Flashcards CIA Part 2

FLASHCARDS IN COMMUNICATE ENGAGEMENT RESULTS DECK (27):
1
The internal auditing department for a chain of retail stores recently concluded
an audit of sales adjustments in all stores in the southeast region. The audit
revealed that several stores are costing the company an estimated $85,000
per quarter in duplicate credits to customers’ charge accounts.
The audit report, published eight weeks after the audit was concluded,
included the internal auditors’ recommendations to store management that
should prevent duplicate credits to customers’ accounts. Which of the
following standards for reporting has been disregarded in the above case?
The auditors should have implemented appropriate corrective action as soon
as the duplicate credits were discovered.
Auditor recommendations should not be included in the report.
The report was not timely.
The follow-up actions were not adequate.
The report was not timely.
2
An internal auditing department is conducting an audit of the payroll and
accounts receivable departments. Significant problems related to the approval
of overtime have been noted. While the audit is still in process, which of the
following audit reports is appropriate?
A summary report.
An oral report.
A questionnaire-type report.
A written report.
An oral report.
3
Audit fieldwork has identified a number of significant findings. Additional audit
tests from the original audit program still have to be performed; however, data
are not readily available. Evaluate the following and select the best
alternative.
Issue an interim report to management regarding the negative findings noted.
Perform audit tests when the final data is available.
Identify other alternative tests to complete prior to reporting the audit findings.
Do not issue the audit report until all testing has been completed.
Issue an interim report to management regarding the negative findings noted.
4
Which one of the following elements of an audit report is not always required?
An evaluation of the impact of the findings on the activities reviewed.
A statement that identifies the audited activities.
A statement that describes the audit objectives.
Pertinent statements of fact.
An evaluation of the impact of the findings on the activities reviewed.
5
An excerpt from an audit finding indicates that travel advances exceeded
prescribed maximum amounts. Company policy provides travel funds to
authorized employees for travel. Advances are not to exceed 45 days of
anticipated expenses. Company procedures do not require justification for
large travel advances. Employees can and do accumulate large, unneeded
advances.
In the above audit finding, the element of an audit finding known as condition
is:
Employees accumulate large unneeded advances.
Advances are not to exceed estimated expenses for 45 days.
Travel advances exceeded prescribed maximum amounts.
Procedures do not require justification for large advances.
Travel advances exceeded prescribed maximum amounts.
6
Summary written audit reports are generally intended for:
Local operating management.
Midlevel staff management.
High-level management and/or the audit committee.
Review by other auditors only.
High-level management and/or the audit committee.
7
During an audit of sales representatives? travel expenses, it was discovered
that 152 of 200 travel advances issued to sales representatives in the past
year exceeded the prescribed maximum amount allowed. Which of the
following statements is a justifiable audit opinion?
76% of all travel advances exceed the management-prescribed maximum.
The majority of travel advances in the organization exceed the prescribed
maximum.
The prescribed maximum travel advance is too low.
Travel advances are not controlled in accordance with existing policy.
Travel advances are not controlled in accordance with existing policy.
8
Which of the following is a proper element in an audit results section of a
report?
Personnel used.
Status of findings from prior reports.
Engagement plan.
Significance of deficiencies.
Significance of deficiencies.
9
A company recently experienced a substantially reduced net profit from sales
of product line A. Line A is produced in a dedicated machine shop. The
internal auditors have been assigned the task of determining the cause of the
reduced net profit. The in-charge auditor should, as a first step:
Compare production records with cost standards.
Test material vouchers for validity.
Evaluate the elements of cost and compare to prior periods.
Analyze scrap and surplus records.
Evaluate the elements of cost and compare to prior periods.
10
Providing useful and timely information and promoting improvements in
operations are goals of internal auditors. To accomplish this in their reports,
auditors should:
Provide top management with reports that emphasize the operational details
of defective conditions.
Provide information in written form before it is discussed with the auditee.
Provide reports that meet the expectations and perceptions of both
operational and top management.
Provide operating management with reports that emphasize general concerns
and risks.
Provide reports that meet the expectations and perceptions of both

operational and top management.
11
Certain information may not be appropriate for disclosure to all report
recipients because it is privileged, proprietary, or related to improper or illegal
acts. If conditions being reported involve improper acts of a senior manager,
the report should be distributed to:
The external auditor.
The stockholders.
The board of directors.
Senior management.
12
The scope statement of an audit report should:
Identify the audited activities and describe the nature and extent of auditing
performed.
Communicate the internal auditor?s evaluation of the effect of the findings on
the activities reviewed.
Define the standards, measures, or expectations used in evaluating audit
findings.
Describe the audit objectives and tell the reader why the audit was conducted.
Identify the audited activities and describe the nature and extent of auditing
performed.
13
A senior member of management who is several organizational levels above
the head of the operational area being audited has asked for a report of the
findings of the audit. The most appropriate means of communicating audit
findings to this senior member of management is by:
Orally communicating the findings.
Sending a copy of the final audit report.
Sending copies of interim reports.
Sending the summary section of the report.
Sending the summary section of the report.
14
After an audit report with adverse findings has been communicated to
appropriate auditee personnel, proper action is to:
Assemble new data to support the findings.
Examine further the data supporting the findings.
Schedule a follow-up review.
Implement corrective action indicated by the findings.
Schedule a follow-up review.
15
When making a presentation to management, the auditor wants to report
findings and to stimulate action. These objectives are best accomplished by:
Showing a series of slides or overheads that graphically depict the findings;
limit verbal commentary.
Delivering a lecture on the findings.
Handing out copies of the report, asking participants to read the report, and
asking for questions.
Using slides/overheads to support a discussion of major points.
Using slides/overheads to support a discussion of major points.
16
During the course of an audit of cash handling, the auditor notices that
considerable cash is stored overnight in a work area that has ready access
from a busy street. Furthermore, there is no security system or any armed
guard in the vicinity. When discussed with the appropriate manager, the
auditor is informed, ?We have never experienced a robbery or loss of cash
from this fund; why should we spend unnecessary amounts to improve
security?? The auditor should:
Explain all the facts but allow management the opportunity to tell its story so
that corrective action is more likely to be adopted.
Make a verbal interim report. In the final report, concentrate on the corrective
measures to be taken.
Widely distribute the report; this is a big problem that everyone in the
company needs to know about.
Since the company has never suffered any losses from the cash-handling
procedures, there is no need to report the finding.
Make a verbal interim report. In the final report, concentrate on the corrective
measures to be taken.
17
An internal auditor observed that assembly line personnel without protective
clothing were being exposed to dangerous chemicals. The auditor should
immediately notify management through the use of a(n):
Summary written report.
Formal written report.
Oral report.
Follow-up report.
Study These Flashcards
Oral report.
18
An internal auditor can use oral reports to:
Give immediate information to management and more accurately exchange
thoughts with a face-to-face discussion.
Eliminate the need for a lengthy final report by reaching verbal agreement on
the handling of significant findings with the auditee.
Report interim findings more efficiently by eliminating the preparation time for
a written report.
Impress the auditee with a polished presentation using graphics to enhance
the credibility of audit findings.
Give immediate information to management and more accurately exchange

thoughts with a face-to-face discussion.
19
An internal auditor found that employees in the maintenance department were
not signing their time cards. This situation also existed during the last audit.
The auditor should:
Withhold conclusions about payroll internal control in the maintenance
department.
Include this finding in the current audit report.
Instruct the employees to sign their time cards.
Ask the manager of the maintenance department to assume the resulting risk.
Include this finding in the current audit report.
20
An audit of a company's payroll department has revealed various control
weaknesses. These weaknesses along with recommendations for corrective
actions were addressed in the internal audit report. This report should be most
useful to the company's:
Audit committee of the board of directors.
Payroll manager.
President.
Treasurer.
Payroll manager.
21
Which of the following statements conveys negative information in such a way
that a favorable response from the auditee may still be achieved?
Unfortunately, your bookkeeper has not taken the time to reconcile the bank
statement each month.
Your bookkeeper has failed to reconcile the bank statement each month.
The bank statements have not been reconciled each month.
You have apparently failed to inform your bookkeeper that the bank
statements should be reconciled on a timely basis.
The bank statements have not been reconciled each month.
22
An excerpt from an audit finding indicates that travel advances exceeded
prescribed maximum amounts. Company policy provides travel funds to
authorized employees for travel. Advances are not to exceed 45 days of
anticipated expenses. Company procedures do not require justification for
large travel advances. Employees can and do accumulate large, unneeded
advances. The cause of the above audit finding is:
Travel advances have not been cleared in timely manner.
Company policy provides travel funds to authorized employees.
Employees accumulate large travel advances.
Company advance procedures do not require specific justification.
Company advance procedures do not require specific justification.
23
Interim reports are issued during an audit to:
Eliminate the need for a final report.
Explain the purpose of the audit.
Define the scope of the audit so the final report can be brief.
Communicate information requiring immediate attention.
Communicate information requiring immediate attention.
24
In beginning an audit, an internal auditor reviews written procedures that detail
segregation of duties adopted by management to strengthen internal controls.
These written procedures should be viewed as the following attribute of a
finding:
Effect.
Condition.
Criteria.
Cause.
Criteria.
25
An operational audit report that deals with the scrap disposal function in a
manufacturing company should address:
Whether the scrap material inventory is reported as a current asset.
Whether the scrap material inventory is valued at the lower of cost or market.
The efficiency and effectiveness of the scrap disposal function and include
any findings requiring corrective action.
Whether the physical inventory count of the scrap material agrees with the
recorded amount.
The efficiency and effectiveness of the scrap disposal function and include
any findings requiring corrective action.
26
An audit report with routine findings in the accounts payable department is
being issued. Distribution should include the accounts payable supervisor,
manager, and unit general manager. It may also be sent to the:
External auditors, the corporate controller, and the chairman of the board of
directors.
External auditors and the corporate controller.
Unit receiving manager, the purchasing manager, and the operations director.
Unit purchasing manager and the operations director.
External auditors and the corporate controller.
27
The auditor completed work on a segment of the audit program. It was clear
that a problem existed that would require a modification of the organization's
distribution procedures. The auditee agreed and has implemented revised
procedures. The internal auditor should:
Report the problem and assume that management will take appropriate
action.
Research the problem and recommend in the audit report measures that
should be taken.
Jointly develop and report an appropriate recommendation.
Indicate in the audit report that the auditee determined and implemented
corrective action.
Indicate in the audit report that the auditee determined and implemented
corrective action.
FLASHCARDS IN PLAN ENGAGEMENTS DECK (113):
1
An internal auditor discovered an error in a receivable due from a major
stockholder. The receivable’s balance accounts for less than 1% of the
company’s total receivables. Would the auditor be likely to consider the error
to be material?
No, if there will be further transactions with this stockholder.
Yes, because a related party is involved.
Yes, if relative risk is low.
No, because a small dollar amount is in error.
Yes, because a related party is involved.
2
Although encouraged by IIA Standards, which of the following is not usually
found in the final internal audit reports?
Auditee’s advanced responses whether valid or not.
Auditee’s noteworthy accomplishments.
Auditee’s corrective action plans.
Auditee’s final comments prior to issuing the final audit report.
Auditee’s noteworthy accomplishments.

3
The following is the complete text of a deficiency finding included in the
internal audit report for a bank:
The late charges were waived on an excessive number of delinquent
installment loan payments at the Spring Street Branch. We were informed that
an officer does not approve late charge waivers. Approximately $5,000 per
year in revenues is being lost. In order to provide a better control over late
charges waived and loss of income, we recommend that a lending officer be
responsible for waiving late charges and that this approval be in writing.
Which of the following elements of a deficiency finding is not properly
addressed?
Condition.
Effect.
Cause.
Criteria or standards.
Criteria or standards.
4
The finance department of a governmental unit has a computer based model
for forecasting tax revenue to use in preparing annual budgets. The internal
audit group has been asked to audit the model. A reasonable objective of the
audit would be to:
Confirm that the model forecasts each kind of revenue within a small
percentage of actual revenue.
Verify that for varying input values the model gives results consistent with
revenue behavior.
Determine whether the programs used for this year?s forecast were identical
to those used in the previous year.
Ensure that the model was modified so that it would have forecasted the
previous year?s actual revenue.
Verify that for varying input values the model gives results consistent with
revenue behavior.
5
An audit of an automated accounts receivable function for a single-plant
furniture manufacturing company has just been completed. Significant findings
include late posting of customers? payments, late mailing of monthly invoices,
and erratic follow-up on past-due accounts. Which of the following managers
should attend the exit conference for this audit?
Head of the audit team, controller, and vice president of information systems.
Director of internal auditing, chief financial officer, chief executive officer, and
vice president of information systems.
Head of the audit team, manager of the accounts receivable department, and
manager of the data processing department.
Director of internal auditing, chief operating officer, and controller.
Head of the audit team, manager of the accounts receivable department, and
manager of the data processing department.
6
The internal auditing department encounters a scope limitation from senior
management that will affect its ability to meet its goals and objectives for a
potential auditee. The nature of the scope limitation should be:
Communicated to management, stating that the limitation will not be accepted
because it would impair the audit department’s independence.
Noted in the audit work papers, but the audit should be carried out as
scheduled and the scope limitation worked around, if possible.
Communicated, preferably in writing, to the board.
Communicated to the external auditors so they can investigate the area in
more detail.
Communicated, preferably in writing, to the board.
7
Successful communication between the auditor and the auditee partially
depends on achieving appropriate emphasis so both parties are aware of the
most important points in their discussion. Which of the following approaches
would provide the most emphasis in an audit report?
Calm discussion in a conversational tone.
Key points embedded in discussion.
Graphics, repetition, and itemization.
Solid paragraphs and detailed appendices.
Graphics, repetition, and itemization.
8
Which of the following is not an advantage of issuing an interim report?
Final report-writing time can be minimized.
A formal, written interim report may negate the need for a final report in
certain circumstances.
An interim report can be conducted on an informal basis and may be
communicated only verbally.
An interim report allows information requiring immediate attention to be
communicated.
A formal, written interim report may negate the need for a final report in
certain circumstances.
9
What action should an internal auditor take on discovering that an audit area
was omitted from the audit program?
Perform the additional work needed without regard to the added time required
to complete the audit.
Continue the audit as planned and include the unforeseen problem in a
subsequent audit.
Evaluate whether completion of the audit as planned will be adequate.
Document the problem in the work papers and take no further action until
instructed to do so.
Evaluate whether completion of the audit as planned will be adequate.
10
In the performance of an audit, audit risk is best defined as the risk that an
auditor:
May not have the expertise to adequately audit a specific activity.
Might not select documents that are in error as part of the examination.
May fail to detect a significant error or weakness during an examination.
May not be able to properly evaluate an activity because of its poor internal
accounting controls.
May fail to detect a significant error or weakness during an examination.

11
An internal auditor is assigned to perform an audit of the company’s insurance
program, including the appropriateness of the approach to minimizing risks to
the company. The company self-insures against large casualty losses and
health benefits provided for all its employees. The company is a large national
firm with over 15,000 employees located in various parts of the country. It
uses an outside claims processor to administer its health care program. The
company’s medical costs have been rising by approximately 8% per year for
the past five years, and management is concerned with controlling them.
Which of the following analytical review procedures would provide
the most insight into the reasonableness of the increase in health care costs?
Develop a comparison of overall health insurance costs incurred by the
company with similar costs incurred by companies in the same industry.
Obtain the government index of health care costs for the comparable period of
time, and compare the rate of increase with that of the cost per employee
incurred by the company.
Obtain a bid from another health care administrator to provide the same
administrative services as the current health care administrator.
Develop a comparison of the costs incurred with similar costs incurred by
other companies.
Obtain the government index of health care costs for the comparable period of
time, and compare the rate of increase with that of the cost per employee
incurred by the company.
12
In the preparation of an audit program, which of the following items is not
essential?
The preparation of a budget identifying the costs of resources needed.
A review of material from prior audit reports.
The performance of a preliminary survey.
A review of performance standards set by management.
The preparation of a budget identifying the costs of resources needed.
13
The scope of an internal audit is initially defined by the:
Preliminary survey.
Scheduling and time estimates.
Audit program.
Audit objectives.
Audit objectives.
14
An audit report recommendation should address what attribute of an audit
finding?
Cause.
Effect.
Criteria.
Statement of condition.
Cause.
15
During an exit conference, an auditor and an auditee disagreed about a well-
documented audit finding. Which of the following would describe an
appropriate manner to handle the situation, assuming that it cannot be
resolved prior to issuing the audit report?
Present the finding giving all of the facts and conclusions resulting from the
testing.
Change the finding to agree with the auditee’s position.
Present both the audit finding and auditee’s position on the finding.
Defer reporting the item and plan to perform more detailed work during the
next audit.
Present both the audit finding and auditee’s position on the finding.
16
The following data were gathered during an internal auditor’s investigation of
the reason for a material increase in bad debts expenses. In preparing a
report of the finding, each of the items might be classified as criteria, cause,
condition, effect, or background information.
1. Very large orders require management’s approval of credit.
2. Audit tests showed that sales personnel regularly disregard credit
guidelines when dealing with established customers.
3. A monthly report of write-offs is prepared but distributed only to the
accounting department.
4. Credit reports are used only on new accounts.
5. Accounting department records suggest that uncollectible accounts could
increase by 5% for the current year.
6. The bad debts loss increased by $100,000 during the last fiscal year.
7. Even though procedures and criteria were changed to reduce the amount of
bad-debt write-offs, the loss of commissions due to written-off accounts has
increased for some sales personnel.
8. Credit department policy requires the review of credit references for all new
accounts.
9. Current payment records are to be reviewed before extending additional
credit to open accounts.
10. To reduce costs, the use of outside credit reports was suspended on
several occasions.
11. Since several staff positions in the credit department were eliminated to
reduce costs, some new accounts have received only cursory review.
12. According to the new credit manager, strict adherence to established
credit policy is not necessary.
Effect is best illustrated by items numbered:
5, 6, and 7.
3, 4, and 12.
2, 10, and 11.
1, 8, and 9.
5, 6, and 7.
17
Upon reviewing the results of the audit report with the audit committee,
executive management agreed to accept the risk of not implementing
corrective action on certain audit findings. Evaluate the following and select
the best alternative for the internal auditing director.
Notify regulatory authorities of management’s decision.
Internal audit responsibility has been discharged, and no further audit action is
required.
Conduct a follow-up audit to determine whether corrective action was taken.
Perform additional audit steps to further identify the policy violations.
Internal audit responsibility has been discharged, and no further audit action is
required.
18
The auditor needs to determine the scope of the proposed audit of insurance
coverage by the company. Which of the following statements is
(are) correct regarding the potential scope of the audit?
I.Since it is an internal audit, the audit department should concentrate on
processing that occurs within the company and not on auditing the
correctness of transaction processing by the health care processor.
II.The auditor should interview management prior to beginning the audit to
understand (1) its concerns and (2) the underlying assumptions made and
rationale used when making the self-insurance decision.
III.The auditor should consider engaging an actuarial consultant to better
understand the risks involved in order to help determine the scope of the
audit.
II and III.
Both I and II.
I only.
II only.
II and III.
19
An oral audit report may be most appropriate when:
Higher-level management needs a summary of individual audits.
It is used only for internal reporting within the internal auditing department.
A permanent record of the report is needed.
Emergency action is needed.
Emergency action is needed.

20
Which of the following is not a major purpose of an audit report?
Get results.
Inform.
Persuade.
Assign responsibility.
Assign responsibility.
21
An auditor has submitted a first draft of an audit report to an auditee in
preparation for an exit interview. The following is an excerpt from that report:
The audit was performed to accomplish several objectives.
+Verify the existence of unused machinery being stored in the warehouse.
+Determine whether machinery had been damaged during storage.
+Review the handling procedures being performed by personnel at the
warehouse.
+Determine whether proper accounting procedures are being followed for
machinery kept in the warehouse.
+Calculate the current fair market value of warehouse inventories.
+Compare the total value of the machinery to company accounting records.
It was confirmed that, of the 30 machines selected from purchasing records
for the sample, 13 were present on the warehouse floor and another 5 were
on the loading dock ready for conveyance to the production facility. Twelve
others had been sent to the production facility at a previous time. An
examination of the accounting procedures used at the warehouse revealed
the failure by the warehouse accounting clerk to reconcile inventory records
monthly, as required by policy. A sample of 25 machines was examined for
possible damage, and all but one was in good condition. It was confirmed by
the auditors that handling procedures outlined in the warehouse policy manual
appear to be adequate, and warehouse personnel apparently were following
those procedures, except for the examination of items being received for
inventory.
When communicating with auditees, there exist both situational factors and
message characteristics that can damage the communication process. An
auditor has only limited control over situational factors but has substantial
control over message characteristics.
Which of the following would seem to be a message characteristic that the
auditor who prepared the above report overlooked?
Sequence of message.
Nature of the audience.
Prior encounters with the auditee.
Noise.
22
An internal auditor is assigned to conduct an audit of security of a local area
network (LAN) in the finance department of the organization. Investment
decisions, including the use of hedging strategies and financial derivatives,
use data and financial models that run on the LAN. The LAN is also used to
download data from the mainframe to assist in the decisions. In determining
the scope of the audit, which of the following items should be
considered outside the scope of the security audit?
The ability of the LAN application to identify data items at the field or record
level and implement user access security at that level.
Interviews with users to determine their assessment of the level of security in
the system and the vulnerability of the system to compromise.
The level of security of other LANs in the company that also utilize sensitive
data.
Investigation of the physical security over access to the components of the
LAN.
The level of security of other LANs in the company that also utilize sensitive
data.
23
accounts.
several occasions.
Criteria are best illustrated by items numbered:
3, 4, and 12.
1, 8, and 9.
2, 10, and 11.
5, 6, and 7.
1, 8, and 9.
24
An audit report relating to an audit of a bank categorizes findings into
“deficiency findings” for major problems and “other areas for improvement” for
less serious problems. Which of the following excerpts would properly be
included under “other areas for improvement”?
Many secured loans did not contain hazard insurance coverage for tangible
property collateral.
The bank is incurring unnecessary postage cost by not combining certain
special mailings to checking account customers with the monthly mailing of
their statements.
At one branch a large amount of cash was placed on a portable table behind
the teller lines.
Loan officers also prepare the cashier’s checks for disbursement of the loan
proceeds.
The bank is incurring unnecessary postage cost by not combining certain
special mailings to checking account customers with the monthly mailing of
their statements.
25
During the course of an audit, the auditor makes a preliminary determination
that a major division has been inappropriately capitalizing research and
development expense. The audit is not yet completed, and the auditor has not
documented the problem or determined that it really is a problem. However,
the auditor is informed that the director of internal auditing has received the
following communication from the president of the company:
The controller of Division B informs me that you have discovered a
questionable account classification dealing with research and development
expense. We are aware of the issue. You are directed to discontinue any
further investigation of this matter until informed by me to proceed. Under the
confidentiality standard of your profession, I also direct you not to
communicate with the outside auditors regarding this issue.
Which of the following would be an appropriate action for the director to take
regarding the questionable item?
Immediately report the communication to the Institute of Internal Auditors and
ask for an ethical interpretation and guidance.
Continue to investigate the area until all the facts are determined, and
document all the relevant facts in the audit work papers.
Inform the president that this scope limitation will need to be reported to the
chairperson of the audit committee.
Immediately notify the external auditors of the problem to avoid aiding and
abetting a potential crime by the organization.
Inform the president that this scope limitation will need to be reported to the
chairperson of the audit committee.
26
It is important that the auditor be able to carefully distinguish between a scope
limitation and other limitations on the audit. According to the IIA Standards,
which of the following would not be considered a scope limitation?
I.The divisional management of an auditee has indicated that the division is in
the process of converting a major computer system and has indicated that the
information technology portion of the planned audit will have to be postponed
until next year.
II.The audit committee reviews the audit plan for the year and deletes an audit
that the director thought was important to conduct.
III.The auditee has indicated that certain customers cannot be contacted
because the organization is in the process of negotiating a long-term contract
with them and does not want to upset the customers.
IV.None of the responses is correct.
II only.
27
An internal auditor in a retail company reports to the corporate director of
internal audit. The auditor is assigned to audit a regional division. The audit
reports are to be sent both to the corporate office and the division controller in
the region. The auditor has been on location for six months and has submitted
monthly reports, each month auditing a part of the operation as assigned by
corporate internal auditing. This month, for the first time, the auditor has
audited the inventory controls, following procedures established by the
corporate internal auditing staff.
After seeing the audit report on inventory control, the divisional controller
called and requested a meeting with the auditor. At the meeting, the divisional
controller loudly and abusively criticized the accuracy of the auditor’s work,
the soundness of the auditor’s methods, and the results presented in the
reports. In the past, while not always agreeing with the auditor’s conclusions,
the divisional controller always had rational discussions and developed
appropriate follow-up steps to correct the problems the auditor found.
The divisional controller could have handled the situation better by:
Accepting the report because the auditor has consistently done good work,
and this one report is not that important.
Changing the methods used by corporate audit.
Discussing the objections to the inventory report with the auditor to get
agreement on changes and appropriate additional work.
Accepting the report but informing the director of internal auditing that the
report was unsatisfactory.
Discussing the objections to the inventory report with the auditor to get
agreement on changes and appropriate additional work.
28
This particular audit was not the auditor’s best work, and the auditor realizes
this. The auditor should:
Ask for time off for training in the weak areas.
Explain the personal problems that kept the auditor from working as hard on
this report as could be expected.
Ask the divisional controller to identify specific areas in which the report is
deficient, and, if the objections are justified, revise the report.
Defend the work now and try to improve it in the future.
Ask the divisional controller to identify specific areas in which the report is
deficient, and, if the objections are justified, revise the report.
29
Assume your company is considering purchasing a small toxic waste disposal
company. As internal auditors, you are part of the team doing a due diligence
review for the acquisition. Your scope (as auditors) would most
likely not include:
A review of the purchased company’s procedures for acceptance of waste
material and comparison with legal requirements.
An evaluation of the merit of lawsuits currently filed against the waste
company.
Analysis of the company’s compliance with, and disclosure of, loan covenants.
Assessment of the efficiency of the waste company’s operations and
profitability.
An evaluation of the merit of lawsuits currently filed against the waste
company.
30
Despite never having said so, the divisional controller had always thought the
auditor’s work was substandard. The divisional controller could have handled
the situation better by:
Calling the corporate director of internal audit and insist that the auditor be
replaced.
Documenting shortcomings regularly and reporting them to the director of
internal auditing.
Discussing the auditor’s work with other internal auditors to compare the
auditor’s methods with others used in the company.
Providing training on auditing of inventory controls so the auditor would do a
better job the next time.
Documenting shortcomings regularly and reporting them to the director of

internal auditing.
31
A company recently experienced a substantially reduced net profit from sales
of product line A. Line A is produced in a dedicated machine shop. The
internal auditors have been assigned the task of determining the cause of the
reduced net profit. Which of the following would most likely identify the
problem?
Interviews with the staff engaged in the production of line A.
An analysis of the financial and operational reports.
A walk-through of the machine shop.
A review of prior audit results.
An analysis of the financial and operational reports.
32
Which of the following is a proper step in an audit program?
Definition of audit objectives.
Planning for audit reporting.
Observation of procedures.
Notification of the audit.
Observation of procedures.
33
The audit was performed to accomplish several objectives: verify the
existence of unused machinery being stored in the warehouse, determine
whether machinery had been damaged during storage, review the handling
procedures being performed by personnel at the warehouse, determine
whether proper accounting procedures are being followed for machinery kept
in the warehouse, calculate the current fair market value of warehouse
inventories, and compare the total value of the machinery to company
accounting records. It was confirmed that of the 30 machines selected from
purchasing records for the sample, 10 were present on the warehouse floor
and another 5 were on the loading dock ready for conveyance to the
production facility. Twelve others had already been sent to the production
facility at a previous time. An examination of the accounting procedures used
at the warehouse revealed the failure by the warehouse accounting clerk to
reconcile inventory records monthly, as required by policy. A sample of 25
machines was examined for possible damage, and all but one was in good
condition. It was confirmed by the auditors that handling procedures outlined
in the warehouse policy manual appear to be adequate, and warehouse
personnel apparently were following those procedures, except for the
examination of items being received for inventory.
When communicating with auditees, both situational factors and message
characteristics can damage the communication process. An auditor has only
limited control over situational factors but has substantial control over
message characteristics.
The objectives of an audit report are to inform and to influence. Whether these
objectives are met depends on the clarity of the writing. Which of the following
principles of report clarity was violated in the above audit report?
I.Appropriately organize the report.
II.Keep most sentences short and simple.
III.Use active voice verbs.
IV.All of the above.
IV.
34
accounts.
several occasions.
Condition is best illustrated by items numbered:
2, 10, and 11.
3, 4, and 12.
1, 8, and 9.
5, 6, and 7.
2, 10, and 11.
35
The following information is extracted from a draft of an audit report prepared
on the completion of an audit of the inventory warehousing procedures for a
division.
[#5]We performed extensive tests of inventory record keeping and quantities
on hand. Based on our tests, we have concluded that the division carries a
large quantity of excess inventory, particularly in the area of component parts.
We expect this be due to the conservatism of local management that does not
want to risk shutting down production if the goods are not on hand. However,
as noted earlier in this report, the excess inventory has led to a higher-than-
average level of obsolete inventory write-downs at this division. We
recommend that production forecasts be established, along with lead times for
various products, and used in conjunction with economic order quantity
concepts to order and maintain appropriate inventory levels.
[#6]We observed that receiving reports were not filled out when the receiving
department became busy. Instead, the receiving manager would fill out the
reports after work and forward them to accounts payable. There is a risk that
all items received might not be recorded or that failing to initially record might
result in some items being diverted to other places. During our tests, we noted
many instances in which accounts payable had to call to receiving to obtain a
receiving report. We recommend that receiving reports be prepared.
[#7]Inventory is messy. We recommend that management communicate the
importance of orderly inventory management techniques to warehouse
personnel to avoid the problems noted earlier about (1) locating inventory
when needed for production and (2) incurring unusually large amounts of
inventory write-offs because of obsolescence.
[#8]We appreciate the cooperation of divisional management. We intend to
discuss our findings with them and follow up by communicating your reaction
to those recommendations included within this report. Given additional time
for analysis, we feel there are substantial opportunities available for significant
cost savings and we are proud to be a part of the process.
A major deficiency in paragraph #6 related to the completeness of the audit
report is:
The factual evidence for the audit finding is not given.
The cause of the problem is not defined.
The risk is presented in an overdramatic fashion.
The recommendation is incomplete.
The recommendation is incomplete.
36
division.
A major writing problem in paragraph #5 is:
The specific identification of “component parts” may be offensive to the
personnel responsible for those parts and may reflect negatively on them.
The use of potentially emotional words, such as “conservatism” of local
management.
The reference to other parts of the audit report citing excessive inventory
write-downs for obsolescence is not appropriate. If there is a problem, it
should all be discussed within the context of the specific audit finding.
The presentation of findings before recommendations. The report would have
more impact if recommendations were made before the findings are
discussed.
The use of potentially emotional words, such as “conservatism” of local

management.
37
One purpose of the exit conference is for the internal auditor to:
Require corrective action for deficiencies found.
Review the performance of audit personnel assigned to the engagement.
Review and verify the appropriateness of the audit report based on auditee
input.
Present the final audit report to management.
Review and verify the appropriateness of the audit report based on auditee
input.
38
Which of the following individuals would normally not receive an internal
auditing report related to a review of the purchasing cycle?
The independent external auditor.
The general auditor.
The director of purchasing.
The chairman of the board of directors.
The chairman of the board of directors.
39
The following information is to be included in a finding of an inventory control
audit of a tent and awning manufacturer. The issue relates to overstocked
rope.
I.The quantity on hand at the time of the audit represented a 10-year supply
based on normal usage.
II.The company had held an open house of its new factory two months prior to
the audit and had used the rope to provide safety corridors through the plant
for visitors. This was not considered when placing the last purchase order.
III.Rope is reordered when the inventory level reaches a one-month supply
and is based on usage during the previous 12 months.
IV.The quantity to be ordered should be adequate to cover expected usage for
the next six months.
V.The purchasing department should review inventory usage and inquire
about any unusual fluctuations before placing an order.
VI.A public warehouse, costing $500 per month, was required to store the
rope.
VII.The purchasing agent receives an annual salary of $59,000.
Which of these statements should be in the cause section of the finding?
I only.
VII only.
II only.
VI only.
II only.
40
rope.
rope.
Which of these statements should be in the condition section of the finding?
VII only.
IV only.
VI only.
I only.
I only.
41
The internal auditing department of an organization has been in existence for
ten years. It has established a charter, which has not yet been approved by
the audit committee. However, the audit committee is chaired by the chief
executive officer (CEO) and includes the controller and one outside board
member. The director reports directly to the controller who approves the
internal audit work plan. Thus, the auditing department has never felt the need
to push for a formal approval of the charter. The organization is publicly held
and has nine major divisions. The previous director of internal auditing was
recently dismissed following a dispute between the director and a major
auditee. The CEO accused the director of not operating “in the best interests
of the organization.” A new director with significant experience in both public
accounting and internal auditing has just been hired. Within the first month,
the new director encountered substantial resistance from an auditee regarding
the nature of an audit and the audit department’s access to records.
In considering the internal auditing department’s independence, which of the
following facts, by themselves, could contribute to a lack of internal audit
independence?
I.The CEO accused the previous director of not operating “in the best interests
of the organization.”
II.The majority of audit committee members come from within the
organization.
III.The internal audit charter has not been approved by the board or the audit
committee.
II and III only.
I only.
I, II, and III.
II only.
II and III only.
42
A governmental agency constrained by scarce audit and human resources
wishes to know the status of its program for licensing automobiles. In
particular, management is concerned about the possibility of:
+A backlog in new license applications, and
+Poor controls over the collection and processing of application fees.
The results of the preliminary survey and limited audit testing conducted by
the internal auditing department revealed that the licensing process was
operating as intended. No major deficiencies were noted. How should the
internal auditing department proceed?
Complete the audit as scheduled to ensure that other issues do not exist that
were not noted during the survey phase.
Send a memorandum report to the executive director and other concerned
parties summarizing the preliminary survey results and indicating that the
audit has been canceled.
Perform no further audit work, issue a formal audit report with the survey
results, and discuss the results with management.
Perform no further audit work, discuss pertinent issues with management and
the executive director, and prepare an audit program for future use so that
another survey will not be necessary.
Send a memorandum report to the executive director and other concerned

parties summarizing the preliminary survey results and indicating that the
audit has been canceled.
43
rope.
rope.
Which of these statements should be in the effect section of the finding?
VI only.
II only.
III only.
V only.
VI only.
44
division.
report is:
The report does not adequately describe the potential effect of the conditions
noted.
The recommendations are not required and are not appropriate, given the
nature of the problem identified.
There is no indication of the potential cause of the problem.
The report does not contain criteria by which the concept of excessive
inventory is judged.
The report does not contain criteria by which the concept of excessive
inventory is judged.
45
Several levels of management are interested in the results of the marketing
department audit. What is the best method of communicating the results of the
audit?
Discuss results with marketing management and issue a summary report to
top management.
Discuss results with all levels of management.
Write detailed reports for each level of management.
Write a report to the marketing management and give summary reports to
other management levels.
Write a report to the marketing management and give summary reports to

other management levels.
46
A manufacturing company has been expanding rapidly and is considering
adding a new production line. Employees are currently working double shifts
and receiving large amounts of overtime pay. Demand for all of the company’s
products is currently high, but management worries about demand
fluctuations with changes in the economy and technological developments by
competitors. Management is concerned with such issues as whether it is
efficiently using its resources, whether it is expanding too rapidly or not rapidly
enough, whether employee morale is decreasing, and whether future
expansion should be financed internally or through debt.
Management requests the auditor to examine factors that would help improve
the efficiency with which resources are used in the purchasing and production
processes. Which of the following procedures would be the least effective in
addressing management’s concern?
Perform a comparison of production costs over the past three years. Identify
any large deviations and investigate causes.
Perform an evaluation of the planning process to determine goods to be
ordered and the method of purchasing goods.
Interview personnel involved in the production process to gain insight on
production or acquisition problems.
Compare the company’s total cost of goods sold, as a percentage of total
sales, with industry averages.
Compare the company’s total cost of goods sold, as a percentage of total

sales, with industry averages.
47
In planning an audit, an on-site survey could assist with all of the following
except:
Obtaining preliminary information on internal controls.
Evaluating the effectiveness of the system of internal controls.
Obtaining auditee comments and suggestions on control problems.
Identifying areas for audit emphasis.
Evaluating the effectiveness of the system of internal controls.
48
The internal auditing department of an organization has been in existence for
ten years. It has established a charter, which has not yet been approved by
the audit committee. However, the audit committee is chaired by the chief
executive officer (CEO) and includes the controller and one outside board
member. The director reports directly to the controller who approves the
internal audit work plan. Thus, the auditing department has never felt the need
to push for a formal approval of the charter. The organization is publicly held
and has nine major divisions. The previous director of internal auditing was
recently dismissed following a dispute between the director and a major
auditee. The CEO accused the director of not operating “in the best interests
of the organization.” A new director with significant experience in both public
accounting and internal auditing has just been hired. Within the first month,
the new director encountered substantial resistance from an auditee regarding
the nature of an audit and the audit department’s access to records.
Given the current dispute with an auditee regarding audit scope, which of the
following internal auditing actions is not appropriate?
Meet with the board to obtain approval of the audit charter to mitigate the
existence of this problem and similar problems that may occur in the future.
Indicate to the auditee that if the resistance continues, the auditing
department will not be available to perform cost/benefit audits for the
department in the future.
Report the dispute, if it remains unresolved, to the board.
Review the approved work plan with the CEO and controller and ask for
immediate guidance in dealing with the auditee.
Indicate to the auditee that if the resistance continues, the auditing

department will not be available to perform cost/benefit audits for the
department in the future.
49
An internal auditor has completed an audit of an organization’s activities and
is ready to issue a report. However, the auditee disagrees with the internal
auditor’s conclusions. The auditor should:
Issue the audit report and indicate that the auditee has provided a scope
limitation that has led to a difference as to the conclusions.
Issue the audit report and state both the auditor and auditee positions and the
reasons for the disagreement.
Perform more work, with the auditee’s concurrence, to resolve areas of
disagreement. Delay the issuance of the report until agreement is reached.
Withhold the issuance of the audit report until agreement on the issues is
obtained.
Issue the audit report and state both the auditor and auditee positions and the
reasons for the disagreement.
50
Audit programs testing internal controls should:
Be generalized so as to be usable at all locations of a particular department.
Be generalized to fit all situations without regard to departmental lines.
Reduce costly duplication of effort by ensuring that every aspect of an
operation is examined.
Be tailored for the audit of each operation.
Be tailored for the audit of each operation.
51
The health care processor wishes to implement controls that would help
prevent the fraud by dentists who are billing the health care processor for
services that were not provided. Assume further that all the claims are
submitted electronically to the health care processor. Which of the following
control procedures would be the most effective?
Send confirmations to the dentists requesting them to confirm the exact nature
of the claims submitted to the health care processor.
Develop an integrated test facility and submit false claims to verify that the
system is detecting such claims on a consistent basis.
Require all submitted claims to be accompanied by a signed statement by the
dentists testifying to the fact that the claimed procedures were performed.
Develop a program that identifies procedures performed on an individual in
excess of expectations based on: the age of the employee, whether a similar
procedure was performed recently, or the average cost per claim.
Develop a program that identifies procedures performed on an individual in
excess of expectations based on: the age of the employee, whether a similar
procedure was performed recently, or the average cost per claim.
52
Writing an audit program occurs at which stage of the audit process?
As the audit is performed.
At the end of each audit, the standard audit program should be revised for the
next audit to ensure coverage of noted problem areas.
Subsequent to testing internal controls to determine whether to rely on the
controls or audit around them.
During the planning stage.
During the planning stage.
53
An auditor for a bank noted a significant deficiency relating to access to cash
in the bank’s vault at one of the branch banks. Which of the following is
the most satisfactory means of addressing this deficiency? The auditor
should:
Discuss the deficiency with the branch manager only after the audit report is
published.
Discuss the deficiency with the branch manager before drafting the written
audit report. If the auditor and branch manager agree on corrective action and
the action is initiated before the report is published, the deficiency need not be
included in the report.
audit report. If the auditor and branch manager agree on corrective action,
include both the deficiency and corrective action in the audit report.
Not discuss the deficiency with the branch manager before or after the audit
report is published; discussion may dilute the impact of the written report.
audit report. If the auditor and branch manager agree on corrective action,
include both the deficiency and corrective action in the audit report.
54
rope.
rope.
Which of these statements should be in the criteria section of the finding?
III only.
II only.
III and IV only.
V only.
III and IV only.
55
An internal audit director has noticed that staff auditors are presenting more
oral reports to supplement written reports. The best reason for the increased
use of oral reports by the auditors is that they:
Permit auditors to counter arguments and provide additional information that
the audience may require.
Can be delivered in an informal manner without preparation.
Reduce the amount of testing required to support audit findings.
Can be prepared using a flexible format. thereby increasing overall audit
efficiency.
Permit auditors to counter arguments and provide additional information that
the audience may require.
56
The best control over the work on which audit opinions are based is:
Preparation of working papers.
Staffing of audit activities.
Preparation of time budgets for auditing activities.
Supervisory review of all audit work.
Supervisory review of all audit work.
57
An internal auditing department has scheduled an audit of a construction
contract. One portion of this audit will include comparing materials purchased
to those specified in the engineering drawings. The auditing department does
not have anyone on staff with sufficient expertise to complete this audit step.
Select the best alternative for the director of internal auditing.
Perform the entire audit using current staff.
Accept the contractor’s written representations.
Delete the audit from the schedule.
Engage an engineering consultant to perform the comparison.
Engage an engineering consultant to perform the comparison.
58
Which of the following factors might best indicate the possibility of fraudulent
activity in the production process?
Inventory, per accounting records, has decreased at the same time that the
cost of goods sold has increased.
Interviews with employees indicate they have a general dissatisfaction with
management and believe that productivity could be greatly improved if
management listened to employees.
Although scrap is generated, there is no income reported from scrap sales.
Employee overtime has increased 50% during the past year.
Although scrap is generated, there is no income reported from scrap sales.
59
An auditor begins an audit with a preliminary evaluation of internal control, the
purpose of which is to decide on the extent of future auditing activities. If the
auditor?s preliminary evaluation of internal control results in a finding that
controls may be inadequate, the next step would be:
The preparation of a flowchart depicting the internal control system.
To implement the desired controls.
An expansion of audit work prior to the preparation of an audit report.
An exception noted in the audit report if losses have occurred.
An expansion of audit work prior to the preparation of an audit report.
60
division.
A major deficiency in paragraph #8 is:
I.The nature of the follow-up action is inappropriate.
II.The findings have not been discussed with division management before
they are presented to upper management.
III.The cost savings mentioned are not supported in the report.
IV.I, II, and III
I only.III only.I, II, and III.II only.
I, II, and III.
61
Management is concerned that employee productivity and morale may be
decreasing even though production workers are being paid more overtime
wages. Which of the following audit procedures would be least effective in
addressing this concern?
Obtain “best practices” production data from a comparable industry, and
identify areas of differences. Follow up with interviews of production
supervisors.
Take a statistical sample of employees, and interview selected employees
regarding their morale, productivity, and views on methods to improve
efficiency.
Develop a schedule of production per employee over the past two years
stratified by production during standard work shifts and production during
overtime periods.
Develop a schedule of employee pay and analyze changes in overtime pay.
Develop a schedule of employee pay and analyze changes in overtime pay.
62
An internal auditor has just completed an on-site survey in order to become
familiar with the company?s payroll operations. Which of the following should
be performed next?
Establish initial audit objectives.
Conduct fieldwork.
Assign audit personnel.
Write the audit program.
Write the audit program.
63
An internal auditor would most likely judge an error in an account balance to
be material if the error involves a(n):
Clerical mistake that is unlikely to occur again.
Large percentage of net income.
Unusual transaction for the company.
Unverified routine transaction.
Large percentage of net income.
64
The IIA Standards require that the director of internal auditing or designee
decide to whom the final audit report will be distributed. Findings concerning
significant internal control weakness are included in an audit report on the
accounts payable system of a company whose securities are publicly traded.
The director of internal auditing has chosen to send copies of this audit report
to the audit committee and the external auditor. Which of the following is
the most likely reason for distributing copies to the audit committee and the
external auditor?
The audit committee and external auditor will need to take corrective action on
the deficiency findings.
The activities of the audit committee and external auditor may be affected
because of the potential for misstated financial statements.
A regulatory agency’s guidelines require such distribution.
The audit committee and external auditor are normally sent copies of all
internal audit reports as a courtesy.
The activities of the audit committee and external auditor may be affected
because of the potential for misstated financial statements.
65
The internal audit department of a major financial institution completed an
audit of the company’s derivatives trading operations in its foreign branch. The
audit report was critical of the lack of controls in the trading process and the
lack of effective monitoring of successful traders by the home office. The
auditor suspected, but did not state, that the reason the home office tolerated
the behavior of the foreign branch trading unit was that the branch, and in
particular one individual trader, had been very successful. The success
created enormous profits and thereby influenced the bonuses of all members
of senior management. After receiving the audit report, senior management
indicated that corrective action was under way. Based on the imminent
corrective action, the auditor did not report the finding to the audit committee.
Which of the following statements is (are) correct regarding the company’s
compensation system and related bonuses?
I.The bonus system should be considered part of the control environment of
the organization and should be considered in formulating a report on internal
control.
II.Compensation systems are not part of an organization’s control system and
should not be reported as part of an organization’s control system.
III.An audit of the compensation system should be performed independently of
an audit of the control system over the company’s derivatives trading activities
and should not be considered an integral part of the derivatives audit.
II only.
I only.
III only.
II and III.
I only.
66
According to the IIA Standards, an internal auditor’s role with respect to
operating objectives and goals includes:
Developing and implementing control procedures.
Approving the operating objectives or goals to be met.
Determining whether underlying assumptions are appropriate.
Accomplishing desired operating program results.
Determining whether underlying assumptions are appropriate.
67
The audit was performed to accomplish several objectives.
+Verify the existence of unused machinery being stored in the warehouse.
+Determine whether machinery had been damaged during storage.
+Review the handling procedures being performed by personnel at the
warehouse.
+Determine whether proper accounting procedures are being followed for
machinery kept in the warehouse.
+Calculate the current fair market value of warehouse inventories.
+Compare the total value of the machinery to company accounting records.
It was confirmed that, of the 30 machines selected from purchasing records
for the sample, 13 were present on the warehouse floor and another 5 were
on the loading dock ready for conveyance to the production facility. Twelve
others had already been sent to the production facility at a previous time. An
examination of the accounting procedures used at the warehouse revealed
the failure by the warehouse accounting clerk to reconcile inventory records
monthly, as required by policy. A sample of 25 machines was examined for
possible damage, and all but one was in good condition. It was confirmed by
the auditors that handling procedures outlined in the warehouse policy manual
appear to be adequate, and warehouse personnel apparently were following
those procedures, except for the examination of items being received for
inventory.
When communicating with auditees, there exist both situational factors and
message characteristics that can damage the communication process. An
auditor has only limited control over situational factors but has substantial
control over message characteristics.
The following elements are usually included in final audit reports: purpose,
scope, results, conclusions, and recommendations. Which of the following
describes all of the elements missing from the above report?
Scope, conclusion, recommendation.
Result, conclusion, recommendation.
Purpose, scope, recommendation.
Purpose, result, recommendation.
68
division.
report is:
The condition for the audit finding is not clearly explained.
There is not a separate section adequately discussing the risks associated
with the audit finding.
The recommendation does not follow from the findings. The recommendation
could have been reached without any audit findings.
The reference to other parts of the audit report citing excessive inventory
write-downs for obsolescence is not appropriate. If there is a problem, it
should all be discussed within the context of the specific audit finding.
The condition for the audit finding is not clearly explained.
69
In order to determine the extent of audit tests to be performed during
fieldwork, preparing the audit program should be the next step after
completing the:
Time budgets for specific audit tasks.
Survey of company policies.
Preliminary survey.
Assignment of audit staff.
Preliminary survey.
70
The preliminary survey discloses that a prior audit deficiency was never
corrected. Subsequent fieldwork confirms that the deficiency still exists. Which
of the following courses of action should the internal auditor pursue?
Order the person(s) responsible to correct the problem. They have had long
enough to do so.
Take no action. To do otherwise would be an exercise of operational control.
Discuss the issue with the person(s) responsible for the problem. They should
know how to solve the problem.
Discuss the issue with the director of internal auditing. The problem requires
an ad hoc solution.
Discuss the issue with the person(s) responsible for the problem. They should
know how to solve the problem.
71
Interviewing operating personnel, identifying the objectives of the auditee,
identifying standards used to evaluate performance, and assessing the risks
inherent in the auditee?s operations are activities typically performed in which
phase of an internal audit?
The reporting phase.
The audit programming phase.
The fieldwork phase.
The preliminary survey phase.
The preliminary survey phase.
72
Fieldwork has been defined as “a systematic process of objectively gathering
evidence about an entity’s operations, evaluating it, and determining if those
operations meet acceptable standards.” Which of the following is not part of
the work performed during fieldwork?
Developing a written audit program.
Creating working papers that document the audit.
Expanding or altering audit procedures if circumstances warrant.
Applying the audit program to accomplish audit objectives.
Developing a written audit program.
73
Which of the following techniques is best for emphasizing a point in a written
communication?
Highlight the point through the use of nonparallel structure.
Use passive rather than active voice.
Use a short sentence with one idea rather than a longer sentence with several
ideas.
Place the point in the middle rather than at the beginning or end of the
paragraph.
Use a short sentence with one idea rather than a longer sentence with several
ideas.
74
If the internal auditor believes the criticism is completely unjustified, the
auditor should:
Offer to personally rewrite the report and develop the follow-up steps to
correct the inventory problems to show the accuracy of the work.
Ask the divisional controller to identify specific areas of disagreement and
document them in the management response section of the audit report.
Confront the divisional controller just as loudly to communicate that the auditor
can be just as aggressive and can survive in the corporate environment.
Ignore the divisional controller’s response.
Ask the divisional controller to identify specific areas of disagreement and

document them in the management response section of the audit report.
75
The internal auditing unit has recently completed an operational audit of its
company’s accounts payable function. The audit director decided to issue a
summary report in conjunction with the final report. Who would be the most
likely recipient(s) of just the summary audit report?
Accounts payable manager.
External auditor.
Controller.
76
During a preliminary survey, an auditor notes that several accounts payable
vouchers for major suppliers show adjustments for duplicate payment of prior
invoices. This would indicate:
An unrecorded liability for the amount of purchases that are not processed
while awaiting supplier master file address maintenance.
A lack of control in the receiving area that prevents timely notice to the
accounts payable area that goods have been received and inspected.
The existence of a sophisticated accounts payable system that correlates
overpayments to open invoices and therefore requires no further audit
concern.
A need for additional testing to determine related controls and the current
exposure to duplicate payments made to suppliers.
A need for additional testing to determine related controls and the current
exposure to duplicate payments made to suppliers.
77
An audit finding is worded as follows:
The capital budget includes funds to purchase 11 new vehicles. Review of
usage records showed that 10 vehicles in the fleet of 70 had been driven less
than 2,500 miles during the past year. Vehicles have been assigned to
different groups whose usage rates have varied greatly. There was no policy
requiring rotation of vehicles between high- and low-usage groups. Lack of
criteria for assigning vehicles and a system for monitoring their usage could
lead to purchasing unneeded vehicles.
Based on the facts presented in this finding, it would be appropriate to
recommend that management:
Delay the proposed vehicle purchases until the apparent excess capacity is
adequately explained or absorbed.
Establish a system to rotate vehicles among users periodically.
Withhold approval of the capital budget until other projects can be reviewed by
internal auditing.
Establish a minimum of 2,500 miles per quarter as criteria for assigning
vehicles to user groups.
Delay the proposed vehicle purchases until the apparent excess capacity is
adequately explained or absorbed.
78
Assume the auditor becomes concerned that significant fraud may be taking
place by dentists who are billing the health care processor for services that
were not provided. For example, employees may have their teeth cleaned, but
the dentists charge the processor for pulling teeth and developing dentures.
The most effective audit procedure to determine whether such a fraud exists
would be to:
Develop a schedule of payments made to individual dentists. Verify that
payments were made to the dentists by confirming the payments with the
health care processor.
Take a random sample of payments made to dentists and confirm the
amounts paid with the dentists??? offices to determine that the amounts
agree with the amounts billed by the dentists.
Take a random sample of claims submitted by dentists and trace through the
system to determine whether the claims were paid at the amounts billed.
Take a discovery sample of employee claims that were submitted through
dentist offices and confirm the type of service performed by the dentists
through direct correspondence with the employee who had the service
performed.
Take a discovery sample of employee claims that were submitted through

dentist offices and confirm the type of service performed by the dentists
through direct correspondence with the employee who had the service
performed.
79
The internal audit department of a major financial institution completed an
audit of the company’s derivatives trading operations in its foreign branch. The
audit report was critical of the lack of controls in the trading process and the
lack of effective monitoring of successful traders by the home office. The
auditor suspected, but did not state, that the reason the home office tolerated
the behavior of the foreign branch trading unit was that the branch, and in
particular one individual trader, had been very successful. The success
created enormous profits and thereby influenced the bonuses of all members
of senior management. After receiving the audit report, senior management
indicated that corrective action was under way. Based on the imminent
corrective action, the auditor did not report the finding to the audit committee.
Which of the following statements, if true, could have justified the auditor’s
decision not to report the control concerns to the audit committee?
Derivatives are complex, and the auditor should rely on management’s
analysis of the extent of the problem.
The board of directors has a separate committee to make recommendations
on compensation.
Management plans to initiate corrective action.
The amounts of trading and the potential risks associated with the foreign
branch are not material to the overall organization.
The amounts of trading and the potential risks associated with the foreign
branch are not material to the overall organization.
80
The following elements are usually included in final audit reports: purpose,
scope, results, conclusions, and recommendations. Which of the following
describes all of the elements missing from the above report?
Result, conclusion, recommendation.
Purpose, result, recommendation.
Purpose, scope, recommendation.
81
Assume that the auditor’s preliminary findings indicate that certain dentists are
billing the health care processor for services that were not provided and that
this practice is not being detected or prevented by the health care processor.
The auditor wishes to present to management an estimate of the amounts
involved. The auditor chooses an approach that will sample claims by dentists
and will verify whether the claims are appropriate. The best audit sampling
approach would be:
Classical variables estimation of claims submitted by the suspected dentists
stratified by dollar amount of services performed.
Attribute sampling classifying the existence of a nonvalid claim as a deviation.
Dollar-unit sampling of all dentists to determine if the fraud might exceed a
predetermined limit.
Discovery sampling based on a low to moderate level of fraud expectation.
Classical variables estimation of claims submitted by the suspected dentists

stratified by dollar amount of services performed.
82
The advantage attributed to the establishment of internal auditing field offices
for work at foreign locations is best described as:
More contact with senior audit personnel, leading to an increase in control.
The increased ease of maintaining uniform company-wide standards.
The possibility of increased objectivity of personnel assigned to a field office.
A reduction of travel time and related travel expense.
83
An outside consultant is developing a system to be used for the management
of a city?s capital facilities. An appropriate scope of an audit of the
consultant?s product would be to:
Review the handling of idle equipment.
Review the consultant?s contract to determine its propriety.
Determine the adequacy of the controls built into the system.
Establish the parameters of the value of the items being managed and
controlled.
Determine the adequacy of the controls built into the system.
84
The major purpose of an exit conference is:
Correction of deficiencies found.
Communication with all affected parties.
Assessment of audit staff’s performance.
Presentation of the final audit report.
Communication with all affected parties.
85
A standardized internal audit program would not be appropriate for the
following situation:
A complex or changing operating environment.
A stable operating environment undergoing only minimal changes.
Multiple locations with similar operations.
Subsequent inventory audits performed at same location.
A complex or changing operating environment.
86
Many administrative audit tasks are performed during the course of an audit.
Various audit tasks are shown below and given a number. In the answers, the
numbered tasks are grouped as being done primarily by a staff auditor, audit
manager, or director of audit. Only one of the following groupings is correct.
Select the answer in which listed tasks are most appropriately grouped
according to the auditor position.
1The auditee is selected and the scope of the audit assigned.
2An initial interview is held with the auditee explaining the scope of the audit.
3Working papers are prepared showing audit work performed.
4Audit work is supervised during the fieldwork.
5Working papers are reviewed.
6Inquiry is made of auditee management to explain unusual findings.
7Working papers are finalized and a preliminary report is prepared.
8Review draft audit report prior to discussion with management.
9After the audit report has been discussed with auditee management, the
report and working papers receive a final review before the audit report is
signed, published, and distributed.
Not all tasks are listed in each answer, and some of the numbered tasks could
be done by more than one of the three auditing personnel.
A) staff - 3,6,7. manager - 2,5,8. director 1,8,9
B) staff - 2,4,7. manager - 3,4,8. director 1,6,9
C) staff - 3,7,9. manager - 2,4,6. director 2,3,8
D) staff - 2,7,9. manager - 4,6,8. director 1,5,6
A.
87
An internal auditor suspects fraud in the purchasing department. To whom
should the auditor communicate this first?
The audit committee.
The vice president of purchasing.
Audit management.
Audit management.
88
One of the primary roles of an audit program is to:
Document an auditor?s understanding of the internal control system.
Delineate the audit risk accepted by the auditor.
Provide for a standardized approach to the audit engagement.
Serve as a tool for planning, directing, and controlling audit work.
Serve as a tool for planning, directing, and controlling audit work.
89
rope.
rope.
Which of these statements should be in the recommendation section of the
finding?
III only.
III and IV only.
V only.
VI only.
V only.
90
According to the IIA Standards, reported audit findings emerge by a process
of comparing “what should be” with “what is.” In determining “what should be”
during an audit of a company’s treasury function, which of the following would
be the least desirable criteria against which to judge current operations?
Company policies and procedures delegating authority and assigning
responsibilities.
The operations of the treasury function as documented during the last audit.
Codification of best practices of the treasury function in relevant industries.
Finance textbook illustrations of generally accepted good treasury function
practices.
The operations of the treasury function as documented during the last audit.
91
The IIA Standards require that internal auditors discuss conclusions and
recommendations at appropriate levels of management before issuing final
written reports. Which of the following is the primary reason that a closing
conference should be documented by the auditor?
The information may be needed if a dispute arises.
The IIA Standardsrequire that closing conferences be documented.
The information may be needed to revise future audit programs.
Closing conference documentation becomes a basis for future audits.
The information may be needed if a dispute arises.
92
Recommendations in audit reports may or may not actually be implemented.
Which of the following bestdescribes internal auditing’s role in follow-up on
audit recommendations? Internal auditing:
Should request that independent auditors follow up on audit
recommendations.
Should be charged with the responsibility for implementing audit
recommendations.
Has no role; follow-up is management’s responsibility.
Should follow up to ascertain that appropriate action is taken on audit
recommendations.
Should follow up to ascertain that appropriate action is taken on audit

recommendations.
93
Which of the following is a step in an audit program?
Observe the procedures used to identify defective units produced.
Auditors may not reveal findings to nonsupervisory, operational personnel
during the course of this audit.
The audit will commence in six weeks and include tests of compliance.
Determine whether the manufacturing operations are effective and efficient.
Observe the procedures used to identify defective units produced.
94
The auditor has planned an audit of the effectiveness of the quality assurance
function as it affects the receiving of goods, the transfer of the goods into
production, and the scrap costs related to defective items. The auditee argues
that such an audit is not within the scope of the internal auditing function and
should come only under the purview of the quality assurance department.
What would be the mostappropriate audit response?
Terminate the audit because an operational audit will not be productive
without the auditee’s cooperation.
Indicate that the audit will only examine the function in accordance with the
standards set, and approved, by the quality assurance function before
beginning the audit.
Refer to the audit department charter and the approved audit plan, which
includes the area designated for audit in the current time period.
Since quality assurance is a new function, seek the approval of management
as a mediator to set the scope of the audit.
Refer to the audit department charter and the approved audit plan, which
includes the area designated for audit in the current time period.
95
An audit program for a comprehensive audit of a purchasing function should
include:
Specific methods to accomplish audit objectives.
A statement of the audit objectives of the operation under review with
agreement by the auditee.
A focus on risks impacting the financial statements as opposed to controls.
Work steps arranged by relative priority based on perceived risk.
Specific methods to accomplish audit objectives.
96
Which of the following best describes a preliminary survey?
A walk-through of the financial control system to identify risks and the controls
that can address those risks.
A standardized questionnaire used to obtain an understanding of
management objectives.
A process used to become familiar with activities and risks in order to identify
areas for audit emphasis.
A statistical sample of key employee attitudes, skills, and knowledge.
A process used to become familiar with activities and risks in order to identify
areas for audit emphasis.
97
The behavioral science literature identifies diffusion as an effective approach
to resolving conflict. An auditor effectively using diffusion in working with a
confrontational auditee would:
Emphasize differences between the parties.
Avoid the conflict situation.
Identify the sources of conflict and address them directly.
Set aside critical issues temporarily and try to reach agreement on less
controversial issues first.
Set aside critical issues temporarily and try to reach agreement on less
controversial issues first.
98
When the audit was assigned, management asked the auditor to evaluate the
appropriateness of using self-insurance to minimize risk to the organization.
Given the scope of the audit requested by management, should the auditor
engage an actuarial consultant to assist in the audit if these skills do not exist
on staff?
No. It is a normal audit function to assess risk; therefore, this audit
engagement is not unique.
Yes. An actuary is essential to determine whether the health care costs are
reasonable.
No. The audit department is skilled in assessing controls, and the insurance
control concepts are not distinctly different from other control concepts.
Yes. The actuary has skills not usually found in auditors to identify and
quantify self-insurance risks.
Yes. The actuary has skills not usually found in auditors to identify and
quantify self-insurance risks.
99
In which section of the final report should the internal auditor describe the
audit objectives?
Scope.
Purpose.
Criteria.
Condition.
Purpose.
100
The IIA Standards require auditors to discuss conclusions and
recommendations at appropriate levels of management before issuing final
written reports. Auditors usually accomplish this by conducting exit
conferences. Which of the following best describes the purpose of exit
conferences?
To allow auditees to get started implementing recommendations as soon as
possible.
To ensure that there have been no misunderstandings or misinterpretations of
facts.
To allow auditors to sell findings and recommendations to management.
To allow auditors to explain complicated findings before a written report is
issued.
To ensure that there have been no misunderstandings or misinterpretations of

facts.
101
Assume that the auditor wishes to test whether the health care processor is
meeting contract requirements regarding the proper payment or denial of
employee claims. The best audit approach would be to take a sample of:
Claims filed with the health care processor and determine whether they were
either appropriately paid or denied.
Employees and interview them regarding their health care experiences with
proper and timely payment by the health care processor.
Claims paid by the health care processor and determine whether all the
payments were proper.
Claims paid by the health care processor and engage an outside expert to
analyze whether the claims were appropriately processed.
Claims filed with the health care processor and determine whether they were
either appropriately paid or denied.
102
An internal auditor conducts a preliminary survey and identifies a number of
significant audit issues and reasons for pursuing them in more depth. The
auditee informally communicates concurrence with the preliminary survey
results and asks that the auditor not report on the areas of significant concern
until the auditee has an opportunity to respond to the problem areas. Which of
the following audit responses would not be appropriate?
Consider the risk involved in the areas involved, and if the risk is high,
proceed with the audit.
Consider the audit to be terminated with no report needed since the auditee
has already agreed to take constructive action.
Keep the audit on the audit time schedule and discuss with management the
need for completing the audit on a timely basis.
Work with the auditee to keep the audit on schedule and address the
significant issues in more depth, as well as the auditee’s responses, during
the course of the audit.
Consider the audit to be terminated with no report needed since the auditee
has already agreed to take constructive action.
103
accounts.
several occasions.
Cause is best illustrated by items numbered:
1, 8, and 9.
3, 4, and 12.
5, 6, and 7.
2, 10, and 11.
3, 4, and 12.
104
Of the following management requests, which is within the normal audit scope
as stated in the IIAStandards?
Perform an independent evaluation of management’s planning process as a
basis for making recommendations.
Analyze financing alternatives and present the alternatives to the audit
committee.
Undertake a make-or-buy decision analysis to determine whether the
company should subcontract for part of its manufacturing versus adding
capacity. Report the recommendation to management for approval.
Talk with banks to identify financing alternatives and negotiate contract
alternatives, which would be presented to management for evaluation.
Perform an independent evaluation of management’s planning process as a

basis for making recommendations.
105
Which of the following would seem to be a message characteristic that the
auditor who prepared the above report overlooked?
Noise.
Nature of the audience.
History of prior events leading to the current encounter.
106
A primary purpose of the closing conference is to:
Gather audit evidence.
Resolve remaining issues.
Implement audit findings.
Determine the scope of the audit.
Resolve remaining issues.
107
Which of the following would not be considered an objective of the audit
closing or exit conference?
To resolve conflicts.
To identify management’s actions and responses to the findings.
To identify concerns for future audits.
To discuss the findings.
To identify concerns for future audits.
108
An internal auditor judged an item to be immaterial when planning an audit.
However, the auditor may still include the item if it is subsequently determined
that:
Related evidence is reliable.
Adverse effects related to the item are likely to occur.
Miscellaneous income is affected.
Sufficient staff is available.
Adverse effects related to the item are likely to occur.

109
At a meeting with audit managers, the director of internal auditing is allocating
the audit work schedule for next year?s plan. Which of the following methods
would ensure that each audit manager receives an appropriate share of both
the work schedule and internal auditing department resources?
The full list of scheduled audits is published for the audit staff, and work
assignments are made based on career interests and travel requirements.
Each of the audit managers selects the individual audit assignments desired,
based on preferences for the audit area and the management personnel
involved in the audit.
Auditable units are assigned to each manager based on risk and skill analysis.
Each audit manager chooses audit assignment preferences based on the total
staff hours that are currently available to each manager within the department.
Auditable units are assigned to each manager based on risk and skill analysis.
110
Which of the following would not be included in the statement of scope in an
audit report?
Period covered by the audit.
Audit objectives.
Activities not audited.
Nature and extent of the auditing performed.
Audit objectives.
111
The current ratio increased during the past year while the quick ratio
decreased. Which of the following explanations would best explain the reason
that the current ratio increased while the quick ratio decreased?
The significant buildup of inventory.
The substantial increase in accounts receivable.
The large increase in the amount of intangible assets that affects the current
ratio but not the quick ratio.
A substantial increase in accounts payable that affects the current ratio but
not the quick ratio.
The significant buildup of inventory.
112
The following information is available from the financial statements of a
manufacturing division. The director of internal auditing is reviewing the data
to identify potential risks as a basis for planning the audit. The division has not
been audited by the internal auditing department in the past three years. The
division conducts most of its business autonomously. The division has
historically relied on one major product. However, that product is aging and
will soon lose its patent protection.
Which of the following would not explain the decrease in cost of goods sold as
a percentage of sales ratio? The division:
Recorded subsequent year’s sales in the current year, but adjusted inventory
to actual goods on hand at year-end.
Liquidated inventory in conjunction with a plan to bring its current ratio more in
line with the industry average.
Increased the selling price of its products by selling to less creditworthy
customers.
Is incorrectly capitalizing certain production costs.
Liquidated inventory in conjunction with a plan to bring its current ratio more in
line with the industry average.
113
The following information is available from the financial statements of a
manufacturing division. The director of internal auditing is reviewing the data
to identify potential risks as a basis for planning the audit. The division has not
been audited by the internal auditing department in the past three years. The
division conducts most of its business autonomously. The division has
historically relied on one major product. However, that product is aging and
will soon lose its patent protection.
The division had a large increase in sales in the previous year (20X2). Which
of the following hypotheses would the data support regarding the potential
cause of the sales increase? The division:
Sold off most of its intangible assets, realizing a profit on the sale.
Liquidated a substantial part of its older inventory.
Acquired another company and accounted for the purchase as a purchase
transaction, not a pooling.
Reduced its selling price for most of its product line.
Acquired another company and accounted for the purchase as a purchase

transaction, not a pooling.
FLASHCARDS IN STRATEGIC ROLE OF INTERNAL AUDIT DECK (62):
1
As part of the process to improve auditor–auditee relations, it is very important
to deal with how internal auditing is perceived. Certain types of attitudes in the
work performed will help create these perceptions. From a management
perspective, which attitude is likely to be the most conducive to a positive
perception?
Interrogatory.
Investigative.
Consultative.
Objective.
Consultative.
2
Recent criticism of an internal auditing department suggested that audit
coverage was not providing adequate feedback to senior management on the
processes used in the organization?s key lines of business. The problem was
further defined as lack of feedback on the recent implementation of automated
support systems. Which two functions does the director of internal auditing
need to improve?
Staffing and communicating.
Staffing and decision making.
Planning and communicating.
Planning and organizing.
3
The internal auditing department of a large corporation has established its
operating plan and budget for the coming year. The operating plan is
restricted to these categories: a prioritized listing of all audits, staffing, a
detailed expense budget, and the commencement date of each audit. Which
of the following bestdescribes the major deficiency of this operating plan?
Requests by management for special projects are not considered.
Knowledge, skills, and disciplines required to perform work are ignored.
Opportunities to achieve operating benefits are ignored.
Measurability criteria and targeted dates of completion are not provided.
4
A service company is currently experiencing a significant downsizing and
process reengineering. Its board of directors has redefined the business goals
and established initiatives using technology developed in house to meet these
goals. As a result, a more decentralized approach has been adopted to run
the business functions by empowering the business branch managers to
make decisions and perform functions traditionally done at a higher level.
The internal auditing staff is made up of the director, two managers, and five
staff auditors, all with financial background. In the past, the primary focus of
successful audit activities has been the service branches and the six regional
division headquarters, which support the branches. These division
headquarters are the primary targets for possible elimination. The support
functions, such as human resources, accounting, and purchasing, will be
brought into the national headquarters, and technology will be enhanced to
enable and augment these operations.
Up to this point, internal auditing has reported to the chief operating officer.
Due to the significant changes, there has been some discussion as to
changing this reporting relationship. What would be the best reporting
relationship for internal auditing?
Administrative to the president, functional to the board.
Administrative and functional to the president.
Administrative and functional to the chief operating officer.
Administrative to the chief financial officer and functional to the president.
Administrative to the president, functional to the board.
5
Branch managers view the internal auditing function as a watchdog for top
management. What is the best way for internal auditing to change this view to
one that is more cooperative?
Increase technical skills.
Increase solicitation of auditee concerns.
Increase focus on control responsibilities.
Increase confidentiality of investigative audits to minimize fear.
Increase solicitation of auditee concerns.
6
In which of the following duties would the audit director least likely have a
primary role?
Determine the need for expanded testing.
Select or approve team members.
Review the summary findings sheet.
Organize and draft the audit report.
7
The capabilities of individual staff members are key features in the
effectiveness of an internal auditing department. Select the primary
consideration used when staffing an internal auditing department.
Job descriptions.
Continuing education.
Background checks.
Organizational orientation.
Job descriptions.
8
In some organizations, consideration is being given to the possibility of
outsourcing internal audit functions. Management in a large organization
should recognize that the external auditor might have an advantage,
compared to the internal auditor, because of the external auditor?s:
Size. It can hire experienced, knowledgeable, and certified staff.
Structure. It may more easily accommodate audit requirements in distant
locations.
Size. It is able to offer continuous availability of staff unaffected by other
priorities.
Familiarity with the organization. Its annual audits provide an in-depth
knowledge of the organization.
Structure. It may more easily accommodate audit requirements in distant

locations.
9
Which of the following is most essential for guiding the audit staff in
maintaining daily compliance with the department?s standards of
performance?
Performance appraisals.
Policies and procedures.
Quality control reviews.
Position descriptions.
10
A professional engineer applied for a position in the internal auditing
department of a high-technology firm. The engineer became interested in the
position after observing several internal auditors while they were auditing the
engineering department. The director of internal auditing:
Should not hire the engineer because of the lack of knowledge of internal
auditing standards.
May hire the engineer in spite of the lack of knowledge of internal auditing
standards.
Should not hire the engineer because of the lack of knowledge of accounting
and taxes.
May hire the engineer because of the knowledge of internal auditing gained in
the previous position.
standards.
11
Upon being appointed, a new director of internal auditing found an
inexperienced audit staff that was over budget on most audits. A detailed
review of audit working papers revealed no evidence of progressive reviews
by audit supervisors. Additionally, there was no evidence that a quality
assurance program existed. Determining that audit objectives have been met
is part of the overall supervision of an audit assignment and is the ultimate
responsibility of the
Audit committee.
Director of internal auditing.
Internal auditing supervisor.
Staff internal auditor.
12
Which audit planning tool is general in nature and used to ensure adequate
audit coverage over time?
The department budget.
The audit program.
The long-range schedule.
The department charter.
13
An audit committee should be designed to enhance the independence of both
internal and external audit functions and to insulate the audit functions from
undue management pressures. Using these criteria, audit committees should
be composed of:
Only external members of the board of directors or its equivalent.
Only members from the relevant outside regulatory agencies.
Members from all important constituencies, specifically including
representatives from banking, labor, regulatory agencies, shareholders, and
officers.
A rotating subcommittee of the board of directors or its equivalent.
Only external members of the board of directors or its equivalent.
14
Audit committees have been identified as a major factor in promoting
independence of both internal and external auditors. Which of the following is
the most important limitation on the effectiveness of audit committees?
Audit committee members are compensated by the organization and thus
favor a stockholder?s view.
Audit committee members do not normally have degrees in the accounting or
auditing fields.
Audit committees may be composed of independent directors. However, those
directors may have close personal and professional friendships with
management.
Audit committees devote most of their efforts to external audit concerns and
do not pay much attention to internal auditing and the overall control
environment.
Audit committees may be composed of independent directors. However, those

directors may have close personal and professional friendships with
management.
15
While attending a social function, an internal auditor described to a group of
friends the elements of a sensitive audit on which he was working. The
internal auditing director’s best avenue for proceeding is to:
Fire the auditor to set an example for other auditors.
Remove the auditor from all audits in that area or in other sensitive areas.
Reprimand the auditor for talking shop at a social function.
Explain that the act is an ethical violation of the profession and that further
such action could result in dismissal or other serious effects.
16
Who should have the least influence on the appointment of the director of
internal audit?
The chief executive officer.
The external auditor.
The controller.
The controller.
17
The director of a newly formed internal auditing department is in the process
of drafting a formal written charter for the department. Which one of the
following items, related to the operational effectiveness of the internal audit
department, should be included in the charter?
The manner by which audit findings will be reported.
The frequency of the audits to be performed.
The internal auditors’ unlimited access to those records, personnel, and
physical properties that are relevant to the performance of the audits.
The procedures that the internal auditors will employ in investigating and
reporting fraud.

18
Which of the following factors serves as a direct input to the internal auditing
department’s financial budget?
Auditing department’s charter.
Past effectiveness of the internal auditing department in identifying cost
savings.
Audit work schedules.
Activity reports.
19
The status of the internal auditing function should be free from the impact of
irresponsible policy changes by management. The most effective way to
ensure that freedom is to:
Have the internal auditing charter approved by both management and the
board of directors.
Establish an audit committee within the board of directors.
Adopt policies for the functioning of the auditing department.
Develop written policies and procedures to serve as standards of performance
for the department.
Have the internal auditing charter approved by both management and the
board of directors.
20
The consultative approach to auditing emphasizes:
Fraud investigation.
Participation with auditees to improve methods.
Imposition of corrective measures.
Implementation of policies and procedures.
21
The internal auditing department for a large corporation recently concluded an
audit of sales department travel expenses. Which of the following groups
should receive a copy of the audit report?
Chief financial officer, sales director, and chief executive officer.
Sales director and vice president for marketing.
Chairman of the board, controller, and sales director.
Chairman of the board, chief operating officer, and vice president for
marketing.
22
The director of internal auditing is preparing the work schedule for the next
budget year and has limited audit resources. In deciding whether to schedule
the purchasing or the personnel department for an audit, which of the
following would be theleast important factor?
The potential for loss is significantly greater in one department than the other.
The audit staff has recently added an individual with expertise in one of the
areas.
There have been major changes in operations in one of the departments.
There are more opportunities to achieve operating benefits in one of the
departments than in the other.
areas.
23
assurance program existed. As a means of controlling projects and avoiding
time-budget overruns, decisions to revise time budgets for an audit should
normally be made:
When a significant deficiency has been substantiated.
When inexperienced audit staff is assigned to an audit.
Immediately after expanding tests to establish reliability of findings.
Immediately after the preliminary survey.
24
The best rationale for rotating internal auditors so that different individuals are
assigned to consecutive audits of a given auditee is to:
Increase the diligence exercised by internal auditors who know that the quality
of their work will be apparent to the next set of internal auditors.
Promote rapid professional development on the part of internal auditors by
exposing them to the full range of organizational activities.
Prevent burnout on the part of the internal auditor, which may lead to
excessive turnover in the internal audit department.
Avoid the development of bias toward a given auditee.
25
The requirements for staffing level, education and training, and audit research
should be included in
The internal auditing department?s policies and procedures manual.
Job descriptions for the various staff positions.
The annual plan for the internal auditing department.
The internal auditing department?s charter.
26
Having been given the task of developing a performance appraisal system for
evaluating the audit performance of a large internal auditing staff, you should:
Provide primarily for the evaluation of criteria such as diligence, initiative, and
tact.
Provide primarily for the evaluation of specific accomplishments directly
related to the performance of the audit program.
Provide general information concerning the frequency of evaluations and the
way evaluations will be performed without specifying their timing and uses.
Provide for an explanation of the appraisal criteria methods at the time the
appraisal results are discussed with the internal auditor.

27
Accepting the concept that internal auditing should be an integral part of an
organization can involve a major change of attitude on the part of top
management. Which of the following would be the best way for internal
auditors to convince management of the need for and benefits of internal
auditing?
Educating top managers about the benefits and communicating with them on
a regular basis.
Persuading top managers to accept the idea of internal audits by contacting
company shareholders and regulatory agencies.
Negotiating with top management to provide them with rewards, such as
favorable audits.
Involving top management in deciding which audit findings will be reported.
Educating top managers about the benefits and communicating with them on
a regular basis.
28
Which of the following activities is not included in determining the audit
schedule?
Planning workload requirements.
Developing audit programs.
Assessing risk factors.
Identifying auditable locations.
29
If the internal audit staff does not have the skills to perform a particular task, a
specialist could be brought in from:
I.The organization’s external audit firm.
II.An outside consulting firm.
III.The department currently being audited.
IV.A college or university.
I, II, and IV.
II and IV.
I, II, and III.
I and II.
I, II, and IV.
30
Successful consultative communication in an internal audit is partially based
on feedback from auditees about auditors? actions during the audit. This
feedback:
Will keep auditees on the defensive regarding the auditors.
Should go only to the auditors to help them improve their audit performance.
Should go only to senior management as a means of reviewing the auditors.
Should go to both management and the auditors to ensure business value is
being added.

being added.
31
According to the IIA Standards, an internal auditing department?s activity
reports should:
List unresolved findings.
Compare audits completed with audits planned.
Report the weekly activities of the individual auditors.
List the material findings of major audits.
32
In some cultures and organizations, managers insist that the internal auditing
function is not needed to provide a critical assessment of the organization?s
operations. A management attitude such as this will most probably have an
adverse effect on the internal auditing department?s:
Charter.
Operating budget variance.
Charter.
33
The best means for the internal auditing department to determine whether its
goal of implementing broader audit coverage of functional activities has been
met is through:
Comparison of the audit plan to actual audit activity.
Accumulation of audit findings by auditable area.
Surveys of management satisfaction with the internal auditing function.
Implementation of a quality assurance program.
34
Based on the above changes and assuming those total audit resources
remain the same, what activities should the internal auditing department
perform to best serve the organization?
I.Increase audit time in systems development
II.Increase audit time in service branches
III.Increase audit time in functions being centralized
IV.Continue the allocation of audit time as before
II and III.
III and IV.
I and II.
I and III.
I and III.
35
Which of the following features of a large manufacturing company’s
organization structure would be a control weakness?
The chief financial officer is a vice president who reports to the chief executive
officer.
The controller and treasurer report to the chief financial officer.
The IT department is headed by a vice president who reports directly to the
president.
The audit committee of the board consists of the chief executive officer, the
chief financial officer, and a major stockholder.
The audit committee of the board consists of the chief executive officer, the
chief financial officer, and a major stockholder.
36
An internal auditing manager has a small team of employees, but each
individual is self-motivated and could be termed a high achiever. The audit
manager has been given a particularly difficult assignment. Even for high
achievers, the probability that this job can be completed by one individual by
the required deadline is low. Select the best course for the audit manager.
Assign the entire staff to ensure the risk of failure is low.
Assign one individual since high achievers thrive on high risks.
Assign two staff members to moderate the risk of failure.
Ask company management to cancel the job.
37
You have been selected to develop an internal auditing department for your
company. Your approach would most likely be to hire:
Inexperienced personnel and train them the way the company wants them
trained.
Internal auditors each of whom possesses all the skills required to handle all
audit assignments.
Degreed accountants since most audit work is accounting related.
Internal auditors who collectively have the knowledge and skills needed to
complete all internal audit assignments.
38
Audit committees are responsible for:
Selecting the independent accountants.
Reviewing and approving the internal audit charter.
Developing the internal auditing plan and budget.
Selecting the director of internal auditing.
Reviewing and approving the internal audit charter.
39
adverse effect on the internal auditing function?s:
Effectiveness.
Effectiveness.
40
The internal audit director of a multinational company must form an audit team
to examine a newly acquired subsidiary in another country. Consideration
should be given to which of the following factors?
I.Local customs
II.Language skills of the auditor
III.Experience of the auditor
IV.Monetary exchange rate
II, III, and IV.
I and II.
I, II, and III.
I and III.
I, II, and III.
41
The proper organizational role of internal auditing is to:
Serve as the investigative arm of the audit committee of the board of directors.
Assist the external auditor in order to reduce external audit fees.
Perform studies to assist in the attainment of more efficient operations.
Serve as an appraisal function to examine and evaluate activities as a service
to the organization.
Serve as an appraisal function to examine and evaluate activities as a service

to the organization.
42
A quality assurance program of an internal audit department provides
reasonable assurance that audit work conforms to applicable standards.
Which of the following activities are designed to provide feedback on the
effectiveness of an audit department?
I.Proper supervision
II.Proper training
III.Internal reviews
IV.External reviews
I, II, III, and IV.
II, III, and IV.
I, III, and IV.
I, II, and III.
I, III, and IV.
43
In planning a system of internal operating controls, the role of the internal
auditor is to:
Design the controls.
Create the procedures for the planning process.
Appraise the effectiveness of the controls.
Establish the policies for controls.
44
Audit committees are most likely to participate in approving:
Internal audit report findings and recommendations.
Appointment of the internal audit director.
Staff promotions and salary increases.
Appointment of the internal audit director.
45
assurance program existed. To properly evaluate the operations of an internal
auditing department, a quality assurance program should include:
Periodic rotation of audit managers.
Internal reviews, by other than the internal audit staff, to appraise the quality
of department operations.
Periodic supervision of internal audit work on a sample basis.
External reviews at least once every three years by qualified persons who are
independent of the organization.
46
Which of the following activities does not constitute audit supervision?
Seeing that audit objectives are achieved.
Preparing a preliminary audit program.
Providing appropriate instructions to the auditors.
Reviewing audit work papers.
47
To avoid creating conflict between the chief executive officer (CEO) and the
audit committee, the internal auditing director should:
Request board establishment of policies covering internal auditing
relationships with the audit committee.
Discuss all pending reports to the CEO with the audit committee.
Submit copies of all audit reports to the CEO and audit committee.
Strengthen independence through organizational status.
Request board establishment of policies covering internal auditing

relationships with the audit committee.
48
A director of internal auditing has reviewed credentials, checked references,
and interviewed a candidate for a staff position. The director concludes that
the candidate has a thorough understanding of internal auditing techniques,
accounting, and management. However, the director notes that the candidate
has limited knowledge of economics and computer science. Which of the
following actions would be most appropriate?
Offer the candidate a position if other staff members possess sufficient
knowledge in economics and computer science.
Reject the candidate because of the lack of knowledge required by the
IIAStandards.
Encourage the candidate to obtain additional training in economics and
computer science and then reapply.
Offer the candidate a position despite the lack of knowledge in certain
essential areas.

49
The audit team leader is least likely to have a primary role in:
Updating the permanent files.
Reviewing the working papers.
Allocating budget audit hours among assigned staff.
Preparing the critique sheet for the audit.
50
External review of an internal auditing department is not likely to evaluate:
Compliance with the IIA Standards
Audit planning documents, particularly those submitted to senior management
and the audit committee.
Adherence to the internal auditing department’s charter.
Detailed cost–benefit analysis of the internal auditing department.
Detailed cost–benefit analysis of the internal auditing department.
51
The internal auditor’s responsibility for the prevention of fraud would include
all of the following except:
Evaluating the effectiveness of actions taken by management to deter fraud.
Determining if the organizational environment fosters control consciousness.
Ensuring against the occurrence of fraud.
Being aware of activities in which fraud is likely to occur.
Ensuring against the occurrence of fraud.
52
The key factor to the success of an audit organization?s human resources
program is:
A compensation plan based on years of experience.
A program for recognizing the special interests of individual staff members.
An informal program for developing and counseling staff.
A well-developed set of selection criteria.
53
Internal audit staff members should be afforded an appropriate means through
which they can discuss problems and receive updates regarding departmental
policies. The most appropriate forum for this objective is:
Staff meetings.
The department?s informal communication lines.
Intradepartment memoranda.
Employee evaluation conferences.
Staff meetings.
54
Following a negative performance evaluation by a supervisor, a staff auditor
went to the audit director to seek a change in the evaluation. The director was
familiar with the auditor?s performance and agreed with the evaluation. The
director agreed to meet and discuss the situation. Which of the following is the
best course of action for the director to take?
Have a human resources administrator present to ensure that improper
statements are not made.
Meet privately with the employee. Encourage discussion by asking for the
employee?s side of the issue and disclaiming any agreement with the
supervisor.
Have the supervisor participate in the meeting, so that there is no
misunderstanding about the facts.
Meet privately with the employee. Tell the employee of the director?s
agreement with the performance evaluation and express interest in any
additional facts the employee may wish to present.
Meet privately with the employee. Tell the employee of the director?s
55
An element of authority that should be included in the charter of the internal
auditing department is:
Access to the external auditor?s working papers.
Identification of the types of disclosures that should be made to the audit
committee.
Identification of the operational departments that the audit department must
audit.
Access to records, personnel, and physical properties relevant to the
performance of audits.

56
for work at remote locations is best described as:
More contact with senior audit personnel leading to an increase in control.
57
Which of the following would not be an appropriate member of an audit
committee?
The vice president of the local bank used by the company.
The firm’s vice president of operations.
An academic specializing in business administration.
A retired executive of a firm that had been associated with the corporation.
The firm’s vice president of operations.
58
The peer review process can be performed internally or externally. A
distinguishing feature of the external review is its objective to:
Determine if audit activities meet professional standards.
Set forth the recommendations for improvement.
Provide an independent evaluation.
Identify tasks that can be performed better.
59
Which of the following would be thebest source of an internal audit director’s
information for planning staffing requirements?
Review of audit staff education and training records.
Interviews with existing audit staff.
Review audit staff size and composition of similar-size companies in the same
industry.
Discussions of audit needs with executive management and the audit
committee.

committee.
60
During discussions with top management, the director of internal auditing
identified several strategic business issues to consider in preparing the annual
audit schedule. Which of the following does not represent a strategic issue for
this purpose?
An international marketing campaign will be started to develop product
recognition and also to leverage the new corporate-based advertising
department.
A monthly budgeting process will be implemented.
A human resources database will be established to ensure consistent
administration of policies and to improve data retention.
Joint venture candidates will be sought to provide manufacturing and sourcing
capabilities in European and Asian markets.
A monthly budgeting process will be implemented.
61
Why should organizations require auditees to promptly reply and outline the
corrective action that has been implemented on reported deficiencies?
To effect savings or to institute compliance as early as possible.
To remove items from the pending list as soon as possible.
To indicate concurrence with the audit findings.
To ensure that the audit schedule is kept up to date.
To effect savings or to institute compliance as early as possible.
62
Exit conferences serve to ensure the accuracy of the information used by an
internal auditor. A secondary purpose of an exit conference is to:
Improve relations with auditees.
Brief senior management on the results of the audit.
Agree to the appropriate distribution of the final report.
Get immediate action on a recommendation.
FLASHCARDS IN SUPERVISE ENGAGEMENTS DECK (35):
1
Which of the following microcomputer applications would be least helpful in
preparing audit working papers?
Database software.
Spreadsheet software.
Word processing software.
Utilities software.
Utilities software.
2
You are an audit supervisor, reviewing the working papers of a staff auditor’s
overall examination of the firm’s sales function. The pages are not numbered
or cross-referenced. Further, the working papers were dropped and
reassembled at random before they were brought to you.
You decide to put the working papers in the proper order according to the
IIAStandards. The first stage of this activity is to identify each page as a part
of (1) the preliminary survey, (2) the review of the adequacy of the system of
internal control, (3) the review for effectiveness of the system of internal
control, or (4) the review for quality of performance.
The second page you select documents an interview with a salesperson
discussing the overall sales cycle. This page belongs with the following
activity:
Review for adequacy of the system.
Review for effectiveness of the system.
Preliminary survey.
Review for quality of performance.
Preliminary survey.
3
Working papers should be disposed of when they are of no further use.
Retention policies:
Should be approved by the external auditor.
Should be prepared by the audit committee.
Should be approved by legal counsel.
Should specify a minimum retention period of three years.
Should be approved by legal counsel.
4
An internal audit manager is reviewing the audit working papers prepared by
the staff. Which of the following review comments is true?
Each working paper should include the actual and the budgeted time related
to such audit work.
Including copies of all the forms and directives of the auditee department
constitutes “unnecessary” overdocumentation.
Each working paper should include a statement regarding the auditees’
cooperation during the conduct of the audit.
Conclusions need not be documented in the working papers when the audit
objectives are achieved.
Including copies of all the forms and directives of the auditee department
constitutes “unnecessary” overdocumentation.
5
Internal auditors often include summaries within their working papers. Which
of the following best describes the purpose of such summaries?
Summaries are usually required for the completion of each section of an audit
program.
Summaries are prepared to conform to the IIIA Standards.
Summaries are used to document the fact that the auditor has considered all
relevant evidence.
Summaries distill the most useful information from several working papers into
a more usable form.
Summaries distill the most useful information from several working papers into
a more usable form.
6
Working papers provide the documentary support for the internal auditor’s
report. Which of the following is not a good practice for working papers?
Internal auditors within a given organization should develop standardized
methods for organization and documentation.
Working papers should be sufficient to support the internal auditors’ report
without additional verbal elaboration by the internal auditor.
Working papers should be organized chronologically, that is, with the papers
prepared earliest at the front of the file.
Working papers should be kept secure at all times to prevent accidental loss
or unauthorized access.
Working papers should be organized chronologically, that is, with the papers
prepared earliest at the front of the file.
7
An internal auditing supervisor, when reviewing a staff member’s working
papers, identified an unsupported statement that the auditee’s unit was
operating inefficiently. What action should the supervisor direct the auditor to
take?
Remove the comment from the working paper file.
Obtain the auditee’s concurrence with the statement.
Explain that it is the opinion of the staff member.
Research and identify criteria to measure operating efficiency.
Research and identify criteria to measure operating efficiency.
8
When audit conclusions are challenged, the auditor?s factual rebuttal is best
facilitated by:
Cross-referencing of the working papers.
Summaries in the audit program.
Pro forma working papers.
Explicit procedures in the audit program.
Cross-referencing of the working papers.
9
When determining the retention period for the work papers of a contract audit,
it is best to:
Review the corporate policy manual developed by the records management
area for the section regarding business records.
Seek the assistance of the legal department to ensure compliance with
contract provisions.
Follow the contractor’s own record retention policies.
Check with the corporate accounting department since accounting records are
involved.
Seek the assistance of the legal department to ensure compliance with

contract provisions.
10
Working papers are the property of the auditor. Good control of working
papers:
Requires retention of working papers for at least three years.
Prevents surrender to a summons issued by a governmental agency.
Requires that only the auditor who created the working paper change
electronic working papers.
Precludes showing working papers to auditees.
Requires that only the auditor who created the working paper change
electronic working papers.
11
Productivity statistics are provided quarterly to the board of directors. An
auditor checked the ratios and other statistics in the four most recent reports.
The auditor used scratch paper and copies of the board reports to verify the
accuracy of computations and compared the data used in the computations
with supporting documents. The auditor wrote a note describing this work for
the working papers and then discarded the scratch paper and report copies.
The auditor’s note stated: “The ratios and other statistics in the quarterly
board reports were checked for the last four quarters, and appropriate
supporting documents were examined. All amounts appear to be appropriate.”
In this situation:
The auditor did not consider whether the information in the board report was
compiled efficiently.
The auditor’s working papers are not sufficient to facilitate an efficient review
of the auditor’s work.
The auditor should have included the scratch paper in the working papers.
Four quarters is not a large enough sample on which to base a conclusion.
The auditor’s working papers are not sufficient to facilitate an efficient review
of the auditor’s work.
12
An internal auditing department has a project under way to determine whether
it can go to electronic working papers. Decision criteria will be based primarily
on the requirements of internal auditing standards and on the experience of
other audit departments.
Which of the following long-term effects associated with electronic working
papers is most likely to occur after conversion from manual working papers?
Working papers must be printed.
Reductions in the average time to complete audits.
Significant training needs for auditors.
More comprehensive working papers.
Reductions in the average time to complete audits.
13
Working papers should include:
All work papers prepared during a previous audit of the same area.
Documentation of the examination and evaluation of the adequacy and
effectiveness of the system of internal control.
Copies of all source documents examined in the course of the audit.
Copies of all procedures that were reviewed during the audit.
Documentation of the examination and evaluation of the adequacy and
effectiveness of the system of internal control.
14
An audit working paper is complete when:
The audit objective has been met.
Working papers are properly indexed and cross-indexed.
Condensation and careful summarization of detail is present.
Operational activity describing the essential basis of the audit has been
included.
The audit objective has been met.
15
A recent fire in a company’s warehouse has destroyed a large portion of its
inventory. Management is in the process of filing an insurance claim and
needs to use the internal auditors’ inventory working papers in preparing the
claim. According to the IIA Standards, which of the following is correct?
Management may use the internal auditors’ inventory working papers in
preparing the insurance claim, but the director of internal auditing should
approve such use.
Management should be precluded from preparing the insurance claim, and
such function should be given to the internal auditing department.
preparing the insurance claim, but both the company’s external independent
auditors and the director of internal auditing should approve such use.
Management may not use any of the internal auditors’ working papers in
preparing the insurance claim.

preparing the insurance claim, but the director of internal auditing should
approve such use.
16
Working papers serve the following purpose for the internal auditor:
Provide the auditee a place to make responses to audit recommendations.
Provide the principal evidential support for the internal auditor?s report.
Provide a place to summarize overall audit recommendations.
Make the audit report more readable by providing a place to append exhibits.
Provide the principal evidential support for the internal auditor?s report.
17
A good working paper for a bank reconciliation should include (either directly
or through cross-reference) all of the following except:
The cash balance per the general ledger as of the reconciliation date.
A list of all deposits made during the period in question.
A legend explaining all tick marks employed.
A list of outstanding checks.
A list of all deposits made during the period in question.
18
Working papers have the following characteristic:
They are the property of the organization and are available to all company
employees.
They document the auditing procedures performed, the information obtained,
and the conclusions reached.
They should be retained permanently in the organization?s records.
They become the property of the independent outside auditors when
completed.
They document the auditing procedures performed, the information obtained,

and the conclusions reached.
19
When hiring entry-level internal audit staff, which of the following
will mostlikely predict the applicant’s success as an auditor?
Ability to fit well socially into a group.
Grade point average on college accounting courses.
Ability to organize and express thoughts well.
Level of detailed knowledge of the company.
Ability to organize and express thoughts well.
20
An internal auditing department has been piloting the use of electronic
working paper files. Full implementation is expected in the near future. Select
adisadvantage of electronic working papers.
Cross-referencing is more tedious.
They require specific technical training.
Critical working papers must still be printed off.
Each staff auditor must have a personal computer.
They require specific technical training.
21
The primary purpose of an auditor?s working papers is to:
Document deficiencies in internal control structure with recommendations to
management for improvement.
Comply with the auditing standards of the profession.
Serve as a means with which to prepare the financial statements.
Provide evidence of the planning and execution of audit procedures
performed.
Provide evidence of the planning and execution of audit procedures

performed.
22
To properly control working papers, the auditor should not:
Make them available to people who have no authority to use them.
Permit access to government auditors.
Permit access to external auditors.
Share the results of an audit with the auditee.
Make them available to people who have no authority to use them.
23
In general, internal auditing working papers should be:
Disposed of in accordance with departmental policy.
Retained for three years as specified in the IIA Standards.
Retained according to the guidelines published by the federal government.
Disposed of after the performance of two subsequent audits.
Disposed of in accordance with departmental policy.
24
An adequately documented working paper should:
Not contain copies of auditee records.
Contain examples of all forms and procedures used by the auditee.
Be concise but complete.
Follow a unique form and arrangement.
Be concise but complete.
25
When reviewing audit working papers, the primary responsibility of an audit
supervisor is to determine that:
Working papers adequately support the audit findings, conclusions, and
reports.
Standard departmental procedures are adhered to with regard to work paper
preparation and technique.
Each worksheet is properly identified with a descriptive heading.
Working papers are properly referenced and kept in logical groupings.
Working papers adequately support the audit findings, conclusions, and

reports.
26
The third page you select is a blank copy of the sales contract form now in
use by the firm. Annotated on the form in several places are the words “key
control” followed by a brief explanation. You recognize the writing as that of
the staff auditor who performed the audit. This document belongs with the
following activity:
Preliminary survey.
27
Which of the following should be identified as a deficiency by an audit
supervisor when reviewing a set of working papers?
An audit finding recorded in the working papers and report draft that omits the
criteria used for evaluation.
A letter to the auditee outlining the scope of the audit.
A memorandum explaining why the time budget for a part of the audit was
exceeded.
A memorandum explaining why an audit program step was omitted.
An audit finding recorded in the working papers and report draft that omits the
criteria used for evaluation.
28
Which of the following concepts distinguishes the retention of computerized
audit working papers from the traditional hard-copy form?
Computerized data files can be used in information technology audit
procedures.
Audit programs can be standardized to eliminate the need for a preliminary
survey at each location.
Evidential support for all findings is copied and provided to local management
during the closing conference and to each person receiving the final report.
Analyses, conclusions, and recommendations are filed on electronic media
and are therefore subject to computer system controls and security
procedures.
Analyses, conclusions, and recommendations are filed on electronic media

and are therefore subject to computer system controls and security
procedures.
29
A working paper is complete when it:
Contains all of the elements of a finding.
Satisfies the audit objective for which it is developed.
Complies with the auditing department?s format requirements.
Is clear, concise, and accurate.
Satisfies the audit objective for which it is developed.
30
An internal auditing department has a project under way to determine whether
it can go to electronic working papers. Decision criteria will be based primarily
on the requirements of internal auditing standards and on the experience of
other audit departments.
The feasibility study should recognize that internal auditing standards specify
that for the design and content of working papers in the form of media other
than paper:
Consideration should be given to generating backup copies of working
papers.
The media selected should determine working paper design and content.
Conversion to paper should occur no later than the time of final review.
Working paper retention should be solely a function of the media used.
Consideration should be given to generating backup copies of working

papers.
31
Auditors use a variety of indexing and cross-referencing methods in their audit
working papers. An internal auditing manager might devise a working paper
indexing method tailored to a specific organization’s needs. A government
audit agency would devise a method for all organizations under the agency’s
jurisdiction. Which of the following bestexplains the reason for this difference
in working paper index methods between the two?
The internal auditing manager devises a method that simplifies the review
process within a particular organization, but the government audit agency
devises one uniform method to simplify the review process of the vastly
different organizations to be audited.
The method of the internal auditing manager is prescribed by the
IIAStandards, but law requires the method of the government audit agency.
IIAStandards, but the method of the government audit agency is required by
the regulatory agency.
The internal auditing manager devises that method specified by the
organization’s audit committee, but the government audit agency devises one
uniform method that is required by law.
32
Which of the following statements relating to the retention of audit working
papers is an inappropriate policy?
Working papers on fraud audits should be retained indefinitely.
Working papers should be disposed of when they have no further use.
Working paper retention schedules should consider legal and contractual
requirements.
Legal counsel should approve working paper retention schedules.
Working papers on fraud audits should be retained indefinitely.
33
Each individual work paper should, at a minimum, contain:
A complete flowchart of the system of internal controls for the area being
reviewed.
A tick mark legend.
An expression of an audit opinion.
A descriptive heading.
A descriptive heading.
34
The first page you select documents a compliance test performed during the
course of the audit. This page belongs with the following activity:
Preliminary survey.
35
Auditors use a variety of indexing and cross-referencing methods in their audit
work papers. An internal auditing manager might devise a work paper
indexing method tailored to a specific organization’s needs. A government
audit agency would devise one method for all organizations under the
agency’s jurisdiction. Which of the following bestexplains the reason for this
difference between the two work paper indexing methods?
The internal auditing manager devises a method specified by the
organization’s audit committee, but the government audit agency devises one
uniform method that is required by law.
IIAStandards, but the method of the government audit agency is required by
agency policy.
IIAStandards, but law requires the method of the government audit agency.
FLASHCARDS IN FRAUD EVIDENCE AND INVESTIGATION DECK (41):
1
Which of the following methods is acceptable to handle computer equipment
seized in a computer crime investigation?
Subjecting the magnetic media to forensic testing.
Laying the magnetic media on top of electronic equipment.
Exposing the magnetic media to radio waves.
Leaving the magnetic media in the trunk of a vehicle containing a radio unit.
Subjecting the magnetic media to forensic testing.
2
Which of the following investigative tools is most effective when large volumes
of evidence need to be analyzed?
Computer.
Questionnaires.
Forensic analysis.
Interviews.
Computer.
3
The concept of admissibility of evidence does not include which of the
following?
Relevance.
Competence.
Materiality.
Sufficiency.
Sufficiency.
4
Data diddling can be prevented by all of the following except:
Access controls.
Integrity checking.
Program change controls.
Rapid correction of data.
Rapid correction of data.
5
In a computer-related crime investigation, computer evidence is:
Difficult and erasable.
Volatile and invisible.
Electronic and inadmissible.
Apparent and magnetic.
Volatile and invisible.
6
The final stage of reporting results of computer evidence life cycle is:
Receive.
Examine.
Report.
Return.
Return.
7
Identify the computer-related crime and fraud method that involves obtaining
information that may be left in or around a computer system after the
execution of a job.
Piggybacking.
Data diddling.
Scavenging.
Salami technique.
Scavenging.
8
Once evidence is seized, a law enforcement officer should follow which of the
following?
Chain of control.
Chain of command.
Chain of custody.
Chain of communications.
Chain of custody.
9
If a computer or peripheral equipment involved in a computer crime
is notcovered by a search warrant, what should the investigator do?
Analyze the equipment or its contents, and record it.
Leave it alone until a warrant can be obtained.
Seize it before someone takes it away.
Store it in a locked cabinet in a secure warehouse.
Leave it alone until a warrant can be obtained.
10
Are an investigator?s handwritten notes considered valid evidence in court of
law?
No.
Yes.
Maybe.
Depends.
Yes.
11
The most objective and relevant evidence in a computer environment
involving fraud is.
Physical examination.
Computer logs.
Physical observation.
Inquiries of people.
Computer logs.
12
What determines if a computer crime has been committed?
When the crime is reported.
When the investigation is completed.
When a computer expert has completed his or her work.
When the allegation has been substantiated.
When the allegation has been substantiated.

13
Most of the evidence submitted in a computer crime case is:
Secondary evidence.
Documentary evidence.
Admissible evidence.
Legal evidence.
Documentary evidence.
14
What is a data diddling technique?
I.Changing data before input to a computer system.
II.Changing data during input to a computer system.
III.Changing data during output from a computer system.
IV.All options.
IV.
15
An internal auditor suspects fraud. Which of the following sample plans should
be used if the purpose is to select a sample with a given probability of
containing at least one example of the irregularity?
Probability proportional to size.
Attributes.
Stop and go.
Discovery.
Discovery.
16
Because of control weaknesses, it is possible that the individual managers of
122 restaurants could have placed fictitious employees on the payroll. Each
restaurant employs between 25 and 30 people. To efficiently determine
whether this fraud exists at less than a 1% level, the auditor should use:
Discovery sampling.
Judgment sampling.
Directed sampling.
Attributes sampling.
Discovery sampling.
17
Which of the following is needed to produce technical evidence in computer-
related crimes?
Audit methodology.
Criminal methodology.
Forensic methodology.
System methodology.
Forensic methodology.
18
A reliable way to detect superzapping work is by:
Noting discrepancies by those who receive reports.
Comparing current data files with previous data files.
Examining computer usage logs.
Reviewing undocumented transactions.
Comparing current data files with previous data files.
19
An auditor applying a discovery sampling plan with a 5% risk of overreliance
may conclude that there is:
A 95% probability that the actual rate of occurrence in the population is less
than the critical rate if only one exception is found.
Greater than a 95% probability that the actual rate of occurrence in the
population is less than the critical rate if no exceptions are found.
than the critical rate if no exceptions are found.
than the critical rate if the occurrence rate in the sample is less than the
critical rate.
than the critical rate if no exceptions are found.
20
Evidence is needed to do which of the following?
Charge a case.
Classify a case.
Prove a case.
Make a case.
Prove a case.
21
What is a salami technique?
Stealing small amounts of money from bank accounts.
Using the rounding-down concept.
Taking small amounts of assets.
All options.
All options.
22
After partially completing an internal control review of the accounts payable
department, the auditor suspects that some type of fraud has occurred. To
ascertain whether the fraud is present, the best sampling approach would be
to use:
Judgmental sampling to select a sample of vouchers processed by clerks
identified by the department manager as acting suspiciously.
Simple random sampling to select a sample of vouchers processed by the
department during the past year.
Probability-proportional-to-size sampling to select a sample of vouchers
processed by the department during the past year.
Discovery sampling to select a sample of vouchers processed by the
Discovery sampling to select a sample of vouchers processed by the

23
When large volumes of writing are presented in court, which type of evidence
is inapplicable?
Flowchart evidence.
Demonstrative evidence.
Magnetic tapes evidence.
Best evidence.
Best evidence.
24
In a computer-related crime investigation, maintenance of evidence is
important for which of the following reasons?
To protect the evidence.
To collect the evidence.
To record the crime.
To avoid problems of proof.
To avoid problems of proof.
25
The objective of which of the following team members is similar to that of the
information systems security officer involved in a computer crime
investigation?
District attorney.
Investigator.
Computer expert.
Internal systems auditor.
Internal systems auditor.
26
Computer fraud is discouraged by:
Ostracizing whistleblowers.
Accepting the lack of integrity in the system.
Being willing to prosecute.
Overlooking inefficiencies in the judicial system.
Being willing to prosecute.
27
With respect to computer security and fraud, a legal liability exists to an
organization under which of the following conditions?
When estimated security costs are equal to estimated losses.
When estimated security costs are greater than estimated losses.
When estimated security costs are less than estimated losses.
When actual security costs are equal to actual losses.
When estimated security costs are less than estimated losses.
28
From a computer security viewpoint, courts expect what amount of care from
organizations?
Great care.
Extraordinary care.
Super care.
Due care.
Due care.
29
When computers and peripheral equipment are seized in relation to a
computer crime, it is an example of:
Collateral evidence.
Duplicate evidence.
Best evidence.
Physical evidence.
Physical evidence.
30
When an auditor?s sampling objective is to obtain a measurable assurance
that a sample will contain at least one occurrence of a specific critical
exception existing in a population, the sampling approach to use is:
Variables.
Discovery.
Random.
Probability proportional to size.
Discovery.
31
All of the following are proper ways to handle the computer equipment and
magnetic media items involved in a computer crime investigation except:
Seal and store items in a cardboard box.
Seal and store items in a paper bag.
Seal and store items in a plastic bag.
Seal, store, and tag the items.
Seal and store items in a plastic bag.
32
The chain of custody does not ask which of the following questions?
Who damaged the evidence?
Who collected the evidence?
Who controlled the evidence?
Who stored the evidence?
Who damaged the evidence?
33
A search warrant is required:
Before identifying the number of investigators needed.
After establishing the probable cause(s).
After seizing the computer and related equipment.
Before the allegation has been substantiated.
After establishing the probable cause(s).
34
Which of the following security techniques allows time for response by
investigative authorities?
Detect.
Deny.
Delay.
Deter.
Delay.
35
Computer fraud is increased when:
Documentation is not available.
Employee performance appraisals are not given.
Employees are not trained.
Audit trails are not available.
Audit trails are not available.
36
Management is legally required to prepare a shipping document for all
movement of hazardous materials. The document must be filed with bills of
lading. Management expects 100% compliance with the procedure. Which of
the following sampling approaches would be most appropriate?
Discovery sampling.
Targeted sampling.
Variables sampling.
Discovery sampling.
37
Which of the following is not a criminal activity in most jurisdictions?
Writing a computer virus program.
Spreading a computer virus program.
Using a computer virus program.
Releasing a computer virus program.
Writing a computer virus program.
38
The correct sequence of preliminary investigation is:
I.Consult with a computer expert.
II.Prepare an investigative plan.
III.Consult with a prosecutor.
IV.Substantiate the allegation.
IV, II, III, and I.
I, IV, II, and III.
III, I, II, and IV.
IV, I, II, and III.
IV, I, II, and III.
39
In the audit of a health insurance claims processing department, a sample is
taken to test for the presence of fictitious payees, although none is suspected.
The most appropriate sampling plan would be:
Variables sampling.
Discovery sampling.
Stop-and-go sampling.
Discovery sampling.
40
The appropriate sampling plan to use to identify at least one irregularity,
assuming some number of such irregularities exist in a population, and then to
discontinue sampling when one irregularity is observed is:
Stop-and-go sampling.
Variables sampling.
Discovery sampling.
Discovery sampling.
41
A security investigator or law enforcement officer should observe which of the
following during a computer crime investigation?
Chain of logs.
Chain of custody.
Chain of events.
Chain of computers.
Chain of custody.
FLASHCARDS IN MONITOR ENGAGEMENT OUTCOMES DECK (52):
1
A professional engineer applied for a position in the internal auditing
department of a high-technology firm. The engineer became interested in the
position after observing several internal auditors while they were auditing the
engineering department. The director of internal auditing:
standards.
May hire the engineer because of the knowledge of internal auditing gained in
the previous position.
Should not hire the engineer because of the lack of knowledge of accounting
and taxes.
Should not hire the engineer because of the lack of knowledge of internal
auditing standards.
standards.
2
External review of an internal auditing department is not likely to evaluate:
Audit planning documents, particularly those submitted to senior management
and the audit committee.
Adherence to the internal auditing department’s charter.
Compliance with the IIA Standards.
Detailed cost/benefit analysis of the internal auditing department.
Detailed cost/benefit analysis of the internal auditing department.
3
for work at remote locations isbest described as:
More contact with senior audit personnel leading to an increase in control.
4
If the internal audit staff does not have the skills to perform a particular task, a
specialist could be brought in from:
I. The organization’s external audit firm.
II. An outside consulting firm.
III.The department currently being audited.
IV. A college or university.
I, II, and IV.
II and IV.
I and II.
I, II, and III.
I, II, and IV.
5
Follow-up activity may be required to ensure that corrective action has taken
place for certain findings. The internal audit department?s responsibility to
perform follow-up activities as required should be defined in the:
Mission statement of the audit committee.
Internal auditing department?s written charter.
Engagement memo issued prior to each audit assignment.
Purpose statement within applicable audit reports.
Internal auditing department?s written charter.
6
assurance program existed.
As a means of controlling projects and avoiding time-budget overruns,
decisions to revise time budgets for an audit should normally be made:
When a significant deficiency has been substantiated.
When inexperienced audit staff is assigned to an audit.
Immediately after expanding tests to establish reliability of findings.
7
Internal auditing is responsible for reporting fraud to senior management or
the board when:
Irregular transactions have been identified and are under investigation.
The review of all suspected fraud-related transactions is complete.
Suspicious activities have been reported to internal auditing.
The incidence of fraud of a material amount has been established to a
reasonable certainty.
The incidence of fraud of a material amount has been established to a

reasonable certainty.
8
The capabilities of individual staff members are key features in the
effectiveness of an internal auditing department. Select
the primaryconsideration used when staffing an internal auditing department.
Background checks.
Job descriptions.
Continuing education.
Organizational orientation.
Job descriptions.
9
The director of a newly formed internal auditing department is in the process
of drafting a formal written charter for the department. Which one of the
following items, related to the operational effectiveness of the internal audit
department, should be included in the charter?
The frequency of the audits to be performed.
The procedures that the internal auditors will employ in investigating and
reporting fraud.
The manner by which audit findings will be reported.

10
If an internal auditor finds that no corrective action has been taken on a prior
audit finding that is still valid, the IIAStandards states that the internal auditor
should:
Determine whether management or the board has assumed the risk of not
taking corrective action.
Schedule a future audit of the specific area involved.
Seek the board’s approval to initiate corrective action.
Restate the prior finding along with the findings of the current audit.
Determine whether management or the board has assumed the risk of not
taking corrective action.
11
The peer review process can be performed internally or externally. A
distinguishing feature of the external review is its objective to:
Identify tasks that can be performed better.
Determine if audit activities meet professional standards.
Set forth the recommendations for improvement.
12
Which of the following would be thebest source of an internal audit director’s
information for planning staffing requirements?
Review audit staff size and composition of similar-size companies in the same
industry.
Review of audit staff education and training records.
Interviews with existing audit staff.
committee.
committee.
13
Recent criticism of an internal auditing department suggested that audit
coverage was not providing adequate feedback to senior management on the
processes used in the organization?s key lines of business. The problem was
further defined as lack of feedback on the recent implementation of automated
support systems. Which two functions does the director of internal auditing
need to improve?
Planning and organizing.
Staffing and communicating.
Staffing and decision making.
14
Internal audit staff members should be afforded an appropriate means through
which they can discuss problems and receive updates regarding departmental
policies. The most appropriate forum for this objective is:
Employee evaluation conferences.
The department?s informal communication lines.
Staff meetings.
Intradepartment memoranda.
Staff meetings.
15
While attending a social function, an internal auditor described to a group of
friends the elements of a sensitive audit on which he was working. The
internal auditing director?s best avenue for proceeding is to:
Reprimand the auditor for talking shop at a social function.
Fire the auditor to set an example for other auditors.
Remove the auditor from all audits in that area, or in other sensitive areas.
16
An internal auditor reported a suspected fraud to the director of internal
auditing. The director turned the entire case over to the security department.
Security failed to investigate or report the case to management. The
perpetrator continued to defraud the organization until being accidentally
discovered by a line manager two years later. Select the most appropriate
action for the audit director.
The director’s actions were correct.
The director should have conducted the investigation.
The director should have discharged the perpetrator.
The director should have periodically checked the status of the case with
security.
security.
17
According to the IIA Standards, an internal auditing department?s activity
reports should:
List the material findings of major audits.
Report the weekly activities of the individual auditors.
List unresolved findings.
18
Determining that audit objectives have been met is part of the overall
supervision of an audit assignment and is the ultimate responsibility of the:
Audit committee.
Staff internal auditor.
Internal auditing supervisor.
19
Which of the following activities does not constitute audit supervision?
Seeing that audit objectives are achieved.
Providing appropriate instructions to the auditors.
Reviewing audit work papers.
20
Which of the following activities is not included in determining the audit
schedule?
Identifying auditable locations.
Assessing risk factors.
Planning workload requirements.
21
The internal audit director of a multinational company must form an audit team
to examine a newly acquired subsidiary in another country. Consideration
should be given to which of the following factors?
I. Local customs.
II. Language skills of the auditor.
III. Experience of the auditor.
IV. Monetary exchange rate.
I, II, and III.
I and III.
II, III, and IV.
I and II.
I, II, and III.
22
An internal auditing manager has a small team of employees, but each
individual is self-motivated and could be termed a high achiever. The audit
manager has been given a particularly difficult assignment. Even for a high
achiever, the probability that this job can be completed by one individual by
the required deadline is low. Select the bestcourse for the audit manager.
Assign one individual since high achievers thrive on high risks.
Ask company management to cancel the job.
Assign the entire staff to ensure the risk of failure is low.
23
Which of the following audit committee activities would be of the greatest
benefit to the internal auditing department?
Review and approval of audit programs.
Review and endorsement of all internal audit reports prior to their release.
Support for appropriate follow-up of recommendations made by the internal
auditing department.
Assurance that the external auditor will rely on the work of the internal auditing
department whenever possible.
Support for appropriate follow-up of recommendations made by the internal

auditing department.
24
Auditors realize that at times corrective action is not taken even when agreed
to by the appropriate parties. This should lead an internal auditor to:
Decide the extent of necessary follow-up work.
Decide to conduct follow-up work only if management requests the auditor’s
assistance.
Write a follow-up audit report with all findings and their significance to the
operations.
Allow management to decide when to follow up, since it is management’s
ultimate responsibility.
Decide the extent of necessary follow-up work.
25
The internal auditing department of a large corporation has established its
operating plan and budget for the coming year. The operating plan is
restricted to the following categories: a prioritized listing of all audits, staffing,
a detailed expense budget, and the commencement date of each audit. Which
of the following best describes the major deficiency of this operating plan?
Knowledge, skills, and disciplines required to perform work are ignored.
Opportunities to achieve operating benefits are ignored.
Requests by management for special projects are not considered.
26
adverse effect on the internal auditing department?s:
Charter.
Charter.
27
You have been selected to develop an internal auditing department for your
company. Your approach would most likely be to hire:
Internal auditors, each of whom possesses all the skills required to handle all
audit assignments.
Inexperienced personnel and train them the way the company wants them
trained.
Degreed accountants since most audit work is accounting related.
28
The internal auditing department for a large corporation recently concluded an
audit of sales department travel expenses. Which of the following groups
should receive a copy of the audit report?
Chairman of the board, chief operating officer, and vice president for
marketing.
Chief financial officer, sales director, and chief executive officer.
Chairman of the board, controller, and sales director.
29
During an audit of purchasing, internal auditors found several violations of
company policy concerning competitive bidding. The same condition that had
been reported in an audit report last year, and corrective action had not been
taken. Which of the following bestdescribes the appropriate action concerning
this repeat finding?
During the exit interview, management should be made aware that a finding
from the prior report had not been corrected.
The audit report should note that this same condition had been reported in the
prior audit.
The director of internal auditing should determine whether this condition
should be reported to the independent auditor and any regulatory agency.
The director of internal auditing should determine whether management or the
board has assumed the risk of not taking corrective action.
The director of internal auditing should determine whether management or the

board has assumed the risk of not taking corrective action.
30
The key factor to the success of an audit organization?s human resources
program is:
An informal program for developing and counseling staff.
A program for recognizing the special interests of individual staff members.
A compensation plan based on years of experience.
31
To properly evaluate the operations of an internal auditing department, a
quality assurance program should include:
Periodic rotation of audit managers.
Periodic supervision of internal audit work on a sample basis.
Internal reviews, by other than the internal audit staff, to appraise the quality
of department operations.
32
The requirements for staffing level, education and training, and audit research
should be included in:
Job descriptions for the various staff positions.
The internal auditing department?s charter.
The internal auditing department?s policies and procedures manual.
33
Given the acceptance of the cost savings audits and the scarcity of internal
audit resources, the audit manager also decided that follow-up action was not
needed. The manager reasoned that cost savings should be sufficient to
motivate the auditee to implement the auditor’s recommendations. Therefore,
follow-up was not scheduled as a regular part of the audit plan. Does the audit
manager’s decision violate the IIA Standards?
Yes. The IIA Standards require the auditors to determine whether the auditee
has appropriately implemented all of the auditor’s recommendations.
No. When there is evidence of sufficient motivation by the auditee, there is no
need for follow-up action.
Yes. Scarcity of resources is not a sufficient reason to omit follow-up action.
No. The IIA Standards do not specify whether follow-up is needed.
Yes. Scarcity of resources is not a sufficient reason to omit follow-up action.
34
The best means for the internal auditing department to determine whether its
goal of implementing broader audit coverage of functional activities has been
met is through:
Implementation of a quality assurance program.
Surveys of management satisfaction with the internal auditing function.
Accumulation of audit findings by auditable area.

35
The best rationale for rotating internal auditors so those different individuals
are assigned to consecutive audits of a given auditee is to:
Prevent burnout on the part of the internal auditor, which may lead to
excessive turnover in the internal audit department.
Promote rapid professional development on the part of internal auditors by
exposing them to the full range of organizational activities.
Increase the diligence exercised by internal auditors who know that the quality
of their work will be apparent to the next set of internal auditors.
36
Reporting to senior management and the board is an important part of the
auditor’s obligation. Which of the following items is not required to be reported
to senior management and/or the board?
Subsequent to the completion of an audit, but prior to the issuance of an audit
report, the audit senior in charge of the audit was offered a permanent
position in the auditee’s department.
An annual report summary of the department’s audit work schedule and
financial budget.
Significant interim changes to the approved audit work schedule and financial
budget.
An audit plan was approved by senior management and the board.
Subsequent to the approval, senior management informed the audit director
not to perform an audit of a division because the division’s activities were very
sensitive.
Subsequent to the completion of an audit, but prior to the issuance of an audit

report, the audit senior in charge of the audit was offered a permanent
position in the auditee’s department.
37
Exit conferences serve to ensure the accuracy of the information used by an
internal auditor. A secondary purpose of an exit conference is to:
Get immediate action on a recommendation.
Agree to the appropriate distribution of the final report.
Brief senior management on the results of the audit.
38
Which of the following is most essential for guiding the audit staff in
maintaining daily compliance with the department’s standards of
performance?
Position descriptions.
Quality control reviews.
39
Which of the following factors serves as a direct input to the internal auditing
department’s financial budget?
Auditing department’s charter.
Past effectiveness of the internal auditing department in identifying cost
savings.
Activity reports.
40
Having been given the task of developing a performance appraisal system for
evaluating the audit performance of a large internal auditing staff, you should:
Provide general information concerning the frequency of evaluations and the
way evaluations will be performed without specifying their timing and uses.
Provide primarily for the evaluation of criteria such as diligence, initiative, and
tact.
Provide for an explanation of the appraisal criteria methods at the time the
appraisal results are discussed with the internal auditor.

41
To ensure that the auditor performance is evaluated.
To effect savings as early as possible.
To close the open audit issues as soon as possible.
To effect savings as early as possible.
42
A director of internal auditing has reviewed credentials, checked references,
and interviewed a candidate for a staff position. The director concludes that
the candidate has a thorough understanding of internal auditing techniques,
accounting, and management. However, the director notes that the candidate
has limited knowledge of economics and computer science. Which of the
following actions would be most appropriate?
Encourage the candidate to obtain additional training in economics and
computer science and then reapply.
Offer the candidate a position despite the lack of knowledge in certain
essential areas.
Reject the candidate because of the lack of knowledge required by the
IIAStandards.

43
Following a negative performance evaluation by a supervisor, a staff auditor
went to the audit director to seek a change in the evaluation. The director was
familiar with the auditor’s performance and agreed with the evaluation. The
director agreed to meet and discuss the situation. Which of the following is
the best course of action for the director to take?
Have the supervisor participate in the meeting, so that there is no
misunderstanding about the facts.
Meet privately with the employee. Tell the employee of the director’s
Meet privately with the employee. Encourage discussion by asking for the
employee’s side of the issue and disclaiming any agreement with the
supervisor.
Have a human resources administrator present to ensure that improper
statements are not made.
Meet privately with the employee. Tell the employee of the director’s
44
In which of the following duties would the audit director least likely have a
primary role?
Determine the need for expanded testing.
Review the summary findings sheet.
Select or approve team members.
45
A quality assurance program of an internal audit department provides
reasonable assurance that audit work conforms to applicable standards.
Which of the following activities are designed to provide feedback on the
effectiveness of an audit department?
I. Proper supervision.
II. Proper training.
III. Internal reviews.
IV. External reviews.
II, III, and IV.
I, II, III, and IV.
I, III, and IV.
I, II, and III.
I, III, and IV.
46
To institute compliance as early as possible.
To ensure that the audit schedule is kept up to date.
To remove items from the pending list as soon as possible.
To institute compliance as early as possible.
47
An internal audit team recently completed an audit of the company’s
compliance with its lease-versus-purchase policy concerning company
automobiles. The audit report noted that the basis for several decisions to
lease rather than purchase automobiles had not been documented and was
not auditable. The report contained a recommendation that operating
management ensure that such lease agreements not be executed without
proper documentation of the basis for the decision to lease rather than buy.
The internal auditors are about to perform follow-up work on this audit report.
The primary purpose for performing a follow-up review is to:
Ensure timely consideration of the internal auditors’ recommendations.
Allow the internal auditors to evaluate the effectiveness of their
recommendations.
Ascertain that appropriate action was taken on reported findings.
Document what management is doing in response to the audit report and
close the audit file in a timely manner.
Ascertain that appropriate action was taken on reported findings.
48
An internal audit team recently completed an audit of the company’s
compliance with its lease-versus-purchase policy concerning company
automobiles. The audit report noted that the basis for several decisions to
lease rather than purchase automobiles had not been documented and was
not auditable. The report contained a recommendation that operating
management ensure that such lease agreements not be executed without
proper documentation of the basis for the decision to lease rather than buy.
The internal auditors are about to perform follow-up work on this audit report.
Assume that senior management has decided to accept the risk involved in
failure to document the basis for lease-versus-purchase decisions involving
company automobiles. In such a case, what would be the auditors’ reporting
obligation?
The auditors should issue a follow-up report to management clearly stating
the rationale for the recommendation that the basis for lease-versus-purchase
decisions be properly documented.
The auditors should inform the external auditor and any responsible regulatory
agency that no action has been taken on the finding in question.
Management’s decision and the auditors’ concern should be reported to the
company’s board of directors.
The auditors have no further reporting responsibility.
The auditors have no further reporting responsibility.
49
Which audit-planning tool is general in nature and is used to ensure adequate
audit coverage over time?
The department budget.
The department charter.
The audit program.
50
The audit team leader is least likely to have a primary role in:
Allocating budget audit hours among assigned staff.
Preparing the critique sheet for the audit.
Reviewing the working papers.
51
The director of internal auditing is preparing the work schedule for the next
budget year and has limited audit resources. In deciding whether to schedule
the purchasing or the personnel department for an audit, which of the
following would be theleast important factor?
There have been major changes in operations in one of the departments.
areas.
There are more opportunities to achieve operating benefits in one of the
departments than in the other.
The potential for loss is significantly greater in one department than the other.
areas.
52
An element of authority that should be included in the charter of the internal
auditing department is:
Identification of the operational departments that the audit department must
audit.
Identification of the types of disclosures that should be made to the audit
committee.
Access to the external auditor?s working papers.

performance of audits
FLASHCARDS IN RISK BASED INTERNAL AUDIT PLAN DECK (32):
1
Directors may use a tool called “risk analysis” in preparing work schedules.
Which of the following would not be considered in performing a risk analysis?
Results of prior audits.
Major operating changes.
Skills available on the audit staff.
Financial exposure and potential loss.
Skills available on the audit staff.
2
Two major retail companies, both publicly traded and operating in the same
geographic area, have recently merged. Both companies are approximately
the same size and have audit departments. Company B has invested heavily
in information technology and has electronic data interchange connections
with its major vendors.
The audit committee has asked the internal auditors from both companies to
analyze risk areas that should be addressed after the merger. The director of
internal auditing of Company B has suggested that the two audit groups have
a planning meeting to share audit programs, scope of audit coverage, and
copies of audit reports that were delivered to their audit committees.
Management has also suggested that the auditors review the compatibility of
the companies’ two computer systems and control philosophy for individual
store operations.
During the first meeting, a disagreement occurs over the approach taken
regarding store compliance. The audit director for Company B questions
Company A’s extensive use of store compliance testing, stating that the
approach is neither responsive to materiality concepts nor an appropriate
application of risk assessment. Company A’s audit director presents the
following reasoning:
I.You have misconstrued materiality. Materiality is not based only on the size
of individual stores; it is also based on the control structure that affects the
whole organization.
II.Any deviation from a prescribed control procedure is, by definition, material.
III.The only way to ensure that a material amount of the company’s control
structure is covered is to comprehensively audit all stores.
Which statement(s) by the audit director of Company A is (are) valid?
I and II only.
I only.
III only.
I, II, and III.
I only.
3
The first phase of the risk assessment process is to identify and catalog the
auditable activities of the organization. Which of the following would not be
considered an auditable activity?
Statutory laws and regulations as they affect the organization.
The agenda established by the audit committee for one of its quarterly
meetings.
Computerized information systems.
General ledger account balances.
The agenda established by the audit committee for one of its quarterly
meetings.
4
In planning an audit, the internal auditor should design audit objectives and
procedures to address the risk associated with the activity. Risk is defined as:
The failure to adhere to organizational policies, plans, and procedures, or not
complying with relevant laws and regulations.
The risk that the balance or class of transactions and related assertions
contain misstatements that could be material to the financial statements.
The probability that an event or action may adversely affect the activity under
audit.
The failure to accomplish established objectives and goals for operations or
programs.
The probability that an event or action may adversely affect the activity under
audit.
5
Management is concerned with a recent increase in expenditures and lower
profits at a division and has asked the internal audit department to perform an
operational audit of the division. Management would like to have the audit
completed as quickly as possible and has asked the internal audit department
to allocate all possible resources to the task. The director of internal audit is
concerned with the time pressure since the internal audit department is
heavily involved in a major legal compliance audit that had been requested by
the audit committee.
Which of the following factors would be considered the least important in
deciding whether existing internal audit resources should be moved from the
ongoing legal compliance audit to the management-requested division audit?
The increase in expenditures at the division for the past year.
A financial audit of the division by the external auditor a year ago.
The potential for significant regulatory fines associated with the legal
compliance audit.
The potential of fraud associated with the legal compliance audit.
A financial audit of the division by the external auditor a year ago.
6
store operations.
Company A’s audit director, who is also a Certified Internal Auditor, faces an
ethical dilemma. For an audit in process, persuasive evidence indicates that a
top manager has been involved in insider trading. The extent and type of
trading is such that the trading would be considered fraudulent. However, the
findings were encountered as a side issue of another audit and are not
considered relevant to the compatibility of the computer systems. Regarding
this finding, which of the following is the audit director’s most appropriate
action?
Discontinue audit work associated with the insider trading since it is not an
integral part of the existing audit and the audit committee has established
higher priority work for the auditors.
Continue work on the insider trading sufficient to conclusively establish
whether fraudulent activity has taken place, then report the findings to the
chairperson of the audit committee. Report the matter to government officials
if appropriate action is not taken.
Discontinue audit work associated with the insider trading and report the
preliminary findings to the company’s external legal counsel for their
investigation. Report the legal counsel findings to management.
Discontinue audit work associated with the insider trading. Report the
preliminary findings to the chairperson of the audit committee and recommend
an investigation.
an investigation.
7
Risk models or risk analysis is often used in conjunction with development of
long-range audit schedules. The key input in the evaluation of risk is:
Management concerns and preferences.
Specific requirements of the IIAStandards.
Judgment of the internal auditor.
Previous audit results.
Judgment of the internal auditor.
8
store operations.
Assume the auditor concludes that the most reasonable explanation of the
observed data in the prior question is that inventory fraud is taking place in the
three stores. Which of the following audit activities would provide
the most persuasive evidence that fraud is taking place?
Schedule a surprise inventory audit to include a physical inventory. Investigate
areas of inventory shrinkage.
Take a sample of individual store prices and compare them with the sales
entered on the cash register for the same items.
Use an integrated test facility (ITF) to compare individual sales transactions
with test transactions submitted through the ITF. Investigate all differences.
Interview the three individual store managers to determine if their explanations
about the observed differences are the same, then compare their explanations
to that of the section manager.

9
Corporate management has just implemented a policy that every department
must downsize by immediately cutting 10% of each department’s staff and
budget. The director of internal auditing has reacted to the organization’s
recent plans for downsizing (reducing the size of staff across the board) by
notifying the audit managers that the time allocated for all jobs must be cut by
10%. Which of the following statements regarding the director’s action and
potential manager’s action would becorrect?
I.The director’s action should result in approximately the same amount of risk
coverage as the previous audit plan but reduced by 10%.
II.Individual audit managers can attain 90% of the previously defined audit
coverage by uniformly cutting audit procedures by 10%.
III.The director should have reprioritized risks and cut out specific audit
engagements rather than cutting 10% across the board.
IV.I, II, and III
III only.
10
store operations.
The audit director for Company B decides to review selected store compliance
audit reports issued by the internal audit department of Company A. Upon
reviewing the reports, the director comments that most items included in the
report are inappropriate because they are very minor and cannot be
considered material. The director states that such reports would not be
tolerated by the management of Company B. Which assertion(s) by the audit
director of Company A is (are) valid?
I.These are the kinds of reports we have provided since the company has
been in operation, and they have served our company well.
II.The reports are consistent with management’s control philosophy and are
an integral part of the overall control environment.
III.Materiality is in the eyes of the beholder. Any deviation is considered
material by my management.
I only.
II only.
III only.
II and III.
II only.
11
The audit process is one of critical thinking, analysis, and careful evaluation.
All mechanical procedures are integrated into a larger context of thoughtful
inquiry. All audits include a description and analysis of internal controls.
Auditees are selected in a number of ways, with risk being the primary basis
for selection. The departments being considered for possible audit in the
coming year and attributes of those departments are listed below.
Department Assets Ann Costs Prob
Production A $50k $700k 10%
Production B $5M $10M 1%
Production C $1M $1M 1%
Purchasing $50k $150k 10%
Marketing $50k $500k 10%
Shipping $60k $100k 50%
Security $10k $100k 90%
Travel $6k $30k 50%
All of these departments except two are on the potential list of auditees
because of a risk analysis performed by the audit director. Production
Department A is on the list because the president thinks too many bottlenecks
occur in that department. The marketing department is on the list because the
chief of security received an anonymous phone call accusing a marketing
manager of accepting substantial financial kickbacks from a media outlet.
Internal controls seem adequate in all departments, with the possible
exception of marketing.
What is the audit director’s most logical definition of risk of loss to be used in
selecting auditees?
Probability of loss.
Amount of risk exposure times the probability of loss.
Amount of assets in a department.
Amount of annual costs in department.
Amount of risk exposure times the probability of loss.
12
for selection. The departments being considered for possible audit in the
coming year and attributes of those departments are listed below.
Department Assets Ann Costs Prob
Production A $50k $700k 10%
Production B $5M $10M 1%
Production C $1M $1M 1%
Purchasing $50k $150k 10%
Marketing $50k $500k 10%
Shipping $60k $100k 50%
Security $10k $100k 90%
Travel $6k $30k 50%
Which department would most likely need a pure operational (nonfinancial)
audit?
Production A.
Marketing.
Production C.
Purchasing.
Production A.
13
The internal auditor is considering performing risk analysis as a basis for
determining which areas of the organization ought to be examined. Which one
of the following statements is correct regarding risk analysis?
The highest risk assessment should always be assigned to the area with the
largest potential loss.
The highest risk assessment should always be assigned to the area with
highest probability of occurrence.
The extent to which management judgments are required in an area could
serve as a risk factor in assisting the auditor in making a comparative risk
analysis.
Risk analysis must be reduced to quantitative terms in order to provide
meaningful comparisons across an organization.
Audit risk.
Detection risk.
Inherent risk.
Control risk.
The extent to which management judgments are required in an area could

serve as a risk factor in assisting the auditor in making a comparative risk
analysis.
14
Which one of the following items includes the other three items?
Audit risk.
Detection risk.
Inherent risk.
Control risk.
Audit risk.
15
In an audit of a purchasing department, which of the following generally would
be considered a risk factor?
Purchase specifications are developed by the department requesting the
material.
There is a failure to rotate purchases among suppliers included on an
approved vendor list.
Purchases are made from parties related to buyers or other company officials.
Purchases are made against blanket or open purchase orders for certain
types of items.
Purchases are made from parties related to buyers or other company officials.
16
Which of the following represent(s) appropriate internal audit action in
response to the risk assessment process?
I.The low-risk areas may be delegated to the external auditor, but the high-risk
areas should be performed by the internal auditing function.
II.The high-risk areas should be integrated into an audit plan along with the
high-priority requests of management and the audit committee.
III.The risk analysis should be used in determining an annual audit work plan;
therefore, the risk analysis should be performed only on an annual basis.
II only.
III only.
I only.
I and III only.
II only.
17
When gathering data, an audit team identified both subjective and objective
criteria for measuring audit risk. Which one of the following risk factors
ismost objective?
Prior audit findings.
Changes in staff, systems, or the environment.
Size of the audit unit.
Comfort with operating management.
Size of the audit unit.
18
Employees using personal computers have been reporting occupational
injuries and claiming substantial worker?s compensation benefits. Working
papers of an operational audit to determine the extent of company exposure
to such personal injury liability should include:
Reviews of documentation supporting purchases of personal computers.
Analysis of claims by type of equipment and extensiveness of use by
individual employees.
Listings of all personal computers in use and the employees who are assigned
to use them.
Confirmations from insurance carriers as to claims paid under worker?s
compensation policies in force.
Analysis of claims by type of equipment and extensiveness of use by

individual employees.
19
store operations.
The two organizations agree to share data on store operations. The data
reveal that three stores in Company A are characterized by:
+Significantly lower gross margins.
+Higher-than-average sales volume.
+Higher levels of employee bonuses.
The three stores are part of a set of six that are managed by a relatively new
section manager. In addition, the store managers of the three stores are also
relatively new. The most likely cause of the observed data is:
Problems with employee training and employee ability to meet customer
needs.
Promotional activities that offer large discounts coupled with the payment of
commissions to employees who reach targeted sales goals.
The relative inexperience of the store managers.
Fraudulent activity whereby goods are taken from the stores thus results in
the lower gross margins.
20
for selection.
If there is fraud in the marketing department, which of the following would be
beyond the scope of the auditor’s responsibility?
Determining the effects of the wrongdoing.
Discussing the wrongdoing with an appropriate level of management.
Including the wrongdoing in a report that will go to the audit committee.
Informing the wrongdoer of his or her legal rights.
Informing the wrongdoer of his or her legal rights.
21
in information technology and has electronic data interchange (EDI)
connections with its major vendors.
store operations.
Which of the following would be the leastimportant risk factor when
considering the ability to integrate the two companies’ computer systems?
The compatibility of existing operating systems and database structures.
The number of programmers and systems analysts employed by each
company.
The size of company databases and the number of database servers used.
The extent of EDI connections with vendors.
The number of programmers and systems analysts employed by each

company.
22
Which of the following would not be considered in performing a risk analysis
exercise?
Auditor skills.
Results of prior audits.
System changes.
System complexity.
Auditor skills.
23
Which of the following auditable activities represents the greatest risk to a
postmerger manufacturing corporation and would therefore most likely be
subjected to an audit?
Combining purchasing functions.
Combining imprest funds.
Combining marketing functions.
Combining legal functions.
Combining purchasing functions.
24
The director of internal auditing for an organization has just completed a risk
assessment process, identified the areas with the highest risks, and assigned
an audit priority to each. Which of the following conclusions logically follows
from such a risk assessment and is (are) consistent with the IIAStandards?
I.Items should be quantified as to risk in the rank order of quantifiable dollar
exposure to the organization.
II.The risk priorities should be in order of major control deficiencies.
III.The risk process, though quantified, is the result of professional judgments
about both exposures and probability of occurrences.
II and III only.
I only.
III only.
I, II, and III.
III only.
25
The director of internal auditing was reviewing recent reports that had
recommended additional audits because of risk and exposure to the company.
Which of the following represents thegreatest risk to the company and should
be the next assignment?
Payment had been made for routine inventory items without a purchase order
or receiving report.
Three prenumbered receiving reports were missing.
Several times cash receipts had been held over an extra day before
depositing.
Several purchase orders were issued without purchase requisitions.
Payment had been made for routine inventory items without a purchase order
or receiving report.
26
During a computer risk assessment process, which of the following
would not be considered an auditable activity?
Systems software.
Print software.
Telecommunications software.
Application software.
Print software.
27
What should the audit strategy be?
It should be cycle based.
It should be request based.
It should be knowledge based.
It should be risk based.
It should be risk based.
28
store operations.
In analyzing the differences between the two companies, the audit director of
Company A notes that Company A has a formal corporate code of ethics
while Company B does not. The code of ethics covers such things as
purchase agreements and relationships with vendors as well as a host of
other issues to guide individual behavior within the firm. Which of the following
statements regarding the existence of the code of ethics in Company A can be
logically inferred?
I.Company A exhibits a higher standard of ethical behavior than does
Company B.
II.Company A has established objective criteria by which an individual’s
actions can be evaluated.
III.The absence of a formal corporate code of ethics in Company B would
prevent a successful audit of ethical behavior in that company.
I and II.
III only.
II only.
II and III.
II only.
29
Management is concerned with a recent increase in expenditures and lower
profits at a division and has asked the internal audit department to perform an
operational audit of the division. Management would like to have the audit
completed as quickly as possible and has asked the internal audit department
to allocate all possible resources to the task. The director of internal audit is
concerned with the time pressure since the internal audit department is
heavily involved in a major legal compliance audit that had been requested by
the audit committee.
Which of the following comments are correct regarding the assessment of risk
associated with the two projects?
I.Activities requested by the audit committee should always be considered
higher risk than those requested by management.
II.Activities with higher-dollar budgets should always be considered higher risk
than those with lower-dollar budgets.
III.Risk should always be measured by the potential dollar or adverse
exposure to the organization.
I and III.
I only.
III only.
II only.
III only.
30
The director of internal auditing set up a computerized spreadsheet to
facilitate the risk assessment process involving a number of different divisions
in the organization. The spreadsheet included the following factors:
+Pressure on divisional management to meet profit goals.
+Complexity of operations.
+Competence of divisional personnel.
+The dollar amount of subjectively influenced accounts in the division, such as
accounts where management’s judgment can affect the expense. Example:
postretirement benefits.
The director used a group meeting of audit managers to reach a consensus
on the competence of divisional personnel. Other factors were assessed as
high, medium, or low by either the director or an audit manager who had
audited the division. The director assigned a weight ranging from 0.5 to 1.0 to
each factor and then computed a composite risk score. Which of the following
statements is correct regarding the risk assessment process?
The weighting is subjective and should have been determined through a
process such as multiple regression analysis.
The risk analysis would not be appropriate because it mixes both quantitative
and qualitative factors, thereby making expected values calculation
impossible.
Using a subjective group consensus to assess personnel competence is
appropriate.
Assessing factors at discrete levels such as high, medium, and low is
inappropriate for the risk assessment process because the ratings are not
quantifiable.
Using a subjective group consensus to assess personnel competence is

appropriate.
31
Factors that should be considered when evaluating audit risk in a functional
area include:
1 Volume of transactions.
2 Degree of system integration.
3 Years since last audit.
4 Significant management turnover.
5 (Dollar) value of “assets at risk.”
6 Average value per transaction.
7 Results of last audit.
Factors that best define materiality of audit risk are:
3, 4, and 6.
1, 5, and 6.
1 through 7.
2, 4, and 7.
1, 5, and 6.
32
for selection.
The internal auditing department is assigned responsibility for investigating
fraud by its charter. If obtaining access to outside media outlet records and
personnel were not possible, the best action an auditor could take to
investigate the allegation of marketing kickbacks would be to:
Vouch any material past charge-off of receivables.
Develop a financial/behavioral profile of the suspect.
Obtain a list of approved media outlets.
Search for unrecorded liabilities from media outlets.
Develop a financial/behavioral profile of the suspect.

FLASHCARDS IN OPERATIONAL ROLE OF INTERNAL AUDIT 1 DECK (249):
1
An internal auditor is preparing procedures to verify the integrity of data in a
database application. Theÿbestsource of information for the auditor to
determine data field definitions is the:
Data definition language.
Data subschemas.
Data dictionary.
Data manipulation language.
Data dictionary.
2
Internal auditing departments are often requested to coordinate their work with
that of the external auditors. Which of the following activities wouldÿmostlikely
be restricted to the external auditor?
Evaluating the system of controls over cash collections and similar
transactions
Attesting to the fairness of presentation of cash position
Evaluating the adequacy of the organization?s overall system of internal
controls
Reviewing the system established to ensure compliance with policies and
procedures that could have a significant impact on operations
Attesting to the fairness of presentation of cash position
3
Which of the following controls would be most efficient in reducing common
data input errors?
Keystroke verification.
Balancing and reconciliation.
Batch totals.
A set of well-designed edit checks.
A set of well-designed edit checks.
4
The consultative approach to auditing emphasizes:
Imposition of corrective measures.
Fraud investigation.
Implementation of policies and procedures.

5
Using test data, an auditor has processed both normal and atypical
transactions through a computerized payroll system to test calculation of
regular and overtime hours. Sufficient competent evidence of controls exists if:
Exceptions are mapped to identify the control logic executed.
Test data results are compared to predetermined expectations.
No other tests are performed.
Test result data are tagged to instigate creation of an audit data file.
Test data results are compared to predetermined expectations.
6
An audit of the receiving function at the company?s distribution center
revealed inadequate control over receipts. Which of the following controls
would be appropriate for the receiving function?
Ensure that the warehouse-receiving department has a purchase order copy
with the units described omitting both prices and quantities.
Ensure that the warehouse-receiving department has a true copy of the
original purchase order.
Require that all receipts receive the approval of the warehouse manager.
To ensure adequate separation of duties, the warehouse-receiving clerk
should work independently from the warehouse manager.
Ensure that the warehouse-receiving department has a purchase order copy

with the units described omitting both prices and quantities.
7
An organization uses a service bureau to process its hourly payroll
transactions. The internal auditor is concerned that the hourly payroll for the
year has been processed correctly and, in particular, the computation of
employee withholding for pension contributions is in accordance with the
union contract, which specifies charges each quarter. Which of the following
audit procedures wouldÿbestaccomplish the audit objective?
Select a random sample of all hourly payroll transactions for the reporting
period, recompute pay and withholding items, and compare the result with that
obtained from the service bureau.
Select a discovery sampling of all payroll transactions for an entire reporting
period and then follow up on any findings.
Select a stratified sample of all hourly and salaried payroll transactions for an
entire reporting period, perform the necessary activities, and then compare
the result with that obtained from the service bureau.
Submit a set of test data to the service bureau during an annual audit and
compare the service bureau?s processing with the auditor?s predetermined
computations on the same test data.
Submit a set of test data to the service bureau during an annual audit and
compare the service bureau?s processing with the auditor?s predetermined
computations on the same test data.
8
During an audit of environmental protection devices at a hazardous materials
research center, the auditor has reviewed the architect?s alarm device
specifications, examined invoices for the devices, and interviewed the plant
safety officer responsible for installation. The main concern of these
procedures is assurance that:
The specified alarm system was purchased and installed.
The alarm system actually works.
The specified alarm system design is adequate.
The alarm system meets statutory requirements.
The specified alarm system was purchased and installed.
9
An internal auditor is planning an operational audit of a computer center.
Which of the following items would normally be consideredÿmostÿimportant?
Ascertaining the existence of adequate measures of operational results.
Conducting a survey of computer vendors to be used in future purchases.
Computing required amounts of diskettes, paper, and other supplies.
Determining the age and condition of the mainframe computer.
Ascertaining the existence of adequate measures of operational results.
10
An audit assistant found a purchase order form for a regular supplier in the
amount of $5,500. The purchase order was dated after receipt of the goods.
The purchasing agent explained that he had forgotten to issue the purchase
order. Also, a disbursement of $450 for materials did not have a receiving
report. The assistant wanted to select additional purchase orders for
investigation but was unconcerned about the lack of a receiving report. The
audit director should:
Disagree with the assistant since all problems directly related to cost have an
equal risk of loss associated with them.
Disagree with the assistant since the lack of a receiving report has a greater
risk of loss associated with it.
Agree with the assistant since the amount of the purchase order exception
was considerably larger than the receiving report exception.
Agree with the assistant since the receiving clerk had assured the cash
disbursement clerk that the failure to fill out a report did not happen very often.
Disagree with the assistant since the lack of a receiving report has a greater
risk of loss associated with it.
11
An auditor is performing an operational audit of a division and observes that
an unusually large quantity of goods is on hand in the shipping and materials
rework areas. The items are labeled as reship items. Upon inquiry, the auditor
is told that they are goods that have been returned by customers and have
been either repaired or shipped back to the original customer or repaired and
shipped out as new products because they are fully warranted.
Assume that subsequent investigation shows that previously issued financial
statements were materially misstated due to the improper recognition of sales.
The auditor?s next step should be to:
Inform divisional management as a preliminary finding but wait until a formal
audit report is issued to inform the audit committee.
Inform the external auditor, senior management, the board, and the audit
committee.
Inform senior management, the board, and the audit committee.
Immediately inform the external auditor and the divisional manager.
Inform senior management, the board, and the audit committee.
12
An auditor is observing cash sales to determine if customers are given written
receipts. The objective of this test is to ensure that:
All cash sales are recorded.
Cash received equals the total of the receipts.
Customers are charged authorized prices.
Cash balances are correct.
All cash sales are recorded.
13
Inefficient usage of excess computer equipment can be controlled by:
System feasibility studies.
Capacity planning.
Exception reporting.
Contingency planning.
Capacity planning.
14
In planning a system of internal operating controls, the role of the internal
auditor is to:
Design the controls.
Establish the policies for controls.
Create the procedures for the planning process.
15
Your firm has recently converted its purchasing cycle from a manual process
to an online computer system. Which of the following is a probable result
associated with conversion to the new automatic system?
Processing time is increased.
The nature of the firm?s risk exposure is reduced.
Processing errors are increased.
Traditional duties are less segregated.
Traditional duties are less segregated.
16
According to the IIA Standards, a fraud report is required:
At the conclusion of the detection phase.
Neither at the conclusion of the detection phase nor at the conclusion of the
investigation phase.
At the conclusion of both the detection and the investigation phases.
At the conclusion of the investigation phase.
At the conclusion of the investigation phase.
17
Erroneous management decisions might be the result of incomplete
information. Theÿbestÿcontrol to detect a failure to process all valid
transactions is:
Periodic user submission of test data.
User review of selected output and transactions rejected by edit checks.
Controlled output distribution.
Decollation of output.
User review of selected output and transactions rejected by edit checks.
18
During the audit of a company?s purchasing department, an internal auditor
discovered that many purchases were made (at normal prices) from an office
supply firm whose owner was the brother of the director of purchasing. There
were no policies or controls in place to restrict such purchases, and no fraud
appears to have been committed. In this case, the internal auditor should
recommend:
The inspection of all receipts by receiving inspectors.
The development of an approved-vendor file initiated by the buyer and
approved by the director of purchasing.
Establishment of a price policy (range) for all goods.
The initiation of a conflict-of-interest policy.
The initiation of a conflict-of-interest policy.
19
During an audit, the internal auditor found a scheme in which the warehouse
director and the purchasing agent for a retail organization diverted
approximately $500,000 of goods to their own warehouse, then sold the
goods to third parties. The fraud was not noted earlier since the warehouse
director forwarded receiving reports (after updating the perpetual inventory
records) to the accounts payable department for processing.
Which of the following procedures would haveÿmostÿlikelyÿled to the
discovery of the missing materials and the fraud?
Take a random sample of sales invoices and trace to the perpetual records to
see if inventory was on hand. Investigate any differences.
Take a random sample of purchase orders and trace them to receiving
documents and to the records in the accounts payable department.
Take an annual physical inventory, reconciling amounts with the perpetual
inventory, noting the pattern of differences, and investigating.
Take a random sample of receiving reports and trace to the recording in the
perpetual inventory record. Note differences and investigate by type of
product.
Take an annual physical inventory, reconciling amounts with the perpetual

inventory, noting the pattern of differences, and investigating.
20
An international nonprofit organization finances medical research. The
majority of its revenue and support comes from fundraising activities,
investments, and specific grants from an initial sponsoring corporation. The
organization has been in operation over 15 years and has a small internal
audit department. The organization has just finished a major fundraising drive
that raised $500 million for the current fiscal period.
The following are selected data from recent financial statements:
Assume the auditor finds a number of instances in which travel and
entertainment reimbursements going to the president seem excessive and
inconsistent with the charter of the organization. Before an audit report is
issued, a front-page article appears in a major financial newspaper alleging
that the president has been using the organization?s funds for personal
purposes. The auditor has enough information to confirm the allegations made
in the newspaper article. The auditor is called by the newspaper and by a
financial magazine in an attempt to confirm the facts. Which of the following
would be theÿbestÿresponse by the auditor?
Respond truthfully and fully since the auditor is in a position to confirm the
facts that concern the president, not the organization.
Provide information off the record so that the article does not state who gave
the information.
Direct the inquiry to the audit committee or the board of directors.
Respond that the investigation is not complete.
Direct the inquiry to the audit committee or the board of directors.
21
In the course of their work, internal auditors must be alert for fraud and other
forms of white-collar crime. The important characteristic that distinguishes
fraud from other varieties of white-collar crime is that:
Unlike other white-collar crimes, fraud is always perpetrated against an
outside party.
White-collar crime usually is perpetrated for the benefit of an organization,
whereas fraud benefits an individual.
Outsiders usually perpetrate white-collar crime to the detriment of an
organization, whereas insiders perpetrate fraud to benefit the organization.
Fraud encompasses an array of irregularities and illegal acts that involve
intentional deception.
Fraud encompasses an array of irregularities and illegal acts that involve

intentional deception.
22
A determination of cost savings is most likely to be an objective of:
Operational auditing.
Program results auditing.
Compliance auditing.
Financial auditing.
Operational auditing.
23
A company uses a local area network (LAN) to connect its four city area sales
offices to the headquarter office. Sales information such as credit approval
and other customer information, prices, account information, and so on is
maintained at headquarters. This office also houses the inventory and
shipping functions. Each area office is connected to the headquarters? office
computer, and messages/information between the area offices pass through
the headquarters? computer. This communication configuration allows for
real-time confirmation of shipments as well as billing and account status. The
company is concerned about the accuracy and sensitivity of its information
and has implemented controls to protect the database used by the area
offices. (1)ÿThe data are modeled after a tree structure, with each record type
having any number of lower-level dependent records. The relationship is a
one-to-many rather than a many-to-many relationship. When a user enters the
system, a series of questions is asked of the user. These (2)ÿquestions
include a name and mother?s birth date. The headquarters computer
maintains a (3)ÿmatrix of user names and the files/programs the user can
access as well as what the user can do to/with the file or program.
A recent addition to the system controls involves a lockout procedure. This
procedure (4)ÿlocks out a particular record to other sales offices while a
particular sales office is using the record. This control ensures that each
transaction has the most recent and accurate information available when the
sales office is processing the event.The questions described in (2) are
primarily intended to provide:
Authentication of the user.
Data integrity control.
Access control to computer hardware.
Authorization for processing.
24
A manufacturer of hospital equipment uses three vendors to supply about half
of the materials used in its operations. Invoices from these vendors are
transmitted directly to the company through electronic data interchange (EDI)
with custom-developed software. In a systems development and
postimplementation review, the internal auditor was involved with assessing
and testing the EDI system and found no significant problems. Other
manufacturing materials are obtained through routine purchase orders
prepared by buyers in the purchasing department. Materials from EDI vendors
are delivered to the receiving dock where personnel verify that the goods are
authorized purchases, look for shipping damage, and record receipt into the
system using barcode technology. Materials purchased from non-EDI vendors
are delivered to the receiving dock and recorded manually on receiving
reports. Copies of these reports are given to the purchasing and accounts
payable departments. The internal audit department is scheduled to complete
a full audit of the purchasing and accounts payable cycle before the end of the
year. However, there are severe time pressures because other matters
delayed the start of the audit.
The auditor determined that the risks associated with the EDI purchases were
less than the risks associated with the purchases made through the traditional
system. Which one of the following factorsÿbestÿsupports this prioritization of
risks?
The external auditor did not examine EDI purchase controls during the annual
financial audit.
There are three vendors connected through EDI.
The internal auditors were involved with systems development and testing of
the EDI software.
About half of the materials are purchased through EDI.
The internal auditors were involved with systems development and testing of
the EDI software.
25
An internal auditor is auditing a division?s accounts and is concerned that the
division?s management may have shipped poor-quality merchandise in order
to boost sales and profitability for the year and thereby boost the division
manager?s bonus. Furthermore, the auditor suspects that returned goods are
being shipped to other customers as new products without defects being fully
corrected. Which of the following audit procedures would be theÿleasteffective
in determining whether such shipments took place?
Examine credit memos issued after year-end for goods shipped before year-
end.
Interview customer service representatives regarding unusual amounts of
customer complaints.
Physically observe the shipping and receiving area for evidence of returned
goods.
Require the division to take a complete physical inventory at year-end, and
observe the taking of the inventory.
Require the division to take a complete physical inventory at year-end, and

observe the taking of the inventory.
26
In the course of performing an audit, an internal auditor becomes aware of
illegal acts being performed by several of the highest-ranking officers of the
company. To whom should the findings of the audit report be addressed?
The audit committee of the board of directors.
Members of the news media.
The officers involved in the illegal acts.
Line-level supervision.
27
A life insurance company refunds overpayments received from policyholders
on their policy loans. The risk of material losses from errors and irregularities
related to such refunds are greatest with respect to:
Employing individuals of questionable integrity in the disbursing function.
Retaining employees in the same position over long periods of time.
Posting disbursements of refunds to the wrong policyholder borrower.
Allowing refund checks to be issued before authorization is obtained.
Allowing refund checks to be issued before authorization is obtained.
28
A rental car company?s fleet maintenance division uses a different code for
each type of inventory transaction. A daily summary report lists activity by part
number and transaction code. The report is reconciled by the parts room
supervisor to the day?s material request forms and is then forwarded to the
fleet manager for approval. The use of transaction codes provides the fleet
manager with information concerning the types of inventory activity. The
auditor is considering an analytical review of transaction codes and materials
used. The objective of this review is to:
Identify possible material lost due to employee theft.
Reveal shortages in perpetual inventory records.
Determine whether inventory items are properly valued.
Provide evidence of inventory items that are overstocked.
Identify possible material lost due to employee theft.
29
The total interruption of processing throughout a distributed information
technology system is minimized by a control or concept referred to as:
Backup and recovery.
Data file security.
Fail-soft protection.
The system log.
Fail-soft protection.
30
The auditor finds a situation where one person has the ability to collect
receivables, make deposits, issue credit memos, and record receipt of
payments. The auditor suspects the individual may be stealing from cash
receipts. Which of the following audit procedures would bemostÿeffective in
discovering fraud in this scenario?
Perform a detailed review of debits to customer discounts, sales returns, or
other debit accounts, excluding cash posted to the cash receipts journal.
Send positive confirmations to a random selection of customers.
Take a sample of bank deposits and trace the detail in each of the bank
deposit back to the corresponding entry in the cash receipts journal.
Send negative confirmations to all outstanding accounts receivable
customers.
Perform a detailed review of debits to customer discounts, sales returns, or

other debit accounts, excluding cash posted to the cash receipts journal.
31
A multinational company has an agreement with a value-added network
(VAN) that provides the encoding and communications transfer for the
company?s electronic data interchange (EDI) and electronic funds transfer
(EFT) transactions. Before transfer of data to the VAN, the company performs
online preprocessing of the transactions. The internal auditor is responsible
for assessing preprocessing controls. In addition, the agreement between the
company and the VAN states that the internal auditor is allowed to examine
and report on the controls in place at the VAN on an annual basis. The
contract specifies that access to the VAN can occur on a surprise basis during
the second or third quarter of the company?s fiscal year. This period was
chosen so it would not interfere with processing during the VAN?s peak
transaction periods. This provision was not reviewed with internal auditing.
The annual audit plan approved by the board of directors specifies that a full
audit would be done during the current year.
Which of the following preprocessing controls isÿleastÿlikely to provide the
auditor with assurance about the validity of transactions?
Exception processing
Verification of the requestor
Decryption of data
Authentication of information
Decryption of data
32
Expert systems consist of:
Hardware and software used to automate routine tasks.
Software packages with the ability to make judgment decisions.
A panel of outside consultants.
Hardware designed to make judgment decisions.
Software packages with the ability to make judgment decisions.
33
A control that prevents purchasing agents from favoring certain suppliers in
placing orders is:
Periodic rotation of buyer assignments.
A monthly report of total dollars committed by each buyer.
Monitoring the number of orders placed by each buyer.
Requiring buyers to adhere to detailed product specifications.
Periodic rotation of buyer assignments.
34
To determine whether there have been any unauthorized program changes
since the last authorized program update, theÿbestÿinformation technology
audit technique is for the auditor to conduct a(n):
Test data run.
Code review.
Code comparison.
Analytical review.
Code comparison.
35
Contributions to a nonprofit organization have been constant for the past three
years. The audit committee has become concerned that the president may
have embarked on a scheme in which some of the contributions from many
sustaining members have been redirected to other organizations. The audit
committee suspects that the scheme may involve taking major contributions
and depositing them in alternative accounts or soliciting contributions to be
made in the name of another organization. Which of the following audit
procedures would bemostÿeffective in detecting the existence of such a
fraud?
Use analytical review procedures to compare contributions generated with
those of other comparable institutions over the same period of time. If the
amount is significantly less, take a detailed sample of cash receipts and trace
to the bank statements.
Take a sample that includes all large donors for the past three years and a
statistical sample of others, and request a confirmation of total contributions
made to the organization or to affiliated organizations.
Take a discovery sample of cash receipts and confirm the amounts of the
receipts with the donors. Investigate any differences.
Use generalized audit software to take a sample of pledged receipts not yet
collected and confirm the amounts due with the donors.
Take a sample that includes all large donors for the past three years and a
statistical sample of others, and request a confirmation of total contributions
made to the organization or to affiliated organizations.
36
An organization has grown rapidly and has just automated its human resource
system. The organization has developed a large database that tracks
employees, employee benefits, payroll deductions, job classifications, ethnic
code, age, insurance, medical protection, and other similar information.
Management has asked the internal auditing department to review the new
system. The auditor is concerned that retired employees are not receiving the
correct benefits. Which of the following auditing procedures would be
theÿleastÿeffective in addressing this concern?
Use generalized audit software to take a classical variables sample of retired
employees on the database. Verify that all benefit payments are appropriate.
Use an integrated test facility and submit transactions over a period of time to
determine if the system is paying the appropriate benefits.
Take a sample of employees added to the retirement list for a specified time
period?for example, a day or a week?and determine that they are scheduled
for the appropriate benefits.
Use generalized audit software to take a variables sample stratified on years
since retirement and size of benefit payments. Verify that all benefit payments
are appropriate.
Take a sample of employees added to the retirement list for a specified time
period?for example, a day or a week?and determine that they are scheduled
for the appropriate benefits.
37
The legislative auditing bureau of a country is required to perform compliance
auditing of companies that are issued defense contracts on a cost-plus basis.
Contracts are clearly written defining acceptable costs, including
developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing
of its activities. The outsourcing included contracts to run cafeterias, provide
janitorial services, manage computer operations and systems development,
and provide engineering of construction projects. The contracts were modeled
after those that had been used for years in the defense industry. The
legislative auditors are being called on to expand their audit effort to include
compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many
areas in which the outsourced management has apparently expanded its
authority and responsibility. For example, the contractor that manages
computer operations has developed a highly sophisticated security program
that may represent the most advanced information security in the industry.
The auditor reviews the contract and sees reference only to providing
appropriate levels of computing security. The auditor suspects that the
governmental agency may be incurring developmental costs that the
outsourcer may use for competitive advantage in marketing services to other
organizations.Assuming that a high degree of security is needed, which of the
following potential sources of evidence would also be relevant to the auditor?s
assessment of whether the governmental unit is being charged for computer
security that exceeds the entity?s needs?
I. Comparison of the security system with best practices implemented for
similar systems
II. Comparison of the security system with recent publications on state of the
art systems
III. Tests of the functionality of the security system
I and II only.
III only.
I, II, and III.
II only.
I and II only.
38
During the audit of the receiving department, an internal auditor examined a
physical shipment of goods to verify the accuracy of the completed receiving
report. Evidence showed that the number of units in the shipment did not
agree with the quantity shown on the receiving report. Which of the following
may have led to this error?
Displaying amounts ordered on the receiving department?s copy of the
purchase order.
Improper authorization of the purchase.
Failure of receiving personnel to compare the quality of goods received with
specifications.
Lack of standards for selecting vendors.
Displaying amounts ordered on the receiving department?s copy of the

purchase order.
39
To maximize its cash position and increase earnings on invested cash,
management has increased the frequency of billings to customers and
eliminated all noninterest-bearing accounts. To maintain an undisturbed
maximum cash balance for investment purposes, portions of cash received
are used to cover current expenditures. By estimating the float on checks
received and deposited, the company has reduced excess cash balances
otherwise needed to meet normal transaction needs. Interbank transfers have
also been employed to consolidate funds available for investment. A major
control weakness in the case described above is the:
Increased frequency of billings.
Use of cash received to cover cash expenditures.
Use of interbank transfers.
Elimination of noninterest-bearing accounts.
Use of cash received to cover cash expenditures.
40
A manufacturing firm uses hazardous materials in production of its products.
An audit of these hazardous materials may include:
I. Recommending an environmental management system as a part of policies
and procedures.
II. Verifying the existence of cradle-to-grave (creation to destruction) tracking
records for these materials.
III. Using consultants to avoid self-incrimination of the firm in the event
illegalities were detected in an environmental audit.
IV. Evaluating the cost provided for in an environmental liability accrual
account.
III and IV.
II only.
I and II only.
I, II, and IV.
I, II, and IV.
41
In a comprehensive audit of a not-for-profit activity, an internal auditor would
be primarily concerned with the:
Extent of achievement of the organization?s mission.
Accuracy of reports on the source and use of funds.
Extent of compliance with policies and procedures.
Procedures related to the budgeting process.
Extent of achievement of the organization?s mission.
42
sales office is processing the event.
The database system described in (1) above is an example of which type of
database model?
Hierarchical.
Relational.
Network.
Distributed.
Hierarchical.
43
A company has two manufacturing facilities. Each facility has two
manufacturing processes and a separate packaging process. The processes
are similar at both facilities. Raw materials used include aluminum, materials
to make plastic, various chemicals, and solvents. Pollution occurs at several
operational stages, including raw materials handling and storage, process
chemical use, finished goods handling, and disposal. Waste products
produced during the manufacturing processes include several that are
considered hazardous. The nonhazardous waste is transported to the local
landfill. An outside waste vendor is used for the treatment, storage, and
disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws.
The company recently developed an environmental policy that includes a
statement that each employee is responsible for compliance with
environmental laws.
Management is exploring different ways of reducing or preventing pollution in
manufacturing operations. The objective of a pollution prevention audit is to
identify opportunities where waste can be minimized and pollution can be
eliminated at the source rather than controlled at the end of a process. In what
order should the following opportunities to reduce waste be considered?
I. Recycle and reuse
II. Elimination at the source
III. Energy conservation
IV. Recovery as a usable product
V. Treatment
III, IV, II, V, and I.

IV, II, I, III, and V.
V, II, IV, I, and III.
I, III, IV, II, and V.
IV, II, I, III, and V.
44
Management believes that some specific sales commissions for the year were
too large. The accuracy of the recorded commission expense for specific
salespersons is best determined by:
Computation of selected sales commissions.
Tests of overall reasonableness.
Use of analytical procedures.
Calculating commission ratios.
Computation of selected sales commissions.
45
The auditor?s organization has several decades of experience with computing
in mainframe environments. Two years ago, the organization also
implemented end-user computing in several departments. In auditing the end-
user computing environment, the auditor is concerned that the end-user
environment is less likely to have adequate software and hardware facilities
for:
Change control procedures.
Relational database queries.
Encryption of sensitive data.
Input validation for transactions.
Change control procedures.
46
To ensure the completeness of a file update, the user department retains
copies of all unnumbered documents submitted for processing and checks
these off individually against a report of transactions processed. This is an
example of the use of:
Computer sequence checks.
Established batch totals.
One-for-one checking.
Computer matching.
47
An internal audit department had been requested to perform an audit to
determine whether the organization was in compliance with a particular set of
laws and regulations. The audit did not reveal any issues of noncompliance
but did reveal that the organization did not have an established system to
ensure compliance with the applicable laws and regulations. The auditor?s
responsibility is to:
I. Report that no significant compliance issues were noted.
II. Report that the organization has a significant control deficiency because
management has not established a system to ensure compliance.
III. Meet with management to determine what follow-up action will be taken.
IV. Monitor to determine that follow-up action has been taken.
I, II, III, and IV.

I and II only.
I only.
II and III only.
I, II, III, and IV.
48
Management of a manufacturing company has requested the internal auditing
department perform an audit of the cash management system to evaluate the
adequacy of existing internal controls over cash management and identify
opportunities to increase management control and operating efficiency. The
company has four manufacturing divisions located in diverse geographic
areas. The company has delegated day-to-day cash management to each
local operating division. Excess cash is invested in short-term cash
management programs of local financial institutions. These short-term
investments are the only source of interest income for the operating divisions.
Each division has a line of credit with a local financial institution but must
arrange long-term financing needs through corporate headquarters.
In performing a review of cash management procedures in the divisions
during the preliminary audit planning, the internal auditor has noted that
management is concerned that:
'++ Some divisions have excess cash balances and might not be investing
short-term balances in a manner to maximize returns to the company.
'++One division has automated the processing of cash receipts, but has not
implemented proper control procedures to ensure that all cash will be
recorded.
'++The divisions? cash management procedures may not be consistent with
overall corporate objectives (i.e., there may not be proper coordination
between corporate headquarters and divisions regarding cash management).
Upon investigation, the auditor finds that one division consistently has large
amounts of excess cash at a time when the organization is borrowing heavily
and using the proceeds to support other divisions. The best control procedure
to address this concern, without a major change in procedures, would be to:
Centralize all cash processing.
Require each division to prepare detailed cash forecasts and budgets for
future periods to be used for centralized cash management.
Implement electronic data interchange with major customers to facilitate the
timing of cash receipts.
Require each division to handle its own long-term financing, thereby forcing
them all to better match their cash needs and sources.
Require each division to prepare detailed cash forecasts and budgets for
future periods to be used for centralized cash management.
49
To ensure that a computer file is accurately updated in total for a particular
field, theÿbestÿcontrol is:
Computer matching.
Check digit.
Run-to-run totals.
Transaction log.
Run-to-run totals.
50
The IIAÿStandardsÿrequire an internal auditor to exercise due professional
care in performing internal audits. This includes:
Evaluating established operating standards and determining whether those
standards are acceptable and are being met.
Establishing suitable criteria of education and experience for filling internal
audit positions.
Establishing direct communication between the director of internal auditing
and the board of directors.
Accumulating sufficient evidence so that the auditor can give absolute
assurance that irregularities do not exist.
Evaluating established operating standards and determining whether those

standards are acceptable and are being met.
51
Bank tellers might use authorized teller terminals to conceal overdrafts in their
personal checking accounts by transferring funds to and from customers?
accounts. Theÿbestÿcontrol to detect the tellers? unauthorized actions is
requiring:
Overnight balancing of all accounts by the online teller system.
Supervisor-only authorization for transfers between the bank?s customers.
Annual vacations for employees with access to teller functions.
Periodic examination of accounts of employees with access to teller functions.
Periodic examination of accounts of employees with access to teller functions.
52
To better monitor the performance of operating management, executive
management has requested that the internal auditors examine interim
financial statements, which are prepared for internal use only. Although
interim financial statements have been prepared for several years, this will be
the first time that the internal auditors have been involved. The primary reason
for this request was that executive management was surprised at the lower-
than-anticipated net income eventually reflected in last year?s audited
financial statements. Earnings had been artificially manipulated on quarterly
financial statements. In their work on this year?s interim financial statements,
internal auditors are likely to focus on which of the following?
Whether there have been changes in accounting principles that materially
affect the financial statements.
Whether payables have been accrued properly at the end of the interim
period.
Whether accounting estimates are reasonable, given past actual results.
The timing of revenue recognition and the valuation of inventories.
The timing of revenue recognition and the valuation of inventories.
53
Which of the following procedures would beÿmostÿvaluable in an audit of
traffic department operations in a large manufacturing company?
Trace selected items from the weekly demurrage (car detention charge) report
to supporting documentation.
Obtain written confirmation from the regulatory agencies that all carriers used
are properly licensed and bonded.
Verify that all bills of lading are prenumbered.
Review procedures for selection of routes and carriers.
Review procedures for selection of routes and carriers.
54
Performance auditing has been described as ?evaluating management?s
performance against a set of accepted objectives and goals.? Performance
audits generally focus on efficiency and effectiveness, with emphasis on
effectiveness. Theÿbestÿexample of a performance audit would be an
evaluation of:
The staffing level of a committee established to monitor production planning.
The success of a government agency?s objective of improving elevator
safety.
How well workers conform to established operating procedures on an
assembly line.
The cost of implementing a major change intended to make the cost
accounting system more responsive to user needs.
The success of a government agency?s objective of improving elevator
safety.
55
During an audit, an information technology auditor found no written
procedures for an application system. What should the auditor do?
Report the issue to management.
Reschedule the audit when the procedures are written.
Document the procedures and audit against them.
Cancel the audit immediately since it is hard to do an audit without
documentation.
Document the procedures and audit against them.
56
Which of the following is theÿmostappropriate activity for an internal auditor to
perform during a review of systems development activity?
Recommend specific operational procedures that will ensure that all data
submitted for processing is converted to machine-readable form.
Serve on the information technology steering committee that determines what
new systems are to be developed.
Review the methodology used to monitor and control the system development
function.
Recommend specific automated procedures to be incorporated into new
systems that will provide reasonable assurance that all data submitted to an
application is converted to machine-readable form.
Review the methodology used to monitor and control the system development
function.
57
organization has been in operation over fifteen years and has a small internal
During an examination of grants awarded, the auditor discovered a number of
grants made without the approval of the grant authorization committee (which
includes outside representatives), as required by the organization?s charter.
All the grants, however, were approved and documented by the president.
The chairperson of the grant authorization committee, who is also a member
of the board of directors, proposes that the committee meets and retroactively
approves all the grants before the audit report is issued. If the committee
meets and approves the grants before the issuance of the audit report, the
auditor should:
Not report the grants in question because they were approved before the
issuance of the audit report.
Discuss the matter with the chairperson of the grant committee to determine
the rationale for not approving the grants earlier. If they are routine grants,
omit discussion in the audit report.
Include the items in the report as a breakdown of the organization?s controls.
Detail the nature of each grant and investigate further for fraud.
Report the breakdown in control structure to the audit committee.
Report the breakdown in control structure to the audit committee.
58
The internal auditors for a large manufacturing company have been requested
to conduct a review of the company?s production planning system. Production
data, collected on personal computers (PCs) connected by a local area
network (LAN), are used for generating automatic purchases via electronic
data interchange. Purchases are made from authorized vendors based on
production plans for the next month and on an authorized materials
requirement plan (MRP) that identifies the parts needed per unit of production.
The auditor wants to determine if purchasing requirements have been
updated for changes in production techniques. Which of the following audit
procedures would beÿmostÿeffective in addressing the auditor?s objective?
Use generalized audit software to develop a report of excess inventory.
Compare the inventory with current production volume.
Develop test data to input into the LAN and compare purchase orders
generated from test data with purchase orders generated from production
data.
Take a sample of production estimates and MRPs for several periods and
trace them into the system to determine that input is accurate.
Recalculate parts needed based on current production estimates and on the
MRP for the revised production techniques. Compare these needs with
purchase orders generated from the system for the same period.
Recalculate parts needed based on current production estimates and on the
MRP for the revised production techniques. Compare these needs with
purchase orders generated from the system for the same period.
59
Internal auditors are often called on either to perform or to assist the external
auditor in performing a due diligence review. A due diligence review is:
A review of financial statements and related disclosures in conjunction with a
potential acquisition.
A review of operations as requested by the audit committee to determine
whether the operations comply with audit committee and organizational
policies.
An operational audit of a division of a company to determine if divisional
management is complying with laws and regulations.
A review of interim financial statements as directed by an underwriting firm.
A review of financial statements and related disclosures in conjunction with a

potential acquisition.
60
Which of the following techniques is themostÿpractical one to detect
unauthorized changes to programs?
Implement computer program access controls.
Observing activities of computer operators on a surprise basis.
Comparing production programs with independently controlled copies on a
regular basis.
Reviewing source code and logic program documentation on a regular basis.
Comparing production programs with independently controlled copies on a

regular basis.
61
Which of the following would be thebestÿprocedure to determine whether
purchases were properly authorized?
Discuss authorization procedures with personnel in the controller?s and
purchasing functions.
Determine whether a sample of entries in the purchase journal is supported by
properly executed purchase orders.
Vouch payments for selected purchases to supporting receiving reports.
Review and evaluate a flowchart of purchasing procedures.
Determine whether a sample of entries in the purchase journal is supported by

properly executed purchase orders.
62
An internal auditor who suspects fraud should:
Interview those who have been involved in the control of assets.
Determine that a loss has been incurred.
Recommend whatever investigation is considered necessary under the
circumstances.
Identify the employees who could be implicated in the case.
Recommend whatever investigation is considered necessary under the

circumstances.
63
Passwords for microcomputer software programs are designed to prevent:
Incomplete updating of data files.
Unauthorized access to the computer.
Unauthorized use of the software.
Inaccurate processing of data.
Unauthorized use of the software.
64
To determine if credit controls are inconsistently applied, preventing valid
sales to creditworthy customers, the auditor should:
Analyze collection rates and credit histories.
Trace postings on the accounts receivable ledger.
Compare credit histories for those receiving credit and for those denied credit.
Confirm current accounts receivable.
Compare credit histories for those receiving credit and for those denied credit.
65
Several members of senior management have questioned whether the
internal audit department should report to the newly established, quality audit
function as part of the total quality management process within the company.
The director of internal auditing has reviewed the quality standards and the
programs that the quality audit manager has proposed. The director?s
response to senior management should include:
Estimating departmental cost savings from eliminating the internal auditing
function.
Changing the qualification requirements for new staff members to include
quality audit experience.
Identifying appropriate liaison activities with the quality audit function to
ensure coordination of audit schedules and overall audit responsibilities.
Changing the applicable standards for internal auditing within the company to
provide compliance with quality audit standards.
Identifying appropriate liaison activities with the quality audit function to

ensure coordination of audit schedules and overall audit responsibilities.
66
Rejection of unauthorized modifications to application systems could be
accomplished through the use of:
Programmed checks.
Batch controls.
Implementation controls.
Implementation controls.
67
A small city managed its own pension fund. According to the city charter, the
funds could be invested in bonds, money market funds, or high-quality stocks
only. The auditor has already verified the existence of the pension fund
assets. The fund balance was not very large and was managed by the city
treasurer. The auditor decided to estimate income from investments for the
fund by multiplying the average fund balance by a weighted-average return
based on the current portfolio mix. Upon doing so, the auditor found that
recorded income was substantially less than was expected. The auditor?s
next audit step should be to:
Prepare a more detailed estimate of income by consulting a dividend and
reporting service, which lists the interest or dividends paid on specific stocks
and bonds.
Ask the treasurer why that income appears to be less than expected.
Inform management and the audit committee that fraud is suspected and
suggest that legal counsel be called in to complete the investigation.
Select a sample of entries to the pension fund income account and trace to
the cash journal to determine if cash was received.
Prepare a more detailed estimate of income by consulting a dividend and

reporting service, which lists the interest or dividends paid on specific stocks
and bonds.
68
Which one of the following wouldÿnotbe included as a reason for the company
to use EFT with the EDI system?
To allow the company to negotiate discounts with EDI vendors based on
prompt payment.
To reduce input time and input errors.
To improve its cash management program.
To take advantage of the time lag associated with negotiable instruments.
To take advantage of the time lag associated with negotiable instruments.
69
The auditor was reviewing documentation that showed that a customer had
recently returned three expensive products to the regional service center for
warranty replacement. The documentation showed that the warranty clerk had
rejected the claim and sent it to the customer?s local distributor. The claim
was rejected because the serial numbers listed in the warranty claim were not
found in the computer?s sales history file. Subsequently, the distributor
supplied three different serial numbers, all of which were validated by the
computer system, and the clerk completed the warranty claim for
replacements. Which would be the best course of action for the auditor under
the circumstances?
Determine if the original serial numbers provided by the customer can be
traced to other records, such as production and inventory records.
Notify the appropriate authorities within the organization that there are
sufficient indicators that a fraud has been committed.
Summarize this item along with other valid transactions in the auditor?s test of
warranty transactions.
Verify with the appropriate supervisor that the warranty clerk had followed
relevant procedures in the processing and disposition of this claim.
Determine if the original serial numbers provided by the customer can be

traced to other records, such as production and inventory records.
70
Which of the following means would be theÿmostÿappropriate to minimize the
risk of a company?s buyer purchasing from a vendor who is a relative?
Maintain an approved-vendor file for purchases.
Establish a predetermined reorder point for purchases.
Perform a risk analysis for the purchasing function.
Establish a purchasing economic order quantity.
Maintain an approved-vendor file for purchases.
71
A receiving department receives copies of purchase orders for use in
identifying and recording inventory receipts. The purchase orders list the
name of the vendor and the quantities of the materials ordered. A possible
error that this system could allow is:
Overpayment for partial deliveries.
Delay in recording purchases.
Payment to unauthorized vendors.
Payment for unauthorized purchases.
Overpayment for partial deliveries.
72
A financial institution is overstating revenue by charging too much of each
loan payment to interest income and too little to repayment of principal. Which
of the following audit procedures would beleastÿeffective in detecting this
error?
Use test data and submit interest payments for various loans in the test
portfolio to determine if they are recorded correctly.
Use generalized audit software to take a random sample of loan payments
made during the period, calculate the correct posting amounts, and trace the
postings that were made to the various accounts.
Use an integrated test facility (ITF) and submit interest payments for various
loans in the ITF portfolio to determine if they are recorded correctly.
Perform an analytical review by comparing interest income this period as a
percentage of the loan portfolio with the interest income percentage for the
prior period.
Perform an analytical review by comparing interest income this period as a

percentage of the loan portfolio with the interest income percentage for the
prior period.
73
New credit policies have been implemented in the automated entry order
system to control collectability. These policies prevent entering any new sales
order that would cause customers? accounts receivable balance to exceed
average sales for any two-month period in the prior 12-month period.
Divisional sales management has compiled over a dozen examples that show
decreased sales and delayed order entry. Division management contends
these examples are a direct result of the new credit policy constraints. Sales
management?s data and information provide:
A statistically valid conclusion about the impact on customer goodwill
concerning the credit policy.
Evidence that the new credit policy is not meeting the stated corporate
objective to control the collectability of new sales volume.
Feedback control data on the new corporate credit policy.
Irrelevant argumentative information.
Feedback control data on the new corporate credit policy.
74
Which account balance isÿmostÿlikely to be misstated if an aging of accounts
receivable is not performed?
Sales returns and allowances.
Allowance for bad debts.
Accounts receivable.
Sales revenue.
Allowance for bad debts.
75
An internal auditor is conducting interviews of three employees who had
access to a valuable asset that has disappeared. In conducting the interviews,
the internal auditor should:
Conduct the interviews in a group.
Allow a suspect to return to work after the interview so as not to arouse
suspicions.
Respond to noncooperation by threatening adverse consequences of such
behavior.
Not indicate that management will forgo prosecution if restitution is made.
Not indicate that management will forgo prosecution if restitution is made.
76
Which of the following environmental control risks is more likely in a stand-
alone microcomputer environment than in a mainframe environment?
I. Copyright violations due to the use of unauthorized copies of purchased
software
II. Unauthorized access to data
III. Lack of data availability due to inadequate data retention policies
IV. I, II, and III
IV.
III.
I.
II.
IV.
77
A company controller is concerned that parts may be stolen because there is
no formal receiving function (i.e., receiving slips are not filled out). Production
raw materials are moved from rail cars directly to the production line, and
vendors are paid based on actual production. Which of the following
comments correctly portrays the current process?
I. Goods can be paid for only if they have been used in production. Stolen
goods or goods not shipped will not be paid for.
II. There is less handling of goods received, thereby decreasing the cost
associated with processing goods received as well as decreasing the
opportunities for errors to enter the system.
III. Shortages of materials in the system will be brought to a supervisor?s
attention because of production shutdowns.
Iv. I, II, and III
II only.
IV.
III only.
I only.
IV.
78
Management of a manufacturing company has requested the internal auditing
department perform an audit of the cash management system to evaluate the
adequacy of existing internal controls over cash management and identify
opportunities to increase management control and operating efficiency. The
company has four manufacturing divisions located in diverse geographic
areas. The company has delegated day-to-day cash management to each
local operating division. Excess cash is invested in short-term cash
management programs of local financial institutions. These short-term
investments are the only source of interest income for the operating divisions.
Each division has a line of credit with a local financial institution but must
arrange long-term financing needs through corporate headquarters.
In performing a review of cash management procedures in the divisions
during the preliminary audit planning, the internal auditor has noted that
management is concerned that:
Some divisions have excess cash balances and might not be investing short-
term balances in a manner to maximize returns to the company.
One division has automated the processing of cash receipts, but has not
implemented proper control procedures to ensure that all cash will be
recorded.
The divisions? cash management procedures may not be consistent with
overall corporate objectives (i.e., there may not be proper coordination
between corporate headquarters and divisions regarding cash management).
To address management?s concern that a division might not be adequately
investing short-term funds, management has developed a model that
estimates minimum daily cash balances for each division. To determine
whether a specific division is failing to maximize its invested cash,
management should implement a control procedure that compares:
Interest income per division with industry averages for similar companies.
Daily cash receipts and interest income across divisions to identify any
division with a variance of 5% or more.
Interest income for each division with the other three divisions.
Total daily cash balances at each division and interest income for a period
with projected interest income based on its model of minimum cash balances.
Total daily cash balances at each division and interest income for a period
with projected interest income based on its model of minimum cash balances.
79
the companies? two computer systems and control philosophy for individual
store operations.
The audit director for Company B decides to review selected store compliance
audit reports issued by the internal audit department of Company A. Upon
reviewing the reports, the director comments that most items included in the
report are inappropriate because they are very minor and cannot be
considered material. The director states that the management of Company B
would not tolerate such reports. Which of the following assertions by the audit
director of Company A is (are) valid?
I. These are the kinds of reports we have provided since the company has
been in operation, and they have served our company well.
II. The reports are consistent with management?s control philosophy and are
an integral part of the overall control environment.
III. Materiality is in the eyes of the beholder. Any deviation is considered
material by my management.
I only.
III only.
II and III.
II only.
II only.
80
A retail organization has just implemented electronic data interchange (EDI) to
issue purchase orders to major vendors. The client has developed a database
of approved vendors. New vendors can be added only after a thorough review
by the purchasing manager and marketing director. Only purchasing agents
can issue purchase orders, and the amount of purchase orders for a particular
product line cannot exceed a budgeted amount specified by the marketing
manager.
All purchases go to the distribution center, where they are electronically
scanned into the computer system. All incoming items must reference a
company purchase order, and any items that do not contain such a reference
will not be accepted. Prenumbered receiving slips are not used, but all
receipts are referenced to the purchase order. Price tags are generated per
the purchase order and for the quantities indicated by the electronically
scanned-in receiving report. The number of price tags generated is reconciled
with the number of products received.
The vendor sends an invoice to the retailer. The invoices are keypunched and
entered into the system. The computer software is programmed to match the
vendor invoice, the purchase order, and the receiving report. If the three items
are matched within a tolerance of 0.5%, the computer program schedules the
items for payment at a time to take advantage of purchase discounts. A check
is generated by the cash disbursements program and is electronically signed
and mailed. If there is a discrepancy among the three documents, a report is
printed and sent to the accounts payable department for investigation.
Which of the following items would be considered a control deficiency in the
receiving function?
I. The number of price tags generated is determined by the receiving reports
electronically scanned in during the receiving function.
II. Prenumbered receiving documents are not used.
III. There is no inspection of goods for quality.
IV. I, II, and III
I.
I, II, and III.
III.
II.
III.
81
In an organization that has a separate division that is primarily responsible for
fraud deterrence, the internal auditing department is responsible for:
Controlling that division?s fraud deterrence activities.
Planning that division?s fraud deterrence activities.
Examining and evaluating the adequacy and effectiveness of that division?s
actions taken to deter fraud.
Establishing and maintaining that division?s system of internal controls.
Examining and evaluating the adequacy and effectiveness of that division?s

actions taken to deter fraud.
82
A rental car company?s fleet maintenance division uses a different code for
each type of inventory transaction. A daily summary report lists activity by part
number and transaction code. The report is reconciled by the parts room
supervisor to the day?s material request forms and is then forwarded to the
fleet manager for approval. The reconciliation of the summary report to the
day?s material request forms by the parts room supervisor:
Confirms that all material request forms are entered for all parts issued.
Verifies that all material request forms were approved.
Provides documentation as to what material was available for a specific
transaction.
Ensures the accuracy and completeness of data input.
Ensures the accuracy and completeness of data input.
83
A company uses a local area network (LAN) with one client server. The
auditor wishes to determine whether LAN users are complying with company
policies related to the documentation of applications developed by end users
and shared by other users on the LAN. The most appropriate audit procedure
would be to:
Take a random sample of end-user applications stored on the server, and
examine the applications for compliance with company policies.
Send a survey to end users to test their knowledge of required application
documentation.
Take a random sample of end users, and examine all applications stored on
their computers for compliance with existing policies.
Send a questionnaire to end users to determine the extent to which they have
developed end-user applications for the LAN.
Take a random sample of end-user applications stored on the server, and

examine the applications for compliance with company policies.
84
A primary concern of an operational audit of the family welfare department of
a governmental unit would be:
Determining that proper measures of performances are used.
Adhering to generally accepted accounting principles (GAAP).
Ensuring that persons with direct client contact have at least a bachelor?s
degree.
Generating an adequate return on investment.
Determining that proper measures of performances are used.
85
An audit of the purchasing function disclosed that orders were placed for
materials that at that time were being disposed of as surplus. What corrective
action should be recommended?
Confirm all orders for replacement material with the user department.
Employ a historical reorder point system.
Have all purchase requisitions approved by the responsible purchasing agent.
Develop and distribute periodic reports of surplus stocks.
Develop and distribute periodic reports of surplus stocks.
86
An internal auditor is conducting an operational audit of the information
system department. Which of the following factors would the auditor give
theÿmostÿweight to in evaluating the effectiveness of the department?
It uses leading-edge technology.
It is given top priority in the budgeting process.
It has a large technical staff.
Its objectives and goals are consistent with the overall objectives of its
organization.
Its objectives and goals are consistent with the overall objectives of its
organization.
87
The primary objective in the operational audit of an organization?s employee
benefits program is to:
Determine that company policies on providing employee benefits are followed.
Be sure that the program is competitive with programs of other area
organizations.
Ascertain that the benefits provided are cost effective for the organization.
Check the adequacy and accuracy of accruals of employee benefit costs in
books and records.
Ascertain that the benefits provided are cost effective for the organization.
88
organizations.
The auditor wishes to estimate the additional cost of the added security.
Which of the following procedures would be theÿbestÿfirst step in providing
that evidence? Compare the total costs of computer security under the new
contract with the total computer security costs:
Previously incurred.
Previously incurred, as a percentage of total cost incurred.
Of each other entity managed by this outsourcer.
Of other governmental entities of similar size.
Previously incurred.
89
The internal audit department can be involved with systems development
continuously, at the end of specific stages, after implementation, or not at all.
An advantage of continuous internal audit involvement compared to the other
two types of involvement is that:
The threat of lack of audit independence can be minimized.
The cost of audit involvement can be minimized.
There are clearly defined points at which to issue audit comments.
Redesign costs can be minimized.
Redesign costs can be minimized.
90
Management asserted that the performance standards the auditors used to
evaluate operating performance were inappropriate. Written performance
standards that had been established by management were vague and had to
be interpreted by the auditor. In such cases auditors may meet their due care
responsibility by:
Establishing agreement with auditees as to the standards needed to measure
performance.
Assuring themselves that their interpretations are reasonable.
Assuring themselves that their interpretations are in line with industry
practices.
Incorporating management?s objections in the audit report.
Establishing agreement with auditees as to the standards needed to measure

performance.
91
system. The auditor reviews the retirement benefits plan and determines that
the pension and medical benefits have been changed several times in the
past ten years. The auditor wishes to determine whether there is justification
to perform further audit investigation. The most appropriate audit procedure
would be to:
Use generalized audit software to take a dollar-unit sample of retirement pay
and determine whether each retired employee was paid correctly.
Use generalized audit software to take an attributes sample of retirement pay,
and perform detailed testing to determine whether each person chosen was
given the proper benefits.
Review the trend of overall retirement expense over the last ten years. If the
retirement expense increased, it would indicate the need for further
investigation.
Review reasonableness of retirement pay and medical expenses on a per-
person basis stratified by which plan was in effect when the employee retired.
Review reasonableness of retirement pay and medical expenses on a per-

person basis stratified by which plan was in effect when the employee retired.
92
Maintaining a file of purchase orders in the receiving department for
merchandise ordered but not yet received helps ensure that:
Goods received are not misappropriated.
Goods are properly counted when they arrive.
Only authorized shipments are accepted.
Goods are delivered to the appropriate department in a timely manner.
Only authorized shipments are accepted.
93
An unauthorized employee picked up a printout of salary data from the
computer center after the last payroll update. Thebestÿcontrol for ensuring
that only authorized employees receive sensitive printouts is logging and:
Controlled destruction of obsolete printouts.
Signed confirmation by recipients.
Enforced expiration date on sensitive printouts.
Access control over printout files on disk.
Signed confirmation by recipients.
94
During an audit of the accounts receivable function, the auditor found that the
accounts receivable turnover rate had fallen from 7.3 to 4.3 over the last three
years. What is the most likely cause of the decrease in the turnover rate?
A change from net 30 to net 25.
Greater cash sales.
A more liberal credit policy.
An increase in the discount offered for early payment.
A more liberal credit policy.
95
environmental laws.
Management is evaluating the need for an environmental audit program.
Which one of the following shouldÿnotÿbe included as an overall program
objective?
Conduct site assessments at both facilities.
Ensure that management systems are adequate to minimize future
environmental risks.
Verify company compliance with all environmental laws.
Evaluate waste minimization opportunities.
Conduct site assessments at both facilities.
96
Select the appropriate population from which to draw a sample when the audit
objective is to evaluate compliance with controls designed to ensure that all
shipments are billed.
Cash receipts records.
Prenumbered shipping documents.
Prenumbered customer invoices.
Customer accounts receivables.
Prenumbered shipping documents.
97
A significant employee fraud took place shortly after an internal audit. The
internal auditor mayÿnotÿhave properly fulfilled the responsibility for the
deterrence of fraud by failing to note and report that:
Policies, practices, and procedures to monitor activities and safeguard assets
were less extensive in low-risk areas than in high-risk areas.
There were no written policies describing prohibited activities and the action
required whenever violations are discovered.
A system of control that depended on separation of duties could be
circumvented by collusion among three employees.
Divisional employees had not been properly trained to distinguish between
bona fide signatures and cleverly forged ones on authorization forms.
There were no written policies describing prohibited activities and the action
required whenever violations are discovered.
98
A perpetual inventory system uses a minimum quantity on hand to initiate
purchase-ordering procedures for restocking. In reviewing the
appropriateness of the minimum quantity level established by the stores
department, the auditor would beÿleastlikely to consider:
Available storage space and potential obsolescence.
Stock-out costs, including lost customers.
Seasonal variations in forecasting inventory demand.
Optimal order sizes determined by the economic order quantity model.
Optimal order sizes determined by the economic order quantity model.
99
The internal auditing department was not involved in a major system
conversion in which customer records for $100,000 of receivables were lost.
Which of the following internal auditing roles would help prevent such losses
in the future?
Performance of a feasibility study.
Use of an integrated test facility.
Management of the conversion process.
Involvement in all phases of the system development life cycle.
Involvement in all phases of the system development life cycle.
100
Which of the following describes a control weakness?
Purchasing procedures are well designed and followed unless otherwise
directed by the purchasing supervisor.
Prenumbered blank purchase orders are secured within the purchasing
department.
Normal operational purchases fall in the range from $500 to $1,000 with two
check signers required for purchases over $1,000.
The purchasing agent invests in a publicly traded mutual fund that lists the
stock of one of the company?s suppliers in its portfolio.
Purchasing procedures are well designed and followed unless otherwise

directed by the purchasing supervisor.
101
An audit of the payroll function revealed several instances where a payroll
clerk had added fictitious employees to the payroll and deposited the checks
in accounts of close relatives. What control should have prevented such
actions?
Allowing changes to the payroll to be authorized only by the personnel
department.
Having the treasurer?s office sign payroll checks.
Establishing a policy to deal with close relatives working in the same
department.
Using time cards and attendance records in the computation of employee
gross earnings.
Allowing changes to the payroll to be authorized only by the personnel

department.
102
The major purpose of the internal auditor?s study and evaluation of the
company?s information technology (IT) operations is to:
Evaluate the competence of IT operating personnel.
Become familiar with the company?s means of identifying, measuring,
classifying, and reporting information.
Ensure the exercise of due professional care.
Evaluate the reliability and integrity of financial and operating information.
Evaluate the reliability and integrity of financial and operating information.

103
Due to the small staff, one remote unit?s petty cash custodian also had
responsibility for the imprest fund checking account reconciliation. The cashier
concealed a diversion of funds by altering the beginning balance on the
monthly reconciliations sent to the group office. A possible audit test to detect
this would be to:
Determine if any employees are leading expensive lifestyles.
Require additional monitoring by headquarters whenever improper
segregation of duties exists at remote units.
Compare monthly balances and use change and trend analysis.
Determine if any employees have high personal debt.
Compare monthly balances and use change and trend analysis.
104
manager.
The auditor wishes to determine that the program is correctly approving items
for payment only when the purchase order, receiving report, and vendor
invoice match within the tolerable 0.5%. Assume all the following suggested
audit procedures would have been implemented to function over the proper
time period. Which of the following computerized audit procedures would
provide theÿmostÿpersuasive evidence as to the correct operation of the
program?
Implementing a systems control and audit review file (SCARF) audit technique
that will automatically select all transactions when the purchase order exceeds
a specific dollar limit.
Using a test data approach at year-end by submitting mock purchase orders,
vendor invoices, and receiving quantities.
Using generalized audit software to take a random sample of purchase orders
and tracing the selected items to the vendor invoice and receiving document.
Implementing an integrated test facility with auditor-submitted test items
throughout the period under analysis.
Implementing an integrated test facility with auditor-submitted test items

throughout the period under analysis.
105
Which of the following isÿnotÿlikely to be included as an audit step when
assessing vendor performance policies?
Determine whether only authorized items were received from vendors.
Determine whether vendors sent agreed-on lot sizes.
Determine whether the balances owed to vendors are correct.
Determine whether the quality of the goods purchased from the vendors has
been satisfactory.
106
organizations.
Regarding the audit finding of an advanced computing security system, what
is theÿmostÿappropriate course of action by the auditor?
Exclude the finding from the audit report because the contract was vague and
the level of security is clearly acceptable.
Compare the cost with previous costs incurred by governmental operations
and inform the outsourcer that the difference will be a disallowed cost.
Estimate the amount of cost used to develop the advanced security system
and inform the outsourcer that it will be a disallowed cost.
Estimate the added cost, report it to management, and suggest that
management meet with its lawyers and the outsourcer to resolve differences.
Estimate the added cost, report it to management, and suggest that

management meet with its lawyers and the outsourcer to resolve differences.
107
The objective of a program results audit requires the auditor to:
Place an emphasis on outputs rather than inputs.
Look for cost savings or waste.
Render an opinion on the fairness of financial presentation.
Include only historical data in the audit.
Place an emphasis on outputs rather than inputs.
108
Which of the following documents should the auditor examine to determine if
only authorized purchases are being accepted by the receiving department?
Policies and procedures for the receiving function.
A copy of the purchase order.
An invoice.
A bill of lading.
A copy of the purchase order.
109
During the audit of payments under a construction contract with a local firm,
the auditor finds a $900 recurring monthly reimbursement for rent at a local
apartment complex. Each reimbursement is authorized by the same project
engineer. The auditor finds no provision for payment of temporary living
expenses in the construction contract. Discussion with the project engineer
could not resolve the matter. The auditor should:
Call the engineer into a private meeting to confront the situation.
Complete the audit as scheduled, noting the $900 recurring reimbursement in
the work papers.
Inform the audit director.
Wait until the engineer is surrounded by plenty of witnesses and then inquire
about the payments.
Inform the audit director.
110
An internal auditor is preparing a report that discusses the possibility of
employee fraud by a specific named employee. The auditor should be careful
that distribution of the report be limited on a need-to-know basis. Failure to
follow this caveat may result in the auditor and/or the employer being found
liable for:
Slander.
Malicious prosecution.
Libel.
Compounding a felony.
Libel.
111
store operations.
Assume the auditor concludes that the most reasonable explanation of the
observed data in the prior question is that inventory fraud is taking place in the
three stores. Which of the following audit activities would provide
theÿmostpersuasive evidence that fraud is taking place?
Use an integrated test facility (ITF) to compare individual sales transactions
with test transactions submitted through the ITF. Investigate all differences.
Interview the three individual store managers to determine if their explanations
about the observed differences are the same, then compare their explanations
to that of the section manager.
Take a sample of individual store prices and compare them with the sales
entered on the cash register for the same items.
112
According to the IIAÿStandards, the role of internal auditing in the
investigation of fraud includes all of the followingexcept:
Assessing the probable level and extent of complicity in the fraud within the
organization.
Interrogating suspected perpetrators of the fraud.
Designing the procedures to follow in attempting to identify the perpetrators,
extent of the fraud, techniques used, and cause of the fraud.
Coordinating activities with management personnel, legal counsel, and other
appropriate specialists throughout the investigation.
Interrogating suspected perpetrators of the fraud.
113
A multinational corporation has an office in a foreign branch with a monetary
transfer facility. Good internal control requires that:
The branch manager not deliver payroll checks to employees.
The hiring of individual branch employees is approved by the headquarters
office.
Foreign currency translation rates are computed separately by two branch
employees in the same department.
The person making wire transfers not reconcile the bank statement.
114
An internal auditor reported a suspected fraud to the director of internal
auditing. The director turned the entire case over to the security department.
Security failed to investigate or report the case to management. The
perpetrator continued to defraud the organization until being accidentally
discovered by a line manager two years later. Select the most appropriate
action for the audit director.
The director?s actions were correct.
The director should have discharged the perpetrator.
The director should have conducted the investigation.
security.
security.
115
A department developed an integrated end-user computing (EUC) application
involving timekeeping, payroll, and labor cost accounting. The department
used its own personnel to design and program the application using a fourth-
generation language (4GL). Subsequently, the department hired outside
consultants to rewrite certain components. The application was implemented
on the departmental local area network (LAN) and connected with the
corporate mainframe system to allow the transfer of data between them.
The internal audit department ranked the EUC applications of the organization
according to the perceived risk. As a result, the timekeeping/payroll/labor cost
accounting application was selected for an information technology audit.
Certain payroll transactions were posted to the payroll file but were not
uploaded correctly to the general ledger file on the mainframe.
Theÿbestÿcontrol to detect this type of error would be:
A record or log of items rejected during processing.
Balancing totals of critical fields.
An appropriate edit and validation of data.
A standard method for uploading mainframe data files.
Balancing totals of critical fields.
116
Employing which of the following can prevent unauthorized alteration of online
records?
Key verification.
Computer sequence checks.
Computer matching.
Database access controls.
Database access controls.
117
The internal auditor of a company has been assigned to perform an audit of
the company?s investment activities with particular emphasis on the
company?s use of new financial instruments referred to as derivatives.
Assume that the director of internal auditing determines that the department
does not have the requisite skills to conduct an audit of the financial
derivatives area. Which of the following actions would be
theÿleastÿacceptable?
Employ the skills of a financial derivatives expert to consult on the project, and
supplement the consulting with a local seminar on financial derivatives.
Notify the audit committee of the problem, and consult with them regarding
outsourcing the audit to a qualified external auditing firm.
Determine the requisite knowledge needed, and obtain the proper training for
auditors if such training is available within the appropriate time framework
outlined by the audit committee.
Notify the audit committee of the problem, and assign the most competent
auditors to the job.
Notify the audit committee of the problem, and assign the most competent
auditors to the job.
118
A manager prepared and signed checks payable to a fictitious supplier and
deposited the checks into a personal bank account. Which of the following
internal controls wouldÿmostÿlikely have prevented, or at least detected, the
embezzlement?
Use of competitive bids for all purchases.
A responsible employee must account for the numerical sequence of checks
on a regular basis.
A check signer other than the manager must sign checks only when approved
invoices are presented with the completed, unsigned check.
Payments to suppliers must be made by certified check.
A check signer other than the manager must sign checks only when approved
invoices are presented with the completed, unsigned check.
119
The internal auditor can participate in the review of the systems development
process at varying intervals, including continuous involvement, only at the end
of discrete stages, or after implementation of the system. The advantages of
continuous internal audit involvement include all of the followingexcept:
Reduced need for subsequent rework of controls.
The opportunity to provide significant suggestions to the design team.
Reduced overall internal audit expense when compared to the other intervals.
Improved design and specification of controls.
Reduced overall internal audit expense when compared to the other intervals.
120
When assessing application controls, which one of the following input controls
or edit checks isÿmostÿlikely to be used to detect a data input error in the
customer account number field?
Validity check.
Hash total.
Control total.
Limit check.
Validity check.
121
either been repaired or shipped back to the original customer or repaired and
Assume the auditor found that most of the goods were repaired and sold as
new items. Such sales are both against company policy and against
governmental regulations. The auditor does not know whether fraud was
involved or the extent that divisional management had been involved in the
scheme. The auditor should report the finding to:
The audit committee and top management only.
Divisional management and relevant regulatory bodies, since it is a clear
violation.
Divisional management only, since they are responsible for correcting the
problem.
Divisional management, the audit committee, and senior management.
Divisional management, the audit committee, and senior management.
122
In the examination of materials receiving operations for a manufacturer of
small appliances, the auditor will usually bemostÿconcerned with the risk of:
Receiving unordered goods.
Receiving goods in excess of current needs.
Acquiring goods from related parties at inflated prices.
Failing to detect substandard materials received.
Failing to detect substandard materials received.
123
store operations.
The two organizations agree to share data on store operations. The data
reveal that three stores in Company A are characterized by
'+Significantly lower gross margins.
'+Higher-than-average sales volume.
'+Higher levels of employee bonuses.
The three stores are part of a set of six that are managed by a relatively new
section manager. In addition, the store managers of the three stores are also
relatively new. Theÿmostÿlikely cause of the observed data is:
Problems with employee training and employee ability to meet customer
needs.
The relative inexperience of the store managers.
Fraudulent activity whereby goods are taken from the stores, thus resulting in
the lower gross margins.
124
manager.
Theÿbestÿprocedure to determine whether the control procedure to limit the
amount of purchases for a particular product line was working properly during
the past year would be to:
Implement a snapshot audit approach, which will tag selected transactions
and print them out with a listing of items arranged by purchasing agent.
Use parallel simulation techniques to compute the amount of purchases
authorized and compare that amount with the amount actually purchased.
Use generalized audit software to prepare a list of purchases by product line.
Compare the amounts with the amounts authorized by the marketing
manager.
Submit test data to the program controlling purchases. (The amount of data
entered should exceed the authorized purchases.) Examine the computer
output.
Use generalized audit software to prepare a list of purchases by product line.

Compare the amounts with the amounts authorized by the marketing
manager.
125
The internal auditors for a large manufacturing company have been requested
to conduct a review of the company?s production planning system. Production
data, collected on personal computers (PCs) connected by a local area
network (LAN), are used for generating automatic purchases via electronic
data interchange. Purchases are made from authorized vendors based on
production plans for the next month and on an authorized materials
requirement plan (MRP) that identifies the parts needed per unit of production.
The production line has experienced shutdowns because needed production
parts were not on hand. Management wants to know the cause of this
problem. Which of the following audit proceduresÿbestÿaddresses this
objective?
Take a random sample of production information for selected days and trace
input into the production database maintained on the LAN.
Determine if access controls are sufficient to restrict the input of incorrect data
into the production database.
Take a random sample of parts on hand per the PC databases and compare
with actual parts on hand.U
se generalized audit software to develop a complete list of the parts shortages
that caused each of the production shutdowns, and analyze this data.
Use generalized audit software to develop a complete list of the parts

shortages that caused each of the production shutdowns, and analyze this
data.
126
Backup and recovery controls are crucial to ensuring the reliability of a
teleprocessing network. When reviewing the controls over backup and
recovery, which of the following wouldnotÿbe included?
Review of use and adequacy of encryption processes.
Review of adequacy of user data file backups on the local area network
(LAN).
Review of controls over hardware and software failures.
Review of adequacy of documents/manuals informing all personnel of their
backup and recovery responsibilities.
Review of use and adequacy of encryption processes.
127
Successful consultative communication in an internal audit is partially based
on feedback from auditees about auditors? actions during the audit. This
feedback:
being added.
Will keep auditees on the defensive regarding the auditors.
Should go only to senior management as a means of reviewing the auditors.
Should go only to the auditors to help them improve their audit performance.

being added.
128
The major reason for the internal auditor?s involvement in information
technology (IT) system development is for the internal auditor to:
Help minimize the cost and development time for new systems.
Help ensure that systems have adequate control procedures.
Propose enhancements for subsequent development and implementation.
Gain familiarity with systems for use in subsequent reviews.
Help ensure that systems have adequate control procedures.
129
When an office supply company is unable to fill an order completely, it marks
the out-of-stock items as back-ordered on the customer?s order and enters
these items in a back-order file that management can view or print. Customers
are becoming disgruntled with the company because it seems unable to keep
track of and ship out-of-stock items as soon as they are available.
Theÿbestÿapproach for ensuring prompt delivery of out-of-stock items is to:
Implement electronic data interchange with supply vendors to decrease the
time to replenish inventory.
Increase inventory levels to minimize the number of times that out-of-stock
conditions occur.
Match the back-order file to goods shipped daily.
Reconcile the sum of filled and back orders with the total of all orders placed
daily.
Match the back-order file to goods shipped daily.
130
To determine whether refunds granted to customers were properly approved,
an internal auditor should trace accounts receivable entries to:
Credit memos.
Remittance advices.
Sales invoices.
Shipping documents.
Credit memos.
131
Much nonprofit organization fundraising is done over the telephone. Which of
the following control procedures would beleastÿeffective in gaining assurance
that all of the pledges made by telephone are recorded and designated for
payment to the organization?
Automatic computer recording of all phone calls, coupled with supervisory
monitoring of randomly selected phone calls
Management reports that compare funds raised this year with funds raised
last year on a per-call basis
Periodic monitoring of phone calls by management personne
lA confirmation program that randomly selects donations received and
confirms the amounts with the donors
A confirmation program that randomly selects donations received and

confirms the amounts with the donors
132
In order to ensure the proper addition/deletion of authorizations in an
operational audit of data access security, an internal auditor would verify that:
A systems programmer keeps records of all additions/deletions of access
changes.
Revoked access privileges are canceled on a weekly cycle.
Access privileges are activated promptly after they are authorized.
Individuals who are not employees have no access privileges.
Access privileges are activated promptly after they are authorized.
133
company?s use of new financial instruments referred to as derivatives.ÿAn
investment portfolio manager has the authority to use financial derivatives to
hedge transactions but is not supposed to take speculative positions.
However, the manager launches a scheme that includes (1) taking a position
larger than required by the hedge, (2) putting the speculative gains in a
suspense account, and (3) transferring the funds to a nonexistent broker and
from there to a personal account. Which of the following audit procedures
would beleastÿeffective in detecting this fraud?
Sample individual trades and determine the exact matching of a hedge.
Schedule and investigate all differences.
Sample all debits to the suspense account and examine their disposition.
Sample fund transfers to brokers and determine if the brokers are on the
authorized list for company transactions.
Examine individual trades to determine whether the trades violate the
authorization limit for the manager.
Examine individual trades to determine whether the trades violate the

authorization limit for the manager.
134
According to the IIA Standards, internal auditors should be involved in fraud
investigations as:
Sole investigators.
Independent observers.
Nonparticipants.
Part of an investigation team.
Part of an investigation team.
135
An internal auditor is examining a production facility shortly after the close of
the fiscal year. Each question consists of a specific audit procedure and a
choice of four different audit findings. Which of the errors or questionable
practices isÿmost likelyÿto be detected by the audit procedure specified? The
internal auditor tours the production facility.
Depreciation expense on fully depreciated machinery has been recognized.
Overhead has been overapplied.
Insurance coverage on the facility has lapsed.
Necessary facility maintenance has not been performed.
Necessary facility maintenance has not been performed.
136
In an audit of a nonprofit organization?s special fund, theÿprimaryÿaudit
objective would be to determine if the entity:
Applied the funds in a way that would benefit the greatest number of people.
Complied with existing fund requirements and performed specified activities.
Managed its resources economically and efficiently.
Prepared its financial statements in accordance with generally accepted
accounting principles (GAAP).
Complied with existing fund requirements and performed specified activities.
137
An internal auditor has detected probable employee fraud and is preparing a
preliminary report for management. This report should include:
The results of a polygraph test administered to the suspected perpetrator(s) of
the fraud.
A statement that an internal audit conducted with due professional care
cannot provide absolute assurance that irregularities have not occurred.
The auditor?s conclusion as to whether sufficient information exists to conduct
an investigation.
A list of proposed audit tests to help disclose the existence of similar frauds in
the future.
The auditor?s conclusion as to whether sufficient information exists to conduct

an investigation.
138
When computer-matching the employee master file against the payroll
transaction file (consisting of time records for each hourly production worker
and overtime records for salaried staff), the auditor is essentially testing for
the:
Completeness of overtime records.
Reasonableness of production worker?s pay rates.
Reasonableness of staff salaries.
Existence of payments to fictitious employees.
Existence of payments to fictitious employees.
139
Which of the following activities represents both an appropriate personnel
department function and a deterrent to payroll fraud?
Authorization of additions and deletions from the payroll.
Authorization of overtime.
Collection and retention of unclaimed paychecks.
Distribution of paychecks.
Authorization of additions and deletions from the payroll.
140
Theÿbestÿsource of evidence to determine if ex-employees continue to have
access to a company?s automated databases is:
Reviewing computer logs of access attempts.
Reviewing access control software to determine whether the most current
version is implemented.
Reconciling current payroll lists with database access lists.
Discussing the password removal process with the database administrator.
Reconciling current payroll lists with database access lists.
141
An internal auditor is interviewing three individuals, one of whom is suspected
of committing a fraud. Which of the following is theÿleastÿeffective
interviewing approach?
Listen carefully to what the interviewee has to say.
Ask each individual to prepare a written statement explaining his or her
actions.
Attempt to get the suspect to confess.
Take the role of one seeking the truth.
Attempt to get the suspect to confess.
142
One objective of an audit of the purchasing function is to determine the cost of
late payment of invoices containing trade discounts. The appropriate
population from which a sample would be drawn is the file of:
Canceled checks.
Paid vendor invoices.
Receiving reports.
Purchase orders.
Paid vendor invoices.
143
Upon receipt of purchased goods, receiving department personnel match the
quantity received to the packing slip quantity and mark the retail price on the
goods based on a master price list. The annotated packing slip is then
forwarded to inventory control, and goods are automatically moved to the
retail sales area. The most significant control strength of this activity is:
Using a master price list for marking the sale price.
Immediately pricing goods for retail sale.
Matching quantity received to the packing slip.
Automatically moving goods to the retail sales area.
Using a master price list for marking the sale price.
144
An audit procedure for evaluating whether an online order entry system is
efficient is to:
Compare the cost of processing the orders manually with the cost of the
online system.
Determine the total number of transactions processed by the system for each
of the previous 12 months and note any fluctuations.
Compare the cost of developing the order entry system with the cost of
developing other applications.
Review copies of weekly and monthly reports that show system availability
(uptime) and terminal response times, and compare with service-level
objectives.
Review copies of weekly and monthly reports that show system availability
(uptime) and terminal response times, and compare with service-level
objectives.
145
When the labor cost accounting component of the application was first
implemented, it did not meet certain business requirements in the department
and had to be substantially rewritten. Which one of the following risks
associated with EUC application development could have led directly to this
result?
End-user applications may not receive the independent testing associated
with traditional development.
There may be insufficient review and analysis of user needs when user and
analyst functions are no longer separate.
End-user applications may not be adequately documented to facilitate review.
Segregation of duties would be inadequate if the same person performed
programmer and operator functions.
There may be insufficient review and analysis of user needs when user and
analyst functions are no longer separate.
146
If a manufacturing firm has established a limit on the number of defects that
are tolerable in the final assembly of its product, which of the following quality
control procedures should be employed?
I.Inspect completed goods for compliance with established tolerances.
II.Review sales returns for defects not detected during the final inspection
process.
III.Compare materials and machinery specifications to original product
designs.
IV.Establish a quality circle that includes management and subordinates to
discuss labor efficiency.
II and III only.
III and IV only.
I, II, and III.
I, III, and IV.
I, II, and III.
147
During the course of a bank audit, the auditors discover that one loan officer
had approved loans to a number of related but separate organizations, in
violation of regulatory policies. The loan officer indicated that it was an
oversight and would not happen again. However, the auditors believe it may
have been intentional because the loan officer is related to one of the primary
owners of the corporate group that controls the related organizations. The
auditors should:
Expand the audit work to determine if there may be fraudulent activity on the
part of the loan officer and report the findings to management when the follow-
up investigation is complete.
Not report the violation if the loan officer agrees to take corrective action.
Inform management of the conflict of interest and the violation of the
regulatory requirements and suggest further investigation.
Report the violation to the regulatory agency because it constitutes a
significant breakdown of the bank?s control structure.
Inform management of the conflict of interest and the violation of the

regulatory requirements and suggest further investigation.
148
system. The automated system contains a table of pay rates that is matched
to the employee job classifications. The best control to ensure that the table is
updated correctly for only valid pay changes would be to:
Require that all pay changes be signed by the employee to verify that the
change goes to a bona fide employee.
Require a supervisor in the department who does not have the ability to
change the table to compare the changes to a signed management
authorization.
Limit access to the data table to management and line supervisors who have
the authority to determine pay rates.
Ensure that adequate edit and reasonableness checks are built into the
automated system.
Require a supervisor in the department who does not have the ability to
change the table to compare the changes to a signed management
authorization.
149
It would be appropriate for internal auditing departments to use consultants
with expertise in health care benefits when the internal auditing department is:
I.Conducting an audit of the organization?s estimate of its liability for
postretirement benefits that include health care benefits.
II.Comparing the cost of the organization?s health care program with other
programs offered in the industry.
III.Training its staff to conduct an audit of health care costs in a major division
of the organization.
IV. I, II, and III
III only.
I only.
II only.
IV.
IV.
150
During an audit of a defense contract, the auditor becomes concerned with
the possibility of inappropriate charges to overhead. However, when
examining the underlying documentation of expenses, the auditor finds that all
expenditures are properly supported. All billings show total cost and the
application of a percentage overhead rate that appears consistent with
previous years. Which of the following audit procedures would
beÿleasteffective in addressing the auditor?s concern?
Retest the computation of the overhead by multiplying actual costs by the
overhead rate.
Recompute the overhead rate to determine if it is properly computed on the
appropriate base.
Take a probability-proportional-to-size sample of expenditures included in the
company?s overhead expense and examine to determine if they are
consistent with the contract.
Take a sample of contractor payments to determine if the underlying expense
was appropriately classified as contract expense or overhead.
Take a sample of contractor payments to determine if the underlying expense

was appropriately classified as contract expense or overhead.
151
Your firm has recently converted its purchasing cycle from a manual to an
online computer system. You have been placed in charge of the first
postimplementation audit of the new system and have access to a generalized
audit software package. One of your objectives is to determine whether all
material liabilities for trade accounts payable have been recorded. Which of
the following wouldÿmostÿhelp you achieve this objective?
A listing of all accounts payable ledger accounts with a post office box given
as the vendor mailing address.
A listing of all duplicates: (1) purchase orders, (2) receiving reports, and (3)
vendor invoices.
A listing of all vendors with a debit balance in the accounts payable ledgers.
A listing of all purchase transactions processed after the cutoff date.
A listing of all purchase transactions processed after the cutoff date.
152
A hospital is evaluating the purchase of software to integrate a new cost
accounting system with its existing financial accounting system. Which of the
following describes theÿmosteffective way for internal audit to be involved in
the procurement process?
Internal audit has no involvement since the system has already been
developed externally.
Evaluate whether the application design meets internal development and
documentation standards.
Evaluate whether performance specifications are consistent with the
hospital?s needs.
Determine whether the prototyped model is validated and reviewed with users
before production use begins.
Evaluate whether performance specifications are consistent with the

hospital?s needs.
153
During a postcompletion audit of a warehouse expansion, the auditor noted
several invoices for redecorating services from a local merchant that were
account-coded and signed for payment only by the cost engineer. The auditor
should:
Consult with the cost engineer for assurance that these purchases were
authorized for this construction project.
Compare the cost and description of the services to the account code used in
the construction project and to related estimates in the construction-project
budget.
Recommend reclassifying the expenditure to the appropriate account code for
redecorating services.
Obtain a facsimile of the cost engineer?s signature from the accounts payable
group and compare it to the signature on the invoices.
Compare the cost and description of the services to the account code used in
the construction project and to related estimates in the construction-project
budget.
154
A means of ensuring that payroll checks are drawn for properly authorized
amounts is to:
Conduct periodic floor verification of employees on the payroll.
Require that undelivered checks be returned to the cashier.
Supervisory approval of employee time cards.
Witness the distribution of payroll checks.
Supervisory approval of employee time cards.
155
The auditor suspects a disbursements fraud whereby an unknown
employee(s) is submitting and approving invoices for payment. Before
discussing the potential fraud with management, the auditor decides to gather
additional evidence. Which of the following procedures would beÿmostÿhelpful
in providing the additional evidence?
Select a sample of receiving reports representative of the period under
investigation and trace to approved payment. Note any items not properly
processed.
Select a sample of payments made during the year and investigate each one
for approval.
Take a sample of invoices received during the past month; examine to
determine if properly authorized for payment; and trace to underlying
documents such as receiving reports.
Use audit software to develop a list of vendors with post office box numbers or
other unusual features. Select a sample of those items and trace to supporting
Use audit software to develop a list of vendors with post office box numbers or
other unusual features. Select a sample of those items and trace to supporting
156
environmental laws.
If the internal auditing department is assigned the responsibility of conducting
an environmental audit, which of the following actions should be
performedfirst?
Provide the assigned staff with technical training.
Conduct risk assessments for each site.
Review company policies and procedures.
Review the environmental management system.
Provide the assigned staff with technical training.
157
A means of preventing production delays as a consequence of equipment
breakdowns and repairs is to:
Preauthorize maintenance department work orders and overtime pay.
Schedule production based on capacity utilization.
Budget maintenance department activities based on an analysis of equipment
work orders.
Establish a preventive maintenance program for all production equipment.
Establish a preventive maintenance program for all production equipment.
158
A compliance audit of the reporting cycle is being planned. The auditors are
specifically concerned with the control of sensitive data on quarterly reports
that could be used by competitors. The distribution of sensitive financial data
should be determined by:
The data security officer.
The vice president of finance.
Approved corporate policy.
Approved corporate policy.
159
Shipments are made from the warehouse based on customer purchase
orders. The matched shipping documents and purchase orders are then
forwarded to the billing department for sales invoice preparation. The shipping
documents are neither accounted for nor prenumbered. Which of the following
substantive tests should be extended as a result of this control weakness?
Select bills of lading from the warehouse and trace the shipments to the
related sales invoices.
Select sales invoices from the sales register and examine the related shipping
documents.
Trace quantities and prices on the sales invoice to the customer purchase
order and test extensions and footings.
Foot the sales register and trace the total to the general ledger.
Select bills of lading from the warehouse and trace the shipments to the
related sales invoices.
160
Which of the following is not a benefit of using information technology in
solving audit problems?
It increases audit opportunities.
It improves the auditor?s judgment.
It improves the timeliness of the audit.
It helps reduce audit risk.
161
A company recently entered into a cost-plus contract to build a new and larger
manufacturing plant. Which of the following auditing procedures would be
ofÿmostÿimportance to the auditor reviewing this contract?
Review the contract and all of the related bids received to ascertain that the
company selected the contractor with the lowest bid.
Review the business integrity of the contractor through direct inquiry.
Review the contract for a specific date of completion.
Review the contract to ascertain that it contains a provision for the right of
system review and cost audits of the contractor.
Review the contract to ascertain that it contains a provision for the right of
system review and cost audits of the contractor.
162
A payroll clerk working through a computerized payroll system increased the
hourly pay rate for two employees and shared the resulting overpayments with
the employees. Which of the following would haveÿbestÿserved to prevent this
illegal act?
Limiting access to master payroll records to supervisory personnel in the
payroll department.
Reconciling pay rates per personnel records with those of the payroll system
annually.
Monitoring of payroll costs by department heads on a monthly basis.
Requiring that all changes to pay records be recorded on a standard form.
Limiting access to master payroll records to supervisory personnel in the
payroll department.
163
An internal auditor is auditing the cash receipts function. The firm is a
wholesaler that makes all shipments by private trucking firms. Its billing policy
is to require payment of individual invoices. All cash receipts arrive by mail in
the form of customer checks. The firm grants a 2% cash discount to
customers who pay their bills within 15 days. When customers improperly
deduct a discount from a remittance made after the 15-day period, the check
is deposited as usual, but the customer?s account is credited for only the net
(rather than the gross) amount. In order to determine whether undeserved
cash discounts are being allowed, the auditor should:
Compare duplicate deposit tickets with related monthly bank statements and
remittance advices.
Compare cash receipts journal entries with related remittance advices and
sales invoices.
Reconcile monthly bank statements with particular emphasis on deposits in
transit included as reconciling items.
Verify account balances by mailing confirmations to a sample of the firm?s
customers.
Compare cash receipts journal entries with related remittance advices and
sales invoices.
164
A Certified Internal Auditor directs the audit function for a large city and is
planning the audit schedule for the next year. The city has a number of
different funds, some that are restricted in use by government grants and
some that require compliance reports to the government. One of the programs
for which the city has received a grant is job retraining and placement. The
grant specifies certain conditions a participant in the program must meet in
order to be eligible for the funding. The auditor randomly selects participants
in the job retraining program for the past year to verify that they had met all
the eligibility requirements. This type of audit is best referred to as a(n):
Program audit.
Compliance audit.
Economy and efficiency audit.
Operational audit.
Compliance audit.
165
As part of cash management procedures, the treasurer of a nonprofit
organization has decided to invest in a variety of new financial instruments.
The audit committee has asked the internal audit department to conduct an
audit of the adequacy of controls over the new investing techniques. Which of
the following wouldÿnotÿbe required as part of such an audit?
Determine the extent of management oversight over investments in
sophisticated instruments.
Determine whether the treasurer is getting higher or lower rates of return on
investments than are treasurers in comparable organizations.
Determine if policies exist that describe the risks the treasurer may take and
the types of instruments in which the treasurer may make investments.
Determine the nature of controls established by the treasurer to monitor the
risks in the investments.
Determine whether the treasurer is getting higher or lower rates of return on

investments than are treasurers in comparable organizations.
166
When conducting fraud investigations, internal auditing should:
Perform its investigation independent of lawyers, security personnel, and
specialists from outside the organization who are involved in the investigation.
Assess the probable level and the extent of complicity of fraud within the
organization.
Clearly indicate the extent of internal auditing?s knowledge of the fraud when
questioning suspects.
Assign personnel to the investigation in accordance with the audit schedule
established at the beginning of the fiscal year.
Assess the probable level and the extent of complicity of fraud within the
organization.
167
An internal auditor was performing an operational audit of the purchasing and
accounts payable system. The audit objective was to identify changes to
processes that would improve efficiency and effectiveness. Which of the
following statements support the auditor?s recommendation that electronic
data interchange (EDI) should be implemented within a company?
I.There is a small number of transactions.
II.There is a time-sensitive just-in-time purchase environment.
III.There is a large volume of custom purchases.
IV.There are multiple transactions with the same vendor.
I and III.
II, III, and IV.
I only.
II and IV only.
II and IV only.
168
Which of the following isÿnotÿlikely to be included as an audit step when
assessing vendor performance policies?
Determine whether the quality of the goods purchased from the vendors has
been satisfactory.
Determine whether vendors sent agreed-on lot sizes.
Determine whether only authorized items were received from vendors.
169
Most large-scale computer systems maintain at least three program libraries:
production library (for running programs), source code library (maintains
original source coding), and test library (for programs that are being changed).
Which of the following statements is correct regarding the implementation of
sound controls over computer program libraries?
Only programmers should have access to the production library.
Users should have access to the test library to determine whether all changes
are properly made.
The computer operator should have access to both the production library and
the source code library to assist in diagnosing computer crashes.
Only the program librarian should be allowed to make changes to the
production library.
Only the program librarian should be allowed to make changes to the

production library.
170
An auditor reviewed access security over the company?s various computer
applications. The auditor found that security consisted of access controls
programmed into each application. Thebestÿrecommendation for
management in the situation is:
Consider the use of utility software.
Expand the use of the built-in access controls to new applications.
Eliminate the built-in access controls.
Consider the use of access control software.
Consider the use of access control software.
171
The auditor used the reporting capabilities of the 4GL to analyze the data files
for unusual activity, such as excessive overtime hours, unusual fluctuations in
pay rates, or excessive vacation time. The application controls being verified
by this analysis are:
Edit and validation controls.
Controls over update access to the database.
Rejected and suspense item controls.
Programmed balancing controls.
Edit and validation controls.
172
Which of the following audit techniques would beÿmostÿpersuasive in
determining that significant inventory values on the books of a company being
acquired are correctly stated?
Conduct a physical inventory and bring in an independent expert if necessary
to value inventory items.Flowchart the inventory and warehousing cycle and
form an opinion based on the quality of internal controls.
Obtain a management representation letter stating
that inventory values are correctly stated.
Interview purchasing and materials control personnel to ascertain the quality
of internal controls over inventory.
Conduct a physical inventory and bring in an independent expert if necessary

to value inventory items.
173
An internal auditor is examining a production facility shortly after the close of
the fiscal year. Each question consists of a specific audit procedure and a
choice of four different audit findings. Which of the errors or questionable
practices isÿmost likelyÿto be detected by the audit procedure specified? On
randomly selected dates during the month after fiscal year-end, all unrecorded
expenditure invoices are examined.
Sales are overstated for the current month.
Accounts payable are overstated at fiscal year-end (one month previous).
Accounts payable are understated at fiscal year-end (one month previous).
Expenses are overstated for the fiscal year just ended.
Accounts payable are understated at fiscal year-end (one month previous).
174
After completing an investigation, internal auditing has concluded that an
employee has stolen a significant amount of cash receipts. A draft of the
proposed report on this finding should be submitted for review to:
The president of the organization.
The organization?s outside auditors.
Legal counsel.
Legal counsel.
175
An auditor notes year-to-year increases of over $200,000 for small tool
expense at a manufacturing facility that has produced the same amount of
identical product for the last three years. Production inventory is kept in a
controlled staging area adjacent to the receiving dock, but the supply of small
tools is kept in an unsupervised area near the exit to the plant employees?
parking lot. After determining that all of the following alternatives are equal in
cost and are also feasible for local management, the auditor
wouldÿbestaddress the security issue by recommending that plant
management:
Move the small tools inventory to the custody of the production inventory-
staging superintendent, and implement the use of a special requisition to
issue small tools.
Initiate a full physical inventory of small tools on a monthly basis.
Close the exit to the employee parking lot, and require all plant employees to
use a doorway by the receiving dock that also provides access to the plant
employees? parking area.
Place supply of small tools in a secured area, install a key-access card
system for all employees, and record each key-access transaction on a report
for the production superintendent.
Move the small tools inventory to the custody of the production inventory-
staging superintendent, and implement the use of a special requisition to
issue small tools.
176
According to the IIA Standards concerning due professional care, an internal
auditor should:
Select procedures that are likely to provide absolute assurance those
irregularities do not exist.
Consider the relative materiality or significance of matters to which audit
procedures are applied.
Emphasize the potential benefits of an audit without regard to the cost.
Consider whether established operating standards are being met and not
whether those standards are acceptable.
Consider the relative materiality or significance of matters to which audit

procedures are applied.
177
Which of the following controls wouldmostÿlikely minimize defects in finished
goods due to poor-quality raw materials?
Timely follow-up on unfavorable usage variances.
Proper handling of work-in-process inventory to prevent damage.
Implementation of specifications for purchases.
Determination of spoilage at the end of the manufacturing process.
Implementation of specifications for purchases.
178
In a microcomputer environment, significant restrictions on the nature and
timing of audit procedures are most often caused by:
Failure to specify backup and recovery procedures.
Accessibility of hardware.
Lack of adequate password protection.
Limitations on the audit trail.
Limitations on the audit trail.
179
Which of the following actions impairs the information technology auditor?s
independence during computer system development work?
The auditor designs controls.
The auditor tests controls.
The auditor designs an integrated test facility.
The auditor advises on controls.
The auditor designs controls.
180
The internal auditing department has concluded a fraud investigation that
revealed a previously undiscovered materially adverse impact on the financial
position and results of operations for two years on which financial statements
have already been issued. The director of internal auditing should immediately
inform:
Appropriate management and the audit committee of the board of directors.
The internal accounting function ultimately responsible for making corrective
journal entries.
The appropriate governmental or regulatory agency.
The external audit firm responsible for the financial statements affected by the
discovery.
Appropriate management and the audit committee of the board of directors.
181
In response to a confirmation of the June 30 accounts receivable balances, a
customer reported that the balance confirmed had been paid by a check dated
and mailed June 20. The auditor reviewed the postings of cash receipts in
July and found the payment had been recorded on July 13. Given this
information, the next audit action should be to:
Require an adjusting entry to the payment to June.
Trace the billing invoice to the related shipping documents and inventory
records, comparing dates shipped to billed to determine proper period.
Request a bank cutoff statement for July and reconcile the June deposits in
transit and outstanding checks by examining supporting documentation.
Compare deposit slips to posting records.
Compare deposit slips to posting records.
182
One objective of a planned audit is to assess the effectiveness of internal
controls that safeguard inventories. What type of auditing wouldÿbestachieve
that objective?
Compliance.
Financial.
Operational.
Program results.
Operational.
183
A university finds it impractical to have a centralized receiving function for
department purchases of books, supplies, and equipment. Which of the
following controls would most effectively prevent payment for goods not
received, if performed prior to invoice payment?
Vendor invoices should be matched with department purchase orders.
The vice president of finance should approve invoices over a specified
amount.
A departmental supervisor other than the employee ordering the goods should
approve vendor invoices.
Names and addresses on vendor invoices should be compared to a list of
department-authorized vendors.
A departmental supervisor other than the employee ordering the goods should
approve vendor invoices.
184
sales office is processing the event.
The matrix described in (3) is primarily intended to provide:
Access control to computer hardware.
Data integrity control.
185
manager.
It is often recognized that one control procedure by itself is not sufficient to
achieve a particular control objective. One control objective is to ensure that
purchase orders are made only by authorized purchasing agents, to
authorized vendors, for authorized goods. Which of the following combination
of control procedures would be necessary to accomplish this objective?
I.Require passwords for each agent, and change the passwords periodically
to make them difficult to guess.
II.Require that someone independent of the purchasing function enter
authorized products into the product database.
III.Require that purchase agent functions be periodically rotated among
purchasing agents.
IV.Require that someone independent of the purchasing function maintain the
authorized vendor database.
I only.
I, II, III, and IV.
I, II, and III.
I, II, and IV.
I, II, and IV.

186
The auditor of a bank is examining the bank?s loan portfolio to determine
whether it is in accordance with applicable governmental regulations that:
'+Limit the amount of loans that can be made to the ten largest customers (as
a percentage of total bank loans).
+Restrict the amount of loans that can be made in certain industries.
+Require additional documentation for all loans over $100,000.
The auditor wants to determine whether (1) there are any violations of the
applicable regulations and (2) the system and its control procedures are
adequate to prevent violations of the applicable regulations.
Which of the following audit procedures ought to be included as part of the
audit program to address the specific audit concerns identified above?
I.Send confirmations to the ten largest customers to determine the collectibility
of the account balances.
II.Select a random sample of all loans over $100,000 and examine supporting
documentation to determine if the documentation is in compliance with the
applicable regulations.
III.Use audit software to prepare an aging of the loans receivable to determine
if a proper allowance for uncollectible accounts has been recorded.
IV.I, II, and III.
II only.
187
The auditor of a bank is examining the bank?s loan portfolio to determine
whether it is in accordance with applicable governmental regulations that:
'+Limit the amount of loans that can be made to the ten largest customers (as
a percentage of total bank loans).
+Restrict the amount of loans that can be made in certain industries.
+Require additional documentation for all loans over $100,000.
The auditor wants to determine whether (1) there are any violations of the
applicable regulations and (2) the system and its control procedures are
adequate to prevent violations of the applicable regulations.
During the audit, the auditor?s preliminary evidence indicates that the first
concern (loans to the ten largest customers) is not violated. However, upon
further investigation of related parties and interlocking organizations, the
auditor concludes that although there is not a technical violation, there is
some likelihood that the bank may be in violation of the regulation because of
loans to a number of related entities that in total exceed the legal limits. The
auditor should:
Informally notify management of the finding, but omit any mention of the
problem in the formal audit report because the evidence is not persuasive.
Report the findings to the regulatory agency and obtain its opinion on whether
there is a violation. Include the agency?s opinion in the final audit report.
Immediately issue an informal report to the audit committee because the
findings reflect adversely on management.
Report the findings immediately to management and suggest that legal
counsel review the regulations and the audit evidence gathered to date to
determine if a violation has taken place.
Report the findings immediately to management and suggest that legal

counsel review the regulations and the audit evidence gathered to date to
determine if a violation has taken place.
188
The auditor wants to obtain assurance that the EFT payments have not been
made twice. Computer-assisted audit tools and techniques could be used to
perform which of the following procedures?
I.Identification of EFT transactions to the same vendor for the same dollar
amount.
II.Extraction of EFT transactions with unauthorized vendor codes.
III.Testing of EFT transactions for reasonableness.
IV.Searching for EFT transactions with duplicate purchase order numbers.
I, II, III, and IV.
I and IV only.
I and III only.
I, III, and IV only.
I and IV only.
189
Inventory levels for a packing facility are controlled by the use of just-in-time
(JIT) techniques. If the auditor?s objective is to evaluate ordering and stocking
standards, which of the following procedures would be relevant?
I.Using audit software to compute the number of shipping crates used per day
II.Reviewing shipping records for product quantity and dates
III.Comparing actual stocking levels to industry averages
IV.Reviewing sales records for defective returns
II and III.
I and II.
III only.
I and IV.
I and II.
190
environmental laws.
An advantage of conducting environmental audits under the direction of the
internal auditing department would be that:
Internal audit work products are confidential.
Independence and authority are already in place.
Technical expertise is more readily available.
The financial aspects are deemphasized.
Independence and authority are already in place.
191
previous years.
Assume that the contract also states that the contractor must comply with all
applicable environmental regulations because the government is responsible
for fines for such regulations. The governmental auditor finds that the
environmental protection agency has recently performed an environmental
audit of the contractor and found numerous but minor deviations from current
environmental law. However, there was one major item: The company was
not meeting the standard for emissions into the atmosphere. The auditor
contacts the environmental regulators and finds the company has acted
responsibly. It has fixed all the minor findings and has approved a large
capital expenditure to reduce the emission of toxic wastes into the air. Which
of the following statements regarding these findings is (are) correct?
I.Materiality of the findings should be based on the potential amount of fines
that could be imposed, not on the fact that most of the deviations were minor
in nature.
II.The auditor should report the problem with toxic emissions but should not
report the other items because they were of a minor nature.
III.Because the report will have a significant effect on the government, the
auditor should report the toxic waste emissions only if the nature and type can
be substantiated.
I only.
I and III only.
II only.
I, II, and III.
I only.
192
The transportation department for a large manufacturing company maintains
its vehicle inventory and maintenance records in a database on a stand-alone
microcomputer in the fleet supervisor?s office. Which audit approach
isÿmostappropriate for evaluating the accuracy of the database information?
Simulate normal processing by using test programs.
Verify a sample of the records extracted from the database with supporting
documentation.
Submit batches of test transactions through the current system and verify with
expected results.
Use program tracing to show how, and in what sequence, program
instructions are processed in the system.
Verify a sample of the records extracted from the database with supporting
documentation.
193
organizations.
Management has asked the auditor to recommend monitoring controls that
management could establish to provide timely oversight of the information
systems contract. Which of the following would be theÿleastÿeffective
monitoring control?
Use internal auditors to investigate the appropriateness of costs as part of a
yearly audit of the outsourcer.
Require monthly internal reports summarizing overhead rates used in billings.
Randomly investigate selected cost accounts throughout the year to
determine that all the expenses are properly charged to the governmental
unit.
Require monthly reports by the outsourcer of total costs billed and services
rendered.
Use internal auditors to investigate the appropriateness of costs as part of a

yearly audit of the outsourcer.
194
An internal auditor downloads the invoices, payments, and payables for goods
received for the prior month to an audit workstation. Theÿbestÿapproach for
verifying the completeness of the data is for the auditor to use audit software
on the workstation to:
Match invoices to payables; match payables to invoices.
Match invoices to payments and payables; match payments and payables to
invoices.
Match invoices to payments; match payments to invoices.
Match invoices to payments; match payments and payables to invoices.
Match invoices to payments and payables; match payments and payables to

invoices.
195
Management canÿbestÿstrengthen internal control over the custody of
inventory stored in an off-site warehouse by implementing:
Regular reconciliation of physical inventories to accounting records.
Regular confirmation of the amount on hand with the custodian of the
warehouse.
Reconciliations of transfer slips to/from the warehouse with inventory records.
Increases in insurance coverage.
Regular reconciliation of physical inventories to accounting records.
196
Which of the following ensures that all inventory shipments are billed to
customers?
Duties for recording sales transactions and maintaining customer account
balances are separated.
Customer billing complaints are investigated by the controller?s office.
Shipping documents are prenumbered and are independently accounted for
and matched to sales invoices.
Sales invoices are prenumbered and are independently accounted for and
traced to the sales journal.
Shipping documents are prenumbered and are independently accounted for

and matched to sales invoices.
197
environmental laws.
In many countries, the company generating hazardous waste is responsible
for the waste from cradle to grave (creation to destruction). A potential risk to
the company is the use of an outside vendor to process hazardous waste.
Which of the following steps should be performed during a review of the waste
vendor?
I.Review the vendor?s documentation on hazardous material.
II.Review the financial solvency of the vendor.
III.Review the vendor?s emergency response planning.
IV.I, II, and III
IV.
198
organization has been in operation over 15 years and has a small internal
Auditors must always be alert for the possibility of fraud. Assume the controls
over each risk listed below are marginal. Which of the following possible
frauds or misuses of organization assets should be considered the area
ofgreatestÿrisk?
Purchases of supplies are made from fictitious vendors.
The president is using company travel and entertainment funds for activities
that might be considered questionable.
The payroll clerk has added ghost employees.
Grants are made to organizations that might be associated with the president
or are not for purposes dictated in the organization?s charter.
Grants are made to organizations that might be associated with the president
or are not for purposes dictated in the organization?s charter.
199
The internal auditors of a financial institution are auditing the institution?s
investing and lending activities. During the last year, the institution has
adopted new policies and procedures for monitoring investments and the loan
portfolio. The auditors know that the organization has invested in new types of
financial instruments during the year and is heavily involved in the use of
financial derivatives to appropriately hedge risks. If the auditors were to
perform a preliminary review, which of the following procedures should be
performed?
I.Review reports of audits performed by regulatory and outside auditors since
the last internal audit.
II.Interview management to identify changes made in policies regarding
investments or loans.
III.Review minutes of the board of directors? meetings to identify changes in
policies affecting investments and loans.
IV.I, II, and III.
IV.
200
store operations.
During the first meeting, a disagreement occurs over the approach taken
regarding store compliance. The audit director for Company B questions
Company A?s extensive use of store compliance testing, stating that the
approach is neither responsive to materiality concepts nor an appropriate
application of risk assessment. Company A?s audit director presents the
following reasoning:
I.You have misconstrued materiality. Materiality is not based only on the size
of individual stores; it is also based on the control structure that affects the
whole organization.
II.Any deviation from a prescribed control procedure is, by definition, material.
III.The only way to ensure that a material amount of the company?s control
structure is covered is to comprehensively audit all stores.
Which of the statements by the audit director of Company A is (are) valid?
I only.
201
An organization sells products via catalog and takes orders over the phone.
All orders are entered online, and the organization?s objective is to ship all
orders within 24 hours. The audit trail is kept in machine-readable form. The
only papers generated are the packing slip and the invoice sent to the
customer. Revenue is recorded upon shipment of the goods. The organization
maintains a detailed customer database that allows the customer to return
goods for credit at any time.
Which of the following control procedures would beÿleastÿeffective in ensuring
that the correct product is shipped and billed at the appropriate price?
The product database is tightly restricted, and only the director of marketing
(and limited personnel in the marketing department) can approve changes to
the price file.
The customer service representative prepares batch totals of the number of
items ordered and the total dollar amount of the orders.
Self-checking digits are used on all product numbers, and customers must
order from a catalog with product numbers.
The customer service representative verbally verifies both the product
description and price with the customer before the order is closed for
processing.
The customer service representative prepares batch totals of the number of

items ordered and the total dollar amount of the orders.
202
The internal auditing department of a large independent department store
chain is auditing the purchasing system. One auditor has been assigned the
task of determining if major office equipment is being acquired at the best
price. The auditor should determine whether:
Purchase requisitions from user departments are prerequisites to the
purchase of equipment.
Competitive bids are obtained from approved vendors.
Acquisitions of the most recent year were approved in the fixed asset budget
for the same period.
Purchase order forms are prenumbered and controlled.
Competitive bids are obtained from approved vendors.
203
A manufacturing company buys many different types and dimensions of steel
for use in production. An internal auditor would most likely use a computer
simulation to evaluate the company?s steel-purchasing function with respect
to:
Effect of alternative purchasing policies on investment in inventory and stock-
out costs.
Quality of the computer program used to determine economic order quantities.
Technical specifications adopted for steel purchases.
Economy with which the warehousing function is carried out.
Effect of alternative purchasing policies on investment in inventory and stock-

out costs.
204
A production manager for a moderate-size manufacturing company began
ordering excessive raw materials and had them delivered to a wholesale
company that the manager was running as a side business. The manager
falsified receiving documents and approved the invoices for payment. Which
of the following audit procedures wouldÿmostÿlikely detect this fraud?
Observe the receiving dock and count materials received; compare the counts
to receiving reports completed by receiving personnel.
Take a sample of cash disbursements; compare purchase orders, receiving
reports, invoices, and check copies.
Take a sample of cash disbursements and confirm the amount purchased,
purchase price, and date of shipment with the vendors.
Perform analytical tests, comparing production, materials purchased, and raw
materials inventory levels; investigate differences.
Perform analytical tests, comparing production, materials purchased, and raw

materials inventory levels; investigate differences.
205
Spreadsheet software would be most appropriate for which of the following
audit activities?
Uploading data from a microcomputer to a mainframe computer.
Preparing depreciation schedules for fixed assets.
Preparing overhead projector slides for an audit presentation.
Preparing a narrative report summarizing the results of an audit.
Preparing depreciation schedules for fixed assets.
206
Which of the following is not a benefit of using information technology in
solving audit problems?
It improves the timeliness of the audit.
It helps reduce audit risk.
It increases audit opportunities.
207
Cash receipts should be deposited on the day of receipt or the following
business day. Select themostÿappropriate audit procedure to determine that
cash is promptly deposited.
Compare the daily cash receipts totals to the bank deposits.
Review cash register tapes prepared for each sale.
Review the functions of cash receiving and disbursing for proper separation of
duties.
Review the functions of cash handling and maintaining accounting records for
proper separation of duties.
Compare the daily cash receipts totals to the bank deposits.
208
A primary audit concern of a multinational corporation?s foreign branch
money transfer operations located at international headquarters is:
Evaluating the exchange rate in effect when foreign fixed assets were
purchased.
Monitoring the security of foreign property, plant, and equipment.
Ensuring compliance with foreign government money transfer regulations.
Reconciling the foreign branch?s petty cash accounts.
Ensuring compliance with foreign government money transfer regulations.
209
Senior management has requested a compliance audit of the company?s
employee benefits package. Which of the following audit objectives would be
considered theÿprimaryÿobjective by both internal audit and senior
management?
Individual programs are operating in accordance with corporate policy and
government regulations.
Benefit payments, where appropriate, are accurate and timely.
Participation levels support continuation of individual programs.
The level of company contributions is adequate to meet the program?s
demands.
Individual programs are operating in accordance with corporate policy and
government regulations.
210
Because the VAN did not provide the auditor with access to its system, that
portion of the audit program was not completed. Which one of the following
should the auditorÿnotÿdo?
Obtain the approval of the internal audit director.
Rewrite the audit program to eliminate the step.
Document the VAN?s actions in the work papers.
Include the scope limitation in the final report.
Rewrite the audit program to eliminate the step.
211
The internal auditors of a financial institution are auditing the institution?s
investing and lending activities. During the last year, the institution has
adopted new policies and procedures for monitoring investments and the loan
portfolio. The auditors know that the organization has invested in new types of
financial instruments during the year and is heavily involved in the use of
financial derivatives to appropriately hedge risks.
The auditors are evaluating the adequacy of the new policies and procedures
in maintaining an appropriate risk profile. Which of the following audit
procedures would beÿleastÿrelevant to the accomplishment of the audit
objective?
Meet with operational management to determine its interpretation of those
procedures that are not clear.
Meet with top management or a board member, if necessary, to clarify policy
issues.
Review recent regulatory pronouncements to determine if the new procedures
are consistent with regulatory requirements.
Test a sample of investments for compliance with the new procedures.
Test a sample of investments for compliance with the new procedures.
212
A utility company with a large investment in repair vehicles would most likely
implement which internal control to reduce the risk of vehicle theft or loss?
Physically inventory vehicles and reconcile the results with the accounting
records.
Maintain vehicles in a secured location with release and return subject to
approval by a custodian.
Review insurance coverage for adequacy.
Systematically account for all repair work orders.
Maintain vehicles in a secured location with release and return subject to

approval by a custodian.
213
A retailer of high-priced durable goods operates a catalog-ordering division
that accepts customer orders by telephone. The retailer runs frequent price
promotions. During these times, the telephone operators enter the
promotional prices. The risk of this practice is that:
Customers systematically could be charged lower prices.
Frequent price changes could overload the order entry system.
Operators could collude with outsiders for unauthorized prices.
Operators could give competitors notice of the promotional prices.
Operators could collude with outsiders for unauthorized prices.

214
In an effort to remain competitive, the sales department was authorized to
reduce prices and streamline operations. By allowing individual sales
personnel to approve credit and determine product availability and delivery,
sales were increased. After these changes, write-offs of receivables
increased. An appropriate corrective action is:
An independent review and approval of credit.
An increase in profit margins.
The centralization of management control.
An independent determination of product availability.
An independent review and approval of credit.
215
A new computer operator erroneously submitted duplicate sets of requests for
checks to pay vendors for specific invoices. As a result, two copies of all the
checks were produced. The best control to prevent this error is:
Batch sequence check of invoices.
Manual agreement of a batch check register with computed check totals.
Computer agreement of batch totals of check requests and checks produced.
Cancellation of paid invoices.
Cancellation of paid invoices.
216
The results of an audit of cash indicate that the bookkeeper signs expense
checks and reconciles the checking account. The cash account was properly
reconciled and no cash shortages were detected. Select the appropriate
overall audit opinion.
Based on the audit results, it is our opinion that the system of internal control
over cash is inadequate.
In our opinion, the system of internal control over cash is adequate.
In our opinion, the physical cash-handling procedures are adequate.
The results of the audit indicate bank statement reconciliations have been
properly completed.
Based on the audit results, it is our opinion that the system of internal control
over cash is inadequate.
217
A local government agency received a national government grant that
provided funds for assisting families with low incomes. The agency is required
to make an investigation of the family?s financial condition. The amount of
assistance relates to the size of the family, income being received by family
members, and the ages and school attendance of family children. The
agency?s internal auditors plan to perform a compliance audit of the agency?s
operation in disbursing the grant funds. Theÿmostappropriate scope of the
audit would be to determine:
If the agency is investigating the eligibility of beneficiaries and the propriety of
fund disbursement.
The accuracy of the disbursement reports furnished to the national
government.
The degree of efficiency the agency is achieving in the disbursement of
national funds.
The adequacy of the funds to relieve the family?s financial problem.
If the agency is investigating the eligibility of beneficiaries and the propriety of

fund disbursement.
218
In auditing a cost-plus construction contract for a new catalog showroom, the
internal auditor should be cognizant of the risk that:
Income taxes related to construction equipment depreciation may have been
calculated erroneously.
Contractor cash budgets could have been inappropriately compiled.
The contractor could be charging for the use of equipment not utilized in the
construction.
Payroll taxes may have been inappropriately omitted from billings.
The contractor could be charging for the use of equipment not utilized in the
construction.
219
company?s use of new financial instruments referred to as derivatives.ÿThe
auditor is reviewing the company?s policy regarding investing in financial
derivatives. The auditor would normally expect to find all of the following in the
policyÿexcept:
A statement requiring board review of each transaction because of the risk
involved in such transactions.
A statement indicating whether derivatives are to be used for hedging or
speculative purposes.
A specific limit on the amount authorized for any single trader.
A specific authorization limit for the amount and types of derivatives that can
be used by the organization.
A statement requiring board review of each transaction because of the risk

involved in such transactions.
220
When there is a difference of opinion between the auditor and auditees during
new system development audit work, what should the auditor doÿfirst?
Complain to audit management.
Convince the auditees.
Discuss it with user management.
Talk to senior management.
Convince the auditees.
221
There is generally no incentive for efficiency or economy in a cost-plus
construction contract for small, unique projects. There is a potential for inflated
costs. An appropriate control to encourage efficiency and economy in these
contracts is:
Use of an agreed-on price for each unit of work.
Provision for maximum costs and sharing any savings.
A checklist approach to the audit of contract costs.
Elimination of change orders to the contract.
Provision for maximum costs and sharing any savings.
222
Which of the following control procedures would be theÿleastÿeffective in
preventing a fraud conducted by sending purchase orders to bogus vendors?
Require that only approved vendors be paid for purchases, based on actual
production.
Require that total purchases for a month not exceed the total budgeted
purchases for that month.
Require contracts with all major vendors from whom production components
are purchased.
Require that all purchases be made from an authorized vendor list maintained
independently of the individual placing the purchase order.
Require that total purchases for a month not exceed the total budgeted
purchases for that month.
223
Which of the following situations would cause an internal auditor to question
the adequacy of internal controls in a purchasing function?
Unpaid voucher files and perpetual inventory records are independently
maintained.
Receiving reports are forwarded to purchasing where they are matched to
purchase orders and sent to accounts payable.
The original and one copy of the purchase order are mailed to the vendor. The
copy on which the vendor acknowledges acceptance is returned to the
purchasing department.
The accounts payable section prepares documentation for payments.
Receiving reports are forwarded to purchasing where they are matched to
purchase orders and sent to accounts payable.
224
Which of the following statements is an audit objective?
Analyze the pattern of any cash shortages.
Recompute each month?s bank reconciliation.
Observe the deposit of the day?s cash receipts.
Evaluate whether cash receipts are adequately safeguarded.
Evaluate whether cash receipts are adequately safeguarded.
225
Which of the following would an internal auditor review to evaluate the
recovery capabilities of a database management system?
Integrity checking procedures.
Data journaling procedures.
Edit and validation rules.
Data ownership and accountability policies.
Data journaling procedures.
226
An electric utility company records capital and maintenance expenditures
through the use of a computerized project tracking system. Labor, material,
and overhead are charged to the applicable project number. Monthly reports
are produced that detail individual charges to each project, and expenditure
totals are provided for the current month, fiscal year, and project life to date.
Monthly project reports compare actual costs to original budget estimates and
compute variances. Project variations greater than 10% of budget require
subsequent explanation and approval by the supervisor. Which of the
following audit test(s) would the internal auditor use to determine whether the
required procedure is being followed?
I.Select a sample of overbudget explanations and test for subsequent
approvals.
II.Trace overbudget explanations to supporting monthly project reports.
III.Use audit software to recompute monthly project report variances and
totals.
IV.Compare a sample of project variances to documented approvals and
explanations.
I and II only.
IV only.
I, II, and III.
III and IV.
IV only.
227
A controller became aware that a competitor appeared to have access to the
company?s pricing information. The internal auditor determined that the leak
of information was occurring during the electronic transmission of data from
branch offices to the head office. Which of the following controls would
beÿmostÿeffective in preventing the leak of information?
Asynchronous transmission.
Encryption.
Use of passwords.
Use of fiber-optic transmission lines.
Encryption.
228
One operating department of a company does not have adequate procedures
for inspecting and verifying the quantities of goods received. To evaluate the
materiality of this control deficiency, the auditor should review the
department?s:
Year-end total assets.
Annual operating expenses.
Annual inventory purchases.
Year-end inventory balance.
Annual inventory purchases.
229
Theÿfirstÿstep in information technology compliance audit testing is to review
which of the following?
Processing controls.
Output controls.
Input controls.
Access security controls.
Access security controls.
230
Which of the following audit procedures would provide theÿleastÿrelevant
evidence in determining that payroll payments were made to bona fide
employees?
Examine canceled checks for proper endorsement and compare to personnel
records.
Reconcile time cards in use to employees on the job.
Test for segregation of the authorization for payment from the hire/fire
authorization.
Test the payroll account bank reconciliation by tracing outstanding checks to
the payroll register.
Test the payroll account bank reconciliation by tracing outstanding checks to

the payroll register.
231
An internal auditor is auditing the financial operations of an organization.
Which of the following isÿnotspecified by the IIAÿStandardsÿfor inclusion in
the scope of the audit?
Reviewing the reliability and integrity of financial information.
Reviewing the financial decision-making process.
Reviewing systems established to ensure compliance with appropriate policy,
plans, procedures, and other types of authority.
Appraising economy, efficiency, and effectiveness of the employment of
resources.
Reviewing the financial decision-making process.
232
Which one of the following input controls or edit checks would catch certain
types of errors within the payment amount field of a transaction?
Limit check.
Record count.
Check digit.
Echo check.
Limit check.
233
store operations.
Company A?s audit director, who is also a CIA, faces an ethical dilemma. For
an audit in process, persuasive evidence indicates that a top manager has
been involved in insider trading. The extent and type of trading is such that the
trading would be considered fraudulent. However, the findings were
encountered as a side issue of another audit and are not considered relevant
to the compatibility of the computer systems. Regarding this finding, which of
the following is the audit director?sÿmostappropriate action?
Discontinue audit work associated with the insider trading since it is not an
integral part of the existing audit and the audit committee has established
higher-priority work for the auditors.
Discontinue audit work associated with the insider trading and report the
preliminary findings to the company?s external legal counsel for investigation.
Report the legal counsel findings to management.
an investigation.
Continue work on the insider trading sufficient to conclusively establish
whether fraudulent activity has taken place, then report the findings to the
chairperson of the audit committee. Report the matter to government officials
if appropriate action is not taken.
an investigation.
234
Which of the following controls would help prevent overpaying a vendor?
Approving the purchase before ordering from the vendor.
Reviewing the accounting distribution for the expenditure.
Requiring the check signer to mail the check directly to the vendor.
Reviewing and canceling supporting documents when a check is issued.
Reviewing and canceling supporting documents when a check is issued.
235
A company has equipped its staff with personal computers. Several
employees also have compatible machines at home and belong to shareware
networks and electronic bulletin board systems. They pass along software
obtained through these external sources to coworkers at the office. Given this
information, an information technology auditor should conclude that:
A cost/benefit analysis should be done on the use of externally obtained
software.
Management has failed to set quality standards.
An exposure exists requiring management attention.
Quantitative performance standards are unrealistic.
An exposure exists requiring management attention.
236
The director of internal auditing is concerned that a recently disclosed fraud
was not uncovered during the last audit of cash operations. A review of the
work papers indicated that the fraudulent transaction was not included in a
properly designed statistical sample of transactions tested. Which of the
following applies to this situation?
Extraordinary care is necessary in the performance of a cash operations audit,
and the auditor should be held responsible for the oversight.
The internal auditor acted with due professional care since an appropriate
statistical sample of material transactions was tested.
Because cash operation is a high-risk area, 100% testing of transactions
should have been performed.
Fraud should not have gone undetected in a recently audited area.
The internal auditor acted with due professional care since an appropriate
statistical sample of material transactions was tested.
237
A manufacturing firm uses large quantities of small inexpensive items, such as
nuts, bolts, washers, and gloves, in the production process. As these goods
are purchased, they are recorded in inventory in bulk amounts. Bins are
located on the shop floor to provide timely access to these items. When
necessary, the bins are refilled from inventory, and the cost of the items is
charged to a consumable supplies account, which is part of shop overhead.
Which of the following would be an appropriate improvement to controls in this
environment?
Relocate bins to the inventory warehouse.
Require management review of reports on the cost of consumable items used
in relation to budget.
None of the above controls is needed for items of minor cost and size.
Lock the bins during normal working hours.
Require management review of reports on the cost of consumable items used

in relation to budget.
238
Management of the department allowed the outside consultants to test and
install new releases of the application software without documenting the
changes. Which of the following risks would beÿmostclosely associated with
this practice?
The users may not be aware that changes have been made.
The reliability of the information processed may be reduced.
An appropriate level of management may not properly authorize initiation of
changes.
The changes may be made to the application without proper testing.
The users may not be aware that changes have been made.
239
When testing the year-end balance for trade accounts payable, the use of an
audit software package to identify unauthorized vendors in a vendor database
is most useful in developing tests to determine:
Accuracy of the receiving cutoff used.
Valuation of recorded transactions.
Existence of valid recorded liabilities.
Ownership of the recorded payables.
Existence of valid recorded liabilities.
240
A catalog company has been experiencing an increasing incidence of
problems where the wrong products have been shipped to the customer. Most
of the customer orders come in over the telephone, and an operator enters
the data into the order system immediately. Which of the following control
procedures, if properly implemented, would address the problem?
I.Have the computer automatically assign a sequential order number to each
customer order.
II.Implement a self-checking digit algorithm for each product number and
request entries by product number.
III.Request entries by product number, have the computer program identify
the product and price, and require the operator to orally verify the product
description with the customer.
I and II.
II and III.
I, II, and III.
II only.
II and III.
241
An audit had been scheduled to address unusual inventory shortages
revealed in the annual physical inventory process at a large consumer goods
warehouse operation. A cycle count program had been installed in the
storeroom at the beginning of the year in place of the disruptive process of
counting one entire product line at the end of each month. The cycle count
program appeared effective based on the fact that only nine minor
adjustments had been made for the entire year on the several thousand
different products located in the storeroom. The storeroom supervisor
explained that each of the 15 stockroom personnel selected one item each
day for cycle count based on how efficiently the item could be counted. The
opportunity for control-related problems including fraud has been increased in
the stockroom because:
A cycle count program has been installed in place of a less efficient program.
Stockroom personnel record cycle count information.
Stockroom personnel select items for cycle count.
Only nine minor adjustments have been recorded as a result of the cycle
count process.
Stockroom personnel select items for cycle count.
242
previous years. The auditor calculates a statistical estimate of expenditures by
the contractor to determine whether they are in compliance with the contract.
The audit working papers document the following evidence, which the auditor
is considering for the audit report:
+Total expenditures per the contractor books: $12.3 million
+Total number of items in population: 1,500
+Sample size: 100
+Number of items not in compliance: 5
+Dollar value of items sampled: $700,000
+Dollar amount of items not in compliance: $53,000
Which of the following communications would be correct?
I.The best estimate is that 5% of the 1,500 items in the population are not in
compliance with the contract.
II.The best estimate is that the incorrect charges to the account equal about
$795,000.
III.The average dollar value of items not in compliance is greater than the
average dollar value of items in the population.
IV.I, II, and III
IV.
243
A role of internal auditing during evaluation of a new system is to:
Document control features for the permanent system documentation file.
Rewrite flawed program code affecting control features.
Determine whether adequate control has been planned and implemented.
Draft control procedures in cases where the development team omitted them.
Determine whether adequate control has been planned and implemented.
244
An organization sells products via catalog and takes orders over the phone.
All orders are entered online, and the organization?s objective is to ship all
orders within 24 hours. The audit trail is kept in machine-readable form. The
only papers generated are the packing slip and the invoice sent to the
customer. Revenue is recorded upon shipment of the goods. The organization
maintains a detailed customer database that allows the customer to return
goods for credit at any time.
The auditor wants to gain assurance that all telephone orders received were
shipped and billed in a timely fashion. Which of the following audit procedures
would beÿmostÿeffective in meeting the auditor?s objective?
Use an integrated test facility (ITF) and submit product orders to the ITF.
Compare the prices invoiced to the prices in the most recent catalog.
Determine that all submitted items were shipped.
Use generalized audit software to randomly select a sample of sales invoices,
and have the software match the items selected to the log of transactions
maintained for all incoming orders.
Take the computer log of incoming orders, and use generalized audit software
to compare order date to invoice and shipping date in the sales invoice file.
Use test data to generate batch control totals. Trace the batch control totals
from the items submitted to the sales invoice file generated for the test data.
Take the computer log of incoming orders, and use generalized audit software
to compare order date to invoice and shipping date in the sales invoice file.
245
A Certified Internal Auditor directs the audit function for a large city and is
planning the audit schedule for the next year. The city has a number of
different funds, some that are restricted in use by government grants and
some that require compliance reports to the government. One of the programs
for which the city has received a grant is job retraining and placement. The
grant specifies certain conditions a participant in the program must meet in
order to be eligible for the funding.
The auditor must determine the applicable laws and regulations. Which of the
following procedures would be theÿleastÿeffective in learning about the
applicable laws and regulations?
Discuss the matter with the audit committee and make inquiries as to the
nature of the requirements and the audit committee?s objectives for the audit.
Make inquiries of the city?s chief financial officer, legal counsel, or grant
administrators.
Review prior-year working papers and inquire of officials as to changes.
Review applicable grant agreements.
Discuss the matter with the audit committee and make inquiries as to the
nature of the requirements and the audit committee?s objectives for the audit.
246
Management is concerned with the potential for unauthorized changes to the
payroll. Which of the following is the proper organizational structure to prevent
such unauthorized changes?
The payroll department being supervised by the management of the human
resources division.
Limiting the payroll department?s functions to maintaining the payroll records,
distributing paychecks, and posting the payroll entries to the general ledger.
The personnel department authorizing the hiring and pay levels of all
employees.
The payroll department maintaining and authorizing all changes to the
personnel records.
The personnel department authorizing the hiring and pay levels of all
employees.
247
You are an internal auditor who has been assigned to an audit of the material
acquisition cycle of a company. To satisfy an audit objective of verifying that
purchase transactions are authorized and are for needed materials, you
should:
Discuss a sample of transactions with the purchasing agent.
Examine a sample of vendor invoices.
Review a sample of purchase orders and their related purchase requisition for
proper approval signatures.
Review signatures on a sample of receiving reports.
Review a sample of purchase orders and their related purchase requisition for
proper approval signatures.
248
either been repaired or shipped back to the original customer or repaired and
The auditor has not yet performed any detailed audit work. Based on the
information given, theÿmostappropriate action for the auditor to take would be
to:
Take an inventory of the goods on hand so the dollar amount could be
included in the audit report along with the explanation of the problem.
Report the items to divisional management and ask for their explanation
before determining whether to include the findings in an audit report.
Take a sample of the items on hand and trace to underlying documents, such
as receiving reports and sales orders, to determine how the goods were
handled.
Write the finding up, but do not perform any additional work without the
approval of the director of internal auditing because it is clearly a scope
expansion.
Take a sample of the items on hand and trace to underlying documents, such
as receiving reports and sales orders, to determine how the goods were
handled.
249
The primary concern in a program results audit is a determination that:
The entity has complied with laws and regulations.
Financial statements are presented in accordance with generally accepted
accounting principles.
Resources are managed economically and efficiently.
Desired benefits are being achieved.
Desired benefits are being achieved.

Flashcards CIA Part 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Flashcards CIA Part 2

Uploaded by

Copyright:

Available Formats

FLASHCARDS IN COMMUNICATE ENGAGEMENT RESULTS DECK (27):

The report was not timely.

Issue an interim report to management regarding the negative findings noted.

An evaluation of the impact of the findings on the activities reviewed.

Travel advances exceeded prescribed maximum amounts.

Travel advances are not controlled in accordance with existing policy.

Evaluate the elements of cost and compare to prior periods.

Provide reports that meet the expectations and perceptions of both

The board of directors.

Sending the summary section of the report.

Schedule a follow-up review.

Using slides/overheads to support a discussion of major points.

Give immediate information to management and more accurately exchange

Include this finding in the current audit report.

The bank statements have not been reconciled each month.

Company advance procedures do not require specific justification.

Communicate information requiring immediate attention.

External auditors and the corporate controller.

Yes, because a related party is involved.

Auditee’s noteworthy accomplishments.

Communicated, preferably in writing, to the board.

Evaluate whether completion of the audit as planned will be adequate.

May fail to detect a significant error or weakness during an examination.

The preparation of a budget identifying the costs of resources needed.

Emergency action is needed.

Documenting shortcomings regularly and reporting them to the director of

An analysis of the financial and operational reports.

2, 10, and 11.

The recommendation is incomplete.

The use of potentially emotional words, such as “conservatism” of local

The chairman of the board of directors.

Send a memorandum report to the executive director and other concerned

Write a report to the marketing management and give summary reports to

Compare the company’s total cost of goods sold, as a percentage of total

Evaluating the effectiveness of the system of internal controls.

Indicate to the auditee that if the resistance continues, the auditing

Be tailored for the audit of each operation.

During the planning stage.

III and IV only.

Supervisory review of all audit work.

Engage an engineering consultant to perform the comparison.

Although scrap is generated, there is no income reported from scrap sales.

An expansion of audit work prior to the preparation of an audit report.

I, II, and III.

Develop a schedule of employee pay and analyze changes in overtime pay.

Write the audit program.

Determining whether underlying assumptions are appropriate.

Scope, conclusion, recommendation.

The condition for the audit finding is not clearly explained.

The preliminary survey phase.

Developing a written audit program.

Ask the divisional controller to identify specific areas of disagreement and

Audit committee of the board of directors.

Take a discovery sample of employee claims that were submitted through

Scope, conclusion, recommendation.

Classical variables estimation of claims submitted by the suspected dentists

A reduction of travel time and related travel expense.

Determine the adequacy of the controls built into the system.

Communication with all affected parties.

A complex or changing operating environment.

Serve as a tool for planning, directing, and controlling audit work.

The information may be needed if a dispute arises.

Should follow up to ascertain that appropriate action is taken on audit

Observe the procedures used to identify defective units produced.