CIGA Institute Flashcards
Elements of a finding
Condition
Criteria
Root Cause
Effect
Federal auditing standards:
2011 Yellow Book - auditors should assess:
Internal controls of the entities
Program objectives
Strategic goals
Program objectives
Internal controls provide:
Reasonable assurances
GAO green book, what three program objectives are requirements for operations?
Operations
Reporting
Compliance
What are five high level components?
Controlled environment Activities Risk assessment Communication Assessment
According to GAO green book, management is depending on the OIG to
Identify risk tolerance
GAO greenbook attributes are required and do most of federal compliance?
False
Internal control red flags?
Staff is frustrated by request for data b/c time consuming (y)
Agency conducts fraud assessment and does not document assessment (y)
When assessing risk agency does not assess risk tolerances (y)
All of above
if agency advised they conducted fraud risk assessment while auditing but failed to document it, you would:
Document the risk assessment
According to GAO fraud risk management framework:
Performance audit: y
Inspections and evaluations: y
Financial audit: y
Auditor using fraud risk mgt framework, would you use as criteria for
Determine if IG following greenbook: Y
Developing. Agency fraud risk Mgt framework? Y
Developing fraudrisk systems? Y
All of above
GAO fraud risk mgt framework, does it involve and include?
Control activities to deter fraud: y
Environmental factors: y
Importance of Monitoring: Y
All of above
As an auditor using GAO fraud risk mgt framework, do you think you would be able to identify and assess:
Fraud risk: y
Prevent and detect fraud: y
Perform financial Y
All of above
Tell if any of the following scenarios would be considered fraud risk factor:
Loan officer to be paid for each app? Y
Weak controls and limited control that allows Bogus loan approved? Y
Risk factor risk if loan officers feel underpaid? Y
(All part of the fraud triangle)
All of above
Allowed to report as monetary accomplishments
Disallowed costs? Y
Question costs? Y
Funds put better use? Y
All of above
Doing audit IT controls over hardware storing data should most important control be how fast you can buy a replacement?
No
When Assessing general IT controls would you consider these levels?
Operating system level? Y
Application and database level? Y
Network level? Y
All of the above
Is physical access control considered
an application control? N
Backup and recovery controls? N
input controls? Y
Data integrity means that data entered into an application if valid, consistent, integrity is maintained and ability to modify is controlled? T/f
True
Failure of technology is only a risk if it represents a risk to the business? T/f
True
You’re assessing IT risk and developing an audit plan. In developing the plan, would you consider any of the following?
Development of audit plan? Y
Assessment of risk? Y
Scone and objectives?
All of above
You’re doing an audit of software applications and looking at data of that application. When conducting an audit, will you look at what criteria?
Integrity and data is protected? Y
Accuracy and completeness is accurate? Y
When doing test, as an auditor, you should be able to identify errors in quality ? Y
Auditors should be allowed to alter data? N
Your team champion of data analytics - that individual should understand goals/objectives/management of objectives? T/F
True
When developing ethical standards, you can look to:
Laws? Y
Religion? Y
All of above
When conducting an audit, would you accept a bribe?
No
Ethics are:
Set moral principals? Y
Principals of conduct? Y
All of above
Do auditors have discretion to report illegal activity to authorities?
No, it is a mandate
Auditors are required to
Maintain high ethical standards?
comprehensive set of ethics?
Yes to both, all of above
Public officials that disclose ethical conflicts of interest. Will this always eliminate conflict of interest?
No
Do AIG statements include detection of:
Fraud waste and abuse? Y
Efficient public use of resources? Y
All of the above
An agency that adopts AIG quality of standards must adopt every single standard?
False
Most states have 1 or more IG’s?
True
All IG’s…
False
All IG’s …criminal investigations?
False
All federal IG’s are appointment by president of US
False
What organization issues the Red Book?
IIA - institute of intenal auditors
Has stakeholder expecttions of CAE been changing?
Yes
If hiring an external specialist, who should findings be reported to?
The OIG
Mandatory guidance from IIA icludes all except:
Mandatory code of ethics: y
Standards for practice? Y
Definition of audit? Y
Guidelines as mandatory? N
What is the point of follow up?
Have they done the recommendation and taken corrective action
Does assurance service include consulting?
No