s
application
programs. Based on the understanding of the programmed controls,
the auditor has an
expectation of the results of the processing. The auditor can
determine if the client’s
controls are working effectively to reject and report invalid and
questionable
transactions.
Answer (D) is incorrect. Using GAS is the most effective procedure.
The auditor is
taking a detailed sample of actual transactions.
[571] Gleim #: 6.6.58
What computer-assisted audit technique (CAAT) would an auditor
use to identify a
fictitious or terminated employee?
Parallel simulation of payroll A. calculations.
B. Exception testing for payroll deductions.
C. Recalculations of net pay.
D. Tagging and tracing of payroll tax-rate changes.
Answer (A) is incorrect. In a parallel simulation, data that were
processed by the
engagement client’s system are reprocessed through the auditor’s
program to
determine whether the output obtained matches the output
generated by the
client’s system. This technique might identify problems with the
client’s
processing but would not identify a fictitious or terminated employee.
Answer (B) is correct. Exception testing for payroll deductions is a
type of CAAT
that can identify employees who have no deductions. This is
important because
fictitious or terminated employees will generally not have any
deductions.
Answer (C) is incorrect. A CAAT program can recalculate such
amounts as gross
pay, net pay, taxes and other deductions, and accumulated or used
leave times.
These recalculations can help determine whether the payroll
program is operating
correctly or employee files have been altered, but it would not identify
a fictitious
or terminated employee.
Answer (D) is incorrect. In this type of CAAT program, certain actual
transactions are “tagged.” As they proceed through the system, a
data file is
created that traces the processing through the system and permits
subsequent
review of that processing. However, this procedure would not identify
a fictitious
or terminated employee.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 314
Printed for Sanja Knezevic
fb.com/ciaaofficial
[572] Gleim #: 6.6.59
An organization provides credit cards to selected employees for
business use. The
credit card company provides a computer file of all transactions by
employees of the
organization. An auditor plans to use generalized audit software
(GAS) to select
relevant transactions for testing. Which of the following would not be
readily
identified using GAS?
High-monetary-A. amount transactions.
B. Fraudulent transactions.
C. Transactions for specific cardholders.
D. Suppliers used by each cardholder.
Answer (A) is incorrect. GAS can be used to search for unusual
transactions,
such as those exceeding a specific dollar amount.
Answer (B) is correct. It is highly unlikely that the accounts payable
system
contains sufficient evidence of fraudulent transactions. GAS can be
used to
explore indicators of fraud, but it probably would not identify them.
Answer (C) is incorrect. Transaction data can be filtered using GAS.
Answer (D) is incorrect. Suppliers used by cardholders can be
summarized using
GAS.
[573] Gleim #: 6.6.60
Insurers may receive hospitalization claims directly from hospitals by
computer media;
no paper is transmitted from the hospital to the insurer. Which of the
following
controls is most effective in detecting fraud in such an environment?
Use integrated test facilities to test the correctness of processing in a
manner that
is transparent to data processing.
A.
Develop monitoring programs to identify unusual types of claims or
an unusual
number of claims by demographic classes for investigation by the
claims
department.
B.
Use generalized audit software to match the claimant identification
number with a
master list of valid policyholders.
C.
Develop batch controls over all items received from a particular
hospital and
process those claims in batches.
D.
Answer (A) is incorrect. An integrated test facility is useful in
determining the
correctness of processing of validly entered transactions. The issue
in this case is
the validity of the entered transactions.
Answer (B) is correct. Monitoring assesses the quality of internal
control over
time. Ongoing monitoring occurs as part of routine operations. It
includes
management and supervisory review, comparisons, reconciliations,
and other
actions by personnel as part of their regular activities. Thus,
monitoring of the
number and nature of claims may serve to detect failures of internal
control.
Answer (C) is incorrect. An edit control should be built into the
application to
test for valid policy numbers.
Answer (D) is incorrect. Batch controls are designed to ensure that
all items
submitted are processed, i.e., that they are not lost or added to.
Batch controls
serve a control purpose, but the major concern in this situation is the
validity of
the input.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 315
Printed for Sanja Knezevic
[574] Gleim #: 6.6.61
A company that has many branch stores has decided to use its bestperforming store as
a benchmark organization for the purpose of analyzing the accuracy
and reliability of
branch store financial reporting. Which one of the following is the
most likely measure
to be included in a financial benchmark?
High turnover A. of employees.
B. High level of employee participation in setting budgets.
C. High amount of bad debt write-offs.
D. High number of suppliers.
Answer (A) is incorrect. Turnover of employees is an internal
nonfinancial
benchmark.
Answer (B) is incorrect. Employee participation in setting budgets is
an internal
nonfinancial benchmark.
Answer (C) is correct. Internal benchmarking is the application of
best practices
in one part of the organization (e.g., a high-performing branch store)
to its other
parts (other branches). This process requires, among other things,
use of
quantitative and qualitative measures. A key indicator for financial
performance
measurement is the amount of bad debt write-offs. A high level of
bad debt writeoffs
could indicate fraud, which would compromise the accuracy and
reliability of
financial reports. Bad debt write-offs may result from recording
fictitious sales.
Answer (D) is incorrect. The number of suppliers is not a financial
benchmark.
[575] Gleim #: 6.7.62
Accounts payable schedule verification may include the use of
analytical information.
Which of the following is analytical information?
A. Comparing the schedule with the accounts payable ledger or
unpaid voucher file.
B. Comparing the balance on the schedule with the balances of prior
years.
Comparing confirmations received from selected creditors with the
accounts
payable ledger.
C.
D. Examining vendors’ invoices in support of selected items on the
schedule.
Answer (A) is incorrect. Comparing the schedule with the accounts
payable
ledger or unpaid voucher file is a test of details.
Answer (B) is correct. Analytical procedures are useful in identifying
(1)
unexpected differences, (2) the absence of differences when they
are expected, (3)
potential errors, (4) potential fraud or illegal acts, or (5) other unusual
or
nonrecurring transactions or events (PA 2320-1, para. 2). Thus, they
may include
comparison of current-period information with budgets, forecasts, or
similar
information for prior periods.
Answer (C) is incorrect. Comparing confirmations received from
selected
creditors with the accounts payable ledger is a test of details.
Answer (D) is incorrect. Examining vendors’ invoices in support of
selected
items on the schedule is a test of details.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 316
Printed for Sanja Knezevic
fb.com/ciaaofficial
[576] Gleim #: 6.7.63
Analytical procedures
Are considered direct information about the assertion A. being
evaluated.
B. Involve such tests as confirmation of receivables.
C. May provide the best available information for the completeness
assertion.
D. Are never sufficient by themselves to support management
assertions.
Answer (A) is incorrect. Although relevant, analytical information is
not direct. It
is a means of gathering information without testing particular
transactions
directly.
Answer (B) is incorrect. Analytical information involves a study of
plausible
relationships among data. Confirmation is a substantive test of
details.
Answer (C) is correct. Analytical procedures usually involve
summarizing and
comparing data so that trends and other important relationships may
be detected.
Procedures range from simple comparisons of amounts reported to
advanced
statistical and modeling techniques. The use of analytical procedures
involves
judgment and focuses on the overall reasonableness of recorded
amounts. Thus,
analytical procedures provide information that all transactions and
accounts that
should be presented are included. In some circumstances, the
internal auditor may
be able to determine that analytical procedures by themselves
provide the desired
level of assurance.
Answer (D) is incorrect. For assertions of low materiality, analytical
information
may be considered sufficient.
[577] Gleim #: 6.7.64
During an engagement, the internal auditor should consider the
following factor(s) in
determining the extent to which analytical procedures should be used
during the
engagement:
A. Adequacy of the system of internal control.
B. Significance of the area being examined.
C. Precision with which the results of analytical audit procedures can
be predicted.
D. All of the answers are correct.
Answer (A) is incorrect. The adequacy of the system of internal
control should be
considered.
Answer (B) is incorrect. The significance of the area being
examined should be
considered.
Answer (C) is incorrect. The precision with which the results of
analytical
procedures can be predicted should be considered.
Answer (D) is correct. When determining the extent to which
analytical
procedures should be used, the internal auditor considers (1) the
significance of
the area being examined, (2) the assessment of risk management in
the audited
area, (3) the adequacy of the internal control system, (4) the
availability and
reliability of financial and nonfinancial information, (5) the precision
with which
the results of analytical audit procedures can be predicted, (6) the
availability and
comparability of information regarding the industry in which the
organization
operates, and (7) the extent to which other procedures provide
evidence (PA 23201, para. 5).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 317
Printed for Sanja Knezevic
[578] Gleim #: 6.7.65
The internal auditor of an organization with a recently automated
human resources
system reviews the retirement benefits plan and determines that the
pension and
medical benefits have been changed several times in the past 10
years. The internal
auditor wishes to determine whether further investigation is justified.
The most
appropriate engagement procedure is to
Review the trend of overall retirement expense over the last 10
years. If it has
increased, further investigation is needed.
A.
Use generalized audit software to take a monetary-unit sample of
retirement pay
and determine whether each retired employee was paid correctly.
B.
Review reasonableness of retirement pay and medical expenses on
a per-person
basis stratified by which plan was in effect when the employee
retired.
C.
Use generalized audit software to take an attribute sample of
retirement pay and
perform detailed testing to determine whether each person chosen
was given the
proper benefits.
D.
Answer (A) is incorrect. Reviewing the trend of overall retirement
expense over
the last 10 years does not consider the changes in plans or the
number of
employees retired.
Answer (B) is incorrect. The sample should be stratified. The
population is not
homogeneous.
Answer (C) is correct. Analytical procedures often provide the
internal auditor
with an efficient and effective means of obtaining evidence. The
assessment
results from comparing information with expectations identified or
developed by
the internal auditor. Analytical procedures are useful in identifying (1)
unexpected
differences, (2) the absence of differences when they are expected,
(3) potential
errors, (4) potential fraud or illegal acts, or (5) other unusual or
nonrecurring
transactions or events (PA 2320-1, para. 2). Accordingly, significant
changes,
such as those in pension and medical benefits, require the internal
auditor to refine
his/her expectations. In these circumstances, the internal auditor
must stratify the
sample according to the plans in effect when the employees retired
and develop a
predicted result for each person based on the stratum to which (s)he
belongs.
Answer (D) is incorrect. Taking an attribute sample of retirement pay
does not
meet the engagement objective of determining whether further
investigation is
warranted.
[579] Gleim #: 6.7.66
Analytical procedures enable the internal auditor to predict the
balance or quantity of
an item. Information to develop this estimate can be obtained by all
of the following
except
Tracing transactions through the system to determine whether
procedures are
being applied as prescribed.
A.
Comparing financial data with data for comparable prior periods,
anticipated
results (e.g., budgets and forecasts), and similar data for the industry
in which the
entity operates.
B.
Studying the relationships of elements of financial data that would be
expected to
conform to a predictable pattern based upon the entity’s experience.
C.
Studying the relationships of financial data with relevant D.
nonfinancial data.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 318
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Tracing transactions through the system is a
test of controls
directed toward the operating effectiveness of internal control, not an
analytical
procedure.
Answer (B) is incorrect. The basic premise of analytical procedures
is that plausible
relationships among data may be reasonably expected to exist and
continue in the
absence of known conditions to the contrary. Well-drafted budgets
and forecasts
prepared at the beginning of the year should therefore be compared
with actual results,
and engagement client information should be compared with data for
the industry in
which the engagement client operates.
Answer (C) is incorrect. The internal auditor should expect financial
ratios and
relationships to exist and to remain relatively stable in the absence of
reasons for
variation.
Answer (D) is incorrect. Financial information is related to
nonfinancial information;
e.g., salary expense should be related to the number of hours
worked.
[580] Gleim #: 6.7.67
Analytical procedures in which current financial statements are
compared with budgets
or previous statements are primarily intended to determine the
Adequacy of financial statement A. disclosure.
B. Existence of specific errors or omissions.
C. Overall reasonableness of statement contents.
D. Use of an erroneous cutoff date.
Answer (A) is incorrect. Analytical procedures concern
interrelationships among
data, not the propriety of disclosure.
Answer (B) is incorrect. Analytical procedures are concerned with
overall
reasonableness, not the existence of specific errors.
Answer (C) is correct. Analytical procedures often provide the
internal auditor
with an efficient and effective means of obtaining evidence. The
assessment
results from comparing information with expectations identified or
developed by
the internal auditor. Analytical procedures are useful in identifying (1)
unexpected
differences, (2) the absence of differences when they are expected,
(3) potential
errors, (4) potential fraud or illegal acts, or (5) other unusual or
nonrecurring
transactions or events (PA 2320-1, para. 2). Thus, a comparison of
current-period
information with budgets or previous-period information is helpful in
planning the
engagement. This comparison may identify conditions, such as
unreasonable
amounts in financial statements, that may require subsequent
engagement
procedures.
Answer (D) is incorrect. Analytical procedures detect unreasonable
amounts, not
the specific causes of unexpected conditions.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 319
Printed for Sanja Knezevic
[581] Gleim #: 6.7.68
A rental car organization’s fleet maintenance division uses a different
code for each
type of inventory transaction. A daily summary report lists activity by
part number and
transaction code. The report is reconciled by the parts room
supervisor to the day’s
material request forms and is then forwarded to the fleet manager for
approval. The
use of transaction codes provides the fleet manager with information
concerning the
types of inventory activities. The internal auditor is considering an
analytical review of
transaction codes and materials used. The objective of this review is
to
Provide information about overstocked A. inventory items.
B. Reveal shortages in perpetual inventory records.
C. Determine whether inventory items are properly valued.
D. Identify possible material lost due to employee theft.
Answer (A) is incorrect. The summary report does not include
stocking levels.
Answer (B) is incorrect. The summary report concerns only issued
items.
Answer (C) is incorrect. The summary report does not address the
valuation
assertion.
Answer (D) is correct. Analytical procedures often provide the
internal auditor
with an efficient and effective means of obtaining evidence. The
assessment
results from comparing information with expectations identified or
developed by
the internal auditor. Analytical procedures are useful in identifying (1)
unexpected
differences, (2) the absence of differences when they are expected,
(3) potential
errors, (4) potential fraud or illegal acts, or (5) other unusual or
nonrecurring
transactions or events (PA 2320-1, para. 2). An analysis of materials
used and
materials issued may reveal a discrepancy. One possible explanation
for excessive
issuance of materials is employee theft.
[582] Gleim #: 6.7.69
During an operational audit engagement, an auditor compared the
inventory turnover
rate of a subsidiary with established industry standards in order to
A. Evaluate the accuracy of internal financial reports.
B. Test controls designed to safeguard assets.
C. Determine compliance with corporate procedures regarding
inventory levels.
D. Assess performance and indicate where additional audit work may
be needed.
Answer (A) is incorrect. Comparison with industry standards will not
test the
accuracy of internal reporting.
Answer (B) is incorrect. Comparison with industry standards will not
test the
controls designed to safeguard the inventory.
Answer (C) is incorrect. Comparison with industry standards will not
test
compliance.
Answer (D) is correct. Inventory turnover provides analytical
information. It
equals cost of sales divided by average inventory. A low turnover
ratio implies
that inventory is excessive, for example, because the goods are
obsolete or
because the organization has overestimated demand. Accordingly,
such an
analytical procedure will provide an indication of the efficiency and
effectiveness
of the subsidiary’s management of the inventory.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 320
Printed for Sanja Knezevic
fb.com/ciaaofficial
[583] Gleim #: 6.7.70
The use of an analytical review to verify the correctness of various
operating expenses
would not be a preferred approach if
An auditor notes strong indicators of a specific fraud involving A.
these accounts.
B. Operations are relatively stable and have not changed much over
the past year.
An auditor would like to identify large, unusual, or non-recurring
transactions
during the year.
C.
Operating expenses vary in relation to other operating expenses, but
not in relation
to revenue.
D.
Answer (A) is correct. Analytical auditing procedures assist internal
auditors in
identifying conditions that may require subsequent engagement
procedures.
Accordingly, if the auditor already suspects fraud involving operating
expenses, a
more directed audit approach is appropriate.
Answer (B) is incorrect. Operational stability suggests that the
normal analytical
relationships involving operating expenses continue to exist. This
stability helps
the auditor to develop expectations that may be used for comparison
with actual
results.
Answer (C) is incorrect. Analytical review is useful in identifying
unusual or
nonrecurring transactions or events.
Answer (D) is incorrect. Analytical review is appropriate when
plausible
relationships among the data allow the auditor to develop or identify
reasonable
expectations that may be compared with actual data. For example,
such
relationships may include the ways in which operating expenses vary
relative to
each other. Analytical review of these expenses does not require that
they be
related to revenue.
[584] Gleim #: 6.8.71
A company with many branch stores has decided to benchmark one
of its stores for the
purpose of analyzing the accuracy and reliability of branch store
financial reporting.
Which one of the following is the most likely measure to be included
in a financial
benchmark?
A. High turnover of employees.
B. High level of employee participation in setting budgets.
C. High amount of bad debt write-offs.
D. High number of suppliers.
Answer (A) is incorrect. Turnover of employees is not a financial
benchmark.
Answer (B) is incorrect. Employee participation in setting budgets is
not a
financial benchmark.
Answer (C) is correct. The level of bad debts written off as
uncollectible is a
benchmark stated in financial terms. A level exceeding the
benchmark could
indicate fraud, which compromises the accuracy and reliability of
financial
reports. Bad debt write-offs may result from recording fictitious sales.
Answer (D) is incorrect. The number of suppliers is not a financial
benchmark.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 321
Printed for Sanja Knezevic
[585] Gleim #: 6.8.72
The legislative auditing bureau of a country is required to perform
compliance
engagements involving organizations that are issued defense
contracts on a cost-plus
basis. Contracts are clearly written to define acceptable costs,
including developmental
research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive
outsourcing of its
activities. The outsourcing included contracts to run cafeterias,
provide janitorial
services, manage computer operations and systems development,
and provide
engineering of construction projects. The contracts were modeled
after those used for
years in the defense industry. The legislative internal auditors are
being called upon to
expand their efforts to include compliance engagements involving
these contracts.
Upon initial investigation of these outsourced areas, the internal
auditor found many
areas in which the outsourced management has apparently
expanded its authority and
responsibility. For example, the contractor that manages computer
operations has
developed a highly sophisticated security program that may
represent the most
advanced information security in the industry. The internal auditor
reviews the
contract and sees reference only to providing appropriate levels of
computing security.
The internal auditor suspects that the governmental agency may be
incurring
developmental costs that the outsourcer may use for competitive
advantage in
marketing services to other organizations.
Assuming that a high degree of security is needed, which of the
following potential
sources of information will also be relevant to the internal auditor’s
assessment of
whether the governmental unit is being charged for computer
security that exceeds the
entity’s needs?
Comparison of the security system with best practices implemented
for similar
systems
I.
Comparison of the security system with recent publications on stateof-the-art
systems
II.
Tests of the functionality of III. the security system
A. II only.
B. I and II only.
C. III only.
D. I, II, and III.
Answer (A) is incorrect. Benchmarking (identifying the best
practices of similar
entities) also provides relevant information.
Answer (B) is correct. Comparison of the security system with best
practices
implemented for similar systems and with recent publications on
state-of-the-art
systems is the best approach. It compares the system being
developed with cutting
edge systems and provides the internal auditor with a basis to
address the
outsourcer’s claim that the system is the minimum necessary for the
organization.
Answer (C) is incorrect. Testing the functionality of the system
provides
information on whether the system works, not whether it is
appropriate for the
entity.
Answer (D) is incorrect. Testing the functionality of the system
provides
information on whether the system works, not whether it is
appropriate for the
entity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 322
Printed for Sanja Knezevic
fb.com/ciaaofficial
[586] Gleim #: 6.8.73
An example of an internal nonfinancial benchmark is
The labor rate of comparably skilled employees at a major A.
competitor’s plant.
The average actual cost per pound of a specific product at the
company’s most
efficient plant.
B.
A US $50,000 limit on the cost of employee training programs at
each of the
company’s plants.
C.
The percentage of customer orders delivered on time at the
company’s most
efficient plant.
D.
Answer (A) is incorrect. The labor rate of comparably skilled
employees at a
major competitor’s plant is a financial measure.
Answer (B) is incorrect. The average actual cost per pound of a
specific product
at the company’s most efficient plant is a financial measure.
Answer (C) is incorrect. A US $50,000 limit on the cost of employee
training
programs at each of the company’s plants is a financial measure.
Answer (D) is correct. Benchmarking is a continuous evaluation of
the practices
of the best organizations in their class and the adaptation of
processes to reflect
the best of these practices. It entails analysis and measurement of
key outputs
against those of the best organizations. This procedure also involves
identifying
the underlying key actions and causes that contribute to the
performance
difference. The percentage of orders delivered on time at the
company’s most
efficient plant is an example of an internal nonfinancial benchmark.
[587] Gleim #: 6.8.74
What is the first phase in the benchmarking process?
A. Organize benchmarking teams.
B. Select and prioritize benchmarking projects.
C. Researching and identifying best-in-class performance.
D. Data analysis.
Answer (A) is incorrect. Organizing benchmarking teams is a
subsequent phase.
Answer (B) is correct. The first phase in the benchmarking process
is to select
and prioritize benchmarking projects. The next phase is to organize
benchmarking
teams. Researching and identifying best-in-class is the third phase in
the
benchmarking process. The fourth phase is data analysis, and the
final phase is the
implementation phase.
Answer (C) is incorrect. Researching and identifying best-in-class
performance is
a subsequent phase.
Answer (D) is incorrect. Data analysis is a subsequent phase.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 323
Printed for Sanja Knezevic
[588] Gleim #: 6.8.75
Which of the following statements regarding benchmarking is false?
Benchmarking involves continuously evaluating the practices of bestin-class
organizations and adapting company processes to incorporate the
best of these
practices.
A.
Benchmarking, in practice, usually involves a company’s formation of
benchmarking teams.
B.
Benchmarking is an ongoing process that entails quantitative and
qualitative
measurement of the difference between the company’s performance
of an activity
and the performance by the best in the world or the best in the
industry.
C.
The benchmarking organization against which a firm is comparing
itself must be a
direct competitor.
D.
Answer (A) is incorrect. It is a true statement about benchmarking.
Answer (B) is incorrect. It is a true statement about benchmarking.
Answer (C) is incorrect. It is a true statement about benchmarking.
Answer (D) is correct. Benchmarking is an ongoing process that
entails
quantitative and qualitative measurement of the difference between
the company’s
performance of an activity and the performance by a best-in-class
organization.
The benchmarking organization against which a firm is comparing
itself need not
be a direct competitor. The important consideration is that the
benchmarking
organization be an outstanding performer in its industry.
[589] Gleim #: 6.8.76
The phase of the benchmarking process in which the team must be
able to justify its
recommendations is the
Prioritize benchmarking A. projects phase.
B. Implementation phase.
C. Data analysis phase.
D. Researching and identifying best in class performance phase.
Answer (A) is incorrect. This is the stage where businesses must
understand key
business processes and drivers.
Answer (B) is correct. Leadership is most important in the
implementation phase
of the benchmarking process because the team must be able to
justify its
recommendations. Also, the process improvement teams must
manage the
implementation of approved changes.
Answer (C) is incorrect. The data analysis phase entails identifying
performance
gaps and understanding the reasons they exist.
Answer (D) is incorrect. This stage involves the setting up of
databases and
information-gathering methods.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 324
Printed for Sanja Knezevic
fb.com/ciaaofficial
[590] Gleim #: 6.8.77
Researching and identifying best-in-class performance is often the
most difficult
phase. Which of the following is not a critical step?
Setting A. up databases.
B. Choosing information-gathering methods.
C. Formatting questionnaires.
D. Employee training and empowerment.
Answer (A) is incorrect. Setting up databases is a critical step in the
researching
and identifying phase.
Answer (B) is incorrect. Choosing information-gathering methods is
a critical
step in the researching and identifying phase.
Answer (C) is incorrect. Formatting questionnaires is a critical step
in the
researching and identifying phase.
Answer (D) is correct. The critical steps in the researching and
identifying phase
are setting up databases, choosing information-gathering methods,
formatting
questionnaires, and selecting benchmarking partners. Employee
training and
empowerment is part of total quality management (TQM).
[591] Gleim #: 6.8.78
Which of the following is true of benchmarking?
Benchmarking is typically accomplished by comparing an
organization’s
performance with the performance of its closest competitors.
A.
Benchmarking can be performed using either qualitative or
quantitative
comparisons.
B.
Benchmarking is normally limited to manufacturing operations and
production
processes.
C.
Benchmarking is accomplished by comparing an organization’s
performance to
that of the best-performing organizations.
D.
Answer (A) is incorrect. Benchmarking involves a comparison with
industry
leaders or world-class operations. It uses either industry-wide
amounts (to protect
the confidentiality of information provided by participating
organizations) or
amounts from cooperating organizations.
Answer (B) is incorrect. Benchmarking requires measurements,
which involve
quantitative comparisons.
Answer (C) is incorrect. Benchmarking can be applied to all of the
functional
areas in an organization. In fact, manufacturing often tends to be
industry-specific,
whereas activities such as processing an order or paying an invoice
are not.
Nonmanufacturing functions often provide a greater opportunity to
improve by
learning from global leaders.
Answer (D) is correct. Benchmarking is a continuous evaluation of
the practices
of the best organizations in their class and the adaptation of
processes to reflect
the best of these practices. It entails analysis and measurement of
key outputs
against those of the best organizations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 325
Printed for Sanja Knezevic
[592] Gleim #: 6.8.79
An organization wants to improve on its performance measures for a
new business
line. Which type of benchmarking is most likely to provide information
useful for this
purpose?
A. Functional.
B. Competitive.
C. Generic.
D. Internal.
Answer (A) is correct. The type of benchmarking most likely to help
improve
performance measures for a new business line is functional
benchmarking.
Comparison with organizations that perform related functions within
the same
technological area provides information about what is being achieved
elsewhere in
the new business line.
Answer (B) is incorrect. Comparison with the best competitors
focuses on
performance in related organizations as a whole and likely includes
some
activities unrelated to the new business line.
Answer (C) is incorrect. Comparison of processes that are virtually
the same
regardless of industry (such as document processing) would not be
as helpful as
comparison of processes that are similar in function.
Answer (D) is incorrect. Comparison against the best within the
same
organization may be misleading. It does not provide information
about what is
being accomplished outside the organization in the new business
line.
[593] Gleim #: 6.9.80
An inexperienced internal auditor notified the senior auditor of a
significant variance
from the engagement client’s budget. The senior told the new
internal auditor not to
worry because the senior had heard that there had been an
unauthorized work stoppage
that probably accounted for the difference. Which of the following
statements is most
appropriate?
The new internal auditor should have investigated the matter fully
and not
bothered the senior.
A.
The senior used proper judgment in curtailing what could have been
a wasteful
investigation.
B.
The senior should have halted the engagement until the variance
was fully
explained.
C.
The senior should have aided the new internal auditor in formulating
a plan for
accumulating appropriate information.
D.
Answer (A) is incorrect. An inexperienced internal auditor should
refer this
matter to the senior.
Answer (B) is incorrect. The facts given do not support the
conclusion that
accumulating additional information would be wasteful.
Answer (C) is incorrect. The variance needs explanation, but the
engagement
should continue.
Answer (D) is correct. When analytical audit procedures identify
unexpected
results or relationships, the internal auditor evaluates such results or
relationships
(PA 2320-1, para. 6). The senior allowed the identified variance to go
unevaluated.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 326
Printed for Sanja Knezevic
fb.com/ciaaofficial
[594] Gleim #: 6.9.81
A small city managed its own pension fund. According to the city
charter, investments
could be made only in bonds, money market funds, or high-quality
stocks. The internal
auditor has already verified the existence of the pension fund’s
assets. The fund
balance was not very large and was managed by the city treasurer.
The internal auditor
decided to estimate income from investments of the fund by
multiplying the average
fund balance by a weighted-average rate based on the current
portfolio mix. Upon
doing so, the internal auditor found that recorded return was
substantially less than
was expected. The internal auditor’s next procedure should be to
Inquire of the treasurer as to the reason that income appears to be
less than
expected.
A.
Prepare a more detailed estimate of income by consulting a dividend
and reporting
service that lists the interest or dividends paid on specific stocks and
bonds.
B.
Inform management and the board that fraud is suspected and
suggest that legal
counsel be called in to complete the investigation.
C.
Select a sample of entries to the pension fund income account and
trace to the
cash journal to determine if cash was received.
D.
Answer (A) is incorrect. The internal auditor should refine the
estimate further
before discussing the matter with the treasurer. Even if the internal
auditor has
confidence in the first estimate, the suspicion of potential fraud
should lead the
internal auditor to do further work, e.g., tracing the estimated income
developed in
the first step to the cash receipts book before confronting the
treasurer.
Answer (B) is correct. When analytical audit procedures identify
unexpected
results or relationships, for example, when pension fund assets are
suspiciously
low, the internal auditor evaluates such results or relationships (PA
2320-1,
para. 6). Before inquiring of client management, the auditor should
obtain more
detailed information about the unexpected results or relationships.
Answer (C) is incorrect. The internal auditor does not have sufficient
information
to justify the conclusion that fraud has occurred.
Answer (D) is incorrect. This procedure would provide information
only about
recorded income.
[595] Gleim #: 6.9.82
While testing the effectiveness of inventory controls, the internal
auditor makes a note
in the working papers that most of the cycle count adjustments for
the facility involved
transactions of the machining department. The machining
department also had
generated an extraordinary number of cycle count adjustments in
comparison with
other departments last year. The internal auditor should
Interview management and apply other engagement procedures to
determine
whether transaction controls and procedures within the machining
department are
adequate.
A.
Do no further work because the concern was not identified by the
analytical
procedures included in the engagement work program.
B.
Notify internal auditing management that C. fraud is suspected.
Place a note in the working papers to review this matter in detail
during the next
engagement.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 327
Printed for Sanja Knezevic
Answer (A) is correct. When analytical audit procedures identify
unexpected results
or relationships, the internal auditor evaluates such results or
relationships. The auditor
may ask management about the reasons for the difference and
would corroborate
management’s explanation (PA 2320-1, para. 6).
Answer (B) is incorrect. The engagement work program is a guide
that does not
restrict the auditor from pursuing information unknown at the time
that the program
was written.
Answer (C) is incorrect. The facts do not yet support a conclusion
that fraud has
occurred.
Answer (D) is incorrect. The risk of a material misstatement of
inventory should be
addressed promptly.
[596] Gleim #: 6.9.83
An internal auditor was evaluating the effectiveness and efficiency of
the operation of
the motor pool. The engagement work program included the use of
analytical
procedures to observe the trend of expenses for major overhauls of
heavy-wheeled
vehicles. This trend showed a substantial increase in the last year of
the ratios of
monetary amounts spent in relation to (1) the number of vehicles
being used, (2) the
mileage of the vehicles, (3) the age of the equipment, and (4)
environmental
conditions. The auditor’s investigation indicated that two new
maintenance firms were
being used. The expenditure packages from the maintenance work
were complete;
however, the billings for the work had an unusual regularity. The
identification of the
vehicles being serviced did not correspond to the vehicle
maintenance reports.
Possible engagement procedures include
Discussing the matter with the superintendent of maintenance and
asking for an
explanation
1.
Preparing a schedule of the types of maintenance being performed
and comparing
it with manufacturers’ maintenance guides
2.
Analyzing vehicles’ trip tickets to determine if they contain indications
of
problems needing attention
3.
Reviewing deadline reports to determine that vehicles were not in
service on the
dates of maintenance work
4.
Reviewing dispatch schedules to determine whether vehicles were
dispatched for
use on days the maintenance work was reported as performed
5.
Discussing the matter 6. with plant security
Which of the above actions should have the highest priority?
A. 1, 6, and 4.
B. 4, 5, and 6.
C. 6, 5, and 1.
D. 2, 3, and 4.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 328
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Discussing the matter with the
superintendent could
compromise the investigation if (s)he is engaged in fraudulent
activities or tells
someone who is.
Answer (B) is correct. When analytical procedures identify
unexpected results or
relationships, the internal auditor evaluates such results or
relationships. This
evaluation includes determining whether the difference from
expectations could be a
result of fraud, error, or a change in conditions. The auditor may ask
management
about the reasons for the difference and would corroborate
management’s explanation,
for example, by modifying expectations and recalculating the
difference or by applying
other audit procedures (PA 2320-1, para. 6). Substantial increases in
maintenance cost
ratios indicate a need for a more extensive investigation. Items 4 and
5 could provide
information regarding the status of vehicles. If discrepancies are
found, the appropriate
authorities within the organization should be consulted.
Answer (C) is incorrect. Discussing the matter with the
superintendent could
compromise the investigation, and the days that the vehicles were in
use is irrelevant.
Answer (D) is incorrect. Items 2 and 3, although potential indicators
of fraud, do not
provide conclusive information.
[597] Gleim #: 6.9.84
The internal auditor of a construction enterprise that builds
foundations for bridges and
large buildings performed a review of the expense accounts for
equipment (augers)
used to drill holes in rocks to set the foundation for the buildings.
During the review,
the internal auditor noted that the expenses related to some of the
auger accounts had
increased dramatically during the year. The internal auditor inquired
of the
construction manager who offered the explanation that the augers
last 2 to 3 years and
are expensed when purchased. Thus, the internal auditor should see
a decrease in the
expense accounts for these augers in the next year but would expect
an increase in the
expenses of other augers. The internal auditor also found out that the
construction
manager is responsible for the inventorying and receiving of the
augers and is a part
owner of a business that supplies augers to the organization. The
supplier was
approved by the president to improve the quality of equipment.
Assume the internal
auditor did not find a satisfactory explanation for the results of the
analytical
procedures performed and has conducted the appropriate follow-up
procedures. The
engagement in this area is otherwise complete. Which of the
following would be the
most appropriate action to take?
Note the actions and follow-up next year. Defer the reporting to
management until
a satisfactory explanation can be obtained.
A.
Expand engagement procedures by observing the receipt of all
augers during a
reasonable period of time and trace the receipts to the appropriate
accounts.
Determine causes of any discrepancies.
B.
Report the observations, as they are, to management and
recommend an
investigation for possible fraud.
C.
Report the observations to the construction manager and insist that
appropriate
controls such as independent receiving reports be implemented.
Follow up to see
if the controls are properly implemented.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 329
Printed for Sanja Knezevic
Answer (A) is incorrect. The auditor has an ethical duty to report
material facts that, if
not disclosed, may distort the reporting of activities under review
(Rule of Conduct
2.3).
Answer (B) is incorrect. The results should be reported to
management. The
suggested procedure is incomplete and not likely to determine the
causes of the
problem.
Answer (C) is correct. When analytical audit procedures identify
unexpected results or
relationships, the internal auditor evaluates such results or
relationships. Unexplained
results or relationships discovered by applying analytical procedures
may be an
indication of a significant problem (e.g., a potential error, fraud, or
illegal act). Results
or relationships that are not adequately explained may indicate a
situation to be
communicated to senior management and the board. Depending on
the circumstances,
the internal auditor may recommend appropriate action (PA 2320-1,
para. 6).
Answer (D) is incorrect. The results should be reported to other
levels of
management. The internal auditor has already noted that the
construction manager has
a conflict of interest. Furthermore, the internal auditor cannot insist
that controls be
implemented; (s)he can only recommend.
[598] Gleim #: 6.9.85
Which result of an analytical procedure suggests the existence of
obsolete
merchandise?
Decrease in the inventory A. turnover rate.
B. Decrease in the ratio of gross profit to sales.
C. Decrease in the ratio of inventory to accounts payable.
D. Decrease in the ratio of inventory to accounts receivable.
Answer (A) is correct. Inventory turnover is equal to cost of sales
divided by
average inventory. If inventory is increasing at a faster rate than
sales, the turnover
rate decreases and suggests a buildup of unsalable inventory. The
ratios of gross
profit to sales, inventory to accounts payable, and inventory to
accounts receivable
do not necessarily change when obsolete merchandise is on hand.
Answer (B) is incorrect. The ratio of gross profit to sales does not
necessarily
change when obsolete merchandise is on hand.
Answer (C) is incorrect. The ratio of inventory to accounts payable
does not
necessarily change when obsolete merchandise is on hand.
Answer (D) is incorrect. The ratio of inventory to accounts
receivable does not
necessarily change when obsolete merchandise is on hand.
[599] Gleim #: 6.9.86
An internal auditor decides to perform an inventory turnover analysis
for both raw
materials inventory and finished goods inventory. The analysis would
be potentially
useful in
Identifying products for which management has not been attuned to
changes in
market demand.
A.
B. Identifying potential problems in purchasing activities.
C. Identifying obsolete inventory.
D. All of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 330
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. An inventory turnover analysis may also
indicate potential
problems in purchasing activities and the presence of obsolete
inventory.
Answer (B) is incorrect. An inventory turnover analysis may also
indicate erroneous
demand forecasts and the presence of obsolete inventory.
Answer (C) is incorrect. An inventory turnover analysis may also
indicate potential
problems in purchasing activities and erroneous demand forecasts.
Answer (D) is correct. Inventory turnover provides analytical
information. It equals
cost of sales divided by average inventory. A low turnover ratio
implies that inventory
is excessive, for example, because the goods are obsolete or
because the organization
has overestimated demand.
[600] Gleim #: 6.9.87
An internal auditor’s preliminary analysis of accounts receivable
turnover revealed the
following rates:
Year 1 Year 2 Year 3
7.3 6.2 4.3
Which of the following is the most likely cause of the decrease in
accounts receivable
turnover?
Increase in the cash A. discount offered.
B. Liberalization of credit policy.
C. Shortening of due date terms.
D. Increased cash sales.
Answer (A) is incorrect. An increase in cash sales that reduces
credit sales as a
result of an increased cash discount has an indeterminate effect on
the turnover
ratio. Both the numerator and the denominator are decreased but not
necessarily
by the same amount. An increase in cash sales not affecting credit
sales has no
effect on the ratio.
Answer (B) is correct. The accounts receivable turnover ratio equals
net credit
sales divided by average accounts receivable. Accounts receivable
turnover will
decrease if net credit sales decrease or average accounts receivable
increase.
Liberalization of credit policy will increase receivables.
Answer (C) is incorrect. Shortening due dates decreases the
average accounts
receivable outstanding and increases the ratio if other factors are
held constant.
Answer (D) is incorrect. Increased cash sales have an
indeterminate effect on the
turnover ratio.
[601] Gleim #: 6.9.88
A company’s accounts receivable turnover rate decreased from 7.3
to 4.3 over the last
3 years. What is the most likely cause for the decrease?
A. An increase in the discount offered for early payment.
B. A more liberal credit policy.
C. A change in net payment due from 30 to 25 days.
D. Increased cash sales.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 331
Printed for Sanja Knezevic
Answer (A) is incorrect. An increase in cash sales that reduces
credit sales as a result
of an increased cash discount has an indeterminate effect on the
turnover ratio. Both
the numerator and the denominator are decreased but not
necessarily by the same
amount. An increase in cash sales not affecting credit sales has no
effect on the ratio.
Answer (B) is correct. The accounts receivable turnover ratio equals
net credit sales
divided by average accounts receivable. Accounts receivable
turnover will decrease if
net credit sales decrease or average accounts receivable increase.
Liberalization of
credit policy will increase receivables.
Answer (C) is incorrect. Shortening due dates decreases the
average accounts
receivable outstanding and increases the ratio if other factors are
held constant.
Answer (D) is incorrect. Increased cash sales have an
indeterminate effect on the
turnover ratio.
[602] Gleim #: 6.9.89
Two major retail organizations, both publicly traded and operating in
the same
geographic area, have recently merged. Both are approximately the
same size and have
internal audit activities. Organization A has little EDI experience.
Organization B has
invested heavily in information technology and has EDI connections
with its major
vendors.
The board has asked the internal auditors from both organizations to
analyze risk areas
that should be addressed after the merger. The chief audit executive
of Organization B
has suggested that the two internal audit activities have a planning
meeting to share
work programs, scope of engagement coverage, and copies of
engagement
communications that were delivered to their boards. Management
has also suggested
that the internal auditors review the compatibility of the organizations’
two computer
systems and control philosophy for individual store operations.
The two organizations agree to share data on store operations. The
data reveal that
three stores in Organization A are characterized by significantly lower
gross margins,
higher-than-average sales volume, and higher levels of employee
bonuses. The three
stores are part of a set of six that are managed by a relatively new
section manager. In
addition, the store managers of the three stores are also relatively
new. The most likely
cause of the observed data is
The relative inexperience of A. the store managers.
B. Problems with employee training and employee ability to meet
customer needs.
Fraudulent activity whereby goods are taken from the stores, thus
resulting in the
lower gross margins.
C.
Promotional activities that offer large discounts coupled with the
payment of
bonuses to employees who reach targeted sales goals.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 332
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The inexperience of the store managers has
no necessary
correlation with higher sales and bonuses.
Answer (B) is incorrect. Problems with employee ability to meet
customer needs
might result in lower sales volume and bonuses.
Answer (C) is incorrect. No evidence of fraud is given. If fraud were
occurring,
inventory shrinkage would be apparent. Also, this explanation does
not account for the
higher sales and bonuses.
Answer (D) is correct. Large discounts stimulate demand (increase
unit sales volume)
but reduce the gross commissions profit (gross margin). If
commissions are pegged to
sales volume, the compensation of the sales staff will increase in
these circumstances
even as gross margins are squeezed.
[603] Gleim #: 6.9.90
An internal auditor performs an analytical review by comparing the
gross margins of
various divisional operations with those of other divisions and with
the individual
division’s performance in previous years. The internal auditor notes a
significant
increase in the gross margin at one division. The internal auditor
does some
preliminary investigation and also notes that no changes occurred in
products,
production methods, or divisional management during the year. The
most likely cause
of the increase in gross margin is a(n)
Increase in the number of competitors selling A. similar products.
Decrease in the number of suppliers of the material used in
manufacturing the
product.
B.
C. Overstatement of year-end inventory.
D. Understatement of year-end accounts receivable.
Answer (A) is incorrect. An increase in the number of competitors
most likely
results in price competition and a decrease in sales revenue and
gross margin.
Answer (B) is incorrect. A decrease in the number of suppliers most
likely results
in less price competition on the supply side, with a consequent
increase in costs
and decrease in gross margin.
Answer (C) is correct. An overstatement of year-end inventory
results in an
increase in the gross margin (sales – cost of sales). Overstating
ending inventory
understates cost of sales.
Answer (D) is incorrect. An understatement of accounts receivable
understates
sales and the gross margin.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 333
Printed for Sanja Knezevic
[604] Gleim #: 6.9.91
A medium-sized municipality provides 8.5 billion gallons of water per
year for 31,000
customers. The water meters are replaced at least every 5 years to
ensure accurate
billing. The water department tracks unmetered water to identify
water consumption
that is not being billed. The department recently issued the following
water activity
report:
Activity Month 1 Month 2 Month 3
Actual 1st
Quarter
1st Quarter
Goal
Meters Replaced 475 400 360 1,235 1,425
Leaks Reported 100 100 85 285
Leaks Repaired 100 100 85 285 100%
Unmetered Water 2% 6% 2% 4% 2%
Based on the activity reported for the meter replacement program, an
internal auditor
would conclude that
Established operating standards are understood A. and are being
met.
B. Any corrective action needed has probably been taken during the
quarter.
C. Deviations from the goal should be analyzed and corrected.
D. Meters should be changed every 3 years.
Answer (A) is incorrect. The actual number of meters replaced is
less than the
goal; therefore, the goal is not being met.
Answer (B) is incorrect. Corrective action has apparently not been
taken. Actual
replacement did not meet the goal.
Answer (C) is correct. The goal has not been met and corrective
action is needed.
According to Performance Standard 2100, internal auditors are
involved in
evaluating and improving the effectiveness of control processes
using a systematic
and disciplined approach. Thus, internal auditors should determine
the extent to
which results are consistent with goals. They also should determine
the extent to
which management has established adequate criteria. If adequate,
auditors should
use these criteria in their evaluation.
Answer (D) is incorrect. This cannot be determined from the
information given.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 334
Printed for Sanja Knezevic
fb.com/ciaaofficial
[605] Gleim #: 6.9.92
A medium-sized municipality provides 8.5 billion gallons of water per
year for 31,000
customers. The water meters are replaced at least every 5 years to
ensure accurate
billing. The water department tracks unmetered water to identify
water consumption
that is not being billed. The department recently issued the following
water activity
report:
Activity Month 1 Month 2 Month 3
Actual 1st
Quarter
1st Quarter
Goal
Meters Replaced 475 400 360 1,235 1,425
Leaks Reported 100 100 85 285
Leaks Repaired 100 100 85 285 100%
Unmetered Water 2% 6% 2% 4% 2%
Based on the activity reported for the unmetered water, an internal
auditor would
conclude that
Established operating standards are understood A. and are being
met.
B. Further audit investigation of unmetered water is not warranted.
C. Deviations from the goal were probably not corrected.
D. The operating standard should be changed.
Answer (A) is incorrect. The actual unmetered water percentage
was greater than
the goal; therefore, the goal was not met.
Answer (B) is correct. Analytical auditing procedures assist internal
auditors in
identifying conditions, which may require subsequent engagement
procedures.
Month 3 performance met the standard, so the deviation in Month 2
was probably
corrected, and further audit work is not warranted.
Answer (C) is incorrect. The deviation in Month 2 was apparently
corrected.
Answer (D) is incorrect. There is no evidence that the operating
standard is
inappropriate.
[606] Gleim #: 6.9.93
Assume an internal auditor computes an inventory turnover rate by
product line and
identifies a number of product lines with a rate of less than 3.5.
Which of the
following conclusions can be justified by these engagement results?
I. The identified product lines contain obsolete inventory.
II. Inventory is valued at more than net realizable value.
Inventory costs are too high because the organization is carrying
obsolete
inventory.
III.
A. I and III only.
B. II only.
C. I, II, and III.
D. None of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 335
Printed for Sanja Knezevic
Answer (A) is incorrect. The inventory turnover rate must be
compared with industry
averages to determine whether it is relatively high or low.
Answer (B) is incorrect. The information provided by the inventory
turnover rate is
insufficient to conclude that inventory is valued at more than net
realizable value.
Answer (C) is incorrect. More information is needed before
conclusions can be drawn
about obsolescence, valuation, or cost.
Answer (D) is correct. The inventory turnover rate equals cost of
sales divided by
average inventory. An inventory turnover rate tells the internal auditor
how many times
the inventory has been sold during the period. However, the rate
cannot be interpreted
without additional information. Thus, the internal auditor cannot
determine whether
obsolete items are in inventory, inventory valuation is too high, or
inventory costs are
too high.
[607] Gleim #: 6.9.94
The following represents accounts receivable information for a
corporation for a 3year period:
Year 1 Year 2 Year 3
Net accounts receivable as a
percentage of total assets 23.4% 27.3% 30.8%
Accounts receivable turnover ratio 6.98 6.05 5.21
All of the following are plausible explanations for these changes
except
Fictitious sales may A. have been recorded.
B. Credit and collection procedures have become ineffective.
C. Allowance for bad debts is understated.
D. Sales returns for credit have been overstated.
Answer (A) is incorrect. Fictitious sales is a plausible answer. They
would
generate additional uncollectible accounts receivable that are not
necessarily
reflected in the allowance for bad debts. The result would be a lower
turnover
ratio and a higher ratio of net receivables to total assets.
Answer (B) is incorrect. Ineffective credit and collection procedures
is a plausible
answer. They could contribute to increases in uncollectible accounts
receivable
that are not necessarily reflected in the allowance for bad debts. The
result would
be a lower turnover ratio and a higher ratio of net receivables to total
assets.
Answer (C) is incorrect. An understated allowance for bad debts is a
plausible
answer. It would contribute to overstatement of net accounts
receivable as a
percentage of total assets and decreases in receivables turnover.
Answer (D) is correct. Overstated sales returns for credit is not a
plausible
answer. They would understate (not overstate) net accounts
receivable. This
understatement would result in lower (not higher) net accounts
receivable
balances as a percentage of total assets and higher (not lower)
receivables turnover
(sales ÷ average accounts receivable).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 336
Printed for Sanja Knezevic
fb.com/ciaaofficial
[608] Gleim #: 6.10.95
“Except for the missing documentation noted above, the system of
internal controls
over petty cash is functioning as intended.” The above statement is
an example of a(n)
A. Observation.
B. Objective.
C. Conclusion.
D. Finding.
Answer (A) is incorrect. A finding (observation) is an objective
statement of fact
about the results of audit testwork without interpretation or
commentary.
Answer (B) is incorrect. The IIA Glossary defines engagement
objectives as
broad statements developed by internal auditors that define intended
engagement
accomplishments.
Answer (C) is correct. A conclusion/opinion is the auditor’s
interpretation of the
results of testwork. The conclusion/opinion allows the reader to
understand the
meaning of what the auditor discovered during the course of
testwork.
Answer (D) is incorrect. A finding (observation) is an objective
statement of fact
about the results of audit testwork without interpretation or
commentary.
[609] Gleim #: 6.10.96
After completing an engagement work program step regarding
materials movement
between storage and assembly, the internal auditor would most likely
prepare a(n)
A. Observation.
B. Report.
C. Conclusion.
D. Opinion.
Answer (A) is correct. A finding (observation) is an objective
statement of fact
about the results of audit testwork without interpretation or
commentary.
Answer (B) is incorrect. The engagement report is the final product
of the
engagement.
Answer (C) is incorrect. After performing testwork, the next step for
the internal
auditor is to draft his/her findings/observations.
Answer (D) is incorrect. After performing testwork, the next step for
the internal
auditor is to draft his/her findings/observations.
[610] Gleim #: 6.10.97
Which two terms are often used interchangeably?
A. “Conclusion” and “opinion.”
B. “Finding” and “conclusion.”
C. “Finding” and “opinion.”
D. “Opinion” and “observation.”
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 337
Printed for Sanja Knezevic
Answer (A) is correct. Conclusions/opinions are the internal
auditor’s evaluations of
the effects of the observations and recommendations on the
activities reviewed. They
usually put the observations and recommendations in perspective
based upon their
overall implications. To some extent, the terms are interchangeable.
Answer (B) is incorrect. “Finding” is a synonym for “observation.”
“Conclusion” is a
synonym for “opinion.”
Answer (C) is incorrect. “Finding” is a synonym for “observation.”
“Opinion” is a
synonym for “conclusion.”
Answer (D) is incorrect. “Opinion” is a synonym for “conclusion.”
“Observation” is a
synonym for “finding.”
[611] Gleim #: 6.10.98
“Three of six petty cash funds examined failed to contain either the
correct amount of
funds or sufficient documentation in lieu of funds, a 50%
noncompliance rate.” The
above statement is an example of a(n)
A. Observation.
B. Opinion.
C. Conclusion.
D. Recommendation.
Answer (A) is correct. A finding/observation is an objective
statement of fact
about the results of audit testwork without interpretation or
commentary.
Answer (B) is incorrect. A conclusion/opinion is the auditor’s
interpretation of
the results of testwork.
Answer (C) is incorrect. A conclusion/opinion is the auditor’s
interpretation of
the results of testwork.
Answer (D) is incorrect. A recommendation is a description of
actions that the
auditor believes the auditee should undertake to remedy the negative
observations
made in the course of the engagement.
[612] Gleim #: 6.10.99
The single most important factor in drawing a useful conclusion or
stating a useful
opinion in an engagement report is
A. Use of statistical sampling techniques.
B. Senior management interest in the engagement outcome.
C. Auditee management assurances.
D. Auditor judgment.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 338
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Statistical sampling allows the auditor to
state the results of
testwork with a certain level of confidence, but it is not a substitute
for auditor
judgment.
Answer (B) is incorrect. The level of interest of senior management
in the engagement
must not affect the auditor’s judgment in drawing conclusions and
stating opinions.
Answer (C) is incorrect. Assurances provided by auditee
management are among
many factors used by internal auditors as input into forming
findings/observations and
the resulting conclusions/opinions.
Answer (D) is correct. Auditor judgment is the essential element in
moving from a
finding/observation to a conclusion/opinion. No formula can tell an
auditor whether a
certain exception rate is indicative of a working or failing control.
[613] Gleim #: 6.10.100
An internal auditor interviewed client personnel and obtained an
understanding of the
auditee department’s operations. The auditor then performed
testwork. The auditor’s
presentation of the results of the testwork will usually take the form of
a
A. Finding.
B. Conclusion.
C. Recommendation.
D. Meeting with senior management.
Answer (A) is correct. A finding (observation) is an objective
statement of fact
about the results of audit testwork without interpretation or
commentary.
Answer (B) is incorrect. A conclusion/opinion can only be drawn
once the results
of testwork have taken the form of a finding/observation.
Answer (C) is incorrect. A recommendation can only be prepared
once a
finding/observation has been formulated and a conclusion/opinion
has been stated.
Answer (D) is incorrect. Unless the auditor has found evidence of
fraud or a
control deficiency that requires immediate correction, meeting with
senior
management is not the appropriate next step.
[614] Gleim #: 7.1.1
An internal audit staffer has just completed an assessment of the
engagement client’s
operating and financial controls. The auditor’s preliminary conclusion
is that controls
are adequately designed to achieve management’s operating and
financial objectives.
The auditor’s next step is to
A. Present his/her findings to the chief audit executive.
B. Prepare a preliminary report on internal controls for presentation
to the board.
C. Report his/her results to the auditor in charge.
D. Prepare a plan for testing internal controls.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 339
Printed for Sanja Knezevic
Answer (A) is incorrect. The internal audit staffer presents his/her
results to the
auditor in charge of the engagement, not to the chief audit executive.
Answer (B) is incorrect. Preliminary results are not sufficient for the
preparation of a
report. Also, the internal audit staffer presents his/her results to the
auditor in charge of
the engagement, not to the board.
Answer (C) is correct. The auditor in charge of the engagement is
responsible for
coordinating the results of audit work and ensuring that work
performed supports
conclusions and opinions. For this reason, internal audit staff must
report the results of
audit work to the auditor in charge.
Answer (D) is incorrect. The auditor in charge must determine
whether it is
appropriate to proceed with testing controls after reviewing the
internal audit staffer’s
results.
[615] Gleim #: 7.1.2
The internal auditor has concluded that an engagement client’s
system of internal
controls is inadequate to achieve management’s objectives. The
most appropriate next
step is to
Test controls to determine whether they are functioning A. as
designed.
B. Halt the engagement and issue a report about inadequate
controls.
C. Draw preliminary conclusions about internal control.
Contact the engagement client’s direct supervisor to recommend that
the head of
the department or function under audit is transferred or terminated.
D.
Answer (A) is incorrect. If controls are poorly designed, testing their
operation is
most likely a poor use of audit resources.
Answer (B) is incorrect. A determination that internal controls are
inadequate is
not sufficient grounds for halting a scheduled engagement.
Answer (C) is correct. Internal auditors gain an understanding of the
design of the
engagement client’s internal controls. The auditors then draw
conclusions about
whether internal controls are designed adequately to achieve
management’s
control objectives.
Answer (D) is incorrect. Advising on such personnel matters is not
an appropriate
internal audit function.
[616] Gleim #: 7.2.3
Which of the following does not describe one of the functions of
engagement working
papers?
A. Facilitates third-party reviews.
B. Aids in the planning, performance, and review of engagements.
C. Provides the principal support for engagement communications.
D. Aids in the professional development of the operating staff.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 340
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The facilitation of third-party reviews is a
function of
working papers.
Answer (B) is incorrect. Working papers aid in the planning,
performance, and review
of engagements.
Answer (C) is incorrect. Working papers provide the principal
support for results.
Answer (D) is correct. Engagement working papers generally (1) aid
in planning,
performance, and review of engagements; (2) provide the principal
support for
engagement results; (3) document whether engagement objectives
were achieved;
(4) support the accuracy and completeness of the work performed;
(5) provide a basis
for the internal audit activity’s quality assurance and improvement
program; and
(6) facilitate third-party review (PA 2330-1, para. 2).
[617] Gleim #: 7.2.4
An internal auditor’s working papers should support the
observations, conclusions,
and recommendations to be communicated. One of the purposes of
this requirement is
to
Provide support for the internal audit activity’s A. financial budget.
B. Facilitate quality assurance reviews.
C. Provide control over working papers.
Permit the audit committee to review observations, conclusions, and
recommendations.
D.
Answer (A) is incorrect. Financial budgets are based on the planned
scope of
internal audit work.
Answer (B) is correct. Engagement working papers, among other
things, provide
a basis for the internal audit activity’s quality assurance and
improvement
program (PA 2330-1, para. 2).
Answer (C) is incorrect. Control over working papers is obtained by
other means.
Answer (D) is incorrect. Audit committees rarely review the full draft
of a final
engagement communication, much less the supporting working
papers.
[618] Gleim #: 7.2.5
A working paper is complete when it
A. Complies with the internal audit activity’s format requirements.
B. Contains all of the attributes of an observation.
C. Is clear, concise, and accurate.
D. Satisfies the engagement objective for which it is developed.
Answer (A) is incorrect. Format requirements are superficial and
indicate only
that mechanical requirements have been met. They do not relate to
content.
Answer (B) is incorrect. A working paper may relate to only a part of
an
observation.
Answer (C) is incorrect. Clarity, concision, and accuracy are
desirable
characteristics of working paper content. These qualities may be
present although
the working paper is not complete.
Answer (D) is correct. Engagement working papers, among other
things,
document whether engagement objectives were achieved (PA 23301, para. 2).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 341
Printed for Sanja Knezevic
[619] Gleim #: 7.2.6
The primary purpose of an internal auditor’s working papers is to
Provide documentation of the planning and execution of engagement
procedures
performed.
A.
Serve as a means with which to prepare the financial B. statements.
Document weaknesses in internal control with recommendations to
management
for improvement.
C.
D. Comply with the Standards.
Answer (A) is correct. Engagement working papers, among other
things, aid in
planning, performing, and reviewing the engagement (PA 2330-1,
para. 2).
Answer (B) is incorrect. Working papers do not provide the means
for
preparation of the financial statements.
Answer (C) is incorrect. Documentation of control weaknesses is
only one
example of working paper content, not the primary purpose for them.
Answer (D) is incorrect. The preparation of adequate working
papers is a
requirement of the Standards but is not the primary purpose for their
existence.
[620] Gleim #: 7.2.7
The internal auditor prepares working papers primarily for the benefit
of
A. The external auditor.
B. The internal audit activity.
C. The engagement client.
D. Senior management.
Answer (A) is incorrect. Benefits to the external auditor are
secondary.
Answer (B) is correct. Engagement working papers generally (1) aid
in planning,
performance, and review of engagements; (2) provide the principal
support for
engagement results; (3) document whether engagement objectives
were achieved;
(4) support the accuracy and completeness of the work performed;
(5) provide a
basis for the internal audit activity’s quality assurance and
improvement program;
and (6) facilitate third-party review (PA 2330-1, para. 2). Hence, they
primarily
benefit internal auditors.
Answer (C) is incorrect. Benefits to the engagement client are
secondary.
Answer (D) is incorrect. Benefits to senior management are
secondary.
[621] Gleim #: 7.2.8
Which of the following is the most important if working papers are to
have the
characteristics that will ensure that they achieve their primary
purposes?
A. Working papers must be of standard format and standard content.
Working papers must be properly indexed and cross-referenced to
the draft final
engagement communication.
B.
Working papers must provide sufficient, reliable, and useful
information to
support the engagement results.
C.
Working papers must be arranged in logical order following the
engagement work
program sequence.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 342
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Standard content is impossible.
Engagements concern
different subjects.
Answer (B) is incorrect. Indexing and cross-referencing are
desirable but are not as
fundamental as providing sufficient, reliable, relevant, and useful
information.
Answer (C) is correct. Working papers document the information
obtained, the
analyses made, and the support for the conclusions and engagement
results (PA 23301, para. 1). In turn, internal auditors must identify sufficient, reliable,
relevant, and
useful information to achieve the engagement’s objectives (Perf. Std.
2310).
Answer (D) is incorrect. Logical order is desirable but is not as
fundamental as
providing sufficient, reliable, relevant, and useful information.
[622] Gleim #: 7.2.9
The primary purpose of an engagement working paper prepared in
connection with
payroll expense is to
Record payroll data and analyses to support reported A.
recommendations.
B. Verify the work done by the internal auditor.
C. Record the names of all employees.
D. Provide documentation to support payroll taxes due.
Answer (A) is correct. Working papers document the information
obtained, the
analyses made, and the support for the conclusions and engagement
results (PA
2330-1, para. 1).
Answer (B) is incorrect. Verification of work done is a secondary
purpose.
Answer (C) is incorrect. A list of employee names is but one part of
the
information required to support observations, conclusions, and
recommendations.
Answer (D) is incorrect. Payroll expense, not payroll tax, is the
subject of this
working paper.
[623] Gleim #: 7.2.10
Which of the following most completely describes the appropriate
content of working
papers?
A. Engagement objectives, procedures, and conclusions.
B. Engagement purposes, criteria, techniques, and
recommendations.
Engagement objectives, procedures, observations, conclusions, and
recommendations.
C.
D. Engagement subject, purposes, sampling information, and
analysis.
Answer (A) is incorrect. Working papers should also include
observations and
recommendations.
Answer (B) is incorrect. This list describes means rather than ends.
Answer (C) is correct. The primary purpose of working papers is to
support the
observations, conclusions, and recommendations to be
communicated. Hence,
they document the information obtained and the analyses made in
arriving at the
foregoing results. The working papers also must document whether
the
engagement objectives were achieved and the performance of
engagement
procedures. Furthermore, working papers will contain engagement
work programs
(PA 2330-1, paras. 1 and 2).
Answer (D) is incorrect. Working papers should support all of the
engagement
results.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 343
Printed for Sanja Knezevic
[624] Gleim #: 7.2.11
Engagement working papers include
Providing a basis for evaluating the internal audit A. quality program.
B. Copies of all source documents examined in the course of the
engagement.
C. Copies of all procedures that were reviewed during the
engagement.
All working papers prepared during a previous engagement
performed in the same
area.
D.
Answer (A) is correct. Engagement working papers generally (1) aid
in planning,
performance, and review of engagements; (2) provide the principal
support for
engagement results; (3) document whether engagement objectives
were achieved;
(4) support the accuracy and completeness of the work performed;
(5) provide a
basis for the internal audit activity’s quality assurance and
improvement program;
and (6) facilitate third-party review (PA 2330-1, para. 2).
Answer (B) is incorrect. Many documents may be examined that
prove to be
irrelevant to the engagement objectives. These documents need not
be included.
Answer (C) is incorrect. In many circumstances, the exact wording
of a procedure
is not needed to support an observation or recommendation. A
reference to the
procedure in the working papers may be adequate.
Answer (D) is incorrect. Some previous working papers may be
outdated.
However, parts of previous working papers may be included in
current working
papers subject to updating.
[625] Gleim #: 7.2.12
The chief audit executive establishes policies for
A. Standardized working papers.
B. Defining the hours available for individual engagements.
C. Defining standardized tick marks and ensuring compliance with
them.
Ensuring the written documentation of all conversations held
throughout the
engagement.
D.
Answer (A) is correct. The CAE establishes working paper policies
for the
various types of engagements performed. Standardized engagement
working
papers, such as questionnaires and audit programs, may improve
the engagement’s
efficiency and facilitate the delegation of engagement work (PA 23301, para. 4).
Answer (B) is incorrect. The time devoted to an engagement
depends on its
complexity and other unique circumstances.
Answer (C) is incorrect. Defining standardized tick marks and
ensuring
compliance with them is not required.
Answer (D) is incorrect. Only conversations relevant to the
engagement must be
documented.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 344
Printed for Sanja Knezevic
fb.com/ciaaofficial
[626] Gleim #: 7.2.13
An internal auditor’s working papers should be reviewed by the
Management of the A. engagement client.
B. Management of the internal audit activity.
C. Audit committee of the board.
D. Management of the organization’s security division.
Answer (A) is incorrect. The engagement client should seldom see,
much less
review, working papers.
Answer (B) is correct. Internal auditors prepare working papers.
Internal audit
management reviews the prepared working papers (PA 2330-1, para.
1).
Answer (C) is incorrect. The audit committee will most likely review
summary
communications, not working papers.
Answer (D) is incorrect. Management of the security division might
be shown
working papers relevant to an investigation but does not have the
status of a
reviewer.
[627] Gleim #: 7.2.14
Standardized working papers are often used, chiefly because they
allow working
papers to be prepared more
A. Efficiently.
B. Professionally.
C. Neatly.
D. Accurately.
Answer (A) is correct. Standardized engagement working papers,
such as
questionnaires and audit programs, may improve the engagement’s
efficiency and
facilitate the delegation of engagement work (PA 2330-1, para. 4).
Answer (B) is incorrect. Standard forms do not necessarily result in
greater
professionalism.
Answer (C) is incorrect. Standard forms clearly reduce time spent in
workingpaper
preparation but do not necessarily result in greater neatness.
Answer (D) is incorrect. Standard forms do not necessarily result in
greater
accuracy.
[628] Gleim #: 7.3.15
An adequately documented working paper should
A. Be concise but complete.
B. Follow a unique form and arrangement.
C. Contain examples of all forms and procedures used by the
engagement client.
D. Not contain copies of engagement client records.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 345
Printed for Sanja Knezevic
Answer (A) is correct. Clarity, conciseness, and accuracy are
desirable qualities of
working papers, but completeness and support for conclusions are
paramount
considerations.
Answer (B) is incorrect. Working papers should be uniform and
consistent.
Answer (C) is incorrect. Working papers should contain only
information related to an
engagement objective.
Answer (D) is incorrect. Copies of engagement client records should
be included
whenever necessary.
[629] Gleim #: 7.3.16
An internal auditor prepared a working paper that consisted of a list
of employee
names and identification numbers as well as the following statement:
By matching random numbers with employee identification numbers,
40 employee
personnel files were selected to verify that they contain all
documents required by the
organization’s policy 501. No exceptions were noted.
The internal auditor did not place any tick marks on this working
paper. Which one of
the following changes will improve the internal auditor’s working
paper the most?
Use of tick marks to show that each A. file was examined.
B. Removal of the employee names to protect their confidentiality.
C. Justification for the sample size.
D. Listing of the actual documents examined for each employee.
Answer (A) is incorrect. Tick marks are not necessary. The same
procedures were
applied to all sample items, and no exceptions were detected.
Answer (B) is incorrect. Working papers are kept confidential, so
removal of
employee names is unnecessary.
Answer (C) is correct. The working paper should fully document the
use of
statistical techniques. Thus, it should specify how the sample size for
this attribute
sampling application was determined (factors such as confidence
level, precision,
etc.)
Answer (D) is incorrect. Reference to the organization’s policy is
equivalent to
listing the documents examined.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 346
Printed for Sanja Knezevic
fb.com/ciaaofficial
[630] Gleim #: 7.3.17
Productivity statistics are provided quarterly to the board of directors.
An internal
auditor checked the ratios and other statistics in the four most recent
reports. The
internal auditor used scratch paper and copies of the reports to verify
the accuracy of
computations and compared the data used in the computations with
supporting
documents. The internal auditor wrote a note for the working papers
describing these
procedures and then discarded the scratch paper and report copies.
The note stated,
The ratios and other statistics in the quarterly reports to the board
were checked for the
last 4 quarters and appropriate supporting documents were
examined. All amounts
appear to be appropriate.
In this situation,
Four quarters do not provide a large enough sample on which to
base a
conclusion.
A.
The internal auditor’s working papers are not sufficient to facilitate an
efficient
review of the internal auditor’s work.
B.
The internal auditor should have included the scratch paper in C. the
working papers.
The internal auditor did not consider whether the information in the
report to the
board was compiled efficiently.
D.
Answer (A) is incorrect. The problem did not state or imply that
sampling was
used.
Answer (B) is correct. The internal auditor’s working papers do not
support the
conclusions and engagement results because they do not document
the procedures
and the information obtained. A reviewer cannot check the internal
auditor’s work
without obtaining additional copies of the quarterly reports and
independently
recalculating the statistics. The review would be more efficient if the
internal
auditor had included the graphs in the working papers and had used
tick marks
with explanations to show which computations were checked and to
describe what
the internal auditor did to verify the amounts used in the
computations.
Answer (C) is incorrect. Scratch paper is usually not suitable for
working papers.
Unorganized working papers are difficult to review and understand.
Answer (D) is incorrect. The problem did not state or imply that an
objective of
the engagement was to evaluate efficiency.
[631] Gleim #: 7.3.18
Employees using personal computers have been reporting
occupational injuries and
claiming substantial workers’ compensation benefits. The working
papers of an
engagement performed to determine the extent of the organization’s
exposure to such
personal injury liability should include
Analysis of claims by type of equipment and extent of use by
individual
employees.
A.
Confirmations from insurance carriers as to claims paid under
workers’
compensation policies in force.
B.
C. Reviews of documentation supporting purchases of personal
computers.
D. Listings of all personal computers in use and the employees who
use them.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 347
Printed for Sanja Knezevic
Answer (A) is correct. One potential use of engagement working
papers is to provide
support in circumstances such as insurance claims, fraud cases, and
lawsuits. Claims
analysis is appropriately included in the working papers because it
permits assessment
of the risks associated with the two key factors (equipment in use
and time spent by
employees at such equipment) leading to claims.
Answer (B) is incorrect. Confirmations of workers’ compensation
claims fail to
identify exposure to risks; they only support claims paid by the carrier
under the
workers’ compensation policies.
Answer (C) is incorrect. Documentation supporting purchases of
personal computers
cannot be expected to address risk assessments.
Answer (D) is incorrect. Listings of all personal computers in use
and the employees
using them fail to indicate the risks associated with the extent of
usage and the type of
equipment.
[632] Gleim #: 7.3.19
Which of the following is an unnecessary feature of a working paper
prepared in
connection with maintenance costs?
The internal auditor has initialed and dated the working paper as of
the date
completed even though the working paper was prepared over the
preceding 4
working days.
A.
Total repair expense for the month preceding the engagement B. is
shown.
The chief audit executive has initialed the working paper as reviewer
although the
working paper was prepared by another person.
C.
Total acquisition cost of property, plant, and equipment for the
preceding month is
shown.
D.
Answer (A) is incorrect. The date of completion and signature or
initials of the
internal auditor are important for control of the engagement.
Answer (B) is incorrect. The working papers concern maintenance
cost, and the
amount for the month preceding the engagement is necessary for
subsequent
period review.
Answer (C) is incorrect. Working papers that document the
engagement should
be prepared by the internal auditor and reviewed by management of
the internal
audit activity.
Answer (D) is correct. Because total acquisition cost of property,
plant, and
equipment is irrelevant to maintenance costs, this feature is
unnecessary to
support the observations, conclusions, and recommendations
concerning these
costs.
[633] Gleim #: 7.3.20
When performing an engagement to evaluate the computerized
purchasing activities of
a manufacturing organization, which of the following should be
included in the
permanent file portion of the engagement working papers?
A. Copies of the computer program documentation.
B. Printouts using internal auditor-prepared programs and test data.
C. Prior year’s working papers revised to reflect changes during the
current year.
Information concerning administrative controls over the computer
operations at
each location.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 348
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Program documentation is likely to change
each year and
will require reevaluation during each engagement.
Answer (B) is incorrect. Auditor-prepared programs and test data
are likely to change
each year and will require reevaluation for each engagement.
Answer (C) is incorrect. Prior year’s working papers revised to
reflect changes in the
current year pertain to the current year’s engagement. Thus, they
should be contained
in the current section of the working papers.
Answer (D) is correct. The permanent section of the working papers
should contain
the information necessary for continuing engagements.
Administrative controls over
the computer operations of each location, which are not likely to
change from year to
year, are appropriately included in the permanent section of the
working papers.
[634] Gleim #: 7.3.21
Each individual working paper should, at a minimum, contain a(n)
Expression of the internal auditor’s A. overall opinion.
B. Tick mark legend.
C. Complete flowchart of the system of internal controls for the area
being reviewed.
D. Descriptive heading.
Answer (A) is incorrect. An expression of an opinion in the working
papers is
premature and an indicator of bias.
Answer (B) is incorrect. A tick mark legend should not appear on
each working
paper.
Answer (C) is incorrect. A flowchart of internal controls will likely be
included
in a working paper at the beginning of a significant engagement
segment, but each
working paper will not contain a flowchart.
Answer (D) is correct. Each working paper must, at a minimum,
identify the
engagement and describe the contents or purpose of the working
paper, for
example, in the heading. Also, each working paper should be signed
(initialed)
and dated by the internal auditor and contain an index or reference
number.
Furthermore, verification symbols (tick marks) are likely to appear on
most
working papers and should be explained.
[635] Gleim #: 7.3.22
Engagement working papers are indexed by means of reference
numbers. The primary
purpose of indexing is to
A. Permit cross-referencing and simplify supervisory review.
B. Support the final engagement communication.
C. Eliminate the need for follow-up reviews.
Determine that working papers adequately support observations,
conclusions, and
recommendations.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 349
Printed for Sanja Knezevic
Answer (A) is correct. Indexing permits cross-referencing. It is
important because it
simplifies supervisory review either during the engagement or
subsequently by creating
a trail of related items through the working papers. It thus facilitates
preparation of
final engagement communications, later engagements for the same
engagement client,
and internal and external assessments of the internal audit activity.
Answer (B) is incorrect. The working papers as a whole should
support the final
engagement communication.
Answer (C) is incorrect. Follow-up is necessitated by engagement
client conditions,
not the state of working papers.
Answer (D) is incorrect. The purpose of supervisory review of
working papers is to
determine that working papers adequately support observations,
conclusions, and
recommendations.
[636] Gleim #: 7.3.23
Internal auditors often include summaries within their working
papers. Which of the
following best describes the purpose of such summaries?
Summaries are prepared to conform A. with the Standards.
Summaries are usually required to complete each section of an
engagement work
program.
B.
Summaries distill the most useful information from several working
papers into a
more usable form.
C.
Summaries document that the internal auditor has considered all
relevant
information.
D.
Answer (A) is incorrect. Summaries are not required by the
Standards.
Answer (B) is incorrect. Summaries are not usually required by
engagement work
programs.
Answer (C) is correct. Working papers document an engagement.
They contain
the records of planning, the preliminary survey, the engagement work
program,
the results of field work, and other related matters. Summaries help
to coordinate
working papers related to a subject by providing concise statements
of the most
important information. Thus, they provide for an orderly and logical
flow of
information and facilitate supervisory review.
Answer (D) is incorrect. Summaries are not necessary to document
that the
internal auditor has considered all relevant information.
[637] Gleim #: 7.3.24
When engagement conclusions are challenged, the internal auditor’s
factual rebuttal is
best facilitated by
A. Summaries in the engagement work program.
B. Pro forma working papers.
C. Cross-referencing of the working papers.
D. Explicit procedures in the engagement work program.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 350
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The engagement work program guides the
collection of
information, but appropriately cross-referencing information in the
working papers
assists in the factual rebuttal of challenges.
Answer (B) is incorrect. Pro forma working papers save time in the
information
collection process by guiding the internal auditor to ensure that all
significant points
are covered.
Answer (C) is correct. Each working paper should have an index or
reference number.
Indexing permits cross-referencing, which simplifies supervisory
review either during
the engagement or subsequently by creating an information trail of
related items
through the working papers. It thus facilitates preparation of the final
engagement
communication, later engagements involving the same client, internal
and external
quality assessments, and factual rebuttal of challenges by clearly
identifying sources
and locations of facts.
Answer (D) is incorrect. The engagement work program guides the
collection of
information, but appropriately cross-referencing information in the
working papers
assists in the factual rebuttal of challenges.
[638] Gleim #: 7.3.25
Which of the following conditions constitutes inappropriate workingpaper
preparation?
All forms and directives used by the engagement client are included
in the
working papers.
A.
Flowcharts are included in B. the working papers.
C. Engagement observations are cross-referenced to supporting
documentation.
D. Tick marks are explained in notes.
Answer (A) is correct. Performance Standard 2330 states that
internal auditors
must document relevant information to support the conclusions and
engagement
results. Thus, working papers should be confined to information that
is material
and relevant to the engagement and the observations, conclusions,
and
recommendations. Hence, forms and directives used by the
engagement client
should be included only to the extent they support the observations,
conclusions,
and recommendations and are consistent with engagement
objectives.
Answer (B) is incorrect. A graphic representation of the engagement
client’s
controls, document flows, and other activities is often vital for
understanding
operations and is therefore a necessary part of the documentation.
Answer (C) is incorrect. Cross-referencing is essential to the orderly
arrangement
and understanding of working papers and reduces duplication.
Answer (D) is incorrect. Tick marks are verification symbols that
should be
standard throughout the engagement. They should be described in a
note.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 351
Printed for Sanja Knezevic
[639] Gleim #: 7.3.26
Which type of working-paper summary is typically used to
consolidate numerical data
scattered among several schedules?
Statistical A. summaries.
B. Segment summaries.
C. Results summaries.
D. Pyramid summaries.
Answer (A) is correct. Summarization of facts in the working papers
is a means
of emphasizing important information, establishing perspective,
providing an
overview, aiding memory, training staff, facilitating supervisory
review, and
controlling engagements. By the use of indexing and crossreferencing, summaries
may be used to relate different working papers that concern a given
point. A
statistical summary condenses the related numerical information
from engagement
work programs.
Answer (B) is incorrect. A segment summary is a narrative with
respect to a
particular part of the engagement. It should appear at the beginning
of each
section of the working papers, which should be organized logically
according to
the different objectives of the engagement.
Answer (C) is incorrect. A results summary provides the significant
facts about
engagement observations.
Answer (D) is incorrect. The term “pyramid summaries” is not
meaningful in this
context.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 352
Printed for Sanja Knezevic
fb.com/ciaaofficial
[640] Gleim #: 7.3.27
XYZ
Bank Reconciliation
June 30, Year 1
(Amounts in currency units)
Balance per bank (a) 16,482.97
Deposits in transit (b)
6/29 2,561.14
6/30 1,572.28 4,133.42
Subtotal 20,616.39
Outstanding checks
(c)
248 842.11
952 2,000.00
968 571.00
969 459.82
970 714.25 4,587.18
Subtotal 16,029.21
Bank service charge 12.50
NSF check returned
(d)
350.00
Error on check #954 (14.00)
Balance per books (e) To T/B 16,377.71
Legend:
(a) Confirmed with bank -- see
confirmation on W/P A-4.
(b)Verified by tracing to July 15
cutoff statement; traced to cash
receipts journal.
(c) Okay.
(d)Examined supporting
documentation and traced to final
disposition.
(e) Footed total and compared with
balance in general ledger.
This working paper will be considered deficient if which other
relevant engagement
working paper is not cross-referenced and included in the cash
section of the workingpaper
file?
A. Petty cash count.
B. Confirmation of cash balance with bank.
C. Copies of deposit slips for deposits in transit.
D. Engagement client representation that the cash balance per
books was accurate.
Answer (A) is incorrect. Petty cash is not relevant. This working
paper concerns
cash in the bank.
Answer (B) is correct. Confirming the cash balance in the bank
account as of the
end of the period is a standard engagement procedure. It provides
direct,
externally generated information to support the reported cash
amount.
Answer (C) is incorrect. Under ordinary circumstances, copies of
deposit slips are
not required as long as an adequate explanation of engagement
procedures relative
to deposits in transit is provided.
Answer (D) is incorrect. The engagement client’s representation is
not relevant
when outside confirmation and analysis of cash records supports the
cash balance.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 353
Printed for Sanja Knezevic
[641] Gleim #: 7.3.28
XYZ
Bank Reconciliation
June 30, Year 1
(Amounts in currency units)
Balance per bank (a) 16,482.97
Deposits in transit (b)
6/29 2,561.14
6/30 1,572.28 4,133.42
Subtotal 20,616.39
Outstanding checks
(c)
248 842.11
952 2,000.00
968 571.00
969 459.82
970 714.25 4,587.18
Subtotal 16,029.21
Bank service charge 12.50
NSF check returned
(d)
350.00
Error on check #954 (14.00)
Balance per books (e) To T/B 16,377.71
Legend:
(a) Confirmed with bank -- see
confirmation on W/P A-4.
(b)Verified by tracing to July 15
cutoff statement; traced to cash
receipts journal.
(c) Okay.
(d)Examined supporting
documentation and traced to final
disposition.
(e) Footed total and compared with
balance in general ledger.
A deficiency in this working paper is that
A standardized cash reconciliation working A. paper was not used.
B. All verification symbols were not properly explained.
C. Analytical review procedures were not performed.
D. Cross-referencing of working papers was not accomplished.
Answer (A) is incorrect. Efficiency can be achieved through
standardization;
however, not every working paper can be standardized. This working
paper may
be subject to standardization but is not inadequate in that respect.
Answer (B) is correct. Each engagement working paper should
contain a heading,
which usually consists of the name of the client’s organization or
function, a title
or description of the contents or purpose of the paper, and the date
or period
covered. Each working paper should be signed (initialed) and dated
by the internal
auditor and contain an index or reference number. Verification
symbols (tick
marks) are also likely to appear on most working papers and should
be adequately
explained in a note. In this example, the explanation for tick mark (c)
does not
detail the procedures used to review outstanding checks.
Answer (C) is incorrect. Analytical procedures are usually not as
relevant to the
examination of cash as to other assets and liabilities.
Answer (D) is incorrect. Cross-referencing was accomplished.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 354
Printed for Sanja Knezevic
fb.com/ciaaofficial
[642] Gleim #: 7.3.29
During the working-paper review, an internal auditing supervisor finds
that the
internal auditor’s observations are not adequately cross-referenced
to supporting
documentation. The supervisor will most likely instruct the internal
auditor to
Prepare a working paper to indicate that the full scope of the
engagement was
carried out.
A.
Familiarize him/herself with the sequence of working papers so that
(s)he will be
able to answer questions about the conclusions stated in the final
engagement
communication.
B.
Eliminate any cross-references to other working papers because the
system is
unclear.
C.
Provide a cross-referencing system that shows the relationship
among
observations, conclusions, recommendations, and the related facts.
D.
Answer (A) is incorrect. A full set of properly indexed and crossreferenced
working papers, not a separate analysis, is necessary.
Answer (B) is incorrect. Proper cross-referencing avoids the need to
memorize
the locations of supporting information.
Answer (C) is incorrect. Cross-references should be added, not
deleted.
Answer (D) is correct. Cross-referencing is important because it
simplifies review
either during the engagement or subsequently by creating a trail of
related items
through the working papers. It thus facilitates preparation of the final
engagement
communication and later engagements for the same engagement
client.
[643] Gleim #: 7.3.30
Which of the following concepts distinguishes the retention of
computerized audit
documentation from the traditional hard copy form?
Analyses, conclusions, and recommendations are filed on electronic
media and are
therefore subject to computer system controls and security
procedures.
A.
Evidential support for all findings is copied and provided to local
management
during the closing conference and to each person receiving the final
report.
B.
Computerized data files can be used in computer C. audit
procedures.
Audit programs can be standardized to eliminate the need for a
preliminary survey
at each location.
D.
Answer (A) is correct. The only difference between the
computerized audit
documentation and hard copy form is how the working papers are
stored.
Electronic audit documentation is saved either on disks or hard drive,
whereas
hard copy is stored in a file cabinet. Unlike computerized audit
documentation,
hard copies are not subject to computer controls and security
procedures.
Answer (B) is incorrect. Evidential support would be retained and
provided on
the basis of the nature of the finding and not the media used for
storing audit
documentation.
Answer (C) is incorrect. This capability is not an exclusive function
of
computerized audit documentation.
Answer (D) is incorrect. Though the nature of the preliminary survey
may change
in some cases, the requirement for this phase of the audit is not
eliminated by
computerized audit documentation.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 355
Printed for Sanja Knezevic
[644] Gleim #: 7.4.31
Which of the following actions constitutes a violation of the
confidentiality concept
regarding working papers? An internal auditor
Takes working papers to his/her hotel A. room overnight.
B. Shows working papers on occasion to engagement clients.
C. Allows the external auditor to copy working papers.
D. Misplaces working papers occasionally.
Answer (A) is incorrect. Continuous physical control of working
papers during
fieldwork may be appropriate.
Answer (B) is incorrect. Engagement clients may be shown working
papers with
the CAE’s approval.
Answer (C) is incorrect. Internal and external auditors commonly
grant access to
each others’ work programs and working papers.
Answer (D) is correct. The internal audit activity controls
engagement working
papers and provides access to authorized personnel only (PA
2330.A1-1, para. 1).
By misplacing working papers occasionally, the internal auditor is
thus violating
the confidentiality concept.
[645] Gleim #: 7.4.32
Working papers contain a record of engagement work performed and
much
confidential information. They are the property of the internal audit
activity, which is
responsible for their security. Which of the following is the most
important control
requirement for working papers?
A. Allow access to working papers only to internal audit activity
personnel.
Provide for the protection of working papers at all times and to the
extent
appropriate.
B.
Make the administrative section of the internal audit activity
responsible for the
security of working papers.
C.
D. Purge working papers periodically of materials that are considered
confidential.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 356
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Working papers may be shown to
engagement clients or
others if engagement objectives will not be compromised.
Answer (B) is correct. Working papers should always be properly
protected. During
the field work, they should be in the internal auditor’s physical
possession or control or
otherwise protected against fire, theft, or other disaster. For example,
the internal
auditor may use the engagement client’s safe or other security
facilities. In the internal
auditing office, they should be kept in locked files and should be
formally signed out
when removed from the files. When others (government auditors, the
external audit
firm, etc.) review the working papers, the reviews should take place
in the internal
auditing office. Secure files should be provided for long-term storage,
and itemized
records of their location should be maintained. When electronic
working papers are
placed online, computer system security measures should be similar
to those used for
other highly sensitive information of the organization.
Answer (C) is incorrect. This arrangement is awkward for working
papers needed at
the engagement site.
Answer (D) is incorrect. Lack of relevance to future needs, not
confidentiality, is the
criterion for destruction of working papers.
[646] Gleim #: 7.4.33
The primary objective of maintaining security over working papers is
to
Prohibit unauthorized changes or removal A. of information.
B. Prohibit engagement clients from seeing working papers.
C. Facilitate subsequent engagements in the same department.
D. Facilitate engagements by external auditors.
Answer (A) is correct. The working papers are essential to the
proper functioning
of the internal audit activity. Among many other purposes, they
document the
information obtained, the analyses made, and the support for the
conclusions and
engagement results. Unauthorized changes or removal of
information would
seriously compromise the integrity of the internal audit activity’s work.
For this
reason, the chief audit executive must ensure that working papers
are kept secure.
Answer (B) is incorrect. Engagement clients may be shown working
papers in
proper circumstances, for example, when client fraud is not an issue.
Answer (C) is incorrect. A secondary objective is to facilitate
subsequent
engagements in the same department.
Answer (D) is incorrect. A secondary objective is to facilitate
engagements by
external auditors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 357
Printed for Sanja Knezevic
[647] Gleim #: 7.4.34
A fire destroyed a large portion of an organization’s inventory.
Management is filing
an insurance claim and needs to use the internal auditors’ working
papers in preparing
the claim. Management
May not use the working papers in preparing A. the claim.
May use the working papers in preparing the claim, but such use
should be
approved by the chief audit executive.
B.
Should be precluded from preparing the claim, and this function
should be
performed by the internal audit activity.
C.
May use the working papers in preparing the claim, but such use
should be
approved by the organization’s external auditors.
D.
Answer (A) is incorrect. Working papers may be used for “other
business
purposes.”
Answer (B) is correct. One potential use of engagement working
papers is to
provide support in the organization’s pursuit of insurance claims,
fraud cases, and
lawsuits. In such cases, management and other members of the
organization may
request access to engagement working papers. This access may be
necessary to
substantiate or explain engagement observations and
recommendations or to use
engagement documentation for other business purposes. The CAE
should approve
these requests. Accordingly, the insurance claim is an “other
business purpose,”
and management may use the internal auditors’ working papers in
preparing the
claim.
Answer (C) is incorrect. Management, not the internal audit activity,
should
prepare the insurance claim.
Answer (D) is incorrect. The approval of external auditors is not
needed.
[648] Gleim #: 7.4.35
The internal auditor is most likely to make working papers available
to the
engagement client when
A. Fraud is suspected.
B. The internal auditors have recorded specific damaging comments.
C. The internal auditor considers the content noncontroversial.
D. Engagement client comments are needed to evaluate significance
and accuracy.
Answer (A) is incorrect. Working papers are never shown to
engagement clients
when their involvement in fraud is suspected.
Answer (B) is incorrect. The working papers usually should not be
shown to
engagement clients when internal auditor-client relations might
thereby be
damaged or the engagement objectives compromised.
Answer (C) is incorrect. Access to noncontroversial matter may
nevertheless
permit circumvention of engagement procedures.
Answer (D) is correct. When the engagement objectives will not be
compromised, the internal auditor may show all or part of the working
papers to
the engagement client. For instance, the results of certain
engagement procedures
may be shared with the engagement client to encourage corrective
action. Thus,
working papers as well as drafts of engagement communications
may be reviewed
with engagement clients to verify their accuracy, completeness, and
significance.
But complete disclosure may permit circumvention of the internal
auditors’
procedures, and working papers should never be shared with
engagement clients
in fraud investigations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 358
Printed for Sanja Knezevic
fb.com/ciaaofficial
[649] Gleim #: 7.5.36
Working papers should be disposed of when they are of no further
use. Retention
policies must
Specify a minimum retention A. period of 3 years.
B. Be prepared by the audit committee.
C. Be approved by legal counsel.
D. Be approved by the external auditor.
Answer (A) is incorrect. Working papers should not be retained for
an arbitrary
period. The duration of retention is a function of usefulness, including
legal
considerations.
Answer (B) is incorrect. The CAE must develop retention policies.
Answer (C) is correct. The chief audit executive must develop
retention
requirements for engagement records, regardless of the medium in
which each
record is stored. These retention requirements must be consistent
with the
organization’s guidelines and any pertinent regulatory or other
requirements
(Impl. Std. 2330.A2). Thus, approval by the organization’s legal
counsel is
appropriate.
Answer (D) is incorrect. Retention policies need not be approved by
the external
auditor.
[650] Gleim #: 7.5.37
Which of the following states an inappropriate policy relating to the
retention of
engagement working papers?
A. Working papers should be disposed of when they have no further
use.
B. Working papers prepared for fraud investigators should be
retained indefinitely.
C. Working-paper retention schedules should be approved by legal
counsel.
Working-paper retention schedules should consider legal and
contractual
requirements.
D.
Answer (A) is incorrect. The duration of retention should be
determined by
usefulness.
Answer (B) is correct. The CAE must develop retention
requirements for
engagement records, regardless of the medium in which each record
is stored.
These retention requirements must be consistent with the
organization’s
guidelines and any pertinent regulatory or other requirements
(Impl. Std. 2330.A2). Although working papers pertaining to fraud
investigations
might be kept apart from others, no working paper will have to be
kept
indefinitely.
Answer (C) is incorrect. Approval by legal counsel is appropriate.
Answer (D) is incorrect. Legal and contractual requirements may
determine the
retention period.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 359
Printed for Sanja Knezevic
[651] Gleim #: 7.5.38
When current-file working papers are no longer of use to the internal
audit activity,
they should be
A. Destroyed.
B. Placed in the custody of the organizational legal department for
safekeeping.
C. Transferred to the permanent file.
D. Transferred to the custody of the engagement client for ease of
future records.
Answer (A) is correct. Working papers should be destroyed after
they have
served their purpose. Any parts having continuing value should be
brought
forward to current working papers or to the permanent file.
Answer (B) is incorrect. If working papers are useful, they should be
controlled
by the internal auditors.
Answer (C) is incorrect. Useless working papers should be
destroyed.
Answer (D) is incorrect. Engagement clients should not have
custody of
confidential papers.
[652] Gleim #: 7.5.39
The best description of the principal purpose for retaining working
papers is to
A. Help perform the engagement in an orderly fashion.
B. Maintain the engagement work program for reuse in the next
engagement.
C. Provide support for the final engagement communication.
D. Provide a basis for supervisory review.
Answer (A) is incorrect. An important but secondary purpose of
working paper
retention is orderly performance of engagements.
Answer (B) is incorrect. An important but secondary purpose of
working paper
retention is the reuse of work programs.
Answer (C) is correct. Engagement working papers provide the
principal support
for the engagement results (PA 2330-1, para. 2). They should be
retained after the
final engagement communication has been issued for a time that is
consistent with
organizational guidelines and any pertinent regulatory or other
requirements.
Answer (D) is incorrect. An important but secondary purpose of
working paper
retention is supervisory review.
[653] Gleim #: 7.5.40
An internal audit activity’s policies regarding engagement records
should address such
matters as their content, retention period, handling of access
requests, and
responsibility for control and security. Which of the following
statements relevant to
the development of these policies is true?
Most records not protected by the attorney-client privilege are
accessible in
criminal proceedings.
A.
B. The work product of the internal auditors is protected from
disclosure.
Records created with an expectation of confidentiality are protected
from
disclosure.
C.
Documents revealing attorneys’ thought processes will be subject to
forced
disclosure.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 360
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Most of an organization’s records that are not
protected by the
attorney-client privilege may be accessible in criminal proceedings.
In noncriminal
proceedings, the issue of access is less clear (PA 2330.A1-2, para.
1).
Answer (B) is incorrect. The work product of attorneys, not auditors,
is usually
protected.
Answer (C) is incorrect. A mere expectation of confidentiality does
not protect
records from disclosure if they are not subject to a legal privilege.
Answer (D) is incorrect. Documents revealing attorneys’ thought
processes or
strategies are usually privileged.
[654] Gleim #: 7.6.41
Which of the following tools would best give a graphical
representation of a sequence
of activities and decisions?
A. Flowchart.
B. Control chart.
C. Histogram.
D. Run chart.
Answer (A) is correct. Flowcharting is an essential aid in the
program
development process that involves a sequence of activities and
decisions. A
flowchart is a pictorial diagram of the definition, analysis, or solution
of a
problem in which symbols are used to represent operations, data
flow, equipment,
etc.
Answer (B) is incorrect. A control chart is used to monitor deviations
from
desired quality measurements during repetitive operations.
Answer (C) is incorrect. A histogram is a bar chart showing
conformance to a
standard bell curve.
Answer (D) is incorrect. A run chart tracks the frequency or amount
of a given
variable over time.
[655] Gleim #: 7.6.42
Which method of evaluating internal controls during the preliminary
survey provides
the internal auditor with the best visual grasp of a system and a
means for analyzing
complex operations?
A. A flowcharting approach.
B. A questionnaire approach.
C. A matrix approach.
D. A detailed narrative approach.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 361
Printed for Sanja Knezevic
Answer (A) is correct. Flowcharts are graphical representations of
the step-by-step
progression of transactions, including document (information)
preparation,
authorization, flow, storage, etc. Flowcharting allows the internal
auditor to analyze a
system and to identify the strengths and weaknesses of the
purported internal controls
and the appropriate areas of audit emphasis.
Answer (B) is incorrect. A questionnaire approach provides only an
agenda for
evaluation.
Answer (C) is incorrect. A matrix approach does not provide the
visual grasp of the
system that a flowchart does.
Answer (D) is incorrect. A detailed narrative does not provide the
means of evaluating
complex operations that a flowchart does.
[656] Gleim #: 7.6.43
Internal auditors often flowchart a control system and reference the
flowchart to
narrative descriptions of certain activities. This is an appropriate
procedure to
Determine whether the system meets established management A.
objectives.
B. Document that the system meets international auditing
requirements.
C. Determine whether the system can be relied upon to produce
accurate information.
D. Gain the understanding necessary to test the effectiveness of the
system.
Answer (A) is incorrect. To determine whether the system meets
established
management objectives, the auditor must perform more extensive
procedures. A
flowchart is an aid to understanding the system. It does not provide
evidence
about the actual operating effectiveness of the system.
Answer (B) is incorrect. International auditing standards do not
require the use of
flowcharts.
Answer (C) is incorrect. To determine whether the system can be
relied upon to
produce accurate information, the auditor must perform more
extensive
procedures. A flowchart is an aid to understanding the system. It
does not provide
evidence about the actual operating effectiveness of the system.
Answer (D) is correct. Flowcharting is a pictorial method of
analyzing and
understanding the processes and procedures involved in operations,
whether
manual or computerized. Flowcharting is therefore useful in the
preliminary
survey and in obtaining an understanding of internal control. It is also
helpful in
systems development.
[657] Gleim #: 7.6.44
An internal auditor develops a flowchart primarily to
A. Detect errors and irregularities.
B. Analyze a system and identify internal controls.
C. Determine functional responsibilities.
D. Reduce the need for interviewing auditee personnel.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 362
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Flowcharts only show where errors and
irregularities might
occur.
Answer (B) is correct. Flowcharting is a tool commonly used to learn
what set of
procedures is supposed to be in effect in a control system. An
internal control
flowchart is a pictorial diagram of documents and their processing
and disposition
within the system. It is a basis for preliminary evaluation and is
followed by testing to
see if the prescribed procedures are in effect and are working as
intended.
Answer (C) is incorrect. Questionnaires are used to determine
functional
responsibilities.
Answer (D) is incorrect. Flowchart development usually requires
asking questions of
the auditee.
[658] Gleim #: 7.6.45
An auditor frequently uses flowcharts to determine whether there is
Satisfactory performance A. of an operation.
B. Sufficient but not excessive personnel assigned to an operation.
C. Authority to meet the performance criteria.
D. Inefficiency and lack of controls.
Answer (A) is incorrect. This information is not given in a flowchart.
Answer (B) is incorrect. This information is not given in a flowchart.
Answer (C) is incorrect. This information is not given in a flowchart.
Answer (D) is correct. Flowcharts are graphical representations of
the step-bystep
progression of transactions including document (information)
preparation,
authorization, flow, storage, etc. Flowcharting allows the internal
auditor to
analyze a system and to identify the strengths and weaknesses of
the purported
internal controls and the appropriate areas of audit emphasis.
[659] Gleim #: 7.6.46
Of the following, which is the most efficient source for an auditor to
use to evaluate a
company’s overall control system?
A. Control flowcharts.
B. Copies of standard operating procedures.
C. A narrative describing departmental history, activities, and forms
usage.
D. Copies of industry operating standards.
Answer (A) is correct. Control flowcharting is a graphical means of
representing
the sequencing of activities and information flows with related control
points. It
provides an efficient and comprehensive method of describing
relatively complex
activities, especially those involving several departments.
Answer (B) is incorrect. Copies of procedures and related forms do
not provide
an efficient overview of processing activities.
Answer (C) is incorrect. A narrative review covering the history and
forms usage
of the department is not as efficient or comprehensive as
flowcharting for the
purpose of communicating relevant information about controls.
Answer (D) is incorrect. Industry standards do not provide a picture
of existing
practice for subsequent audit activity.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 363
Printed for Sanja Knezevic
[660] Gleim #: 7.6.47
A flowchart of process activities and controls may provide
Information on where A. fraud could occur.
B. Information on the extent of a past fraud.
C. An indication of where fraud has occurred in a process.
D. No information related to fraud prevention.
Answer (A) is correct. Flowcharting is a pictorial method of analyzing
and
understanding the processes and procedures involved in operations,
whether
manual or computerized. Flowcharting is therefore useful in the
preliminary
survey and in obtaining an understanding of internal control. It is also
helpful in
systems development. Consequently, by indicating control
weaknesses, flowcharts
show where fraud may occur.
Answer (B) is incorrect. Flowcharts do not provide any evidence of
the extent of
fraud.
Answer (C) is incorrect. Other procedures would be needed to
detect where fraud
has occurred.
Answer (D) is incorrect. Flowcharts provide evidence of where fraud
may occur.
Flowcharts therefore help in prevention.
[661] Gleim #: 7.6.48
The internal auditor wishes to develop a flowchart of (1) the process
of receiving sales
order information at headquarters, (2) the transmission of the data to
the plants to
generate the shipment, and (3) the plants’ processing of the
information for shipment.
The internal auditor should
Start with management’s decisions to set sales prices. Gather
internal
documentation on the approval process for changing sales prices.
Complement
documentation with a copy of the program flowchart. Prepare an
overview
flowchart that links these details.
A.
Start with a shipment of goods and trace the transaction back
through the
origination of the sales order as received from the sales
representative.
B.
Start with the receipt of a sales order from a sales representative and
“walk
through” both the manual and computerized processing at
headquarters and the
plant until the goods are shipped and billed.
C.
Obtain a copy of the plants’ systems flowchart for the sales process,
interview
relevant personnel to determine if any changes have been made,
and then develop
an overview flowchart which will highlight the basic process.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 364
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The issue is the processing of sales orders,
not the system for
making changes in the sales price data.
Answer (B) is incorrect. Starting with the completed transaction
does not identify
processing steps in which documents or data were diverted and
processed separately.
Answer (C) is correct. The survey during the engagement planning
phase helps the
internal auditor to become familiar with activities, risks, and controls
and to identify
areas for audit emphasis. Flowcharting is a typical survey procedure,
and the walkthrough
is a means of gathering information to be reflected in the flowchart.
Answer (D) is incorrect. Processing steps that occur other than at
the plant level must
also be considered.
[662] Gleim #: 7.6.49
The diamond-shaped symbol is commonly used in flowcharting to
show or represent a
Process or a single step in a procedure A. or program.
B. Terminal output display.
C. Decision point, conditional testing, or branching.
D. Predefined process.
Answer (A) is incorrect. The rectangle is the appropriate symbol for
a process or
a single step in a procedure or program.
Answer (B) is incorrect. A terminal display is signified by a symbol
similar to the
shape of a cathode ray tube.
Answer (C) is correct. Flowcharts illustrate in pictorial fashion the
flow of data,
documents, and/or operations in a system. Flowcharts may
summarize a system or
present great detail, e.g., as found in program flowcharts. The
diamond-shaped
symbol represents a decision point or test of a condition in a program
flowchart,
that is, the point at which a determination must be made as to which
logic path
(branch) to follow.
Answer (D) is incorrect. A predefined processing step is represented
by a
rectangle with double lines on either side.
[663] Gleim #: 7.6.50
(Refer to Figure CIA2_08_14.)
This figure shows how
A. Physical media are used in the system.
B. Input/output procedures are conducted.
C. Data flow within and out of the system.
D. Accountability is allocated in the system.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 365
Printed for Sanja Knezevic
Answer (A) is incorrect. The figure does not show physical media or
input/output
procedures (manifestations of how the system works rather than
what it accomplishes).
Flowcharts depict these matters.
Answer (B) is incorrect. The figure is a data flow diagram; it depicts
the flow of data
within and out of the system. Flowcharts show how input/output
procedures are
conducted.
Answer (C) is correct. A data flow diagram shows how data flow to,
from, and within
a system and the processes that manipulate the data.
Answer (D) is incorrect. The figure does not show how
accountability is allocated in
the system. Accountability transfers are usually shown in flowcharts.
[664] Gleim #: 7.6.51
(Refer to Figure CIA2_08_14.)
This figure could be expanded to show the
Edit checks used in preparing purchase orders A. from stock records.
B. Details of the preparation of purchase orders.
C. Physical media used for stock records, the vendor file, and
purchase orders.
D. Workstations required in a distributed system for preparing
purchase orders.
Answer (A) is incorrect. A data flow diagram does not depict edit
checks.
Answer (B) is correct. A data flow diagram can be used to depict
lower-level
details as well as higher-level processes. A system can be divided
into subsystems,
and each subsystem can be further subdivided at levels of increasing
detail. Thus,
any process can be expanded as many times as necessary to show
the required
level of detail.
Answer (C) is incorrect. Flowcharts, not data flow diagrams, show
the physical
media on which data such as stock records, the vendor file, and
purchase orders
are maintained.
Answer (D) is incorrect. Flowcharts, not data flow diagrams, show
the
workstations through which data pass and the sequence of activities.
[665] Gleim #: 7.6.52
An internal auditor reviews and adapts a systems flowchart to
understand the flow of
information in the processing of cash receipts. Which of the following
statements is
true regarding the use of such flowcharts? The flowcharts
Show specific control procedures used, such as edit tests that are
implemented and
batch control reconciliations.
A.
B. Are a good guide to potential segregation of duties.
C. Are generally kept up to date for systems changes.
D. Show only computer processing, not manual processing.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 366
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. A program flowchart will identify the specific
edit tests
implemented.
Answer (B) is correct. Systems flowcharts are overall graphic
analyses of the flow of
data and the processing steps in an information system. Accordingly,
they can be used
to show segregation of duties and the transfer of data between
different segments in the
organization.
Answer (C) is incorrect. The flowcharts are usually not kept up to
date for changes.
Thus, the auditor will have to interview key personnel to determine
changes in
processing since the flowchart was developed.
Answer (D) is incorrect. A systems flowchart should show both
manual and computer
processing.
[666] Gleim #: 7.6.53
Graphical notations that show the flow and transformation of data
within a system or
business area are called
A. Action diagrams.
B. Program structure charts.
C. Conceptual data models.
D. Data flow diagrams.
Answer (A) is incorrect. Action diagrams are process logic notations
that
combine graphics and text to support the definition of technical rules.
Answer (B) is incorrect. Program structure charts are graphical
depictions of the
hierarchy of modules or instructions in a program.
Answer (C) is incorrect. Conceptual data modules are independent
definitions of
the data requirements that are explained in terms of entities and
relationships.
Answer (D) is correct. Data flow diagrams show how data flow to,
from, and
within the system and the processes that manipulate the data. A data
flow diagram
can be used to depict lower-level details as well as higher-level
processes. A
system can be divided into subsystems, and each subsystem can be
further
subdivided at levels of increasing detail. Thus, any process can be
expanded as
many times as necessary to show the required level of detail.
[667] Gleim #: 7.6.54
In documenting the procedures used by several interacting
departments the internal
auditor will most likely use a(n)
A. Horizontal (or systems) flowchart.
B. Vertical flowchart.
C. Gantt chart.
D. Internal control questionnaire.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 367
Printed for Sanja Knezevic
Answer (A) is correct. Flowcharting is a useful tool for systems
development as well
as understanding the internal control structure. A flowchart is a
pictorial diagram of the
definition, analysis, or solution of a problem in which symbols are
used to represent
operations, data flow, equipment, etc. A systems flowchart provides
an overall view of
the inputs, processes, and outputs of a system, such as a set of
interacting departments.
Answer (B) is incorrect. A vertical flowchart does not highlight the
interaction
between departments.
Answer (C) is incorrect. A Gantt chart is not a tool for documenting
procedures. Gantt
charts typically are used in industry as a method of recording
progress toward goals for
employees and machinery.
Answer (D) is incorrect. An internal control questionnaire does not
highlight the
interaction between departments.
[668] Gleim #: 7.6.55
Which of the following is a true statement comparing a horizontal
flowchart with a
vertical flowchart?
A horizontal flowchart provides more room for written descriptions
that parallel
the symbols.
A.
A horizontal flowchart brings into sharper focus the assignment of
duties and
independent checks on performance.
B.
A horizontal flowchart C. is usually longer.
D. A horizontal flowchart does not provide as broad a picture at a
glance.
Answer (A) is incorrect. A vertical flowchart is usually designed to
provide for
written descriptions.
Answer (B) is correct. A horizontal or systems flowchart depicts the
functions or
departments involved in a process successively from left to right.
Thus, the steps
performed by a function or department are presented in the same
column. A
vertical flowchart displays step-by-step processes effectively, but it
does not
delineate the system’s components as well. By emphasizing the flow
of processing
between departments or people, a horizontal flowchart more clearly
shows any
inappropriate separation of duties and lack of independent checks on
performance.
Answer (C) is incorrect. A horizontal flowchart is usually shorter.
Space for
written descriptions is not usually provided.
Answer (D) is incorrect. More of the flow of processing can be
depicted on one
page than in a vertical flowchart with written descriptions.
[669] Gleim #: 7.7.56
Engagement information is usually considered relevant when it is
A. Derived through valid statistical sampling.
B. Objective and unbiased.
C. Factual, adequate, and convincing.
D. Consistent with the engagement objectives.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 368
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Whether sampling is appropriate and the
results are valid are
issues related to the determination of sufficiency and reliability rather
than relevance.
Answer (B) is incorrect. Objectivity and lack of bias do not ensure
that information
will support observations and recommendations and be consistent
with the engagement
objectives.
Answer (C) is incorrect. Sufficient information is factual, adequate,
and convincing so
that a prudent, informed person would reach the same conclusions
as the internal
auditor.
Answer (D) is correct. Relevant information supports engagement
observations and
recommendations and is consistent with the objectives for the
engagement
(Inter. Std. 2310).
[670] Gleim #: 7.7.57
To determine the sufficiency of information regarding interpretation of
a contract, an
internal auditor uses
The best obtainable A. information.
B. Subjective judgments.
C. Objective evaluations.
D. Logical relationships between information and issues.
Answer (A) is incorrect. The best information attainable is reliable
but not
necessarily sufficient.
Answer (B) is incorrect. An evaluation of the sufficiency of
information requires
objective judgments. The “prudent, informed person” language states
an
objectivity criterion.
Answer (C) is correct. Sufficient information is factual, adequate,
and convincing
so that a prudent, informed person would reach the same
conclusions as the
auditor (Inter. Std. 2310). Since the internal auditor must avoid
distortion by
personal feelings, prejudices, or interpretations, this judgment must
be objective.
Answer (D) is incorrect. Whether the relationship between the
information and
the issues is logical is a matter of relevance. Information must be
relevant, but
relevant information may not be sufficient.
[671] Gleim #: 7.7.58
Reliable information is
Supportive of the engagement observations and consistent with the
engagement
objectives.
A.
B. Helpful in assisting the organization in meeting prescribed goals.
Factual, adequate, and convincing so that a prudent person would
reach the same
conclusion as the internal auditor.
C.
Competent and the best attainable through the use of appropriate
engagement
techniques.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 369
Printed for Sanja Knezevic
Answer (A) is incorrect. Relevant information supports engagement
observations and
is consistent with engagement objectives.
Answer (B) is incorrect. Useful information assists the organization
in meeting goals.
Answer (C) is incorrect. Sufficient information is factual, adequate,
and convincing to
a prudent person.
Answer (D) is correct. Reliable information is the best attainable
information through
the use of appropriate engagement techniques (Inter. Std. 2310). An
original document
is the prime example of such information.
[672] Gleim #: 7.7.59
When sampling methods are used, the concept of sufficiency of
information means
that the samples selected provide
Reasonable assurance that they are representative of the A.
sampled population.
B. The best information that is reasonably obtainable.
Reasonable assurance that the information has a logical relationship
to the
engagement objective.
C.
D. Absolute assurance that a sample is representative of the
population.
Answer (A) is correct. Sufficient information is factual, adequate,
and convincing
so that a prudent, informed person would reach the same
conclusions as the
auditor (Inter. Std. 2310). If properly designed and executed, a
statistical sample is
representative of the sampled population.
Answer (B) is incorrect. The best information reasonably obtainable
is reliable
information.
Answer (C) is incorrect. The logical relationship indicates relevance.
Answer (D) is incorrect. Cost-benefit considerations usually
preclude absolute
assurance.
[673] Gleim #: 7.7.60
Which of the following is an essential factor in evaluating the
sufficiency of
information? The information must
A. Be well documented and cross-referenced in the working papers.
B. Be based on references that are considered competent.
Bear a direct relationship to the observation and include all of the
elements of an
observation.
C.
D. Be convincing enough for a prudent person to reach the same
decision.
Answer (A) is incorrect. Documentation and cross-referencing are
desirable but
have no specific relationship to any of the characteristics of
information
(sufficiency, reliability, relevance, and usefulness).
Answer (B) is incorrect. Competence is a characteristic of reliable
information.
Answer (C) is incorrect. Relevant information supports engagement
observations.
Answer (D) is correct. Sufficient information is factual, adequate,
and convincing
so that a prudent, informed person would reach the same
conclusions as the
auditor (Inter. Std. 2310).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 370
Printed for Sanja Knezevic
fb.com/ciaaofficial
[674] Gleim #: 7.7.61
In an operational audit, the internal auditors discovered an increase
in absenteeism.
Accordingly, the chief audit executive decided to identify information
about workforce
morale. To achieve this engagement objective, the internal auditors
must understand
that
Morale cannot be A. reliably analyzed.
B. Only outcomes that are directly quantifiable can be reliably
analyzed.
Reliable information may be obtained about morale factors such as
job
satisfaction.
C.
D. Morale is always proportional to compensation.
Answer (A) is incorrect. Difficulty of analysis does not preclude
reliability.
Answer (B) is incorrect. With proper engagement tools, even
emotional
responses may be measured and analyzed reliably.
Answer (C) is correct. Reliable information is the best information
attainable
through the use of appropriate engagement techniques (Inter. Std.
2310). Such
information need not consist only of quantifiable outcomes, such as
rates of
workforce turnover and absenteeism. Reliable information may be
identified about
such difficult-to-measure things as attitudes toward supervisors,
other workers,
and compensation. For example, surveys may produce statistically
valid
information about job satisfaction.
Answer (D) is incorrect. According to research and common human
experience,
the availability of, for example, intrinsic awards (e.g., personal
achievement) may
offset a low level of extrinsic awards (e.g., compensation).
[675] Gleim #: 7.7.62
While testing a division’s compliance with company affirmative-action
policies, an
auditor found that
1. 5% of the employees are from minority groups.
2. No one from a minority group has been hired in the past year.
The most appropriate conclusion for the auditor to reach is that
A. Insufficient evidence exists of compliance with affirmative-action
policies.
B. The division is violating the company’s policies.
C. The company’s policies cannot be audited and hence cannot be
enforced.
With 5% of its employees from minority groups, the division is
effectively
complying.
D.
Answer (A) is correct. Sufficient information is factual, adequate,
and convincing
so that a prudent, informed person would reach the same
conclusions as the
auditor (Inter. Std. 2310). Without knowledge of guidelines for
compliance, the
auditor cannot draw a reasonable conclusion given the insufficiency
of the facts.
Hence, the auditor must determine whether management has
established adequate
criteria or should work with management to develop such criteria.
Answer (B) is incorrect. Failure to hire a person from a minority
group this year
is irrelevant without knowing the total hires for the period.
Answer (C) is incorrect. An affirmative-action policy is clearly
auditable.
Answer (D) is incorrect. This conclusion cannot be reached without
knowledge
of the actual company policy.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 371
Printed for Sanja Knezevic
[676] Gleim #: 7.7.63
Reliable evidence is best defined as evidence that
Is the A. best attainable.
B. Is obtained by observing people, property, and events.
Is supplementary to other evidence already gathered and tends to
strengthen or
confirm it.
C.
Proves an intermediate fact, or group of facts, from which still other
facts can be
inferred.
D.
Answer (A) is correct. Reliable information is the best information
attainable
through the use of appropriate engagement techniques (Inter. Std.
2310).
Information is reliable when the auditor’s results can be verified by
others.
Reliable information is also valid. It accurately represents the
observed
phenomena. Information must be collected using reasonable efforts
subject to
such inherent limitations as the cost-benefit constraint. Accordingly,
internal
auditors employ efficient methods, e.g., statistical sampling and
analytical
auditing procedures.
Answer (B) is incorrect. Physical evidence is obtained by observing
people,
property, and events. Physical evidence is not necessarily reliable. In
fact, the
quality of reliability is more often associated with documentary
evidence.
Answer (C) is incorrect. Corroborative evidence is supplementary to
other
evidence already gathered and tends to strengthen or confirm it.
Although
corroborative evidence may be reliable, much reliable evidence is
primary rather
than supplementary.
Answer (D) is incorrect. Circumstantial evidence proves an
intermediate fact, or
group of facts, from which still other facts can be inferred.
Circumstantial
evidence is not necessarily reliable.
[677] Gleim #: 7.7.64
While performing an engagement relating to an organization’s cash
controls, the
internal auditor observed that cash deposits are not deposited intact
daily. A
comparison of a sample of cash receipts lists revealed that each
cash receipt list
equaled cash journal entry amounts but not daily bank deposits
amounts, and cash
receipts list totals equaled bank deposit totals in the long run. This
information as
support for the internal auditor’s observations is
A. Sufficient but not reliable or relevant.
B. Sufficient, reliable, and relevant.
C. Not sufficient, reliable, or relevant.
D. Relevant but not sufficient or reliable.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 372
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The information is reliable and relevant.
Answer (B) is correct. The bank deposits can be verified by
examining bank
statements obtained directly from the bank. Information obtained
from an independent
source is usually more reliable than information secured solely within
the entity.
Moreover, it is obviously relevant to the issue of whether cash
receipts are deposited
intact. A reasonable internal auditor should judge that the comparison
of the
organization’s records with independently obtained bank statements
is persuasive of
the proposition that cash receipts are not deposited intact. Thus, the
information is also
sufficient.
Answer (C) is incorrect. The information is sufficient, reliable, and
relevant.
Answer (D) is incorrect. The information is sufficient and reliable.
[678] Gleim #: 7.8.65
What characteristic of information is satisfied by an original signed
document?
A. Sufficiency.
B. Reliability.
C. Relevance.
D. Usefulness.
Answer (A) is incorrect. Sufficient information is factual, adequate,
and
convincing. The information contained on the document may be none
of those
things.
Answer (B) is correct. Reliable information is the best information
attainable
through the use of appropriate engagement techniques (Inter. Std.
2310). An
original document is the prime example of such information.
Answer (C) is incorrect. Relevance concerns the relationship of the
information
to some objective of the engagement. No engagement objective is
disclosed in the
question. Thus, whether the information on the document is relevant
to the
investigation cannot be determined.
Answer (D) is incorrect. Usefulness is achieved if the item helps the
organization
(the internal auditor, in this case) to accomplish predetermined goals.
No such
goals are specified.
[679] Gleim #: 7.8.66
An internal auditor is evaluating the advertising function. The
organization has
engaged a medium-sized local advertising agency to place
advertising in magazine
publications. As part of the review of the engagement working
papers, the internal
auditing supervisor is evaluating the information collected. The
internal auditor
reviewed the language in the advertising for its legality and
compliance with fair trade
regulations by interviewing the organization’s advertising manager,
the product
marketing director (who may not have been objective), and five of the
organization’s
largest customers (who may not have been knowledgeable). The
supervisor can
justifiably conclude that the information is
A. Reliable.
B. Irrelevant.
C. Conclusive.
D. Insufficient.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 373
Printed for Sanja Knezevic
Answer (A) is incorrect. The advertising director and the product
marketing director
are not objective.
Answer (B) is incorrect. The information is relevant but not
sufficient.
Answer (C) is incorrect. The information is not sufficient. Hence, it
cannot be
conclusive. The inherent limitations of this engagement require that
internal auditors
rely on information that is merely persuasive rather than convincing
beyond all doubt.
Answer (D) is correct. Sufficient information is factual, adequate,
and convincing so
that a prudent, informed person would reach the same conclusions
as the auditor
(Inter. Std. 2310). Sufficiency is based on the internal auditor’s
professional judgment
as to the amounts, kinds, and persuasiveness of information
required. Testimony from
individuals who may be neither objective nor knowledgeable is
unlikely to be
sufficient.
[680] Gleim #: 7.8.67
An internal auditor has set an engagement objective of determining
whether all cash
receipts are deposited intact daily. To satisfy this objective, the
internal auditor
interviewed the controller who gave assurances that all cash receipts
are deposited as
soon as is reasonably possible. As information that can be used to
satisfy the stated
engagement objective, the controller’s assurances are
Sufficient but not reliable A. or relevant.
B. Sufficient, reliable, and relevant.
C. Not sufficient, reliable, or relevant.
D. Relevant but not sufficient or reliable.
Answer (A) is incorrect. The information is not sufficient or reliable.
Answer (B) is incorrect. The information is relevant but not sufficient
or reliable.
Answer (C) is incorrect. The information is relevant.
Answer (D) is correct. Internal auditors must identify sufficient,
reliable, relevant,
and useful information to achieve engagement objectives (Perf. Std.
2310).
Relevant information supports engagement observations and
recommendations
and is consistent with the objectives for the engagement. Sufficient
information is
factual, adequate, and convincing so that a prudent, informed person
would reach
the same conclusions as the auditor. Reliable information is the best
information
attainable through the use of appropriate procedures (Inter. Std.
2310). The
controller’s assurance is relevant because it pertains to the cash
receipts. However,
it lacks reliability because it was not obtained from an independent
source.
Furthermore, the information is not sufficient because, by itself, it
does not
provide a reasonable basis for a conclusion.
[681] Gleim #: 7.8.68
In deciding whether recorded sales are valid, which of the following
items of
information is most reliable?
A. A copy of the customer’s purchase order.
A memorandum from the director of the shipping department stating
that another
employee verified the personal delivery of the merchandise to the
customer.
B.
C. Accounts receivable records showing cash collections from the
customer.
The shipping document, independent bill of lading, and the invoice
for the
merchandise.
D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 374
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The customer’s purchase order only proves
that the item was
requested, not sold.
Answer (B) is incorrect. This memorandum is an uncorroborated
statement.
Answer (C) is incorrect. A/R records showing cash collections from
the customer are
less direct than the shipping document and invoice and provide only
circumstantial
support regarding the validity of the sale.
Answer (D) is correct. Reliable information is the best information
attainable through
the use of appropriate engagement techniques (Inter. Std. 2310).
Information is
ordinarily more reliable if it is obtained from a source independent of
the client. The
shipping document and invoice provide direct information that the
sale was made, and
the bill of lading is externally generated documentation that the
merchandise was
shipped.
[682] Gleim #: 7.8.69
The chief audit executive is reviewing some of the basic concepts
inherent in the
performance of an engagement with three internal auditors who are
on a rotation
assignment. After 6 months in the internal audit activity, they will
move back to line
positions. Each of them has fairly extensive organizational
experience and is on a fast
track to a high-level management line position. To develop their
analytical decisionmaking
abilities, the CAE pulls some old engagement working papers,
holding back
the review notes and clearing comments. The CAE asks the team to
indicate the
informational criteria that are violated. During the planning stage of
an engagement,
the internal auditor made an on-site observation of the vehicle
maintenance
department and included the following statement in a memorandum
summary of the
results:
“We noted that several maintenance garages were deteriorating
badly. Fencing around
the property was in need of repair.”
Which of the following informational criteria, if any, is violated?
A. Sufficiency.
B. Reliability.
C. Relevance.
D. No criteria are violated.
Answer (A) is incorrect. The sufficiency criterion has not been
violated. Physical
observation by the internal auditor is sufficient to determine
deterioration and
need for repairs.
Answer (B) is incorrect. The reliability criterion has not been
violated. On-site
observation is an appropriate technique to determine deterioration
and needed
repairs.
Answer (C) is incorrect. The relevance criterion has not been
violated. The
information obtained by the internal auditor supports observations
about the
physical condition of the department.
Answer (D) is correct. The observations made about the vehicle
maintenance
department contain sufficient information (factual, adequate, and
convincing so
that a prudent, informed person would reach the same conclusions)
that is reliable
(the best attainable through the use of appropriate engagement
techniques) and
relevant (supports engagement observations and recommendations
and is
consistent with the objectives for the engagement) (Inter. Std. 2310).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 375
Printed for Sanja Knezevic
[683] Gleim #: 7.8.70
The chief audit executive is reviewing some of the basic concepts
inherent in the
performance of an engagement with three internal auditors who are
on a rotation
assignment. After 6 months in the internal audit activity, they will
move back to line
positions. Each of them has fairly extensive organizational
experience and is on a fast
track to a high-level management line position. To develop their
analytical decisionmaking
abilities, the CAE pulls some old engagement working papers,
holding back
the review notes and clearing comments. The CAE asks the team to
indicate the
informational criteria that are violated. The organization’s inventories
are under the
administration of three production managers. The internal auditors
perform a standard
limited test of finished goods inventory balances every year. During
this year’s
engagement concerning inventories, the internal auditors noted
finished goods
inventories were abnormally high, sales were consistent with prior
years, and returns
and allowances appeared normal. The internal auditors performed
the usual random
sample recount of several finished goods inventory cards without
discrepancy and then
extended the testing to include 10 raw materials and 10 work-inprocess cards, noting
no exceptions. The following statement was included in the
engagement working
papers:
“Our standard test of finished goods inventories revealed no
exceptions to the
inventory count. We extended our tests this year to include both raw
materials and
work-in-process without exception. At the time of our engagement,
the supervising
inventory managers were not available; however, the division
secretary indicated that
performance standards were on file. It appears that there is adequate
awareness and
understanding of the performance standards.”
Which of the following informational criteria is not violated?
A. Sufficiency.
B. Reliability.
C. Relevance.
D. All criteria are violated.
Answer (A) is incorrect. The criterion of sufficiency has been
violated.
Answer (B) is incorrect. The criterion of reliability has been violated.
Answer (C) is incorrect. The criterion of relevance has been
violated.
Answer (D) is correct. The conclusion violates the criteria of
sufficiency,
reliability, and relevance. The sufficiency criterion is violated because
recounting
several inventory items is insufficient given the abnormally high
inventory. The
reliability criterion is violated because the performance standard
information is
not the best attainable. The internal auditors should interview
inventory managers
to determine their awareness and understanding of the performance
standards. The
relevance criterion is violated because the information related to raw
materials and
work-in-process does not pertain to the finished goods inventory.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 376
Printed for Sanja Knezevic
fb.com/ciaaofficial
[684] Gleim #: 7.8.71
The chief audit executive is reviewing some of the basic concepts
inherent in the
performance of an engagement with three internal auditors who are
on a rotation
assignment. After 6 months in the internal audit activity, they will
move back to line
positions. Each of them has fairly extensive organizational
experience and is on a fast
track to a high-level management line position. To develop their
analytical decisionmaking
abilities, the CAE pulls some old engagement working papers,
holding back
the review notes and clearing comments. The CAE asks the team to
indicate the
informational criteria that are violated. The organization is required to
comply with
certain specific standards related to environmental issues. One of
these standards
requires that certain hazardous chemicals be placed in certified
containers for
shipment to a governmental disposal site. The container must bear
an inspection seal
signed within the last 90 days by a governmental inspector. Based on
the following
tests, the internal auditor concluded that the organization was in
compliance for the
engagement period:
Determine from each chemical loading supervisor that compliance
requirements
are understood.
I.
Inspect sealed containers for evidence II. of leakage.
III. Ask chemical loading personnel about procedures performed.
Which of the following informational criteria, if any, is violated?
A. Sufficiency.
B. Reliability.
C. Relevance.
D. No criteria are violated.
Answer (A) is correct. Sufficient information is factual, adequate,
and convincing
so that a prudent, informed person would reach the same
conclusions as the
internal auditor (Inter. Std. 2310). These tests are insufficient
because the internal
auditor did not determine that each container had an inspection seal
signed within
the last 90 days.
Answer (B) is incorrect. The information is reliable. It is the best
information
attainable through the use of appropriate engagement techniques.
Answer (C) is incorrect. The information is relevant. It supports
engagement
observations and recommendations and is consistent with the
objectives for the
engagement.
Answer (D) is incorrect. The sufficiency criterion was violated.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 377
Printed for Sanja Knezevic
[685] Gleim #: 7.8.72
The chief audit executive is reviewing some of the basic concepts
inherent in the
performance of an engagement with three internal auditors who are
on a rotation
assignment. After 6 months in the internal audit activity, they will
move back to line
positions. Each of them has fairly extensive organizational
experience and is on a fast
track to a high-level management line position. To develop their
analytical decisionmaking
abilities, the CAE pulls some old engagement working papers,
holding back
the review notes and clearing comments. The CAE asks the team to
indicate the
informational criteria that are violated. In an engagement to evaluate
the effectiveness
and validity of a subsidiary’s marketing expenditures, the internal
auditors identified
the following information:
Analytical comparisons of advertising expenditures and changes in
shopping
patterns and item sales
1.
Direct observation of various advertising 2. media used
3. Review of a marketing survey of general public reaction to the
marketing plan
Which of the following informational criteria, if any, is violated?
A. Sufficiency.
B. Reliability.
C. Relevance.
D. No criteria are violated.
Answer (A) is incorrect. The sufficiency criterion has not been
violated. The
analytical comparison, direct observation, and review of the market
survey
provide sufficient information about the effectiveness and validity of
expenditures.
Answer (B) is incorrect. The reliability criterion has not been
violated. Analysis,
observation, and review by the internal auditors are all methods of
obtaining
competent information.
Answer (C) is incorrect. The relevance criterion has not been
violated. The
analytical comparisons, direct observations, and review of the
marketing survey
are all types of information pertinent to the evaluation of the
marketing
expenditures.
Answer (D) is correct. The identified information is sufficient (factual,
adequate,
and convincing so that a prudent, informed person would reach the
same
conclusions), reliable (the best attainable through the use of
appropriate
engagement techniques), and relevant (supports engagement
observations and
recommendations and is consistent with the objectives for the
engagement)
(Inter. Std. 2310).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 378
Printed for Sanja Knezevic
fb.com/ciaaofficial
[686] Gleim #: 7.8.73
The chief audit executive is reviewing some of the basic concepts
inherent in the
performance of an engagement with three internal auditors who are
on a rotation
assignment. After 6 months in the internal audit activity, they will
move back to line
positions. Each of them has fairly extensive organizational
experience and is on a fast
track to a high-level management line position. To develop their
analytical decisionmaking
abilities, the CAE pulls some old engagement working papers,
holding back
the review notes and clearing comments. The CAE asks the team to
indicate the
informational criteria that are violated. In an engagement performed
at the
organization’s real estate development subsidiary, the engagement
objective was to
determine that capitalized land improvements had been assigned
equally to all
developed lots. The internal auditors identified the following
information:
Independent appraisals 1. of all lot values
2. Sales records for similar subdivision lots
3. An analysis of market values of each lot
Which of the following informational criteria, if any, are violated?
A. Sufficiency and relevance.
B. Reliability and sufficiency.
C. Relevance and reliability.
D. No criteria are violated.
Answer (A) is correct. The conclusion violates the criteria of
sufficiency and
relevance. The sufficiency criterion is violated because information
about cost
allocation is missing. The relevance criterion is violated because the
information
identified does not pertain to the objective.
Answer (B) is incorrect. The reliability criterion has not been
violated, although
the sufficiency criterion has been violated.
Answer (C) is incorrect. Although the relevance criterion has been
violated, the
reliability criterion has not been violated.
Answer (D) is incorrect. The sufficiency and relevance criteria have
been
violated.
[687] Gleim #: 7.8.74
Management is investigating the acquisition of an upgraded version
of the existing
client-server system to increase the system’s capacity. Management
has requested that
the internal auditor perform an operational engagement to determine
the efficiency of
the existing computer processing resource. What is the most relevant
source of
information to meet the engagement objective?
A. A survey of current user satisfaction.
A review of computer job log records, listings of scheduled jobs, and
computer
down-time.
B.
C. A comparison of server capacity with desktop computer capacity.
D. A detailed analysis of hard drive growth over the last 3 years.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 379
Printed for Sanja Knezevic
Answer (A) is incorrect. User satisfaction surveys are subjective and
are not directly
related to efficient use of the hardware resources.
Answer (B) is correct. Reviewing job logs, job schedules, and
documentation of
computer down-time provides an objective record of actual hardware
usage. The
internal auditor may also wish to consider such matters as
percentage usage of the
CPU by time of day, the number of online transactions per hour by
time of day,
average and peak response times by time of day, and average and
peak batch job
turnaround time by time of day.
Answer (C) is incorrect. This comparison does not address the
engagement objective.
Answer (D) is incorrect. The growth of hard drive use only
addresses a portion of the
engagement objective.
[688] Gleim #: 7.8.75
In testing the write-off of a deteriorated piece of equipment, the best
information about
the condition of the equipment is
The equipment manager’s statement regarding A. condition.
B. Accounting records showing maintenance and repair costs.
C. A physical inspection of the actual piece of equipment.
D. The production department’s equipment downtime report.
Answer (A) is incorrect. The equipment manager’s statement
regarding
condition, standing alone, is not conclusive.
Answer (B) is incorrect. Accounting records are less persuasive
than the internal
auditor’s direct observation.
Answer (C) is correct. The most reliable form of engagement
information is that
obtained through the internal auditor’s direct experience. Thus, a
physical
inspection provides the best information about the current condition
of equipment.
Answer (D) is incorrect. Internal reports are less persuasive than the
internal
auditor’s direct observation.
[689] Gleim #: 7.8.76
The most reliable information an internal auditor can assess when
determining an
organization’s legal title to inventories is
A. Monthly gross profit and inventory levels.
B. Purchase orders.
C. Paid vendor invoices.
D. Records of inventories stored at off-site locations.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 380
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Although informative, monthly gross profit
and inventory
levels have no bearing on legal ownership.
Answer (B) is incorrect. Purchase orders represent a commitment to
purchase, not
legal ownership.
Answer (C) is correct. Mere possession of inventory does not signify
that another
party does not have a claim to it. For example, the inventory may be
held on
consignment. Payment of vendor invoices is the culmination of the
purchases-payables
cycle. The paid invoice evidences the purchaser’s ownership of the
inventory.
Answer (D) is incorrect. Records of inventories stored at off-site
locations verify the
existence of the inventory, not legal ownership.
[690] Gleim #: 7.9.77
During interviews with the inventory management personnel, an
internal auditor
learned that salespersons often order inventory for stock without
receiving the
approval of the vice president of sales. Also, detail testing showed
that there are no
written approvals on purchase orders for replacement parts. The
results of detail
testing are a good example of
Indirect A. information.
B. Circumstantial information.
C. Corroborative information.
D. Subjective information.
Answer (A) is incorrect. Detail testing provides direct information
that the
approvals were not received. Indirect information establishes
immediately related
facts from which the main fact may be inferred.
Answer (B) is incorrect. Circumstantial information tends to prove a
fact by
proving other events or circumstances that afford a basis for a
reasonable
inference of the occurrence of the fact. Thus, it is also indirect
information.
Answer (C) is correct. Corroborative information is evidence from a
different
source that supplements and confirms other information. For
example, oral
testimony that a certain procedure was not performed may be
corroborated by the
absence of documentation.
Answer (D) is incorrect. Subjective information is opinion-oriented
and is not
dependable for reaching engagement conclusions. No subjective
information is
present in this situation.
[691] Gleim #: 7.9.78
A letter to the internal auditor in response to an inquiry is an example
of which type of
information?
A. Physical.
B. Testimonial.
C. Documentary.
D. Analytical.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 381
Printed for Sanja Knezevic
Answer (A) is incorrect. Physical information results from the
verification of the
actual existence of something by observation, inspection, or count.
Answer (B) is correct. Information may consist of authoritative
documentation,
calculations by the internal auditor, internal control, interrelationships
among the data,
physical existence, subsequent events, subsidiary records, and
testimony by the
engagement client and third parties. Oral or written statements (e.g.,
letters to the
internal auditor) derived from inquiries or interviews are testimonial
information.
Answer (C) is incorrect. Documentary information exists in some
permanent form,
such as checks, invoices, shipping records, receiving reports, and
purchase orders. It
includes both external information, e.g., bills of lading received by the
engagement
client from common carriers, and documents originating within the
engagement
client’s organization.
Answer (D) is incorrect. Analytical information is derived from the
study and
comparison of relationships among data.
[692] Gleim #: 7.9.79
The chief audit executive is reviewing the working papers produced
by an internal
auditor during a fraud investigation. Among the items contained in
the working papers
is a description of an item of physical information. Which of the
following is the most
probable source of this item of information?
Observing A. conditions.
B. Interviewing people.
C. Examining records.
D. Computing variances.
Answer (A) is correct. Physical information results from the
verification of the
actual existence of things, activities, or individuals by observation,
inspection, or
count. It may take the form of photographs, maps, charts, or other
depictions.
Answer (B) is incorrect. Interviewing produces testimonial
information.
Answer (C) is incorrect. The examination of records requires
documentary
information and produces analytical information.
Answer (D) is incorrect. Computations and verifications lead to
analytical
information.
[693] Gleim #: 7.9.80
An internal auditor takes a photograph of the engagement client’s
workplace. The
photograph is a form of what kind of information?
A. Physical.
B. Testimonial.
C. Documentary.
D. Analytical.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 382
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is correct. Physical information results from the
verification of the actual
existence of things, activities, or individuals by observation,
inspection, or count. It
may take the form of photographs, maps, charts, or other depictions.
Answer (B) is incorrect. Testimonial information consists of oral or
written
statements derived from inquiries or interviews.
Answer (C) is incorrect. Documentary information consists of letters,
memoranda,
invoices, shipping and receiving reports, etc.
Answer (D) is incorrect. Analytical information is derived from a
study and
comparison of the relationships among data.
[694] Gleim #: 7.9.81
Which of the following is an example of documentary information?
A photograph of an engagement A. client’s workplace.
B. A letter from a former employee alleging a fraud.
A page of the general ledger containing irregularities placed there by
the
perpetrator of a fraud.
C.
A page of the internal auditor’s working papers containing the
computations that
demonstrate the existence of an error or irregularity.
D.
Answer (A) is incorrect. Photographic information is physical.
Answer (B) is incorrect. Statements received in response to
inquiries or
interviews are testimonial.
Answer (C) is correct. Documentary information exists in some
permanent form,
such as checks, invoices, shipping records, receiving reports, and
purchase orders.
It includes both external information, e.g., shipping documents
provided by
carriers, and documents originating within the engagement client’s
organization.
Answer (D) is incorrect. The study and comparison of relationships
among data
results in analytical information.
[695] Gleim #: 7.9.82
The internal auditor for a construction contractor finds materials costs
increasing as a
percentage of billings and suspects that materials billed to the
organization are being
delivered to another contractor. What type of information will best
enable the internal
auditor to determine whether erroneous billings occurred?
A. Documentary.
B. Physical examination.
C. Confirmation.
D. Analytical.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 383
Printed for Sanja Knezevic
Answer (A) is correct. Documentary information exists in some
permanent form, such
as checks, invoices, shipping records, receiving reports, and
purchase orders. It
includes both external information, e.g., shipping documents
provided by carriers, and
documents originating within the engagement client’s organization.
By matching
invoices received from vendors with receiving documents prepared
by organizational
personnel, the nonreceipt of items billed to the organization can be
detected. Also, the
invoices received may well indicate that delivery was made to an
address other than
the organization’s storage area or a construction site.
Answer (B) is incorrect. Physical examination is not usually
possible. The materials
will not be available at the organization’s premises.
Answer (C) is incorrect. Testimonial information obtained through
confirmation is
unlikely to be helpful. The supplier will confirm shipment of goods
and the amount of
the invoice but will not report the delivery address.
Answer (D) is incorrect. Analytical procedures are not likely to be
effective unless
budgets were very carefully developed, all conditions remained
virtually constant, and
the amounts were relatively large.
[696] Gleim #: 7.9.83
During an engagement to review the personnel function, an internal
auditor notes that
there are several employee benefit programs and that participation in
some of the
programs is optional. Which of the following is the best information
for assessing the
acceptability of various benefit programs to employees?
Discuss satisfaction levels with program A. participants.
B. Evaluate program participation ratios and their trends.
C. Discuss satisfaction levels with the director of personnel.
D. Evaluate methods used to make employees aware of available
program options.
Answer (A) is incorrect. Responses from participants, by definition,
do not
include testimony by nonparticipants.
Answer (B) is correct. Analytical information obtained by determining
employee
participation in optional programs is the most persuasive. Actual
participation
requires an affirmative act that strongly suggests a positive employee
evaluation
of a program.
Answer (C) is incorrect. Employee participation ratios are more
persuasive than
the personnel director’s testimony about employee satisfaction.
Answer (D) is incorrect. The effectiveness of the means of
communicating
information about the programs is not relevant to employee
satisfaction.
[697] Gleim #: 7.9.84
In an engagement to review travel expenses, the internal auditor
calculates average
expenses per day traveled for all sales personnel and then examines
detailed receipts
for those with high averages. These procedures represent the
identification of which
types of information?
A. Documentary and physical.
B. Analytical and physical.
C. Documentary and analytical.
D. Physical and testimonial.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 384
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. The information is documentary but not
physical.
Answer (B) is incorrect. The information is analytical but not
physical.
Answer (C) is correct. Documentary information includes accounting
records,
outgoing correspondence, receiving reports, etc. Analytical
information results from
analysis and verification and includes computations and
comparisons. The travel
expense receipts are documentary information. The calculations of
average travel
expenses are analytical information.
Answer (D) is incorrect. The information is neither physical nor
testimonial.
[698] Gleim #: 7.9.85
An internal auditor arrived at the conclusion that the segregation of
duties in the
counting and recording of cash receipts was adequate. What type of
information is
this?
A. Analytical.
B. Documentary.
C. Physical.
D. Testimonial.
Answer (A) is correct. Analytical information is drawn from the
consideration of
the interrelationships among data or, in the case of the control, the
particular
policies and procedures of which it is composed. Analysis produces
circumstantial
information in the form of inferences or conclusions based on
examining the
components as a whole for consistencies, inconsistencies, causeand-effect
relationships, relevant and irrelevant items, etc.
Answer (B) is incorrect. Documentary information exists in some
permanent
form, such as checks, invoices, shipping records, receiving reports,
and purchase
orders.
Answer (C) is incorrect. Physical information consists of the internal
auditor’s
direct observation and inspection, e.g., of the counting of inventory.
Answer (D) is incorrect. Testimonial information is provided by the
statements of
engagement client personnel and others.
[699] Gleim #: 7.9.86
When evaluating the propriety of a payment to a consultant, the most
appropriate
information for the internal auditor to obtain and review is
A. Oral information in the form of opinions of operating management.
B. Documentary information in the form of a contract.
Analytical information in the form of comparisons with prior years’
expenditures
on consultants.
C.
D. Physical information in the form of the consultant’s report.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 385
Printed for Sanja Knezevic
Answer (A) is incorrect. Oral information tends to be less reliable
than information in
some permanent form.
Answer (B) is correct. A contract is a document that formalizes an
agreement between
the parties. It provides persuasive information that the payment was
properly
authorized.
Answer (C) is incorrect. Comparisons with prior years’ payments
may be invalid if
circumstances have changed.
Answer (D) is incorrect. The report indicates that some work was
done but not that
the payment was authorized or in the appropriate amount.
[700] Gleim #: 7.9.87
The most reliable forms of documentary evidence are those
documents that are
A. Prenumbered.
B. Internally generated.
C. Easily duplicated.
D. Authorized by a responsible official.
Answer (A) is incorrect. The use of prenumbered and sequentially
issued
documents is an effective control, but such documents may be
accessible to an
employee who is perpetrating fraud.
Answer (B) is incorrect. Internally generated documents are not the
most reliable
among the choices.
Answer (C) is incorrect. Ease of duplication would tend to reduce
rather than
increase reliability of a document.
Answer (D) is correct. Externally generated documents are deemed
to be more
reliable than those produced by the auditee. However, the
evidentiary value of the
latter is enhanced if they are subject to effective control. Accordingly,
authorization by an appropriate party lends credibility to a document
because it
increases the probability that the underlying transaction is valid.
[701] Gleim #: 7.9.88
The most likely source of information indicating employee theft of
inventory is
A. Physical inspection of the condition of inventory items on hand.
B. A warehouse employee’s verbal charge of theft.
C. Differences between an inventory count and perpetual inventory
records.
D. Accounts payable transactions vouched to inventory receiving
reports.
Answer (A) is incorrect. Physical inspection of items on hand does
not disclose
shortages or indicate theft.
Answer (B) is correct. Testimonial information may not be conclusive
and should
be supported by other forms of information whenever possible.
However, it may
provide a lead not indicated by other procedures.
Answer (C) is incorrect. Differences between inventory counts and
perpetual
records are normal and, by themselves, do not indicate theft.
Answer (D) is incorrect. Vouching transactions from accounts
payable to
receiving reports provides no information about a shortage or theft
arising after
receipt of the goods.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 386
Printed for Sanja Knezevic
fb.com/ciaaofficial
[702] Gleim #: 7.10.89
To verify the proper value of costs charged to real property records
for improvements
to the property, the best source of information is
Inspection by the internal auditor of real property A. improvements.
A letter signed by the real property manager asserting the propriety
of costs
incurred.
B.
C. Original invoices supporting entries into the accounting records.
D. Comparison of billed amounts with contract estimates.
Answer (A) is incorrect. An inspection confirms that the
improvements were
made, not their cost.
Answer (B) is incorrect. Records or documents generated internally
are less
reliable than those produced externally.
Answer (C) is correct. To verify real property costs, the best method
of obtaining
engagement information is to examine records. Records originating
outside the
engagement client, such as original invoices, are much more reliable
than internal
documents or engagement client testimony. Also, these invoices
support actual
accounting record entries.
Answer (D) is incorrect. A comparison of billed amounts with
contract estimates
measures the reasonableness of costs but is less persuasive than
original invoices
supporting entries into the accounting records.
[703] Gleim #: 7.10.90
Ordinarily, what source of information should most affect the internal
auditor’s
conclusions?
A. External.
B. Inquiry.
C. Oral.
D. Informal.
Answer (A) is correct. External information is ordinarily more reliable
than the
other types of information listed because it is generated from sources
independent
of the engagement client. The internal auditor should select the
strongest
information available to support engagement observations,
conclusions, and
recommendations.
Answer (B) is incorrect. Information derived from inquiries is
ordinarily less
reliable than external information.
Answer (C) is incorrect. Oral information is ordinarily less reliable
than external
information.
Answer (D) is incorrect. Informal information is ordinarily less
reliable than
external information.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 387
Printed for Sanja Knezevic
[704] Gleim #: 7.10.91
An internal auditor’s objective is to determine the cause of inventory
shortages shown
by the physical inventories taken by an independent service
organization that used
some engagement client personnel. The internal auditor addresses
this objective by
reviewing the count sheets, inventory printouts, and memos from the
last inventory.
The source of information and the sufficiency of this information are
Internal A. and not sufficient.
B. External and sufficient.
C. Both external and internal and sufficient.
D. Both external and internal and not sufficient.
Answer (A) is incorrect. The information is also external.
Answer (B) is incorrect. The information is also internal and not
sufficient.
Answer (C) is incorrect. The information is not sufficient to
determine the cause.
Answer (D) is correct. The organization employs an external
inventory service
and internal personnel for data entry and balancing, so the sources
of information
are both external and internal. However, the information is not
sufficient to
determine the cause of the shortages. Sufficient information is
factual, adequate,
and convincing so that a prudent, informed person would reach the
same
conclusions as the internal auditor (Inter. Std. 2310). The documents
reviewed
will not reveal the cause of the shortages.
[705] Gleim #: 7.10.92
During an investigation of unexplained inventory shrinkage, an
internal auditor is
testing inventory additions as recorded in the perpetual inventory
records. Because of
internal control weaknesses, the information recorded on receiving
reports may not be
reliable. Under these circumstances, which of the following
documents provides the
best information about additions to inventory?
A. Purchase orders.
B. Purchase requisitions.
C. Vendors’ invoices.
D. Vendors’ statements.
Answer (A) is incorrect. The quantity ordered may not equal the
quantity shipped
by the vendor.
Answer (B) is incorrect. The quantity requested in a purchase
requisition may not
equal the quantity shipped by the vendor as a result of modification
by the
purchasing department or vendor stockouts.
Answer (C) is correct. The vendors’ invoice confirms that the proper
amount due
has been recorded. A vendor’s invoices provide the best source of
information
about additions to inventory. Vendors’ invoices provide an external
source of
information regarding shipments to the engagement client. These
amounts should
be equal to quantities added to inventory (after possible adjustment
for items
returned to the vendor because of damage, etc.).
Answer (D) is incorrect. Vendors’ statements normally list only the
invoice
number, date, and total. They do not list invoice detail such as
quantities shipped.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 388
Printed for Sanja Knezevic
fb.com/ciaaofficial
[706] Gleim #: 7.10.93
In engagement planning, internal auditors should review all relevant
information.
Which of the following sources of information would most likely help
identify
suspected violations of environmental regulations?
Discussions with operating A. executives.
B. Review of trade publications.
C. Review of correspondence the entity has conducted with
governmental agencies.
Discussions conducted with the external auditors in coordinating
engagement
efforts.
D.
Answer (A) is incorrect. Operating management is a possibly biased
source.
Answer (B) is incorrect. This source is not sufficiently specific.
Answer (C) is correct. Correspondence from regulators is likely to be
a valid and
relevant source of information about environmental violations. This
externally
generated documentation and the engagement client’s responses
thereto may
indicate a significant loss exposure for the engagement client.
Answer (D) is incorrect. External auditors do not have ready access
to the needed
information.
[707] Gleim #: 7.10.94
The most conclusive information to support supplier account
balances is obtained by
A. Reviewing the vendor statements obtained from the accounts
payable clerk.
B. Obtaining confirmations of balances from the suppliers.
C. Performing analytical account analysis.
Interviewing the accounts payable manager to determine the internal
controls
maintained over accounts payable processing.
D.
Answer (A) is incorrect. Vendor statements obtained from the
accounts payable
clerk may be inaccurate, purposely misstated, or prepared for
nonexisting vendors.
Answer (B) is correct. Confirmation has the advantage of obtaining
information
from sources external to the entity. Information from external sources
provides
greater assurances of reliability than information from sources within
the entity.
Answer (C) is incorrect. Analytical account analysis is effective for
identifying
circumstances that require additional consideration.
Answer (D) is incorrect. Interviewing an employee provides oral, or
testimonial,
information, which is inherently less reliable than information
obtained from
independent sources.
[708] Gleim #: 7.10.95
A set of engagement working papers contained a copy of a
document providing
information that an expensive item that had been special-ordered
was actually on hand
on a particular date. The most likely source of this information is a
printout from a
computerized
A. Purchases journal.
B. Cash payments journal.
C. Perpetual inventory file.
D. Receiving report file.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 389
Printed for Sanja Knezevic
Answer (A) is incorrect. The purchases journal indicates when the
item was ordered
but not whether it was still on hand at a specific later date.
Answer (B) is incorrect. The cash payments journal indicates when
the item was paid
for but not whether it was still on hand at a specific later date.
Answer (C) is correct. In a perpetual inventory system, purchases
are directly recorded
in the inventory account, and cost of goods sold is determined as the
goods are sold. A
computerized perpetual inventory file has a record of each debit or
credit transaction
with its date, amount, etc., and the inventory balance for any given
date could therefore
be determined.
Answer (D) is incorrect. The receiving report indicates when the
item was received
but not whether it was still on hand at a specific later date.
[709] Gleim #: 7.11.96
Which of the following techniques is most likely to result in sufficient
information
with regard to an engagement to review the quantity of fixed assets
on hand in a
particular department?
Physical A. observation.
B. Analytical review of purchase requests and subsequent invoices.
C. Interviews with department management.
D. Examination of the account balances contained in general and
subsidiary ledgers.
Answer (A) is correct. First-hand observation by the auditor is more
persuasive
than analytical reviews performed, client-prepared records examined
by the
auditor, or interviews with client personnel.
Answer (B) is incorrect. Items purchased may no longer be present
in the
department being reviewed, even though they were originally
purchased for that
department.
Answer (C) is incorrect. Interviews are useful in gaining insight into
operations
and understanding exceptions but are not sufficient.
Answer (D) is incorrect. Ledger balances may not indicate whether
assets have
been moved or stolen.
[710] Gleim #: 7.11.97
Which of the following types of tests is the most persuasive if an
internal auditor
wants assurance of the existence of inventory stored in a
warehouse?
Examining the shipping documents that support recorded transfers to
and from the
warehouse.
A.
B. Obtaining written confirmation from management.
C. Physically observing the inventory in the warehouse.
D. Examining warehouse receipts contained in the engagement
client’s records.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 390
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. Shipping documents are not as reliable as
personal
knowledge.
Answer (B) is incorrect. Testimonial information is not as reliable as
personal
knowledge.
Answer (C) is correct. Direct knowledge obtained through the
internal auditor’s
physical observation is the most reliable information about the
existence of the
inventory.
Answer (D) is incorrect. Warehouse receipts are not as reliable as
personal
knowledge.
[711] Gleim #: 7.11.98
Documents provide information with differing degrees of
persuasiveness. If the
engagement objective is to obtain information that payment has
actually been made for
a specific invoice from a vendor, which of the following documents
ordinarily is the
most persuasive?
An entry in the engagement client’s cash disbursements journal
supported by a
voucher package containing the vendor’s invoice.
A.
A canceled check, made out to the vendor and referenced to the
invoice, included
in a cutoff bank statement that the internal auditor received directly
from the bank.
B.
An accounts payable subsidiary ledger that shows payment C. of the
invoice.
D. A vendor’s original invoice stamped “PAID” and referenced to a
check number.
Answer (A) is incorrect. The engagement client either has initiated
or had an
opportunity to alter the voucher and the invoice.
Answer (B) is correct. A canceled check included in a cutoff bank
statement
received directly from the bank provides external as well as internal
documentary
information. The information was generated internally but passed
through
outsiders who confirmed it (honored the check) before sending it
directly to the
internal auditor. Such information is very persuasive.
Answer (C) is incorrect. Internal information is less persuasive than
external
information.
Answer (D) is incorrect. The invoice is external information of debt
but not of
payment. The information concerning payment is internal and not
persuasive. A
reference to a check is not as reliable as the check itself.
[712] Gleim #: 7.11.99
An internal auditor at a savings and loan association concludes that
a secured real
estate loan is collectible. Which of the following engagement
procedures provides the
most persuasive information about the loan’s collectibility?
A. Confirming the loan balance with the borrower.
B. Reviewing the loan file for proper authorization by the credit
committee.
C. Examining documentation of a recent, independent appraisal of
the real estate.
D. Examining the loan application for appropriate borrowers’
signatures.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 391
Printed for Sanja Knezevic
Answer (A) is incorrect. A confirmation provides information about a
loan’s
existence, not its collectibility.
Answer (B) is incorrect. Information about the loan’s authorization is
not relevant to
its collectibility.
Answer (C) is correct. Real estate appraisals are based on
estimated resale value or
future cash flows. A recent, independent appraisal provides
information about the
borrower’s ability to repay the loan. Such an appraisal tends to be
reasonably reliable
because it is timely and derives from an expert source independent
of the engagement
client.
Answer (D) is incorrect. The validity of the loan is not relevant to the
borrower’s
ability to repay the loan.
[713] Gleim #: 7.11.100
The most persuasive information regarding the asset value of newly
acquired
computers is
Inquiry A. of management.
B. Observation of engagement client’s procedures.
C. Physical examination.
D. Documentation prepared externally.
Answer (A) is incorrect. An unsubstantiated response to an inquiry
of
management ordinarily yields the least persuasive information.
Answer (B) is incorrect. Observation of procedures for acquisition
would not be
as persuasive as documents showing the cost of the asset.
Answer (C) is incorrect. Physical examination of the asset reveals
only limited
information as to the asset’s value.
Answer (D) is correct. Information is considered more or less
persuasive
depending on how much control the engagement client has over it.
The most
persuasive information relevant to the valuation assertion is
documentation that is
prepared externally.
[714] Gleim #: 7.11.101
The most persuasive information about the existence of newly
acquired computers for
the sales department is
A. Inquiry of management.
B. Observation of engagement client’s procedures.
C. Physical examination.
D. Documentation prepared externally.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 392
Printed for Sanja Knezevic
fb.com/ciaaofficial
Answer (A) is incorrect. An unsubstantiated response to an inquiry
of management is
usually considered the least persuasive information.
Answer (B) is incorrect. Observation of procedures for acquisition
would not be as
persuasive as examination of the asset.
Answer (C) is correct. Information is considered more or less
persuasive depending
on the engagement client’s degree of control. The following is a
hierarchy from most
persuasive to least persuasive: internal auditor’s examination and
observation,
externally developed information, internally developed information,
and oral
information from the client. Thus, the most persuasive information
about the existence
assertion for a new asset is physical examination.
Answer (D) is incorrect. Documentation is less relevant to the
existence assertion than
physical examination.
[715] Gleim #: 7.11.102
Which of the following represents the general order of
persuasiveness, from most to
least, for the types of information listed below?
Inquiry I. of management
II. Observation of engagement client’s procedures
III. Physical examination
IV. Documentation prepared externally
A. III, II, IV, I.
B. IV, I, II, III.
C. II, IV, I, III.
D. IV, III, I, II.
Answer (A) is correct. An auditor’s physical examination provides
the most
persuasive form of evidence. First-hand observation by the auditor of
client
personnel performing procedures is the next most persuasive.
Information
originating from a third party is less persuasive than information
personally
gathered by the auditor but more persuasive than information
originating with the
client. Oral information from the client is the least convincing.
Answer (B) is incorrect. The internal auditor’s physical examination
(III) and
observation (II) are more persuasive than externally developed
information (IV).
Answer (C) is incorrect. The internal auditor’s physical examination
(III) is the
most persuasive evidence of all.
Answer (D) is incorrect. The internal auditor’s observation (II) is
more persuasive
than both externally developed information (IV) and inquiry of
management (I).
[716] Gleim #: 7.11.103
The internal auditor wants to understand the actual flow of data
regarding cash
processing. The most convincing information is obtained by
A. Reviewing the systems flowchart.
Performing a walk-through of the processing and obtaining copies of
all
documents used.
B.
Reviewing the programming flowchart for information about control
procedures
placed into the computer programs.
C.
D. Interviewing the treasurer.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 393
Printed for Sanja Knezevic
Answer (A) is incorrect. The systems flowchart might not indicate
how processing
may have evolved over time.
Answer (B) is correct. The physical inspection of an engagement
client’s facilities,
records, and processing steps is the most persuasive information.
The internal auditor
reviews actual documents and determines what personnel actually
do with them.
Answer (C) is incorrect. The program flowchart excludes manual
processing steps.
Answer (D) is incorrect. The treasurer may not know how the
specific clerical
processing may have changed. Furthermore, the treasurer may have
reason not to
describe processing accurately.
[717] Gleim #: 7.11.104
The internal auditor is concerned with the overall valuation of
inventory. Rank the
following sources of engagement information from most persuasive
to least persuasive
in addressing the assertion as to the valuation of inventory.
Calculate inventory turnover by I. individual product.
Assess the net realizability of all inventory items with a turnover ratio
of 2.0 or
less by interviewing the marketing manager as to the marketability of
the product.
II.
Calculate the net realizable value (NRV) of all inventory products
(using software
to calculate NRV based on the last selling price) and compare NRV
with cost.
III.
Take a statistical sample of inventory and examine the latest
purchase documents
(invoices and receiving slips) to calculate inventory cost.
IV.
A. I, II, III, IV.
B. I, IV, II, III.
C. IV, I, III, II.
D. II, III, IV, I.
Answer (A) is incorrect. The proper order is IV, I, III, II.
Answer (B) is incorrect. The proper order is IV, I, III, II.
Answer (C) is correct. Sampling inventory and examining purchase
documents
are procedures that provide the most persuasive information in
establishing cost,
which is the basis of determining the valuation of inventory. They rely
on the
internal auditor’s own observations and on inspection of documents
from external
sources. The next most persuasive information is derived from the
internal
auditor’s analytical procedures. A change in inventory turnover or a
very low level
of inventory turnover indicates potential obsolescence of inventory
and the need
for the internal auditor to perform additional procedures, e.g.,
examining
subsequent sales to determine whether inventory should be written
down.
Calculation of net realizable value may indicate a valuation problem.
The
difficulty with this procedure is that the last sales price may not be
appropriate.
The marketing manager’s opinion about marketability is the least
persuasive
information. It is a form of testimonial information from an individual
who may
have a vested interest in persuading the internal auditor that the
goods will be sold
at their normal prices in the normal course of business. In addition,
the arbitrary
cutoff value of 2.0 may not be justified. The cutoff should be based
on the nature
of the client’s inventory.
Answer (D) is incorrect. The proper order is IV, I, III, II.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 394
Printed for Sanja Knezevic
fb.com/ciaaofficial
[718] Gleim #: 7.11.105
Which of the following are least valuable in predicting the amount of
uncollectible
accounts for an organization?
Published economic indices indicating a general A. business
downturn.
Dollar amounts of accounts actually written off by the organization for
each of the
past 6 months.
B.
C. Total monthly sales for each of the past 6 months.
Written forecasts from the credit manager regarding expected future
cash
collections.
D.
Answer (A) is incorrect. Although these statistics might not be quite
as relevant
as some of the other data, they are reliable, having been compiled
and published
by an independent source.
Answer (B) is incorrect. The dollar amounts of write-offs are relevant
and
reliable, representing the actual experience of the organization.
Answer (C) is incorrect. These amounts include cash as well as
credit sales. Thus,
the inclusion of cash sales reduces the relevance of these data.
However, prior
sales also represent the actual experience of the organization and
therefore have a
high degree of reliability.
Answer (D) is correct. Written forecasts from the credit manager
may be relevant
and useful, but they cannot be considered sufficient or reliable.
Opinion evidence
does not have as much reliability as factual evidence. In addition, the
source of the
evidence may have a bias, which should be considered by the
internal auditor
when evaluating the reliability of this data.
[719] Gleim #: 7.11.106
Which of the following examples of audit evidence is the most
persuasive?
A. Real estate deeds that were properly recorded with a government
agency.
B. Canceled checks written by the treasurer and returned from a
bank.
C. Time cards for employees that are stored by a manager.
D. Vendor invoices filed by the accounting department.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 395
Printed for Sanja Knezevic
Answer (A) is correct. Real estate deeds recorded in public records
are documentary
information generated by external parties. They are not processed by
the engagement
client. Accordingly, this purely external evidence is more persuasive
than information
originating with, or processed by, the engagement client.
Answer (B) is incorrect. Canceled checks written by the treasurer
and returned from a
bank constitute internal-external information. Such information
originates with the
engagement client but is processed externally. Because the bank’s
acceptance of
checks provides some confirmation of their validity, they are more
reliable than purely
internal evidence.
Answer (C) is incorrect. Time cards for employees that are stored by
a manager are
considered internal information. They are generated by, and remain
with, the
engagement client. Purely internal information is less reliable than
information from
external sources.
Answer (D) is incorrect. Vendor invoices filed by the accounting
department are
considered external-internal information. Although the invoices were
created
externally, they are subsequently processed by the engagement
client. Thus, they are
more reliable than purely internal information but less reliable than
purely external
information.
[720] Gleim #: 7.11.107
One objective of an internal auditing engagement involving the
receiving function is to
determine whether receiving clerks independently count incoming
supplies before
completing the quantity received section of the receiving report.
Which of the
following is the most persuasive information supporting the assertion
that the counts
are made?
The receiving section supervisor’s assurance, based on personal
observation, that
the counts are made.
A.
A receiving clerk’s initials on all receiving reports attesting that the
count was
made.
B.
Assurance, from the warehouse supervisor, that the accuracy of the
perpetual
inventory is the result of the reliability of the entries in the quantity
received
section.
C.
Periodic observations by the internal auditor over the course D. of
the engagement.
Answer (A) is incorrect. Testimonial information is not as reliable as
the internal
auditor’s direct personal observation.
Answer (B) is incorrect. Testimonial information is not as reliable as
the internal
auditor’s direct personal observation.
Answer (C) is incorrect. Testimonial information is not as reliable as
the internal
auditor’s direct personal observation.
Answer (D) is correct. An internal auditor’s presumption about the
validity of
information is that the internal auditor’s direct personal knowledge,
obtained
through physical examination, observation, computation, and
inspection is more
persuasive than information obtained indirectly.
Related documents
ElectronConfiggraphicOrganizer2022
ElectronConfiggraphicOrganizer2022
The 17th edition Gleim TEXTBOOK The 17th edition Gleim
The 17th edition Gleim TEXTBOOK The 17th edition Gleim
UNIVERSITY OF SASKATCHEWAN S
UNIVERSITY OF SASKATCHEWAN S
Used to - English II Practice Lesson
Used to - English II Practice Lesson
amiti:: cia
amiti:: cia
Download
advertisement