Operational Role of internal audit 1 Flashcards
1
Q
An internal auditor is preparing procedures to verify the integrity of data in a database application. Theÿbestsource of information for the auditor to determine data field definitions is the: Data definition language. Data subschemas. Data dictionary. Data manipulation language.
A
Data dictionary.
2
Q
Internal auditing departments are often requested to coordinate their work with that of the external auditors. Which of the following activities wouldÿmostlikely be restricted to the external auditor?
Evaluating the system of controls over cash collections and similar transactions
Attesting to the fairness of presentation of cash position
Evaluating the adequacy of the organization?s overall system of internal controls
Reviewing the system established to ensure compliance with policies and procedures that could have a significant impact on operations
A
Attesting to the fairness of presentation of cash position
3
Q
Which of the following controls would be most efficient in reducing common data input errors? Keystroke verification. Balancing and reconciliation. Batch totals. A set of well-designed edit checks.
A
A set of well-designed edit checks.
4
Q
The consultative approach to auditing emphasizes:
Participation with auditees to improve methods.
Imposition of corrective measures.
Fraud investigation.
Implementation of policies and procedures.
A
Participation with auditees to improve methods.
5
Q
Using test data, an auditor has processed both normal and atypical transactions through a computerized payroll system to test calculation of regular and overtime hours. Sufficient competent evidence of controls exists if:
Exceptions are mapped to identify the control logic executed.
Test data results are compared to predetermined expectations.
No other tests are performed.
Test result data are tagged to instigate creation of an audit data file.
A
Test data results are compared to predetermined expectations.
6
Q
An audit of the receiving function at the company?s distribution center revealed inadequate control over receipts. Which of the following controls would be appropriate for the receiving function?
Ensure that the warehouse-receiving department has a purchase order copy with the units described omitting both prices and quantities.
Ensure that the warehouse-receiving department has a true copy of the original purchase order.
Require that all receipts receive the approval of the warehouse manager.
To ensure adequate separation of duties, the warehouse-receiving clerk should work independently from the warehouse manager.
A
Ensure that the warehouse-receiving department has a purchase order copy with the units described omitting both prices and quantities.
7
Q
An organization uses a service bureau to process its hourly payroll transactions. The internal auditor is concerned that the hourly payroll for the year has been processed correctly and, in particular, the computation of employee withholding for pension contributions is in accordance with the union contract, which specifies charges each quarter. Which of the following audit procedures wouldÿbestaccomplish the audit objective?
Select a random sample of all hourly payroll transactions for the reporting period, recompute pay and withholding items, and compare the result with that obtained from the service bureau.
Select a discovery sampling of all payroll transactions for an entire reporting period and then follow up on any findings.
Select a stratified sample of all hourly and salaried payroll transactions for an entire reporting period, perform the necessary activities, and then compare the result with that obtained from the service bureau.
Submit a set of test data to the service bureau during an annual audit and compare the service bureau?s processing with the auditor?s predetermined computations on the same test data.
A
Submit a set of test data to the service bureau during an annual audit and compare the service bureau?s processing with the auditor?s predetermined computations on the same test data.
8
Q
During an audit of environmental protection devices at a hazardous materials research center, the auditor has reviewed the architect?s alarm device specifications, examined invoices for the devices, and interviewed the plant safety officer responsible for installation. The main concern of these procedures is assurance that:
The specified alarm system was purchased and installed.
The alarm system actually works.
The specified alarm system design is adequate.
The alarm system meets statutory requirements.
A
The specified alarm system was purchased and installed.
9
Q
An internal auditor is planning an operational audit of a computer center. Which of the following items would normally be consideredÿmostÿimportant?
Ascertaining the existence of adequate measures of operational results.
Conducting a survey of computer vendors to be used in future purchases.
Computing required amounts of diskettes, paper, and other supplies.
Determining the age and condition of the mainframe computer.
A
Ascertaining the existence of adequate measures of operational results.
10
Q
An audit assistant found a purchase order form for a regular supplier in the amount of $5,500. The purchase order was dated after receipt of the goods. The purchasing agent explained that he had forgotten to issue the purchase order. Also, a disbursement of $450 for materials did not have a receiving report. The assistant wanted to select additional purchase orders for investigation but was unconcerned about the lack of a receiving report. The audit director should:
Disagree with the assistant since all problems directly related to cost have an equal risk of loss associated with them.
Disagree with the assistant since the lack of a receiving report has a greater risk of loss associated with it.
Agree with the assistant since the amount of the purchase order exception was considerably larger than the receiving report exception.
Agree with the assistant since the receiving clerk had assured the cash disbursement clerk that the failure to fill out a report did not happen very often.
A
Disagree with the assistant since the lack of a receiving report has a greater risk of loss associated with it.
11
Q
An auditor is performing an operational audit of a division and observes that an unusually large quantity of goods is on hand in the shipping and materials rework areas. The items are labeled as reship items. Upon inquiry, the auditor is told that they are goods that have been returned by customers and have been either repaired or shipped back to the original customer or repaired and shipped out as new products because they are fully warranted.
Assume that subsequent investigation shows that previously issued financial statements were materially misstated due to the improper recognition of sales. The auditor?s next step should be to:
Inform divisional management as a preliminary finding but wait until a formal audit report is issued to inform the audit committee.
Inform the external auditor, senior management, the board, and the audit committee.
Inform senior management, the board, and the audit committee.
Immediately inform the external auditor and the divisional manager.
A
Inform senior management, the board, and the audit committee.
12
Q
An auditor is observing cash sales to determine if customers are given written receipts. The objective of this test is to ensure that:
All cash sales are recorded.
Cash received equals the total of the receipts.
Customers are charged authorized prices.
Cash balances are correct.
A
All cash sales are recorded.
13
Q
Inefficient usage of excess computer equipment can be controlled by: System feasibility studies. Capacity planning. Exception reporting. Contingency planning.
A
Capacity planning.
14
Q
In planning a system of internal operating controls, the role of the internal auditor is to:
Design the controls.
Establish the policies for controls.
Appraise the effectiveness of the controls.
Create the procedures for the planning process.
A
Appraise the effectiveness of the controls.
15
Q
Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system?
Processing time is increased.
The nature of the firm?s risk exposure is reduced.
Processing errors are increased.
Traditional duties are less segregated.
A
Traditional duties are less segregated.
16
Q
According to the IIA Standards, a fraud report is required:
At the conclusion of the detection phase.
Neither at the conclusion of the detection phase nor at the conclusion of the investigation phase.
At the conclusion of both the detection and the investigation phases.
At the conclusion of the investigation phase.
A
At the conclusion of the investigation phase.
17
Q
Erroneous management decisions might be the result of incomplete information. Theÿbestÿcontrol to detect a failure to process all valid transactions is:
Periodic user submission of test data.
User review of selected output and transactions rejected by edit checks.
Controlled output distribution.
Decollation of output.
A
User review of selected output and transactions rejected by edit checks.
18
Q
During the audit of a company?s purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supply firm whose owner was the brother of the director of purchasing. There were no policies or controls in place to restrict such purchases, and no fraud appears to have been committed. In this case, the internal auditor should recommend:
The inspection of all receipts by receiving inspectors.
The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing.
Establishment of a price policy (range) for all goods.
The initiation of a conflict-of-interest policy.
A
The initiation of a conflict-of-interest policy.
19
Q
During an audit, the internal auditor found a scheme in which the warehouse director and the purchasing agent for a retail organization diverted approximately $500,000 of goods to their own warehouse, then sold the goods to third parties. The fraud was not noted earlier since the warehouse director forwarded receiving reports (after updating the perpetual inventory records) to the accounts payable department for processing.
Which of the following procedures would haveÿmostÿlikelyÿled to the discovery of the missing materials and the fraud?
Take a random sample of sales invoices and trace to the perpetual records to see if inventory was on hand. Investigate any differences.
Take a random sample of purchase orders and trace them to receiving documents and to the records in the accounts payable department.
Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences, and investigating.
Take a random sample of receiving reports and trace to the recording in the perpetual inventory record. Note differences and investigate by type of product.
A
Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences, and investigating.
20
Q
An international nonprofit organization finances medical research. The majority of its revenue and support comes from fundraising activities, investments, and specific grants from an initial sponsoring corporation. The organization has been in operation over 15 years and has a small internal audit department. The organization has just finished a major fundraising drive that raised $500 million for the current fiscal period.
The following are selected data from recent financial statements:
Assume the auditor finds a number of instances in which travel and entertainment reimbursements going to the president seem excessive and inconsistent with the charter of the organization. Before an audit report is issued, a front-page article appears in a major financial newspaper alleging that the president has been using the organization?s funds for personal purposes. The auditor has enough information to confirm the allegations made in the newspaper article. The auditor is called by the newspaper and by a financial magazine in an attempt to confirm the facts. Which of the following would be theÿbestÿresponse by the auditor?
Respond truthfully and fully since the auditor is in a position to confirm the facts that concern the president, not the organization.
Provide information off the record so that the article does not state who gave the information.
Direct the inquiry to the audit committee or the board of directors.
Respond that the investigation is not complete.
A
Direct the inquiry to the audit committee or the board of directors.
21
Q
In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The important characteristic that distinguishes fraud from other varieties of white-collar crime is that:
Unlike other white-collar crimes, fraud is always perpetrated against an outside party.
White-collar crime usually is perpetrated for the benefit of an organization, whereas fraud benefits an individual.
Outsiders usually perpetrate white-collar crime to the detriment of an organization, whereas insiders perpetrate fraud to benefit the organization.
Fraud encompasses an array of irregularities and illegal acts that involve intentional deception.
A
Fraud encompasses an array of irregularities and illegal acts that involve intentional deception.
22
Q
A determination of cost savings is most likely to be an objective of: Operational auditing. Program results auditing. Compliance auditing. Financial auditing.
A
Operational auditing.
23
Q
A company uses a local area network (LAN) to connect its four city area sales offices to the headquarter office. Sales information such as credit approval and other customer information, prices, account information, and so on is maintained at headquarters. This office also houses the inventory and shipping functions. Each area office is connected to the headquarters? office computer, and messages/information between the area offices pass through the headquarters? computer. This communication configuration allows for real-time confirmation of shipments as well as billing and account status. The company is concerned about the accuracy and sensitivity of its information and has implemented controls to protect the database used by the area offices. (1)ÿThe data are modeled after a tree structure, with each record type having any number of lower-level dependent records. The relationship is a one-to-many rather than a many-to-many relationship. When a user enters the system, a series of questions is asked of the user. These (2)ÿquestions include a name and mother?s birth date. The headquarters computer maintains a (3)ÿmatrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program.
A recent addition to the system controls involves a lockout procedure. This procedure (4)ÿlocks out a particular record to other sales offices while a particular sales office is using the record. This control ensures that each transaction has the most recent and accurate information available when the sales office is processing the event.The questions described in (2) are primarily intended to provide:
Authentication of the user.
Data integrity control.
Access control to computer hardware.
Authorization for processing.
A
Authentication of the user.
24
Q
A manufacturer of hospital equipment uses three vendors to supply about half of the materials used in its operations. Invoices from these vendors are transmitted directly to the company through electronic data interchange (EDI) with custom-developed software. In a systems development and postimplementation review, the internal auditor was involved with assessing and testing the EDI system and found no significant problems. Other manufacturing materials are obtained through routine purchase orders prepared by buyers in the purchasing department. Materials from EDI vendors are delivered to the receiving dock where personnel verify that the goods are authorized purchases, look for shipping damage, and record receipt into the system using barcode technology. Materials purchased from non-EDI vendors are delivered to the receiving dock and recorded manually on receiving reports. Copies of these reports are given to the purchasing and accounts payable departments. The internal audit department is scheduled to complete a full audit of the purchasing and accounts payable cycle before the end of the year. However, there are severe time pressures because other matters delayed the start of the audit.
The auditor determined that the risks associated with the EDI purchases were less than the risks associated with the purchases made through the traditional system. Which one of the following factorsÿbestÿsupports this prioritization of risks?
The external auditor did not examine EDI purchase controls during the annual financial audit.
There are three vendors connected through EDI.
The internal auditors were involved with systems development and testing of the EDI software.
About half of the materials are purchased through EDI.
A
The internal auditors were involved with systems development and testing of the EDI software.
25
An internal auditor is auditing a division?s accounts and is concerned that the division?s management may have shipped poor-quality merchandise in order to boost sales and profitability for the year and thereby boost the division manager?s bonus. Furthermore, the auditor suspects that returned goods are being shipped to other customers as new products without defects being fully corrected. Which of the following audit procedures would be theÿleasteffective in determining whether such shipments took place?
Examine credit memos issued after year-end for goods shipped before year-end.
Interview customer service representatives regarding unusual amounts of customer complaints.
Physically observe the shipping and receiving area for evidence of returned goods.
Require the division to take a complete physical inventory at year-end, and observe the taking of the inventory.
Require the division to take a complete physical inventory at year-end, and observe the taking of the inventory.
26
In the course of performing an audit, an internal auditor becomes aware of illegal acts being performed by several of the highest-ranking officers of the company. To whom should the findings of the audit report be addressed?
The audit committee of the board of directors.
Members of the news media.
The officers involved in the illegal acts.
Line-level supervision.
The audit committee of the board of directors.
27
A life insurance company refunds overpayments received from policyholders on their policy loans. The risk of material losses from errors and irregularities related to such refunds are greatest with respect to:
Employing individuals of questionable integrity in the disbursing function.
Retaining employees in the same position over long periods of time.
Posting disbursements of refunds to the wrong policyholder borrower.
Allowing refund checks to be issued before authorization is obtained.
Allowing refund checks to be issued before authorization is obtained.
28
A rental car company?s fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day?s material request forms and is then forwarded to the fleet manager for approval. The use of transaction codes provides the fleet manager with information concerning the types of inventory activity. The auditor is considering an analytical review of transaction codes and materials used. The objective of this review is to:
Identify possible material lost due to employee theft.
Reveal shortages in perpetual inventory records.
Determine whether inventory items are properly valued.
Provide evidence of inventory items that are overstocked.
Identify possible material lost due to employee theft.
29
```
The total interruption of processing throughout a distributed information technology system is minimized by a control or concept referred to as:
Backup and recovery.
Data file security.
Fail-soft protection.
The system log.
```
Fail-soft protection.
30
The auditor finds a situation where one person has the ability to collect receivables, make deposits, issue credit memos, and record receipt of payments. The auditor suspects the individual may be stealing from cash receipts. Which of the following audit procedures would bemostÿeffective in discovering fraud in this scenario?
Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.
Send positive confirmations to a random selection of customers.
Take a sample of bank deposits and trace the detail in each of the bank deposit back to the corresponding entry in the cash receipts journal.
Send negative confirmations to all outstanding accounts receivable customers.
Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.
31
A multinational company has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the company?s electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the company performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the company and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the company?s fiscal year. This period was chosen so it would not interfere with processing during the VAN?s peak transaction periods. This provision was not reviewed with internal auditing. The annual audit plan approved by the board of directors specifies that a full audit would be done during the current year.
Which of the following preprocessing controls isÿleastÿlikely to provide the auditor with assurance about the validity of transactions?
Exception processing
Verification of the requestor
Decryption of data
Authentication of information
Decryption of data
32
Expert systems consist of:
Hardware and software used to automate routine tasks.
Software packages with the ability to make judgment decisions.
A panel of outside consultants.
Hardware designed to make judgment decisions.
Software packages with the ability to make judgment decisions.
33
A control that prevents purchasing agents from favoring certain suppliers in placing orders is:
Periodic rotation of buyer assignments.
A monthly report of total dollars committed by each buyer.
Monitoring the number of orders placed by each buyer.
Requiring buyers to adhere to detailed product specifications.
Periodic rotation of buyer assignments.
34
```
To determine whether there have been any unauthorized program changes since the last authorized program update, theÿbestÿinformation technology audit technique is for the auditor to conduct a(n):
Test data run.
Code review.
Code comparison.
Analytical review.
```
Code comparison.
35
Contributions to a nonprofit organization have been constant for the past three years. The audit committee has become concerned that the president may have embarked on a scheme in which some of the contributions from many sustaining members have been redirected to other organizations. The audit committee suspects that the scheme may involve taking major contributions and depositing them in alternative accounts or soliciting contributions to be made in the name of another organization. Which of the following audit procedures would bemostÿeffective in detecting the existence of such a fraud?
Use analytical review procedures to compare contributions generated with those of other comparable institutions over the same period of time. If the amount is significantly less, take a detailed sample of cash receipts and trace to the bank statements.
Take a sample that includes all large donors for the past three years and a statistical sample of others, and request a confirmation of total contributions made to the organization or to affiliated organizations.
Take a discovery sample of cash receipts and confirm the amounts of the receipts with the donors. Investigate any differences.
Use generalized audit software to take a sample of pledged receipts not yet collected and confirm the amounts due with the donors.
Take a sample that includes all large donors for the past three years and a statistical sample of others, and request a confirmation of total contributions made to the organization or to affiliated organizations.
36
An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal auditing department to review the new system. The auditor is concerned that retired employees are not receiving the correct benefits. Which of the following auditing procedures would be theÿleastÿeffective in addressing this concern?
Use generalized audit software to take a classical variables sample of retired employees on the database. Verify that all benefit payments are appropriate.
Use an integrated test facility and submit transactions over a period of time to determine if the system is paying the appropriate benefits.
Take a sample of employees added to the retirement list for a specified time period?for example, a day or a week?and determine that they are scheduled for the appropriate benefits.
Use generalized audit software to take a variables sample stratified on years since retirement and size of benefit payments. Verify that all benefit payments are appropriate.
Take a sample of employees added to the retirement list for a specified time period?for example, a day or a week?and determine that they are scheduled for the appropriate benefits.
37
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are issued defense contracts on a cost-plus basis. Contracts are clearly written defining acceptable costs, including developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those that had been used for years in the defense industry. The legislative auditors are being called on to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.Assuming that a high degree of security is needed, which of the following potential sources of evidence would also be relevant to the auditor?s assessment of whether the governmental unit is being charged for computer security that exceeds the entity?s needs?
I. Comparison of the security system with best practices implemented for similar systems
II. Comparison of the security system with recent publications on state of the art systems
III. Tests of the functionality of the security system
I and II only.
III only.
I, II, and III.
II only.
I and II only.
38
During the audit of the receiving department, an internal auditor examined a physical shipment of goods to verify the accuracy of the completed receiving report. Evidence showed that the number of units in the shipment did not agree with the quantity shown on the receiving report. Which of the following may have led to this error?
Displaying amounts ordered on the receiving department?s copy of the purchase order.
Improper authorization of the purchase.
Failure of receiving personnel to compare the quality of goods received with specifications.
Lack of standards for selecting vendors.
Displaying amounts ordered on the receiving department?s copy of the purchase order.
39
To maximize its cash position and increase earnings on invested cash, management has increased the frequency of billings to customers and eliminated all noninterest-bearing accounts. To maintain an undisturbed maximum cash balance for investment purposes, portions of cash received are used to cover current expenditures. By estimating the float on checks received and deposited, the company has reduced excess cash balances otherwise needed to meet normal transaction needs. Interbank transfers have also been employed to consolidate funds available for investment. A major control weakness in the case described above is the:
Increased frequency of billings.
Use of cash received to cover cash expenditures.
Use of interbank transfers.
Elimination of noninterest-bearing accounts.
Use of cash received to cover cash expenditures.
40
A manufacturing firm uses hazardous materials in production of its products. An audit of these hazardous materials may include:
I. Recommending an environmental management system as a part of policies and procedures.
II. Verifying the existence of cradle-to-grave (creation to destruction) tracking records for these materials.
III. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit.
IV. Evaluating the cost provided for in an environmental liability accrual account.
III and IV.
II only.
I and II only.
I, II, and IV.
I, II, and IV.
41
In a comprehensive audit of a not-for-profit activity, an internal auditor would be primarily concerned with the:
Extent of achievement of the organization?s mission.
Accuracy of reports on the source and use of funds.
Extent of compliance with policies and procedures.
Procedures related to the budgeting process.
Extent of achievement of the organization?s mission.
42
A company uses a local area network (LAN) to connect its four city area sales offices to the headquarter office. Sales information such as credit approval and other customer information, prices, account information, and so on is maintained at headquarters. This office also houses the inventory and shipping functions. Each area office is connected to the headquarters? office computer, and messages/information between the area offices pass through the headquarters? computer. This communication configuration allows for real-time confirmation of shipments as well as billing and account status. The company is concerned about the accuracy and sensitivity of its information and has implemented controls to protect the database used by the area offices. (1)ÿThe data are modeled after a tree structure, with each record type having any number of lower-level dependent records. The relationship is a one-to-many rather than a many-to-many relationship. When a user enters the system, a series of questions is asked of the user. These (2)ÿquestions include a name and mother?s birth date. The headquarters computer maintains a (3)ÿmatrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program.
A recent addition to the system controls involves a lockout procedure. This procedure (4)ÿlocks out a particular record to other sales offices while a particular sales office is using the record. This control ensures that each transaction has the most recent and accurate information available when the sales office is processing the event.
The database system described in (1) above is an example of which type of database model?
Hierarchical.
Relational.
Network.
Distributed.
Hierarchical.
43
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
Management is exploring different ways of reducing or preventing pollution in manufacturing operations. The objective of a pollution prevention audit is to identify opportunities where waste can be minimized and pollution can be eliminated at the source rather than controlled at the end of a process. In what order should the following opportunities to reduce waste be considered?
I. Recycle and reuse
II. Elimination at the source
III. Energy conservation
IV. Recovery as a usable product
V. Treatment
III, IV, II, V, and I.
IV, II, I, III, and V.
V, II, IV, I, and III.
I, III, IV, II, and V.
IV, II, I, III, and V.
44
Management believes that some specific sales commissions for the year were too large. The accuracy of the recorded commission expense for specific salespersons is best determined by:
Computation of selected sales commissions.
Tests of overall reasonableness.
Use of analytical procedures.
Calculating commission ratios.
Computation of selected sales commissions.
45
```
The auditor?s organization has several decades of experience with computing in mainframe environments. Two years ago, the organization also implemented end-user computing in several departments. In auditing the end-user computing environment, the auditor is concerned that the end-user environment is less likely to have adequate software and hardware facilities for:
Change control procedures.
Relational database queries.
Encryption of sensitive data.
Input validation for transactions.
```
Change control procedures.
46
```
To ensure the completeness of a file update, the user department retains copies of all unnumbered documents submitted for processing and checks these off individually against a report of transactions processed. This is an example of the use of:
Computer sequence checks.
Established batch totals.
One-for-one checking.
Computer matching.
```
One-for-one checking.
47
An internal audit department had been requested to perform an audit to determine whether the organization was in compliance with a particular set of laws and regulations. The audit did not reveal any issues of noncompliance but did reveal that the organization did not have an established system to ensure compliance with the applicable laws and regulations. The auditor?s responsibility is to:
I. Report that no significant compliance issues were noted.
II. Report that the organization has a significant control deficiency because management has not established a system to ensure compliance.
III. Meet with management to determine what follow-up action will be taken.
IV. Monitor to determine that follow-up action has been taken.
I, II, III, and IV.
I and II only.
I only.
II and III only.
I, II, III, and IV.
48
Management of a manufacturing company has requested the internal auditing department perform an audit of the cash management system to evaluate the adequacy of existing internal controls over cash management and identify opportunities to increase management control and operating efficiency. The company has four manufacturing divisions located in diverse geographic areas. The company has delegated day-to-day cash management to each local operating division. Excess cash is invested in short-term cash management programs of local financial institutions. These short-term investments are the only source of interest income for the operating divisions. Each division has a line of credit with a local financial institution but must arrange long-term financing needs through corporate headquarters.
In performing a review of cash management procedures in the divisions during the preliminary audit planning, the internal auditor has noted that management is concerned that:
'++ Some divisions have excess cash balances and might not be investing short-term balances in a manner to maximize returns to the company.
'++One division has automated the processing of cash receipts, but has not implemented proper control procedures to ensure that all cash will be recorded.
'++The divisions? cash management procedures may not be consistent with overall corporate objectives (i.e., there may not be proper coordination between corporate headquarters and divisions regarding cash management).
Upon investigation, the auditor finds that one division consistently has large amounts of excess cash at a time when the organization is borrowing heavily and using the proceeds to support other divisions. The best control procedure to address this concern, without a major change in procedures, would be to:
Centralize all cash processing.
Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management.
Implement electronic data interchange with major customers to facilitate the timing of cash receipts.
Require each division to handle its own long-term financing, thereby forcing them all to better match their cash needs and sources.
Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management.
49
```
To ensure that a computer file is accurately updated in total for a particular field, theÿbestÿcontrol is:
Computer matching.
Check digit.
Run-to-run totals.
Transaction log.
```
Run-to-run totals.
50
The IIAÿStandardsÿrequire an internal auditor to exercise due professional care in performing internal audits. This includes:
Evaluating established operating standards and determining whether those standards are acceptable and are being met.
Establishing suitable criteria of education and experience for filling internal audit positions.
Establishing direct communication between the director of internal auditing and the board of directors.
Accumulating sufficient evidence so that the auditor can give absolute assurance that irregularities do not exist.
Evaluating established operating standards and determining whether those standards are acceptable and are being met.
51
Bank tellers might use authorized teller terminals to conceal overdrafts in their personal checking accounts by transferring funds to and from customers? accounts. Theÿbestÿcontrol to detect the tellers? unauthorized actions is requiring:
Overnight balancing of all accounts by the online teller system.
Supervisor-only authorization for transfers between the bank?s customers.
Annual vacations for employees with access to teller functions.
Periodic examination of accounts of employees with access to teller functions.
Periodic examination of accounts of employees with access to teller functions.
52
To better monitor the performance of operating management, executive management has requested that the internal auditors examine interim financial statements, which are prepared for internal use only. Although interim financial statements have been prepared for several years, this will be the first time that the internal auditors have been involved. The primary reason for this request was that executive management was surprised at the lower-than-anticipated net income eventually reflected in last year?s audited financial statements. Earnings had been artificially manipulated on quarterly financial statements. In their work on this year?s interim financial statements, internal auditors are likely to focus on which of the following?
Whether there have been changes in accounting principles that materially affect the financial statements.
Whether payables have been accrued properly at the end of the interim period.
Whether accounting estimates are reasonable, given past actual results.
The timing of revenue recognition and the valuation of inventories.
The timing of revenue recognition and the valuation of inventories.
53
Which of the following procedures would beÿmostÿvaluable in an audit of traffic department operations in a large manufacturing company?
Trace selected items from the weekly demurrage (car detention charge) report to supporting documentation.
Obtain written confirmation from the regulatory agencies that all carriers used are properly licensed and bonded.
Verify that all bills of lading are prenumbered.
Review procedures for selection of routes and carriers.
Review procedures for selection of routes and carriers.
54
Performance auditing has been described as ?evaluating management?s performance against a set of accepted objectives and goals.? Performance audits generally focus on efficiency and effectiveness, with emphasis on effectiveness. Theÿbestÿexample of a performance audit would be an evaluation of:
The staffing level of a committee established to monitor production planning.
The success of a government agency?s objective of improving elevator safety.
How well workers conform to established operating procedures on an assembly line.
The cost of implementing a major change intended to make the cost accounting system more responsive to user needs.
The success of a government agency?s objective of improving elevator safety.
55
During an audit, an information technology auditor found no written procedures for an application system. What should the auditor do?
Report the issue to management.
Reschedule the audit when the procedures are written.
Document the procedures and audit against them.
Cancel the audit immediately since it is hard to do an audit without documentation.
Document the procedures and audit against them.
56
Which of the following is theÿmostappropriate activity for an internal auditor to perform during a review of systems development activity?
Recommend specific operational procedures that will ensure that all data submitted for processing is converted to machine-readable form.
Serve on the information technology steering committee that determines what new systems are to be developed.
Review the methodology used to monitor and control the system development function.
Recommend specific automated procedures to be incorporated into new systems that will provide reasonable assurance that all data submitted to an application is converted to machine-readable form.
Review the methodology used to monitor and control the system development function.
57
An international nonprofit organization finances medical research. The majority of its revenue and support comes from fundraising activities, investments, and specific grants from an initial sponsoring corporation. The organization has been in operation over fifteen years and has a small internal audit department. The organization has just finished a major fundraising drive that raised $500 million for the current fiscal period.
During an examination of grants awarded, the auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization?s charter. All the grants, however, were approved and documented by the president. The chairperson of the grant authorization committee, who is also a member of the board of directors, proposes that the committee meets and retroactively approves all the grants before the audit report is issued. If the committee meets and approves the grants before the issuance of the audit report, the auditor should:
Not report the grants in question because they were approved before the issuance of the audit report.
Discuss the matter with the chairperson of the grant committee to determine the rationale for not approving the grants earlier. If they are routine grants, omit discussion in the audit report.
Include the items in the report as a breakdown of the organization?s controls. Detail the nature of each grant and investigate further for fraud.
Report the breakdown in control structure to the audit committee.
Report the breakdown in control structure to the audit committee.
58
The internal auditors for a large manufacturing company have been requested to conduct a review of the company?s production planning system. Production data, collected on personal computers (PCs) connected by a local area network (LAN), are used for generating automatic purchases via electronic data interchange. Purchases are made from authorized vendors based on production plans for the next month and on an authorized materials requirement plan (MRP) that identifies the parts needed per unit of production.
The auditor wants to determine if purchasing requirements have been updated for changes in production techniques. Which of the following audit procedures would beÿmostÿeffective in addressing the auditor?s objective?
Use generalized audit software to develop a report of excess inventory. Compare the inventory with current production volume.
Develop test data to input into the LAN and compare purchase orders generated from test data with purchase orders generated from production data.
Take a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate.
Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period.
Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period.
59
Internal auditors are often called on either to perform or to assist the external auditor in performing a due diligence review. A due diligence review is:
A review of financial statements and related disclosures in conjunction with a potential acquisition.
A review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies.
An operational audit of a division of a company to determine if divisional management is complying with laws and regulations.
A review of interim financial statements as directed by an underwriting firm.
A review of financial statements and related disclosures in conjunction with a potential acquisition.
60
Which of the following techniques is themostÿpractical one to detect unauthorized changes to programs?
Implement computer program access controls.
Observing activities of computer operators on a surprise basis.
Comparing production programs with independently controlled copies on a regular basis.
Reviewing source code and logic program documentation on a regular basis.
Comparing production programs with independently controlled copies on a regular basis.
61
Which of the following would be thebestÿprocedure to determine whether purchases were properly authorized?
Discuss authorization procedures with personnel in the controller?s and purchasing functions.
Determine whether a sample of entries in the purchase journal is supported by properly executed purchase orders.
Vouch payments for selected purchases to supporting receiving reports.
Review and evaluate a flowchart of purchasing procedures.
Determine whether a sample of entries in the purchase journal is supported by properly executed purchase orders.
62
An internal auditor who suspects fraud should:
Interview those who have been involved in the control of assets.
Determine that a loss has been incurred.
Recommend whatever investigation is considered necessary under the circumstances.
Identify the employees who could be implicated in the case.
Recommend whatever investigation is considered necessary under the circumstances.
63
```
Passwords for microcomputer software programs are designed to prevent:
Incomplete updating of data files.
Unauthorized access to the computer.
Unauthorized use of the software.
Inaccurate processing of data.
```
Unauthorized use of the software.
64
To determine if credit controls are inconsistently applied, preventing valid sales to creditworthy customers, the auditor should:
Analyze collection rates and credit histories.
Trace postings on the accounts receivable ledger.
Compare credit histories for those receiving credit and for those denied credit.
Confirm current accounts receivable.
Compare credit histories for those receiving credit and for those denied credit.
65
Several members of senior management have questioned whether the internal audit department should report to the newly established, quality audit function as part of the total quality management process within the company. The director of internal auditing has reviewed the quality standards and the programs that the quality audit manager has proposed. The director?s response to senior management should include:
Estimating departmental cost savings from eliminating the internal auditing function.
Changing the qualification requirements for new staff members to include quality audit experience.
Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
Changing the applicable standards for internal auditing within the company to provide compliance with quality audit standards.
Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
66
```
Rejection of unauthorized modifications to application systems could be accomplished through the use of:
Programmed checks.
Batch controls.
Implementation controls.
One-for-one checking.
```
Implementation controls.
67
A small city managed its own pension fund. According to the city charter, the funds could be invested in bonds, money market funds, or high-quality stocks only. The auditor has already verified the existence of the pension fund assets. The fund balance was not very large and was managed by the city treasurer. The auditor decided to estimate income from investments for the fund by multiplying the average fund balance by a weighted-average return based on the current portfolio mix. Upon doing so, the auditor found that recorded income was substantially less than was expected. The auditor?s next audit step should be to:
Prepare a more detailed estimate of income by consulting a dividend and reporting service, which lists the interest or dividends paid on specific stocks and bonds.
Ask the treasurer why that income appears to be less than expected.
Inform management and the audit committee that fraud is suspected and suggest that legal counsel be called in to complete the investigation.
Select a sample of entries to the pension fund income account and trace to the cash journal to determine if cash was received.
Prepare a more detailed estimate of income by consulting a dividend and reporting service, which lists the interest or dividends paid on specific stocks and bonds.
68
A multinational company has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the company?s electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the company performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the company and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the company?s fiscal year. This period was chosen so it would not interfere with processing during the VAN?s peak transaction periods. This provision was not reviewed with internal auditing. The annual audit plan approved by the board of directors specifies that a full audit would be done during the current year.
Which one of the following wouldÿnotbe included as a reason for the company to use EFT with the EDI system?
To allow the company to negotiate discounts with EDI vendors based on prompt payment.
To reduce input time and input errors.
To improve its cash management program.
To take advantage of the time lag associated with negotiable instruments.
To take advantage of the time lag associated with negotiable instruments.
69
The auditor was reviewing documentation that showed that a customer had recently returned three expensive products to the regional service center for warranty replacement. The documentation showed that the warranty clerk had rejected the claim and sent it to the customer?s local distributor. The claim was rejected because the serial numbers listed in the warranty claim were not found in the computer?s sales history file. Subsequently, the distributor supplied three different serial numbers, all of which were validated by the computer system, and the clerk completed the warranty claim for replacements. Which would be the best course of action for the auditor under the circumstances?
Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records.
Notify the appropriate authorities within the organization that there are sufficient indicators that a fraud has been committed.
Summarize this item along with other valid transactions in the auditor?s test of warranty transactions.
Verify with the appropriate supervisor that the warranty clerk had followed relevant procedures in the processing and disposition of this claim.
Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records.
70
Which of the following means would be theÿmostÿappropriate to minimize the risk of a company?s buyer purchasing from a vendor who is a relative?
Maintain an approved-vendor file for purchases.
Establish a predetermined reorder point for purchases.
Perform a risk analysis for the purchasing function.
Establish a purchasing economic order quantity.
Maintain an approved-vendor file for purchases.
71
```
A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allow is:
Overpayment for partial deliveries.
Delay in recording purchases.
Payment to unauthorized vendors.
Payment for unauthorized purchases.
```
Overpayment for partial deliveries.
72
A financial institution is overstating revenue by charging too much of each loan payment to interest income and too little to repayment of principal. Which of the following audit procedures would beleastÿeffective in detecting this error?
Use test data and submit interest payments for various loans in the test portfolio to determine if they are recorded correctly.
Use generalized audit software to take a random sample of loan payments made during the period, calculate the correct posting amounts, and trace the postings that were made to the various accounts.
Use an integrated test facility (ITF) and submit interest payments for various loans in the ITF portfolio to determine if they are recorded correctly.
Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period.
Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period.
73
New credit policies have been implemented in the automated entry order system to control collectability. These policies prevent entering any new sales order that would cause customers? accounts receivable balance to exceed average sales for any two-month period in the prior 12-month period. Divisional sales management has compiled over a dozen examples that show decreased sales and delayed order entry. Division management contends these examples are a direct result of the new credit policy constraints. Sales management?s data and information provide:
A statistically valid conclusion about the impact on customer goodwill concerning the credit policy.
Evidence that the new credit policy is not meeting the stated corporate objective to control the collectability of new sales volume.
Feedback control data on the new corporate credit policy.
Irrelevant argumentative information.
Feedback control data on the new corporate credit policy.
74
```
Which account balance isÿmostÿlikely to be misstated if an aging of accounts receivable is not performed?
Sales returns and allowances.
Allowance for bad debts.
Accounts receivable.
Sales revenue.
```
Allowance for bad debts.
75
An internal auditor is conducting interviews of three employees who had access to a valuable asset that has disappeared. In conducting the interviews, the internal auditor should:
Conduct the interviews in a group.
Allow a suspect to return to work after the interview so as not to arouse suspicions.
Respond to noncooperation by threatening adverse consequences of such behavior.
Not indicate that management will forgo prosecution if restitution is made.
Not indicate that management will forgo prosecution if restitution is made.
76
Which of the following environmental control risks is more likely in a stand-alone microcomputer environment than in a mainframe environment?
I. Copyright violations due to the use of unauthorized copies of purchased software
II. Unauthorized access to data
III. Lack of data availability due to inadequate data retention policies
IV. I, II, and III
IV.
III.
I.
II.
IV.
77
A company controller is concerned that parts may be stolen because there is no formal receiving function (i.e., receiving slips are not filled out). Production raw materials are moved from rail cars directly to the production line, and vendors are paid based on actual production. Which of the following comments correctly portrays the current process?
I. Goods can be paid for only if they have been used in production. Stolen goods or goods not shipped will not be paid for.
II. There is less handling of goods received, thereby decreasing the cost associated with processing goods received as well as decreasing the opportunities for errors to enter the system.
III. Shortages of materials in the system will be brought to a supervisor?s attention because of production shutdowns.
Iv. I, II, and III
II only.
IV.
III only.
I only.
IV.
78
Management of a manufacturing company has requested the internal auditing department perform an audit of the cash management system to evaluate the adequacy of existing internal controls over cash management and identify opportunities to increase management control and operating efficiency. The company has four manufacturing divisions located in diverse geographic areas. The company has delegated day-to-day cash management to each local operating division. Excess cash is invested in short-term cash management programs of local financial institutions. These short-term investments are the only source of interest income for the operating divisions. Each division has a line of credit with a local financial institution but must arrange long-term financing needs through corporate headquarters.
In performing a review of cash management procedures in the divisions during the preliminary audit planning, the internal auditor has noted that management is concerned that:
Some divisions have excess cash balances and might not be investing short-term balances in a manner to maximize returns to the company.
One division has automated the processing of cash receipts, but has not implemented proper control procedures to ensure that all cash will be recorded.
The divisions? cash management procedures may not be consistent with overall corporate objectives (i.e., there may not be proper coordination between corporate headquarters and divisions regarding cash management).
To address management?s concern that a division might not be adequately investing short-term funds, management has developed a model that estimates minimum daily cash balances for each division. To determine whether a specific division is failing to maximize its invested cash, management should implement a control procedure that compares:
Interest income per division with industry averages for similar companies.
Daily cash receipts and interest income across divisions to identify any division with a variance of 5% or more.
Interest income for each division with the other three divisions.
Total daily cash balances at each division and interest income for a period with projected interest income based on its model of minimum cash balances.
Total daily cash balances at each division and interest income for a period with projected interest income based on its model of minimum cash balances.
79
Two major retail companies, both publicly traded and operating in the same geographic area, have recently merged. Both companies are approximately the same size and have audit departments. Company B has invested heavily in information technology and has electronic data interchange (EDI) connections with its major vendors.
The audit committee has asked the internal auditors from both companies to analyze risk areas that should be addressed after the merger. The director of internal auditing of Company B has suggested that the two audit groups have a planning meeting to share audit programs, scope of audit coverage, and copies of audit reports that were delivered to their audit committees. Management has also suggested that the auditors review the compatibility of the companies? two computer systems and control philosophy for individual store operations.
The audit director for Company B decides to review selected store compliance audit reports issued by the internal audit department of Company A. Upon reviewing the reports, the director comments that most items included in the report are inappropriate because they are very minor and cannot be considered material. The director states that the management of Company B would not tolerate such reports. Which of the following assertions by the audit director of Company A is (are) valid?
I. These are the kinds of reports we have provided since the company has been in operation, and they have served our company well.
II. The reports are consistent with management?s control philosophy and are an integral part of the overall control environment.
III. Materiality is in the eyes of the beholder. Any deviation is considered material by my management.
I only.
III only.
II and III.
II only.
II only.
80
A retail organization has just implemented electronic data interchange (EDI) to issue purchase orders to major vendors. The client has developed a database of approved vendors. New vendors can be added only after a thorough review by the purchasing manager and marketing director. Only purchasing agents can issue purchase orders, and the amount of purchase orders for a particular product line cannot exceed a budgeted amount specified by the marketing manager.
All purchases go to the distribution center, where they are electronically scanned into the computer system. All incoming items must reference a company purchase order, and any items that do not contain such a reference will not be accepted. Prenumbered receiving slips are not used, but all receipts are referenced to the purchase order. Price tags are generated per the purchase order and for the quantities indicated by the electronically scanned-in receiving report. The number of price tags generated is reconciled with the number of products received.
The vendor sends an invoice to the retailer. The invoices are keypunched and entered into the system. The computer software is programmed to match the vendor invoice, the purchase order, and the receiving report. If the three items are matched within a tolerance of 0.5%, the computer program schedules the items for payment at a time to take advantage of purchase discounts. A check is generated by the cash disbursements program and is electronically signed and mailed. If there is a discrepancy among the three documents, a report is printed and sent to the accounts payable department for investigation.
Which of the following items would be considered a control deficiency in the receiving function?
I. The number of price tags generated is determined by the receiving reports electronically scanned in during the receiving function.
II. Prenumbered receiving documents are not used.
III. There is no inspection of goods for quality.
IV. I, II, and III
I.
I, II, and III.
III.
II.
III.
81
In an organization that has a separate division that is primarily responsible for fraud deterrence, the internal auditing department is responsible for:
Controlling that division?s fraud deterrence activities.
Planning that division?s fraud deterrence activities.
Examining and evaluating the adequacy and effectiveness of that division?s actions taken to deter fraud.
Establishing and maintaining that division?s system of internal controls.
Examining and evaluating the adequacy and effectiveness of that division?s actions taken to deter fraud.
82
A rental car company?s fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day?s material request forms and is then forwarded to the fleet manager for approval. The reconciliation of the summary report to the day?s material request forms by the parts room supervisor:
Confirms that all material request forms are entered for all parts issued.
Verifies that all material request forms were approved.
Provides documentation as to what material was available for a specific transaction.
Ensures the accuracy and completeness of data input.
Ensures the accuracy and completeness of data input.
83
A company uses a local area network (LAN) with one client server. The auditor wishes to determine whether LAN users are complying with company policies related to the documentation of applications developed by end users and shared by other users on the LAN. The most appropriate audit procedure would be to:
Take a random sample of end-user applications stored on the server, and examine the applications for compliance with company policies.
Send a survey to end users to test their knowledge of required application documentation.
Take a random sample of end users, and examine all applications stored on their computers for compliance with existing policies.
Send a questionnaire to end users to determine the extent to which they have developed end-user applications for the LAN.
Take a random sample of end-user applications stored on the server, and examine the applications for compliance with company policies.
84
A primary concern of an operational audit of the family welfare department of a governmental unit would be:
Determining that proper measures of performances are used.
Adhering to generally accepted accounting principles (GAAP).
Ensuring that persons with direct client contact have at least a bachelor?s degree.
Generating an adequate return on investment.
Determining that proper measures of performances are used.
85
An audit of the purchasing function disclosed that orders were placed for materials that at that time were being disposed of as surplus. What corrective action should be recommended?
Confirm all orders for replacement material with the user department.
Employ a historical reorder point system.
Have all purchase requisitions approved by the responsible purchasing agent.
Develop and distribute periodic reports of surplus stocks.
Develop and distribute periodic reports of surplus stocks.
86
An internal auditor is conducting an operational audit of the information system department. Which of the following factors would the auditor give theÿmostÿweight to in evaluating the effectiveness of the department?
It uses leading-edge technology.
It is given top priority in the budgeting process.
It has a large technical staff.
Its objectives and goals are consistent with the overall objectives of its organization.
Its objectives and goals are consistent with the overall objectives of its organization.
87
The primary objective in the operational audit of an organization?s employee benefits program is to:
Determine that company policies on providing employee benefits are followed.
Be sure that the program is competitive with programs of other area organizations.
Ascertain that the benefits provided are cost effective for the organization.
Check the adequacy and accuracy of accruals of employee benefit costs in books and records.
Ascertain that the benefits provided are cost effective for the organization.
88
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are issued defense contracts on a cost-plus basis. Contracts are clearly written defining acceptable costs, including developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those that had been used for years in the defense industry. The legislative auditors are being called on to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
The auditor wishes to estimate the additional cost of the added security. Which of the following procedures would be theÿbestÿfirst step in providing that evidence? Compare the total costs of computer security under the new contract with the total computer security costs:
Previously incurred.
Previously incurred, as a percentage of total cost incurred.
Of each other entity managed by this outsourcer.
Of other governmental entities of similar size.
Previously incurred.
89
The internal audit department can be involved with systems development continuously, at the end of specific stages, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other two types of involvement is that:
The threat of lack of audit independence can be minimized.
The cost of audit involvement can be minimized.
There are clearly defined points at which to issue audit comments.
Redesign costs can be minimized.
Redesign costs can be minimized.
90
Management asserted that the performance standards the auditors used to evaluate operating performance were inappropriate. Written performance standards that had been established by management were vague and had to be interpreted by the auditor. In such cases auditors may meet their due care responsibility by:
Establishing agreement with auditees as to the standards needed to measure performance.
Assuring themselves that their interpretations are reasonable.
Assuring themselves that their interpretations are in line with industry practices.
Incorporating management?s objections in the audit report.
Establishing agreement with auditees as to the standards needed to measure performance.
91
An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal auditing department to review the new system. The auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to:
Use generalized audit software to take a dollar-unit sample of retirement pay and determine whether each retired employee was paid correctly.
Use generalized audit software to take an attributes sample of retirement pay, and perform detailed testing to determine whether each person chosen was given the proper benefits.
Review the trend of overall retirement expense over the last ten years. If the retirement expense increased, it would indicate the need for further investigation.
Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
92
Maintaining a file of purchase orders in the receiving department for merchandise ordered but not yet received helps ensure that:
Goods received are not misappropriated.
Goods are properly counted when they arrive.
Only authorized shipments are accepted.
Goods are delivered to the appropriate department in a timely manner.
Only authorized shipments are accepted.
93
An unauthorized employee picked up a printout of salary data from the computer center after the last payroll update. Thebestÿcontrol for ensuring that only authorized employees receive sensitive printouts is logging and:
Controlled destruction of obsolete printouts.
Signed confirmation by recipients.
Enforced expiration date on sensitive printouts.
Access control over printout files on disk.
Signed confirmation by recipients.
94
During an audit of the accounts receivable function, the auditor found that the accounts receivable turnover rate had fallen from 7.3 to 4.3 over the last three years. What is the most likely cause of the decrease in the turnover rate?
A change from net 30 to net 25.
Greater cash sales.
A more liberal credit policy.
An increase in the discount offered for early payment.
A more liberal credit policy.
95
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
Management is evaluating the need for an environmental audit program. Which one of the following shouldÿnotÿbe included as an overall program objective?
Conduct site assessments at both facilities.
Ensure that management systems are adequate to minimize future environmental risks.
Verify company compliance with all environmental laws.
Evaluate waste minimization opportunities.
Conduct site assessments at both facilities.
96
```
Select the appropriate population from which to draw a sample when the audit objective is to evaluate compliance with controls designed to ensure that all shipments are billed.
Cash receipts records.
Prenumbered shipping documents.
Prenumbered customer invoices.
Customer accounts receivables.
```
Prenumbered shipping documents.
97
A significant employee fraud took place shortly after an internal audit. The internal auditor mayÿnotÿhave properly fulfilled the responsibility for the deterrence of fraud by failing to note and report that:
Policies, practices, and procedures to monitor activities and safeguard assets were less extensive in low-risk areas than in high-risk areas.
There were no written policies describing prohibited activities and the action required whenever violations are discovered.
A system of control that depended on separation of duties could be circumvented by collusion among three employees.
Divisional employees had not been properly trained to distinguish between bona fide signatures and cleverly forged ones on authorization forms.
There were no written policies describing prohibited activities and the action required whenever violations are discovered.
98
A perpetual inventory system uses a minimum quantity on hand to initiate purchase-ordering procedures for restocking. In reviewing the appropriateness of the minimum quantity level established by the stores department, the auditor would beÿleastlikely to consider:
Available storage space and potential obsolescence.
Stock-out costs, including lost customers.
Seasonal variations in forecasting inventory demand.
Optimal order sizes determined by the economic order quantity model.
Optimal order sizes determined by the economic order quantity model.
99
The internal auditing department was not involved in a major system conversion in which customer records for $100,000 of receivables were lost. Which of the following internal auditing roles would help prevent such losses in the future?
Performance of a feasibility study.
Use of an integrated test facility.
Management of the conversion process.
Involvement in all phases of the system development life cycle.
Involvement in all phases of the system development life cycle.
100
Which of the following describes a control weakness?
Purchasing procedures are well designed and followed unless otherwise directed by the purchasing supervisor.
Prenumbered blank purchase orders are secured within the purchasing department.
Normal operational purchases fall in the range from $500 to $1,000 with two check signers required for purchases over $1,000.
The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the company?s suppliers in its portfolio.
Purchasing procedures are well designed and followed unless otherwise directed by the purchasing supervisor.
101
An audit of the payroll function revealed several instances where a payroll clerk had added fictitious employees to the payroll and deposited the checks in accounts of close relatives. What control should have prevented such actions?
Allowing changes to the payroll to be authorized only by the personnel department.
Having the treasurer?s office sign payroll checks.
Establishing a policy to deal with close relatives working in the same department.
Using time cards and attendance records in the computation of employee gross earnings.
Allowing changes to the payroll to be authorized only by the personnel department.
102
The major purpose of the internal auditor?s study and evaluation of the company?s information technology (IT) operations is to:
Evaluate the competence of IT operating personnel.
Become familiar with the company?s means of identifying, measuring, classifying, and reporting information.
Ensure the exercise of due professional care.
Evaluate the reliability and integrity of financial and operating information.
Evaluate the reliability and integrity of financial and operating information.
103
Due to the small staff, one remote unit?s petty cash custodian also had responsibility for the imprest fund checking account reconciliation. The cashier concealed a diversion of funds by altering the beginning balance on the monthly reconciliations sent to the group office. A possible audit test to detect this would be to:
Determine if any employees are leading expensive lifestyles.
Require additional monitoring by headquarters whenever improper segregation of duties exists at remote units.
Compare monthly balances and use change and trend analysis.
Determine if any employees have high personal debt.
Compare monthly balances and use change and trend analysis.
104
A retail organization has just implemented electronic data interchange (EDI) to issue purchase orders to major vendors. The client has developed a database of approved vendors. New vendors can be added only after a thorough review by the purchasing manager and marketing director. Only purchasing agents can issue purchase orders, and the amount of purchase orders for a particular product line cannot exceed a budgeted amount specified by the marketing manager.
All purchases go to the distribution center, where they are electronically scanned into the computer system. All incoming items must reference a company purchase order, and any items that do not contain such a reference will not be accepted. Prenumbered receiving slips are not used, but all receipts are referenced to the purchase order. Price tags are generated per the purchase order and for the quantities indicated by the electronically scanned-in receiving report. The number of price tags generated is reconciled with the number of products received.
The vendor sends an invoice to the retailer. The invoices are keypunched and entered into the system. The computer software is programmed to match the vendor invoice, the purchase order, and the receiving report. If the three items are matched within a tolerance of 0.5%, the computer program schedules the items for payment at a time to take advantage of purchase discounts. A check is generated by the cash disbursements program and is electronically signed and mailed. If there is a discrepancy among the three documents, a report is printed and sent to the accounts payable department for investigation.
The auditor wishes to determine that the program is correctly approving items for payment only when the purchase order, receiving report, and vendor invoice match within the tolerable 0.5%. Assume all the following suggested audit procedures would have been implemented to function over the proper time period. Which of the following computerized audit procedures would provide theÿmostÿpersuasive evidence as to the correct operation of the program?
Implementing a systems control and audit review file (SCARF) audit technique that will automatically select all transactions when the purchase order exceeds a specific dollar limit.
Using a test data approach at year-end by submitting mock purchase orders, vendor invoices, and receiving quantities.
Using generalized audit software to take a random sample of purchase orders and tracing the selected items to the vendor invoice and receiving document.
Implementing an integrated test facility with auditor-submitted test items throughout the period under analysis.
Implementing an integrated test facility with auditor-submitted test items throughout the period under analysis.
105
Which of the following isÿnotÿlikely to be included as an audit step when assessing vendor performance policies?
Determine whether only authorized items were received from vendors.
Determine whether vendors sent agreed-on lot sizes.
Determine whether the balances owed to vendors are correct.
Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Determine whether the balances owed to vendors are correct.
106
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are issued defense contracts on a cost-plus basis. Contracts are clearly written defining acceptable costs, including developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those that had been used for years in the defense industry. The legislative auditors are being called on to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
Regarding the audit finding of an advanced computing security system, what is theÿmostÿappropriate course of action by the auditor?
Exclude the finding from the audit report because the contract was vague and the level of security is clearly acceptable.
Compare the cost with previous costs incurred by governmental operations and inform the outsourcer that the difference will be a disallowed cost.
Estimate the amount of cost used to develop the advanced security system and inform the outsourcer that it will be a disallowed cost.
Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the outsourcer to resolve differences.
Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the outsourcer to resolve differences.
107
The objective of a program results audit requires the auditor to:
Place an emphasis on outputs rather than inputs.
Look for cost savings or waste.
Render an opinion on the fairness of financial presentation.
Include only historical data in the audit.
Place an emphasis on outputs rather than inputs.
108
Which of the following documents should the auditor examine to determine if only authorized purchases are being accepted by the receiving department?
Policies and procedures for the receiving function.
A copy of the purchase order.
An invoice.
A bill of lading.
A copy of the purchase order.
109
During the audit of payments under a construction contract with a local firm, the auditor finds a $900 recurring monthly reimbursement for rent at a local apartment complex. Each reimbursement is authorized by the same project engineer. The auditor finds no provision for payment of temporary living expenses in the construction contract. Discussion with the project engineer could not resolve the matter. The auditor should:
Call the engineer into a private meeting to confront the situation.
Complete the audit as scheduled, noting the $900 recurring reimbursement in the work papers.
Inform the audit director.
Wait until the engineer is surrounded by plenty of witnesses and then inquire about the payments.
Inform the audit director.
110
```
An internal auditor is preparing a report that discusses the possibility of employee fraud by a specific named employee. The auditor should be careful that distribution of the report be limited on a need-to-know basis. Failure to follow this caveat may result in the auditor and/or the employer being found liable for:
Slander.
Malicious prosecution.
Libel.
Compounding a felony.
```
Libel.
111
Two major retail companies, both publicly traded and operating in the same geographic area, have recently merged. Both companies are approximately the same size and have audit departments. Company B has invested heavily in information technology and has electronic data interchange (EDI) connections with its major vendors.
The audit committee has asked the internal auditors from both companies to analyze risk areas that should be addressed after the merger. The director of internal auditing of Company B has suggested that the two audit groups have a planning meeting to share audit programs, scope of audit coverage, and copies of audit reports that were delivered to their audit committees. Management has also suggested that the auditors review the compatibility of the companies? two computer systems and control philosophy for individual store operations.
Assume the auditor concludes that the most reasonable explanation of the observed data in the prior question is that inventory fraud is taking place in the three stores. Which of the following audit activities would provide theÿmostpersuasive evidence that fraud is taking place?
Use an integrated test facility (ITF) to compare individual sales transactions with test transactions submitted through the ITF. Investigate all differences.
Interview the three individual store managers to determine if their explanations about the observed differences are the same, then compare their explanations to that of the section manager.
Take a sample of individual store prices and compare them with the sales entered on the cash register for the same items.
Schedule a surprise inventory audit to include a physical inventory. Investigate areas of inventory shrinkage.
Schedule a surprise inventory audit to include a physical inventory. Investigate areas of inventory shrinkage.
112
According to the IIAÿStandards, the role of internal auditing in the investigation of fraud includes all of the followingexcept:
Assessing the probable level and extent of complicity in the fraud within the organization.
Interrogating suspected perpetrators of the fraud.
Designing the procedures to follow in attempting to identify the perpetrators, extent of the fraud, techniques used, and cause of the fraud.
Coordinating activities with management personnel, legal counsel, and other appropriate specialists throughout the investigation.
Interrogating suspected perpetrators of the fraud.
113
A multinational corporation has an office in a foreign branch with a monetary transfer facility. Good internal control requires that:
The branch manager not deliver payroll checks to employees.
The hiring of individual branch employees is approved by the headquarters office.
Foreign currency translation rates are computed separately by two branch employees in the same department.
The person making wire transfers not reconcile the bank statement.
114
An internal auditor reported a suspected fraud to the director of internal auditing. The director turned the entire case over to the security department. Security failed to investigate or report the case to management. The perpetrator continued to defraud the organization until being accidentally discovered by a line manager two years later. Select the most appropriate action for the audit director.
The director?s actions were correct.
The director should have discharged the perpetrator.
The director should have conducted the investigation.
The director should have periodically checked the status of the case with security.
The director should have periodically checked the status of the case with security.
115
A department developed an integrated end-user computing (EUC) application involving timekeeping, payroll, and labor cost accounting. The department used its own personnel to design and program the application using a fourth-generation language (4GL). Subsequently, the department hired outside consultants to rewrite certain components. The application was implemented on the departmental local area network (LAN) and connected with the corporate mainframe system to allow the transfer of data between them.
The internal audit department ranked the EUC applications of the organization according to the perceived risk. As a result, the timekeeping/payroll/labor cost accounting application was selected for an information technology audit.
Certain payroll transactions were posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. Theÿbestÿcontrol to detect this type of error would be:
A record or log of items rejected during processing.
Balancing totals of critical fields.
An appropriate edit and validation of data.
A standard method for uploading mainframe data files.
Balancing totals of critical fields.
116
```
Employing which of the following can prevent unauthorized alteration of online records?
Key verification.
Computer sequence checks.
Computer matching.
Database access controls.
```
Database access controls.
117
The internal auditor of a company has been assigned to perform an audit of the company?s investment activities with particular emphasis on the company?s use of new financial instruments referred to as derivatives. Assume that the director of internal auditing determines that the department does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following actions would be theÿleastÿacceptable?
Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.
Notify the audit committee of the problem, and consult with them regarding outsourcing the audit to a qualified external auditing firm.
Determine the requisite knowledge needed, and obtain the proper training for auditors if such training is available within the appropriate time framework outlined by the audit committee.
Notify the audit committee of the problem, and assign the most competent auditors to the job.
Notify the audit committee of the problem, and assign the most competent auditors to the job.
118
A manager prepared and signed checks payable to a fictitious supplier and deposited the checks into a personal bank account. Which of the following internal controls wouldÿmostÿlikely have prevented, or at least detected, the embezzlement?
Use of competitive bids for all purchases.
A responsible employee must account for the numerical sequence of checks on a regular basis.
A check signer other than the manager must sign checks only when approved invoices are presented with the completed, unsigned check.
Payments to suppliers must be made by certified check.
A check signer other than the manager must sign checks only when approved invoices are presented with the completed, unsigned check.
119
The internal auditor can participate in the review of the systems development process at varying intervals, including continuous involvement, only at the end of discrete stages, or after implementation of the system. The advantages of continuous internal audit involvement include all of the followingexcept:
Reduced need for subsequent rework of controls.
The opportunity to provide significant suggestions to the design team.
Reduced overall internal audit expense when compared to the other intervals.
Improved design and specification of controls.
Reduced overall internal audit expense when compared to the other intervals.
120
```
When assessing application controls, which one of the following input controls or edit checks isÿmostÿlikely to be used to detect a data input error in the customer account number field?
Validity check.
Hash total.
Control total.
Limit check.
```
Validity check.
121
An auditor is performing an operational audit of a division and observes that an unusually large quantity of goods is on hand in the shipping and materials rework areas. The items are labeled as reship items. Upon inquiry, the auditor is told that they are goods that have been returned by customers and have either been repaired or shipped back to the original customer or repaired and shipped out as new products because they are fully warranted.
Assume the auditor found that most of the goods were repaired and sold as new items. Such sales are both against company policy and against governmental regulations. The auditor does not know whether fraud was involved or the extent that divisional management had been involved in the scheme. The auditor should report the finding to:
The audit committee and top management only.
Divisional management and relevant regulatory bodies, since it is a clear violation.
Divisional management only, since they are responsible for correcting the problem.
Divisional management, the audit committee, and senior management.
Divisional management, the audit committee, and senior management.
122
In the examination of materials receiving operations for a manufacturer of small appliances, the auditor will usually bemostÿconcerned with the risk of:
Receiving unordered goods.
Receiving goods in excess of current needs.
Acquiring goods from related parties at inflated prices.
Failing to detect substandard materials received.
Failing to detect substandard materials received.
123
Two major retail companies, both publicly traded and operating in the same geographic area, have recently merged. Both companies are approximately the same size and have audit departments. Company B has invested heavily in information technology and has electronic data interchange (EDI) connections with its major vendors.
The audit committee has asked the internal auditors from both companies to analyze risk areas that should be addressed after the merger. The director of internal auditing of Company B has suggested that the two audit groups have a planning meeting to share audit programs, scope of audit coverage, and copies of audit reports that were delivered to their audit committees. Management has also suggested that the auditors review the compatibility of the companies? two computer systems and control philosophy for individual store operations.
The two organizations agree to share data on store operations. The data reveal that three stores in Company A are characterized by
'+Significantly lower gross margins.
'+Higher-than-average sales volume.
'+Higher levels of employee bonuses.
The three stores are part of a set of six that are managed by a relatively new section manager. In addition, the store managers of the three stores are also relatively new. Theÿmostÿlikely cause of the observed data is:
Problems with employee training and employee ability to meet customer needs.
The relative inexperience of the store managers.
Promotional activities that offer large discounts coupled with the payment of commissions to employees who reach targeted sales goals.
Fraudulent activity whereby goods are taken from the stores, thus resulting in the lower gross margins.
Promotional activities that offer large discounts coupled with the payment of commissions to employees who reach targeted sales goals.
124
A retail organization has just implemented electronic data interchange (EDI) to issue purchase orders to major vendors. The client has developed a database of approved vendors. New vendors can be added only after a thorough review by the purchasing manager and marketing director. Only purchasing agents can issue purchase orders, and the amount of purchase orders for a particular product line cannot exceed a budgeted amount specified by the marketing manager.
All purchases go to the distribution center, where they are electronically scanned into the computer system. All incoming items must reference a company purchase order, and any items that do not contain such a reference will not be accepted. Prenumbered receiving slips are not used, but all receipts are referenced to the purchase order. Price tags are generated per the purchase order and for the quantities indicated by the electronically scanned-in receiving report. The number of price tags generated is reconciled with the number of products received.
The vendor sends an invoice to the retailer. The invoices are keypunched and entered into the system. The computer software is programmed to match the vendor invoice, the purchase order, and the receiving report. If the three items are matched within a tolerance of 0.5%, the computer program schedules the items for payment at a time to take advantage of purchase discounts. A check is generated by the cash disbursements program and is electronically signed and mailed. If there is a discrepancy among the three documents, a report is printed and sent to the accounts payable department for investigation.
Theÿbestÿprocedure to determine whether the control procedure to limit the amount of purchases for a particular product line was working properly during the past year would be to:
Implement a snapshot audit approach, which will tag selected transactions and print them out with a listing of items arranged by purchasing agent.
Use parallel simulation techniques to compute the amount of purchases authorized and compare that amount with the amount actually purchased.
Use generalized audit software to prepare a list of purchases by product line. Compare the amounts with the amounts authorized by the marketing manager.
Submit test data to the program controlling purchases. (The amount of data entered should exceed the authorized purchases.) Examine the computer output.
Use generalized audit software to prepare a list of purchases by product line. Compare the amounts with the amounts authorized by the marketing manager.
125
The internal auditors for a large manufacturing company have been requested to conduct a review of the company?s production planning system. Production data, collected on personal computers (PCs) connected by a local area network (LAN), are used for generating automatic purchases via electronic data interchange. Purchases are made from authorized vendors based on production plans for the next month and on an authorized materials requirement plan (MRP) that identifies the parts needed per unit of production.
The production line has experienced shutdowns because needed production parts were not on hand. Management wants to know the cause of this problem. Which of the following audit proceduresÿbestÿaddresses this objective?
Take a random sample of production information for selected days and trace input into the production database maintained on the LAN.
Determine if access controls are sufficient to restrict the input of incorrect data into the production database.
Take a random sample of parts on hand per the PC databases and compare with actual parts on hand.U
se generalized audit software to develop a complete list of the parts shortages that caused each of the production shutdowns, and analyze this data.
Use generalized audit software to develop a complete list of the parts shortages that caused each of the production shutdowns, and analyze this data.
126
Backup and recovery controls are crucial to ensuring the reliability of a teleprocessing network. When reviewing the controls over backup and recovery, which of the following wouldnotÿbe included?
Review of use and adequacy of encryption processes.
Review of adequacy of user data file backups on the local area network (LAN).
Review of controls over hardware and software failures.
Review of adequacy of documents/manuals informing all personnel of their backup and recovery responsibilities.
Review of use and adequacy of encryption processes.
127
Successful consultative communication in an internal audit is partially based on feedback from auditees about auditors? actions during the audit. This feedback:
Should go to both management and the auditors to ensure business value is being added.
Will keep auditees on the defensive regarding the auditors.
Should go only to senior management as a means of reviewing the auditors.
Should go only to the auditors to help them improve their audit performance.
Should go to both management and the auditors to ensure business value is being added.
128
The major reason for the internal auditor?s involvement in information technology (IT) system development is for the internal auditor to:
Help minimize the cost and development time for new systems.
Help ensure that systems have adequate control procedures.
Propose enhancements for subsequent development and implementation.
Gain familiarity with systems for use in subsequent reviews.
Help ensure that systems have adequate control procedures.
129
When an office supply company is unable to fill an order completely, it marks the out-of-stock items as back-ordered on the customer?s order and enters these items in a back-order file that management can view or print. Customers are becoming disgruntled with the company because it seems unable to keep track of and ship out-of-stock items as soon as they are available. Theÿbestÿapproach for ensuring prompt delivery of out-of-stock items is to:
Implement electronic data interchange with supply vendors to decrease the time to replenish inventory.
Increase inventory levels to minimize the number of times that out-of-stock conditions occur.
Match the back-order file to goods shipped daily.
Reconcile the sum of filled and back orders with the total of all orders placed daily.
Match the back-order file to goods shipped daily.
130
```
To determine whether refunds granted to customers were properly approved, an internal auditor should trace accounts receivable entries to:
Credit memos.
Remittance advices.
Sales invoices.
Shipping documents.
```
Credit memos.
131
Much nonprofit organization fundraising is done over the telephone. Which of the following control procedures would beleastÿeffective in gaining assurance that all of the pledges made by telephone are recorded and designated for payment to the organization?
Automatic computer recording of all phone calls, coupled with supervisory monitoring of randomly selected phone calls
Management reports that compare funds raised this year with funds raised last year on a per-call basis
Periodic monitoring of phone calls by management personne
lA confirmation program that randomly selects donations received and confirms the amounts with the donors
A confirmation program that randomly selects donations received and confirms the amounts with the donors
132
In order to ensure the proper addition/deletion of authorizations in an operational audit of data access security, an internal auditor would verify that:
A systems programmer keeps records of all additions/deletions of access changes.
Revoked access privileges are canceled on a weekly cycle.
Access privileges are activated promptly after they are authorized.
Individuals who are not employees have no access privileges.
Access privileges are activated promptly after they are authorized.
133
The internal auditor of a company has been assigned to perform an audit of the company?s investment activities with particular emphasis on the company?s use of new financial instruments referred to as derivatives.ÿAn investment portfolio manager has the authority to use financial derivatives to hedge transactions but is not supposed to take speculative positions. However, the manager launches a scheme that includes (1) taking a position larger than required by the hedge, (2) putting the speculative gains in a suspense account, and (3) transferring the funds to a nonexistent broker and from there to a personal account. Which of the following audit procedures would beleastÿeffective in detecting this fraud?
Sample individual trades and determine the exact matching of a hedge. Schedule and investigate all differences.
Sample all debits to the suspense account and examine their disposition.
Sample fund transfers to brokers and determine if the brokers are on the authorized list for company transactions.
Examine individual trades to determine whether the trades violate the authorization limit for the manager.
Examine individual trades to determine whether the trades violate the authorization limit for the manager.
134
```
According to the IIA Standards, internal auditors should be involved in fraud investigations as:
Sole investigators.
Independent observers.
Nonparticipants.
Part of an investigation team.
```
Part of an investigation team.
135
An internal auditor is examining a production facility shortly after the close of the fiscal year. Each question consists of a specific audit procedure and a choice of four different audit findings. Which of the errors or questionable practices isÿmost likelyÿto be detected by the audit procedure specified? The internal auditor tours the production facility.
Depreciation expense on fully depreciated machinery has been recognized.
Overhead has been overapplied.
Insurance coverage on the facility has lapsed.
Necessary facility maintenance has not been performed.
Necessary facility maintenance has not been performed.
136
In an audit of a nonprofit organization?s special fund, theÿprimaryÿaudit objective would be to determine if the entity:
Applied the funds in a way that would benefit the greatest number of people.
Complied with existing fund requirements and performed specified activities.
Managed its resources economically and efficiently.
Prepared its financial statements in accordance with generally accepted accounting principles (GAAP).
Complied with existing fund requirements and performed specified activities.
137
An internal auditor has detected probable employee fraud and is preparing a preliminary report for management. This report should include:
The results of a polygraph test administered to the suspected perpetrator(s) of the fraud.
A statement that an internal audit conducted with due professional care cannot provide absolute assurance that irregularities have not occurred.
The auditor?s conclusion as to whether sufficient information exists to conduct an investigation.
A list of proposed audit tests to help disclose the existence of similar frauds in the future.
The auditor?s conclusion as to whether sufficient information exists to conduct an investigation.
138
When computer-matching the employee master file against the payroll transaction file (consisting of time records for each hourly production worker and overtime records for salaried staff), the auditor is essentially testing for the:
Completeness of overtime records.
Reasonableness of production worker?s pay rates.
Reasonableness of staff salaries.
Existence of payments to fictitious employees.
Existence of payments to fictitious employees.
139
Which of the following activities represents both an appropriate personnel department function and a deterrent to payroll fraud?
Authorization of additions and deletions from the payroll.
Authorization of overtime.
Collection and retention of unclaimed paychecks.
Distribution of paychecks.
Authorization of additions and deletions from the payroll.
140
Theÿbestÿsource of evidence to determine if ex-employees continue to have access to a company?s automated databases is:
Reviewing computer logs of access attempts.
Reviewing access control software to determine whether the most current version is implemented.
Reconciling current payroll lists with database access lists.
Discussing the password removal process with the database administrator.
Reconciling current payroll lists with database access lists.
141
An internal auditor is interviewing three individuals, one of whom is suspected of committing a fraud. Which of the following is theÿleastÿeffective interviewing approach?
Listen carefully to what the interviewee has to say.
Ask each individual to prepare a written statement explaining his or her actions.
Attempt to get the suspect to confess.
Take the role of one seeking the truth.
Attempt to get the suspect to confess.
142
```
One objective of an audit of the purchasing function is to determine the cost of late payment of invoices containing trade discounts. The appropriate population from which a sample would be drawn is the file of:
Canceled checks.
Paid vendor invoices.
Receiving reports.
Purchase orders.
```
Paid vendor invoices.
143
Upon receipt of purchased goods, receiving department personnel match the quantity received to the packing slip quantity and mark the retail price on the goods based on a master price list. The annotated packing slip is then forwarded to inventory control, and goods are automatically moved to the retail sales area. The most significant control strength of this activity is:
Using a master price list for marking the sale price.
Immediately pricing goods for retail sale.
Matching quantity received to the packing slip.
Automatically moving goods to the retail sales area.
Using a master price list for marking the sale price.
144
An audit procedure for evaluating whether an online order entry system is efficient is to:
Compare the cost of processing the orders manually with the cost of the online system.
Determine the total number of transactions processed by the system for each of the previous 12 months and note any fluctuations.
Compare the cost of developing the order entry system with the cost of developing other applications.
Review copies of weekly and monthly reports that show system availability (uptime) and terminal response times, and compare with service-level objectives.
Review copies of weekly and monthly reports that show system availability (uptime) and terminal response times, and compare with service-level objectives.
145
A department developed an integrated end-user computing (EUC) application involving timekeeping, payroll, and labor cost accounting. The department used its own personnel to design and program the application using a fourth-generation language (4GL). Subsequently, the department hired outside consultants to rewrite certain components. The application was implemented on the departmental local area network (LAN) and connected with the corporate mainframe system to allow the transfer of data between them.
The internal audit department ranked the EUC applications of the organization according to the perceived risk. As a result, the timekeeping/payroll/labor cost accounting application was selected for an information technology audit.
When the labor cost accounting component of the application was first implemented, it did not meet certain business requirements in the department and had to be substantially rewritten. Which one of the following risks associated with EUC application development could have led directly to this result?
End-user applications may not receive the independent testing associated with traditional development.
There may be insufficient review and analysis of user needs when user and analyst functions are no longer separate.
End-user applications may not be adequately documented to facilitate review.
Segregation of duties would be inadequate if the same person performed programmer and operator functions.
There may be insufficient review and analysis of user needs when user and analyst functions are no longer separate.
146
If a manufacturing firm has established a limit on the number of defects that are tolerable in the final assembly of its product, which of the following quality control procedures should be employed?
I.Inspect completed goods for compliance with established tolerances.
II.Review sales returns for defects not detected during the final inspection process.
III.Compare materials and machinery specifications to original product designs.
IV.Establish a quality circle that includes management and subordinates to discuss labor efficiency.
II and III only.
III and IV only.
I, II, and III.
I, III, and IV.
I, II, and III.
147
During the course of a bank audit, the auditors discover that one loan officer had approved loans to a number of related but separate organizations, in violation of regulatory policies. The loan officer indicated that it was an oversight and would not happen again. However, the auditors believe it may have been intentional because the loan officer is related to one of the primary owners of the corporate group that controls the related organizations. The auditors should:
Expand the audit work to determine if there may be fraudulent activity on the part of the loan officer and report the findings to management when the follow-up investigation is complete.
Not report the violation if the loan officer agrees to take corrective action.
Inform management of the conflict of interest and the violation of the regulatory requirements and suggest further investigation.
Report the violation to the regulatory agency because it constitutes a significant breakdown of the bank?s control structure.
Inform management of the conflict of interest and the violation of the regulatory requirements and suggest further investigation.
148
An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal auditing department to review the new system. The automated system contains a table of pay rates that is matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:
Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.
Require a supervisor in the department who does not have the ability to change the table to compare the changes to a signed management authorization.
Limit access to the data table to management and line supervisors who have the authority to determine pay rates.
Ensure that adequate edit and reasonableness checks are built into the automated system.
Require a supervisor in the department who does not have the ability to change the table to compare the changes to a signed management authorization.
149
It would be appropriate for internal auditing departments to use consultants with expertise in health care benefits when the internal auditing department is:
I.Conducting an audit of the organization?s estimate of its liability for postretirement benefits that include health care benefits.
II.Comparing the cost of the organization?s health care program with other programs offered in the industry.
III.Training its staff to conduct an audit of health care costs in a major division of the organization.
IV. I, II, and III
III only.
I only.
II only.
IV.
IV.
150
During an audit of a defense contract, the auditor becomes concerned with the possibility of inappropriate charges to overhead. However, when examining the underlying documentation of expenses, the auditor finds that all expenditures are properly supported. All billings show total cost and the application of a percentage overhead rate that appears consistent with previous years. Which of the following audit procedures would beÿleasteffective in addressing the auditor?s concern?
Retest the computation of the overhead by multiplying actual costs by the overhead rate.
Recompute the overhead rate to determine if it is properly computed on the appropriate base.
Take a probability-proportional-to-size sample of expenditures included in the company?s overhead expense and examine to determine if they are consistent with the contract.
Take a sample of contractor payments to determine if the underlying expense was appropriately classified as contract expense or overhead.
Take a sample of contractor payments to determine if the underlying expense was appropriately classified as contract expense or overhead.
151
Your firm has recently converted its purchasing cycle from a manual to an online computer system. You have been placed in charge of the first postimplementation audit of the new system and have access to a generalized audit software package. One of your objectives is to determine whether all material liabilities for trade accounts payable have been recorded. Which of the following wouldÿmostÿhelp you achieve this objective?
A listing of all accounts payable ledger accounts with a post office box given as the vendor mailing address.
A listing of all duplicates: (1) purchase orders, (2) receiving reports, and (3) vendor invoices.
A listing of all vendors with a debit balance in the accounts payable ledgers.
A listing of all purchase transactions processed after the cutoff date.
A listing of all purchase transactions processed after the cutoff date.
152
A hospital is evaluating the purchase of software to integrate a new cost accounting system with its existing financial accounting system. Which of the following describes theÿmosteffective way for internal audit to be involved in the procurement process?
Internal audit has no involvement since the system has already been developed externally.
Evaluate whether the application design meets internal development and documentation standards.
Evaluate whether performance specifications are consistent with the hospital?s needs.
Determine whether the prototyped model is validated and reviewed with users before production use begins.
Evaluate whether performance specifications are consistent with the hospital?s needs.
153
During a postcompletion audit of a warehouse expansion, the auditor noted several invoices for redecorating services from a local merchant that were account-coded and signed for payment only by the cost engineer. The auditor should:
Consult with the cost engineer for assurance that these purchases were authorized for this construction project.
Compare the cost and description of the services to the account code used in the construction project and to related estimates in the construction-project budget.
Recommend reclassifying the expenditure to the appropriate account code for redecorating services.
Obtain a facsimile of the cost engineer?s signature from the accounts payable group and compare it to the signature on the invoices.
Compare the cost and description of the services to the account code used in the construction project and to related estimates in the construction-project budget.
154
A means of ensuring that payroll checks are drawn for properly authorized amounts is to:
Conduct periodic floor verification of employees on the payroll.
Require that undelivered checks be returned to the cashier.
Supervisory approval of employee time cards.
Witness the distribution of payroll checks.
Supervisory approval of employee time cards.
155
The auditor suspects a disbursements fraud whereby an unknown employee(s) is submitting and approving invoices for payment. Before discussing the potential fraud with management, the auditor decides to gather additional evidence. Which of the following procedures would beÿmostÿhelpful in providing the additional evidence?
Select a sample of receiving reports representative of the period under investigation and trace to approved payment. Note any items not properly processed.
Select a sample of payments made during the year and investigate each one for approval.
Take a sample of invoices received during the past month; examine to determine if properly authorized for payment; and trace to underlying documents such as receiving reports.
Use audit software to develop a list of vendors with post office box numbers or other unusual features. Select a sample of those items and trace to supporting documents such as receiving reports.
Use audit software to develop a list of vendors with post office box numbers or other unusual features. Select a sample of those items and trace to supporting documents such as receiving reports.
156
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
If the internal auditing department is assigned the responsibility of conducting an environmental audit, which of the following actions should be performedfirst?
Provide the assigned staff with technical training.
Conduct risk assessments for each site.
Review company policies and procedures.
Review the environmental management system.
Provide the assigned staff with technical training.
157
A means of preventing production delays as a consequence of equipment breakdowns and repairs is to:
Preauthorize maintenance department work orders and overtime pay.
Schedule production based on capacity utilization.
Budget maintenance department activities based on an analysis of equipment work orders.
Establish a preventive maintenance program for all production equipment.
Establish a preventive maintenance program for all production equipment.
158
```
A compliance audit of the reporting cycle is being planned. The auditors are specifically concerned with the control of sensitive data on quarterly reports that could be used by competitors. The distribution of sensitive financial data should be determined by:
The data security officer.
The vice president of finance.
The audit committee.
Approved corporate policy.
```
Approved corporate policy.
159
Shipments are made from the warehouse based on customer purchase orders. The matched shipping documents and purchase orders are then forwarded to the billing department for sales invoice preparation. The shipping documents are neither accounted for nor prenumbered. Which of the following substantive tests should be extended as a result of this control weakness?
Select bills of lading from the warehouse and trace the shipments to the related sales invoices.
Select sales invoices from the sales register and examine the related shipping documents.
Trace quantities and prices on the sales invoice to the customer purchase order and test extensions and footings.
Foot the sales register and trace the total to the general ledger.
Select bills of lading from the warehouse and trace the shipments to the related sales invoices.
160
```
Which of the following is not a benefit of using information technology in solving audit problems?
It increases audit opportunities.
It improves the auditor?s judgment.
It improves the timeliness of the audit.
It helps reduce audit risk.
```
It improves the auditor?s judgment.
161
A company recently entered into a cost-plus contract to build a new and larger manufacturing plant. Which of the following auditing procedures would be ofÿmostÿimportance to the auditor reviewing this contract?
Review the contract and all of the related bids received to ascertain that the company selected the contractor with the lowest bid.
Review the business integrity of the contractor through direct inquiry.
Review the contract for a specific date of completion.
Review the contract to ascertain that it contains a provision for the right of system review and cost audits of the contractor.
Review the contract to ascertain that it contains a provision for the right of system review and cost audits of the contractor.
162
A payroll clerk working through a computerized payroll system increased the hourly pay rate for two employees and shared the resulting overpayments with the employees. Which of the following would haveÿbestÿserved to prevent this illegal act?
Limiting access to master payroll records to supervisory personnel in the payroll department.
Reconciling pay rates per personnel records with those of the payroll system annually.
Monitoring of payroll costs by department heads on a monthly basis.
Requiring that all changes to pay records be recorded on a standard form.
Limiting access to master payroll records to supervisory personnel in the payroll department.
163
An internal auditor is auditing the cash receipts function. The firm is a wholesaler that makes all shipments by private trucking firms. Its billing policy is to require payment of individual invoices. All cash receipts arrive by mail in the form of customer checks. The firm grants a 2% cash discount to customers who pay their bills within 15 days. When customers improperly deduct a discount from a remittance made after the 15-day period, the check is deposited as usual, but the customer?s account is credited for only the net (rather than the gross) amount. In order to determine whether undeserved cash discounts are being allowed, the auditor should:
Compare duplicate deposit tickets with related monthly bank statements and remittance advices.
Compare cash receipts journal entries with related remittance advices and sales invoices.
Reconcile monthly bank statements with particular emphasis on deposits in transit included as reconciling items.
Verify account balances by mailing confirmations to a sample of the firm?s customers.
Compare cash receipts journal entries with related remittance advices and sales invoices.
164
```
A Certified Internal Auditor directs the audit function for a large city and is planning the audit schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet in order to be eligible for the funding. The auditor randomly selects participants in the job retraining program for the past year to verify that they had met all the eligibility requirements. This type of audit is best referred to as a(n):
Program audit.
Compliance audit.
Economy and efficiency audit.
Operational audit.
```
Compliance audit.
165
As part of cash management procedures, the treasurer of a nonprofit organization has decided to invest in a variety of new financial instruments. The audit committee has asked the internal audit department to conduct an audit of the adequacy of controls over the new investing techniques. Which of the following wouldÿnotÿbe required as part of such an audit?
Determine the extent of management oversight over investments in sophisticated instruments.
Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations.
Determine if policies exist that describe the risks the treasurer may take and the types of instruments in which the treasurer may make investments.
Determine the nature of controls established by the treasurer to monitor the risks in the investments.
Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations.
166
When conducting fraud investigations, internal auditing should:
Perform its investigation independent of lawyers, security personnel, and specialists from outside the organization who are involved in the investigation.
Assess the probable level and the extent of complicity of fraud within the organization.
Clearly indicate the extent of internal auditing?s knowledge of the fraud when questioning suspects.
Assign personnel to the investigation in accordance with the audit schedule established at the beginning of the fiscal year.
Assess the probable level and the extent of complicity of fraud within the organization.
167
An internal auditor was performing an operational audit of the purchasing and accounts payable system. The audit objective was to identify changes to processes that would improve efficiency and effectiveness. Which of the following statements support the auditor?s recommendation that electronic data interchange (EDI) should be implemented within a company?
I.There is a small number of transactions.
II.There is a time-sensitive just-in-time purchase environment.
III.There is a large volume of custom purchases.
IV.There are multiple transactions with the same vendor.
I and III.
II, III, and IV.
I only.
II and IV only.
II and IV only.
168
Which of the following isÿnotÿlikely to be included as an audit step when assessing vendor performance policies?
Determine whether the quality of the goods purchased from the vendors has been satisfactory.
Determine whether vendors sent agreed-on lot sizes.
Determine whether the balances owed to vendors are correct.
Determine whether only authorized items were received from vendors.
Determine whether the balances owed to vendors are correct.
169
Most large-scale computer systems maintain at least three program libraries: production library (for running programs), source code library (maintains original source coding), and test library (for programs that are being changed). Which of the following statements is correct regarding the implementation of sound controls over computer program libraries?
Only programmers should have access to the production library.
Users should have access to the test library to determine whether all changes are properly made.
The computer operator should have access to both the production library and the source code library to assist in diagnosing computer crashes.
Only the program librarian should be allowed to make changes to the production library.
Only the program librarian should be allowed to make changes to the production library.
170
An auditor reviewed access security over the company?s various computer applications. The auditor found that security consisted of access controls programmed into each application. Thebestÿrecommendation for management in the situation is:
Consider the use of utility software.
Expand the use of the built-in access controls to new applications.
Eliminate the built-in access controls.
Consider the use of access control software.
Consider the use of access control software.
171
A department developed an integrated end-user computing (EUC) application involving timekeeping, payroll, and labor cost accounting. The department used its own personnel to design and program the application using a fourth-generation language (4GL). Subsequently, the department hired outside consultants to rewrite certain components. The application was implemented on the departmental local area network (LAN) and connected with the corporate mainframe system to allow the transfer of data between them.
The internal audit department ranked the EUC applications of the organization according to the perceived risk. As a result, the timekeeping/payroll/labor cost accounting application was selected for an information technology audit.
The auditor used the reporting capabilities of the 4GL to analyze the data files for unusual activity, such as excessive overtime hours, unusual fluctuations in pay rates, or excessive vacation time. The application controls being verified by this analysis are:
Edit and validation controls.
Controls over update access to the database.
Rejected and suspense item controls.
Programmed balancing controls.
Edit and validation controls.
172
Which of the following audit techniques would beÿmostÿpersuasive in determining that significant inventory values on the books of a company being acquired are correctly stated?
Conduct a physical inventory and bring in an independent expert if necessary to value inventory items.Flowchart the inventory and warehousing cycle and form an opinion based on the quality of internal controls.
Obtain a management representation letter stating
that inventory values are correctly stated.
Interview purchasing and materials control personnel to ascertain the quality of internal controls over inventory.
Conduct a physical inventory and bring in an independent expert if necessary to value inventory items.
173
An internal auditor is examining a production facility shortly after the close of the fiscal year. Each question consists of a specific audit procedure and a choice of four different audit findings. Which of the errors or questionable practices isÿmost likelyÿto be detected by the audit procedure specified? On randomly selected dates during the month after fiscal year-end, all unrecorded expenditure invoices are examined.
Sales are overstated for the current month.
Accounts payable are overstated at fiscal year-end (one month previous).
Accounts payable are understated at fiscal year-end (one month previous).
Expenses are overstated for the fiscal year just ended.
Accounts payable are understated at fiscal year-end (one month previous).
174
After completing an investigation, internal auditing has concluded that an employee has stolen a significant amount of cash receipts. A draft of the proposed report on this finding should be submitted for review to:
The president of the organization.
The organization?s outside auditors.
Legal counsel.
The audit committee of the board of directors.
Legal counsel.
175
An auditor notes year-to-year increases of over $200,000 for small tool expense at a manufacturing facility that has produced the same amount of identical product for the last three years. Production inventory is kept in a controlled staging area adjacent to the receiving dock, but the supply of small tools is kept in an unsupervised area near the exit to the plant employees? parking lot. After determining that all of the following alternatives are equal in cost and are also feasible for local management, the auditor wouldÿbestaddress the security issue by recommending that plant management:
Move the small tools inventory to the custody of the production inventory-staging superintendent, and implement the use of a special requisition to issue small tools.
Initiate a full physical inventory of small tools on a monthly basis.
Close the exit to the employee parking lot, and require all plant employees to use a doorway by the receiving dock that also provides access to the plant employees? parking area.
Place supply of small tools in a secured area, install a key-access card system for all employees, and record each key-access transaction on a report for the production superintendent.
Move the small tools inventory to the custody of the production inventory-staging superintendent, and implement the use of a special requisition to issue small tools.
176
According to the IIA Standards concerning due professional care, an internal auditor should:
Select procedures that are likely to provide absolute assurance those irregularities do not exist.
Consider the relative materiality or significance of matters to which audit procedures are applied.
Emphasize the potential benefits of an audit without regard to the cost.
Consider whether established operating standards are being met and not whether those standards are acceptable.
Consider the relative materiality or significance of matters to which audit procedures are applied.
177
Which of the following controls wouldmostÿlikely minimize defects in finished goods due to poor-quality raw materials?
Timely follow-up on unfavorable usage variances.
Proper handling of work-in-process inventory to prevent damage.
Implementation of specifications for purchases.
Determination of spoilage at the end of the manufacturing process.
Implementation of specifications for purchases.
178
In a microcomputer environment, significant restrictions on the nature and timing of audit procedures are most often caused by:
Failure to specify backup and recovery procedures.
Accessibility of hardware.
Lack of adequate password protection.
Limitations on the audit trail.
Limitations on the audit trail.
179
Which of the following actions impairs the information technology auditor?s independence during computer system development work?
The auditor designs controls.
The auditor tests controls.
The auditor designs an integrated test facility.
The auditor advises on controls.
The auditor designs controls.
180
The internal auditing department has concluded a fraud investigation that revealed a previously undiscovered materially adverse impact on the financial position and results of operations for two years on which financial statements have already been issued. The director of internal auditing should immediately inform:
Appropriate management and the audit committee of the board of directors.
The internal accounting function ultimately responsible for making corrective journal entries.
The appropriate governmental or regulatory agency.
The external audit firm responsible for the financial statements affected by the discovery.
Appropriate management and the audit committee of the board of directors.
181
In response to a confirmation of the June 30 accounts receivable balances, a customer reported that the balance confirmed had been paid by a check dated and mailed June 20. The auditor reviewed the postings of cash receipts in July and found the payment had been recorded on July 13. Given this information, the next audit action should be to:
Require an adjusting entry to the payment to June.
Trace the billing invoice to the related shipping documents and inventory records, comparing dates shipped to billed to determine proper period.
Request a bank cutoff statement for July and reconcile the June deposits in transit and outstanding checks by examining supporting documentation.
Compare deposit slips to posting records.
Compare deposit slips to posting records.
182
```
One objective of a planned audit is to assess the effectiveness of internal controls that safeguard inventories. What type of auditing wouldÿbestachieve that objective?
Compliance.
Financial.
Operational.
Program results.
```
Operational.
183
A university finds it impractical to have a centralized receiving function for department purchases of books, supplies, and equipment. Which of the following controls would most effectively prevent payment for goods not received, if performed prior to invoice payment?
Vendor invoices should be matched with department purchase orders.
The vice president of finance should approve invoices over a specified amount.
A departmental supervisor other than the employee ordering the goods should approve vendor invoices.
Names and addresses on vendor invoices should be compared to a list of department-authorized vendors.
A departmental supervisor other than the employee ordering the goods should approve vendor invoices.
184
A company uses a local area network (LAN) to connect its four city area sales offices to the headquarter office. Sales information such as credit approval and other customer information, prices, account information, and so on is maintained at headquarters. This office also houses the inventory and shipping functions. Each area office is connected to the headquarters? office computer, and messages/information between the area offices pass through the headquarters? computer. This communication configuration allows for real-time confirmation of shipments as well as billing and account status. The company is concerned about the accuracy and sensitivity of its information and has implemented controls to protect the database used by the area offices. (1)ÿThe data are modeled after a tree structure, with each record type having any number of lower-level dependent records. The relationship is a one-to-many rather than a many-to-many relationship. When a user enters the system, a series of questions is asked of the user. These (2)ÿquestions include a name and mother?s birth date. The headquarters computer maintains a (3)ÿmatrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program.
A recent addition to the system controls involves a lockout procedure. This procedure (4)ÿlocks out a particular record to other sales offices while a particular sales office is using the record. This control ensures that each transaction has the most recent and accurate information available when the sales office is processing the event.
The matrix described in (3) is primarily intended to provide:
Authentication of the user.
Access control to computer hardware.
Authorization for processing.
Data integrity control.
Authorization for processing.
185
A retail organization has just implemented electronic data interchange (EDI) to issue purchase orders to major vendors. The client has developed a database of approved vendors. New vendors can be added only after a thorough review by the purchasing manager and marketing director. Only purchasing agents can issue purchase orders, and the amount of purchase orders for a particular product line cannot exceed a budgeted amount specified by the marketing manager.
All purchases go to the distribution center, where they are electronically scanned into the computer system. All incoming items must reference a company purchase order, and any items that do not contain such a reference will not be accepted. Prenumbered receiving slips are not used, but all receipts are referenced to the purchase order. Price tags are generated per the purchase order and for the quantities indicated by the electronically scanned-in receiving report. The number of price tags generated is reconciled with the number of products received.
The vendor sends an invoice to the retailer. The invoices are keypunched and entered into the system. The computer software is programmed to match the vendor invoice, the purchase order, and the receiving report. If the three items are matched within a tolerance of 0.5%, the computer program schedules the items for payment at a time to take advantage of purchase discounts. A check is generated by the cash disbursements program and is electronically signed and mailed. If there is a discrepancy among the three documents, a report is printed and sent to the accounts payable department for investigation.
It is often recognized that one control procedure by itself is not sufficient to achieve a particular control objective. One control objective is to ensure that purchase orders are made only by authorized purchasing agents, to authorized vendors, for authorized goods. Which of the following combination of control procedures would be necessary to accomplish this objective?
I.Require passwords for each agent, and change the passwords periodically to make them difficult to guess.
II.Require that someone independent of the purchasing function enter authorized products into the product database.
III.Require that purchase agent functions be periodically rotated among purchasing agents.
IV.Require that someone independent of the purchasing function maintain the authorized vendor database.
I only.
I, II, III, and IV.
I, II, and III.
I, II, and IV.
I, II, and IV.
186
The auditor of a bank is examining the bank?s loan portfolio to determine whether it is in accordance with applicable governmental regulations that:
'+Limit the amount of loans that can be made to the ten largest customers (as a percentage of total bank loans).
+Restrict the amount of loans that can be made in certain industries.
+Require additional documentation for all loans over $100,000.
The auditor wants to determine whether (1) there are any violations of the applicable regulations and (2) the system and its control procedures are adequate to prevent violations of the applicable regulations.
Which of the following audit procedures ought to be included as part of the audit program to address the specific audit concerns identified above?
I.Send confirmations to the ten largest customers to determine the collectibility of the account balances.
II.Select a random sample of all loans over $100,000 and examine supporting documentation to determine if the documentation is in compliance with the applicable regulations.
III.Use audit software to prepare an aging of the loans receivable to determine if a proper allowance for uncollectible accounts has been recorded.
IV.I, II, and III.
II only.
187
The auditor of a bank is examining the bank?s loan portfolio to determine whether it is in accordance with applicable governmental regulations that:
'+Limit the amount of loans that can be made to the ten largest customers (as a percentage of total bank loans).
+Restrict the amount of loans that can be made in certain industries.
+Require additional documentation for all loans over $100,000.
The auditor wants to determine whether (1) there are any violations of the applicable regulations and (2) the system and its control procedures are adequate to prevent violations of the applicable regulations.
During the audit, the auditor?s preliminary evidence indicates that the first concern (loans to the ten largest customers) is not violated. However, upon further investigation of related parties and interlocking organizations, the auditor concludes that although there is not a technical violation, there is some likelihood that the bank may be in violation of the regulation because of loans to a number of related entities that in total exceed the legal limits. The auditor should:
Informally notify management of the finding, but omit any mention of the problem in the formal audit report because the evidence is not persuasive.
Report the findings to the regulatory agency and obtain its opinion on whether there is a violation. Include the agency?s opinion in the final audit report.
Immediately issue an informal report to the audit committee because the findings reflect adversely on management.
Report the findings immediately to management and suggest that legal counsel review the regulations and the audit evidence gathered to date to determine if a violation has taken place.
Report the findings immediately to management and suggest that legal counsel review the regulations and the audit evidence gathered to date to determine if a violation has taken place.
188
A multinational company has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the company?s electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the company performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the company and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the company?s fiscal year. This period was chosen so it would not interfere with processing during the VAN?s peak transaction periods. This provision was not reviewed with internal auditing. The annual audit plan approved by the board of directors specifies that a full audit would be done during the current year.
The auditor wants to obtain assurance that the EFT payments have not been made twice. Computer-assisted audit tools and techniques could be used to perform which of the following procedures?
I.Identification of EFT transactions to the same vendor for the same dollar amount.
II.Extraction of EFT transactions with unauthorized vendor codes.
III.Testing of EFT transactions for reasonableness.
IV.Searching for EFT transactions with duplicate purchase order numbers.
I, II, III, and IV.
I and IV only.
I and III only.
I, III, and IV only.
I and IV only.
189
Inventory levels for a packing facility are controlled by the use of just-in-time (JIT) techniques. If the auditor?s objective is to evaluate ordering and stocking standards, which of the following procedures would be relevant?
I.Using audit software to compute the number of shipping crates used per day
II.Reviewing shipping records for product quantity and dates
III.Comparing actual stocking levels to industry averages
IV.Reviewing sales records for defective returns
II and III.
I and II.
III only.
I and IV.
I and II.
190
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
An advantage of conducting environmental audits under the direction of the internal auditing department would be that:
Internal audit work products are confidential.
Independence and authority are already in place.
Technical expertise is more readily available.
The financial aspects are deemphasized.
Independence and authority are already in place.
191
During an audit of a defense contract, the auditor becomes concerned with the possibility of inappropriate charges to overhead. However, when examining the underlying documentation of expenses, the auditor finds that all expenditures are properly supported. All billings show total cost and the application of a percentage overhead rate that appears consistent with previous years.
Assume that the contract also states that the contractor must comply with all applicable environmental regulations because the government is responsible for fines for such regulations. The governmental auditor finds that the environmental protection agency has recently performed an environmental audit of the contractor and found numerous but minor deviations from current environmental law. However, there was one major item: The company was not meeting the standard for emissions into the atmosphere. The auditor contacts the environmental regulators and finds the company has acted responsibly. It has fixed all the minor findings and has approved a large capital expenditure to reduce the emission of toxic wastes into the air. Which of the following statements regarding these findings is (are) correct?
I.Materiality of the findings should be based on the potential amount of fines that could be imposed, not on the fact that most of the deviations were minor in nature.
II.The auditor should report the problem with toxic emissions but should not report the other items because they were of a minor nature.
III.Because the report will have a significant effect on the government, the auditor should report the toxic waste emissions only if the nature and type can be substantiated.
I only.
I and III only.
II only.
I, II, and III.
I only.
192
The transportation department for a large manufacturing company maintains its vehicle inventory and maintenance records in a database on a stand-alone microcomputer in the fleet supervisor?s office. Which audit approach isÿmostappropriate for evaluating the accuracy of the database information?
Simulate normal processing by using test programs.
Verify a sample of the records extracted from the database with supporting documentation.
Submit batches of test transactions through the current system and verify with expected results.
Use program tracing to show how, and in what sequence, program instructions are processed in the system.
Verify a sample of the records extracted from the database with supporting documentation.
193
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are issued defense contracts on a cost-plus basis. Contracts are clearly written defining acceptable costs, including developmental research cost and appropriate overhead rates.
During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those that had been used for years in the defense industry. The legislative auditors are being called on to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
Management has asked the auditor to recommend monitoring controls that management could establish to provide timely oversight of the information systems contract. Which of the following would be theÿleastÿeffective monitoring control?
Use internal auditors to investigate the appropriateness of costs as part of a yearly audit of the outsourcer.
Require monthly internal reports summarizing overhead rates used in billings.
Randomly investigate selected cost accounts throughout the year to determine that all the expenses are properly charged to the governmental unit.
Require monthly reports by the outsourcer of total costs billed and services rendered.
Use internal auditors to investigate the appropriateness of costs as part of a yearly audit of the outsourcer.
194
An internal auditor downloads the invoices, payments, and payables for goods received for the prior month to an audit workstation. Theÿbestÿapproach for verifying the completeness of the data is for the auditor to use audit software on the workstation to:
Match invoices to payables; match payables to invoices.
Match invoices to payments and payables; match payments and payables to invoices.
Match invoices to payments; match payments to invoices.
Match invoices to payments; match payments and payables to invoices.
Match invoices to payments and payables; match payments and payables to invoices.
195
Management canÿbestÿstrengthen internal control over the custody of inventory stored in an off-site warehouse by implementing:
Regular reconciliation of physical inventories to accounting records.
Regular confirmation of the amount on hand with the custodian of the warehouse.
Reconciliations of transfer slips to/from the warehouse with inventory records.
Increases in insurance coverage.
Regular reconciliation of physical inventories to accounting records.
196
Which of the following ensures that all inventory shipments are billed to customers?
Duties for recording sales transactions and maintaining customer account balances are separated.
Customer billing complaints are investigated by the controller?s office.
Shipping documents are prenumbered and are independently accounted for and matched to sales invoices.
Sales invoices are prenumbered and are independently accounted for and traced to the sales journal.
Shipping documents are prenumbered and are independently accounted for and matched to sales invoices.
197
A company has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste.
Management is aware of the need for compliance with environmental laws. The company recently developed an environmental policy that includes a statement that each employee is responsible for compliance with environmental laws.
In many countries, the company generating hazardous waste is responsible for the waste from cradle to grave (creation to destruction). A potential risk to the company is the use of an outside vendor to process hazardous waste. Which of the following steps should be performed during a review of the waste vendor?
I.Review the vendor?s documentation on hazardous material.
II.Review the financial solvency of the vendor.
III.Review the vendor?s emergency response planning.
IV.I, II, and III
IV.
198
An international nonprofit organization finances medical research. The majority of its revenue and support comes from fundraising activities, investments, and specific grants from an initial sponsoring corporation. The organization has been in operation over 15 years and has a small internal audit department. The organization has just finished a major fundraising drive that raised $500 million for the current fiscal period.
Auditors must always be alert for the possibility of fraud. Assume the controls over each risk listed below are marginal. Which of the following possible frauds or misuses of organization assets should be considered the area ofgreatestÿrisk?
Purchases of supplies are made from fictitious vendors.
The president is using company travel and entertainment funds for activities that might be considered questionable.
The payroll clerk has added ghost employees.
Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization?s charter.
Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization?s charter.
199
The internal auditors of a financial institution are auditing the institution?s investing and lending activities. During the last year, the institution has adopted new policies and procedures for monitoring investments and the loan portfolio. The auditors know that the organization has invested in new types of financial instruments during the year and is heavily involved in the use of financial derivatives to appropriately hedge risks. If the auditors were to perform a preliminary review, which of the following procedures should be performed?
I.Review reports of audits performed by regulatory and outside auditors since the last internal audit.
II.Interview management to identify changes made in policies regarding investments or loans.
III.Review minutes of the board of directors? meetings to identify changes in policies affecting investments and loans.
IV.I, II, and III.
IV.
200
Two major retail companies, both publicly traded and operating in the same geographic area, have recently merged. Both companies are approximately the same size and have audit departments. Company B has invested heavily in information technology and has electronic data interchange (EDI) connections with its major vendors.
The audit committee has asked the internal auditors from both companies to analyze risk areas that should be addressed after the merger. The director of internal auditing of Company B has suggested that the two audit groups have a planning meeting to share audit programs, scope of audit coverage, and copies of audit reports that were delivered to their audit committees. Management has also suggested that the auditors review the compatibility of the companies? two computer systems and control philosophy for individual store operations.
During the first meeting, a disagreement occurs over the approach taken regarding store compliance. The audit director for Company B questions Company A?s extensive use of store compliance testing, stating that the approach is neither responsive to materiality concepts nor an appropriate application of risk assessment. Company A?s audit director presents the following reasoning:
I.You have misconstrued materiality. Materiality is not based only on the size of individual stores; it is also based on the control structure that affects the whole organization.
II.Any deviation from a prescribed control procedure is, by definition, material.
III.The only way to ensure that a material amount of the company?s control structure is covered is to comprehensively audit all stores.
Which of the statements by the audit director of Company A is (are) valid?
I only.
201
An organization sells products via catalog and takes orders over the phone. All orders are entered online, and the organization?s objective is to ship all orders within 24 hours. The audit trail is kept in machine-readable form. The only papers generated are the packing slip and the invoice sent to the customer. Revenue is recorded upon shipment of the goods. The organization maintains a detailed customer database that allows the customer to return goods for credit at any time.
Which of the following control procedures would beÿleastÿeffective in ensuring that the correct product is shipped and billed at the appropriate price?
The product database is tightly restricted, and only the director of marketing (and limited personnel in the marketing department) can approve changes to the price file.
The customer service representative prepares batch totals of the number of items ordered and the total dollar amount of the orders.
Self-checking digits are used on all product numbers, and customers must order from a catalog with product numbers.
The customer service representative verbally verifies both the product description and price with the customer before the order is closed for processing.
The customer service representative prepares batch totals of the number of items ordered and the total dollar amount of the orders.
202
The internal auditing department of a large independent department store chain is auditing the purchasing system. One auditor has been assigned the task of determining if major office equipment is being acquired at the best price. The auditor should determine whether:
Purchase requisitions from user departments are prerequisites to the purchase of equipment.
Competitive bids are obtained from approved vendors.
Acquisitions of the most recent year were approved in the fixed asset budget for the same period.
Purchase order forms are prenumbered and controlled.
Competitive bids are obtained from approved vendors.
203
A manufacturing company buys many different types and dimensions of steel for use in production. An internal auditor would most likely use a computer simulation to evaluate the company?s steel-purchasing function with respect to:
Effect of alternative purchasing policies on investment in inventory and stock-out costs.
Quality of the computer program used to determine economic order quantities.
Technical specifications adopted for steel purchases.
Economy with which the warehousing function is carried out.
Effect of alternative purchasing policies on investment in inventory and stock-out costs.
204
A production manager for a moderate-size manufacturing company began ordering excessive raw materials and had them delivered to a wholesale company that the manager was running as a side business. The manager falsified receiving documents and approved the invoices for payment. Which of the following audit procedures wouldÿmostÿlikely detect this fraud?
Observe the receiving dock and count materials received; compare the counts to receiving reports completed by receiving personnel.
Take a sample of cash disbursements; compare purchase orders, receiving reports, invoices, and check copies.
Take a sample of cash disbursements and confirm the amount purchased, purchase price, and date of shipment with the vendors.
Perform analytical tests, comparing production, materials purchased, and raw materials inventory levels; investigate differences.
Perform analytical tests, comparing production, materials purchased, and raw materials inventory levels; investigate differences.
205
Spreadsheet software would be most appropriate for which of the following audit activities?
Uploading data from a microcomputer to a mainframe computer.
Preparing depreciation schedules for fixed assets.
Preparing overhead projector slides for an audit presentation.
Preparing a narrative report summarizing the results of an audit.
Preparing depreciation schedules for fixed assets.
206
```
Which of the following is not a benefit of using information technology in solving audit problems?
It improves the timeliness of the audit.
It helps reduce audit risk.
It improves the auditor?s judgment.
It increases audit opportunities.
```
It improves the auditor?s judgment.
207
Cash receipts should be deposited on the day of receipt or the following business day. Select themostÿappropriate audit procedure to determine that cash is promptly deposited.
Compare the daily cash receipts totals to the bank deposits.
Review cash register tapes prepared for each sale.
Review the functions of cash receiving and disbursing for proper separation of duties.
Review the functions of cash handling and maintaining accounting records for proper separation of duties.
Compare the daily cash receipts totals to the bank deposits.
208
A primary audit concern of a multinational corporation?s foreign branch money transfer operations located at international headquarters is:
Evaluating the exchange rate in effect when foreign fixed assets were purchased.
Monitoring the security of foreign property, plant, and equipment.
Ensuring compliance with foreign government money transfer regulations.
Reconciling the foreign branch?s petty cash accounts.
Ensuring compliance with foreign government money transfer regulations.
209
Senior management has requested a compliance audit of the company?s employee benefits package. Which of the following audit objectives would be considered theÿprimaryÿobjective by both internal audit and senior management?
Individual programs are operating in accordance with corporate policy and government regulations.
Benefit payments, where appropriate, are accurate and timely.
Participation levels support continuation of individual programs.
The level of company contributions is adequate to meet the program?s demands.
Individual programs are operating in accordance with corporate policy and government regulations.
210
A multinational company has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the company?s electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the company performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the company and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the company?s fiscal year. This period was chosen so it would not interfere with processing during the VAN?s peak transaction periods. This provision was not reviewed with internal auditing. The annual audit plan approved by the board of directors specifies that a full audit would be done during the current year.
Because the VAN did not provide the auditor with access to its system, that portion of the audit program was not completed. Which one of the following should the auditorÿnotÿdo?
Obtain the approval of the internal audit director.
Rewrite the audit program to eliminate the step.
Document the VAN?s actions in the work papers.
Include the scope limitation in the final report.
Rewrite the audit program to eliminate the step.
211
The internal auditors of a financial institution are auditing the institution?s investing and lending activities. During the last year, the institution has adopted new policies and procedures for monitoring investments and the loan portfolio. The auditors know that the organization has invested in new types of financial instruments during the year and is heavily involved in the use of financial derivatives to appropriately hedge risks.
The auditors are evaluating the adequacy of the new policies and procedures in maintaining an appropriate risk profile. Which of the following audit procedures would beÿleastÿrelevant to the accomplishment of the audit objective?
Meet with operational management to determine its interpretation of those procedures that are not clear.
Meet with top management or a board member, if necessary, to clarify policy issues.
Review recent regulatory pronouncements to determine if the new procedures are consistent with regulatory requirements.
Test a sample of investments for compliance with the new procedures.
Test a sample of investments for compliance with the new procedures.
212
A utility company with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss?
Physically inventory vehicles and reconcile the results with the accounting records.
Maintain vehicles in a secured location with release and return subject to approval by a custodian.
Review insurance coverage for adequacy.
Systematically account for all repair work orders.
Maintain vehicles in a secured location with release and return subject to approval by a custodian.
213
A retailer of high-priced durable goods operates a catalog-ordering division that accepts customer orders by telephone. The retailer runs frequent price promotions. During these times, the telephone operators enter the promotional prices. The risk of this practice is that:
Customers systematically could be charged lower prices.
Frequent price changes could overload the order entry system.
Operators could collude with outsiders for unauthorized prices.
Operators could give competitors notice of the promotional prices.
Operators could collude with outsiders for unauthorized prices.
214
In an effort to remain competitive, the sales department was authorized to reduce prices and streamline operations. By allowing individual sales personnel to approve credit and determine product availability and delivery, sales were increased. After these changes, write-offs of receivables increased. An appropriate corrective action is:
An independent review and approval of credit.
An increase in profit margins.
The centralization of management control.
An independent determination of product availability.
An independent review and approval of credit.
215
A new computer operator erroneously submitted duplicate sets of requests for checks to pay vendors for specific invoices. As a result, two copies of all the checks were produced. The best control to prevent this error is:
Batch sequence check of invoices.
Manual agreement of a batch check register with computed check totals.
Computer agreement of batch totals of check requests and checks produced.
Cancellation of paid invoices.
Cancellation of paid invoices.
216
The results of an audit of cash indicate that the bookkeeper signs expense checks and reconciles the checking account. The cash account was properly reconciled and no cash shortages were detected. Select the appropriate overall audit opinion.
Based on the audit results, it is our opinion that the system of internal control over cash is inadequate.
In our opinion, the system of internal control over cash is adequate.
In our opinion, the physical cash-handling procedures are adequate.
The results of the audit indicate bank statement reconciliations have been properly completed.
Based on the audit results, it is our opinion that the system of internal control over cash is inadequate.
217
A local government agency received a national government grant that provided funds for assisting families with low incomes. The agency is required to make an investigation of the family?s financial condition. The amount of assistance relates to the size of the family, income being received by family members, and the ages and school attendance of family children. The agency?s internal auditors plan to perform a compliance audit of the agency?s operation in disbursing the grant funds. Theÿmostappropriate scope of the audit would be to determine:
If the agency is investigating the eligibility of beneficiaries and the propriety of fund disbursement.
The accuracy of the disbursement reports furnished to the national government.
The degree of efficiency the agency is achieving in the disbursement of national funds.
The adequacy of the funds to relieve the family?s financial problem.
If the agency is investigating the eligibility of beneficiaries and the propriety of fund disbursement.
218
In auditing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that:
Income taxes related to construction equipment depreciation may have been calculated erroneously.
Contractor cash budgets could have been inappropriately compiled.
The contractor could be charging for the use of equipment not utilized in the construction.
Payroll taxes may have been inappropriately omitted from billings.
The contractor could be charging for the use of equipment not utilized in the construction.
219
The internal auditor of a company has been assigned to perform an audit of the company?s investment activities with particular emphasis on the company?s use of new financial instruments referred to as derivatives.ÿThe auditor is reviewing the company?s policy regarding investing in financial derivatives. The auditor would normally expect to find all of the following in the policyÿexcept:
A statement requiring board review of each transaction because of the risk involved in such transactions.
A statement indicating whether derivatives are to be used for hedging or speculative purposes.
A specific limit on the amount authorized for any single trader.
A specific authorization limit for the amount and types of derivatives that can be used by the organization.
A statement requiring board review of each transaction because of the risk involved in such transactions.
220
```
When there is a difference of opinion between the auditor and auditees during new system development audit work, what should the auditor doÿfirst?
Complain to audit management.
Convince the auditees.
Discuss it with user management.
Talk to senior management.
```
Convince the auditees.
221
There is generally no incentive for efficiency or economy in a cost-plus construction contract for small, unique projects. There is a potential for inflated costs. An appropriate control to encourage efficiency and economy in these contracts is:
Use of an agreed-on price for each unit of work.
Provision for maximum costs and sharing any savings.
A checklist approach to the audit of contract costs.
Elimination of change orders to the contract.
Provision for maximum costs and sharing any savings.
222
Which of the following control procedures would be theÿleastÿeffective in preventing a fraud conducted by sending purchase orders to bogus vendors?
Require that only approved vendors be paid for purchases, based on actual production.
Require that total purchases for a month not exceed the total budgeted purchases for that month.
Require contracts with all major vendors from whom production components are purchased.
Require that all purchases be made from an authorized vendor list maintained independently of the individual placing the purchase order.
Require that total purchases for a month not exceed the total budgeted purchases for that month.
223
Which of the following situations would cause an internal auditor to question the adequacy of internal controls in a purchasing function?
Unpaid voucher files and perpetual inventory records are independently maintained.
Receiving reports are forwarded to purchasing where they are matched to purchase orders and sent to accounts payable.
The original and one copy of the purchase order are mailed to the vendor. The copy on which the vendor acknowledges acceptance is returned to the purchasing department.
The accounts payable section prepares documentation for payments.
Receiving reports are forwarded to purchasing where they are matched to purchase orders and sent to accounts payable.
224
Which of the following statements is an audit objective?
Analyze the pattern of any cash shortages.
Recompute each month?s bank reconciliation.
Observe the deposit of the day?s cash receipts.
Evaluate whether cash receipts are adequately safeguarded.
Evaluate whether cash receipts are adequately safeguarded.
225
Which of the following would an internal auditor review to evaluate the recovery capabilities of a database management system?
Integrity checking procedures.
Data journaling procedures.
Edit and validation rules.
Data ownership and accountability policies.
Data journaling procedures.
226
An electric utility company records capital and maintenance expenditures through the use of a computerized project tracking system. Labor, material, and overhead are charged to the applicable project number. Monthly reports are produced that detail individual charges to each project, and expenditure totals are provided for the current month, fiscal year, and project life to date. Monthly project reports compare actual costs to original budget estimates and compute variances. Project variations greater than 10% of budget require subsequent explanation and approval by the supervisor. Which of the following audit test(s) would the internal auditor use to determine whether the required procedure is being followed?
I.Select a sample of overbudget explanations and test for subsequent approvals.
II.Trace overbudget explanations to supporting monthly project reports.
III.Use audit software to recompute monthly project report variances and totals.
IV.Compare a sample of project variances to documented approvals and explanations.
I and II only.
IV only.
I, II, and III.
III and IV.
IV only.
227
```
A controller became aware that a competitor appeared to have access to the company?s pricing information. The internal auditor determined that the leak of information was occurring during the electronic transmission of data from branch offices to the head office. Which of the following controls would beÿmostÿeffective in preventing the leak of information?
Asynchronous transmission.
Encryption.
Use of passwords.
Use of fiber-optic transmission lines.
```
Encryption.
228
```
One operating department of a company does not have adequate procedures for inspecting and verifying the quantities of goods received. To evaluate the materiality of this control deficiency, the auditor should review the department?s:
Year-end total assets.
Annual operating expenses.
Annual inventory purchases.
Year-end inventory balance.
```
Annual inventory purchases.
229
```
Theÿfirstÿstep in information technology compliance audit testing is to review which of the following?
Processing controls.
Output controls.
Input controls.
Access security controls.
```
Access security controls.
230
Which of the following audit procedures would provide theÿleastÿrelevant evidence in determining that payroll payments were made to bona fide employees?
Examine canceled checks for proper endorsement and compare to personnel records.
Reconcile time cards in use to employees on the job.
Test for segregation of the authorization for payment from the hire/fire authorization.
Test the payroll account bank reconciliation by tracing outstanding checks to the payroll register.
Test the payroll account bank reconciliation by tracing outstanding checks to the payroll register.
231
An internal auditor is auditing the financial operations of an organization. Which of the following isÿnotspecified by the IIAÿStandardsÿfor inclusion in the scope of the audit?
Reviewing the reliability and integrity of financial information.
Reviewing the financial decision-making process.
Reviewing systems established to ensure compliance with appropriate policy, plans, procedures, and other types of authority.
Appraising economy, efficiency, and effectiveness of the employment of resources.
Reviewing the financial decision-making process.
232
```
Which one of the following input controls or edit checks would catch certain types of errors within the payment amount field of a transaction?
Limit check.
Record count.
Check digit.
Echo check.
```
Limit check.
233
Two major retail companies, both publicly traded and operating in the same geographic area, have recently merged. Both companies are approximately the same size and have audit departments. Company B has invested heavily in information technology and has electronic data interchange (EDI) connections with its major vendors.
The audit committee has asked the internal auditors from both companies to analyze risk areas that should be addressed after the merger. The director of internal auditing of Company B has suggested that the two audit groups have a planning meeting to share audit programs, scope of audit coverage, and copies of audit reports that were delivered to their audit committees. Management has also suggested that the auditors review the compatibility of the companies? two computer systems and control philosophy for individual store operations.
Company A?s audit director, who is also a CIA, faces an ethical dilemma. For an audit in process, persuasive evidence indicates that a top manager has been involved in insider trading. The extent and type of trading is such that the trading would be considered fraudulent. However, the findings were encountered as a side issue of another audit and are not considered relevant to the compatibility of the computer systems. Regarding this finding, which of the following is the audit director?sÿmostappropriate action?
Discontinue audit work associated with the insider trading since it is not an integral part of the existing audit and the audit committee has established higher-priority work for the auditors.
Discontinue audit work associated with the insider trading and report the preliminary findings to the company?s external legal counsel for investigation. Report the legal counsel findings to management.
Discontinue audit work associated with the insider trading. Report the preliminary findings to the chairperson of the audit committee and recommend an investigation.
Continue work on the insider trading sufficient to conclusively establish whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee. Report the matter to government officials if appropriate action is not taken.
Discontinue audit work associated with the insider trading. Report the preliminary findings to the chairperson of the audit committee and recommend an investigation.
234
Which of the following controls would help prevent overpaying a vendor?
Approving the purchase before ordering from the vendor.
Reviewing the accounting distribution for the expenditure.
Requiring the check signer to mail the check directly to the vendor.
Reviewing and canceling supporting documents when a check is issued.
Reviewing and canceling supporting documents when a check is issued.
235
A company has equipped its staff with personal computers. Several employees also have compatible machines at home and belong to shareware networks and electronic bulletin board systems. They pass along software obtained through these external sources to coworkers at the office. Given this information, an information technology auditor should conclude that:
A cost/benefit analysis should be done on the use of externally obtained software.
Management has failed to set quality standards.
An exposure exists requiring management attention.
Quantitative performance standards are unrealistic.
An exposure exists requiring management attention.
236
The director of internal auditing is concerned that a recently disclosed fraud was not uncovered during the last audit of cash operations. A review of the work papers indicated that the fraudulent transaction was not included in a properly designed statistical sample of transactions tested. Which of the following applies to this situation?
Extraordinary care is necessary in the performance of a cash operations audit, and the auditor should be held responsible for the oversight.
The internal auditor acted with due professional care since an appropriate statistical sample of material transactions was tested.
Because cash operation is a high-risk area, 100% testing of transactions should have been performed.
Fraud should not have gone undetected in a recently audited area.
The internal auditor acted with due professional care since an appropriate statistical sample of material transactions was tested.
237
A manufacturing firm uses large quantities of small inexpensive items, such as nuts, bolts, washers, and gloves, in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary, the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which of the following would be an appropriate improvement to controls in this environment?
Relocate bins to the inventory warehouse.
Require management review of reports on the cost of consumable items used in relation to budget.
None of the above controls is needed for items of minor cost and size.
Lock the bins during normal working hours.
Require management review of reports on the cost of consumable items used in relation to budget.
238
A department developed an integrated end-user computing (EUC) application involving timekeeping, payroll, and labor cost accounting. The department used its own personnel to design and program the application using a fourth-generation language (4GL). Subsequently, the department hired outside consultants to rewrite certain components. The application was implemented on the departmental local area network (LAN) and connected with the corporate mainframe system to allow the transfer of data between them.
The internal audit department ranked the EUC applications of the organization according to the perceived risk. As a result, the timekeeping/payroll/labor cost accounting application was selected for an information technology audit.
Management of the department allowed the outside consultants to test and install new releases of the application software without documenting the changes. Which of the following risks would beÿmostclosely associated with this practice?
The users may not be aware that changes have been made.
The reliability of the information processed may be reduced.
An appropriate level of management may not properly authorize initiation of changes.
The changes may be made to the application without proper testing.
The users may not be aware that changes have been made.
239
```
When testing the year-end balance for trade accounts payable, the use of an audit software package to identify unauthorized vendors in a vendor database is most useful in developing tests to determine:
Accuracy of the receiving cutoff used.
Valuation of recorded transactions.
Existence of valid recorded liabilities.
Ownership of the recorded payables.
```
Existence of valid recorded liabilities.
240
A catalog company has been experiencing an increasing incidence of problems where the wrong products have been shipped to the customer. Most of the customer orders come in over the telephone, and an operator enters the data into the order system immediately. Which of the following control procedures, if properly implemented, would address the problem?
I.Have the computer automatically assign a sequential order number to each customer order.
II.Implement a self-checking digit algorithm for each product number and request entries by product number.
III.Request entries by product number, have the computer program identify the product and price, and require the operator to orally verify the product description with the customer.
I and II.
II and III.
I, II, and III.
II only.
II and III.
241
An audit had been scheduled to address unusual inventory shortages revealed in the annual physical inventory process at a large consumer goods warehouse operation. A cycle count program had been installed in the storeroom at the beginning of the year in place of the disruptive process of counting one entire product line at the end of each month. The cycle count program appeared effective based on the fact that only nine minor adjustments had been made for the entire year on the several thousand different products located in the storeroom. The storeroom supervisor explained that each of the 15 stockroom personnel selected one item each day for cycle count based on how efficiently the item could be counted. The opportunity for control-related problems including fraud has been increased in the stockroom because:
A cycle count program has been installed in place of a less efficient program.
Stockroom personnel record cycle count information.
Stockroom personnel select items for cycle count.
Only nine minor adjustments have been recorded as a result of the cycle count process.
Stockroom personnel select items for cycle count.
242
During an audit of a defense contract, the auditor becomes concerned with the possibility of inappropriate charges to overhead. However, when examining the underlying documentation of expenses, the auditor finds that all expenditures are properly supported. All billings show total cost and the application of a percentage overhead rate that appears consistent with previous years. The auditor calculates a statistical estimate of expenditures by the contractor to determine whether they are in compliance with the contract. The audit working papers document the following evidence, which the auditor is considering for the audit report:
+Total expenditures per the contractor books: $12.3 million
+Total number of items in population: 1,500
+Sample size: 100
+Number of items not in compliance: 5
+Dollar value of items sampled: $700,000
+Dollar amount of items not in compliance: $53,000
Which of the following communications would be correct?
I.The best estimate is that 5% of the 1,500 items in the population are not in compliance with the contract.
II.The best estimate is that the incorrect charges to the account equal about $795,000.
III.The average dollar value of items not in compliance is greater than the average dollar value of items in the population.
IV.I, II, and III
IV.
243
A role of internal auditing during evaluation of a new system is to:
Document control features for the permanent system documentation file.
Rewrite flawed program code affecting control features.
Determine whether adequate control has been planned and implemented.
Draft control procedures in cases where the development team omitted them.
Determine whether adequate control has been planned and implemented.
244
An organization sells products via catalog and takes orders over the phone. All orders are entered online, and the organization?s objective is to ship all orders within 24 hours. The audit trail is kept in machine-readable form. The only papers generated are the packing slip and the invoice sent to the customer. Revenue is recorded upon shipment of the goods. The organization maintains a detailed customer database that allows the customer to return goods for credit at any time.
The auditor wants to gain assurance that all telephone orders received were shipped and billed in a timely fashion. Which of the following audit procedures would beÿmostÿeffective in meeting the auditor?s objective?
Use an integrated test facility (ITF) and submit product orders to the ITF. Compare the prices invoiced to the prices in the most recent catalog. Determine that all submitted items were shipped.
Use generalized audit software to randomly select a sample of sales invoices, and have the software match the items selected to the log of transactions maintained for all incoming orders.
Take the computer log of incoming orders, and use generalized audit software to compare order date to invoice and shipping date in the sales invoice file.
Use test data to generate batch control totals. Trace the batch control totals from the items submitted to the sales invoice file generated for the test data.
Take the computer log of incoming orders, and use generalized audit software to compare order date to invoice and shipping date in the sales invoice file.
245
A Certified Internal Auditor directs the audit function for a large city and is planning the audit schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet in order to be eligible for the funding.
The auditor must determine the applicable laws and regulations. Which of the following procedures would be theÿleastÿeffective in learning about the applicable laws and regulations?
Discuss the matter with the audit committee and make inquiries as to the nature of the requirements and the audit committee?s objectives for the audit.
Make inquiries of the city?s chief financial officer, legal counsel, or grant administrators.
Review prior-year working papers and inquire of officials as to changes.
Review applicable grant agreements.
Discuss the matter with the audit committee and make inquiries as to the nature of the requirements and the audit committee?s objectives for the audit.
246
Management is concerned with the potential for unauthorized changes to the payroll. Which of the following is the proper organizational structure to prevent such unauthorized changes?
The payroll department being supervised by the management of the human resources division.
Limiting the payroll department?s functions to maintaining the payroll records, distributing paychecks, and posting the payroll entries to the general ledger.
The personnel department authorizing the hiring and pay levels of all employees.
The payroll department maintaining and authorizing all changes to the personnel records.
The personnel department authorizing the hiring and pay levels of all employees.
247
You are an internal auditor who has been assigned to an audit of the material acquisition cycle of a company. To satisfy an audit objective of verifying that purchase transactions are authorized and are for needed materials, you should:
Discuss a sample of transactions with the purchasing agent.
Examine a sample of vendor invoices.
Review a sample of purchase orders and their related purchase requisition for proper approval signatures.
Review signatures on a sample of receiving reports.
Review a sample of purchase orders and their related purchase requisition for proper approval signatures.
248
An auditor is performing an operational audit of a division and observes that an unusually large quantity of goods is on hand in the shipping and materials rework areas. The items are labeled as reship items. Upon inquiry, the auditor is told that they are goods that have been returned by customers and have either been repaired or shipped back to the original customer or repaired and shipped out as new products because they are fully warranted.
The auditor has not yet performed any detailed audit work. Based on the information given, theÿmostappropriate action for the auditor to take would be to:
Take an inventory of the goods on hand so the dollar amount could be included in the audit report along with the explanation of the problem.
Report the items to divisional management and ask for their explanation before determining whether to include the findings in an audit report.
Take a sample of the items on hand and trace to underlying documents, such as receiving reports and sales orders, to determine how the goods were handled.
Write the finding up, but do not perform any additional work without the approval of the director of internal auditing because it is clearly a scope expansion.
Take a sample of the items on hand and trace to underlying documents, such as receiving reports and sales orders, to determine how the goods were handled.
249
The primary concern in a program results audit is a determination that:
The entity has complied with laws and regulations.
Financial statements are presented in accordance with generally accepted accounting principles.
Resources are managed economically and efficiently.
Desired benefits are being achieved.
Desired benefits are being achieved.
