Solved by verified expert :ACC
590 – Anderson
Internal
Audit
Sample
Exam
125 points
I. (42
points – 3 points each)
This
part of the exam consists of 14 multiple-choice questions. Place the letter of
the response that you consider the best answer in the space indicated at the
end of each question. These questions
will be graded based only on the letter response. You will not receive any partial credit on this section of the test.
1. The
status of the internal audit function should be free from the impact of
irresponsible policy changes by management.
The most effective way to make sure of that freedom is to:
a. Develop written policies and
procedures to serve as standards of performance of the internal audit function.
b. Have the internal audit charter
approved by both management and the board of directors.
c. Adopt the policy that the audit
function follows the Standards for the
Professional Practice of Internal Auditing.
d. Require that the external auditor
approve any policy change by management regarding internal audit.
e. Establish an audit committee within
the board of directors.
Answer ____________
2. A chief audit executive (CAE) has been requested by the
audit committee to conduct an engagement at one of the company’s chemical
factories as soon as possible. The
engagement will include reviews of health, safety, and environmental management
and processes. The CAE knows that the
internal audit department does not have the necessary technical knowledge to
conduct such an engagement. What should
the CAE do?
a. Ask the audit
committee for additional resources to obtain appropriate support from a health,
safety and environmental professional for the engagement.
b. Suggest to the
audit committee that the factory’s own health, safety and environmental staff
conduct the engagement.
c. Begin the
engagement and incorporate the necessary technical training into next year’s
training program so as to be prepared for a follow-up engagement.
d. Defer the
engagement and tell the audit committee that it will take six months to train
internal audit staff for such an engagement.
e. Conduct the
engagement but limit its scope to cover only those areas where the internal
audit staff has the necessary skills.
Answer____________
3.In the case of an efficient system of
internal control, in which quadrant would you expect to find the lowest
investment in controls?
a. I
b. II
c. III
d. IV
e. The investment woudl be equal in
each of the four quadrants.
Answer___________
4.During an audit, an employee with whom you
have developed a good working relationship informs you that she has some
information about top management which would be damaging to the organization
and may concern illegal activities. The employee does not want her name
associated with the release of the information. Which of the following actions
would be considered inconsistent
with the IIA Code of Ethics and Standards?
a.
Suggest
the person consider talking to legal counsel.
b.
Inform
the employee of other methods of communicating this type of information.
c.
Inform
the individual that you will attempt to keep the source of the information
confidential and will look into the matter further.
d.
Assure
the employee that you can maintain her anonymity and listen to the information.
e.
Suggest that she talk with the organization’s compliance officer.
Answer____________
5.
Which of the following is an element of sampling risk?
a.
Selecting
and audit procedure that is inconsistent with the audit objective.
b.
Failing
to perform audit procedures that are required by the sampling plan.
c.
Forgetting
to apply the finite correction factor in deterring sample size.
d.
Failing
to detect an error on a document that has been inspected by an auditor.
e.
Concluding
that internal controls are not effective when in fact they are effective based
on a sample that had multiple cases of control failure.
Answer____________
6.
Which of the following would typically be part of the agenda for an opening
meeting?
I. Discussion of business objectives, risks
and key processes
II. Review of the audit process and timeline
III. Review of audit objectives and scope
IV. Presentation by auditee of how they have
addressed findings from the last audit.
a. I and III only.
b. II and IV only.
c. II and III only
d. I, II, and III only
e. I, II, III, and IV.
Answer____________
7. According to the COSO control
framework, a precondition to risk assessment is:
a. Establishing
control procedures or activities.
b. Establishing a
monitoring mechanism.
c. Establishing an
internal audit function.
d. Establishing
objectives or goals.
e. Establishing
performance measures.
Answer____________
Use
the following information to answer questions 8 and 9.
An
internal auditing department plans to begin an audit of manufacturing
operations in the Automotive Products Division.
The audit objectives are to: (1) evaluate the quality of performance in
carrying out assigned responsibilities, (2) determine whether all legal and
regulatory requirements concerning employee safety are being properly
implemented, and (3) determine whether fixed assets employed in manufacturing
are properly reflected in the accounting records.
8. In
meeting objective (2), which of the following audit approaches is likely to be
most effective?
a. Interviewing members of the
executive management team to determine their commitment to employee safety.
b. Reviewing accident reports.
c. Examining documentation concerning
the design of the relevant systems and observing operations for compliance.
d. Requesting an inspection by
government regulators.
e. Interview a sample of assembly line
workers from each shift regarding their concerns.
Answer____________
9. In
meeting objective (3), which of the following audit approaches is likely to be
most effective?
a. Inspecting fixed assets used in the
manufacturing process and tracing to the asset subsidiary ledger.
b. Selecting items from asset
subsidiary ledger and recalculating depreciation.
c. Interviewing members of the
accounting department.
d. Examining documentation concerning
the cost of fixed assets used in the manufacturing process.
e. Scanning the asset subsidiary
ledger for credit entries.
Answer____________
10. The
possibility of a maliciously virus overwhelming an information system and
denying services legitimate users is an example of:
a. Availability risk.
b. Access risk.
c. Confidentiality risk.
d. Deployment risk
Answer____________
11. Which of the following actions taken by the CAE of a large
company would not be considered to
violatethe IIA’s Code of Ethics?
a.
The CAE decides to delay the audit of a branch so that his daughter-in-law, the
branch manager, will have time to “clean things up.”
b.
In order to save company resources, the CAE cancels all staff training for the next
two years on the basis that all staff are too new to benefit from training.
c.
The CAE buys a significant amount of stock in a public company that is a
competitor.
d.
In order to save company resources, the CAE limits the audit of foreign
branches to confirmations from branch managers that no major personnel changes
have occurred.
e.
The CAE provides information about company operations to his father who is a
stockholder.
Answer____________
12. Audit report content and format may
vary; but according to The International Standards
of Professional Practice of Internal Auditing which of the following is a
necessary element?
a.
Status of findings from prior reports.
b.
The auditee’s views about the engagement’s conclusions.
c.
Statement of what was cover in the engagement.
d.
Documentation of previous oral communications with area management.
e.
Related activities not examined in the engagement.
Answer____________
13.
The COO has requested the internal audit group advise her regarding the new incentive
plan being developed for sales representatives. Which of the following tasks
should the CAE decline with respect to providing advice to the COO?
a.
Determining how to best document the support for amounts paid to provide a
sufficient audit trail.
b.
Researching and benchmarking incentive plans provided by other companies in the
industry.
c.
Identify what new risks the incentive plan introduces to the organization.
d.
Recommending monitoring procedures so that appropriate amounts are paid out
under the plan.
e.
Determining the appropriate bonus formula for inclusion in the plan.
Answer____________
14.
Which of the following is one of the seven elements that need to be present for
an organization to have an effective compliance program?
a.
The organization has an enterprise risk management system in place.
b.
The organization has an audit committee.
c.
The CEO and CFO must sign the organization’s Code of Ethical Conduct.
d.
Standards are consistently enforced
through appropriate discipline, including discipline of individuals responsible
for failure to detect offense.
e.
The organization has a person appointed as General Counsel for the organization.
Answer____________
II. (10
points)
A company comprises a
chain of 94 restaurants. All food orders
for each restaurant are required to be entered into an electronic device which
records each food order by food server and transmits the order to the kitchen
for preparation. Food servers are
responsible for collecting payment for all their orders and must turn in the
proceeds collected (cash, checks, and credit card receipts) at the end of their
shift, which should equal the total sales value of food ordered for their ID
number. The manager then reconciles the
payments received for the day with the computerized record of food orders
generated. All differences are
investigated immediately by the restaurant manager or assistant manager. At the end of each day the cash and checks,
less a standard amount of cash kept for use the next day, are deposited in a
corporate bank account. Credit card
receipts are directly credited to the corporate bank account by the credit card
provider.
Corporate
headquarters wants to establish a monitoring activity to determine if each
individual restaurant is recording all its revenues and transmitting the
applicable funds to corporate headquarters.
(A)
What are monitoring activities?
(B)
Design a
monitoring activity that would achieve this assurance objective.
III. (26 points)
Your CPA firm
has been contracted by the State to serve as the internal audit function for The
State Board for Educator Certification. The certification board is organized into four broad areas:
educator preparation, assessment and accountability, certification, and
professional discipline which includes investigations and enforcement.
Educator preparation. In the area of educator
preparation, the certification board works primarily with entities preparing
educators for state certification. The
work includes guidance in program development, approval, and implementation. The board currently serves 70 universities, 16
community colleges, and 30 alternative teacher certification programs. The board also advises entities interested in
initiating educator preparation programs. The certification board is involved in
reviewing program approval procedures to streamline the process while
maintaining the integrity of program review.
Assessment and accountability. State law requires that
individuals pass examinations in the areas in which they seek certification. The certification board manages the
development and administration of the Examination for the Certification of
Educators (ExCE), State Examinations for Master Teachers (SEMaT), State Examinations
of Educator Standards (SEES), State Oral Proficiency Test (SOPT), and State
Assessment of Sign Communication (SASC) and (SASC-ASL) testing programs. Individuals typically take the SEES Pedagogy
& Professional Responsibilities test and additional tests in the academic
disciplines in which they seek certification after completing a program of
preparation for the specific certificate(s). These tests assess the prospective educator’s
knowledge of academic content and teaching, including understanding of
learners. Test development and review of
current tests is ongoing. Passing
standards are reviewed periodically and recommendations from these reviews are
presented to the Board. The Board sets
the minimum score required to pass each certification test. Assessment professionals work with school
district and educator preparation program staff to identify committee members
for these activities.
The certification board
monitors the quality of educator preparation at university and alternative
certification programs through the Accountability System for Educator
Preparation (ASEP). The certification
board uses assessment data (SEES, ExCE, SEMaT, SOPT, SASC, and SASC-ASL) and the
subsequent performance of beginning teachers to determine program quality and
issue annual accreditation reports according to minimum acceptable performance
levels established by the Board.
Certification. The certification board is responsible for
ensuring that educators are qualified to serve in the State public school
system through the following:
§ Issuing
educator credentials to applicants who have completed the appropriate degree
and have a standard credential from another state or another country,
§ Issuing
educator credentials to applicants who have completed requirements for
certification at a State educator preparation program,
§ Certifying
applicants adding certification based on completion of the appropriate
examination(s).
§ Issuing
educator credentials to educational aides,
§ Issuing
emergency and nonrenewable permits to school districts and reviewing and
approving hardship permits,
§ Analyzing
and disseminating data on certificate and permit activity.
§ Coordinating
applicant criminal investigations, and
§ Advising
school district staff on assignment criteria for hiring appropriately certified
individuals.
Professional
discipline. The certification board
ensures that State educators meet the highest standards of professionalism and
ethical behavior. Through its
enforcement of disciplinary rules and the Educators’ Code of Ethics, the board
investigates allegations of educator misconduct to guarantee the safety and
well-being of the State school children and fellow educators. When determining whether sanctions against a
certificate are warranted, the board conducts a thorough investigation and
provides the educator an opportunity to be heard. Cases which are not resolved informally
through agreed orders may result in informal hearings before the State Office
of Administrative Hearings (SOAH).
Your
firm uses a business process approach to internal auditing.
A. Identify five
functions/processes involved in achieving the mission of The State Board for
Educator Certification.
Activity
1.
2.
3.
4.
5.
B. Prepare
a Process Priority Map (importance versus inherent risk) and position each of
the five functions/processes on the map.
C. Identify which of the functions/processes you consider
most critical. Explain your reasoning.
D.
Identify three risks to the function/process identified as most critical in C
above. Rank the three risks (1 =
highest). For each risk, identify a key
control activity that could be implemented to mitigate the risk.
Risk Statement
Risk Rank
Potential Key Control Activity
IV. (10 points)
(a) What is internal audits role in the
organization’s ethics and compliance program?
(b) What
is the board’s role in the organization’s ethics and compliance program?
V. (12 points)
AFR
Company’s internal audit function recently completed an audit of the Company’s
various employee benefit plans. The
internal auditors’ working papers contain the following audit observation:
Savings
Plan Contributions Made to Ineligible Employees’ Accounts
AFR
Company has an employee savings plan that provides a matching contribution to
participating employees’ savings accounts.
When an employee stops participating in the plan, the Company suspends
matching contributions. During the internal
audit function’s examination of the plan, we found that the Company was still
making contributions to the accounts of a number of employees who had ceased to
participate. No one in the human
resources department or in payroll has the specific responsibility of updating
the contribution matching database when an employee leaves the Company or drops
out of the program or for periodically checking to see that appropriate levels
of matching contributions have been made. More than $85,000 had been
contributed to such accounts. Management
now is trying to recover erroneous company contributions.
A.Complete the following observation development form base on the
information presented above.
Condition:
Criteria:
Effect:
Cause:
B. Given
this information, develop a recommendation to address the observation.
VI. (10 points)
A.
Define inherent risk and residual risk.
Inherent
risk –
Residual
risk –
B.
Which of the two types of risk would have a greater impact on the annual internal
audit plan?
VII (15 points)
You are conducting an audit of the effectiveness of
MittRyan Corporation’s control of manually approving all purchases over
$25,000. During the year MittRyan has made 1,300,000 purchases, of which 3,000
were over $25,000. You consider this a key control in terms of financial
reporting so you assess tolerable deviation rate as low. You also consider the
expect error rate to be very low, but given this is a manual process there is
likely to be some errors so you set the rate at 1%. Payment for purchases
requires a complete voucher packet consisting of the purchase order, receiving
report, approved vendor number, and invoice. Voucher packets are stored
electronically and filed by purchase order number. The file contains the
purchase order number, electronic approval if under $25,000, receiving report
number, invoice number and dollar amount of purchase. Manually approved
purchases are included in the file with the purchase order number. Hardcopy of
the manually approved purchase orders with the signature authorizing purchase
are stored by purchase order number in a file cabinet in the purchasing
department.
(a) To test this control, identify the population from
which you should select a sample to test this control.
(b) For a given sample unit in this population, what
would be an “error”?
(c) You set the confidence level at 95% and a tolerable
deviation rate at 3%. What is the initial sample size you would use for this
test? (Tables on following pages).
(d) Assume your sample size was 60, briefly describe how
you would select a random sample for testing this control.
(e) Assume you took a sample of 150 and found 3 errors.
State your conclusion in proper form.
