Part 1 : 11/11/10 07:44:32Question 1 - CMA 1283 3-15 - Internal Audit For an internal audit department to be considered as a relevant internal control by the external auditor, the internal auditor must A. Use statistical sampling procedures. B. Perform operational audits. C. Be independent of the accounting function. D. Be cost effective. A. Statistical sampling procedures are one type of procedure performed by an auditor. They have nothing to do with whether an external auditor would consider the internal audit department as a relevant internal control. B. Whether or not an internal audit department performs operational audits has nothing to do with its relevancy as an internal control. C. For an external auditor to consider an internal audit department to be a relevant internal control, it must be independent of the accounting function. The chief internal auditor function should report to the board of directors or to a member of senior management outside of the accounting function. D. Cost effectiveness has nothing to do with relevancy as an internal control. Question 2 - CMA 685 5-26 - Systems Control A company employing an online computer system has CRT terminals located in all operating departments for inquiry and updating purposes. Many of the company's employees have access to and are required to use the CRT terminals. A control the company would incorporate to prevent an employee from making an unauthorized change to computer records unrelated to that employee's job would be to A. Restrict the physical access to terminals. B. Use validity checks. C. Apply a compatibility test to transactions or inquiries entered by the user. D. Establish user codes and passwords. A. Restricting physical access to terminals is not an option when employees are required to use the terminals. B. A validity check is a check to see whether input conforms to established parameters. It would do nothing to prevent unauthorized changes to computer records. C. A compatibility test is an access control. All users are assigned user codes and passwords, and rights are assigned. When transactions are processed, transaction codes are checked against the users' code, and any activity not authorized for a user is rejected. D. Establishing user codes and passwords is the first step, but it is not enough. Question 3 - CPA 1194 A-26 - Segregation of Duties Proper segregation of duties reduces the opportunities for persons to be in positions to both A. Journalize entries and prepare financial statements. B. Establish internal control and authorize transactions. C. Record cash receipts and cash disbursements. (c) HOCK international, page 1 Part 1 : 11/11/10 07:44:32 D. Perpetrate and conceal errors or fraud. A. It is appropriate for an accountant to prepare both journal entries and financial statements. B. Management's responsibility is to establish internal control policies and procedures. In addition, management has the authority to authorize transactions. As long as the same person does not perform both authorization of transactions and recordkeeping, custody, or reconciliation responsibilities, segregation of duties is maintained. C. The recordkeeping function includes recording both cash receipts and cash disbursements. As long as the same person does not perform both recordkeeping and authorization, custody, or reconciliation responsibilities, segregation of duties is maintained. D. The purpose of segregation of duties is to prevent one person from being able to both perpetrate and conceal a fraud or even an error. Question 4 - CIA 588 II-43 - Internal Audit Audit report content and format may vary; but according to the standards, which of the following is a necessary element? A. Documentation of previous oral communications. B. Statement of audit objectives. C. Related activities not audited. D. Status of findings from prior reports. A. All audit reports must include the purpose or objective of the audit, the scope, the results and (if appropriate) an opinion. In addition to these items, a report may also include background information, summaries, status of findings from previous audits, recommendations of potential improvements, acknowledgement of good performance and corrective actions taken, and comments from the department that was audited. Related activities not included may be identified if necessary to define the scope of the audit. However, of the potential answers given, only the statement of audit objectives is a necessary element. B. All audit reports must include the purpose or objective of the audit, the scope, the results and (if appropriate) an opinion. In addition to these items, a report may also include background information, summaries, status of findings from previous audits, recommendations of potential improvements, acknowledgement of good performance and corrective actions taken, and comments from the department that was audited. Related activities not included may be identified if necessary to define the scope of the audit. However, of the potential answers given, only the statement of audit objectives is a necessary element. C. All audit reports must include the purpose or objective of the audit, the scope, the results and (if appropriate) an opinion. In addition to these items, a report may also include background information, summaries, status of findings from previous audits, recommendations of potential improvements, acknowledgement of good performance and corrective actions taken, and comments from the department that was audited. Related activities not included may be identified if necessary to define the scope of the audit. However, of the potential answers given, only the statement of audit objectives is a necessary element. D. All audit reports must include the purpose or objective of the audit, the scope, the results and (if appropriate) an opinion. In addition to these items, a report may also include background information, summaries, status of findings from previous audits, recommendations of potential improvements, acknowledgement of good performance and corrective actions taken, and comments from the department that was audited. Related activities not included may be identified if necessary to define the scope of the audit. However, of the potential answers given, only the statement of audit objectives is a necessary element. (c) HOCK international, page 2 Part 1 : 11/11/10 07:44:32 Question 5 - CMA 693 4-10 - Systems Control Online access controls are critical for the successful operation of today's computer systems. To assist in maintaining control over such access, many systems use tests that are maintained through an internal access control matrix consisting of A. A completeness test, closed loop verification, and a compatibility test. B. Authorized user code numbers and passwords. C. A list of controls in the online system and a list of those individuals authorized to change and adjust these controls along with a complete list of files in the system. D. Authorized user code numbers, passwords, lists of all files and programs, and a record of the type of access each user is entitled to have to each file and program. A. Completeness tests and closed loop verification are not access controls. A completeness test will not let processing proceed if a data item is not complete. Closed loop verification is an online data entry check which utilizes display and checking of data entry items. B. Although these two items are access controls, this is not the most complete list of items that are access controls. C. A list of individuals authorized to change and adjust the controls is not an access control. D. These are all access controls. Question 6 - CIA 1190 I-13 - Internal Audit An internal auditor would most likely judge a misstatement in an account balance to be material if it involves A. An unusual transaction for the company. B. A large percentage of net income. C. A related party. D. An unverified routine transaction. A. Although an unusual transaction would indicate increased audit risk, the existence of an unusual transaction does not, by itself, mean that the amount is material. B. A misstatement that amounts to a large percentage of net income is material, regardless of any other circumstances. C. Although a transaction with a related party would indicate increased audit risk, the existence of a related party transaction does not, by itself, mean that the amount is material. D. Although an unverified routine transaction would indicate increased audit risk, the existence of an unverified routine transaction does not, by itself, mean that the amount is material. Question 7 - CIA 592 I-16 - Internal Audit Determining that audit objectives have been met is part of the overall supervision of an audit assignment and is the ultimate responsibility of the A. Internal auditing supervisor. B. Audit committee. (c) HOCK international, page 3 page 4 . and payments by check. D. with the four functions of authorizing transactions. record counts of each run.CMA 1289 5-2 . proper separation of duties. Director of internal auditing. Sign tests. Question 8 .Internal Control Your objective is to determine that nonrecurring purchases. The overall supervision of an audit assignment is not the ultimate responsibility of the staff internal auditor. detect.CIA 1185 II-20 . online edit checks. and payments by check. limit tests. and record counts of each run should be utilized to check for accuracy and completeness. batch totals. D. B. B. limit tests. Backup copies of all activity and master files are essential so that data will not be lost. The purchase requisition. special control over unclaimed checks. A system of control over unclaimed checks should be in place. Receiving reports. batch totals. online edit checks. If all purchases are made through the purchasing department. The best set of controls for a payroll system includes A. Passwords and user codes. D. Employee supervision. hash totals of employee identification numbers. passwords and user codes. initiated by various user organizations. D. employee supervision. A. B. C. (c) HOCK international. employee supervision. and backup copies of activity and master files. Sign tests. The overall supervision of an audit assignment is not the ultimate responsibility of the audit committee. to which of the following documents would you vouch purchases? A. The overall supervision of an audit assignment is not the ultimate responsibility of an internal auditing supervisor. C. recording transactions. A purchase order would not contain the user department's authorization for a purchase. and reconciliation of the physical assets to the recorded amounts being performed by different people. properly approved. and record counts of each run. Purchase requisitions. Passwords and user codes. record counts of each run. B. An invoice would not contain the user department's authorization for a purchase. have been properly authorized.Part 1 : 11/11/10 07:44:32 C. C.Systems Control Payroll systems should have elaborate controls to prevent. Segregation of duties is essential. and record counts of each run. and payments by check. The overall supervision of an audit assignment is the ultimate responsibility of the director of internal auditing. Purchase orders. D. A. Invoices. C. Batch and hash totals. contains the user department's authorization for a purchase. C. Staff internal auditor. keeping custody of the assets. batch totals. B. and correct errors and unauthorized tampering. Batch totals for hours worked and dollar totals. A receiving report would not contain the user department's authorization for a purchase. passwords and user codes. Question 9 . A. Management takes action to enhance the likelihood that established goals and objectives will be achieved. Employee supervision. Which of the following best describes the concept of control as recognized by internal auditors? A. D. page 5 . D. C. record counts of each run. the concept of control flows from the top down.Internal Audit To control daily operating costs. B. Testing the mathematical accuracy of a sample of messenger invoices will not detect whether the company is being billed by the messenger service for services not received. Control encompasses much more than controls designed to ensure the correctness of processing. D. and payments by check. Scanning ledger accounts and messenger invoices will not detect whether the company is being billed by the messenger service for services not received. control is designed and instituted by management. A. Despite those measures. A. Scan ledger accounts and messenger invoices. B.Internal Control Auditors regularly evaluate controls and control procedures. B. not by accountants or auditors. D.CIA 1195 I-67 . Control represents specific procedures that accountants and auditors design to ensure the correctness of processing. Question 12 . Reconcile a sample of messenger invoices to pickup receipts. Furthermore. While control procedures may be designed from the bottom up. the monthly bill continued to increase. Reconciling a sample of messenger invoices to pickup receipts should detect whether the company is being billed by the messenger service for services not received. Question 10 . Observe daily use of the messenger service.CIA 593 I-19 .CMA 1283 3-11 . an organization decreased the number of times a messenger service was used each day. Management regularly discharges personnel who do not perform up to expectations. A control is any action taken by management to enhance the likelihood that established goals and objectives will be achieved. This is not the definition of a control. While observing daily use of the messenger service might detect whether the company is being billed by the messenger service for services not received. Test the mathematical accuracy of a sample of messenger invoices. C. What procedure should the internal auditor use to detect whether improper services were being billed? A. C. it is not a cost-effective means of testing because it would require too much time in observation. batch totals.Internal Control (c) HOCK international. C.Part 1 : 11/11/10 07:44:32 D. Control procedures should be designed from the "bottom up" to ensure attention to detail. Question 11 . B. Strong internal control will result in some assurance of compliance with the Foreign Corrupt Practices Act of 1977. and operational efficiency is optimized. reliability of financial reporting. this is not one of a financial statement auditor's major concerns. or process. D. Elimination of employee fraud. The benefit least likely to occur is A. C. Availability of reliable data for decision-making purposes. and thus that is a benefit.Internal Control One of the financial statement auditor's major concerns is to ascertain whether internal control is designed to provide reasonable assurance that A. B. A.Internal Control Marport Company is a manufacturing company that uses forms and documents in its accounting information systems for record keeping and internal control. and so this cannot be considered a benefit of a strong internal control system. management can expect various benefits. C. Internal control is a method. The concerns of the financial statement auditor will relate to no. Corporate morale problems are not relevant to a financial statement audit. Strong internal control will result in the benefit of better. Profit margins are maximized. Reduced cost of an external audit. D. complete elimination of employee fraud is not possible. D. It is not necessary that the chief accounting officer review all accounting transactions.Part 1 : 11/11/10 07:44:32 When an organization has strong internal control. (c) HOCK international. 2. B. C. B.authorize payments and prepare vouchers. page 6 .CMA 685 3-17 . and designed to provide reasonable assurance that objectives in the following three categories will be achieved: (1) effectiveness and efficiency of operations. C. Question 13 . Some assurance of compliance with the Foreign Corrupt Practices Act of 1977.CMA 690 5-9 . The departments in Marport's organization structure and their primary responsibilities are: Accounts Payable -. this is not one of a financial statement auditor's major concerns. A.maintain customer accounts. Financial reporting is reliable. management. (2) reliability of financial reporting. While strong internal control can limit employee fraud. While it is important to maximize profits and optimize operational efficiency. D. and other personnel. that is carried out by an entity's board of directors. Question 14 . The chief accounting officer reviews all accounting transactions. B. Accounts Receivable -. Reduced cost of external audits is a benefit that is likely to occur as a result of strong internal control. Therefore. more accurate data for decision making. Corporate morale problems are addressed immediately and effectively. and (3) compliance with applicable laws and regulations. General Accounting -.safeguard all materials and supplies until needed for production. Yes.decide the types and quantities of products to be produced. B. Credit Department -.appraise and monitor internal controls.maintain a record of cash receipts and disbursements.prepare invoices to customers for goods sold. Audit risk is the risk that an auditor will give an unqualified (everything is fine) opinion. Payroll -. C.accept orders from customers.receive all materials and supplies. page 7 . because a small dollar amount is in error. timing.process incoming. Finished Goods Storeroom -. outgoing.verify the credit rating of customers.ship goods to customers. Production -. Thus. if there will be further transactions with this stockholder.Part 1 : 11/11/10 07:44:32 Billing -. A. it should not perform what is primarily a custodial function as well. D.compute and prepare the company payroll. C. Payroll Department. it should not perform what is primarily a custodial function as well. the risk that is natural (c) HOCK international. Personnel -. Production Department in which the employee works or worked. If employee paychecks are distributed by hand to employees. Shipping -. An employee or supervisor in the department in which the employee works or worked could misappropriate an unclaimed check. C.maintain perpetual inventory records for all manufacturing materials and supplies. No. and interdepartmental mail. B.hire employees. A. Sales -. and extent of audit procedures to be completed. Stores Control -.maintain all records for the company's general ledger.prepare and control time worked by hourly employees. Internal Audit -. D. Mailroom -. The Personnel Department fulfills what is in part an authorization function as it is responsible for pay rates. which one of the following departments should be responsible for the safekeeping of unclaimed paychecks? A. because a related party is involved.manufacture finished goods.Internal Audit An internal auditor discovered an error in a receivable due from a major stockholder. Purchasing -. Audit risk and materiality are used to determine the nature. Would the auditor be likely to consider the error to be material? A. Personnel Department. The receivable's balance accounts for less than 1% of the company's total receivables. The Payroll Department fulfills the recordkeeping function.CIA 591 I-26 . Question 15 . as well as their evaluation. B. Cashier Department. Cost Accounting -. Receiving -. when in reality there is one or more than one material misstatement. Cashier -. Yes. D. Inventory Control -. Production Planning -. which should properly be responsible for a custodial function such as safekeeping of unclaimed checks. as well as conduct operational and management audits. No. if audit risk is low. These three risks are (1) inherent risk.accumulate manufacturing costs for all goods produced. as well as maintain records on job positions and employees. The risk of a material misstatement is the calculated result of the multiplication of three risk factors. The Cashier Department is a part of the treasury function.maintain the physical inventory and related stock records of finished goods. Thus.place orders for materials and supplies. Timekeeping -. and (3) detection risk. Audit risk and materiality are used to determine the nature. because confirmation from the custodian does not prove that the inventory is physically present. and extent of audit procedures to be completed. the risk that is natural in an element of the financial statements or the function being audited. assuming that there are no controls). D. timing. the auditor is more likely to consider the error to be material even though the amount of the error is small. The risk of a material misstatement is the calculated result of the multiplication of three risk factors. Since related party transactions have a higher inherent risk than other transactions. and (3) detection risk. When audit risk is higher. assuming that there are no controls.Part 1 : 11/11/10 07:44:32 in an element of the financial statements or the function being audited. Audit risk and materiality are used to determine the nature. when in reality there is one or more than one material misstatement. and (3) detection risk (the risk that an auditor will not detect a material misstatement in the financial statements through their audit testing). B. the audit risk will be higher than with other transactions. an auditor is more likely to consider the error to be material. the risk that an internal control will not prevent or detect a material misstatement in a timely manner. as well as their evaluation. When audit risk is higher. Since related party transactions have a higher inherent risk than other transactions. Therefore. Regular reconciliation of physical inventories to accounting records.CIA 1194 I-26 . B. These three risks are (1) inherent risk (the risk that is natural in an element of the financial statements or the function being audited. Increases in insurance coverage. the risk that an auditor will not detect a material misstatement in the financial statements through their audit testing. and extent of audit procedures to be completed. (2) control risk. and extent of audit procedures to be completed. (c) HOCK international. (2) control risk. as well as their evaluation. C. These three risks are (1) inherent risk. page 8 . Audit risk is the risk that an auditor will give an unqualified (everything is fine) opinion. when in reality there is one or more than one material misstatement. Audit risk is the risk that an auditor will give an unqualified (everything is fine) opinion. (2) control risk (the risk that an internal control will not prevent or detect a material misstatement in a timely manner). the audit risk will be higher than with other transactions. Audit risk is the risk that an auditor will give an unqualified (everything is fine) opinion. Audit risk and materiality are used to determine the nature. timing. Reconciliations of transfer slips to/from the warehouse with inventory records. Since related party transactions have a higher inherent risk than other transactions. assuming that there are no controls. assuming that there are no controls. Question 16 . (2) control risk. the risk that an internal control will not prevent or detect a material misstatement in a timely manner. Confirmation of the amount on hand from the custodian of the warehouse does not substitute for taking a physical inventory. and (3) detection risk. the risk that an auditor will not detect a material misstatement in the financial statements through their audit testing. the risk that is natural in an element of the financial statements or the function being audited.Internal Control Management can best strengthen internal control over the custody of inventory stored in an off-site warehouse by implementing A. Since related party transactions have a higher inherent risk than other transactions. B. an auditor is more likely to consider the error to be material. the auditor is more likely to consider the error to be material. Therefore. The risk of a material misstatement is the calculated result of the multiplication of three risk factors. as well as their evaluation. the audit risk will actually be higher than with other transactions and will increase with further transactions with the same stockholder. the risk that an auditor will not detect a material misstatement in the financial statements through their audit testing. timing. the audit risk will actually be higher in this situation. the risk that an internal control will not prevent or detect a material misstatement in a timely manner. when in reality there is one or more than one material misstatement. A. Reconciliation of transfer slips with inventory records is not the same as reconciliation of physical inventory with inventory records in the accounting system. These three risks are (1) inherent risk. Regular confirmation of the amount on hand with the custodian of the warehouse. D. The risk of a material misstatement is the calculated result of the multiplication of three risk factors. C. Damages are something sought by private parties in civil lawsuits. The SEC may perform an investigation and seek an injunction. Question 18 . C. Damages and injunctive relief by the Securities and Exchange Commission.Internal Audit Which of the following situations is most likely to be the subject of a written interim report to management of a department being audited? A. if there is a need to change the scope of the audit. D. A. if a business makes too many claims against its insurance. A. Injunctive relief by a private party. an action may be brought that seeks A. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. B. Criminal sanctions against both the corporation and its officers by the Department of Justice. Insurance can reimburse a business after a loss but it does not strengthen internal control over custody of inventory. 70% of the planned audit work has been completed with no significant adverse findings. if there is a need to change the scope of the audit.Part 1 : 11/11/10 07:44:32 C.CPA 1182 L-30 . D.Internal Control Under the Foreign Corrupt Practices Act (FCPA). Regular physical inventory should be taken and the results compared with accounting inventory records. C. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. if there is a need to change the scope of the audit. if there is a need to change the scope of the audit. or simply to keep people informed when the audit process is a long one. or simply to keep people informed when the audit process is a long one. Furthermore. Open burning at a subsidiary plant is a possible violation of pollution regulations. because it is something that needs to be addressed immediately. D. but it is the Justice Department that seeks penalties. B. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. No significant adverse findings after 70% of the planned audit work has been completed is not a situation in which an interim report should be issued.CIA 1187 I-42 . D. C. it is not a situation in which an interim report should be issued. Open burning at a subsidiary plant which is a possible violation of pollution regulations is a situation in which an interim report is indicated. While an indication of possible fraud implies that additional investigation is required. page 9 . The auditors have decided to substitute survey procedures for some of the planned detailed review of certain records. Treble damages by a private party. The auditors' decision to substitute survey procedures for some of the planned detailed review of certain records is not a situation in which an interim report should be issued. or simply to keep people informed when the audit process is a long one. The audit program has been expanded because of indications of possible fraud. B. and the FCPA does not make any provision for individuals to bring actions. (c) HOCK international. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. or simply to keep people informed when the audit process is a long one. Question 17 . its insurance premiums may become prohibitively high or insurance may be unobtainable at any cost. SEC enforcement action can result in monetary fines. the price charged is whatever price is in effect at that time. Assurance that published financial statements are correct. Customers could systematically be charged lower prices. Internal audit activities can assist the management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls with the goal of continuous improvement. imprisoned for up to five years. any individual making or authorizing an illegal payment may be personally fined up to $100.CIA 1194 I-45 . D. it can have its export license privileges revoked or suspended. C. Operators could give competitors notice of the promotional prices. The retailer runs frequent price promotions.Internal Control A retailer of high-priced durable goods operates a catalog-ordering division that accepts customer orders by telephone. C. Frequent price changes will not overload the order entry system. it could incur shareholder lawsuits. There is nothing in this arrangement that would cause systematic undercharges. Criminal sanctions against both the corporation and its officers may be imposed by the Department of Justice. D. as it could occur regardless of who was responsible for the job. B. Question 19 . page 10 . B. or both. D. The risk of this practice is that A.CMA 682 3-17 . Assurance that the organization is complying with legal requirements. and it could sustain long-term damage to its reputation. a systematic overcharge or undercharge could occur. B. the telephone operators enter the promotional prices. In addition. Assurance that fraudulent activities will be detected. If the operators failed to enter a promotional price or failed to change the promotional price back to the regular price. A. the company can be suspended or barred from participation in government contracts. When orders are entered into a system. During these times.Internal Audit From a modern internal auditing perspective. This would be of concern with any inventory item. This is an example of the importance of segregation of duties. In addition to fines of up to $2 million against the company. There is no provision in the FCPA for actions brought by private parties. that operator could temporarily change a price without authorization and then make a prearranged sale of the item to a friend.000 against the firm and/or any individual may also apply. D. However. There is no provision in the FCPA for actions brought by private parties. Having operators enter price changes into the system would not give operators any advantage if they wanted to give competitors notice of the promotional prices. C. A. If an operator who makes sales has the authority to also change prices in the system. Civil penalties of up to $10. (c) HOCK international. C. Operators could collude with outsiders for unauthorized prices. Assurance that there is reasonable control over day-to-day operations.Part 1 : 11/11/10 07:44:32 B. which one of the following statements represents the most important benefit of an internal auditing activity to management? A. but it is even more of a concern when the product being sold is a high-priced consumer item. Question 20 . Frequent price changes could overload the order entry system.000. that would not be unique to the practice of using operators to change prices. Approval of engagement work programs. Development of the annual engagement work schedule. Question 22 . Approval of the engagement work programs will be the responsibility of the IAA staff. D. Developing the annual engagement work schedule is the responsibility of the chief audit executive and IAA staff. The operations of the treasury function as documented during the last engagement. B. Internal audit activities cannot assure that fraudulent activities will be detected. reported audit findings emerge by a process of of comparing "what should be" with "what is". Question 21 . Codification of best practices of the treasury function in relevant industries is a good criterion against which to judge current operations. D. Organizational policies and procedures delegating authority and assigning responsibilities are a good criterion against which to judge current operations. B. D. Independence is enhanced if the audit committee either approves or dismisses the chief audit executive. Since the operations of the treasury function as documented during the last engagement may not have been in compliance with organizational policies and procedures. C. C. C. Approval of the selection and dismissal of the chief audit executive. A. The audit committee is a subcommittee of the board and is made up of outside directors. In determining "what should be" during an audit of a company's treasury function. Internal audit activities cannot assure compliance with legal requirements.Internal Control An audit committee of the board of directors of an organization is being established.CIA 1191 I-4 . Codification of best practices of the treasury function in relevant industries. C. Internal audit activities cannot assure that published financial statements are correct. D.Part 1 : 11/11/10 07:44:32 B.Internal Audit According to the relevant Standards. A. Company policies and procedures delegating authority and assigning responsibilities. Textbook illustrations of generally accepted good treasury function practices are good criteria against which to judge current operations. C. Finance textbook illustrations of generally accepted good treasury function practices. (c) HOCK international. which of the following would be the least desirable criteria against which to judge current operations? A. B.CIA 1196 II-11 . The determination of engagement observations for specific engagement communications will be the responsibility of the IAA staff. D. these operations are not a desirable criterion against which to judge current operations. Determination of engagement observations appropriate for specific engagement communications. Which of the following is normally a responsibility of the committee with regard to the internal audit activity? A. page 11 . B. Programmers have access to change programs and data files when an error is detected.CMA 1290 4-21 . D. the programmer should have no further access to the program or to the data files. C. Project leaders and programmers. B. C. This is not the most critical aspect of separation of duties with information systems. Programmers are the individuals who write. test and document the systems. tested and documented. passwords and restricted rights. B. g. Any and all changes in applications programs have the authorization and approval of management. If any change is necessary. D. corporations to maintain systems of internal control that meet certain minimum standards. This is not the most critical aspect of separation of duties with information systems. Preventive controls are an integral part of virtually all accounting processing systems. Computer operators should not have programming functions and should not be able to program. This is not the most critical aspect of separation of duties with information systems. Provisions exist to ensure the accuracy and integrity of computer processing of all files and reports. D. Documentation of policies and procedures. page 12 . or destruction. B.Part 1 : 11/11/10 07:44:32 Question 23 . Computer operators perform the actual operation of the computers for processing the data. once a program has been written. modification.Internal Control The reporting of accounting information plays a central role in the regulation of business operations.CMA 1290 4-22 . represent good internal control.. Which one of the following is not an essential element of a sound preventive control system? A. It is essential that any and all changes in applications programs have the authorization and approval of management. Provisions exist to ensure the accuracy and integrity of computer processing of all files and reports. A.S. not a lack of internal control. B. Management and users. test and document the systems. C. management should authorize and approve the change.Segregation of Duties The most critical aspect of separation of duties within information systems is between A. (c) HOCK international. Programmers and systems analysts. Provisions exist to protect data files from unauthorized access. A. However. Question 24 .CMA 1287 5-17 . Programmers should not have access to the computers and programs that are in actual use for processing. Question 25 . The most critical separation of duties is between programmers and computer operators.Systems Control Which one of the following represents a lack of internal control in a computer-based system? A. The importance of sound internal control practices is underscored by the Foreign Corrupt Practices Act of 1977 which requires publicly owned U. C. and much of the information generated by the accounting system is used for preventive control purposes. Programmers are the individuals who write. Programmers and computer operators. D. Question 26 . C. competent people are hired and retained. (c) HOCK international. and they follow up on violations. A. Documented policies and procedures are an important part of a sound control system. Engagement plan.Part 1 : 11/11/10 07:44:32 B. The auditor is not relieved of the tasks of investigating exceptions. without exception. a person could commit a fraud and conceal it. D. GAS is designed to permit auditors to process data needed in audits. because without such separation of responsibilities. and all individuals in the organization realize that they will be held accountable. Question 27 . verifying sources of information. Organizations with effective control environments transmit guidance to their employees both verbally and by example. Relieves an auditor of the typical tasks of investigating exceptions. Is a form of auditing around the computer. custodial. verifying sources of information.Internal Audit Which of the following is a proper element in an audit findings section of a report? A. communicating the entity's values. Sound personnel practices contribute to sound control systems. and search the data files for unusual items. Implementation of state-of-the-art software and hardware is not necessary for an organization to have a sound control system. and evaluating reports because of the use of a generalized audit software package. Is a major aid in retrieving information from computerized files.Internal Audit The use of a generalized audit software package A. B. and disciplinary actions are taken when employees fail to report them. Formal and clearly communicated policies and procedures that result in shared values and teamwork are followed at all times. Implementation of state-of-the-art software and hardware. The competence level needed for particular jobs is specified. B. C. GAS packages can select sample data from data files. Separation of responsibilities for the recording. Overcomes the need for an auditor to learn much about computers. There are mechanisms to encourage employee reporting of suspected violations. Formal and clearly communicated policies and procedures that result in shared values and teamwork should be followed at all times. Internal control is an explicit or implicit part of everyone's job description. Sound personnel practices. D. B. and evaluating reports. In order to use generalized audit software. and authorization functions is an essential element of a sound preventive control system.CMA 1284 5-28 .CIA 1190 II-43 . Separation of responsibilities for the recording. check computations. Personnel used. Generalized Audit Software (GAS) enables auditors to access client data. B. Use of a generalized audit software package provides a means to use the computer in audits. page 13 . standards and code of conduct. C. custodial. and authority and responsibility are appropriately assigned. D. A. not to audit around the computer. D. C. an auditor must have some knowledge of computers. and authorization functions. without exception. A. The receiving department is given a copy of the purchase order complete with a description of goods. Determine the accuracy of the system used to record actual costs. The purpose of an operational engagement is to assist management in its evaluation of effectiveness and efficiency. C. A. Status of findings from prior reports. A. Significance of deficiencies. D.CIA 589 II-10 . Purchasing should not be done by individual department managers.. Assist management in its evaluation of effectiveness and efficiency. and the quality of performance in carrying out assigned responsibilities. The status of findings from prior reports (i.e.CIA 1191 I-17 . B. which should be responsible for issuing a purchase order. Individual managers should not be responsible for the movement of merchandise because the receiving department should move the merchandise to a storage area. B. The purpose of this engagement procedure is to A.Part 1 : 11/11/10 07:44:32 C. D. C. Measure the effectiveness of the standard cost system. A comparison (c) HOCK international. and extended price for all merchandise ordered. C. The individual department managers should instead prepare purchase requisitions and send them to the purchasing department. The treasurer's office should prepare vendor checks (the custody function). Question 29 . made during the preliminary survey of a local department store's disbursement cycle.Internal Control Which of the following observations.Internal Audit An operational engagement relating to the production function includes a procedure to compare actual costs with standard costs. The engagement plan does not belong in the audit findings section of the audit report. Assess the reasonableness of standard costs. while accounting for payables is a recording function. reflects a control strength? A. Personnel used does not belong in the audit findings section of the audit report. Individual department managers use prenumbered forms to order merchandise from vendors. page 14 . D. An operational engagement is concerned with examining and evaluating systems of internal control. D. The treasurer's office prepares checks for suppliers based on vouchers prepared by the accounts payable department. B. This enhances the probability that the receiving department will submit the correct count. Question 28 . B. C. The copy of the purchase order that the receiving department has should not include the quantity ordered or the unit or extended prices. D. quantity ordered. Individual department managers are responsible for the movement of merchandise from the receiving dock to storage or sales areas as appropriate. corrective actions taken) does not belong in the audit findings section of the audit report. The significance of deficiencies found is an audit finding and does belong in the audit findings section of the audit report. overall company operations. B. B. C.Part 1 : 11/11/10 07:44:32 between actual costs and standard costs will not necessarily fulfill that purpose. and the quality of performance in carrying out assigned responsibilities. Question 30 . B. An operational engagement is concerned with examining and evaluating systems of internal control. The purpose of an operational engagement is to assist management in its evaluation of effectiveness and efficiency. Repeal the bylaws. a corporation's board of directors has the power to do all of the following. it would not be appropriate to make a report to management and the board at that stage.Internal Audit Internal auditors are responsible for reporting fraud to senior management and the board when A. Reporting of suspicious acts should alert an auditor to do some preliminary investigating. The purpose of an operational engagement is to assist management in its evaluation of effectiveness and efficiency. However. A. A comparison between actual costs and standard costs will not necessarily fulfill that purpose. An operational engagement is concerned with examining and evaluating systems of internal control. The review of all suspected fraud-related transactions is complete. D. A comparison between actual costs and standard costs will not necessarily fulfill that purpose. C.CPA 590 L-7 . overall company operations. The purpose of an operational engagement is to assist management in its evaluation of effectiveness and efficiency. Fix compensation of directors.Internal Control Absent a specific provision in its articles of incorporation. except A. D. The board does have the power to repeal the bylaws. Question 31 . D. An operational engagement is concerned with examining and evaluating systems of internal control. page 15 . The power to merge the corporation with another entity belongs to the shareholders. he or she should determine the possible effects and discuss the matter with the appropriate level of management. When an internal auditor suspects fraud. Declare dividends. B. Irregular transactions have been identified and are under investigation. The board does have the power to fix compensation of directors. Merge the corporation with another entity. overall company operations. Suspicious activities have been reported to the internal auditors. The board does have the power to declare dividends. and the quality of performance in carrying out assigned responsibilities. overall company operations. C. A. Reporting to management and the board should occur when the incidence of significant fraud has been established to a reasonable certainty. D. A comparison between actual costs and standard costs can be used to fulfill that purpose. The incidence of significant fraud has been established to a reasonable certainty. C. and the quality of performance in carrying out assigned responsibilities. the (c) HOCK international.CIA 1192 II-49 . However. B. who should then initiate an investigation. C. C. it would not be appropriate to make a report to management and the board. The best systems control to detect this error would be A. D. If a purchase order number were omitted. Question 32 .CIA 591 I-23 . such as total sales dollars in a batch of billings. a batch control total would not detect the omission. Batch control totals are any type of control total or count applied to a specific group of transactions. It is appropriate to require supervisory approval of employee time cards. If the purchase order number were omitted. If the purchase order number were omitted. C. A sequence check is a type of verification that is performed to help ensure that data is in the proper order. it would do nothing to ensure that their payroll checks are drawn for properly authorized amounts. D. Completeness test. Witness the distribution of payroll checks. While conducting periodic floor verification of employees on the payroll will confirm that the employees exist. Reasonableness test. C. because supervisors are in a position to know whether their employees' time is being reported accurately. a sequence check would not detect the omission. Require supervisory approval of employee time cards. Batch total. Require that undelivered checks be returned to the cashier. a reasonableness test would not detect the omission.Internal Control A means of ensuring that payroll checks are drawn for properly authorized amounts is to A. Batch control totals are used to ensure that all input is processed correctly by the computer. D. B. Until the irregular transactions have been investigated further. A. D. A. Conduct periodic floor verification of employees on the payroll. but they will not detect missing input. C.CMA 1287 5-16 . B. While requiring undelivered checks to be returned to the cashier is a good control procedure. page 16 .Systems Control An employee in the receiving department keyed in a shipment from a remote terminal and inadvertently omitted the purchase order number. (c) HOCK international. D. a completeness test would detect the omission and give the user a message that the input was missing. Question 33 . Witnessing the distribution of payroll checks does not ensure that the payroll checks are for the correct amounts.Part 1 : 11/11/10 07:44:32 internal auditor should have solid reasons to suspect that fraud has taken place before reporting it to management and the board. Sequence check. B. If a purchase order number were omitted. it does nothing to ensure that the payroll checks are for the proper amounts. B. A completeness test is an input validation routine that checks and ensures that data is input into all required fields. A reasonableness test ensures that only data within predefined limits will be accepted by the system. A company can select the set of control policies and procedures that optimize computer security relative to cost. It is not possible to identify all possible threats associated with data processing equipment.CIA 1187 I-41 . Direct senior management to corrective actions. A. D. This is done by means of a written.Internal Audit The primary reason for having written formal internal audit reports is to A. formal internal audit report. All possible threats associated with the data processing equipment are identified. An audit report does not need to be a written.Internal Audit An internal auditor would trace copies of sales invoices to shipping documents in order to determine that A. along with suggestions and recommendations for improvement. B. and integrity of the data while balancing the costs against the benefits. this is not the primary reason for having written. page 17 . formal internal audit reports. Developing a computer security plan gives management the opportunity to select the set of control policies and procedures that will safeguard physical facilities and provide for the safety. that does not mean it has been implemented or that user departments can be assured of anything. C. Just because a computer security plan has been developed. While the external auditors may review internal audit reports in order to determine their potential reliance on the internal auditors for their independent audit. B. Question 36 .CMA 685 5-25 . C. Shipments to customers were also recorded as receivables. B.Systems Control Which one of the following is the best reason for developing a computer security plan? A. B.Part 1 : 11/11/10 07:44:32 Question 34 . Question 35 . C. B. C. The user departments can be assured that control policies are in place and their data files are secure. Recovery from the damage associated with any identified threats can be assured. along with suggestions and recommendations for improvement. C. It is not possible to have complete assurance of recovery from damage associated with any identified threats. The internal auditor has no authority to direct senior management to take corrective action. (c) HOCK international. Provide a formal means by which the external auditor assesses potential reliance on the internal audit department. D. Record findings and recommended courses of action. D. D. Customer shipments were billed. A. Provide an opportunity for auditee response. formal report in order for the auditee to provide a response. privacy. It is the responsibility of internal auditors is to compare "what is" with "what should be" and report to management their findings.CIA 592 I-23 . The responsibility of internal auditors is to compare "what is" with "what should be" and report to management their findings. Sales that are billed were also shipped. Hiring employees and authorizing changes to pay rates. A manager who has the authority to hire a person usually also has the authority to determine changes to the person's rate of pay. A time card may be falsified by having another employee punch it. if the paychecks are legitimate and are truly unclaimed. C.CIA 1188 II-24 . C.Segregation of Duties One payroll audit objective is to determine if there is proper segregation of duties. Tracing copies of sales invoices to shipping documents will not determine that the subsidiary accounts receivable ledger was updated. Keeping unclaimed paychecks in a vault will not ensure that employees are paid only for work actually performed. (c) HOCK international. C. Signing and distributing payroll checks. within company guidelines. C. B.CIA 1186 I-9 .Part 1 : 11/11/10 07:44:32 D. B.Internal Control Management wishes to include in its internal controls over factory payroll a procedure to ensure that employees are paid only for work actually performed. Tracing copies of sales invoices to shipping documents will not determine that all shipments to customers have also been recorded as receivables. B. most states have escheat laws that require unclaimed property to be turned over the state after a period of time. this procedure would not determine that all shipments to customers have been billed. Keep unclaimed paychecks in a vault. Since the tracing is starting with copies of sales invoices and then comparing them to shipping documents. B. Having supervisors distribute paychecks to their employees will not ensure that employees are paid only for work actually performed. Comparing piecework records with inventory additions is a cross-check on factory production performed. Question 38 . Preparing the payroll and filing payroll tax forms. which of the following internal control actions would be most appropriate? A. A. If employees are being paid on a piece-work basis. A. Use time cards. D. B. A. If all the invoices in the sample can be correctly matched with shipping documents then there is some assurance that all or most items billed are also shipped. Have supervisors distribute paychecks to employees in their sections. The person who prepares attendance data should not be the same person who also prepares the payroll. D. Furthermore. Question 37 . Which of the following activities is incompatible? A. D. D. The subsidiary accounts receivable ledger was updated. To meet this objective. page 18 . Compare piecework records with inventory additions from production. Preparing attendance data and preparing the payroll. this could be used to ensure that payments are made only for work performed. The follow-up actions were not adequate.Internal Control Which of the following controls would most likely minimize defects in finished goods because of poor quality raw materials? A. Which of the following standards has been disregarded in the above case? A. Signing payroll checks and distributing them may be performed by the same person with no concerns for internal control objectives. B. Timely follow-up on unfavorable usage variances.CIA 593 I-40 . Question 39 . C. It is at best a detective control. The person who prepares the payroll is in the best position to file payroll taxes. incorporated the internal auditors' recommendations to store management that should prevent duplicate credits to customers' accounts. Proper handling of work-in-process inventory to prevent damage. While proper handling of work-in-process inventory is important. which may identify poor quality materials that may be causing unfavorable usage variances. alerting them to the duplicate credit problem. Question 40 . The final engagement communication was not timely.Internal Audit The internal audit activity for a chain of retail stores recently concluded an engagement to evaluate sales adjustments in all stores in the Southeast region. (c) HOCK international. A. The final engagement communication published 8 weeks after the engagement was concluded. C. Timely follow-up on unfavorable usage variances is at best a detective control.Part 1 : 11/11/10 07:44:32 because of the opportunity to create a fictitious employee and then pay that fictitious employee without it being noticed. Internal auditor recommendations should not be included in the final engagement communication. page 19 . Implementation of specifications for purchases. A. B. so the adequacy of follow-up actions cannot be evaluated. and there is no incompatibility between those two functions that would violate proper segregation of duties.CIA 1190 II-9 . Determination of spoilage at the end of the manufacturing process. Determination of spoilage after production is complete will not minimize defects caused by poor quality raw materials. D. C. as it should limit the purchase of defective raw materials. Developing and implementing specifications for purchases of raw materials is a preventive control. The internal auditors should have implemented appropriate corrective action as soon as the duplicate credits were discovered. The engagement revealed that several stores are costing the organization substantial sums in duplicate credits to customers' charge accounts. No information is given on follow-up actions. An oral report or interim written report should have been issued immediately to management. D. B. B. D. this will not ensure that raw materials are not of poor quality. It will not minimize defects caused by the poor quality raw materials. and it will not minimize defects caused by poor quality raw materials. Waiting until 8 weeks after the engagement to communicate recommendations regarding the problem was unacceptable. C. D. A. Foreign currency translation rates are set by the market and can be checked and verified. B. Internal auditors make recommendations. The full audit report should be distributed to everyone who has a direct interest in the audit. If the same person were to perform both of these functions. whereas reconciling the bank statement is a reconciliation function. The person making wire transfers not reconcile the bank statement. Question 42 . Internal auditor recommendations should be included in the final engagement communication. The hiring of individual branch employees be approved by the headquarters office. persons responsible for the activities or operations audited. The branch manager not deliver payroll checks to employees. D.CIA 593 I-36 . Audit committee of the board of directors. and people who will need to take corrective action as a result of the audit. the person to whom people will reply about the report. D. D. Effective internal control requires that A. This includes (c) HOCK international. Question 41 . Distributing payroll checks to employees is a custody function. The full audit report should be distributed to everyone who has a direct interest in the audit.Internal Control A multinational corporation has an office in a foreign branch with a monetary transfer facility. This includes the executive or executives to whom internal audit reports.CIA 1190 I-18 . Making disbursements is a custody function. D. B. C. B. The treasurer is not responsible for the payroll function. persons responsible for the activities or operations audited. Payroll manager. C. page 20 . These weaknesses along with recommendations for corrective actions were addressed in the final engagement communication. but they are not computed.Part 1 : 11/11/10 07:44:32 C. Assuming the branch manager does not have any other duties that are incompatible with performing a custody function. the person to whom people will reply about the report. Foreign currency translation rates be computed separately by two branch employees in the same department. C. This communication should be most useful to the organization's A. Treasurer.Internal Audit An engagement performed at an organization's payroll department has revealed various control weaknesses. and people who will need to take corrective action as a result of the audit. The president is not responsible for the payroll function. that person could have an opportunity to misappropriate funds and conceal the misappropriation. there is nothing wrong with the branch manager distributing payroll checks to employees. Having the headquarters office approve the hiring of individual branch employees does not relate to internal control but rather to where authority in the organization is assigned. C. People who make disbursements should not also reconcile the bank statement. A. B. they do not implement corrective action. The full audit report should be distributed to everyone who has a direct interest in the audit. This includes the executive or executives to whom internal audit reports. President. preparing source documents. and (4) The periodic reconciliation of the physical assets to the recorded (c) HOCK international. B. the custody of the payroll checks (which by themselves are not assets) is a recordkeeping function. maintaining journals. the person to whom people will reply about the report. Preparation of paychecks and check distribution. persons responsible for the activities or operations audited.Part 1 : 11/11/10 07:44:32 the executive or executives to whom internal audit reports. persons responsible for the activities or operations audited. The following four functions must always be done by different people: (1) Authorizing a transaction. these two jobs should be performed by different people.CIA 1190 II-8 . (3) Keeping physical custody of the related asset for instance. the person to whom people will reply about the report. The full audit report should be distributed to everyone who has a direct interest in the audit. page 21 . The audit committee of the board of directors is not responsible for the payroll function. The approval of the supervisor on time cards of employees supervised should prevent employees being paid for hours they did not work. A. D. Which of the following could result? A. Timekeeping and preparation of payroll journal entries. C. Payroll checks might not be distributed to the appropriate payees. Employees might be paid for hours they did not work. D. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. Payroll checks would not be distributed to the wrong employees as a result of the supervisor failing to approve employee time cards. (2) Recording the transaction. receiving checks in the mail. D. receiving checks in the mail.Internal Control An internal auditor found that employee time cards in one department are not properly approved by the supervisor.Segregation of Duties One characteristic of an effective internal control structure is the proper segregation of duties. A. C. Thus. Duplicate paychecks would not be issued as a result of the supervisor failing to approve employee time cards. and people who will need to take corrective action as a result of the audit. Approval of time cards and preparation of paychecks. maintaining journals. (2) Recording the transaction. In the example of the combination of signing paychecks and custody of blank payroll checks. (3) Keeping physical custody of the related asset for instance. This includes the executive or executives to whom internal audit reports. The combination of responsibilities that would not be considered a violation of segregation of functional responsibilities is A. B. preparing source documents. B. whereas the signing of the payroll checks is a custodianship function. Question 44 . The following four functions must always be done by different people: (1) Authorizing a transaction. C. Duplicate paychecks might be issued. and people who will need to take corrective action as a result of the audit.CMA 1286 3-29 . Question 43 . The wrong hourly rate would not be used to calculate gross pay as a result of the supervisor failing to approve employee time cards. B. The wrong hourly rate could be used to calculate gross pay. Signing of paychecks and custody of blank payroll checks. The payroll manager has responsibility for the payroll function and thus this communication should be most useful to that person. D. B. However. D. Identify the employees who could be implicated in the case. maintaining journals. According to Professional Standards Bulletin 83-5. and printout controls. approval of time cards comes under the classification of authorizing a transaction. the presence of computerized output does not. both functions fall under the recordkeeping classification and thus they are not incompatible. A. he or she should determine the possible effects and discuss the matter with the appropriate level of management. Input controls. Question 45 . Transaction controls. D. and pre-numbered forms. he or she should determine the possible effects and discuss the matter with the appropriate level of management. echo checks.CMA 693 4-6 . when an internal auditor suspects fraud. C. Question 46 . preparing source documents. For this assurance. and printed output controls. maintaining journals. D. Activity listings. he or she should determine the possible effects and discuss the matter with the appropriate level of management. Thus. these two jobs should be performed by different people. C. B. (c) HOCK international.CIA 1194 I-10 . B. Tape and disk output controls and printed output controls. assure the output's accuracy. when an internal auditor suspects fraud. various controls are needed. In the example of the combination of approval of time cards and preparation of paychecks. The following four functions must always be done by different people: (1) Authorizing a transaction. C. he or she should determine the possible effects and discuss the matter with the appropriate level of management. The following four functions must always be done by different people: (1) Authorizing a transaction.Part 1 : 11/11/10 07:44:32 amounts for those assets. preparing source documents. Determine that a loss has been incurred. these two jobs should be performed by different people.Internal Audit An internal auditor who suspects fraud should A. who should then initiate an investigation. Interview those who have been involved in the control of assets. general controls. C. Recommend whatever investigation is considered necessary under the circumstances. page 22 . and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. In the example of the combination of the timekeeping function with preparation of payroll journal entries. in and of itself. who should then initiate an investigation. who should then initiate an investigation. D. receiving checks in the mail. when an internal auditor suspects fraud. According to Professional Standards Bulletin 83-5. In the example of the combination of preparation of paychecks and check distribution. Thus. (3) Keeping physical custody of the related asset . payroll preparation is a recordkeeping function. (3) Keeping physical custody of the related asset for instance. According to Professional Standards Bulletin 83-5. tape and disk output controls. The major types of controls for this area include A. (2) Recording the transaction. who should then initiate an investigation. When an internal auditor suspects fraud. receiving checks in the mail.for instance. completeness. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. or authenticity. (2) Recording the transaction. whereas preparation of paychecks is classified as recordkeeping. whereas the distribution of payroll checks is a custody function.Systems Control Data processed by a computer system are usually transferred to some form of output medium for storage. or authenticity of computer output. Monthly bank statement reconciliations are detective controls. D. the chief financial officer. such as data observation and recording controls. Thus. The chief financial officer is a vice president who reports to the chief executive officer.CIA 1190 II-7 . C. data transcription controls. B. Recording every transaction on the day it occurs. According to Sarbanes-Oxley. The audit committee of the board consists of the chief executive officer. and a major shareholder. They are important because if data are not input correctly. A bank reconciliation is used to detect errors on either the accountholder's part or on the bank's part after they have occurred. the chief executive officer and the chief financial officer may not be included. Requiring all members of the internal auditing department to be CIAs. or to ensure the occurrence of a desirable event (directive). B. to discover the occurrence of an unwanted event (detective). Recording every transaction on the day it occurs is a preventive control. such as activity (proof) listings and reconciliations. A. Requiring dual signatures on all disbursements over a specific dollar amount is a preventive control. Question 48 . D. or authenticity of computer output. Their objective is to assure the output's validity. Question 47 .Internal Control Which of the following features of a large manufacturer's organizational structure is a control weakness? A. Input controls. accuracy. The controller and treasurer report to the chief financial officer.Internal Control Controls can be classified according to the function they are intended to perform. Transaction controls. the output will not be correct. and completeness. are designed to ensure that the data are entered into the program correctly. and pre-numbered forms do not assure the output's accuracy. to avoid the occurrence of an unwanted event (preventive). the audit committee must consist of directors who are independent of management. experience and professionalism to perform their jobs. Requiring all members of the internal auditing department to be CIAs is a directive control.Part 1 : 11/11/10 07:44:32 A. C.CIA 1192 I-18 . The information systems department is headed by a vice president who reports directly to the president. completeness. Dual signatures on all disbursements over a specific dollar amount. D. Monthly bank statement reconciliations. C. these alone do not assure the accuracy. completeness. such as forms control and output distribution controls. C. and (2) Printed output controls. B. There are two types of output application controls: (1) Validating processing results. general controls. Although tape and disk output controls and printed output controls are major types of controls for output. for example. completeness. page 23 . D. A. B. Output controls are used to check that input and processing has resulted in valid output. and edit tests. (c) HOCK international. and printout controls do not assure the accuracy. It increases the probability that the internal auditors will have the requisite knowledge. Activity listings. or authenticity. Which of the following is a directive control? A. echo checks. not directive controls. who is unable to read. D. It is appropriate for the controller and the treasurer to report to the chief financial officer. C.Part 1 : 11/11/10 07:44:32 B. Which one of the following scenarios is the result of an inherent limitation of internal control? A.Internal Control The internal auditor recognizes that certain limitations are inherent in any internal control system. D. This is an inherent limitation of internal control. If two employees (the security guard and the warehouse employee) collude to defraud their employer. (c) HOCK international. without credit approval. is assigned custody of the firm's computer tape library and run manuals that are used during the third shift. and the goods are segregated for distribution to stores. C. This is not an inherent limitation of internal control. The marketing department is responsible for Conducting marketing surveys Recommending locations for new store openings Ordering products and determining retail prices for the products Developing promotion and advertising for each line of products Determining the pricing of special sale items The marketing department has separate product managers for each product line. Each product manager is given a purchasing budget by the marketing manager. B.CIA 1187 I-10 . Question 49 . It is appropriate for the chief financial officer to report to the chief executive officer. Therefore. The firm sells to customers on account. The comptroller both makes and records cash deposits. A subsection of the department does marketing surveys.CIA 595 I-12 . An employee. D. C. a control based on segregation of functions can be rendered ineffective. it is not an inherent limitation of internal control. retail prices are marked on the product. Question 50 . the product managers also determine the timing and method of product delivery. Assignment of an employee who is unable to read to a job requiring reading is avoidable through adequate testing of potential employees. It is appropriate for the vice president in charge of information systems to report directly to the president. This is not an inherent limitation of internal control. Products are delivered to a central distribution center where goods are received. Product managers are not rotated among product lines because of the need to acquire product knowledge and to build relationships with vendors. A security guard allows one of the warehouse employees to remove company assets from the premises without authorization. because it could and should be avoided through adequate segregation of duties. A. because it could and should be avoided through adequate credit approval of sales.Internal Control ABC is a major retailer with over 52 department stores. B. In addition to ordering and pricing. page 24 . Receipts are recorded at the distribution center. C. B. The product manager negotiates the purchase price and sets the selling price. Since product managers are responsible for negotiating purchase prices and setting selling prices. B. There should be a receiving function at each individual store to make sure that products shipped to the stores are received. B. Items could be lost in transit or deliberately diverted by an employee with knowledge that there was no check on the receipt of items. Question 51 . The store manager can require items to be closed out. Since many products are seasonal. Personnel policies and practices are a part of the control environment. this practice will maximize profits. Yes / Yes B. No / No A. but detection risk is not.CPA 1194 A-29 .Internal Control Which of the following are considered control environment factors? Detection Risk / Personnel Policies and Practices A. The receiving reports from the individual stores should be compared with shipping reports of items shipped to the stores to detect any discrepancy. No / Yes C. A. thus the company has not found the need to maintain a receiving function at each store. D. Which of the following best describes how the CAE should proceed? (c) HOCK international. Personnel policies and practices are part of the control environment. For the company as a whole. and personnel policies and practices are part of the control environment. D.Part 1 : 11/11/10 07:44:32 Receiving documents are created by scanning in receipts. D. Detection risk is not part of the control environment. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. it is appropriate that the seasonal products be cleared out in a timely manner to make space for the next season's products. There is no receiving function located at individual stores. the number of items scanned in are reconciled with the price tags generated and attached to products. it is appropriate that they be evaluated according to gross profit generated by their product lines. Question 52 . A control deficiency associated with the given scenario is A. while personnel policies and practices are a part of the control environment. C. Since product managers are evaluated on gross profit generated by the product(s) they manage. This establishes accountability.CIA 586 II-8 . thus affecting the potential performance evaluation of individual product managers. The average product spends between 12 and 72 hours in the distribution center before being loaded on trucks for delivery to each store. page 25 . Detection risk is not part of the control environment. C. it is appropriate that the product managers negotiate the purchase prices and set the selling prices.Internal Audit The chief audit executive uncovers a significant fraudulent activity that appears to involve the executive vice president to whom the CAE reports. Yes / No D. when an internal auditor suspects fraud.Systems Control Occasionally. he or she should determine the possible effects and discuss the matter with the appropriate level of management. D. B. According to Professional Standards Bulletin 83-5. Correction is not the same as undoing an incorrect update to a database once it has been done. B. Notify regulatory authorities and police. Updating from privileged utilities. Conduct an investigation to ascertain whether the executive vice president is involved in the fraudulent activity. According to Professional Standards Bulletin 83-5. Recovery. Prevention. incorrect data. D. Prevention of errors is not the same as undoing an incorrect update to a database once it has been done. C. A. B. C. B. D.Part 1 : 11/11/10 07:44:32 A. the database administrator should ensure that database system features are in place to permit A. who should then initiate an investigation. Correction. Detection.CIA 596 III-51 . Access only to authorized logical views.Systems Control To properly control access to accounting database files. who should then initiate an investigation. when an internal auditor suspects fraud. B. page 26 . C. The feature of a system that allows the user to undo the mistake is classified as error is A. when an internal auditor suspects fraud. he or she should determine the possible effects and discuss the matter with the appropriate level of management. who should then initiate an investigation. According to Professional Standards Bulletin 83-5. a database user may send an incorrect update to the database. when an internal auditor suspects fraud. Detection of errors is not the same as undoing an incorrect update to a database once it has been done. he or she should determine the possible effects and discuss the matter with the appropriate level of management. Question 53 . If an error recovery process is included in a database. A. D. User updates of their access profiles. Undoing the update is difficult because the old data have been replaced by the new. (c) HOCK international. he or she should determine the possible effects and discuss the matter with the appropriate level of management. Read-only access to the database files. Report the facts to the chief executive officer and the audit committee. C.CIA 1191 III-27 . who should then initiate an investigation. D. the updating transaction and before and after images are logged so that the transaction can be undone. Interview the executive vice president to obtain essential evidence. According to Professional Standards Bulletin 83-5. Question 54 . C. C. they should not have access that permits them to update the data in the files. A. C. Users should not have the ability to update their access profiles because that is a function of the database administrator or other authorized manager. Cold site.Systems Control A critical aspect of a disaster recovery plan is to be able to regain operational capability as soon as possible. Parallel system. The mailing of payments directly to payees by accounting personnel. B. an organization can have an arrangement with its computer hardware vendor to have a fully operational facility available that is configured to the user's specific needs. C. B. A hot site is a backup facility that has a computer system that is similar to the one used regularly and is fully operational and thus immediately available. A requirement for double endorsement of checks. This is best known as a(n) A. The voucher and all supporting documents should be cancelled by personnel in the treasurer's office at the time the check is signed. access to an accounting database is controlled by limiting the access for each user. A cold site is a facility that can be used to install computer equipment if needed.Part 1 : 11/11/10 07:44:32 A. C. or logical views. not how the data is physically arranged and stored. The cancellation of vouchers by accounting personnel. Requiring two signatures on a check would not prevent resubmission and double paying of vendor invoices after they have been paid. The account payable personnel should not have access to checks after they have been signed. Hot site. but it is not fully operational. Question 55 . An uninterruptible power system (UPS) is a backup power source that kicks in automatically in the event of a power outage to prevent loss of data. In order to accomplish this. A parallel system is a system that is identical to the main system. Therefore. B. A. This will prevent the documents from being resubmitted for duplicate payment.CMA 686 3-20 . However. B. Read-only access to database files would prevent the files from being updated as necessary. page 27 . D. The cancellation of vouchers by treasurer personnel. D. D. (c) HOCK international.Internal Control The procedure that would best discourage the resubmission of vendor invoices after they have been paid is A. Cancellation of vouchers should not take place until the check in payment of the invoice has been signed. Question 56 . A logical view of data is how the data appears to be arranged. function or application to certain data. C. Uninterruptible power system. B. D. Privileged utilities are utilities that have access to files because of their function as utilities. D.CMA 696 4-14 . It is a control total. A check digit is used for determining whether a number has been input properly. not an operational audit. and reprocesses only the transactions that were posted after that checkpoint. overall company operations.CIA 593 I-37 .Systems Control A control designed to catch errors at the point of data entry is A. page 28 . (c) HOCK international. A self-checking digit. overall company operations. if a hardware failure occurs. and the quality of performance in carrying out assigned responsibilities. B. and during that time. D. An operational audit is concerned with examining and evaluating systems of internal control. and the quality of performance in carrying out assigned responsibilities. the company simply reverts to the last saved copy. C. A checkpoint is a control procedure that is performed several times per hour. C. B. D. An operational audit is concerned with examining and evaluating systems of internal control. A checkpoint will not catch errors at the point of data entry. An operational audit is concerned with examining and evaluating systems of internal control. A record count is a total of all the records processed.Internal Audit An operational audit report that deals with the scrap disposal function in a manufacturing company should address A. The efficiency and effectiveness of the scrap disposal function and include any findings requiring corrective action. Whether the scrap material inventory is valued at the lower of cost or market is part of a financial statement audit. and the quality of performance in carrying out assigned responsibilities.Then. B. Question 58 . not an operational audit. The focus of an operational audit is on efficiency. Whether the scrap material inventory is valued at the lower of cost or market. overall company operations. A check digit is a digit that is a function of the other digits within a set of numbers. but it will not catch errors at the point of data entry. Whether the physical inventory count of the scrap material agrees with the recorded amount is part of a financial statement audit. the network system will not accept posting. If a typographical error is made in input. A batch total. not an operational audit. D. An operational audit is concerned with examining and evaluating systems of internal control.CMA 686 5-12 . C. Checkpoints. Auditors will compare the results of the operations with a standard level of behavior or output that has been set. Whether the scrap material inventory is reported as a current asset. and the quality of performance in carrying out assigned responsibilities. A. B. D. This checkpoint is recorded on separate media. but it will not catch errors at the point of data entry. The internal auditor will make recommendations about how to improve the process or operation.Part 1 : 11/11/10 07:44:32 Question 57 . Whether the physical inventory count of the scrap material agrees with the recorded amount. C. A batch total is a total of one field for all items in a batch. It is a control total. the check digit should recognize that something has been input incorrectly. A. effectiveness and economy. It stops and backs up all the data and other information needed to restart the system. overall company operations. A record count. How the scrap material inventory is reported on the financial statements is part of a financial statement audit. and the receiving report is needed so they can be sure the items were received before they are paid for. Reconciliation of the detail of notes receivable and the provision for uncollectible amounts to the general ledger control. For a manufacturing organization. It does not provide evidence of the collectibility of the notes receivable. C. A. D. A history of late payments creates question as to whether any individual note is collectible. However. (c) HOCK international. D. a purchase requisition is needed. it does not provide evidence of their collectibility. C. A receiving report is also required.Internal Audit Which of the following audit procedures provides the best evidence about the collectibility of notes receivable? A. C. a purchase requisition and a purchase order are needed. gives purchasing personnel authority to place an order. Purchase requisitions.CMA 1289 5-1 . authorized by the user department. along with the purchase requisition and the receiving report. Purchase orders. Examination of cash receipts records to determine promptness of interest and principal payments provides the best evidence for the collectibility of the notes receivable. The purchase order. and an inventory report of goods needed is not a required document to control purchasing and accounts payable. Examination of notes for appropriate debtors' signatures. Purchase requisitions. although it may be useful as backup to a purchase requisition. and vendor invoices. an information system must include certain source documents. B. and vendor invoices.CIA 1191 II-25 . B. page 29 . receiving reports. Reconciliation of the detail of notes receivable and the provision for uncollectible amounts to the general ledger control establishes that the general ledger balance is equal to the total of the detail supporting it. Question 60 . inventory reports of goods needed.Part 1 : 11/11/10 07:44:32 Question 59 . and vendor invoices. purchase orders. these documents should include A. Balance confirmation provides evidence that the notes receivable exist. D. C. In addition. Receiving reports and vendor invoices.Internal Control In order to control purchasing and accounts payable. D. in order to be certain that the items ordered were received. In addition. Positive confirmation of note receivable balances with the debtors. B. The purchase order is necessary so that the accounts payable department can see that the items were ordered. receiving reports. but it does not provide evidence of their collectibility. Examination of notes for appropriate debtors' signatures establishes that the notes were documented correctly and that the documentation is valid. A purchase requisition. Examination of cash receipts records to determine promptness of interest and principal payments. B. should be checked before the vendor's invoice is paid. A. purchase orders. Suggest that a copy of the travel planning form should be sent to the internal audit department. A.CIA 589 III-2 . page 30 . B. or laws and governmental regulations. Ensure that examples of all signatures are on file to use during travel reimbursement procedures. objectivity is not impaired if the internal audit recommends standards of control for systems or reviews procedures before implementation. However. D. The internal audit department must have independence and objectivity and should not have any direct relationships with the various departments it will be auditing. The director of internal auditing should A. are accurate and timely. D. standards. D. it is not appropriate for the director of internal auditing to get involved in this operational responsibility now. A determination of whether participation levels support continuation of individual employee benefit programs is not the primary objective of a compliance audit of employee benefits. The purpose of a compliance audit is to determine to what degree an organization is operating in an orderly way. B.Internal Audit The director of internal auditing at a large multinational firm is evaluating the draft of a new travel policy that requires preparation of a travel planning form for all travel. C. Evaluation of the adequacy and (c) HOCK international. C. The internal audit department must have independence and objectivity and should not have any direct relationships with the various departments it will be auditing. objectivity is not impaired if the internal audit recommends standards of control for systems or reviews procedures before implementation. D. The travel planning form must be approved by the employee's supervisor and the regional vice president. Thus. Address whether the new travel approval policy is an effective control and an efficient use of time for the supervisors and vice presidents involved. Question 62 . B. Participation levels support continuation of individual programs. Determination of whether benefit payments are accurate and timely is not the primary objective of a compliance audit of employee benefits. C. when appropriate. although it would be included in such an audit. B. although it would be included in such an audit. Individual programs are operating in accordance with contractual requirements and government regulations. Suggesting that a copy of the travel planning form should be sent to the internal audit department is inappropriate because there is no reason for the audit department to receive a copy of the travel planning form. Avoid involvement in reviewing policies and procedures because such involvement would impair audit independence. effectively and visibly conforming to certain specific requirements of its policies. Evaluation of the adequacy and effectiveness of the control system is. The level of organizational contributions is adequate to meet the program's demands. Which of the following is considered the primary engagement objective by both the chief audit executive and senior management? A. However.Internal Audit Senior management has requested a compliance audit of the organization's employee benefits package.Part 1 : 11/11/10 07:44:32 Question 61 . in fact. A. Ensuring that examples of all signatures are on file to use during travel reimbursement procedures is a procedure that may be used in a future audit of the travel approval function. determination of whether individual programs are operating in accordance with contractual requirements and government regulations is an appropriate objective for a compliance audit of employee benefits.CIA 1193 II-13 . Benefit payments. The level of organizational contributions is not the primary objective of a compliance audit of an organization's employee benefits. one of the responsibilities of the internal audit function. although it would be included in such an audit. C. The internal audit department must have independence and objectivity and should not have any direct relationships with the various departments it will be auditing. procedures. management's need to review exception reports daily should be reduced. Thus. C. C. Recommending an environmental management system as a part of policies and procedures and verifying the existence of "cradle to grave" tracking records for hazardous materials are not the only items listed that could be included in a hazardous materials audit. and evaluating the cost provided for in an accrual account for environmental liability for hazardous materials. An audit of these hazardous materials may include I. No internal control structure. A. Eliminates risk and potential loss to the organization. Recommending an environmental management system as a part of policies and procedures. Question 64 . Reduces the need for management to review exception reports on a day-to-day basis. in fact. B. Verifying the existence of "cradle to grave" (creation to destruction) tracking records for these materials. B. II. III. can guarantee the complete elimination of risk and potential (c) HOCK international. D.Part 1 : 11/11/10 07:44:32 effectiveness of the control system is. C. one of the responsibilities of the internal audit function. Evaluating the cost provided for in an environmental liability accrual account. A. with an effective internal control structure. C. Is unaffected by changing circumstances and conditions encountered by the organization. no matter how effective. I and II only. I.CIA 596 I-12 . IV. II. D. An effective internal control structure should prevent exceptions as well as detect exceptions after the fact. Verifying the existence of "cradle to grave" tracking records for hazardous materials is not the only item listed that could be included in a hazardous materials audit. page 31 . Internal controls can be overridden by managers. Using consultants to avoid self-incrimination of the firm in the event illegalities are detected in an environmental audit is neither appropriate nor necessary. B.Internal Control Effective internal control A.Internal Audit A manufacturing organization uses hazardous materials in production of its products. Question 63 . There is no requirement for internal auditors to report to external parties any violations of environmental laws they may discover. A. There is no need for the director of internal auditing to avoid involvement in reviewing policies and procedures before they are implemented. III and IV. B. verifying the existence of "cradle to grave" tracking records for hazardous materials. Cannot be circumvented by management. A hazardous materials audit may include recommending an environmental management system as a part of policies and procedures. II only. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit.CIA 582 I-4 . D. and IV. Top management is primarily responsible for A. An attitude of seeking the truth is appropriate. it is not the responsibility of the board of directors to design the controls. B. D. D. An internal auditor should not indicate that management will forgo prosecution if restitution is made. B. B. and internal auditors all play important roles in creating a proper control environment. C. As circumstances and conditions change. C. page 32 . An internal auditor should not allow a suspect to return to work.Internal Audit An internal auditor is conducting interviews of three employees who had access to a valuable asset that has disappeared. external auditors. In conducting the interviews the internal auditor should: A.CIA 589 II-2 . Threats are not productive. it is the responsibility of internal auditing to review the reliability and integrity of financial information and the means used to collect and report such information.Internal Audit (c) HOCK international. Question 66 . People should be interviewed individually in order to obtain their independent statements. Implementing and monitoring controls designed by the board of directors. A.CIA 594 II-50 . changes in internal controls are required. Question 67 . Question 65 . D. Allow a suspect to return to work after the interview so as not to arouse suspicions. C.CIA 1193 II-8 . Whereas management is responsible for establishing the proper control environment and designing an overall internal control structure. It is not the responsibility of external and internal auditors to monitor the control environment. C. B. It is management's responsibility to establish the proper control environment and to design an overall internal control structure. Reviewing the reliability and integrity of financial information and the means used to collect and report such information. because doing so could give the suspect an opportunity to destroy evidence. Ensuring that external and internal auditors adequately monitor the control environment.Part 1 : 11/11/10 07:44:32 loss to the organization. D. Although the board of directors has oversight responsibility.Internal Control Corporate directors. A. D. Respond to noncooperation by threatening adverse consequences of such behavior. Conduct the interviews in a group. A suspect should be suspended pending an investigation. management. This is the responsibility of management. Not indicate that management will forgo prosecution if restitution is made. Establishing a proper environment and specifying an overall internal control structure. C. Undetected errors in payroll rates for new employees. A. If a new employee's payroll rate is not verified after processing. Payroll department personnel are rotated in their duties. B. No single manager grants authority to the internal audit activity. because the labor hours would normally come from the time reporting system. the personnel department should verify that data on every new employee has been entered correctly. not a control weakness. No single officer and no single committee grant authority to the internal audit activity. However. the result could be A. The timekeeping function is independent of the payroll department. A. page 33 . The timekeeping function should be independent of the payroll department. Labor hours would probably not be charged to the wrong account in the cost reporting system as a result of an error in processing changes. If it does not verify the changes processed. D. Management and the board of directors grant authority to the internal audit activity. B. if a pay rate were incorrect. The Standards do not grant authority to the internal audit activity. D. Inaccurate Social Security deductions. D.Part 1 : 11/11/10 07:44:32 The authority of the internal audit activity is limited to that granted by A. The personnel department is responsible for entering new employees into the system and entering their pay rates. Labor hours charged to the wrong account in the cost reporting system. C. Employees not being asked if they want to contribute to the company pension plan. C. C.CMA 689 3-16 . B. C. The audit committee and the chief financial officer. Senior management and the Standards. Question 69 . B. B. Paychecks are distributed by the employees' immediate supervisor.CIA 591 I-17 .Internal Control Which one of the following situations represents an internal control weakness in the payroll department? A. Question 68 . Payroll records are reconciled with quarterly tax reports. D. Social Security deductions would be correct for any given pay rate because the Social Security deduction is a percentage of an employee's pay. Therefore. D. A. The board and the controller. Checking an edit listing of payroll changes would not give any indication about whether employees have or have not been asked if they want to contribute to the company pension plan. Management and the board. the Social Security deduction would be incorrect as well. so this represents a control strength.Internal Audit The personnel department receives an edit listing of payroll changes processed at every payroll cycle. there could be an undetected error in that employee's payroll rate. (c) HOCK international. responsibility. B. Since management is questioning specific sales commissions. D. and it should be approved by the board. not a weakness. Reconciling payroll records with quarterly tax reports is an internal control strength. the accuracy of the recorded commission for specific salespersons will be best determined by recomputing a sample of commissions for the salespeople whose commissions are in question. The charter should establish the internal audit activity's purpose. A. B. A. Adopt policies for the functioning of the internal audit activity. tests of overall reasonableness would not be useful. Establishing an audit committee within the board will not. Since management is questioning specific sales commissions. D. then continue to clock the employee in and out and receive the employee's paycheck. Tests of overall reasonableness.Internal Audit The status of the internal audit activity should be free from the effects of irresponsible policy changes by management. Question 70 .CIA 593 I-5 . calculating commission ratios would not be useful. D. This approval gives the internal audit activity protection from actions by management that could weaken its status and effectiveness. Use of analytical procedures. Adopting policies for the functioning of the internal audit activity will not protect it from actions by management that could weaken its status and effectiveness. since the analytical procedures would be based on totals rather than specific transactions. B. D. The most effective way to assure that freedom is to A. not a weakness. Develop written policies and procedures to serve as standards of performance for the internal audit activity. C.Part 1 : 11/11/10 07:44:32 B. Establish an audit committee within the board. The accuracy of the recorded commission expense for specific salespersons is best determined by A. and position within the organization. a supervisor could terminate an employee but not report the termination. D. Calculating commission ratios. Question 71 . Developing written policies and procedures to serve as standards of performance for the internal audit activity will not protect it from actions by management that could weaken its status and effectiveness. since the ratios would be based on total sales and total commissions rather than on the sales made by and commissions paid to specific sales persons.Internal Audit Management believes that some specific sales commissions for the year were too large. since the tests would be based on totals rather than specific transactions. C. give the internal audit activity protection from (c) HOCK international. Computation of selected sales commissions. Rotation of payroll department personnel is an internal control strength. B. C. C. C. Since management is questioning specific sales commissions. use of analytical procedures would not be useful. If supervisors are permitted to distribute paychecks. by itself.CIA 1191 I-18 . page 34 . authority. Have the internal audit charter approved by the board. Since management is questioning specific sales commissions. B. The general auditor. Question 73 . The independent external auditor would have a direct interest in the audit and thus should receive a copy of the report. Documentation provides a basis for effective operation. program flowcharts. D. D. The chair of the board of directors. C. and decision tables can also be a control. Program documentation includes descriptions of the programs. and people who will need to take corrective action as a result of the audit. program flowcharts. the person to whom people will reply about the report. and it provides a basis for reconstruction of the system in case of damage or destruction. input and output forms. The director of purchasing should properly receive an internal audit report related to a review of the purchasing cycle. This includes the executive or executives to whom internal audit reports. operator instructions and controls. B. D. and people who will need to take corrective action as a result of the audit. persons responsible for the activities or operations audited. such as system flowcharts. Programs do not make mathematical errors. Question 72 . approved and documented. This includes the executive or executives to whom internal audit reports. persons responsible for the activities or operations audited. Program documentation does not ensure that data has been entered and processed. C. C. The audit report should be distributed to everyone who has a direct interest in the audit. and future system enhancements. B. Programmers have access to the tape library or information on disk files.CMA 686 5-14 . page 35 . change requests. the person to whom people will reply about the report. Programs are kept up to date and perform as intended. This includes the executive or executives to whom internal audit reports. The independent external auditor. the person to whom people will reply about the report.CIA 1187 I-44 . Data have been entered and processed. The audit report should be distributed to everyone who has a direct interest in the audit.Systems Control Program documentation is a control designed primarily to ensure that A. A. Program documentation is needed for diagnosing and correcting programming errors. B. data flow diagrams. A. (c) HOCK international. use. The director of purchasing. programmers should not have any further access to it.Internal Audit Which of the following individuals would normally not receive an internal auditing report related to a review of the purchasing cycle? A.Part 1 : 11/11/10 07:44:32 actions by management that could weaken its status and effectiveness. C. Examining software documentation. because it makes sure that the programs are complete in their data manipulation. D. After a program has been written. The internal audit report should be distributed to everyone who has a direct interest in the audit. Program documentation will not ensure that programs do not have "bugs" in them. audit. because the report should be distributed to everyone who has a direct interest in the audit. program listings of source code. Internal auditing has evolved to verifying the existence of assets and reviewing the means of safeguarding assets. Internal auditing involves evaluating the effectiveness and efficiency with which resources are employed. the U. B. D. has defined internal auditing as: "an independent.Internal Audit Internal auditing is a dynamic profession.Part 1 : 11/11/10 07:44:32 persons responsible for the activities or operations audited." (c) HOCK international. D.Internal Audit Which one of the following statements concerning concurrent auditing techniques is not correct? A. Concurrent auditing techniques are not standard components of generic software packages. The program uses analytical techniques and data mining to detect unusual patterns. control. enabling the auditor to review and investigate the unusual transaction virtually immediately. D. They allow monitoring a system on a continuous basis for fraudulent transactions. it alerts the auditor. page 36 . Under real-time accounting systems. It helps an organization accomplish its objectives by bringing a systematic. which use specialized programs with auditor-defined parameters that are applied to transactions during processing. A. C. The program uses analytical techniques and data mining to detect unusual patterns. objective assurance and consulting activity designed to add value and improve an organization's operations. enabling the auditor to review and investigate the unusual transaction virtually immediately. The Institute of Internal Auditors. Question 75 . Internal auditing has evolved to evaluating all risk management. concurrent auditing techniques allow faster detection of unauthorized transactions.S. B. If the program identifies unusual activities. disciplined approach to evaluate and improve the effectiveness of risk management. Which of the following best describes the scope of internal auditing as it has developed to date? A. If the program identifies unusual activities. and governance systems. They are most useful in complex online systems in which audit trails have either become diminished or are very limited. B. control and governance processes. and accessed electronically. Concurrent auditing techniques require the use of specialized programs with auditor-defined parameters that are applied to transactions during processing to detect unusual patterns. Internal auditing involves much more than just evaluating the effectiveness and efficiency with which resources are employed. audit trails can easily become diminished or very limited. professional organization of internal auditors. transactions are transmitted. C. Concurrent auditing techniques. They allow faster detection of unauthorized transactions. B. and people who will need to take corrective action as a result of the audit. processed. it alerts the auditor. Concurrent auditing techniques typically use specialized programs with auditor-defined parameters that are applied to transactions during processing. C.CMA Sample Q4-11 . regulations. They are standard components of generic software packages. Concurrent auditing techniques typically use specialized programs with auditor-defined parameters that are applied to transactions during processing. Question 74 .CIA 1193 I-1 . are most useful in this kind of environment. concurrent auditing techniques do permit monitoring a system on a continuous basis for fraudulent transactions. A. Thus. and contracts. The board of directors usually should receive a summary report. Thus. Internal auditing involves evaluating compliance with laws. Thus. Question 76 .CMA 1289 5-11 .CIA 1192 I-3 . and dual reading. Cryptographic protection relates to the encryption of data sent over a network or the Internet to protect private or confidential data from being intercepted by unauthorized individuals. After the transaction has been received.Systems Control Most of today's computer systems have hardware controls that are built in by the computer manufacturer. and dual reading are part of the error correction systems built into hardware to provide the system with fault tolerance. After the transaction has been received. and internal header labels. Before sending the transaction. the other will take over. In a dual read check. Hardware controls are controls installed in computers that can identify incorrect data handling or improper operation of the equipment. Tape file protection is not a hardware control. Duplicate circuitry. the system verifies that the destination is valid and is authorized to receive data. B. None of these are hardware controls. A. the system verifies that the message did go to the destination code in the header. Duplicate circuitry. A limit check is an edit test that ensures that only data within predefined limits will be accepted by the system. C. May not have the expertise to adequately audit a specific activity. Common hardware controls are A. it is a data storage control that provides security for computer data stored on tapes by protecting the data from being overwritten. C. it is a routing verification procedure that protects against transactions being routed to the wrong computer network system address. Duplicate circuitry. echo check. tape file protection and internal header labels. Any transaction transmitted over the network must have a header label identifying its destination. B.Part 1 : 11/11/10 07:44:32 C. echo check. D. the system verifies that the message did go to the destination code in the header. Duplicate circuitry is the double wiring of key hardware elements to ensure that if one malfunctions. An internal header label is not a hardware control. and limit checks. Might not select documents that are in error as part of the examination.Internal Audit In the performance of an internal audit. (c) HOCK international. and contracts. Internal auditing involves much more than just verifying the existence of assets and reviewing the means of safeguarding assets. Before sending the transaction. D. regulations. echo check. A header label is a routing verification procedure that protects against transactions being routed to the wrong computer network system address. Any transaction transmitted over the network must have a header label identifying its destination. C. An echo check is the process of sending the received data back to the sending computer to compare with what was actually sent to make sure that it is the same. data are read twice during input and compared. audit risk is best defined as the risk that an auditor A. Duplicate circuitry. the system verifies that the destination is valid and is authorized to receive data. D. D. An internal header label is not a hardware control. cryptographic protection. Tape file protection. May not be able to properly evaluate an activity because of its poor internal accounting controls. B. page 37 . echo check. May fail to detect a significant error or weakness during an examination. Question 77 . Hardware controls are controls installed in computers that can identify incorrect data handling or improper operation of the equipment. Internal auditing involves much more than just evaluating compliance with laws. Tape file protection is a data storage control that provides security for computer data stored on tapes by protecting the data from being overwritten. with review of such being required each 6 months. The risk that an auditor may not have the expertise to adequately audit a specific activity is not audit risk. Request internal auditors to confirm selected purchases and accounts payable. and on and on. C. Specify that all items purchased must pass value-per-unit-of-cost reviews. B.Internal Control To minimize the risk that agents in the purchasing department will use their positions for personal gain. This is not audit risk. Lapping of receivable would not result in a difference between the subsidiary accounts and the general ledger control account. Rotate purchasing agent assignments periodically. control risk. Credit memoranda being improperly recorded. If subsidiary accounts are being credited for returns but the general ledger account is not being credited. since audit risk is the product of inherent risk. B. If an auditor did not select documents that were in error and therefore concluded that the population was accurate.CIA 1192 II-16 . by itself. and detection risk. C. This can occur easily if an incorrect procedure is being used to record returns. this would not affect customer balances or the general ledger control account balance. control risk would be assessed as very high. D." or "beta risk.Part 1 : 11/11/10 07:44:32 A. Interception of customer statements might be a sign that fraud is taking place. The computer programs for these journals have been properly debugged. Direct the purchasing department to maintain records on purchase prices paid. The auditor should query the people who process the credits to customers' accounts to find out what procedure is being used and should investigate what accounting entries result from that procedure. If receivables are being aged improperly.CIA 1186 I-6 . Audit risk is the risk that an auditor will give an unqualified (everything is fine) opinion. A. However. Receivables not being properly aged. but it would not cause the subsidiary accounts to not reconcile with the control account. the organization should A. the total of the subsidiary accounts will reconcile with the general ledger control account. audit risk. Lapping of receivables occurs when an employee pockets a payment received on one customer's account and then applies a payment made by another customer to the first customer's account. (c) HOCK international. Lapping of receivables. The auditor discovered that the total of the accounts receivable subsidiary accounts differs materially from the accounts receivable control account." because the population has been accepted incorrectly. but they will both be incorrect because of the theft. Question 78 . This could indicate A. C. D. page 38 . this is not. when in reality there is one or more than one material misstatement. when in fact there were numerous errors in it. D. If that is occurring. Question 79 .Internal Control A company has computerized sales and cash receipts journals. B. This would increase audit risk. C. this would cause material differences between the total of the accounts receivable subsidiary accounts and the accounts receivable control account. D. If an auditor were not able to properly evaluate an activity because of its poor internal accounting controls. B. Statements being intercepted prior to mailing. that would be a "Type II error. which involves collecting a number of transactions together in a batch and then processing the entire batch and all the transactions in it at the same time. Sign check. Reviewing records on purchase prices paid would not prevent purchasing agents from using their positions for personal gain. Requesting confirmation by auditors of selected purchases and accounts payable would not prevent purchasing agents from using their positions for personal gain. C. Real-time processing involves processing of one transaction at a time and posting it as it is created.. C. C. Redundant data check. because it is a check to verify that the transactions are in the proper order before they are posted. Real-time processing involves processing of one transaction at a time and posting it as it is created. This type of engagement is concerned with A. Real-time processing involves processing of one transaction at a time and posting it as it is created. Since real-time processing does not involve several transactions being processed at the same time. i. Real-time processing involves processing of one transaction at a time and posting it as it is created. B. D. This is in contrast to batch processing. A redundant data check is an appropriate input validation routine for a real-time operation. D. Question 81 . A redundancy check requires transmission of additional data items to check a previously received data item. Program results. whether it falls within defined parameters.Part 1 : 11/11/10 07:44:32 A. A sign check is an appropriate input validation routine for a real-time operation. This is in contrast to batch processing. A sequence check is not an appropriate input validation routine in a real-time environment. because it verifies whether the sign (positive or negative) is appropriate for the type of data that is being input.Systems Control Which one of the following input validation routines is not likely to be appropriate in a real-time operation? A. page 39 . A. there is no need for a sequence test. which involves collecting a number of transactions together in a batch and then processing the entire batch and all the transactions in it at the same time.CMA 687 5-4 . Sequence check.e.Internal Audit The internal auditors randomly select participants in the job retraining program for the past year to verify that they had met all the eligibility requirements. because it verifies whether the data being input is appropriate for the type of data that is to be input. Value-per-unit-of-cost reviews would not prevent purchasing agents from using their positions for personal gain. Rotating purchasing agent assignments periodically will limit the risk of agents using their positions for personal gain. which involves collecting a number of transactions together in a batch and then processing the entire batch and all the transactions in it at the same time. This is in contrast to batch processing. Question 80 .CIA 1196 I-7 . which involves collecting a number of transactions together in a batch and then processing the entire batch and all the transactions in it at the same time. B. This is in contrast to batch processing. D. Reasonableness check. A reasonableness check is an appropriate input validation routine for a real-time operation. because it will discourage long-term agent relationships with particular vendors. B. (c) HOCK international. Question 83 . not whether to measure the program results. Segregating the cash receipt function from the record keeping function would not prevent the payment of cash disbursements from cash receipts. Safeguarding of assets is the responsibility of management and operations. C. C. C. Operational effectiveness. not a review of the program's effectiveness. (c) HOCK international. Economy and efficiency. page 40 . D. Evaluating controls over compliance with laws and regulations. Compliance. D. Physically safeguard the cash receipts. B.Internal Audit Which of the following activities is outside the scope of internal auditing? A. Safeguarding of assets is not an internal auditing activity. Prevent paying cash disbursements from cash receipts. Question 82 . Ascertaining the extent to which objectives and goals have been established. A. A compliance engagement would indicate whether the activities are in compliance with the requirements. Segregation of duties relating to the cash receipts function does not physically safeguard the cash receipts. D. B.Segregation of Duties The cash receipts function should be separated from the related record keeping in an organization to A. Evaluating controls over compliance with laws and regulations is an internal auditing activity. B. Ascertaining the extent to which objectives and goals have been established is an internal audit activity. Keeping cash receipts in a locked box would be one way to physically safeguard them. The grant specifies certain conditions that must be meant in order to be eligible for funding. The engagement is to verify that the organization has met all the eligibility requirements. Assessing an operating department's effectiveness in achieving stated organizational goals is an internal auditing activity. If the same person is both receiving cash and posting cash receipts to customers' accounts. D.CIA 1192 II-17 . A. B. Safeguarding of assets. C. C. Assessing an operating department's effectiveness in achieving stated organizational goals. The engagement is to verify that the organization has met all the eligibility requirements. that person could pocket a payment and then conceal it by falsifying the account records. Establish accountability when the cash is first received. Minimize undetected misappropriations of cash receipts.Part 1 : 11/11/10 07:44:32 B. The engagement is to verify that the organization has met all the eligibility requirements.CIA 591 II-2 . C. D. not whether the program is performing economically and efficiently. B. A. CMA 1288 3-22 . One of these principles is the segregation of functions. Question 84 . B.Segregation of Duties Internal control should follow certain basic principles to achieve its objectives. D. and oversight of the registered public accounting firm employed to perform the audit. To identify concerns for future audits. B. Identifying management's actions and responses to the findings is an objective of the audit closing or exit conference.Internal Audit Which of the following would not be considered an objective of the audit closing or exit conference? A. Using the chief audit executive as a major resource in selecting the external auditors. A. To resolve conflicts. Discussing the findings is an objective of the audit closing or exit conference. compensation. B. Approving internal audit activity policies does not strengthen the control process. Question 86 . the audit committee is to be directly responsible for the appointment. A. (c) HOCK international. Resolving conflicts is an objective of the audit closing or exit conference. page 41 . Identifying concerns for future audits is not an objective of the audit closing or exit conference. To discuss the findings. Approving internal audit activity policies. C. C. Assigning the internal audit activity responsibility for interaction with governmental agencies. D. B.Internal Control The audit committee strengthens the control processes of an organization by A. The department time clerk is given the undistributed payroll checks to mail to absent employees. To identify management's actions and responses to the findings.CIA 593 II-39 .Part 1 : 11/11/10 07:44:32 D.CIA 1189 II-8 . Which one of the following examples does not violate the principle of segregation of functions? A. According the Sarbanes-Oxley. One way to do this is to follow up on recommendations made by the chief audit executive. D. Assigning the internal audit activity responsibility for interaction with governmental agencies does not strengthen the control process. C. Following up on recommendations made by the chief audit executive. C. Accountability for cash receipts can be established by having the person who receives the cash prepare a receipt for each item. The audit committee should provide support to the internal auditors. Question 85 . D. should not also have authority to authorize disposal of damaged goods. page 42 . he/she could steal goods and cover it up by authorizing disposal of the goods as damaged goods. may authorize disposal of damaged goods. B. The sales manager could be tempted to approve credit to a less-than-creditworthy customer in order to be able to book more sales. C. preparing source documents. The following four functions must always be done by different people: (1) Authorizing a transaction. Check signing is a custodial function. As long as neither the treasurer nor the assistant treasurer performs the authorization. Post the receipts to the accounts receivable subsidiary ledger cards. (3) Keeping physical custody (c) HOCK international. "sell" inventory to that corporation. Prepare the bank deposit slip. If the warehouse clerk did have this authority. C. The following four functions must always be done by different people: (1) Authorizing a transaction. there is no violation of the principle of segregation of functions. The two should not be performed by the same person. D. (2) Recording the transaction. D. A. the cashier should not A. The warehouse clerk. so the sales manager should not have authorization or recordkeeping duties as well.CMA 1288 3-26 . B. who has the custodial responsibility over inventory in the warehouse. (2) Recording the transaction. he/she could approve credit to a phantom corporation. and endorsing the checks is part of the custody function. The following four functions must always be done by different people: (1) Authorizing a transaction. The treasurer has the authority to sign checks but gives the signature block to the assistant treasurer to run the check-signing machine. maintaining journals. A. who has custodial responsibility over inventory in the warehouse. The sales manager should not have authority to approve credit or write off accounts. Endorse the checks. Deposit remittances daily at a local bank.Segregation of Duties In a well-designed internal control structure where the cashier receives remittances from the mail room. The cashier keeps physical custody of the assets received.Part 1 : 11/11/10 07:44:32 B. (2) Recording the transaction. maintaining journals. maintaining journals. D. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. And if a sales manager had authority to approve credit and write off accounts. and depositing remittances daily at a local bank is part of the custody function. The department time clerk performs a recordkeeping function whereas the mailing of checks to absent employees is a custodial function. The sales manager has access to inventory and thus performs a custodial function. C. recordkeeping. The cashier keeps physical custody of the assets received. receiving checks in the mail. and preparing the bank deposit slip is part of the custody function. The cashier keeps physical custody of the assets received. preparing source documents. Question 87 . (2) Recording the transaction. D. the treasurer is delegating the check-signing function. C. or reconciliation functions as well. (3) Keeping physical custody of the related asset for instance. The following four functions must always be done by different people: (1) Authorizing a transaction. (3) Keeping physical custody of the related asset for instance. maintaining journals. preparing source documents. By giving the signature block to the assistant treasurer. B. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. The warehouse clerk. (3) Keeping physical custody of the related asset for instance. preparing source documents. receiving checks in the mail. and then write off the debt as uncollectible. receiving checks in the mail. The sales manager has the responsibility to approve credit and the authority to write off accounts. C. not a custody function. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. Though the internal auditor does a lot of work in respect to the internal control system. Recording of cash receipts is a recordkeeping function and preparation of bank reconciliations is a reconciliation function. C. that is carried out by an entity's board of directors. The controller. there is no incompatibility between the two functions. management. there is no incompatibility between them. and other personnel. and reconciliation of the accounts payable subsidiary ledger and controlling account. A. and designed to provide reasonable assurance that the company's objectives will be achieved. The person performing the custody function should have no access to the customer records. since the two functions are unrelated. D. and the fact that posting is done for both cash receipts and cash payments does not create an incompatibility. C. If the same person were to perform both functions.Internal Control The primary responsibility for establishing and maintaining internal control rests with A. Since approval of bad debt write-offs is an accounts receivable authorization function and reconciliation of accounts payable is an accounts payable reconciliation function. receiving checks in the mail. since they are different functions. D. Posting to the general ledger is a recordkeeping function. Internal control is a method. Management. or process. D. Approval of bad debt write-offs. page 43 . (c) HOCK international.Part 1 : 11/11/10 07:44:32 of the related asset . Question 88 . Posting of amounts from both the cash receipts journal and cash payments journal to the general ledger. C.CMA 1288 3-23 . B. The controller does not have the primary responsibility for establishing and maintaining internal control.for instance. Even though distribution of payroll checks is a custodial function and approval of sales returns is an authorization function. B. Recording of cash receipts and preparation of bank reconciliations. A. Question 89 . Distribution of payroll checks and approval of sales returns for credit. The internal auditor. and posting the receipts to the accounts receivable ledger cards is a recording function. that person could misappropriate cash payments and conceal the misappropriation by falsifying the reconciliation. The cashier keeps physical custody of the assets received. D. two tasks that should be performed by different persons are A. The treasurer. the internal auditor is not responsible for establishing and maintaining internal control. B.Segregation of Duties In a well designed internal control system. The treasurer does not have the primary responsibility for establishing and maintaining internal control.CMA 1288 3-25 . B. fictitious company. B. C. The test data are used to determine whether control procedures in a particular computer application are working properly." This tagging creates an audit data file that documents the processing of the tagged transactions. D. Recommendations of the auditee's employees. as well as control checks on the tagged transactions. whether the computer is processing transactions correctly. The recipients of the audit report are not key issues to consider in developing audit objectives. C. A tracing routine.Internal Audit Whether or not a real-time program contains adequate controls is most effectively determined by the use of A. this would not be the most effective way to determine whether or not a real-time program contains adequate controls. check computations. B. the auditor can be sure that the programs being checked are the same programs as those that are being used to process the real data. fictitious vendors. The auditee's objectives and control structure. A tagging routine. In this way. this would not be the most effective way to determine whether or not a real-time program contains adequate controls. B. An integrated test facility. ITF involves the use of test data and the creation of fictitious entities. however. determine whether or not a real-time program contains adequate controls. No one knows that the data being processed includes these fictitious entries to fictitious records. the test data are processed along with real data. The auditee's objectives and control structure are key issues to consider in developing audit objectives. D.CIA 588 II-12 . certain transactions are electronically tagged with a tagging routine and then those transactions are traced through the system by means of a tracing routine. Recommendations of the auditee's employees are not key issues to consider in developing audit objectives. certain transactions are "tagged. A. However. such as fictitious employees. D. and whether program changes have been made correctly. A tagging routine is used in auditing computer systems. A. The selection of audit staff members can only be done after the audit objectives have been developed. page 44 . either within the master files of the computer system or as a separate. Question 91 .Internal Audit While planning an audit. and fictitious accounts. Through use of an embedded program routine.CMA 687 5-3 .Part 1 : 11/11/10 07:44:32 Question 90 . C. (c) HOCK international. However. and search the data files for unusual items. an internal auditor establishes audit objectives to describe what is to be accomplished. Audit software enables auditors to access client data. whether all transaction files and master files are fully and correctly being updated. An Integrated Test Facility (ITF) is normally used to audit large computer systems that use real-time processing. B. Which of the following is a key issue to consider in developing audit objectives? A. The recipients of the audit report. A tracing routine is used in auditing computer systems. D. In an ITF. It can select sample data from data files. It does not. fictitious products. The qualifications of the audit staff selected for the engagement. Audit software. C. Through use of an embedded program routine. It is not the responsibility of the director of internal auditing to oversee the work of the external auditors. B. Transposition errors will not be detected. Determining the impact on the organization of what should be. Validity errors. Coordination between internal auditors and external auditors may require internal auditors to provide their engagement work programs and working papers to external auditors. A. C. B. D. Transcription errors will be detected.CIA 1196 III-35 . B. Transcription errors. The internal auditor's conclusions (opinions). Audit findings are the result of internal auditors having compared "what is" with "what should be. because the sum of the digits will not check with the check digit. D. page 45 . Question 94 . because the sum of the digits will not check with the check digit. Comparing what should be with what is. because the sum of the digits will not check with the check digit.CIA 589 I-38 . The audit committee of the board has oversight responsibility for the work of the independent auditor. Internal auditors may provide audit programs and working papers to external auditors. Completeness errors. There may be periodic meetings between internal and external auditors to discuss matters of mutual interest. D.CMA Sample Q. D. sufficient meetings should be scheduled between internal and external auditors. Even though the digits will be in the wrong sequence. Exchange of internal audit communications and external auditors' management letters is necessary as part of the coordination between internal auditors and external auditors.4-10 . A. In order to assure timely and efficient completion of the work. B. Therefore. Question 93 . Oversight of the work of external auditors is the responsibility of the director of internal auditing. audit findings are the result of A. B. C.Part 1 : 11/11/10 07:44:32 Question 92 . C. C. Analyzing differences between organizational and departmental objectives. the sum of the digits will check with the check digit.Internal Audit Which of the following is not a true statement about the relationship between internal auditors and external auditors? A. the sum of the digits will be correct. C. B." The (c) HOCK international. Validity errors will be detected. A.Systems Control An accounting system identification code that uses a sum-of-digits check digit will detect all of the following errors except A. Audit findings are not the result of analyzing differences between organizational and departmental objectives. Completeness errors will be detected. There may be an exchange of audit reports and management letters between internal and external auditors. D.Internal Audit According to the Standards. Transposition errors. They are: (1) control environment. Monitoring can be done in two ways: (1) through ongoing monitoring during normal operations. (2) risk assessment.CIA 1195 I-16 . There are five interrelated components that comprise internal control. number. Cash is transmitted to corporate headquarters on a daily basis. Which one of the following would be the best example of a monitoring control? A.D. Therefore. B. D. They are: (1) control environment. Corporate headquarters has established monitoring controls to determine when an individual restaurant might not be recording all its revenue and transmitting the applicable cash to the corporate headquarters. (3) control activities. B. (2) risk assessment. Monitoring is an activity of management. and (2) separate evaluations by management with the assistance of the internal audit function. There are five interrelated components that comprise internal control. There are five interrelated components that comprise internal control. (4) information and communication. Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin. (2) risk assessment. Monitoring is an activity of management. All food orders for each restaurant are required to be input into an electronic device which records all food orders by food servers and transmits the order to the kitchen for preparation. it lessens the need for separate evaluations. and (5) monitoring. C. All food servers are responsible for collecting cash for all their orders and must turn in cash at the end of their shift equal to the sales value of food ordered for their I. Monitoring can be done in two ways: (1) through ongoing monitoring during normal operations. (3) control activities.Part 1 : 11/11/10 07:44:32 audit findings are to be reported management along with suggestions and recommendations for improvement. All food orders must be entered on the computer. (3) control activities. C. There are five interrelated components that comprise internal control. Monitoring is an activity of management. page 46 . If monitoring is done regularly during normal operations. (4) information and communication. Monitoring is an activity of management. (4) information and communication. (3) control activities. If monitoring is done regularly during normal (c) HOCK international. C. Audit findings are not the result of the internal auditor's conclusions (opinions). it lessens the need for separate evaluations. Monitoring assesses the quality of the internal control system's performance over time. Monitoring can be done in two ways: (1) through ongoing monitoring during normal operations. All differences are investigated immediately by the restaurant. Monitoring can be done in two ways: (1) through ongoing monitoring during normal operations. (2) risk assessment. and (2) separate evaluations by management with the assistance of the internal audit function. If monitoring is done regularly during normal operations. Monitoring assesses the quality of the internal control system's performance over time. The restaurant manager reconciles the cash received with the food orders recorded on the computer. Monitoring assesses the quality of the internal control system's performance over time. D. and (5) monitoring. it is performing a monitoring activity. They are: (1) control environment. it lessens the need for separate evaluations. and (2) separate evaluations by management with the assistance of the internal audit function. The manager then reconciles the cash received for the day with the computerized record of food orders generated. A. it does not represent a monitoring activity of management. Question 95 . Daily transmission of cash to corporate headquarters is a control activity which serves as an operational control. Audit findings are not the result of determining the impact on the organization of what should be. If monitoring is done regularly during normal operations. D. Monitoring assesses the quality of the internal control system's performance over time.Internal Control A restaurant food chain has over 680 restaurants. and segregation of duties is maintained between the food servers and the cooks. When management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin. Segregation of duties is a control activity which serves as a preventive control. because it is intended to prevent the occurrence of an unwanted event. and (5) monitoring. and (5) monitoring. (4) information and communication. They are: (1) control environment. and (2) separate evaluations by management with the assistance of the internal audit function. If prenumbered checks are used sequentially. Comparing current revenue from scrap sales with that of prior periods. D. B. D. it lessens the need for separate evaluations. and mathematical accuracy of sales invoices. page 47 . C. Interviewing persons responsible for collecting and storing scrap will not verify that sale of scrap is well controlled. B. a gap in check numbers would be something for the auditor to investigate. the auditor is interested in whether all the transactions have been recorded. Interviewing persons responsible for collecting and storing the scrap. Qualifications of accounting personnel. Evidence to verify that assertion can best be gained by A. The manager's reconciliation of cash received with food orders entered is a control activity. only that handling of scrap prior to its sale is well controlled. C. B. A questionnaire consists of a series of questions concerning controls that auditors consider necessary to prevent or detect errors and irregularities.CIA 593 I-18 . Internal verification of quantities. However. Comparing the quantities of scrap expected from the production process with quantities sold should verify whether sale of scrap is well controlled. it does not represent a monitoring activity of management. Comparing current revenue from scrap sales with industry norms will not verify that sale of scrap is well controlled. prices. D. because it may mean that there are unrecorded transactions. Question 96 . and narrative descriptions. Comparing the quantities of scrap expected from the production process with the quantities sold. Cash receipts are unrelated to the expenditure cycle and can contribute nothing to the auditors' understanding of the completeness of the expenditure cycle.CMA 690 3-25 . D. Comparing current revenue from scrap sales with industry norms. If the quantities of scrap sold are approximately the same as quantities produced. Qualifications of accounting personnel are unrelated to the controls over the expenditure cycle. A. The most appropriate question designed to contribute to the auditors' understanding of the completeness of the expenditure cycle would concern the A. A reconciliation is a detective control activity. Question 97 . because sales invoices are part of the revenue cycle. Disposition of cash receipts. A. C. Verification of sales invoices will not contribute to an understanding of the completeness of the expenditure cycle.Internal Audit During the preliminary survey phase of an audit of the organization's production cycle. flowcharts. In understanding the completeness of the expenditure cycle. Comparing current revenue from scrap sales with that of prior periods will not verify that sale of scrap is well controlled. B. (c) HOCK international. because it is intended to detect the occurrence of an unwanted event. C. the sale of the scrap is well controlled. Use and accountability of prenumbered checks.Part 1 : 11/11/10 07:44:32 operations.Internal Control Auditors document their understanding of internal control with questionnaires. management stated that the sale of scrap was well controlled. and purchase orders are independently matched before payment is approved. B. While matching backup documents to invoices before paying the invoices is important.Part 1 : 11/11/10 07:44:32 Question 98 . D. Maintenance of control over unused checks. C. One of the disadvantages of providing the draft of the engagement communication to the client is that they will attempt to change the report or will start arguing the points raised in the report. Discussion of the report might center unduly on words rather than on the substantive issues.Internal Audit Which of the following is a possible disadvantage when the draft engagement communication is provided to local management for review and comment? A. however. Perpetual inventory records are periodically compared with the current cost of individual inventory items. The engagement client may take corrective action before the final communication is issued. this does nothing to confirm that the quantity of each individual item on hand matches the count according to the perpetual inventory system. Just-in-time inventory ordering may be used to keep inventory levels to a desired minimum. The engagement client will have an opportunity to rebut observations and recommendations. page 48 . (c) HOCK international. The possibility of the engagement client rebutting observations and recommendation would be considered an advantage. B. D. Question 100 . Question 99 .CMA 686 3-14 . Periodic inventory counts are used to adjust the perpetual inventory records. Genuine consideration for the engagement client will be demonstrated. A. Comparing perpetual inventory records with the current cost of individual inventory items does nothing to confirm that the quantity of each individual inventory item on hand matches the count according to the perpetual inventory system.Internal Control Which of the following controls most likely would be used to maintain accurate inventory records? A. independently arrived at. A. and if there any differences.CPA 594 A-33 . B. should be periodically compared with perpetual inventory records. Periodic reconciliation of perpetual inventory records to the general ledger control account. D. it does nothing to confirm that the quantity of each individual item on hand matches the count according to the perpetual inventory system.CIA 587 I-44 . C. Requisitions. The engagement client taking corrective action before the final communication would be considered an advantage. Exhibiting genuine consideration for the engagement client would be considered an advantage. C. C.Internal Control Which one of the following would not be considered an internal control structure policy or procedure relevant to a financial statement audit? A. B. receiving reports. D. A just-in-time inventory ordering system keeps inventory levels to a desired minimum. the perpetual inventory record should be adjusted. Periodic inventory counts. B. a bank reconciliation prepared by a person not involved in preparing the deposit or posting the entry to reflect the receipt would detect whether bank deposits that have been recorded have not been made. D. Consolidation of cash receiving points is done before the deposit is prepared or the entry to reflect the deposit is posted. (c) HOCK international. C. It would not detect bank deposits recorded but never made. Information to resolve disagreements between the auditees and internal auditing is not a summary. Only that information needed to resolve the disagreements between the auditees and internal auditing. Question 102 . Highlights of the audit results constitutes a summary of the audit report.. B. Establishing accountability for receipts at the earliest possible time. some internal auditing departments include a summary report with each written audit report. this is not an internal control structure policy or procedure that is relevant to a financial statement audit. A. D. Linking receipts to other internal accountabilities (i. A. B. C. However. B. because it is a method of safeguarding assets. Having bank reconciliations performed by a third party. Establishing accountability for receipts at the earliest possible time should be done before the deposit is prepared or the entry to reflect the receipt is posted. C.Internal Audit To enhance communications with top management. it would not detect bank deposits that are recorded but never made.Internal Control Which of the following controls could be used to detect bank deposits that are recorded but never made? A. It would not detect bank deposits recorded but never made.Part 1 : 11/11/10 07:44:32 C. Question 101 . Maintenance of control over unused checks is a very important internal control. Internal auditing's assessment of the adequacy of internal controls. B. D. A. collections to either accounts receivable or sales). While timely reporting and review of quality control results is important to the manufacturing process. Since a bank reconciliation compares the bank statement with the company records. Consolidating cash receiving points. C. The periodic comparison of physical inventory counts to perpetual inventory records is important to ensure the accuracy of the financial statements. D.CIA 588 II-45 . Timely reporting and review of quality control results. Comparison of physical inventory counts to perpetual inventory records. The periodic reconciliation of perpetual inventory records to the general ledger control account is important to ensure the accuracy of the financial statements. D. What information should be included in such a summary report? A. B.e. Linking receipts to other internal accountabilities is done before the deposit is prepared or the entry to reflect the receipt is posted. page 49 . The same information as the written report but in diagram form.CIA 589 II-7 . Highlights of the audit results. D. B. The best control technique to detect this action using employee identification numbers would be a A. C. C. A record count is a total of the number of records processed. the question asks for the best control technique to detect the action using employee identification numbers.Part 1 : 11/11/10 07:44:32 C. Keep records that reflect the transactions and dispositions of assets and to maintain a system of internal accounting controls. A hash total is a meaningless sum of numbers in a batch. The company must ensure that all transactions are in accordance with management's general. D. a department manager substituted the time card for a terminated employee with a time card for a fictitious employee. numbers. The Foreign Corrupt Practices Act contains no such provision. Corporate management is required to maintain books. (c) HOCK international. The Foreign Corrupt Practices Act of 1977 (substantially revised in 1988) was enacted in response to disclosures of questionable payments that had been made by large companies. A. Batch total. Produce full. Question 103 . number of the original employee. The payments were either illegal political contributions or payments to foreign officials that bordered on bribery. A batch total of the total payroll amount or the total hours worked would not utilize employee identification numbers. C. D. B. such as the sum of all the employee I. Whereas a record count could detect that one additional employee had been paid.D. A record count would not include employee identification numbers. The question asks for the best control technique to detect this action using employee identification numbers. B.Internal Control A major impact of the Foreign Corrupt Practices Act of 1977 is that registrants subject to the Securities Exchange Act of 1934 are now required to A.D. and accurate periodic reports on foreign commerce and/or foreign political party affiliations. Prepare financial statements in accord with international accounting standards. The same information as is contained in the written report in diagram form is not a summary. Question 104 . fair.Systems Control In an automated payroll processing environment. D. records and accounts that accurately and fairly reflect transactions and to develop and maintain a system of internal accounting control. or specific. A. or to make corrupt payments through an intermediary while knowing that all or part of the payment will go to a foreign official. Record count. While a subsequent check of the output from the payroll might detect the substitution.CMA 1280 3-26 . foreign party chief or official or a candidate for political office in a foreign country. The fictitious employee had the same pay rate and hours worked as the terminated employee. An assessment of the adequacy of internal controls is not a summary. D. A hash total would detect a substituted employee time card. Hash total. Provide access to records by authorized agencies of the federal government. number of the substituted employee would be different from the employee I. Subsequent check. authorization and are recorded properly.CMA 1287 5-15 . The FCPA makes it illegal to offer or authorize corrupt political payments (bribes) to any foreign official. page 50 . a hash total is a better control technique because it would detect the substitution more quickly and reliably. B. because the employee I. the appropriate treatment is to A. The Foreign Corrupt Practices Act contains no such provision. B. Thus. page 51 . The internal auditor should A. Wait until the engineer is surrounded by plenty of witnesses and then inquire about the payments. D.Part 1 : 11/11/10 07:44:32 The internal control requirements were included in the Act because of the fundamental premise that effective internal control should provide a deterrent to illegal payments.CIA 587 I-43 . C. Report that management has agreed to take corrective action. so this could be an indication of fraud. the appropriate authorities within the organization should be informed. A. B. D. noting the recurring reimbursement in the working papers. the appropriate authorities within the organization should be informed. The CAE has the responsibility to report immediately any incident of significant fraud to senior management and the board (PA 1210. Include the finding and recommendation. D. (c) HOCK international. When management agrees with a finding and has agreed to take corrective action. The internal auditor found no provision for payment. The internal auditor found no provision for payment of temporary living expenses in the construction contract. Each reimbursement was authorized by the same project engineer. The Foreign Corrupt Practices Act contains no such provision. When an internal auditor suspects wrongdoing. The corrective action has not yet been taken. When management agrees with a finding and has agreed to take corrective action. C.Internal Audit When management agrees with a finding and has agreed to take corrective action. A. Question 105 . Discussion with the project engineer did not resolve the matter. C. the audit report should include this agreement as one of the results of the audit. The finding and recommendation should be included. but so should the fact that management has agreed to take corrective action. Question 106 .A2-1).Internal Audit During an engagement to review payments under a construction contract with a local firm. Publicly raising the issue could subject the internal auditor or organization to a defamation suit. Discussion with the project engineer could not resolve the matter. D. Omit the finding and recommendation. Call the engineer into a private meeting to confront the situation. C. D. C. Complete the engagement as scheduled. the internal auditor found a recurring monthly reimbursement for rent at a local apartment complex. Inform the chief audit executive. B. so it is incorrect to state that it has been taken.CIA 1194 I-64 . the audit report should include this agreement as one of the results of the audit. B. irrespective of management's agreement. Report that management has already taken corrective action. job status. Which of the following is an auditable activity? A. B. B. This is the authorization function. it would not prevent or detect fictitious payroll transactions. Which one of the following functional separations is not required for internal control purposes? A. Personnel department authorization for hiring. To use and account for prenumbered payroll checks. they would not prevent or detect fictitious payroll transactions. These two functions are incompatible and should be separated. The best control procedure to prevent or detect fictitious payroll transactions is A.Internal Audit A director of internal auditing has to determine how an organization can be divided into auditable activities. C. A. which is performed by the payroll department. and agreement with the payroll register. D.CMA 690 5-8 . Payroll preparation and maintenance of year-to-date records are both recordkeeping functions and are thus not incompatible. These two functions are incompatible and should be separated.CIA 594 I-57 . Although these are important controls. pay rate. Question 108 . B. B. Periodic independent bank reconciliations of the payroll bank account. These two functions are incompatible and should be separated. (c) HOCK international. C. D. Question 109 . and it should be separate from the recording function. Separation of personnel function from payroll preparation. job status changes. A procedure.Internal Control Control risk is the risk that a material misstatement in an account will not be prevented or detected on a timely basis by the client's internal control structure policies or procedures. B. The personnel function is an authorization function.Segregation of Duties Organizational independence in the processing of payroll is achieved by functional separations that are built into the system. pay rates. The personnel department should authorize all hiring. and terminations. computations.Part 1 : 11/11/10 07:44:32 Question 107 . However. D. whereas payroll preparation is a recordkeeping function. It is acceptable for both functions to be performed by the same person.CMA 690 3-26 . Payroll preparation is a recordkeeping function. Internal verification of authorized pay rates. Separation of timekeeping from payroll preparation. D. whereas paycheck distribution is a custody function. C. Timekeeping is an authorization function. Separation of payroll preparation and maintenance of year-to-date records. Separation of payroll preparation and paycheck distribution. The use of pre-numbered payroll checks is a control procedure that ensures that all checks are accounted for in the accounting records. C. A. and termination. page 52 . An account. whereas payroll preparation is a recordkeeping function. Reconciliations of the payroll bank account would not prevent or detect fictitious payroll transactions. for instance. A system. Must be immediately reported to the appropriate local authorities.Part 1 : 11/11/10 07:44:32 C. According to the Standards.CIA 1191 I-12 . B. Question 110 . making disbursements by check (a custody function) and reconciling the checking account (a reconciliation function). it is not the only auditable activity in the list. it is not the only auditable activity in the list. The question does not state that the treasurer has access to the accounting records. (3) Keeping physical custody of the related asset . maintaining journals. maintaining journals. receiving checks in the mail. A.Internal Control The treasurer makes disbursements by check and reconciles the monthly bank statements to accounting records. and accounts are all auditable activities. While an account is an auditable activity. Which of the following best describes the control impact of this arrangement? A. preparing source documents. receiving checks in the mail. D. the treasurer is in a position to make and conceal unauthorized payments. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. maintaining journals. D. Internal control will be enhanced because these are duties that the treasurer should perform. While a system is an auditable activity. The treasurer will be in a position to make and conceal unauthorized payments. (c) HOCK international. (2) Recording the transaction. Question 111 . and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. (2) Recording the transaction. All of the answers given. (2) Recording the transaction. C. and (4) The periodic reconciliation of the physical assets to the recorded amounts for those assets. A. D. preparing source documents. not a control enhancement. Thus there is no basis for saying that the treasurer would be able to make unauthorized adjustments to the cash account. (3) Keeping physical custody of the related asset for instance. Controls will be enhanced because the treasurer will have two opportunities to discover inappropriate disbursements. it is not the only auditable activity in the list. The following four functions must always be done by different people: (1) Authorizing a transaction.CIA 593 I-38 . Having the treasurer both make disbursements and reconcile the checking account is a control weakness. B. C. The following four functions must always be done by different people: (1) Authorizing a transaction. Because the treasurer is performing two duties that are not compatible. B. The treasurer will be able to make unauthorized adjustments to the cash account. In the example of the combination of making disbursements by check (a custody function) and reconciling the checking account (a reconciliation function). Procedures. The following four functions must always be done by different people: (1) Authorizing a transaction. systems. receiving checks in the mail. C. While a procedure is an auditable activity. preparing source documents. (3) Keeping physical custody of the related asset for instance. we have the treasurer performing two duties that are not compatible. such information A. because the treasurer is in a position to both make and conceal unauthorized payments.Internal Audit An internal auditor has uncovered illegal acts committed by a member of senior management. D. page 53 . CIA 595 I-14 . Note the issue in your working papers but do not report it. An internal auditor should evaluate controls relating to compliance with laws. This is a violation of a law. the problem is a violation of a law. but not to local authorities. Illegal acts by a member of senior management should be reported immediately to the manager's superior and to the company's audit committee of the board of directors. In this case. May be disclosed in a separate report and distributed to all senior management. The auditor should not discuss the matter with the senior manager who has committed the illegal acts. alerting them to the problem. A. the matter will need to be reported to appropriate regulatory authorities. but not distributed to all senior management.Internal Audit As an internal auditor for a multinational chemical producer. Information about illegal acts committed by a member of senior management should be reported immediately to the senior manager's superior and to the audit committee of the board of directors. Internal auditors are responsible to report illegal acts and other matters to their management and board of directors. an oral report or interim written report should be issued immediately to management. Issue an interim engagement communication to the appropriate levels of management. The marketing department is responsible for Conducting marketing surveys Recommending locations for new store openings Ordering products and determining retail prices for the products Developing promotion and advertising for each line of products (c) HOCK international. D. As a certified internal auditor. C. C. Ignore the issue because the regulatory inspectors are better qualified to assess the danger. May be disclosed in a separate report and distributed to the company's audit committee of the board of directors. A. C. B. C. you have been assigned to an engagement at a local plant.Internal Control ABC is a major retailer with over 52 department stores. An internal auditor is not responsible for submitting a copy of the internal engagement communication to regulatory authorities. page 54 . Whenever a problem that requires immediate attention is discovered in an internal audit.Part 1 : 11/11/10 07:44:32 B. you are aware that chemicals manufactured at the plant release toxic by-products. D. In addition. and construction to two other plants owned by the same organization that have been recently cited for discharge of hazardous wastes. Question 113 . regulations. Send a copy of your engagement communication to the appropriate regulatory agency. Should be excluded from the internal auditor's report and discussed orally with the senior manager. This plant is similar in age. and contracts. B.CIA 592 I-45 . Question 112 . and it needs to be reported immediately to management in either an oral report or an interim report. Assume that you have evidence that the plant is discharging hazardous wastes. D. If the company is publicly held. siting. D. B. what is the appropriate communication requirement in this situation? A. Information about illegal acts committed by a member of senior management should be reported to the senior manager's superior and to the board of directors. page 55 . B. D. B. it is a preventive control. I. the product managers also determine the timing and method of product delivery. Requests for purchases beyond those initially budgeted by the marketing manager must be approved by the marketing manager. The company must keep purchases within the limits of available financing. The company must keep purchases within the limits of available financing. A. A subsection of the department does marketing surveys. and it must allocate its limited warehouse and display space among its various merchandise lines. D. Product managers are not rotated among product lines because of the need to acquire product knowledge and to build relationships with vendors. Each product manager is given a purchasing budget by the marketing manager. Having the product manager approve additional purchases beyond those initially budgeted provides a means to allocate the company's resources in order to maximize the organization's total return. Approval of requests for purchases beyond those initially budgeted by the marketing manager is not a detective control. I only. This control is not redundant because the evaluation of managers on profit generated does nothing to control the allocation of these two resources. In addition to ordering and pricing. Receipts are recorded at the distribution center. Question 114 . Approval of requests for purchases beyond those initially budgeted by the marketing manager is not a detective control.CIA 1196 I-8 . This control is not redundant because the evaluation of managers on profit generated does nothing to control the allocation of these two resources. and it must allocate its limited warehouse and display space among its various merchandise lines. and the goods are segregated for distribution to stores. Receiving documents are created by scanning in receipts.Internal Audit (c) HOCK international. Which of the following statements regarding this control procedure is correct? The procedure I. Many products are seasonal and individual store managers can require that seasonal products be "cleared out" to make space for the next season's products. II. III only. The company must keep purchases within the limits of available financing. Is not necessary because each product manager is evaluated on profit generated. II and III. The company must keep purchases within the limits of available financing. C.Part 1 : 11/11/10 07:44:32 Determining the pricing of special sale items The marketing department has separate product managers for each product line. and it must allocate its limited warehouse and display space among its various merchandise lines. Is a detective control procedure III. Should provide for the most efficient allocation of scarce organizational resources II. C. The average product spends between 12 and 72 hours in the distribution center before being loaded on trucks for delivery to each store. Products are delivered to a central distribution center where goods are received. thus this control is redundant A. thus the company has not found the need to maintain a receiving function at each store. retail prices are marked on the product. Each product manager is evaluated on a combination of sales and gross profit generated from their product line. and III. This control is not redundant because the evaluation of managers on profit generated does nothing to control the allocation of these two resources. and it must allocate its limited warehouse and display space among its various merchandise lines. it is a preventive control. the number of items scanned in are reconciled with the price tags generated and attached to products. Pertinent factual statements concerning the control weaknesses uncovered during the course of the engagement would be appropriately included. B. C. Statements of opinion about the cause of an observation. D. determining deviations and whether such deviations have been approved by appropriate officials should be performed because it can determine whether the city is following procedures to ensure that the budget is adhered to. One of the requirements of the grant is that the city adopt a budget for the program.Part 1 : 11/11/10 07:44:32 The chief audit executive plans an engagement to verify that the job retraining program complies with applicable grant provisions. Question 115 . The final engagement communication should contain observations that are objective and factual. In performing an engagement concerning compliance with this provision. The final engagement communication should contain observations that are objective and factual. A.Internal Audit An internal auditor has just completed an engagement and is in the process of preparing the final engagement communication. B. the internal auditor should verify whether the budget was reviewed and approved by supervisory personnel within the city. Question 116 . page 56 . A. Comparing actual results with budgeted results. the internal auditors should perform all of the following procedures except A. Pertinent factual statements concerning the control weaknesses uncovered during the course of the engagement. The final engagement communication should contain observations that are objective and factual.CIA 593 II-37 . Determine if such deviations have been approved by appropriate officials. One of the provisions is that the city adopt a budget for the program and subsequently follow procedures to ensure that the budget is adhered to and that only allowable costs are charged to the program. B. Statements of both fact and opinion developed during the course of the engagement.Internal Control (c) HOCK international. C. Examining a sample of expenditures should be performed because it can determine whether the city is following procedures to ensure that only allowable costs are charged to the program. C. as required by the grant. as required by the grant. The final engagement communication should contain observations that are objective and factual. D. C. The city's internal auditors are responsible for determining whether the city is in compliance with the grant requirements. Statements concerning potential future events that may be helpful to the engagement client. B. Compare actual results with budgeted results and determine the reason for deviations. (2) appropriate to the program. In order to determine whether the city is in compliance with the grant requirements.CMA 1286 3-26 . Determine that the budget was reviewed and approved by supervisory personnel within the city. D. D. and (3) designed to meet the program's objectives. A statement of opinion about the cause of an observation is inappropriate. Select a sample of expenditures to determine that the expenditures are (1) properly classified as to type. Determine that the budget was reviewed and approved by supervisory personnel within the granting agency. Whether the budget was reviewed and approved by supervisory personnel within the granting agency is outside the scope of the audit and therefore should not be performed. A statement concerning potential future events is inappropriate. The observations in the final engagement communication should include A. page 57 . Inherent risk. D. To ensure adequate separation of duties. Which of the following controls would be appropriate for the receiving function? A. C. another employee reconciles the daily total of prenumbered receipts to the bank deposits. C. Require that all receipts receive the approval of the warehouse manager. such as those for pensions or leases. Sampling risk. Bank reconciliations are prepared by an employee not involved with cash collections and then are reviewed by a supervisor.CIA 1193 I-12 . One employee issues a prenumbered receipt for all cash collections. Audit risk. The definition of audit risk is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. and that person should prepare an independent list. The definition of sampling risk is the risk that a particular sample will not be representative of the entire population. Use of prenumbered receipts assures that all receipts are accounted for. the warehouse receiving clerk should work independently from the (c) HOCK international.Internal Control Which of the following describes the most effective preventive control to ensure proper handling of cash receipt transactions? A. C. Detection risk. D. B. D. The person who prepares the bank deposit should be a different person. The definition of detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion. Question 117 . The susceptibility to material misstatements in these types of accounts is defined as A. Question 118 . not cash custody controls.Internal Control An audit of the receiving function at the company's distribution center revealed inadequate control over receipts. B. A. Predetermined totals (hash totals) of cash receipts are used to control posting routines. B. and having a different employee do the reconciliation is an additional control against misappropriation of funds. Hash totals are control totals used in processing to ensure that data has not been changed during the processing. A bank reconciliation is a detective control. The person who receives customer receipts should prepare a list of them. are the results of complex calculations.CIA 1189 I-10 . Complex calculations are subject to inherent risk just because they are complex and there are many opportunities for errors. assuming that there are no related internal control structure policies or procedures. not a preventive control. The definition of inherent risk is the susceptibility of an assertion to a material misstatement. which is then deposited by another employee. A. It is important to establish accountability for cash received at the earliest possible point. The employee who receives customer mail receipts prepares the daily bank deposit. B. C. D.Part 1 : 11/11/10 07:44:32 Some account balances. B. D. but its copy should not include prices and quantities. C.Internal Audit Internal auditors are often called upon to either perform. C.Internal Audit An internal auditor has detected probable employee fraud and is preparing a preliminary report for management. Prices and quantities should not appear on this copy in order to increase the likelihood that the count of received items will be accurate. The warehouse receiving department should have a copy of the purchase order. A list of proposed audit tests to help disclose the existence of similar frauds in the future. C. because the clerk would be working without supervision. The receiving clerk should have access to authorized purchase orders in order to make sure that only authorized shipments are accepted. but both prices and quantities omitted. tax issues. (c) HOCK international. A review of financial statements and related disclosures in conjunction with a potential acquisition. A review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies. sales.CIA 590 I-49 . Having the receiving clerk work independently of the warehouse manager is not a control but is in fact a risk. Question 119 . A due diligence review may be A. Ensure that the warehouse receiving department has a true copy of the original purchase order. A review of interim financial statements as directed by an underwriting firm. not the warehouse manager's approval. Ensure that the warehouse receiving department has a purchase order copy with the units described. A review of interim financial statements as directed by an underwriting firm is not a due diligence review. Shipment receipts should be backed up by authorized purchase orders. accounting and information systems. B. D. The results of a polygraph test administered to the suspected perpetrator(s) of the fraud. C. Question 120 . or assist the external auditor in performing. B. A statement that an internal audit conducted with due professional care cannot provide absolute assurance that irregularities have not occurred. B. B. This report should include A. A due diligence engagement includes review of the company's strategic overview. An operational audit of a division of an organization to determine if divisional management is complying with laws and regulations. D. An operational audit of a division of an organization to determine if divisional management is complying with laws and regulations is not a due diligence review. D.Part 1 : 11/11/10 07:44:32 warehouse manager.CIA 595 I-52 . A due diligence engagement is an investigative analysis of the financial and operating activities of an entity in connection with a proposed major transaction. page 58 . and any other matters of importance in determining whether there is justification for the transaction. A review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies is not a due diligence review. risk management. such as a business combination. A. A. C. business overview. a due diligence review. Maintain vehicles in a secured location with release and return subject to approval by a custodian. because it requires the approval of the custodian for any release or return of vehicles. page 59 . Having the treasurer's office sign payroll checks. C. it will not prevent loss or theft. However. C. The auditor's conclusion as to whether sufficient information exists to conduct an investigation. if in fact sufficient information exists to conduct an investigation. Establishing a policy to deal with close relatives working in the same department. What control should have prevented such actions? A. In the event that an internal auditor detects probable employee fraud. Insurance provides for reimbursement of losses. while only the payroll department should process payroll checks. C. Question 121 . Systematically accounting for repair work orders will not affect the risk of loss or theft of vehicles. Systematically account for all repair work orders.CIA 1192 II-20 . D.CIA 592 II-15 . to prevent an unauthorized person from adding a (c) HOCK international. A. Review insurance coverage for adequacy. Results of a polygraph test would be part of the investigation. B. Allowing changes to the payroll to be authorized only by the personnel department. Furthermore. C. A report containing language such as this would be a report reporting that no fraud has been detected. B. A preliminary audit report detailing probable employee fraud would not contain a list of proposed audit tests to help disclose the existence of similar frauds in the future. A. D. the auditor's responsibility is to immediately report the findings to management and to make a recommendation as to whether sufficient information exists to conduct an investigation.Internal Control A utility company with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss? A. Question 122 .Part 1 : 11/11/10 07:44:32 D. but it does not prevent loss or theft. B. C. D. B. Maintaining the vehicles in a secured location with release and return approved by a custodian is a preventive control. Using time cards and attendance records would not prevent a payroll clerk from adding fictitious employees to the payroll and keeping and depositing their paychecks. Having the treasurer's office sign payroll checks would not prevent a payroll clerk from adding fictitious employees to the payroll and keeping and depositing their paychecks. Using time cards and attendance records in the computation of employee gross earnings. The investigation would follow the auditor's interim report of findings. A. Only the personnel department should be authorized to make changes to the payroll. B.Internal Control An audit of the payroll function revealed several instances in which a payroll clerk had added fictitious employees to the payroll and deposited the checks in accounts of close relatives. Periodically taking a physical inventory and reconciling the results with the accounting records is an important detective control. Physically inventory vehicles and reconcile the results with the accounting records. D. Question 123 . The risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated is the definition of audit risk. not at the end.CMA 1294 2-30 . B. The internal auditor and the auditee are present at this meeting.Part 1 : 11/11/10 07:44:32 name of a fictitious employee to the payroll. so the auditee knows what is being sent to his or her supervisors and will not be surprised by the report. This review may also allow the auditee to identify any inaccuracies in the report. This review may also allow the auditee to identify any inaccuracies in the report. C. so the auditee knows what is being sent to his or her supervisors and will not be surprised by the report. C.CIA 589 I-40 . A. The risk that the auditor will not detect a material misstatement that exists in an assertion is the definition of detection risk.Internal Audit A purpose of the internal auditors' exit interview with appropriate levels of management is to A. and detection risk. and one effect of the meeting should be to generate commitment from the auditee for appropriate corrective action. Question 124 . D. B. page 60 . It is a courtesy to review the report with the person or department being audited. so the auditee knows what is being sent to his or her supervisors and will not be surprised by the report. Establishing a policy for the hiring of close relatives would not prevent a payroll clerk from adding fictitious employees to the payroll and keeping and depositing their paychecks. A. B. The members of the board of directors are not present. The risk that the auditor will not detect a material misstatement that exists in an assertion. C. C. D. The susceptibility of an assertion to a material misstatement. control risk. It is a courtesy to review the report with the person or department being audited. Generate commitment for appropriate managerial action. The risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. D. The internal auditor and the auditee are present at this meeting. payroll records should be reconciled with the active employee list from the personnel department each payday. assuming that there are no related internal control structure policies or procedures. Inherent risk is A. B. Obtain information to evaluate internal control. The internal auditor and the auditee are present at this meeting. Present the final engagement communication to the chief executive officer. Obtaining information to evaluate internal control is done at the beginning of an audit.Internal Audit There are three components of audit risk: inherent risk. The risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely (c) HOCK international. Inform members of the board of engagement results. D. The chief executive officer is not present. It is a courtesy to review the report with the person or department being audited. The risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity's internal control structure policies or procedures. This review may also allow the auditee to identify any inaccuracies in the report. and during that time. it does not provide assistance with data input to inexperienced personnel. Checkpoint processing is used with networks in order to enable recovery in case of a system failure. assuming that there are no related internal control structure policies or procedures. Although this is an important process for security. B. While important. No particular position or individual is responsible for compliance with the internal control provisions of the FCPA. A. or specific. D.Then. Checkpoint control procedures are performed several times per hour. Inherent risk is independent of the audit. The responsibility to insure that all payments are acceptable is given to the company as whole and not to any individual or position within the company. Chief financial officer. Director of internal auditing.Systems Control An online data entry technique that can be employed when inexperienced personnel enter data is the use of A. No particular position or individual is responsible for compliance with the internal control provisions of the FCPA. and rights are assigned. and reprocesses only the transactions that were posted after that checkpoint. the higher can be the detection risk. A. and any activity not authorized for a user is rejected. Checkpoints. the company simply reverts to the last saved copy. the lower must be the detection risk. although individuals are personally liable nonetheless for their own actions. B. A compatibility test is an access control. When transactions are processed. Board of directors.Internal Control The requirement of the Foreign Corrupt Practices Act of 1977 to devise and maintain adequate internal control is assigned in the act to the A. page 61 . A compatibility test is an access control. Question 126 .CMA 685 5-27 . transaction codes are checked against the users' code. the network system will not accept posting. A system that prompts the user for the specific information to be entered can aid inexperienced personnel who are entering data. authorization and are recorded properly. Question 125 . C. D. D. The lower the inherent risk is judged by the auditor to be. D. Company as a whole with no designation of specific persons or positions. It stops and backs up all the data and other information needed to restart the system.Part 1 : 11/11/10 07:44:32 basis by the entity's internal control structure policies or procedures is the definition of control risk. Prompting. if a hardware failure occurs. All users are assigned user codes and passwords. C. Compatibility tests. B. And the higher the inherent risk is judged by the auditor to be. this would not provide assistance with data input to inexperienced personnel. Inherent risk is the susceptibility of an assertion to a material misstatement. Overflow procedures. This checkpoint is recorded on separate media.CMA 1285 3-30 . (c) HOCK international. An overflow procedure would not provide assistance with data input to inexperienced personnel. The company must ensure that all transactions are in accordance with management's general. C. C. B. Question 128 . or the audit committee. Question 127 . D. When appropriate to do so. making purchases against blanket or open purchase orders is not a control risk. (c) HOCK international. However. Rotating purchases among approved suppliers is not a usual control procedure. the auditor only has suspicions of fraud. The department requesting the material would be expected to develop the purchase specifications. The auditor should first expand work to determine the existence of fraud before reporting the matter to top management. including the approval of the proposed audit program to make sure it is acceptable on legal grounds. More work should be performed before consulting with management. which of the following ordinarily would be considered a risk factor? A. C. or the audit committee. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud. given the red flags. A. the auditor only has suspicions of fraud. C. Purchase specifications are developed by the department requesting the material. Expand activities to determine whether an investigation is warranted. B. D. At this point. At this point. C.Internal Audit Which of the following best describes an auditor’s responsibility after noting some indicators of fraud? A.Segregation of Duties In an audit of a purchasing department. Purchases are made from parties related to buyers or other company officials.CIA 1193 II-11 . C. Purchases are made against blanket or open purchase orders for certain types of items. or the audit committee. At this point. Report the possibility of fraud to top management and ask them how they would like to proceed. and therefore failure to rotate suppliers is not a control risk.Part 1 : 11/11/10 07:44:32 D. B. and thus this does not represent a control risk. No particular position or individual is responsible for compliance with the internal control provisions of the FCPA. The auditor should first expand work to determine the existence of fraud before reporting the matter to top management. If fraud is indicated then the internal auditor should expand activities to determine whether an investigation is warranted. The auditor should first expand work to determine the existence of fraud before reporting the matter to top management. D. external legal counsel. D. the use of an approved list of vendors is appropriate because it helps to ensure quality of materials and reliability of supplies. B. More work should be performed before consulting with management. There is a failure to rotate purchases among suppliers included on an approved vendor list. given the red flags. Consult with external legal counsel to determine the course of action to be taken. external legal counsel. the auditor only has suspicions of fraud. A. B.CIA 598 1-9 . page 62 . In conducting audit assignments. given the red flags. the internal auditor should have sufficient knowledge of fraud to identify red flags indicating fraud may have been committed. external legal counsel. More work should be performed before consulting with management. Making purchases from related parties is a control risk because the purchasing agent may have a conflict of interest. Part 1 : 11/11/10 07:44:32 Question 129 - CMA 690 5-3 - Internal Control Marport Company is a manufacturing company that uses forms and documents in its accounting information systems for record keeping and internal control. The departments in Marport's organization structure and their primary responsibilities are: Accounts Payable -- authorize payments and prepare vouchers. Accounts Receivable -- maintain customer accounts. Billing -- prepare invoices to customers for goods sold. Cashier -- maintain a record of cash receipts and disbursements. Credit Department -- verify the credit rating of customers. Cost Accounting -- accumulate manufacturing costs for all goods produced. Finished Goods Storeroom -- maintain the physical inventory and related stock records of finished goods. General Accounting -- maintain all records for the company's general ledger. Internal Audit -- appraise and monitor internal controls, as well as conduct operational and management audits. Inventory Control -- maintain perpetual inventory records for all manufacturing materials and supplies. Mailroom -- process incoming, outgoing, and interdepartmental mail. Payroll -- compute and prepare the company payroll. Personnel -- hire employees, as well as maintain records on job positions and employees. Purchasing -- place orders for materials and supplies. Production -- manufacture finished goods. Production Planning -- decide the types and quantities of products to be produced. Receiving -- receive all materials and supplies. Sales -- accept orders from customers. Shipping -- ship goods to customers. Stores Control -- safeguard all materials and supplies until needed for production. Timekeeping -- prepare and control time worked by hourly employees. Multiple copies of the purchase order are prepared for record keeping and distribution with a copy of the purchase order sent to the vendor and one retained by the Purchasing Department. In addition, for proper informational flow and internal control purposes, a version of the purchase order would be distributed to the A. Accounts Payable, Receiving, and Stores Control Departments. B. Accounts Payable, Receiving, and Production Planning Departments. C. Accounts Payable, Accounts Receivable, and Receiving Departments. D. Accounts Payable, Receiving, and Inventory Control Departments. A. The Stores Control Department does not need copies of purchase orders. B. The Production Planning Department does not have a need to receive copies of purchase orders. C. The Accounts Receivable Department does not have a need to receive copies of purchase orders. D. The Accounts Payable Department needs copies of purchase orders to check the vendor's invoice; the Receiving Department needs copies of purchase orders with quantities omitted, so the count of items received should be honest; and the Inventory Control Department needs copies of purchase orders in order to know what orders have been placed. Question 130 - CMA 685 5-24 - Systems Control EDP accounting control procedures are referred to as general controls or application controls. The primary objective of application controls in a computer environment is to (c) HOCK international, page 63 Part 1 : 11/11/10 07:44:32 A. Ensure the separation of incompatible functions in the data processing departments. B. Provide controls over the electronic functioning of the hardware. C. Plan for the protection of the facilities and backup for the systems. D. Maintain the accuracy of the inputs, files, and outputs for specific applications. A. General controls relate to the general environment within which transaction processing takes place. They are designed to ensure that the company's control environment is stable and well managed. Separation of incompatible functions in the data processing departments is a general control, not an application control. B. General controls relate to the general environment within which transaction processing takes place. They are designed to ensure that the company's control environment is stable and well managed. Hardware controls are general controls, not application controls. C. General controls relate to the general environment within which transaction processing takes place. They are designed to ensure that the company's control environment is stable and well managed. Plans for the protection of the facilities and backup for the systems are general controls, not application controls. D. Application controls are controls that are specific to individual applications and are designed to prevent, detect, and correct errors and irregularities in transactions during the input, processing, and output stages. Question 131 - CIA 1196 I-9 - Internal Audit The internal auditors must determine the applicable laws and regulations. Which of the following procedures would be the least effective in learning about the applicable laws and regulations? A. Discuss the matter with the audit committee and make inquiries as to the nature of the requirements and the audit committee's objectives for the engagement. B. Make inquiries of the city's chief financial officer, legal counsel, or grant administrators. C. Review prior-year working papers and inquire of officials as to changes. D. Review applicable grant agreements. A. Discussing the matter with the audit committee is likely not to be useful. Audit committee members generally are not fluent in the applicability of laws and regulations. B. Making inquiries of the city's CFO, legal counsel, or grant administrators would be an effective method to learn about the applicable laws and regulations. C. Reviewing prior-year working papers would be an effective method to learn about the applicable laws and regulations. D. Reviewing applicable grant agreements would be an effective method to learn about the applicable laws and regulations. Question 132 - CIA 1189 I-9 - Internal Control An internal auditor noted that several shipments were not billed. To prevent recurrence of such nonbilling, the organization should A. Numerically sequence and independently account for all controlling documents (such as packing slips and shipping orders) when sales journal entries are recorded. B. Release product for shipment only on the basis of credit approval by the credit manager or other authorized person. (c) HOCK international, page 64 Part 1 : 11/11/10 07:44:32 C. Undertake periodic tests of gross margin rates by product line and obtain explanations of significant departures from planned rates. D. Undertake a validity check with customers as to orders placed. A. Packing slips should be produced for every shipment, and an invoice should be produced for every packing slip. If packing slips and invoices are numerically sequenced and accounted for when sales journal entries are recorded, unrecorded shipments or unauthorized shipments should be prevented or detected. B. This would not prevent shipments from going out without being invoiced. C. Although tests of gross margin rates can be used as an analytical procedure after the fact, it is not an effective way to prevent shipments from going out without being invoiced. D. This would not prevent shipments from going out without being invoiced. Question 133 - CMA 690 5-10 - Segregation of Duties Organizational independence is required in the processing of customers' orders in order to maintain an internal control structure. Which one of the following situations is not a proper separation of duties in the processing of orders from customers? A. Shipping of goods by the Shipping Department that have been retrieved from stock by the Finished Goods Storeroom Department. B. Invoice preparation by the Billing Department and posting to customers' accounts by the Accounts Receivable Department. C. Approval by Credit Department of a sales order prepared by the Sales Department. D. Approval of a sales credit memo because of a product return by the Sales Department with subsequent posting to the customer's account by the Accounts Receivable Department. A. Shipping of goods by the Shipping Department that have been retrieved from stock by the Finished Goods Storeroom Department is an appropriate segregation of duties. B. Invoice preparation by the Billing Department and posting to customers' accounts by the Accounts Receivable Department is an appropriate segregation of duties. C. Approval by the Credit Department of a sales order prepared by the Sales Department is an appropriate segregation of duties. D. The Sales Department should not have authority to approve a sales credit memo because of a product return. Credit memos should be approved only upon receipt of a receiving report evidencing the products return, and the approval should not come from the Sales Department because of the potential for booking sales in one period and reversing them the next. Question 134 - CIA 1189 II-7 - Internal Control The procedure requiring preparation of a prelisting of incoming cash receipts, with copies of the prelist going to the cashier and to accounting, is an example of which type of control? A. Corrective. B. Preventive. C. Detective. D. Directive. (c) HOCK international, page 65 prepare and control time worked by hourly employees. Prelisting incoming cash receipts is a preventive control which is designed to prevent undesirable events from occurring. B.maintain a record of cash receipts and disbursements.verify the credit rating of customers. Stores Control safeguards the materials and supplies until they are needed for production.maintain perpetual inventory records for all manufacturing materials and supplies. page 66 . Shipping -. D. Finished Goods Storeroom -. The Inventory Control Department maintains perpetual inventory records for all manufacturing materials and supplies. Inventory Control Department.compute and prepare the company payroll.authorize payments and prepare vouchers. it would be in a position to know when supplies are getting low and would be (c) HOCK international. General Accounting -. B. Stores Control -. outgoing. an undesirable event is the disappearance of cash payments. Credit Department -. The initiation of the purchase of materials and supplies would be the responsibility of the A. Prelisting incoming cash receipts is a preventive control which is designed to prevent undesirable events from occurring. The prelist should be made at the earliest possible time. Production Department.process incoming. The departments in Marport's organization structure and their primary responsibilities are: Accounts Payable -.ship goods to customers. Prelisting incoming cash receipts is a preventive control which is designed to prevent undesirable events from occurring. Mailroom -.appraise and monitor internal controls.decide the types and quantities of products to be produced. in order to establish accountability for the cash.safeguard all materials and supplies until needed for production.Part 1 : 11/11/10 07:44:32 A. C.hire employees.Internal Control Marport Company is a manufacturing company that uses forms and documents in its accounting information systems for record keeping and internal control. Cost Accounting -. In this case. Purchasing Department.maintain all records for the company's general ledger.accept orders from customers. A. Cashier -. not a detective control. D. which is designed to expose an error or a fraud after it occurs. Payroll -.maintain the physical inventory and related stock records of finished goods.manufacture finished goods. Question 135 . not a directive control. not a corrective control designed to correct undesirable events after they occur. C. Accounts Receivable -. Timekeeping -. They do not maintain inventory records or initiate purchase requisitions. as well as conduct operational and management audits.accumulate manufacturing costs for all goods produced. B. Prelisting incoming cash receipts is a preventive control designed to prevent undesirable events from occurring. Stores Control Department.receive all materials and supplies. Therefore. Receiving -. and interdepartmental mail.prepare invoices to customers for goods sold. as well as maintain records on job positions and employees.place orders for materials and supplies. Personnel -. Inventory Control -. Internal Audit -. Purchasing -.maintain customer accounts. Billing -.CMA 690 5-1 . which is designed to ensure the occurrence of a desirable event. Production Planning -. Production -. Sales -. Thus. Identify bogus employees on the department's payroll. and the quality of performance in carrying out assigned responsibilities. The Production Department manufactures the goods. but they do not initiate them.authorize payments and prepare vouchers. overall company operations.CIA 1191 I-10 . the internal auditors would not compare the current staffing of a department with established industry standards for the purpose of determining whether the department has complied with all laws and regulations governing its personnel.maintain customer accounts. but determining whether the department has complied with laws and regulations in its personnel function would be the focus of a compliance audit. effectiveness and economy. B. D. Orders are initiated and authorized by others. effectiveness and economy. There is no connection between the two things. Question 136 .Internal Control Marport Company is a manufacturing company that uses forms and documents in its accounting information systems for record keeping and internal control. (c) HOCK international. The departments in Marport's organization structure and their primary responsibilities are: Accounts Payable -. The Purchasing Department places orders. C. page 67 . Not only would the first not achieve the second. C. The focus of an operational audit is on efficiency. An operational audit involves examining and evaluating systems of internal control. An operational audit does involve examining and evaluating systems of internal control. Thus the focus would not be on identifying bogus employees on the department's payroll. overall company operations. However. Assess the current performance of the department and make appropriate recommendations for improvement. and the quality of performance in carrying out assigned responsibilities.Part 1 : 11/11/10 07:44:32 responsible for initiating a purchase requisition. Evaluate the adequacy of the established internal controls for the department. A. not an operational audit. Question 137 . C. Accounts Receivable -. An operational audit involves examining and evaluating systems of internal control.prepare invoices to customers for goods sold. The focus of an operational audit is on efficiency. An operational audit involves examining and evaluating systems of internal control. and the quality of performance in carrying out assigned responsibilities. the internal auditors would not compare the current staffing of a department with established industry standards for the purpose of evaluating the adequacy of the established internal controls for the department. Cashier -. D. D. Billing -.CMA 690 5-4 .maintain a record of cash receipts and disbursements.Internal Audit During an operational engagement. Thus in an operational audit. the internal auditors compare the current staffing of a department with established industry standards to A. B. obtaining its materials from the Stores Control Department. It does not initiate requests for purchases. the internal auditors would compare the current staffing of a department with established industry standards in order to assess the current performance of the department and make appropriate recommendations for improvement. overall company operations. Determine whether the department has complied with all laws and regulations governing its personnel. B. Shipping -.. and interdepartmental mail.accumulate manufacturing costs for all goods produced. would be entrusted to the A. Personnel -. Receiving Department. as well as conduct operational and management audits.Internal Control An auditor noted that the accounts receivable department is separate from other accounting activities.maintain all records for the company's general ledger.hire employees. The credit memoranda are prenumbered and also there is a procedure in place to verify that the goods being credited to the customer were in fact received back from the (c) HOCK international. B. Handling of credit memos. orders overdue.compute and prepare the company payroll. C. C. The Stores Department is responsible for safeguarding all materials and supplies after they are received and until they are needed for production. C. D. such as orders for which no acknowledgment has been received. etc. Stores Control Department.Part 1 : 11/11/10 07:44:32 Credit Department -. Purchasing -.process incoming. damaged or substandard merchandise received on an order. Purchasing Department. The receiving department receives the order. outgoing. Production -. Monthly aging of receivables. General Accounting -. The controls on credit memoranda are appropriate.maintain perpetual inventory records for all manufacturing materials and supplies. accounts are aged monthly. They are not responsible for following up on problems with purchase orders. or sooner if a bankruptcy or other unusual circumstances are involved. page 68 .accept orders from customers.CIA 1186 I-7 . Inventory Control -.place orders for materials and supplies. B. Credit approvals. they do not have responsibility for following up on problems regarding the orders. Control accounts and subsidiary ledgers are balanced monthly. Responsibility for following up on any problems regarding orders of production materials and supplies. Receiving -. Production Planning -. The accounts receivable manager writes off delinquent accounts after 1 year. Similarly.ship goods to customers. Internal Audit -. Question 138 .maintain the physical inventory and related stock records of finished goods. Mailroom -. as well as maintain records on job positions and employees. Payroll -. Stores Control -. partial orders. Finished Goods Storeroom -. D.decide the types and quantities of products to be produced. Credit memoranda are prenumbered and must correlate with receiving reports. The Production Planning Department is responsible for the manufacturing. Write-offs of delinquent accounts. Production Planning Department. D. The Purchasing Department is responsible for following up on any problems regarding orders of production materials and supplies. Sales -.verify the credit rating of customers. Credit is approved by a separate credit department. but after it has been received and recorded.prepare and control time worked by hourly employees.appraise and monitor internal controls. Timekeeping -. A. A. Which of the following areas could be viewed as an internal control weakness of the above organization? A. Cost Accounting -.manufacture finished goods.safeguard all materials and supplies until needed for production.receive all materials and supplies. Internal Control A bill of lading is a document that A. A bill of lading is a document that transfers possession of goods from the seller to a common carrier.CMA 690 5-11 . C. Question 140 . List of all authorized user code numbers and passwords.Systems Control Compatibility tests are sometimes employed to determine whether an acceptable user is allowed to proceed. The description is given is that of a credit memo. a compatibility test does not have any function that limits the number of transaction inquiries that can be made by each user in a specified time period. page 69 . The description given is that of a packing slip. Monthly aging of receivable is not a control weakness but is an appropriate control procedure. C. not a bill of lading. B. List of all programs maintained on the system. A list of all files maintained on the system would be part of an access control matrix. B. List of all files maintained on the system. However. C. Is used to transfer responsibility for goods between the seller of goods and a common carrier. D. A. D. not a bill of lading. Is sent with the goods giving a listing of the quantities of items included in the shipment. Reduces a customer's account for goods returned to the seller.CMA 690 3-27 . D. A list of all programs maintained on the system would be part of an access control matrix. A list of all authorized user code numbers and passwords would be part of an access control matrix. which is appropriate segregation of duties. C. D.CMA 687 5-7 . this is a weakness in internal control.Systems Control (c) HOCK international. The person who authorizes a transaction should be different from the person who records the transaction. Limit on the number of transaction inquiries that can be made by each user in a specified time period. The one item that is not part of an access control matrix is a A.Part 1 : 11/11/10 07:44:32 customer. Summarizes data relating to a disbursement and represents final authorization for payment. If the accounts receivable manager is both approving the write-offs of delinquent accounts and performing the write-off. B. Question 139 . Credit is approved by a separate credit department. The description given is related to a payment order. not a bill of lading. B. In order to perform compatibility tests. Users are permitted access to certain programs and files. D. C. Question 141 . the system must maintain an access control matrix. A. B. A compatibility test is a means of assigning rights to users. it is not a control that is used during the processing of the data. but it does not contribute to assignment effectiveness.CIA 588 II-15 . B. The internal auditor and the auditee are present at this meeting. This review may also allow the auditee to identify any inaccuracies in the report. While review of data output by data control groups is a control. Preparing weekly time reports is important for audit efficiency. External labels are the gummed labels attached to the outside of a disk or other media that identify its contents. A. D. tests a value to determine whether it falls within a prescribed range. A sequence test verifies that records are in the correct sequence.Part 1 : 11/11/10 07:44:32 One of the steps in assessing control risk in a computerized information control system is identifying necessary controls to prevent data from being lost. Conducting an exit interview with auditees. B. D. D. B. duplicated. C. Having budget revisions approved by the project supervisor. Adhering to a time budget.CIA 1188 I-20 . both external and internal. so the auditee knows what is being sent to his or her supervisors and will not be surprised by the report. Control totals are of various kinds. Review of data output by data control groups. It is a courtesy to review the report with the person or department being audited. Question 142 . are used to identify a file. C. Authorization and approval of data in user departments and screening of data by data control groups. C. C. Use of control totals. Adhering to a time budget is important for audit efficiency and economy. page 70 . B. approval of data. Having budget revisions approved by the project supervisor is important for audit efficiency. A limit check. or a reasonableness check. and sequence tests. Processing controls are controls designed to ensure that processing has occurred properly and that no transactions have been lost or incorrectly added. Preparing weekly time reports. Internal labels identify the contents by means of an identification within the data file that can be read by the computer. added. and one effect of the meeting should be to generate commitment from the auditee for appropriate corrective action. they are not controls that are used during the processing of the data. While authorization of data. but it does not contribute to assignment effectiveness. but they all involve comparison of counts at various points with the correct count. but it does not contribute to assignment effectiveness. Use of external and internal file labels. limit and reasonableness checks. and screening of data are controls.Segregation of Duties (c) HOCK international. An example of this type of control is the A. Question 143 . D.Internal Audit The effectiveness of an audit assignment is related to the findings and the action taken on those findings. Labels. Which of the following activities contributes to assignment effectiveness? A. A. or altered during processing. terminated employees who had not been removed from the payroll would continue to (c) HOCK international. and results. the payroll clerk having custody of the check signature stamp is a control weakness. scope. Resultant evaluations of the effects of the findings are not the cause of the finding. If an employee has been terminated but the employee has not been removed from the payroll.Internal Control Which of the following controls would be the most appropriate means to ensure that terminated employees had been removed from the payroll? A. a reconciliation of payroll records with time-keeping records should detect it. Draws the paychecks on a separate payroll checking account. D. Mailing checks to employees' residences.CIA 1192 I-44 . Preparation of the payroll register is an appropriate duty for a payroll clerk. and cause of the finding. D. The audit results should contain the criteria. A. D. Has custody of the check signature stamp machine. Reconciling payroll and time-keeping records. A. Question 144 . The risk or exposure because of the condition found. Establishing computerized limit checks on payroll rates. Prepares the payroll register. B. Thus it is a control strength rather than a weakness.Part 1 : 11/11/10 07:44:32 Which of the following activities performed by a payroll clerk is a control weakness rather than a control strength? A.Internal Audit Internal audit reports should contain the purpose. B. Resultant evaluations of the effects of the findings. C. The cause can best be described as A. D. The payroll checks should be signed by someone else who has the authority to do so. Factual evidence is not the cause of the finding. B. B. The payroll clerk giving the payroll register to the chief accountant for approval is an appropriate control. C. Forwards the payroll register to the chief accountant for approval. Factual evidence that the internal auditor found. Therefore. effect. Establishing direct-deposit procedures with employees' banks does nothing to verify whether all the paychecks are valid. B. C. Using this procedure. page 71 . condition. The risk or exposure because of a condition found is not the cause of the finding. Reason for the difference between the expected and actual conditions. C. A. Drawing paychecks on a separate payroll checking account is a control strength rather than a weakness. A payroll clerk is involved in payroll preparation. C. Question 145 . Establishing direct-deposit procedures with employees' banks. The reason for difference between expected conditions and actual conditions is the cause of the finding. B. D.CIA 1190 I-10 . and who has the authority to approve sales returns and allowance is a reportable condition. Mailing checks to employees' homes does nothing to verify whether all the paychecks are valid. An accounts receivable clerk. This is a detective control as well as a preventive control. The petty cash custodian has the ability to steal petty cash. receives customer remittances and deposits them in the bank. C. An inventory control clerk at a manufacturing plant has the ability to steal one completed television set from inventory a year. Marketing analysis of sales generated by advertising projects. D. it is not an accounting control. The clerk could steal a customer remittance and cover up the theft by approving a credit memo to the customer's account. Using this procedure. It would detect the oversight and prevent a check from being sent out that might possibly not be legitimate. Checks are not signed unless all appropriate documents are attached to a voucher. A. Maintenance of statistical production analyses. the check will not be signed. Documentation for all disbursements from the fund must be submitted with the request for replenishment of the fund. and if the petty cash fund is reconciled regularly. Although maintenance of statistical production analyses is a control objective. This would probably not be a reportable condition. A clerk in the invoice processing department fails to match a vendor's invoice with its related receiving report. C. B. it is not an accounting control. C. C. Thus.Internal Control Which one of the following would be considered an accounting control rather than an administrative control? A. Question 147 . Timely reporting and review of quality control results. any theft from the fund will be detected. Policies and procedures for maintenance of control over unused checks are accounting controls because they relate to the control objective of safeguarding cash. Question 146 . D. and if the approving signature is matched against specimen signatures on file. C. because the amount of potential theft is probably not material.CMA 1288 3-21 . B. A.Internal Audit Which one of the following is most likely to be considered a reportable condition? A. terminated employees who had not been removed from the payroll would continue to receive paychecks. (c) HOCK international. deposits funds in the bank. Limited supervision is maintained over the employee. If the requirement for documentation of disbursements from the fund includes the requirement that the documentation be approved.Part 1 : 11/11/10 07:44:32 receive paychecks. Maintenance of control over unused checks. Although the marketing analysis of sales generated by advertising projects is a control objective. B. this would not be a reportable condition. An accounts receivable clerk who receives customer remittances. who approves sales returns and allowances. If the receiving report is not included with the backup to the check. page 72 . D. The theft probably will never be detected.CMA 684 3-29 . This procedure would detect excessive pay to current employees but not inappropriate pay to terminated employees. B. D. it means that enough information has been gathered to enable another person to come to the same conclusions as the auditor. B. Trace quantities and prices on the sales invoice to the customer purchase order and test extensions and footings. Be convincing enough for a prudent person to reach the same decision. C. D. D.CIA 592 II-21 . If evidence is sufficient. Question 149 .Part 1 : 11/11/10 07:44:32 D. it means that enough information has been gathered to enable another person to come to the same conclusions as the auditor. Which of the following substantive tests should be extended as a result of this control weakness? A. B. The shipping documents are neither accounted for nor prenumbered. Tracing a sample of purchase orders to the related sales invoices would not test to see whether all shipments are being billed. but that does not constitute sufficiency. Be based on references that are considered reliable.Internal Audit Which of the following is an essential factor in evaluating the sufficiency of evidence? The evidence must A. Footing the sales register and tracing the total to the general ledger would not test to see whether all shipments are being billed. Although quality control results and their timely reporting and review are a control objective.Internal Audit Shipments are made from the warehouse based on customer purchase orders. Selecting bills of lading from the warehouse and tracing the shipments to the related customer invoices is a test to see whether all shipments are being billed. If evidence is sufficient. C. B. Documentation and cross-referencing. Foot the sales register and trace the total to the general ledger. The matched shipping documents and purchase orders are then forwarded to the billing department for sales invoice preparation. they are not accounting control. D. Since shipping documents are neither accounted for nor prenumbered. while important. B. it is likely that some shipments will leave the warehouse without being billed. it means that enough information has been gathered to enable another person to come to the same conclusions as the auditor. (c) HOCK international. If evidence is sufficient. C. C. Be well documented and cross-referenced in the working papers. do not constitute sufficiency. If evidence is sufficient. A. Tracing quantities and prices on the sales invoice to the customer purchase order and testing extensions and footings would not test to see whether all shipments are being billed. Bear a direct relationship to the finding and include all of the elements of a finding. A. Trace a sample of purchase orders to the related sales invoices. Select bills of lading from the warehouse and trace the shipments to the related sales invoices. Information that bears a direct relationship to the finding and includes all of the elements of a finding is relevant evidence. but that does not constitute sufficiency. it means that enough information has been gathered to enable another person to come to the same conclusions as the auditor.CIA 593 I-11 . Information that is based on references that are considered reliable is competent evidence. Question 148 . page 73 . D. Question 151 . B. Authorization of overtime. A. Authorization of additions and deletions from the payroll. D. which performs the authorization function. Consequently.Part 1 : 11/11/10 07:44:32 Question 150 . Question 152 . Therefore. Compliance with methods and procedures ensuring operational efficiency and adherence to managerial policies is an objective of operational control. Executing transactions in accordance with management's general or specific authorization. Collection and retention of unclaimed paychecks. Comparing recorded assets with existing assets at periodic intervals and taking appropriate action with respect to differences. D. A. Authorization of additions to and deletions from the payroll should come from the personnel department. C. The safeguarding of assets and reliability of financial records requires that physical assets be compared with recorded assets at periodic intervals.Internal Control Which of the following activities represents both an appropriate personnel department function and a deterrent to payroll fraud? A. B. C. since he/she is in a position to know whether the employee actually worked the overtime. C. Overtime should be authorized by an employee's supervisor. The personnel department performs the authorization function.CMA 693 4-4 . not accounting control. B. Compliance with methods and procedures ensuring operational efficiency and adherence to managerial policies. D. C. page 74 . it should not also perform the custodial function of distributing paychecks. B. these controls are designed to provide reasonable assurance that all of the following take place except A. The safeguarding of assets and reliability of financial records requires that management control who can have access to the assets to be safeguarded. The safeguarding of assets and reliability of financial records requires that transactions be executed in accordance with management's general or specific authorization. Distribution of paychecks. D.Internal Control Which of the following credit approval procedures would be the basis for developing a deficiency finding for a wholesaler? (c) HOCK international. and it should not be performed by the personnel department. and that action be taken to resolve any differences. Permitting access to assets in accordance with management's authorization.CIA 590 I-9 .CIA 1187 I-43 . Collection and retention of unclaimed paychecks is a custodial function.Internal Control Accounting controls are concerned with the safeguarding of assets and the reliability of financial records. A. but not objectivity. the person responsible explained that the cash was used to cover sizable medical expenses for a child and agreed to replace the funds. Since the internal auditor reports directly to the board of directors. Salespeople make contact with customers and potential customers. not a basis for developing a deficiency finding. Salespeople are responsible for evaluating and monitoring the financial condition of prospective and continuing customers. the auditor does have organizational independence. In this instance.O. Question 154 .) basis only. (c) HOCK international. page 75 . D. Having the finance committee of the board of directors review and approve trade-credit standards is a control strength and would not lead to a deficiency finding. Since the internal auditor reports directly to the board of directors. the auditor does have organizational independence. C. Customers not meeting trade-credit standards are shipped merchandise on a cash-on-delivery (C. Trade-credit standards are reviewed and approved by the finance committee of the board of directors.CMA 690 5-6 . The auditor discovered a material cash shortage. B. B.authorize payments and prepare vouchers. However. B. C. not the basis for a deficiency finding.O. Does not have organizational independence but has objectivity. their conflict of interest (desire to make the sale) could lead to inappropriate approvals. However. A.D. Has organizational independence. Requiring customers who do not meet trade-credit standards to purchase on a C. Has both organizational independence and objectivity.CIA 1194 I-61 . denoting approval of the customer's credit. D.Internal Audit An internal auditor reports directly to the board of directors. The departments in Marport's organization structure and their primary responsibilities are: Accounts Payable -. C. make sales and provide customer service where appropriate.Internal Control Marport Company is a manufacturing company that uses forms and documents in its accounting information systems for record keeping and internal control. An authorized signature from the credit department. Does not have either organizational independence or objectivity. basis is a common procedure.D. Question 153 . Not reporting the misappropriation of funds is an indication that the auditor does not have objectivity. the internal auditor did not inform management. Because of the corrective action. Requiring an authorized signature from the credit department denoting approval of the customer's credit is a control strength. not reporting the misappropriation of funds is an indication of a lack of objectivity. If salespeople are responsible for credit approval. When questioned.Part 1 : 11/11/10 07:44:32 A. D. The auditor reports directly to the board of directors. C. the auditor A. is to appear on all credit-sales orders. B. Salespeople should not be responsible for monitoring customers' financial condition. There should be a separate credit approval function. and thus the auditor does have organizational independence. not reporting the misappropriation of funds is an indication of a lack of objectivity. D. Inventory Control -. A risk associated with this means of providing data access is that A. When this is done. where replication.manufacture finished goods.maintain all records for the company's general ledger. A bill of materials is the list of component parts that go into the manufacture of each item of finished goods.prepare invoices to customers for goods sold. Cost Accounting -. Data fragments may lack integrity. (c) HOCK international. Stores Control -.verify the credit rating of customers.Systems Control A company makes snapshot copies of some often-used data and makes them available in files on the mainframes. Data currency may not be maintained. Credit Department -.receive all materials and supplies.hire employees. Authorized users can then download data subsets into spreadsheet programs.appraise and monitor internal controls. Timekeeping -. B. or the snapshot technique.maintain a record of cash receipts and disbursements. so they are synchronized. Payroll -. Cashier -. data replicas are all created at the same time.Part 1 : 11/11/10 07:44:32 Accounts Receivable -. Personnel -. The document that is the authorization to initiate the manufacture of goods is referred to as a A.CIA 1196 III-47 . Question 155 .ship goods to customers. C.decide the types and quantities of products to be produced. Bill of materials.prepare and control time worked by hourly employees. The Production Planning Department would use a Production Order to authorize the Production Department to manufacture certain items.place orders for materials and supplies. C. Production order. Receiving -. Production Planning -. The daily production schedule is used for production planning. page 76 . General Accounting -. but the raw materials requisition would not authorize the initiation of manufacturing. The Production Department would request raw materials by means of a raw materials requisition. and lack of synchronization is not a risk. Data transactions may be committed prematurely. D. Data replicas may not be synchronized. D.accumulate manufacturing costs for all goods produced. Internal Audit -. A. is used to make duplicate copies of an entire database or some subset of it on a regular schedule and to send these copies to the other locations where they will be used.compute and prepare the company payroll.accept orders from customers. C. Sales -. as well as conduct operational and management audits. Purchasing -. outgoing. Billing -. D. Finished Goods Storeroom -. Production -. It is not an authorization to initiate manufacturing. Mailroom -. Shipping -. This question describes the use of a distributed database. as well as maintain records on job positions and employees.safeguard all materials and supplies until needed for production. A.maintain perpetual inventory records for all manufacturing materials and supplies.maintain the physical inventory and related stock records of finished goods.maintain customer accounts.process incoming. Daily production schedule. and interdepartmental mail. Raw materials requisition. It is not an authorization to initiate manufacturing. B. B. D. This question describes the use of a distributed database. Then. only the original database is updated by the users. Question 157 . the person to whom people will reply about the report. The length of tenure for the internal auditing director. The departmennt's access to personnel within the organization. The audit report should be distributed to everyone who has a direct interest in the audit. The charter authorizes the internal audit activity's access to records within the organization. If a company uses the fragmentation (or partitioning) system.Internal Audit The internal auditing department has just completed an audit report that outlines several deficiencies found in the company's product distribution channels. B. and people who will need to take corrective action as a result of the audit. if the information is needed somewhere else. The marketing director. C. There is no risk of data transactions being committed prematurely. A. The sales representative. information on sales in San Francisco is kept and updated on a database server in San Francisco. or the snapshot technique.Internal Audit It has been established that an internal auditing charter is one of the more important factors positively affecting the internal auditing department's independence. while information on sales in New York is kept and updated on a database server in New York. the system stores items of data where they are most needed. The scope of internal auditing activities. Which of the following would not be an important element to include in the Charter? A. the users of the database may be working with information that is not current. C. The charter does not specify the length of tenure of the chief audit executive. The charter defines the scope of internal audit activities. so there is not an issue with data fragments in this situation. A. B. where replication. The charter authorizes access to personnel within the organization. The treasurer. however. where replication. is used to make duplicate copies of an entire database or some subset of it on a regular schedule and to send these copies to the other locations where they will be used. it is retrieved from the place where it is stored. Which one of the following persons should receive a copy of the audit report to ensure maximum benefits for the company? A. is used to make duplicate copies of an entire database or some subset of it on a regular schedule and to send these copies to the other locations where they will be used.CIA 589 II-41 .Part 1 : 11/11/10 07:44:32 B. or the snapshot technique. Question 156 . This includes the executive or executives to whom internal audit reports. (c) HOCK international. page 77 . This question. A risk associated with this means of providing data access is that since the snapshot is taken only periodically. With replication. For example. D. The advertising manager.CIA 595 I-60 . because no transactions are written to the distributed databases. C. D. C. persons responsible for the activities or operations audited. D. The department's access to records within the organization. B. This question describes the use of a distributed database. The treasurer is not in this group and thus should not receive a copy of the audit report. is not describing a fragmentation system. Question 158 . Which of the following controls would best meet this objective? A. page 78 . A sales representative is not in this group and thus should not receive a copy of the audit report. Proper authorization of company transactions relating to debt and equity instruments would be met by a requirement that major funding and repayment proposals be reviewed by the board of directors. Custody of funds relates to safeguarding of assets. and people who will need to take corrective action as a result of the audit. C. D. B. The marketing director is the head of the unit that was audited and thus should receive a copy of the audit report. The company serving as its own registrar and transfer agent is not a control that would meet the objective of proper authorization of debt and equity transactions. and people who will need to take corrective action as a result of the audit. the person to whom people will reply about the report. the person to whom people will reply about the report. Question 159 . persons responsible for the activities or operations audited. C.CIA 587 II-24 . A. the person to whom people will reply about the report. The audit report should be distributed to everyone who has a direct interest in the audit. The accounting and record-keeping provisions of the act apply to companies regulated by the Securities Exchange Act of 1934. A. This includes the executive or executives to whom internal audit reports. Use of an underwriter for issuance of debt or equity instruments is not a control that would meet the objective of proper authorization of debt and equity transactions. This includes the executive or executives to whom internal audit reports. D. and people who will need to take corrective action as a result of the audit. although the policy also needs to be carried out. This includes the executive or executives to whom internal audit reports. B. (c) HOCK international.Part 1 : 11/11/10 07:44:32 B. not to proper authorization of debt or equity transactions. C.Internal Control Which of the following corporations are subject to the accounting requirements of the Foreign Corrupt Practices Act (FCPA)? A. C. All corporations engaged in interstate commerce. Use of an underwriter in all cases of new issue of debt or equity instruments. All corporations that have made a public offering under the Securities Act of 1933. The advertising manager is not in this group and thus should not receive a copy of the audit report. Separation of responsibility for custody of funds from recording of the transaction. B.Segregation of Duties One control objective of the financing/treasury cycle is the proper authorization of company transactions dealing with debt and equity instruments. persons responsible for the activities or operations audited. Written company policies requiring review of major funding/repayment proposals by the board of directors. The company serves as its own registrar and transfer agent. All domestic corporations engaged in international trade. persons responsible for the activities or operations audited. The audit report should be distributed to everyone who has a direct interest in the audit. D. The audit report should be distributed to everyone who has a direct interest in the audit. A policy of requiring this review is the first step. All corporations whose securities are registered pursuant to the Securities Exchange Act of 1934. D.CPA 1183 L-45 . I and II. Customers' statements are mailed monthly by the accounts receivable department. B. page 79 . Question 160 . An initial public offering under the Securities Act of 1933 is not included. Employees are not generally objective about their jobs. Managers want feedback from their employees. Internal auditors confirm customer accounts periodically. Furthermore. II and IV. D. Question 161 . III and IV. B. IV. since employees are often closer to the actual work being done than managers. D. This is not an internal control weakness. their feedback can provide management with insights into control weaknesses. Employees are objective about their jobs. A. it does become subject to registration under the Securities Exchange Act of 1934. C. (c) HOCK international.Part 1 : 11/11/10 07:44:32 B. Employees are not generally objective about their jobs. Involving employees in assessing internal controls can serve as a motivator to them to seek continuous improvement in their jobs. Delinquent accounts are reviewed only by the sales manager.CIA 597 III-35 . While it is true that managers want feedback from their employees. C. The fact that they are employees makes them not independent. C.Internal Control Which one of the following situations represents an internal control weakness in accounts receivable? A. C. A. However. Confirming customer account balances periodically is an important internal control procedure. Employees become more motivated to do their jobs right. II. which makes it subject to the FCPA. Employees can provide an independent assessment of internal controls. I and IV. after a company makes a public offering. A. D.CMA 689 3-15 . The cashier is denied access to customers' records and monthly statements. B. The accounting and record-keeping provisions of the act apply only to companies regulated by the Securities Exchange Act of 1934. D. Which of the following are reasons to involve employees in this process? I. The accounting and record-keeping provisions of the act apply only to companies regulated by the Securities Exchange Act of 1934. The FCPA is actually an amendment to the Securities Exchange Act of 1934. III. The accounting and record-keeping provisions of the act apply to companies regulated by the Securities Exchange Act of 1934. Customer statements should be mailed monthly by the accounts receivable department. it is not true that employees can provide an independent assessment of internal controls.Internal Control Control self-assessment is a process that involves employees in assessing the adequacy of controls and identifying opportunities for improvement within an organization. B. customer purchase order. B.CIA 586 II-17 . D. Sales documentation (i. Retained within the regular storage area. shipping documents) compared with debits to the accounts receivable ledger would test whether debits to accounts receivable represent valid sales transactions. it would not test whether debits to accounts receivable represent valid sales transactions. A. Obsolete materials should be stored in an area that is separate from usable inventory. not wanting to report an account as delinquent if it means additional sales cannot be made to that customer. When inventory has been determined to be obsolete. Question 162 . C. Question 163 . a person with the authority to declare inventory unusable and therefore valueless might subsequently "dispose" of it by selling it and pocketing the proceeds. Otherwise. Sorted. D. page 80 . Carried at cost in the accounting records until the actual disposition takes place. B. Determined by an approved authority to be lacking in regular usability. Delinquent accounts should be reviewed regularly by the credit manager and the accounts receivable manager. An accountant or auditor is not the appropriate person to determine when inventory is obsolete.e. Sales journal with the accounts receivable ledger. B. (c) HOCK international. the amount used for the market value is normally net realizable value. This is not an internal control weakness but is an important segregation of duties. There is no such rule. Comparing the accounts receivable ledger with the cash receipts journal would verify that cash receipts had been recorded as credits to accounts receivable.Internal Audit To test whether debits to accounts receivable represent valid transactions. and packaged before disposition takes place. treating and packaging may be appropriate in some cases.Part 1 : 11/11/10 07:44:32 C. If delinquent accounts are reviewed only by the sales manager. Accounts receivable ledger with sales documentation. in order to obtain the best selling price. D. C. in other cases this would not be appropriate because the costs of these actions may be more than the inventory could be sold for. While sorting. Comparing cash receipts documentation with the accounts receivable ledger would verify that cash payments from customer had been properly recorded as credits to accounts receivable. Accounts receivable ledger with the cash receipts journal.Internal Control Appropriate control over obsolete materials requires that they be A. If market value is lower than historical cost. Furthermore.CIA 1192 I-16 . the auditor should compare items in the A. this is an internal control weakness. treated. The sales manager may have a conflict of interest. However. which is the expected selling price less costs to sell.. A. C. Cash receipts documentation with the accounts receivable ledger. B. D. it would not test whether debits to accounts receivable represent valid sales transactions. it should be valued at the lower of cost or market. However. C. That determination should be made by someone with the necessary knowledge to make the determination. the person who makes the determination of inventory's usability should be a different person from the person who has custody over the inventory and also should be a different person from the one who authorizes its disposal. persons responsible for the activities or operations audited.CIA 1191 II-4 . The controller is responsible for the accounting function and is therefore a person to whom the accounts payable manager will respond about the report. and people who will need to take corrective action as a result of the audit. C. This includes the executive or executives to whom internal audit reports. A retired executive of a firm that had been associated with the organization. Controller. and people who will need to take corrective action as a result of the audit. C. persons responsible for the activities or operations audited. The external auditor is a person who has a direct interest in the internal audit. The audit committee of the board can appropriately receive a summary report. A. The accounts payable manager is the person responsible for the accounts payable operation and the person who will need to take corrective action as a result of the audit. The full audit report should be distributed to everyone who has a direct interest in the audit. the person to whom people will reply about the report. This includes the executive or executives to whom internal audit reports. A. and people who will need to take corrective action as a result of the audit. The full audit report should be distributed to everyone who has a direct interest in the audit. the person to whom people will reply about the report. Accounts payable manager. B. the person to whom people will reply about the report. B. D. and people who will need to take corrective action as a result of the audit. (c) HOCK international. Question 164 . the person to whom people will reply about the report. it would not test whether debits to accounts receivable represent valid sales transactions.Internal Control Which of the following is not an appropriate member of an audit committee? A. The accounts payable manager is the person responsible for the accounts payable operation and the person who will need to take corrective action as a result of the audit. C. Although comparing items in the sales journal with the accounts receivable ledger would test whether credit sales had been properly recorded in the accounts receivable ledger.Part 1 : 11/11/10 07:44:32 D. Who is most likely to receive the summary only? A.CIA 593 I-39 . The full audit report should be distributed to everyone who has a direct interest in the audit. The vice president of the local bank used by the organization. This includes the executive or executives to whom internal audit reports. The organization's vice president of operations is a member of management and thus would not be independent. persons responsible for the activities or operations audited. Question 165 . B. This includes the executive or executives to whom internal audit reports. External auditor. D. persons responsible for the activities or operations audited. The full audit report should be distributed to everyone who has a direct interest in the audit. The organization's vice president of operations.Internal Audit The internal audit activity has recently completed an engagement to evaluate the organization's accounts payable function. The chief audit executive decided to issue a summary in conjunction with the final engagement communication. An academic specializing in business administration. D. Audit committee of the board. page 81 . The vice president of the local bank would be an independent director and would be an appropriate member of the audit committee. D. D. and the anticipated price. Purchase orders. That is contained in the "Conditions" section of the audit report. They would not indicate whether the vendor offered a discount or whether payment was made within the discount period. C. Receiving reports. B. B. Question 167 . The internal auditor's evaluation of the effect of the findings on the activities reviewed is not part of the "Scope" (c) HOCK international. Paid vendor invoices.CIA 590 II-33 . The "Scope" section of the audit report contains information to identify what activities were audited. Identify the audited activities and describe the nature and extent of auditing performed. time period audited. A. D. State the factual evidence that the auditor found in the course of the examination. The factual evidence that the auditor found in the course of the examination are not part of the "Scope" statement of an internal audit report. amount paid and date paid. measures. Communicate the internal auditor's evaluation of the effect of the findings on the activities reviewed. Question 166 . C. The appropriate population from which a sample would be drawn is the file of A. Paid vendor invoices would show the invoice date. C. They would not show whether the vendor offered a discount or whether payment was made within the discount period. B. the quantity ordered. They would not show whether the vendor offered a discount or whether payment was made within the discount period.Part 1 : 11/11/10 07:44:32 B. An academic specializing in business administration would be an independent director and would be an appropriate member of the audit committee. the amount invoiced. and the extent and nature of the auditing that was performed. C. any discount offered for prompt payment. or expectations used in evaluating audit findings is not part of the "Scope" statement of an internal audit report. Receiving reports would give the date an item was received and the quantity that was received.Internal Audit One objective of an audit of the purchasing function is to determine the cost of late payment of invoices containing sales discounts. which is "what should be" the conditions that the actual conditions are to be compared and contrasted with. Information on the standards. B. page 82 . A. or expectations used in evaluating audit findings. D. Canceled checks would give the date and the amount of payment. measures. A retired executive of a firm that had been associated with the organization would be an independent director and would be an appropriate member of the audit committee. They are contained in the "Criteria" section of the report. C. Define the standards. Purchase orders would give the date an item was ordered.Internal Audit The scope statement of an internal audit report should A. Canceled checks. D.CIA 592 I-40 . Are a good guide to potential segregation of duties. Serve as an appraisal function to examine and evaluate activities as a service to the organization. such as edit tests and batch control reconciliations. C. Are generally kept up to date for systems changes. Assist the external auditor in order to reduce external audit fees. Show specific control procedures used. The auditor usually needs to inquire and document any changes that have occurred in processing since the last audit and update the flowchart.Part 1 : 11/11/10 07:44:32 statement of an internal audit report. A systems flowchart shows the different departments and functions involved in a process and documents manual processes as well as computer processes and the input. A. A. The primary role of the internal audit activity is to assist the management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls. output and processing steps. B. would show the specific control procedures used. The role of internal auditing is not limited to serving as the investigative arm of the board. The internal audit activity assists the management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls. D. In this role.CIA 595 I-5 . Perform studies to assist in the attainment of more efficient operations. D. Flowcharts are not generally kept up to date in between audits. C. That is contained in the "Conclusions" section of the audit report.CIA 1196 III-30 . it serves as an appraisal function that adds value to operations. Show only computer processing. Question 168 . B. this is not the primary role of internal auditing. However. D.Internal Audit An auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. not manual processing. primary role of internal auditing is much more than this. Which of the following statements is true regarding such flowcharts? The flowcharts: A. this type of flowchart shows the segregation of duties more easily than would a program flowchart.Internal Audit The proper organizational role of internal auditing is to A. page 83 . Question 169 . a program flowchart. A program flowchart depicts the specific steps in a process and how they will be executed. A systems flowchart shows the different departments and functions involved in a process and documents manual processes as well as computer processes and the input. Thus. A systems flowchart documents manual processes as well as computer processes. Serve as the investigative arm of the board of directors. Although external audit fees may be reduced as a result of the internal auditing activities. B. Since it shows the different departments and functions involved. B. not a systems flowchart. (c) HOCK international. C. output and processing steps. C. One of the roles of internal auditing is the performance of studies to assist in the attainment of more efficient operations. D. To the point and free of unnecessary detail. and free from distortion. An effective control system initiated by senior management is important. II only. but it is not the only listed activity that is correct regarding the deterrence of fraud. and III. B. D. C. A. I. not an objective report. However. B. but it is not the only listed activity that is correct regarding the deterrence of fraud. not an objective report. "Objective" as used here means "without bias or prejudice. An effective control system and an internal audit program that evaluates the adequacy of the internal control system are important.Internal Audit Which of the following statements is (are) correct regarding the deterrence of fraud? I. designed to help the auditee as well as the organization. B. unbiased. unbiased. Internal auditors should determine whether communication channels provide management with adequate and reliable information regarding the effectiveness of the control system and the occurrence of unusual transactions. The primary means of deterring fraud is through an effective control system initiated by senior management. II. Factual." An objective report is factual. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy of the internal control system. Question 172 . I and II only. C. D. page 84 . This is the definition of a constructive report.Internal Audit An objective report is one that is described as A. This is the definition of a clear report. D.Part 1 : 11/11/10 07:44:32 Question 170 . not an objective report. I only. An internal audit program that evaluates the adequacy of the internal control system is important. A. C. Question 171 . B. D. II. III. an internal audit program that evaluates the adequacy of the internal control system. This is the definition of a concise report.CIA 1190 I-42 . they are not the only listed activities that are correct regarding the deterrence of fraud. C. and an adequate communication channel to provide management with reliable information regarding internal control issues are all important deterrents to fraud. Logical and easily understood.CIA 1188 I-43 . A. and free from distortion.Internal Audit Summary written audit reports are ordinarily intended for (c) HOCK international. An effective control system. Through content and tone.CIA 597 I-58 . the person to whom people will reply about the report. This includes the executive or executives to whom internal audit reports. as they would have a direct interest in the audit. the person to whom people will reply about the report.Part 1 : 11/11/10 07:44:32 A. This includes the executive or executives to whom internal audit reports. D. persons responsible for the activities or operations audited. No audit report. High-level management and/or the audit committee. unless the corporation's articles of incorporation or bylaws require it. and people who will need to take corrective action as a result of the audit. is ever distributed to independent external auditors only. and shareholder ratification is not required. The full audit report should be distributed to everyone who has a direct interest in the audit. approved several proposals made by the board of directors. The full audit report should be distributed to everyone who has a direct interest in the audit. C. This includes the executive or executives to whom internal audit reports. D. The audit report should be distributed to everyone who has a direct interest in the audit. no audit report. (c) HOCK international. Independent external auditors only. the person to whom people will reply about the report. is ever reviewed by other internal auditors only. then it is not only legal but required to obtain it. page 85 . Such ratification by the shareholders is required as a matter of law. the company may not be able to deduct the excessive compensation for federal income tax purposes. Independent external auditors may be included in the distribution list for the full report. C. If the corporation's articles of incorporation or bylaws require ratification by shareholders of executive compensation. summary or otherwise. The action by the shareholders serves the purpose of confirming the board's action. High-level management and/or the audit committee usually should receive a summary report. the person to whom people will reply about the report. In this connection. Question 173 . summary or otherwise.Internal Control At their annual meeting. The full audit report should be distributed to everyone who has a direct interest in the audit. B. D. and people who will need to take corrective action as a result of the audit. Shareholder ratification is equivalent to the shareholders having merely confirmed the board's action. A.CPA 1183 L-19 . B. Review by other internal auditors only. However. The shareholders cannot legally ratify the compensation paid to director-officers. persons responsible for the activities or operations audited. C. Usually shareholder ratification of executive salaries is not required. and people who will need to take corrective action as a result of the audit. shareholders of the Bones Corp. D. persons responsible for the activities or operations audited. The salaries ratified are automatically valid for federal income tax purposes. If the IRS decides that executive salaries are excessive. Ratification by the shareholders does not change that. The board of directors has the power to set executive salaries. This includes the executive or executives to whom internal audit reports. Among them was the ratification of the salaries of the executives of the corporation. A summary audit report would not contain enough detail for local operating management. and people who will need to take corrective action as a result of the audit. A. which of the following is correct? A. persons responsible for the activities or operations audited. C. B. B. Local operating management. Part 1 : 11/11/10 07:44:32 Question 174 - CMA 685 5-28 - Systems Control Routines that use the computer to check the validity and accuracy of transaction data during input are called A. Edit programs. B. Operating systems. C. Integrated test facilities. D. Compiler programs. A. Edit programs or input validation routines are programs that check the validity and accuracy of input data. They perform edit tests by examining specific fields of data and rejecting transactions if their data fields do not meet data quality standards. Edit tests include completeness checks, which ensure that data is input into all required fields; limit checks, which ensure that only data within predefined limits will be accepted by the system; validity checks, which match the input data to an acceptable set of values or match the characteristics of input data to an acceptable set of characteristics; overflow checks, which make sure that the number of digits entered in a field is not greater than the capacity of the field; key verification, or the process of inputting the information again and comparing the two results; and check digits, which can be used for determining whether a number has been transcribed properly. A check digit is a digit that is a function of the other digits within a set of numbers. If a typographical error is made in input, the check digit will recognize that something has been input incorrectly. B. The operating system controls the operation of the system but it does not check the validity or accuracy of transaction data during input. C. An Integrated Test Facility (ITF) involves the use of test data and the creation of fictitious entities, such as fictitious employees, fictitious vendors, fictitious products, and fictitious accounts, within the master files of the computer system. Or alternatively, a separate, fictitious company may be used. The test data in an ITF are processed along with real data. No one knows that the data being processed includes these fictitious entries to fictitious records. An Integrated Test Facility is used by an auditor to check the operation of programs. By checking them this way, the auditor can be sure that the programs being checked are the same programs as those that are being used to process the real data. However, an Integrated Test Facility does not check the validity or accuracy of transaction data during input. D. A compiler translates programs written in a higher level language into machine language. Computer programs are error tested by using a compiler, which checks for programming language errors. However, a compiler does not check the validity or accuracy of transaction data during input. Question 175 - CIA 590 I-33 - Internal Audit In which section of the final report should the internal auditor describe the audit objectives? A. Condition. B. Criteria. C. Purpose. D. Scope. A. The conditions found by the auditor are what actually exists (as compared and contrasted with what conditions should exist). The audit objectives are not part of the "Conditions" section of the audit report. B. The objectives of the audit are not part of the "Criteria" section of the audit report. The criteria section of the audit report contains information on what conditions should exist, i.e., the standards, measures, or expectations used in evaluating audit findings, or "what should be" the conditions that the actual conditions are to be compared and contrasted with. C. The audit objectives should be described in the "Purpose" section of the audit report. (c) HOCK international, page 86 Part 1 : 11/11/10 07:44:32 D. The objectives of the audit are not part of the "Scope" section of the audit report. The scope section of the audit report contains information to identify what activities were audited, time period audited, and the extent and nature of the auditing that was performed. Question 176 - CMA 695 4-30 - Internal Audit In auditing computer-based systems, the integrated test facility A. Is a set of specialized software routines that are designed to perform specialized audit tests and store audit evidence. B. Is a concurrent audit technique that establishes a special set of dummy master files and enters transactions to test the programs using the dummy files during regular processing runs. C. Allows the auditor to assemble test transactions and run them through the computer system to test the integrity of controls on a sample data base. D. Uses an audit log to record transactions and data having special audit significance during regular processing runs. A. An integrated test facility is not a set of specialized software routines. B. An integrated test facility (ITF) involves the use of test data but also the creation of fictitious entities, such as fictitious employees, fictitious vendors, fictitious products, and fictitious accounts, within the master files of the computer system. Or alternatively, a separate, fictitious company may be used. The major difference between test data and an ITF is that the test data in an ITF are processed along with real data, which makes it a concurrent audit technique. No one knows that the data being processed includes these fictitious entries to fictitious records. In this way, the auditor can be sure that the programs being checked are the same programs as those that are being used to process the real data. The difficulty with using the ITF approach is that the fictitious transactions have to be excluded from the normal outputs of the system in some way. Careful planning is required to make sure that the ITF data do not become mixed in with the real data, corrupting the real data. C. An integrated test facility involves more than just test data. D. An integrated test facility does not use an audit log to record transactions and data having special audit significance during regular processing runs. Question 177 - CMA 686 5-13 - Systems Control An example of an internal check is A. Making sure that output is distributed to the proper people. B. Monitoring the work of programmers. C. Collecting accurate statistics of historical transactions while gathering data. D. Recalculating an amount to assure its accuracy. A. Making sure output is distributed to the proper people does not perform any internal check (edit) on the calculations. B. Monitoring the work of programmers does not perform any internal check (edit) on calculations. C. Collecting accurate statistics of historical transactions does not perform any internal check (edit) on calculations. D. An internal check is any kind of recalculation performed by an edit routine in the computer before data is processed. (c) HOCK international, page 87 Part 1 : 11/11/10 07:44:32 Question 178 - CIA 592 II-1 - Internal Audit A determination of cost savings is most likely to be an objective of a(n) A. Operational engagement. B. Compliance engagement. C. Program-results engagement. D. Financial engagement. A. An operational engagement focuses on examining and evaluating systems of internal control, overall company operations, and the quality of performance in carrying out assigned responsibilities. Thus a determination of cost savings will most likely be an objective of an operational engagement. B. A compliance engagement is concerned with determining to what degree an organization is operating in an orderly way, effectively and visibly conforming to certain specific requirements of its policies, procedures, standards, or laws and governmental regulations. Thus a determination of cost savings would not be an objective of a compliance engagement. C. A program-results engagement is concerned with evaluating the accomplishment of objectives for a specific program. Thus a determination of cost savings would not be an objective of a program-results engagement. D. A financial engagement focuses on the safeguarding of assets and the reliability and integrity of the financial statements. Thus a determination of cost savings would not be an objective of a financial engagement. Question 179 - CPA 1180 L-44 - Internal Control The Foreign Corrupt Practices Act of 1977 prohibits bribery of foreign officials. Which of the following statements correctly describes the act's application to corporations engaging in such practices? A. It applies only to corporations whose securities are registered under the Securities Exchange Act of 1934. B. It applies to all domestic corporations engaged in interstate commerce. C. It applies only to corporations engaged in foreign commerce. D. It applies only to multinational corporations. A. The anti-bribery provisions of the FCPA apply to all companies, regardless of whether they are regulated under the Securities Exchange Act of 1934. B. The anti-bribery provisions of the FCPA apply to all companies, regardless of whether they are regulated under the Securities Exchange Act of 1934. C. The anti-bribery provisions of the FCPA apply to all companies, regardless of whether they are regulated under the Securities Exchange Act of 1934. D. The anti-bribery provisions of the FCPA apply to all companies, regardless of whether they are regulated under the Securities Exchange Act of 1934. Question 180 - CIA 590 I-50 - Internal Audit (c) HOCK international, page 88 The sampling methodology employed. the personnel assigned should be those most qualified to investigate the particular situation. D. It is important that all parties involved in a fraud investigation coordinate their efforts. Question 181 . Fraud investigations are unexpected and therefore cannot be scheduled. both financial and those of (c) HOCK international. The audit techniques used. and the extent of complicity in. D. An evaluation of the merit of lawsuits currently filed against the waste company. Assessment of the efficiency of the waste company's operations and profitability.Part 1 : 11/11/10 07:44:32 When conducting fraud investigations. It is important to know how many people may be involved and who they are. internal auditors should assess the probable level of. Any unresolved differences with auditees is not covered in the scope section of the internal audit report. Any limitations imposed. B. the fraud within the organization. Assess the probable level of. D. The sampling methodology employed is not covered in the scope section of an internal audit report. page 89 . C. A. internal auditors should A. When interviewing someone who may be involved in fraud. C.Internal Audit Assume your company is considering purchasing a small toxic waste disposal company. C. D. B. B. and disclosure of. the fraud within the organization. A. A due diligence engagement is an engagement to confirm company records. an auditor should not reveal what he or she already knows. Any limitations imposed on the audit should be covered in the scope section of the internal audit report. and specialists from outside the organization who are involved in the investigation. Perform its investigation independent of lawyers. Assign personnel to the investigation in accordance with the engagement schedule established at the beginning of the fiscal year. loan covenants. B. Clearly indicate the extent of the internal auditors' knowledge of the fraud when questioning suspects. Your scope (as auditors) would most likely not include: A.CIA 594 I-27 . C. D. security personnel. Question 182 . Audit techniques used is not covered in the scope section of an internal audit report. A. C. you are part of the team doing a due diligence review for the acquisition. When conducting fraud investigations.Internal Audit The scope section of an internal audit report should identify A. One way of determining whether the interviewee is truthful and wants to cooperate is to ask questions to which the auditor already knows the answer. A review of the purchased company's procedures for acceptance of waste material and comparison with legal requirements.CIA 587 II-44 . As internal auditors. When a fraud investigation is necessary. and the extent of complicity in. Analysis of the company's compliance with. B. Any unresolved differences with auditees. utilized especially when a unit is being acquired. An auditor would not have the legal expertise to evaluate the merit of lawsuits currently filed against the target company. and key verification. both financial and those of ownership of property. Start with the financial statements of the client entity and works backward to the basic processes involved in producing them. A. D. loan covenants is appropriate in a due diligence review by auditors. C. (c) HOCK international. both financial and those of ownership of property. B. D. both financial and those of ownership of property. A review of the target company's compliance with legal requirements for acceptance of waste material is appropriate in a due diligence review by auditors. edit checks are detective controls.CIA 1184 I-14 . validity checks. merged or sold. Internal auditors are concerned with the integrity and reliability of presented financial reports. Can use analytical skills and tools that are not necessary in financial engagements. Edit checks are programs or routines that check the validity and accuracy of input data. Thus. Analysis of the target company's compliance with. utilized especially when a unit is being acquired. Must be installed for the system to be operational.Systems Control Edit checks in a computerized accounting system A. Question 184 . because they detect errors. overflow checks. D. Question 183 . Edit tests include completeness checks. D. but they are not required for a system to be operational. and disclosure of. A due diligence engagement is an engagement to confirm company records. A due diligence engagement is an engagement to confirm company records. C. A due diligence engagement is an engagement to confirm company records. limit checks. A. merged or sold. Are not concerned with whether the client entity is generating information in compliance with financial accounting standards. merged or sold. Assessment of the efficiency of the waste company's operations and profitability is appropriate in a due diligence review by auditors. Should be performed immediately prior to output distribution. C. Internal auditors start with the financial statements and work back when conducting a financial engagement.Part 1 : 11/11/10 07:44:32 ownership of property. check digits. Are seeking to help management use resources in the most effective manner possible. B. Are preventive controls. merged or sold.CMA 691 4-25 . Edit checks are programs or routines that check the validity and accuracy of input data. C. Edit checks are controls that are built into a system. Should be performed on transactions prior to updating a master file. Making sure the presented financial statements are in accordance with accounting standards is important in operational engagements. B.Internal Audit The primary difference between operational engagements and financial engagements is that in the former the internal auditors A. Just prior to output distribution is not the correct time to perform edit checks. B. Preventive controls prevent errors and fraud before they occur. utilized especially when a unit is being acquired. B. page 90 . utilized especially when a unit is being acquired. Edit checks are programs or routines that check the validity and accuracy of input data. Segregation of duties requires just the opposite: an individual authorizing a transaction should not be the same person who records it. Question 186 . if there is a need to change the scope of the audit. The person who maintains custody of an asset should not be entitled to access the accounting records for the asset. Define the scope of the audit so the final report can be brief. It is not used to define the scope of the report. C. Segregation of duties requires just the opposite: an individual authorizing a transaction should not be the same person who maintains custody of assets. That an individual recording a transaction not compare the accounting record of the asset with the asset itself. C. Eliminate the need for a final report.Internal Audit Interim reports are issued during an audit to A. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. B. A. whereas. D. Accessing the accounting records for the asset would be a reconciliation function or a recordkeeping function. operational engagements involves evaluating the efficiency and economical use of the organization's resources. An interim report is not used to explain the purpose of the audit.CMA 1283 3-14 . B. That an individual authorizing a transaction maintain custody of the asset that resulted from the transaction. Question 185 . D. That an individual authorizing a transaction records it. because this is a reconciliation function and the reconciliation function should be separate from the recordkeeping function. Communicate information requiring immediate attention. if there is a need to change the scope of the audit. Analytical skills and tools are necessary in financial engagements. or simply to keep people informed when the audit process is a long one. B. A. D. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. or simply to keep people informed when the audit process is a long one. That an individual maintaining custody of an asset be entitled to access the accounting records for the asset. page 91 . and both of these should be separate from the custody function. and it does not shorten the length of the final audit report. C.Part 1 : 11/11/10 07:44:32 C.CIA 590 II-35 . Explain the purpose of the audit. if there is a need to change the scope of the audit. The primary difference between financial and operational engagements is that in the former the internal auditor is seeking to form an opinion on the fairness of the financial statements. C. An interim report does not eliminate the need for a final report. The purpose of an audit is determined in discussions with the management of the auditee prior to the audit and is detailed in the final (c) HOCK international. or simply to keep people informed when the audit process is a long one. D. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately.Segregation of Duties A proper segregation of duties requires A. B. An individual performing the recordkeeping function should not be able to compare the accounting record of the asset with the asset itself. Which of the following actions should the internal auditor take? A. Unmatched receiving reports should be reviewed more frequently than annually. not randomly. purchase orders. or simply to keep people informed when the audit process is a long one. page 92 . based on a review of all the supporting documentation which includes the purchase requisition. D. the deficiency is not that some engineers and buyers routinely accept vacation trips paid by certain of the firm's vendors. It is inappropriate for an internal auditor to interfere in what is essentially a personal decision. The purchasing department should not approve invoices for payment. Since the organization has no specific guidelines. and the receiving report/packing slip. C. the auditor's report should include a recommendation that a code of ethics be adopted in order to provide employees with guidelines for acceptable conduct. some engineers and buyers routinely accept vacation trips paid by certain of the firm's vendors. Since the organization has no specific guidelines. in the absence of specific guidelines. Invoices are approved for payment by the purchasing department.Internal Control Which one of the following situations represents a strength of internal control for purchasing and accounts payable? A. if there is a need to change the scope of the audit. B. Receiving reports should be prenumbered and should be issued sequentially.Part 1 : 11/11/10 07:44:32 audit report. C. Other engineers and buyers will not accept even a working lunch paid for by a vendor. A. Formally recommend that the organization establish a corporate code of ethics. within which individual decisions may be made. Vendors' invoices are matched against purchase orders and receiving reports before a liability is recorded. B. Guidelines of acceptable conduct.CIA 592 I-44 . This helps prevent the possibility of kickbacks. Unmatched receiving reports are reviewed on an annual basis. Corrective action is the responsibility of management. A. C. D. B. Vendor's invoices should be matched against purchase requisitions. Informally counsel the engineers and buyers who accept the vacation trips. Issue a formal deficiency report naming the personnel who accept vacations but make no recommendations. should be provided. so that a missing report or a report out of sequence can be investigated. None. Question 187 . D. Prenumbered receiving reports are issued randomly. B. It is the responsibility of the internal auditor to make a formal report of all deficiencies found in the audit. the purchase order. and receiving (c) HOCK international.Internal Audit While performing an operational audit of the firm's production cycle. D. The engineers and buyers areprofessionals. Question 188 .CMA 689 3-17 . C. An interim report should be issued during the audit process whenever there is something that needs to be addressed immediately. an internal auditor discovers that. The accounts payable department should approve invoices for payment. The deficiency is that the organization has no corporate code of ethics to provide personnel with guidelines for acceptable conduct. while preserving good auditor-auditee relations. D. It is the responsibility of the internal auditor to make a formal report of all deficiencies found in the audit. A compliance engagement relating to the purchasing function would not be able to determine whether the purchasing function is properly meeting its charge to "purchase the right materials at the right time in the right quantities. When the payment has been approved. The auditor informed appropriate authorities within the organization about suspected wrongdoing. A compliance engagement determines to what degree an organization is operating in an orderly way.Internal Audit A Certified Internal Auditor. The purpose of a financial statement audit is to evaluate the assertions made by management on the organization's financial statements and to issue an opinion on the fairness of the statements. D. B. It is not possible for an auditor to state with absolute assurance that no irregularities exist. overall company operations. C. Which of the following actions would be deemed lacking in due professional care? A. standards. it is appropriate to include it in the report. The report included a well-supported recommendation for the reduction in staff although it was known that such a reduction would adversely impact morale. A compliance engagement relating to the purchasing function. performed an audit of the store's cash function. Question 190 .Internal Audit The chief executive officer wants to know whether the purchasing function is properly meeting its charge to "purchase the right materials at the right time in the right quantities. page 93 . If an internal auditor detects inefficiency due to overstaffing. B." B. An operational engagement relating to the purchasing function. A financial engagement relating to the purchasing department. or laws and governmental regulations. C. and the quality of performance in carrying out assigned responsibilities. Question 189 . which is an internal document that is the authorization for payment. C. A. No report was made to external authorities.CIA 589 II-44 . A financial engagement would not be able to determine whether the purchasing function is properly meeting its charge to "purchase the right materials at the right time in the right quantities. While a full-scope engagement relating to the manufacturing operation would include determining whether the purchasing function is properly meeting its charge to "purchase the right materials at the right time in the right quantities.Part 1 : 11/11/10 07:44:32 reports before any liability is recorded. A. (c) HOCK international.CIA 1190 II-11 . An auditor is not responsible to report suspected wrongdoing to external authorities. D. A flowchart of the entire cash function was developed but only a sample of transactions were tested." Which of the following types of engagements addresses this request? A. procedures." it would encompass much more than that. It is appropriate to select a sample of transactions to test. Because of a highly developed system of internal controls over the cash function. An operational audit involves examining and evaluating systems of internal control. employed by a large department store. C. the accounts payable department should prepare a voucher. B. effectively and visibly conforming to certain specific requirements of its policies." D. the audit report assured top management that no irregularities existed. A full-scope engagement relating to the manufacturing operation. D. page 94 .Part 1 : 11/11/10 07:44:32 (c) HOCK international.