CIGA Institute

Question 1

Elements of a finding

Answer 1

Condition
Criteria
Root Cause
Effect

Question 2

Federal auditing standards:

2011 Yellow Book - auditors should assess:

Answer 2

Internal controls of the entities
Program objectives
Strategic goals
Program objectives

Question 3

Internal controls provide:

Answer 3

Reasonable assurances

Question 4

GAO green book, what three program objectives are requirements for operations?

Answer 4

Operations
Reporting
Compliance

Question 5

What are five high level components?

Answer 5

Controlled environment
Activities 
Risk assessment
Communication
Assessment

Question 6

According to GAO green book, management is depending on the OIG to

Answer 6

Identify risk tolerance

Question 7

GAO greenbook attributes are required and do most of federal compliance?

Answer 7

False

Question 8

Internal control red flags?

Answer 8

Staff is frustrated by request for data b/c time consuming (y)
Agency conducts fraud assessment and does not document assessment (y)
When assessing risk agency does not assess risk tolerances (y)
All of above

Question 9

if agency advised they conducted fraud risk assessment while auditing but failed to document it, you would:

Answer 9

Document the risk assessment

Question 10

According to GAO fraud risk management framework:

Answer 10

Performance audit: y
Inspections and evaluations: y
Financial audit: y

Question 11

Auditor using fraud risk mgt framework, would you use as criteria for

Answer 11

Determine if IG following greenbook: Y
Developing. Agency fraud risk Mgt framework? Y
Developing fraudrisk systems? Y

All of above

Question 12

GAO fraud risk mgt framework, does it involve and include?

Answer 12

Control activities to deter fraud: y
Environmental factors: y
Importance of Monitoring: Y
All of above

Question 13

As an auditor using GAO fraud risk mgt framework, do you think you would be able to identify and assess:

Answer 13

Fraud risk: y
Prevent and detect fraud: y
Perform financial Y
All of above

Question 14

Tell if any of the following scenarios would be considered fraud risk factor:

Answer 14

Loan officer to be paid for each app? Y
Weak controls and limited control that allows Bogus loan approved? Y
Risk factor risk if loan officers feel underpaid? Y
(All part of the fraud triangle)

All of above

Question 15

Allowed to report as monetary accomplishments

Answer 15

Disallowed costs? Y
Question costs? Y
Funds put better use? Y

All of above

Question 16

Doing audit IT controls over hardware storing data should most important control be how fast you can buy a replacement?

Answer 16

No

Question 17

When Assessing general IT controls would you consider these levels?

Answer 17

Operating system level? Y
Application and database level? Y
Network level? Y

All of the above

Question 18

Is physical access control considered

Answer 18

an application control? N
Backup and recovery controls? N
input controls? Y

Question 19

Data integrity means that data entered into an application if valid, consistent, integrity is maintained and ability to modify is controlled? T/f

Answer 19

True

Question 20

Failure of technology is only a risk if it represents a risk to the business? T/f

Answer 20

True

Question 21

You’re assessing IT risk and developing an audit plan. In developing the plan, would you consider any of the following?

Answer 21

Development of audit plan? Y
Assessment of risk? Y
Scone and objectives?

All of above

Question 22

You’re doing an audit of software applications and looking at data of that application. When conducting an audit, will you look at what criteria?

Answer 22

Integrity and data is protected? Y
Accuracy and completeness is accurate? Y
When doing test, as an auditor, you should be able to identify errors in quality ? Y
Auditors should be allowed to alter data? N

Question 23

Your team champion of data analytics - that individual should understand goals/objectives/management of objectives? T/F

Answer 23

True

Question 24

When developing ethical standards, you can look to:

Answer 24

Laws? Y
Religion? Y
All of above

Question 25

When conducting an audit, would you accept a bribe?

Answer 25

No

Question 26

Ethics are:

Answer 26

Set moral principals? Y
Principals of conduct? Y
All of above

Question 27

Do auditors have discretion to report illegal activity to authorities?

Answer 27

No, it is a mandate

Question 28

Auditors are required to

Maintain high ethical standards?
comprehensive set of ethics?

Answer 28

Yes to both, all of above

Question 29

Public officials that disclose ethical conflicts of interest. Will this always eliminate conflict of interest?

Answer 29

No

Question 30

Do AIG statements include detection of:

Answer 30

Fraud waste and abuse? Y
Efficient public use of resources? Y

All of the above

Question 31

An agency that adopts AIG quality of standards must adopt every single standard?

Answer 31

False

Question 32

Most states have 1 or more IG’s?

Answer 32

True

Question 33

All IG’s…

Answer 33

False

Question 34

All IG’s …criminal investigations?

Answer 34

False

Question 35

All federal IG’s are appointment by president of US

Answer 35

False

Question 36

What organization issues the Red Book?

Answer 36

IIA - institute of intenal auditors

Question 37

Has stakeholder expecttions of CAE been changing?

Answer 37

Yes

Question 38

If hiring an external specialist, who should findings be reported to?

Answer 38

The OIG

Question 39

Mandatory guidance from IIA icludes all except:

Answer 39

Mandatory code of ethics: y
Standards for practice? Y
Definition of audit? Y
Guidelines as mandatory? N

Question 40

What is the point of follow up?

Answer 40

Have they done the recommendation and taken corrective action

Question 41

Does assurance service include consulting?

Answer 41

No

Question 42

Surveys of professional practice. Do they survey tend to find that management and board find CAE’s add maximum value?

Answer 42

No

Question 43

when looking at nature and scope of work of specialists

Answer 43

do you document intended use of specialist’s work? Y
Document specialists procedures and findings? Y
Assumptions and methods? Y
All of the above

Question 44

When doing a consulting engagement do you assume responsibility of management?

Answer 44

No but you do maintain objectivity.

Question 45

According to yellow book, if you use specialists, do you

Answer 45

Need to assess qualifications? Y

If audit organization, get their peer review

Question 46

Which require an annual audit plan?

Answer 46

yellow, N
Red, Y
Green, N

Question 47

Red book QAIP does it require internal or external assessments?

Answer 47

Yes

Question 48

Auditing methodology, when designing, do you need reasonable assurance that it is

Answer 48

Appropriate? Y
An audit risk? Y
Includes all types of evidence? N

Question 49

Assessing control risk too low will affect sampling risk?

Answer 49

Yes
Efficiency? No
Effectiveness? Yes

Question 50

Who has basics responsibility for taking corrective action?

Answer 50

Management

Question 51

Code of ethics requires?

Answer 51

Confidentiality and Objectivity

Question 52

Who is responsible for creating an audit plan?

Answer 52

Auditor

Question 53

The role of identical controls is to achieve

Answer 53

Objectives
Safeguard assets
Prevent/detect fraud
Right things happening

Question 54

Red book is compliance code of ethics mandatory?

Answer 54

Yes

Question 55

If trying to decide if to use specialist, who decides if you have enough skills?

Answer 55

The IG or CAE

Question 56

The agency has a code of conduct is that part of control activities?

Answer 56

Control environment? Yes

Question 57

Quality of an audit is determined by quality of

Answer 57

The audit plan

Question 58

According to yellow book, do you have to write down a plan?

Answer 58

Yes

Question 59

Three lines of defense. Internal audit is the the

Answer 59

3rd line of defense

Question 60

Serration of duties is part of

Answer 60

Preventative control activities

Question 61

Detection risk in a financial audit is

Answer 61

The risk that the auditor will not detect material mistakes.

Question 62

Top management philosophy and attitude is part of

Answer 62

Control environment

Question 63

Segregation of duties is part of what contorl?

Answer 63

Internal control

Question 64

What is the primary purpose of having internnal controls?

Answer 64

to prevent fraud, waste and abuse.

Question 65

Is top management’s attituide and philiopshy a control environment?

Answer 65

Yes

Question 66

what is the purpose of a follow up

Answer 66

to see if recommendation has been implemented

Question 67

should auditors document the natiore and scopy of external speicalists? their objectives? Proceures? Testing?

Answer 67

Yes - all of above

Question 68

Who is repsonibile for corrective action

Answer 68

Management

Question 69

Who is repsonsible for deciding if external specialist is needed?

Answer 69

IG

Question 70

What will happen if you assess control risks too low?

Answer 70

you loose effetivness of audit

Question 71

should audit methodology proivded reasonable assurnace and reduce risk of reaching inaccurate condculsion?

Answer 71

yes

Question 72

should methodology inlcude all types of evidence?

Answer 72

no

Question 73

should audit plan be in writing?

Answer 73

yes

Question 74

what is the first step when coducting an annual risk assessment?

Answer 74

identifying the auditable universe

Question 75

which of the books requires a yearly audit plan?

Answer 75

red book

Question 76

4 items in standard working paper

Answer 76

purpose
scope
source
conclusion

Question 77

evidience obtained from internal is more reliablel than external

Answer 77

yes

Question 78

management controls over work papers affects work papers

Answer 78

true

Question 79

evidence reliability refers to the consistency of results when info is measured or tested and includes concept of being verifiable and supported

Answer 79

true

Question 80

evidence is relelvant if it has a logical relationship? evidence is relelvant if it has validity?

Answer 80

true - all of above

Question 81

should you document when audit objectives are achieved? when working papers support findings and conclusion? when working papers show who is assigned?

Answer 81

yes to all

Question 82

can you use evidence to support more than one finding?

Answer 82

yes

Question 83

the term sufficency means

Answer 83

an auditor has to collect enough evidence to support findings

Question 84

should the following be part of working papers? evidence to support findings? tests? proecudrues?

Answer 84

Yes - all of above

Question 85

is evidence obtained by physical examination mroe reliable than inquiry?

Answer 85

yes

Question 86

for financial audits, use of phsyical examination to obtain evidence is for ?

Answer 86

the existence of ..

Question 87

if you increase the margin of error when calcuating sample size you w ill need less

Answer 87

sample

Question 88

what is the magic number

Answer 88

384

Question 89

when to use statistical over non-statistical sampling?

Answer 89

when you want to make an inference

Question 90

4 elements in every finding

Answer 90

criteria
condition
cause
effect

Question 91

the best way to ensure consistency in reportin writing is

Answer 91

to create/use policy and proecedures on report writing

Question 92

characteristics of well written report

Answer 92

pursuasive, complete, concise

all of above

Question 93

should auditor make recommendaitons that ar specific

Answer 93

no, shouldnot make management decisions

Question 94

the assessment of data reliablity and basis for that determination should be in what seciton?

Answer 94

methodology

Question 95

are conclusion more compelling if recommendation logically inferred from finding?

Answer 95

yes

Question 96

the yellow book advises that getting coborating evidence will help with testimonial evidence

Answer 96

true

Question 97

skills and atitues and preparation will result in a quality interview

Answer 97

true

Question 98

an audit interview by iteslf proivdes sufficient evidence

Answer 98

no, should proivde physical docuemnt

Question 99

what is the best characterstic of auditor interviewer?

Answer 99

good listener

Question 100

what is the purpose of an exit conference

Answer 100

to communciate the findings of the audit

Question 101

if you upset auditee in intreview, yous hould

Answer 101

stop and reschedule

Question 102

according to yellow book, should supervisor docuemtn supervisory review of report?

Answer 102

yes

Question 103

yellow book advice on bad employee/auditor?

Answer 103

on the job training

Question 104

when reviewing audit work papers, at minimum, what should be reviewed by supervisor?

Answer 104

the critical work papers