PART 2 Self Review

Question 1

When to use Attribute Sampling?

Answer 1

“Appropriate for Discrete Variables

Used for Test of Controls (usually test compliance/ noncompliance)”

Question 2

When to use Variable Sampling?

Answer 2

“Appropriate for Continuous Variables

Used for Substantive Testing (values, amounts, weights, accounts)”

Question 3

What is the objective of Stop-or-go Sampling?

Answer 3

To reduce the sample size when the auditor believes the deviation rate in the population is low

Stop: deviation rate is BELOW a specified rate at a specified level of confidence
Go: deviation rate EXCEEDS specified rate

Question 4

What is the objective of mean per unit sampling?

Answer 4

“Increasing audit efficiency by separating the population into logical groups, usually by various ranges of the tested amounts.
By creating multiple populations, the variability within each is reduced, allowing for a smaller overall sample size”

Question 5

When is Ratio Estimation preferable to Difference Estimation?

Answer 5

When differences between the audited amounts of sample items and their recorded amounts are expected to vary in proportion to the size of the sample items.

Question 6

When is Ratio Estimation preferable to MPU Estimation?

Answer 6

The standard deviation of the sample item amounts is greater than the standard deviation of the distribution of the ratios of the audited amounts of sample items compared to their recorded amounts

Question 7

When is Monetary-unit Sampling Used?

Answer 7

“MUS is appropriate for testing account balances for overstatement when some items may be far larger than others in the population. In effect, it stratifies the population because the larger account balances have a greater chance of being selected.

MUS is most useful if few misstatements are expected”

Question 8

How are test data used?

Answer 8

“Auditor observes how the system processes good and bad dummy data.
Test data must never mingle with real data”

Question 9

What is an example of limitations of GAS?

Answer 9

“It it can only be used on hardware with compatible operating systems. “

Question 10

How are integrated test Facilities used?

Answer 10

” The auditor creates a fictitious entity (a department, vendor, employee, or product) on the client’s live production system.

All transactions associated with the dummy entity are processed by the live system, and the auditor can observe the results.”

Question 11

What is Tracing?

Answer 11

“Tracing follows a transaction forward from the triggering event to a resulting event, ensuring that the transaction was accounted for properly.

Tests the COMPLETENESS assertion”

Question 12

What is Vouching?

Answer 12

“Vouching tracks a result backward to the originating event, ensuring that a recorded amount is properly supported. (in some cases, vouching is also referred to as tracing, auditor must note the relationship of the documentary evidence, not just the terms)

From Accounts/ Ledgers to Source Document

Tests the EXISTENCE assertion”

Question 13

What are the qualities of communication?

Answer 13

“1. Accurate

2. Objective
3. Clear
4. Concise
5. Constructive
6. Complete
7. Timely”

Question 14

What are the four attributes of Observations and Recommendations?

Answer 14

“1. Criteria

2. Condition
3. Cause
4. Effect”

Question 15

What are the levels of a Maturity Model

Answer 15

“1. Initial

2. Repeatable
3. Defined
4. Managed
5. Optimizing”

Question 16

What are the different types of Benchmarking

Answer 16

“1. Competitive

2. Process (function)
3. Strategic
4. Internal
5. Generic”

Question 17

What are the matters to consider prior to preparation of engagement work programs

Answer 17

“1) Engagement scope

2) Means of achieving objectives
3) A risk and control matrix
4) Availability of essential resources
5) Sample sizes
6) Conclusions and judgments during planning”

Question 18

What are the four formats of CSA Facilitation Approach?

Answer 18

“1) Objective-Based- to decide whether the control procedures are
working effectively
2) Risk-Based-to determine significant residual risks
3) Control-Based- to produce an analysis of the gap between how
controls
4) Process-Based- aims to evaluate, update, validate, improve, and even streamline the whole process”

Question 19

What are the four types of interviews

Answer 19

“1. Preliminary

2. Fact-gathering
3. Follow-up
4. Exit “

Question 20

What is a confidence interval (Precision)

Answer 20

Is the range around a sample value that is expected to contain the true population value.

Question 21

Nature of Work of Internal Audit

Answer 21

The internal audit activity must evaluate and contribute to the improvement of the organization’s GRC processes using a systematic, disciplined, and risk-based approach.

Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact.

Question 22

Governance (Glossary)

Answer 22

The combination of processes and structures implemented by the board to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives

Question 23

Risk management (Glossary)

Answer 23

A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives

Question 24

Control (Glossary)

Answer 24

Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved

Question 25

Control processes (Glossary)

Answer 25

The policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept.

Question 26

Compliance (Glossary)

Answer 26

adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.

Question 27

When is the internal audit activity effectively managed?

Answer 27

● It achieves the purpose and responsibility included in the internal audit charter.
● It conforms with the Standards.
● Its individual members conform with the Code of Ethics and the Standards.
● It considers trends and emerging issues that could impact the organization

Question 28

Content of Policies

Answer 28

i) Purposes and responsibilities of the internal audit activity
ii) Compliance with mandatory guidance
iii) Independence of the internal audit activity and objectivity of internal auditors
iv) Ethics requirements
v) Maintaining the confidentiality of information
vi) Retention of internal audit records

Question 29

Content of Procedures

Answer 29

i) Drafting the audit plan based on the risk assessment
ii) Drafting plans and work programs for specific engagements
iii) Performance and documentation of engagements
iv) Communicating results of engagements
v) Monitoring and follow-up

Question 30

Evaluation of a Privacy. How is privacy defined?

Answer 30

a) Personal privacy (physical and psychological)
b) Privacy of space (freedom from surveillance)
c) Privacy of communication (freedom from monitoring)
d) Privacy of information (collection, use, and disclosure of personal information by others)

Question 31

What is the goal of Performance Auditing?

Answer 31

Provide assurance about the organization’s key performance indicators.

Question 32

What is a balanced scorecard

Answer 32

It is a report that connects critical success factors determined in a strategic analysis with financial and nonfinancial measures of the elements of performance

Question 33

Four typical categories of Balanced Scorecards

Answer 33

a) Financial measures are ultimate results provided to owners
b) Customer measures reflect customer needs and satisfaction
c) Internal measures of key processes drive the business
d) Learning, growth, and innovation measures are the basis for future success

Question 34

Program-results engagements

Answer 34

Intended to obtain information about the costs, outputs, benefits, and effects of a program. They attempt to measure the accomplishment and relative success of the undertaking.

Question 35

Five (5) Components of a COSO Control Framework

Answer 35

1) Control Activities- policies and procedures applied to ensure that management directives are executed and actions are taken to address risks affecting achievement of objectives
2) Risk Assessment- t identifies and analyzes external or internal risks affecting achievement of the objectives at the activity level and the entity level.
3) Information and Communication- Relevant internal and external information should be identified, captured, and communicated in a timely manner and in appropriate forms
4) Monitoring- assesses the quality of a system’s performance over time
5) Control Environment- reflects the attitude and actions of the board and management regarding the significance of control within the organization.

Question 36

Principles Applied to Internal Auditors’ Consulting Activities

Answer 36

a. Value Proposition
b. Consistency with Internal Audit Definition
c. Audit Activities beyond Assurance and Consulting
d. Interrelationship between Assurance and Consulting
e. Empower Consulting through the Internal Audit Charter
f. Objectivity
g. Internal Audit Foundation for Consulting Services
h. Communication of Fundamental Information
i. Principles of Consulting Understood by the Organization
j. Formal Consulting Engagements
k. CAE Responsibilities
l. Criteria for Resolving Conflicts or Evolving Issues

Question 37

Types of Consulting Engagements

Answer 37

1) Formal consulting engagements are planned and subject to written agreement.
2) Informal consulting engagements involve routine activities, such as
(a) participation on standing committees
(b) limited-life projects
(c) ad-hoc meetings
(d) routine information exchange.
3) Special consulting engagements include participation on a merger and acquisition team or system conversion team.
4) Emergency consulting engagements include participation on a team
(a) established for recovery or maintenance of operations after a disaster or other extraordinary
business event or
(b) assembled to supply temporary help to meet a special request or unusual deadline.

Question 38

What is reengineering

Answer 38

Reengineering (also called business process reengineering), involves process innovation and core process redesign. Instead of improving existing procedures, it finds new ways of doing things.

One well-known tool useful in reengineering is work measurement, a process that involves analysis of activities. The nature and extent of a task, the procedures needed for its execution, and the efficiency with which it is carried out are determined by work measurement

Question 39

Audit risk

Answer 39

The risk that an auditor expresses an inappropriate opinion on materially misstated financial statements

In an internal audit context, audit risk is the risk that the auditor will provide senior management and the board with flawed or incomplete information about governance, risk management, and control

Question 40

Inherent risk

Answer 40

Is the susceptibility of an assertion about a transaction class, balance, or disclosure to a material misstatement before considering relevant controls.

Question 41

Control risk

Answer 41

Is the risk that internal control will not timely prevent, or detect and correct, a material misstatement of an assertion.

Question 42

Detection risk

Answer 42

Is the risk that the audit procedures intended to reduce audit risk to an acceptably low level will not detect a material misstatement.

Question 43

What is the Auditor’s Response to Assessed Risk

Answer 43

Of the three components, only detection risk is under the auditor’s direct control.

The internal auditor must first determine the levels of inherent and control risk for the account or activity under review. Detection risk is then adjusted to achieve an overall acceptable level of audit risk.

Question 44

Four qualities of Information

Answer 44

● Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor.
● Reliable information is the best attainable information through the use of appropriate engagement techniques.
● Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement.
● Useful information helps the organization meet its goals.

Question 45

Sources of Information

Answer 45

1. Internal information originates and remains with the engagement client
2. Internal-external information originates with the client but also is processed by an external party
3. External-internal information is created by an external party but subsequently processed by the client
4. External information is created by an independent party and transmitted directly to the internal auditor. External information is ordinarily regarded as the most reliable because it has not been exposed to possible alteration or destruction by the client.

Question 46

Nature of Evidence Based on Legal evidence

Answer 46

1) Direct evidence establishes a particular fact or conclusion without having to make any assumptions
2) Circumstantial evidence establishes a fact or conclusion that can then lead by inference to another fact
3) Conclusive evidence is absolute proof, by itself.
4) Corroborative evidence serves to confirm a fact or conclusion that can be inferred from other evidence.

Question 47

Forms of Audit Evidence

Answer 47

1) Physical information consists of the internal auditor’s direct observation and inspection of people, property, or activities, e.g., of the counting of inventory.
2) Testimonial information consists of written or spoken statements of client personnel and others in response to inquiries or interview questions.
3) Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders
4) Analytical information is drawn from the consideration of the interrelationships among data or, in the case of internal control, the particular policies and procedures of which it is composed.

Question 48

Levels of Persuasiveness of Evidence

Answer 48

a. An auditor’s physical examination provides the most persuasive form of evidence.
b. Direct observation by the auditor is the next most persuasive. The lack of precise measurement is a weakness.
c. Information originating from a third party is less persuasive than information gathered by the auditor but more persuasive than information originating from the client.
d. Information originating with the client can be somewhat persuasive in documentary form, especially if it is subject to effective internal control. But client oral testimony is the least persuasive of all.

Question 49

RACI Diagram

Answer 49

A RACI diagram is used to clarify decision-making assignments in cross-functional or departmental projects and processes.

R – Responsible. A person who is responsible for performing the particular task.
A – Accountable. A person who is the final decision maker and is ultimately accountable for the task.
C – Consulted. A person who must be consulted before completing the task or making a decision.
I – Informed. A person who is informed after a decision is made or when the task is completed

Question 50

Types of Ratio Comparisons

Answer 50

1) Trend analysis tracks the changes in a ratio over time, e.g., the last 3 fiscal years. It helps assess the effects of changes in the overall economy or the relative success of a marketing campaign.
2) Period-to-period analysis compares performance for similar time periods, e.g., the third quarter of the current year and the third quarter of the prior year. This approach is especially informative in seasonal industries, such as retailing and agriculture.
3) Industry analysis compares the organization’s ratios with those of competitors or with the published averages for the entire industry. These must be used with caution because different organizations in the same industry may have different cost structures.

Question 51

Regression analysis

Answer 51

determines the degree of relationship, if any, between two variables, such as that between sales and cost of goods sold. The degree of relationship can be used as a benchmark to test for reasonableness.

Question 52

Variance analysis

Answer 52

studies the difference (favorable or unfavorable) between an amount based on an actual result and the corresponding budgeted amount. It is a method of planning and control that focuses attention on the causes of significant deviations from expectations.

Question 53

Content of workpapers

Answer 53

a) Indexing
b) Titles indicating the subject matter of the engagement
c) Time of the engagement
d) Scope of work
e) Purpose
f) Sources of information
g) The population, sample size, and means of selection
h) Analytical methods
i) Results of tests and analyses
j) Conclusions cross-referenced to observations
k) Recommended follow-up
l) Names of the internal auditor(s)
m) Review notation and name of the reviewer(s)

Question 54

Communicating the Acceptance of Risks

Answer 54

When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board.