1

[1] Gleim #: 1.1.1 Answer (D) is correct.
The Definition of Internal Auditing states, in

The purposes of the Standards include all of the following except part,
Establishing the basis for the measurement of internal A. audit “Internal auditing is an independent, objective assurance and
performance. consulting activity
B. Guiding the ethical conduct of internal auditors. designed to add value and improve an organization’s operations.”
C. Stating basic principles that represent the practice of internal [3] Gleim #: 1.1.3
auditing. One of the purposes of the International Standards for the
D. Fostering improved organizational processes and operations. Professional Practice of
Answer (A) is incorrect. Establishing the basis for the evaluation of Internal Auditing (“the Standards”) is to
internal audit A. Encourage the professionalization of internal auditing.
performance is one of The IIA’s stated purposes of the Standards. Establish the independence of the internal audit activity and
Answer (B) is correct. Guiding the ethical conduct of internal emphasize the
auditors is the objectivity of internal auditing.
purpose of the Code of Ethics, not the Standards. B.
Answer (C) is incorrect. Delineating basic principles that represent Encourage external auditors to make more extensive use of the work
the practice of of internal
internal auditing is one of The IIA’s stated purposes of the Standards. auditors.
Answer (D) is incorrect. Fostering improved organizational C.
processes and D. Establish the basis for evaluating internal auditing performance.
operations is one of The IIA’s stated purposes of the Standards. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[2] Gleim #: 1.1.2 (720 questions)
The proper organizational role of internal auditing is to Copyright 2013 Gleim Publications Inc. Page 1
A. Assist the external auditor to reduce external audit fees. Printed for Sanja Knezevic
B. Perform studies to assist in the attainment of more efficient Answer (A) is incorrect. The professionalization of internal auditing
operations. is important but
C. Serve as the investigative arm of the board. is not a direct purpose of the Standards.
Serve as an independent, objective assurance and consulting activity Answer (B) is incorrect. Independence and objectivity are but two
that adds aspects of the
value to operations. practice of internal auditing as it should be.
D. Answer (C) is incorrect. The Standards do not formally encourage
Answer (A) is incorrect. Reducing external audit fees may be a external auditors to
direct result of make more extensive use of the work of internal auditors.
internal audit work, but it is not a reason for staffing an internal audit Answer (D) is correct. The IIA provides the following purposes of the
activity. Standards:
Answer (B) is incorrect. The primary role of internal auditing Delineate basic principles that represent the practice of 1. internal
includes, but is not auditing.
limited to, assessing the efficiency of operations. Provide a framework for performing and promoting a broad range of
Answer (C) is incorrect. Internal auditors serve management as well value-added
as the board. internal audit activities.
2.
3. Establish the basis for evaluating internal auditing performance. Answer (D) is correct. The internal audit activity helps an
4. Foster improved organizational processes and operations. organization
[4] Gleim #: 1.1.4 accomplish its objectives by bringing a systematic, disciplined
Which Standards expand upon the other categories of Standards? approach to
A. Performance Standards. evaluate and improve the effectiveness of risk management, control,
B. Attribute Standards. and
C. Implementation Standards. governance processes (Definition of Internal Auditing).
D. All of the choices are correct. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (A) is incorrect. Performance Standards apply to all internal (720 questions)
audit Copyright 2013 Gleim Publications Inc. Page 2
services. Printed for Sanja Knezevic
Answer (B) is incorrect. Attribute Standards apply to all internal audit fb.com/ciaaofficial
services. [6] Gleim #: 1.1.6
Answer (C) is correct. Implementation Standards expand upon the An internal auditor often faces special problems when performing an
Attribute and engagement at a
Performance Standards. They provide requirements applicable to foreign subsidiary. Which of the following statements is false with
specific respect to the
engagements. conduct of international engagements?
Answer (D) is incorrect. Only Implementation Standards expand The IIA Standards do not apply outside of A. the United States.
upon the The internal auditor should determine whether managers are in
standards in other categories. compliance with
[5] Gleim #: 1.1.5 local laws.
A major reason for establishing an internal audit activity is to B.
Relieve overburdened management of the responsibility for There may be justification for having different organizational policies
establishing effective in force in
controls. foreign branches.
A. C.
B. Safeguard resources entrusted to the organization. It is preferable to have multilingual internal auditors conduct
C. Ensure the reliability and integrity of financial and operational engagements at
information. branches in foreign nations.
D. Evaluate and improve the effectiveness of control processes. D.
Answer (A) is incorrect. Management is responsible for the Answer (A) is correct. Pronouncements by The IIA have no
establishment of geographic limits.
internal control. Compliance with the concepts in the Standards is essential for the
Answer (B) is incorrect. Governance, risk management, and control responsibilities
processes of internal auditors to be met, regardless of the national environment.
ultimately serve to safeguard the organization’s resources. Answer (B) is incorrect. The internal audit activity must evaluate the
Answer (C) is incorrect. Ensuring the reliability and integrity of adequacy
financial and and effectiveness of controls, including those relating to compliance
operational information is a management responsibility. with laws,
regulations, policies, procedures, and contracts. Printed for Sanja Knezevic
Answer (C) is incorrect. Varying laws and customs and other [8] Gleim #: 1.1.8
environmental Which of the following best describes the purpose of the internal
factors justify policy differences. audit activity?
Answer (D) is incorrect. The internal audit activity collectively must To add value and improve an organization’s A. operations.
possess the To assist management with the design and implementation of risk
knowledge, skills, and other competencies needed to perform its management
responsibilities. and control systems.
[7] Gleim #: 1.1.7 B.
The purpose of the internal audit activity can be best described as To examine and evaluate an organization’s accounting system as a
A. Adding value to the organization. service to
B. Providing additional assurance regarding fair presentation of management.
financial statements. C.
Expressing an opinion on the adequate design and functioning of the D. To monitor the organization’s internal control system for the
system of external auditors.
internal control. Answer (A) is correct. The Definition of Internal Auditing states, in
C. part,
Assuring the absence of any fraud that would materially affect the “Internal auditing is an independent, objective assurance and
financial consulting activity
statements. designed to add value and improve an organization’s operations.”
D. Answer (B) is incorrect. Performing the functions of design and
Answer (A) is correct. Internal auditing is an independent, objective implementation
assurance of risk management and control systems would impair the objectivity
and consulting activity designed to add value and improve an of the
organization’s internal auditors. An internal auditor may, however, recommend
operations (Definition of Internal Auditing). control standards
Answer (B) is incorrect. Assisting the external auditors in their audit and review procedures prior to their implementation.
of the Answer (C) is incorrect. Internal auditing is much broader than
financial statements is one of many possible tasks of the internal examining and
audit activity, but evaluating an organization’s accounting system.
it is not its primary purpose. Answer (D) is incorrect. Internal auditing serves the organization,
Answer (C) is incorrect. Assessing internal control is one of many not the external
tasks of the auditors.
internal audit activity, but it is not its primary purpose. [9] Gleim #: 1.1.9
Answer (D) is incorrect. Detecting fraud is one of many possible The internal audit activity’s scope of responsibilities includes
tasks of the A. Eliminating risk.
internal audit activity, but it is not its primary purpose. B. Managing risk.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Evaluating risk.
(720 questions) D. Controlling risk.
Copyright 2013 Gleim Publications Inc. Page 3
Answer (A) is incorrect. Eliminating risks is a responsibility of [11] Gleim #: 1.1.11
management. According to The IIA’s International Professional Practices
Answer (B) is incorrect. Managing risk is a responsibility of Framework, which of the
management. following constitute mandatory guidance for implementing the
Answer (C) is correct. The internal audit activity helps an Standards?
organization A. Development Aids.
accomplish its objectives by bringing a systematic, disciplined B. Practice Aids.
approach to C. Performance Standards.
evaluate and improve the effectiveness of risk management, control, D. Practice Advisories.
and Answer (A) is incorrect. Development Aids are not part of the IPPF.
governance processes (Definition of Internal Auditing). Managing, Answer (B) is incorrect. Practice Aids are not part of the IPPF.
controlling, Answer (C) is correct. The mandatory guidance portion of the IPPF
and eliminating risk are responsibilities of management. consists of
Answer (D) is incorrect. Controlling risk is a responsibility of the Definition of Internal Auditing, the Code of Ethics, Attribute
management. Standards,
[10] Gleim #: 1.1.10 Performance Standards, and Implementation Standards.
The Standards consist of three types of Standards. Which Standards Answer (D) is incorrect. Practice Advisories are strongly
apply to the recommended guidance.
characteristics of providers of internal auditing services? [12] Gleim #: 1.1.12
A. Implementation Standards. Under the Sarbanes-Oxley Act of 2002 (SOX),
B. Performance Standards. A. At least one member of the audit committee must be a financial
C. Attribute Standards. expert.
D. Independence Standards. B. The chairman of the board of directors must be a financial expert.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. The audit committee must rotate at least one seat on an annual
(720 questions) basis.
Copyright 2013 Gleim Publications Inc. Page 4 D. All members of the audit committee must be financial experts.
Printed for Sanja Knezevic Answer (A) is correct. Under the terms of SOX, at least one member
fb.com/ciaaofficial of the audit
Answer (A) is incorrect. Implementation Standards apply to specific committee must be a financial expert.
types of Answer (B) is incorrect. The SOX requirement regarding a financial
engagements. expert does
Answer (B) is incorrect. Performance Standards describe the nature not refer to the chairman of the board.
of internal Answer (C) is incorrect. SOX imposes no requirements regarding
auditing and provide quality criteria for evaluation of internal audit membership
performance. rotation of the audit committee.
Answer (C) is correct. Attribute Standards concern the Answer (D) is incorrect. Under the terms of SOX, only one member
characteristics of organizations of the audit
and parties providing internal auditing services. committee need be a financial expert.
Answer (D) is incorrect. The IPPF does not contain Independence Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Standards. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 5 [14] Gleim #: 1.1.14
Printed for Sanja Knezevic Which one of the following must be included in the internal audit
[13] Gleim #: 1.1.13 charter?
The Sarbanes-Oxley Act of 2002 (SOX) imposes which of the A. Internal audit scope.
following B. Internal audit responsibility.
requirements? C. Chief audit executive’s compensation plan.
The board of directors must be composed entirely of independent A. Number of full-time internal audit employees deemed to be the
shareholders. necessary
At least one member of the audit committee must be a former partner minimum.
of the D.
independent public accounting firm. Answer (A) is incorrect. Scope is an aspect of individual internal
B. audit
The audit committee must be composed entirely of independent engagements.
members of the Answer (B) is correct. The purpose, authority, and responsibility of
board. the internal
C. audit activity must be formally defined in an internal audit charter.
Once the audit committee has selected the independent public Answer (C) is incorrect. The CAE’s compensation plan is not an
accounting firm, the appropriate
committee must not interfere with the firm’s conduct of the financial matter to include in the internal audit charter.
statement Answer (D) is incorrect. The staffing of the internal audit activity is
audit. determined
D. by the CAE and the board; it is not an appropriate matter to include
Answer (A) is incorrect. The SOX requirement regarding in the internal
independent members audit charter.
refers to the audit committee, not the entire board. [15] Gleim #: 1.1.15
Answer (B) is incorrect. SOX does not impose a requirement Which one of the following is not included in the internal audit
regarding charter?
mandatory former employment with the independent public A. Risk assessment of the internal audit activity.
accounting firm. B. Responsibility of the internal audit activity.
Answer (C) is correct. Under the terms of SOX, each member of the C. Purpose of the internal audit activity.
issuer’s D. Authority of the internal audit activity.
audit committee must be an independent member of the board of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
directors. To be (720 questions)
independent, a director must not be affiliated with, or receive any Copyright 2013 Gleim Publications Inc. Page 6
compensation Printed for Sanja Knezevic
(other than for service on the board) from, the issuer. fb.com/ciaaofficial
Answer (D) is incorrect. The audit committee must be directly Answer (A) is correct. A risk assessment is not appropriate for
responsible for inclusion in the
appointing, compensating, and overseeing the work of the internal audit charter.
independent auditor.
Answer (B) is incorrect. The appropriate contents of the internal Answer (C) is incorrect. Internal audit engagements are scheduled
audit charter are the based on a risk
purpose, authority, and responsibility of the internal audit activity. assessment, not simply time elapsed since the last engagement.
Answer (C) is incorrect. The appropriate contents of the internal Answer (D) is incorrect. Internal audit engagements are scheduled
audit charter are the based on a risk
purpose, authority, and responsibility of the internal audit activity. assessment, only one of the elements of which is monetary
Answer (D) is incorrect. The appropriate contents of the internal materiality.
audit charter are the [17] Gleim #: 1.1.17
purpose, authority, and responsibility of the internal audit activity. The purpose, authority, and responsibility of the internal audit activity
[16] Gleim #: 1.1.16 are formally
The transportation department of a publicly held company has asked defined in
the internal audit The records of the proceedings of the A. board of directors.
activity to review the design specifications for a proposed new B. The corporate bylaws.
warehouse and repair C. The memorandum of understanding.
facility. The best reason for the internal audit activity to decline the D. A formal, written charter.
request is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Such a review does not fall within the authority granted in the internal (720 questions)
audit Copyright 2013 Gleim Publications Inc. Page 7
charter. Printed for Sanja Knezevic
A. Answer (A) is incorrect. While the records of board meetings do
The CEO and the head of the transportation department are reflect discussions
neighbors and belong related to the internal audit charter, they are no substitute for an
to the same social clubs. actual formal charter.
B. Answer (B) is incorrect. The corporate bylaws are not the
The internal audit activity performed a thorough review of the appropriate place to define
transportation the purpose, authority, and responsibility of the internal audit activity.
department the previous year. Answer (C) is incorrect. A memorandum of understanding is an
C. agreement between
The transportation department’s budget is immaterial to the parties expressing their common will that does not necessarily
organization’s total contain the elements of
budget. a contract.
D. Answer (D) is correct. The purpose, authority, and responsibility of
Answer (A) is correct. The internal audit activity’s purpose, authority, the internal audit
and activity must be formally defined in a written charter, consistent with
responsibility are specifically granted in the form of a written charter the Definition of
approved by Internal Auditing, the Code of Ethics, and the Standards.
the board. [18] Gleim #: 1.1.18
Answer (B) is incorrect. An attitude of independence is required for The types of services provided by the internal audit activity can best
internal be described as
auditors, not for auditees and management. Auditing A. and engagement.
B. Auditing and consulting. inevitable conflicts arise between the internal audit activity and the
C. Assurance and consulting. department or
D. Auditing and assurance. function under review.
Answer (A) is incorrect. Engagement is not a type of internal audit Answer (D) is incorrect. The support of management and the board
service. is crucial
Answer (B) is incorrect. The IIA Glossary defines assurance and when inevitable conflicts arise between the internal audit activity and
consulting, not the
auditing and consulting, as the types of services provided by the department or function under review.
internal audit Gleim CIA Test Prep: Part 1 - Internal Audit Basics
activity. (720 questions)
Answer (C) is correct. The internal audit activity provides Copyright 2013 Gleim Publications Inc. Page 8
independent, objective Printed for Sanja Knezevic
assurance and consulting services designed to add value and fb.com/ciaaofficial
improve an [20] Gleim #: 1.1.20
organization’s operations (Definition of Internal Auditing). Which of the following is not appropriate for inclusion in the internal
Answer (D) is incorrect. The IIA Glossary defines assurance and audit charter?
consulting, not The nature of the chief audit executive’s functional reporting
auditing and assurance, as the types of services provided by the relationship with the
internal audit board.
activity. A.
[19] Gleim #: 1.1.19 Authorization of internal audit access to records, personnel, and
Support from which persons or combination of persons listed below physical
is most important properties.
to the success of the internal audit activity? B.
A. The chief executive officer and chief financial officer. Definition of the scope of internal C. audit activities.
B. The chief executive officer. D. Authorization of the board to approve the charter.
C. Management and the board. Answer (A) is incorrect. The nature of the chief audit executive’s
D. The audit committee. functional
Answer (A) is incorrect. The support of management and the board reporting relationship with the board is one of the elements to be
is crucial included in the
when inevitable conflicts arise between the internal audit activity and internal audit charter.
the Answer (B) is incorrect. Authorization of internal audit access to
department or function under review. records,
Answer (B) is incorrect. The support of management and the board personnel, and physical properties is one of the elements to be
is crucial included in the
when inevitable conflicts arise between the internal audit activity and internal audit charter.
the Answer (C) is incorrect. Definition of the scope of internal audit
department or function under review. activities is one
Answer (C) is correct. The support of management and the board is of the elements to be included in the internal audit charter.
crucial when
Answer (D) is correct. Final approval of the internal audit charter Accordingly, internal auditors are professionals who serve others by
resides with the providing
board. The board has this power inherently. assurance and consulting services.
[21] Gleim #: 1.2.21 Answer (D) is incorrect. In some situations, responsibility to the
A primary purpose of establishing a code of conduct within a public at large
professional may conflict with and be more important than loyalty to one’s
organization is to organization.
Reduce the likelihood that members of the profession will be sued for Gleim CIA Test Prep: Part 1 - Internal Audit Basics
substandard (720 questions)
work. Copyright 2013 Gleim Publications Inc. Page 9
A. Printed for Sanja Knezevic
Ensure that all members of the profession perform at approximately [22] Gleim #: 1.2.22
the same An accounting association established a code of ethics for all
level of competence. members. What is one of
B. the association’s primary purposes of establishing the code of
C. Promote an ethical culture among professionals who serve others. ethics?
Require members of the profession to exhibit loyalty in all matters To outline criteria for professional behavior to maintain standards of
pertaining to integrity and
the affairs of their organization. objectivity.
D. A.
Answer (A) is incorrect. Although this result may follow from To establish standards to follow for effective accounting B. practice.
establishing a code To provide a framework within which accounting policies could be
of conduct, it is not the primary purpose. To consider it so would be effectively
self-serving. developed and executed.
Answer (B) is incorrect. A code of conduct can help to establish C.
minimum To outline criteria that can be used in conducting interviews of
standards of competence, but it would be impossible to ensure potential new
equality of accountants.
competence by all members of a profession. D.
Answer (C) is correct. The IIA’s Code of Ethics is typical. Its purpose Answer (A) is correct. The primary purpose of a code of ethical
is “to behavior for a
promote an ethical culture in the profession of internal auditing.” The professional organization is to promote an ethical culture among
definition professionals
of internal auditing states that it is “an independent, objective who serve others.
assurance and Answer (B) is incorrect. National standards-setting bodies, not a
consulting activity.” Moreover, internal auditing is founded on “the code of ethics,
trust placed provide guidance for effective accounting practice.
in its objective assurance about governance, risk management, and Answer (C) is incorrect. A code of ethics does not provide the
control.” framework within
which accounting policies are developed.
Answer (D) is incorrect. The primary purpose is not for interviewing (720 questions)
new Copyright 2013 Gleim Publications Inc. Page 10
accountants. Printed for Sanja Knezevic
[23] Gleim #: 1.2.23 fb.com/ciaaofficial
The best reason for establishing a code of conduct within an Answer (A) is correct. An organization’s code of ethical conduct is
organization is that such the established
codes general value system the organization wishes to apply to its
A. Are typically required by governments. members’ activities by
B. Express standards of individual behavior for members of the communicating organizational purposes and beliefs and establishing
organization. uniform ethical
C. Provide a quantifiable basis for personnel evaluations. guidelines for members, which include guidance on behavior for
D. Have tremendous public relations potential. members in making
Answer (A) is incorrect. Governments typically lack the power to decisions.
impose ethical Answer (B) is incorrect. The organizational details of the
codes on nongovernment personnel (the Sarbanes-Oxley Act of profession’s governing body
2002 contains a are stated in the by-laws of a professional organization.
partial exception to this general rule). Answer (C) is incorrect. Certain actions may be legal, but contrary
Answer (B) is correct. An organization’s code of ethical conduct is to an
the organization’s code of ethics. For example, an internal auditor may
established general value system the organization wishes to apply to not perform a
its members’ service for which (s)he does not possess the necessary knowledge,
activities. It communicates organizational purposes and beliefs and skills, and
establishes experience.
uniform ethical guidelines for members, which include guidance on Answer (D) is incorrect. The Standards establish a basis for the
behavior for measurement of
members in making decisions. internal audit performance.
Answer (C) is incorrect. Codes of conduct provide qualitative, not [25] Gleim #: 1.2.25
quantitative, In analyzing the differences between two recently merged
standards. businesses, the chief audit
Answer (D) is incorrect. Other purposes of a code of conduct are executive of Organization A notes that it has a formal code of ethics
much more and Organization
significant. B does not. The code of ethics covers such things as purchase
[24] Gleim #: 1.2.24 agreements,
The code of ethics of a professional organization sets forth relationships with vendors, and other issues. Its purpose is to guide
A. Broad standards of conduct for the members of the organization. individual
B. The organizational details of the profession’s governing body. behavior within the firm. Which of the following statements regarding
C. A list of illegal activities that are proscribed to the members of the the existence of
profession. the code of ethics in A can be logically inferred?
D. A basis for the measurement of internal audit performance. A exhibits a higher standard of ethical behavior I. than does B.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
A has established objective criteria by which an individual’s actions Copyright 2013 Gleim Publications Inc. Page 11
can be Printed for Sanja Knezevic
evaluated. [26] Gleim #: 1.2.26
II. A review of an organization’s code of conduct revealed that it
The absence of a formal code of ethics in B would prevent a contained
successful review of comprehensive guidelines designed to inspire high levels of ethical
ethical behavior in that organization. behavior. The
III. review also revealed that employees were knowledgeable of its
A. I and II. provisions. However,
B. II only. some employees still did not comply with the code. What element
C. III only. should a code of
D. II and III. conduct contain to enhance its effectiveness?
Answer (A) is incorrect. The mere existence of A’s code of ethics Periodic review and acknowledgment A. by all employees.
does not B. Employee involvement in its development.
ensure that its principles are followed. C. Public knowledge of its contents and purpose.
Answer (B) is correct. A formal code of ethics effectively (1) D. Provisions for disciplinary action in the event of violations.
communicates Answer (A) is incorrect. Periodic review and acknowledgment would
acceptable values to all members, (2) provides a method of policing ensure
and employee knowledge and acceptance of the code, which are not at
disciplining members for violations, (3) establishes objective issue.
standards against Answer (B) is incorrect. Employee involvement in development
which individuals can measure their own performance, and (4) would encourage
communicates the employee acceptance, which is not at issue.
organization’s value system to outsiders. Answer (C) is incorrect. Public knowledge might affect the behavior
Answer (C) is incorrect. The absence of a formal code of ethics of some
does not preclude individuals but not to the same extent as the perceived likelihood of
a successful review of ethical behavior in an organization. Policies sanctions for
and procedures wrongdoing.
may provide the criteria for such an engagement. Answer (D) is correct. Penalties for violations of a code of conduct
Answer (D) is incorrect. The existence of a code of ethics does should
establish enhance its effectiveness. Some individuals will be deterred from
objective criteria by which individual actions can be evaluated. misconduct if
However, the they expect it to be detected and punished.
absence of a formal code of ethics does not preclude a successful [27] Gleim #: 1.2.27
review of ethical A formal code of ethics should do all of the following except
behavior in an organization. Policies and procedures may provide the A. Effectively communicate acceptable values to all members.
criteria for B. Communicate the organization’s value system to outsiders.
such an engagement. C. Reflect only legal standards of conduct for individuals and the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization.
(720 questions)
Provide a method of policing and disciplining members of the management accountants requires independence from conflicts of
organization for economic interest.
violations. Answer (C) is incorrect. A typical code of ethical conduct for
D. financial managers or
Answer (A) is incorrect. A code of ethics should effectively management accountants requires independence from conflicts of
communicate professional interest.
acceptable values to all organization members. Answer (D) is correct. The code of ethical conduct for financial
Answer (B) is incorrect. A code of ethics should communicate the managers or
organization’s management accountants in an organization should require
value system to those outside the organization. credibility in presenting
Answer (C) is correct. An ethical organization aspires to a higher information, preparing reports, and making analyses.
standard of [29] Gleim #: 1.2.29
behavior than mere legality. Objectivity is an ethical requirement for all persons engaged in the
Answer (D) is incorrect. A code of ethics should indeed provide a professional
method of practice of internal auditing. One aspect of objectivity requires
policing and disciplining members for violations. Performance of professional duties in accordance A. with relevant
[28] Gleim #: 1.2.28 laws.
A typical code of ethical conduct for financial managers or B. Avoidance of conflict of interest.
management accountants C. Refraining from using confidential information for unethical or
in an organization requires all of the following except illegal advantage.
Integrity and a refusal to compromise professional values for the D. Maintenance of an appropriate level of professional expertise.
sake of personal Answer (A) is incorrect. Observing the law is a component of
goals. integrity.
A. Answer (B) is correct. Commitment to independence from conflicts
B. Independence from conflicts of economic interest. of economic
C. Independence from conflicts of professional interest. or professional interest is an aspect of objectivity.
D. Subjectivity in presenting information, preparing reports, and Answer (C) is incorrect. Refraining from using confidential
making analyses. information for
Gleim CIA Test Prep: Part 1 - Internal Audit Basics unethical or illegal advantage is an aspect of confidentiality.
(720 questions) Answer (D) is incorrect. Maintenance of an appropriate level of
Copyright 2013 Gleim Publications Inc. Page 12 professional
Printed for Sanja Knezevic expertise is an aspect of competency.
fb.com/ciaaofficial [30] Gleim #: 1.3.30
Answer (A) is incorrect. A typical code of ethical conduct for financial The IIA Rules of Conduct set forth in The IIA’s Code of Ethics
managers or A. Describe behavior norms expected of internal auditors.
management accountants in an organization requires integrity and a B. Are guidelines to assist internal auditors in dealing with
refusal to engagement clients.
compromise professional values for the sake of personal goals. C. Are interpreted by the Principles.
Answer (B) is incorrect. A typical code of ethical conduct for financial D. Apply only to particular conduct specifically mentioned.
managers or
Answer (A) is correct. The IIA’s Code of Ethics extends beyond the action is not consistent with The IIA’s Code of Ethics.
definition of D.
internal auditing to include two essential components: (1) Principles Answer (A) is incorrect. Seeking the advice of legal counsel on all
that are ethical
relevant to the profession and practice of internal auditing and (2) decisions is impracticable.
Rules of Answer (B) is correct. The Code includes Principles (integrity,
Conduct that describe behavior norms expected of internal auditors objectivity,
(Introduction). confidentiality, and competency) relevant to the profession and
Answer (B) is incorrect. The Rules of Conduct provide guidance to practice of internal
internal auditing and Rules of Conduct that describe behavioral norms for
auditors in the discharge of their responsibility to all those whom they internal auditors
serve. and that interpret the Principles. Internal auditors are expected to
Engagement clients are not the only parties served by internal apply and
auditing. uphold the Principles. Furthermore, that a particular conduct is not
Answer (C) is incorrect. The Rules of Conduct are an aid in mentioned in
interpreting the the Rules does not prevent it from being unacceptable or
Principles. discreditable.
Answer (D) is incorrect. The conduct may be unacceptable or Answer (C) is incorrect. Seeking the advice of the board on all
discreditable ethical decisions
although not mentioned in the Rules of Conduct. is impracticable. Furthermore, the advice might not be consistent
Gleim CIA Test Prep: Part 1 - Internal Audit Basics with the
(720 questions) profession’s standards.
Copyright 2013 Gleim Publications Inc. Page 13 Answer (D) is incorrect. If the organization’s standards are not
Printed for Sanja Knezevic consistent with, or
[31] Gleim #: 1.3.31 as high as, the profession’s standards, the internal auditor is held to
Today’s internal auditor will often encounter a wide range of potential the standards
ethical of the profession.
dilemmas, not all of which are explicitly addressed by The IIA’s Code [32] Gleim #: 1.3.32
of Ethics. If the In complying with The IIA’s Code of Ethics, an internal auditor should
internal auditor encounters such a dilemma, the internal auditor A. Use individual judgment in the application of the principles set
should always forth in the Code.
Seek counsel from an independent attorney to determine the Respect and contribute to the objectives of the organization even if it
personal is engaged
consequences of potential actions. in illegal activities.
A. B.
Apply and uphold the principles embodied in The IIA’s B. Code of Go beyond the limitation of personal technical skills to advance the
Ethics. interest of the
C. Seek the counsel of the board before deciding on an action. organization.
Act consistently with the code of ethics adopted by the organization C.
even if such D. Primarily apply the competency principle in establishing trust.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal auditor’s former employer in determining priorities in the new
(720 questions) job.
Copyright 2013 Gleim Publications Inc. Page 14 A.
Printed for Sanja Knezevic The new internal audit activity does not use PPS sampling, and the
fb.com/ciaaofficial internal
Answer (A) is correct. The IIA’s Code of Ethics includes principles auditor believes PPS sampling has advantages for many of the
that internal engagements
auditors are expected to apply and uphold. They are interpreted by conducted by the new employer. The internal auditor conducts
the Rules of training sessions
Conduct, behavior norms expected of internal auditors. That a and develops forms to implement sampling in the same manner as
particular conduct is not the previous
mentioned in the Rules of Conduct does not prevent it from being employer.
unacceptable or B.
discreditable. Consequently, a reasonable inference is that individual While at the previous firm, the internal auditor conducted a great deal
judgment is of research
necessary in the application of the principles and the Rules of to identify “best practices” for the management of the treasury
Conduct. function. Because
Answer (B) is incorrect. An internal auditor “shall not knowingly be a most of the research was done at home and during non-office hours,
party to any the internal
illegal activity.” Furthermore, an internal auditor is bound to respect auditor retained much of the research and plans to use it in
and contribute conducting a review of
only to the legitimate and ethical objectives of the organization. the treasury function at the new employer.
Answer (C) is incorrect. Internal auditors “shall engage only in those C.
services for None of the answers represent a violation D. of the Code.
which they have the necessary knowledge, skills, and experience.” Answer (A) is incorrect. Disclosing the former employer’s risk
Answer (D) is incorrect. Applying and upholding the integrity assessment
principle is the means approach does not violate the Code.
by which an internal auditor establishes trust as a basis for reliance Answer (B) is incorrect. Disclosing sampling methods does not
on his/her violate the Code.
judgment. Answer (C) is incorrect. Disclosing information about best practices
[33] Gleim #: 1.3.33 of other
An internal auditor, recently terminated by an organization due to organizations does not violate the Code.
downsizing, has Answer (D) is correct. The former employer’s risk assessment
found a job with another organization in the same industry. Which of approach may be
the following viewed as general information about “best practices.” Hence,
disclosures made by the internal auditor to the new organization applying this
would constitute a approach on behalf of a new employer is acceptable. With regard to
violation of The IIA’s Code of Ethics? the former
The internal auditor used the risk assessment approach that was employer’s sampling methods, the internal auditor is applying
used by the knowledge of a
commonly used engagement procedure. It is not confidential discreditable even if it is not mentioned in the Rules of Conduct.
information. Answer (C) is incorrect. It is not feasible to seek the audit
Moreover, gathering information about best practices of other committee’s advice for
organizations is part all potential dilemmas. Furthermore, the advice might not be
of the continuing education of the internal auditor. Thus, the listed consistent with the
responses are profession’s standards.
not violations of the Code. Answer (D) is incorrect. If the organization’s standards are not
Gleim CIA Test Prep: Part 1 - Internal Audit Basics consistent with, or
(720 questions) as high as, the profession’s standards, the internal auditor should
Copyright 2013 Gleim Publications Inc. Page 15 abide by the
Printed for Sanja Knezevic latter.
[34] Gleim #: 1.3.34 [35] Gleim #: 1.3.35
An internal auditor who encounters an ethical dilemma not explicitly The IIA’s Code of Ethics does not require
addressed by A. Contribution to the legitimate and ethical objectives of the
The IIA’s Code of Ethics should always organization.
Seek counsel from an independent attorney to determine the B. Objectivity, honesty, and diligence.
personal C. Continual improvement in proficiency.
consequences of potential actions. D. A report on each engagement.
A. Answer (A) is incorrect. Rule of Conduct 1.4 states, “Internal
Take action consistent with the principles embodied in The IIA’s B. auditors shall
Code of Ethics. respect and contribute to the legitimate and ethical objectives of the
C. Seek the counsel of the audit committee before deciding on an organization.”
action. Answer (B) is incorrect. Rule of Conduct 1.1 imposes an obligation
Act consistently with the employing organization’s code of ethics of honesty,
even if such diligence, and responsibility. Moreover, objectivity is one of the four
action would not be consistent with The IIA’s Code of Ethics. Principles
D. stated in the Code.
Answer (A) is incorrect. The auditor must act consistently with the Answer (C) is incorrect. Continual improvement in proficiency and in
spirit of The the
IIA’s Code of Ethics. It is not practical to seek the advice of legal effectiveness and quality of services is required by Rule of Conduct
counsel for all 4.3.
ethical decisions. Moreover, unethical behavior may not be illegal. Answer (D) is correct. The Standards, not the Code of Ethics,
Answer (B) is correct. The IIA’s Code of Ethics is based on require internal
principles relevant to auditors to communicate the engagement results.
the profession and practice of internal auditing that internal auditors Gleim CIA Test Prep: Part 1 - Internal Audit Basics
are expected (720 questions)
to apply and uphold: integrity, objectivity, confidentiality, and Copyright 2013 Gleim Publications Inc. Page 16
competency. Printed for Sanja Knezevic
Furthermore, the Code states that particular conduct may be fb.com/ciaaofficial
unacceptable or [36] Gleim #: 1.4.36
An internal auditor working for a chemical manufacturer believed that confidential, audit-related information that could potentially damage
toxic waste was the auditor’s
being dumped in violation of the law. Out of loyalty to the organization.
organization, no A.
information regarding the dumping was collected. The internal An auditor used audit-related information in a decision to buy stock
auditor issued by the
Violated the Code of Ethics by knowingly becoming a party A. to an employer corporation.
illegal act. B.
Violated the Code of Ethics by failing to protect the well-being of the After praising an employee in a recent audit engagement
general communication, an
public. auditor accepted a gift from the employee.
B. C.
Did not violate the Code of Ethics. Loyalty to the employer in all An auditor did not report significant observations about illegal activity
matters is to the
required. board because management indicated that it would resolve the
C. issue.
Did not violate the Code of Ethics. Conclusive information about D.
wrongdoing was Answer (A) is correct. Rule of Conduct 1.2 under the integrity
not gathered. principal states,
D. “Internal auditors shall observe the law and make disclosures
Answer (A) is correct. Rule of Conduct 1.3 under the integrity expected by the law
principle prohibits and the profession.” Thus, auditors must comply with subpoenas.
knowingly being a party to any illegal activity. By failing to collect Answer (B) is incorrect. Rule of Conduct 3.2 prohibits auditors from
information using audit
about a known violation of law, the auditor became party to the illegal information for personal gain.
act. Answer (C) is incorrect. Rule of Conduct 2.2 prohibits an auditor
Answer (B) is incorrect. The IIA’s Code of Ethics does not impose a from accepting
duty to the anything that might be presumed to impair the auditor’s professional
general public. judgment.
Answer (C) is incorrect. The IIA’s Code of Ethics does not impose Answer (D) is incorrect. Rule of Conduct 1.3 prohibits auditors from
an overriding knowingly
duty of loyalty to the employer. being a party to any illegal or improper activity. Significant
Answer (D) is incorrect. The internal auditor should have collected observations of illegal
and reported activity should be reported to the board.
such information in accordance with the Standards. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[37] Gleim #: 1.4.37 (720 questions)
Which of the following is permissible under The IIA’s Code of Ethics? Copyright 2013 Gleim Publications Inc. Page 17
In response to a subpoena, an auditor appeared in a court of law and Printed for Sanja Knezevic
disclosed [38] Gleim #: 1.4.38
The IIA’s Code of Ethics requires internal auditors to perform their under review (Rule of Conduct 2.3). An internal auditor also must
work with respect and
Honesty, diligence, A. and responsibility. contribute to the legitimate and ethical objectives of the organization
B. Timeliness, sobriety, and clarity. (Rule of
C. Knowledge, skills, and competencies. Conduct 1.4). Thus, when apparent violations of antitrust statutes by
D. Punctuality, objectivity, and responsibility. officers
Answer (A) is correct. Rule of Conduct 1.1 under the integrity come to the internal auditor’s attention, (s)he should report to the
principle states, board of
“Internal auditors shall perform their work with honesty, diligence, directors rather than directly to the government regulators. An
and internal auditor
responsibility.” must also observe the law and make any disclosures required by the
Answer (B) is incorrect. Timeliness, sobriety, and clarity are not law or by the
mentioned in the profession (Rule of Conduct 1.2).
Code. Answer (B) is incorrect. Everyone has a legal obligation to
Answer (C) is incorrect. Knowledge, skills, and competencies are cooperate with a
mentioned in criminal investigation. An internal auditor must observe the law and
the Standards. make any
Answer (D) is incorrect. Punctuality is not mentioned in the Code. disclosures required by the law or by the profession (Rule of Conduct
[39] Gleim #: 1.4.39 1.2).
Which situation is most likely a violation of The IIA’s Code of Ethics? Answer (C) is incorrect. An internal auditor should report apparent
Reporting apparent violations of antitrust statutes by officers to improprieties
government to the board.
regulators. Answer (D) is incorrect. Everyone has a legal and moral obligation
A. to report
B. Cooperating with the government’s criminal investigation of the violent crimes immediately.
organization. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Reporting apparent violations of antitrust statutes by officers to the (720 questions)
board of Copyright 2013 Gleim Publications Inc. Page 18
directors. Printed for Sanja Knezevic
C. fb.com/ciaaofficial
Immediately reporting a violent crime observed at work to local law [40] Gleim #: 1.5.40
enforcement In applying the Rules of Conduct set forth in The IIA’s Code of Ethics,
agencies. internal
D. auditors are expected to
Answer (A) is correct. An internal auditor must not knowingly be a Not be unduly influenced by their own interests in A. forming
party to any judgments.
illegal activity (Rule of Conduct 1.3), and (s)he must disclose all B. Compare them with standards of other professions.
material facts C. Be guided by the desires of the engagement client.
known to him/her that, if not disclosed, might distort the reporting of D. Use discretion in deciding whether to use them.
activities
Answer (A) is correct. The objectivity principle contained in The IIA’s Copyright 2013 Gleim Publications Inc. Page 19
Code of Printed for Sanja Knezevic
Ethics states, in part, “Internal auditors make a balanced assessment [42] Gleim #: 1.5.42
of all the A CIA is working in a noninternal-auditing position as the director of
relevant circumstances and are not unduly influenced by their own purchasing. The
interests or by CIA signed a contract to procure a large order from the supplier with
others in forming judgments.” the best price,
Answer (B) is incorrect. Standards of other professions are not quality, and performance. Shortly after signing the contract, the
intended to supplier presented the
provide guidance to internal auditors. CIA with a gift of significant monetary value. Which of the following
Answer (C) is incorrect. Auditors should be independent of the statements
engagement regarding the acceptance of the gift is true?
client. Acceptance of the gift is prohibited only if it A. is not customary.
Answer (D) is incorrect. Internal auditors must follow The IIA’s Code Acceptance of the gift violates The IIA’s Code of Ethics and is
of Ethics. prohibited for a
[41] Gleim #: 1.5.41 CIA.
Which of the following statements is not appropriate to include in a B.
manufacturer’s Because the CIA is no longer acting as an internal auditor,
conflict of interest policy? An employee shall not acceptance of the gift is
A. Accept money, gifts, or services from a customer. governed only by the organization’s code of conduct.
B. Participate (directly or indirectly) in the management of a public C.
agency. Because the contract was signed before the gift was offered,
C. Borrow from or lend money to vendors. acceptance of the gift
D. Use organizational information for private purposes. does not violate either The IIA’s Code of Ethics or the organization’s
Answer (A) is incorrect. A conflict of interest policy should prohibit code of
the transfer conduct.
of benefits between an employee and those with whom the D.
organization deals. Answer (A) is incorrect. Acceptance of the gift could easily be
Answer (B) is correct. A prohibition on public service is ordinarily presumed to have
inappropriate. impaired the CIA’s professional judgment.
Public service is a right, if not a duty, of all citizens. Answer (B) is correct. Members of The Institute of Internal Auditors
Answer (C) is incorrect. A conflict of interest policy should prohibit and
financial recipients of, or candidates for, IIA professional certifications are
dealings between an employee and those with whom the subject to
organization deals. disciplinary action for breaches of The IIA’s Code of Ethics. Rule of
Answer (D) is incorrect. A conflict of interest policy should prohibit Conduct 2.2
the use of under the objectivity principle states, “Internal auditors shall not
organization information for private gain. accept anything
Gleim CIA Test Prep: Part 1 - Internal Audit Basics that may impair or be presumed to impair their professional
(720 questions) judgment.”
Answer (C) is incorrect. The CIA is still governed by The IIA’s code (720 questions)
of conduct. Copyright 2013 Gleim Publications Inc. Page 20
Answer (D) is incorrect. The timing of signing the contract is Printed for Sanja Knezevic
irrelevant. fb.com/ciaaofficial
[43] Gleim #: 1.5.43 [44] Gleim #: 1.5.44
The chief audit executive (CAE) has been appointed to a committee In a review of travel and entertainment expenses, a certified internal
to evaluate the auditor
appointment of the external auditors. The engagement partner for the questioned the business purposes of an officer’s reimbursed travel
external expenses. The
accounting firm wants the CAE to join her for a week of hunting at officer promised to compensate for the questioned amounts by not
her private lodge. claiming legitimate
The CAE should expenses in the future. If the officer makes good on the promise, the
A. Accept, assuming both their schedules allow it. internal auditor
B. Refuse on the grounds of conflict of interest. Can ignore the original charging of the nonbusiness A. expenses.
C. Accept as long as it is not charged to employer time. B. Should inform the tax authorities in any event.
Ask the comptroller whether accepting the invitation is a violation of C. Should still include the finding in the final engagement
the communication.
organization’s code of ethics. Should recommend that the officer forfeit any frequent flyer miles
D. received as part
Answer (A) is incorrect. The auditor should not accept. of the questionable travel.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity D.
principle states, Answer (A) is incorrect. The possibly fraudulent behavior of the
“Internal auditors shall not participate in any activity or relationship officer is a
that may material fact that should be reported regardless of whether the
impair or be presumed to impair their unbiased assessment. This questioned
participation expenses are reimbursed.
includes those activities or relationships that may be in conflict with Answer (B) is incorrect. Communication of results to parties outside
the interests the
of the organization.” Furthermore, under Rule of Conduct 2.2, organization is not required in the absence of a legal mandate.
“Internal auditors Answer (C) is correct. Rule of Conduct 2.3 under the objectivity
shall not accept anything that may impair or be presumed to impair principle states,
their “Internal auditors shall disclose all material facts known to them that,
professional judgment.” if not
Answer (C) is incorrect. Not charging the time to the company is not disclosed, may distort the reporting of activities under review.”
sufficient to Answer (D) is incorrect. Management should determine what
eliminate conflict-of-interest concerns. constitutes just
Answer (D) is incorrect. The auditor should know that accepting the compensation.
invitation [45] Gleim #: 1.5.45
raises conflict of interest issues. During an engagement performed at a manufacturing division of a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics defense contractor,
the internal auditor discovered that the organization apparently was Answer (A) is correct. Although an argument can be made that the
inappropriately internal auditor
adding costs to a cost-plus governmental contract. The internal should report the matter to the board and senior management, there
auditor discussed the is no indication
matter with senior management, who suggested that the internal that the internal auditor is deliberately withholding material facts that,
auditor seek an if not disclosed,
opinion from legal counsel. Upon review, legal counsel indicated that may distort reports of activities under review (Rule of Conduct 2.3).
the practice was Hence, no
questionable but was not technically in violation of the government violation of the Code occurred.
contract. Based on Answer (B) is incorrect. Material fraud, if suspected, should be
legal counsel’s decision, the internal auditor decided to omit any brought to the
discussion of the attention of management. However, in this case, the internal auditor
practice in the final engagement communication sent to senior gathered sufficient
management and the information to dispel the suspicion of fraud.
board. However, the internal auditor did informally communicate legal Answer (C) is incorrect. The internal auditor did not deliberately
counsel’s withhold important
decision to senior management. Did the internal auditor violate The information.
IIA’s Code of Answer (D) is incorrect. The internal auditor has gathered sufficient
Ethics? information.
No. The internal auditor followed up the matter with appropriate Internal legal counsel’s opinion appears to be sufficient.
personnel within [46] Gleim #: 1.5.46
the organization and reached a conclusion that no fraud was An internal auditor discovered some material inefficiencies in a
involved. purchasing function.
A. The purchasing manager is the internal auditor’s next-door neighbor
No. If a fraud is suspected, it should be resolved at the divisional and best friend. In
level where it is accordance with The IIA’s Code of Ethics, the internal auditor should
taking place. Objectively include the facts of the case in the engagement A.
B. communications.
Yes. It is a violation because all important information, even if B. Not report the incident because of loyalty to the friend.
resolved, should Include the facts of the case in a special communication submitted
be reported to the board. only to the
C. friend.
Yes. Internal legal counsel’s opinion is not sufficient. The internal C.
auditor should D. Not report the friend unless the activity is illegal.
have sought advice from outside legal counsel. Answer (A) is correct. Rule of Conduct 2.3 under the objectivity
D. principle states,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics “Internal auditors shall disclose all material facts known to them that,
(720 questions) if not
Copyright 2013 Gleim Publications Inc. Page 21 disclosed, may distort the reporting of activities under review.”
Printed for Sanja Knezevic
Answer (B) is incorrect. This action is at variance with the internal Answer (B) is incorrect. Serving on the board of the local bank may
auditor’s also be in conflict
duties. with the best interests of the auditor’s employer.
Answer (C) is incorrect. This action is at variance with the internal Answer (C) is correct. Rule of Conduct 2.1 under the objectivity
auditor’s principle states,
duties. “Internal auditors shall not participate in any activity or relationship
Answer (D) is incorrect. This action is at variance with the internal that may impair or
auditor’s be presumed to impair their unbiased assessment. This participation
duties. includes those
[47] Gleim #: 1.5.47 activities or relationships that may be in conflict with the interests of
An internal auditor for a large regional bank was asked to serve on the
the board of organization.” Accordingly, service on the board of the local bank
directors of a local bank. The bank competes in many of the same constitutes a
markets as the conflict of interest and may prejudice the internal auditor’s ability to
regional bank but focuses more on consumer financing than on carry out
business financing. objectively his/her duties regarding potential acquisitions.
In accepting this position, the internal auditor Answer (D) is incorrect. Serving on the board of the local bank
Violates The IIA’s Code of Ethics because serving on the board may creates a conflict of
be in conflict interest and may prejudice the internal auditor’s ability to perform
with the best interests of the internal auditor’s employer his/her duties.
I. [48] Gleim #: 1.5.48
Violates The IIA’s Code of Ethics because the information gained Which of the following concurrent occupations could appear to
while serving subvert the ethical
on the board of directors of the local bank may influence behavior of an internal auditor?
recommendations Internal auditor and a well-known charitable organization’s local in-
regarding potential acquisitions house
II. chairperson.
A. I only. A.
B. II only. Internal auditor and part-time business B. insurance broker.
C. I and II. Internal auditor and adjunct faculty member of a local business
D. Neither I nor II. college that
Gleim CIA Test Prep: Part 1 - Internal Audit Basics educates potential employees.
(720 questions) C.
Copyright 2013 Gleim Publications Inc. Page 22 Internal auditor and landlord of multiple housing that publicly
Printed for Sanja Knezevic advertises for
fb.com/ciaaofficial tenants in a local community newspaper listing monthly rental fees.
Answer (A) is incorrect. Serving on the board of the local bank D.
creates a conflict of Answer (A) is incorrect. The activities of a charity are unlikely to be
interest and may prejudice the internal auditor’s ability to perform contrary to
his/her duties. the interests of the organization.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity professional judgment (Rule of Conduct 2.2). Moreover, relationships
principle states, with
“Internal auditors shall not participate in any activity or relationship professional organizations are not likely to create a conflict of interest
that may or impair or be
impair or be presumed to impair their unbiased assessment. This presumed to impair internal auditors’ unbiased judgment (Rule of
participation Conduct 2.1). Also,
includes those activities or relationships that may be in conflict with the consulting engagement should not result in the improper use of
the interests information (Rule
of the organization.” As a business insurance broker, the internal of Conduct 3.2).
auditor may lose Answer (B) is incorrect. Serving as a consultant to competitors
his/her objectivity because (s)he might benefit from a change in the might create a conflict
employer’s of interest.
insurance coverage. Answer (C) is incorrect. Serving as a consultant to suppliers might
Answer (C) is incorrect. Teaching is compatible with internal create a conflict of
auditing. interest.
Answer (D) is incorrect. Whereas dealing in commercial properties Answer (D) is incorrect. Internal auditors should “be prudent in the
might involve use and protection
a conflict, renting residential units most likely does not. of information acquired in the course of their duties” (Rule of Conduct
[49] Gleim #: 1.5.49 3.1).
Internal auditors should be prudent in their relationships with persons Furthermore, such discussion might be “detrimental to the legitimate
and and ethical
organizations external to their employers. Which of the following objectives of the organization” (Rule of Conduct 3.2).
activities will most [50] Gleim #: 1.5.50
likely not adversely affect internal auditors’ ethical behavior? An internal auditor has been assigned to an engagement at a foreign
A. Accepting compensation from professional organizations for subsidiary. The
consulting work. internal auditor is aware that the social climate of the country is such
B. Serving as consultants to competitor organizations. that “facilitating
C. Serving as consultants to suppliers. payments” (bribes) are an accepted part of doing business. The
D. Discussing engagement plans or results with external parties. internal auditor has
Gleim CIA Test Prep: Part 1 - Internal Audit Basics completed the engagement and has found significant weaknesses
(720 questions) relating to important
Copyright 2013 Gleim Publications Inc. Page 23 controls. The subsidiary’s manager offers the internal auditor a
Printed for Sanja Knezevic substantial “facilitating
Answer (A) is correct. Professional organizations are unlikely to be payment” to omit the observations from the final engagement
employees, communication with a
clients, customers, suppliers, or business associates of the provision that the internal auditor could revisit the subsidiary in 6
organization. Hence, the months to verify that
consulting fees are not likely to impair or be presumed to impair the the problem areas have been properly addressed. The internal
internal auditors’ auditor should
Not accept the payment because such acceptance is in conflict with fb.com/ciaaofficial
the Code of [51] Gleim #: 1.5.51
Ethics. An internal auditor engages in the preparation of income tax forms
A. during the tax
Not accept the payment, but omit the observations as long as a season. For which of the following activities will the internal auditor
verification visit is most likely be in
made in 6 months. violation of The IIA’s Code of Ethics?
B. Writing a tax guide intended for publication and sale to A. the general
Accept the offer because it is consistent with the ethical concepts of public.
the country in Preparing the personal tax return, for a fee, for one of the
which the subsidiary is doing business. organization’s division
C. managers.
Accept the payment because it has the effect of doing the greatest B.
good for the C. Teaching an evening tax seminar, for a fee, at a local university.
greatest number; the internal auditor is better off, the subsidiary is Preparing tax returns for elderly citizens, regardless of their
better off, and associations, as a
the organization is better off because there is strong motivation to public service.
correct the D.
deficiencies. Answer (A) is incorrect. Writing a tax guide for sale to the general
D. public is
Answer (A) is correct. Rule of Conduct 2.2 under the objectivity unlikely to impair the internal auditor’s professional judgment.
principle states, Answer (B) is correct. Rule of Conduct 2.2 under the objectivity
“Internal auditors shall not accept anything that may impair or be principle states,
presumed to “Internal auditors shall not accept anything that may impair or be
impair their professional judgment.” presumed to
Answer (B) is incorrect. Rule of Conduct 2.3 requires internal impair their professional judgment.” Preparing a personal tax return
auditors to for a division
“disclose all material facts known to them that, if not disclosed, may manager for a fee falls under this prohibition.
distort the Answer (C) is incorrect. Teaching an evening tax seminar is unlikely
reporting of activities under review.” to impair
Answer (C) is incorrect. The profession’s standards, not the the internal auditor’s professional judgment.
customs of Answer (D) is incorrect. Engaging in a public service separate from
individual countries or regions, should guide the internal auditor’s the interests
conduct. and activities of the organization is unlikely to impair professional
Answer (D) is incorrect. The action is explicitly prohibited by the judgment.
Code of Ethics. [52] Gleim #: 1.5.52
Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditing team has made observations and
(720 questions) recommendations that should
Copyright 2013 Gleim Publications Inc. Page 24 significantly improve a division’s operating efficiency. Out of
Printed for Sanja Knezevic appreciation of this
work, and because it is the holiday season, the division manager organization’s charter. All the grants, however, were approved and
presents the in-charge documented by the
internal auditor with a gift of moderate value. Which of the following president. The chair of the grant authorization committee, who is also
best describes a member of the
the action prescribed by The IIA’s Code of Ethics? board of directors, proposes that the committee meet and
A. Not accept it prior to submission of the final engagement retroactively approve all the
communication. grants before the engagement communication is issued. If the
B. Not accept it if the gift is presumed to impair the internal auditor’s committee meets and
judgment. approves the grants before such issuance, the internal auditor should
C. Not accept it, regardless of other circumstances, because its Not report the grants in question because they were approved before
value is significant. the issuance
D. Accept it, regardless of other circumstances, because its value is of the engagement communication.
insignificant. A.
Answer (A) is incorrect. The timing of the gift is irrelevant. Discuss the matter with the chair of the grant committee to determine
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity the rationale
principle states, for not approving the grants earlier. If the grants are routine,
“Internal auditors shall not accept anything that may impair or be discussion of the
presumed to grant committee’s inaction should be omitted from the engagement
impair their professional judgment.” communication.
Answer (C) is incorrect. According to Rule of Conduct 2.2, the B.
decision whether Include the items in the communication as an override of the
to accept a gift should be based on the potential impairment of the organization’s
auditor’s controls. Details about each grant should be reported, and the
judgment. internal auditor
Answer (D) is incorrect. The decision to accept or reject the gift should investigate further for fraud.
should be based C.
on whether the internal auditor’s professional judgment will be Report the override of control D. to the board.
impaired or be Answer (A) is incorrect. The control override should be reported.
presumed to be impaired. Answer (B) is incorrect. The routine nature of the grants is irrelevant
Gleim CIA Test Prep: Part 1 - Internal Audit Basics to the issue
(720 questions) of the violation of the charter.
Copyright 2013 Gleim Publications Inc. Page 25 Answer (C) is incorrect. Details about each grant need not be
Printed for Sanja Knezevic included unless the
[53] Gleim #: 1.5.53 internal auditor believes that fraud may have occurred. Moreover, the
During an examination of grants awarded by a not-for-profit appropriate
organization, an internal organizational authorities should be informed if wrongdoing is
auditor discovered a number of grants made without the approval of suspected.
the grant Answer (D) is correct. Rule of Conduct 2.3 under the objectivity
authorization committee (which includes outside representatives), as principle states,
required by the
“Internal auditors shall disclose all material facts known to them that, Answer (A) is incorrect. The internal auditor did not withhold
if not information but
disclosed, may distort the reporting of activities under review.” The properly followed up upon learning of the information.
management Answer (B) is incorrect. The internal auditor did not withhold
override of an important control over approval of grants created a information but
material risk properly followed up upon learning of the information.
exposure. The internal auditor is ethically obligated to report the Answer (C) is correct. There is no violation of either The IIA’s Code
matter to senior of Ethics or the
officials charged with performing the governance function. Standards. The internal auditor did not withhold information and
[54] Gleim #: 1.5.54 properly followed up
An internal auditor, nearly finished with an engagement, discovers upon learning of the information.
that the director of Answer (D) is incorrect. The internal auditor did not withhold
marketing has a gambling habit. The gambling issue is not directly information but
related to the properly followed up upon learning of the information.
existing engagement, and the internal auditor is under pressure to [55] Gleim #: 1.5.55
complete it quickly. An engagement at a foreign subsidiary disclosed payments to local
The internal auditor notes the problem and passes the information on government
to the chief audit officials in return for orders. What action does The IIA’s Code of
executive but does no further follow-up. The internal auditor’s actions Ethics suggest for an
Are in violation of The IIA’s Code of Ethics for withholding meaningful internal auditor in such a case?
information. Refrain from any action that might be detrimental to A. the
A. organization.
Are in violation of the Standards because the internal auditor did not B. Report the incident to appropriate regulatory authorities.
properly C. Inform appropriate organizational officials.
follow up on a red flag that might indicate the existence of fraud. D. Report the practice to the board of The Institute of Internal
B. Auditors.
C. Are not in violation of either The IIA’s Code of Ethics or the Answer (A) is incorrect. Informing organizational officials is not
Standards. detrimental to
Are in violation of The IIA’s Code of Ethics for withholding meaningful the organization.
information and are in violation of the Standards because the internal Answer (B) is incorrect. The Code does not require that the incident
auditor did be reported
not properly follow up on a red flag that might indicate the existence to regulatory authorities.
of fraud. Answer (C) is correct. Such payments may be illegal. Rule of
D. Conduct 2.3 under
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the objectivity principle states, “Internal auditors shall disclose all
(720 questions) material facts
Copyright 2013 Gleim Publications Inc. Page 26 known to them that, if not disclosed, may distort the reporting of
Printed for Sanja Knezevic activities under
fb.com/ciaaofficial review.”
Answer (D) is incorrect. The Code does not require reporting to The Answer (D) is incorrect. The employee could be directed to other
IIA. methods of
[56] Gleim #: 1.5.56 communicating the information in order to maintain her anonymity.
During an engagement, an employee with whom you have [57] Gleim #: 1.5.57
developed a good working The chief audit executive is aware of a material inventory shortage
relationship informs you that she has some information about senior caused by internal
management that control deficiencies at one manufacturing plant. The shortage and
is damaging to the organization and may concern illegal activities. related causes are of
The employee does sufficient magnitude to affect the external auditor’s report. Based on
not want her name associated with the release of the information. The IIA’s Code
Which of the of Ethics, what is the CAE’s most appropriate course of action?
following actions is considered to be inconsistent with The IIA’s Code Say nothing; guard against interfering with the independence of the
of Ethics and external
the Standards? auditors.
Assure the employee that you can maintain her anonymity and listen A.
to the Discuss the issue with management and take appropriate action to
information. ensure that the
A. external auditors are informed.
B. Suggest that the employee consider talking to legal counsel. B.
Inform the employee that you will attempt to keep the source of the Inform the external auditors of the possibility of a shortage but allow
information them to
confidential and will look into the matter further. make an independent assessment of the amount.
C. C.
D. Inform the employee of other methods of communicating this type Communicate the shortages to the board and allow them to
of information. communicate it to the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics external auditor.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 27 Answer (A) is incorrect. The shortage is a material fact that could
Printed for Sanja Knezevic distort a report
Answer (A) is correct. An internal auditor cannot guarantee of activities under review if not revealed.
anonymity. Information Answer (B) is correct. All material facts known by the internal
communicated to an internal auditor is not deemed to be privileged. auditors should be
Answer (B) is incorrect. Suggesting that the person seek expert disclosed (Rule of Conduct 2.3). The CAE should share information
legal advice from a and
qualified individual is appropriate. coordinate activities with other internal and external providers of
Answer (C) is incorrect. Promising merely to attempt to keep the relevant
source of the assurance and consulting services (Perf. Std. 2050).
information confidential is allowable. This promise is not a guarantee Answer (C) is incorrect. The condition is known and the external
of auditors should
confidentiality. be told more than that a possibility of a shortage exists.
Answer (D) is incorrect. Information should be shared and activities Answer (B) is incorrect. The CAE should share information and
coordinated coordinate
with the external auditor. activities with the external auditors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Although the internal audit activity’s main
(720 questions) focus may be
Copyright 2013 Gleim Publications Inc. Page 28 on risk management, control, and governance processes, a material
Printed for Sanja Knezevic misstatement
fb.com/ciaaofficial must be communicated.
[58] Gleim #: 1.5.58 Answer (D) is incorrect. When performing an audit, the external
Through an engagement performed at the credit department, the auditors should
chief audit executive determine what work should be performed by the internal auditor.
(CAE) became aware of a material misstatement of the year-end [59] Gleim #: 1.5.59
accounts receivable An internal auditor has uncovered facts that could be interpreted as
balance. The external auditors have completed their engagement indicating
without detecting the unlawful activity on the part of an engagement client. The internal
misstatement. What should the CAE do in this situation? auditor decides not
Inform the external auditors of A. the misstatement. to inform senior management and the board of these facts because
Report the misstatement to management when the external auditors of lack of proof.
present a The internal auditor, however, decides that, if questions are raised
report. regarding the
B. omitted facts, they will be answered fully and truthfully. In taking this
Exclude the misstatement from the final engagement communication action, the
because the internal auditor
external auditors are responsible for expressing an opinion on the Has not violated The IIA’s Code of Ethics or the Standards because
financial confidentiality takes precedence over all other standards.
statements. A.
C. Has not violated The IIA’s Code of Ethics or the Standards because
Perform additional engagement procedures on accounts receivable the internal
balances to auditor is committed to answering all questions fully and truthfully.
benefit the external auditors. B.
D. Has violated The IIA’s Code of Ethics because unlawful acts should
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity have been
principle states, reported to the appropriate regulatory agency to avoid potential
“Internal auditors shall disclose all material facts known to them that, “aiding and
if not abetting” by the internal auditor.
disclosed, may distort the reporting of activities under review.” C.
Additionally, the Has violated the Standards because the internal auditor should
CAE should share information and coordinate activities with the inform the
external auditors appropriate authorities in the organization if fraud may be indicated.
(Perf. Std. 2050). D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A.
(720 questions) Acquaint the chief audit executive with the situation and offer
Copyright 2013 Gleim Publications Inc. Page 29 assurance that it
Printed for Sanja Knezevic will have no impact on objectivity.
Answer (A) is incorrect. Reporting a possible irregularity to the B.
appropriate Proceed with the audit because the personal investments C. are not
organizational authorities is not a breach of the duty of confidentiality an issue.
owed to the Proceed with the audit because the investment is insignificant
organization. relative to the
Answer (B) is incorrect. The internal auditor has an affirmative duty whole of the target company’s stock.
to report the D.
results of his/her work. Answer (A) is correct. Rule of Conduct 2.1 under the objectivity
Answer (C) is incorrect. The possibility of unlawful activities should principle states,
be reported to “Internal auditors shall not participate in any activity or relationship
the appropriate personnel within the organization. that may
Answer (D) is correct. The internal auditor should inform the impair or be presumed to impair their unbiased assessment. This
appropriate authorities participation
in the organization if the indicators of the commission of a fraud are includes those activities or relationships that may be in conflict with
sufficient to the interests
recommend an investigation. Hence, the internal auditor has a duty of the organization.” In these circumstances, the internal auditor
to act even though lacks the
the available facts do not prove that an irregularity has occurred. appearance of objectivity because the outcome of the engagement
Moreover, Rule of could directly
Conduct 2.3 states, “Internal auditors shall disclose all material facts affect the acquisition decision and the price of the stock. The use of
known to them the
that, if not disclosed, may distort the reporting of activities under information also would be a violation of the Code and possibly of
review.” insider trading
[60] Gleim #: 1.5.60 rules as well. Rule of Conduct 3.2 under the confidentiality principle
An internal auditor has been assigned to an engagement to evaluate states,
a possible “Internal auditors shall not use information for any personal gain or in
acquisition. Coincidentally, a significant portion of this internal any manner
auditor’s personal that would be contrary to the law or detrimental to the legitimate and
investment portfolio is composed of the target organization’s stock. ethical
What is the objectives of the organization.”
internal auditor’s preferable course of action in this situation based Answer (B) is incorrect. The appearance as well as the reality of
on The IIA’s Code loss of
of Ethics? independence must be considered.
Acquaint the chief audit executive with the situation and ask to be Answer (C) is incorrect. The internal auditor might be deemed to
assigned to have a personal
another audit. stake in the results of the engagement.
Answer (D) is incorrect. The investment is significant to the internal contrary to the Standards.
auditor. Answer (C) is incorrect. The employee’s patenting of new
Gleim CIA Test Prep: Part 1 - Internal Audit Basics developments violates
(720 questions) the general policy that all important new discoveries are the property
Copyright 2013 Gleim Publications Inc. Page 30 of the
Printed for Sanja Knezevic organization. Furthermore, if the practice is an alternative way to
fb.com/ciaaofficial provide benefits
[61] Gleim #: 1.5.61 to an employee, it may violate employee compensation rules. It may
During the course of an engagement, an internal auditor discovered also need to
that a research and be reported to various taxing authorities.
development employee has been patenting new developments that Answer (D) is correct. Under the Standards, internal auditors should
are unrelated to the communicate engagement results. Rule of Conduct 4.2 states,
basic business of the organization. The organization does not have a “Internal auditors
specific policy shall perform internal auditing services in accordance with the
addressing patents on developments that are not related to its basic International
business, but it has Standards for the Professional Practice of Internal Auditing.” Rule of
a general policy that all important new discoveries by employees are Conduct
the property of 2.3 under the objectivity principle states, “Internal auditors shall
the organization. The employee is considered one of the most disclose all
prestigious in the field. material facts known to them that, if not disclosed, may distort the
The employee’s actions have been condoned by local management reporting of
as an extra activities under review.” Hence, the failure to report violates The IIA’s
incentive to keep the employee at the lab. A decision not to report Code of
the employee’s Ethics and the Standards.
action is [62] Gleim #: 1.5.62
A violation of The IIA’s A. Code of Ethics. Which of the following actions could be construed as a violation of
B. A violation of the reporting requirements in the Standards. The IIA’s Code of
Justified because divisional management is aware of the practice, Ethics?
and it is not in Failing to report to management information that would be material to
violation of organizational policies. management’s judgment.
C. A.
Both a violation of The IIA’s Code of Ethics AND a violation of the B. Expressing an opinion on internal financial statements.
reporting Turning a case over to the security department when an internal
requirements in the Standards. auditor suspects
D. fraud but has no proof.
Answer (A) is incorrect. Failing to report the violation of C.
organizational policy is Including an internal control problem in a final engagement
contrary to The IIA’s Code of Ethics. communication when
Answer (B) is incorrect. Failing to report the violation of it has been corrected prior to completion of the engagement.
organizational policy is D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics disclosed, may distort the reporting of activities under review.”
(720 questions) Moreover, Rule
Copyright 2013 Gleim Publications Inc. Page 31 of Conduct 1.3 under the integrity principle states, “Internal auditors
Printed for Sanja Knezevic shall not
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity knowingly be a party to any illegal activity, or engage in acts that are
principle states, discreditable
“Internal auditors shall disclose all material facts known to them that, to the profession of internal auditing or to the organization.”
if not disclosed, Answer (B) is incorrect. Internal auditors must report material facts
may distort the reporting of activities under review.” that, if not
Answer (B) is incorrect. Expressing an opinion on internal financial disclosed, could distort the reporting of activities. They also may not
statements is knowingly
acceptable since it is for internal use only. be a party to an illegal activity.
Answer (C) is incorrect. Turning a case over to the security Answer (C) is incorrect. Internal auditors may not knowingly be a
department is acceptable party to an
as long as the internal auditor is careful not to state any final illegal activity.
conclusions that are not Answer (D) is incorrect. Internal auditors ordinarily are not required
supported by factual information. to disclose
Answer (D) is incorrect. Such reporting is routine. voluntarily any illegal or improper acts to outside individuals or
[63] Gleim #: 1.5.63 organizations.
During an engagement, an internal auditor learned that certain They should try to work within their organizations. However, under
individuals in the Rule of
organization were involved in industrial espionage for the benefit of Conduct 1.2, they should make any disclosures expected by the law
the organization. or by the
According to The IIA’s Code of Ethics, what is the internal auditor’s profession.
proper course of [64] Gleim #: 1.5.64
action? Which of the following activities of an internal auditor is most likely to
Report the facts to the appropriate individuals within A. the be acceptable
organization. under The IIA’s Code of Ethics?
B. No action is required because this condition is not detrimental to Late arrivals and early departures from work because this practice is
the organization. common in
Note the condition in the working papers but refrain from reporting it the organization.
because it A.
benefits the organization. Frequent luncheons and other socializing with major suppliers of the
C. organization
D. Report the condition to the appropriate governmental regulatory without the consent of senior management.
agency. B.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity C. Conducting an unrelated business outside of office hours.
principle states, D. Acceptance of a material gift from a supplier.
“Internal auditors shall disclose all material facts known to them that, Gleim CIA Test Prep: Part 1 - Internal Audit Basics
if not (720 questions)
Copyright 2013 Gleim Publications Inc. Page 32 removed by internal audit management.
Printed for Sanja Knezevic B.
fb.com/ciaaofficial To keep the engagement effort within the budgeted time, the internal
Answer (A) is incorrect. Internal auditors should exercise diligence auditor was
in performing directed to and did curtail testing in an area that looked suspicious
their duties. and later was
Answer (B) is incorrect. Rule of Conduct 2.1 under the objectivity proved to contain massive irregularities.
principle states, C.
“Internal auditors shall not participate in any activity or relationship A control system that had been recommended by the internal audit
that may impair or staff during the
be presumed to impair their unbiased assessment. This participation previous engagement was found to be defective. The internal auditor
includes those reported the
activities or relationships that may be in conflict with the interests of defective function as an engagement client failure.
the organization.” D.
Answer (C) is correct. Nothing in The IIA’s Code of Ethics prohibits Answer (A) is incorrect. Immaterial facts need not be included.
operating an Answer (B) is incorrect. The ethical transgression, if any, was not
unrelated business outside of regular office hours. The activity does made by the
not, in itself, internal auditor but by internal audit management.
constitute a conflict of interest, a use of information for personal gain, Answer (C) is incorrect. The ethical transgression, if any, was not
or an made by the
impairment of the internal auditor’s unbiased assessment. internal auditor but by internal audit management.
Answer (D) is incorrect. Rule of Conduct 2.2 under the objectivity Answer (D) is correct. Reporting the defective function as an
principle states, engagement client
“Internal auditors shall not accept anything that may impair or be failure is a violation of the internal auditor’s ethical obligation to
presumed to impair disclose all
their professional judgment.” material facts known to him/her that, if not disclosed, may distort the
[65] Gleim #: 1.5.65 reporting of
Which of the following items is a violation by an internal auditor of activities under review (Rule of Conduct 2.3).
The IIA’s Code of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Ethics? (720 questions)
Certain facts recorded in the internal auditor’s working papers that Copyright 2013 Gleim Publications Inc. Page 33
helped to Printed for Sanja Knezevic
support the basic allegations made by the internal auditor regarding [66] Gleim #: 1.5.66
a case of fraud Which of the following actions by an internal auditor would violate
were not included in the final engagement communication. The IIA’s Code of
A. Ethics?
Information in the internal auditor’s working papers that proved a Attendance at an educational program offered by an engagement
criminal act was client to all
included in the internal auditor’s draft communication. The comments employees.
were later A.
Acceptance of airline tickets from an B. engagement client. been reviewed and for which there are no plans for a future
Disclosure, in an engagement communication, of all material facts engagement. The
relevant to the tickets are usually made available to employees of that department.
area reviewed. C.
C. D. A bottle of whiskey from the organization’s treasurer.
Disposal of a small ownership interest in the organization prior to Answer (A) is correct. Rule of Conduct 2.2 under the objectivity
learning of a principle states,
business downturn. “Internal auditors shall not accept anything that may impair or be
D. presumed to
Answer (A) is incorrect. Continuing education is consistent with the impair their professional judgment.” A small promotional item, such
duty to as a pen of
continually improve proficiency and the effectiveness and quality of minimal value, is unlikely to affect an auditor’s judgment.
services Answer (B) is incorrect. A gift from an employee whose department
(Rule of Conduct 4.3). may be
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity reviewed most likely violates Rule of Conduct 2.2.
principle states, Answer (C) is incorrect. A gift from an employee whose department
“Internal auditors shall not accept anything that may impair or be may be
presumed to reviewed most likely violates Rule of Conduct 2.2.
impair their professional judgment.” Answer (D) is incorrect. A gift from an employee whose department
Answer (C) is incorrect. Rule of Conduct 2.3 requires full disclosure may be
of material reviewed most likely violates Rule of Conduct 2.2.
facts when reporting on activities. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. A stock transaction not based on insider (720 questions)
information is Copyright 2013 Gleim Publications Inc. Page 34
not an impropriety. Printed for Sanja Knezevic
An internal auditor may receive which of the following without [68] Gleim #: 1.5.68
violating The IIA’s In their reporting, internal auditors are required by The IIA’s Code of
Code of Ethics? Ethics to
A pen received from the sales manager of a subsidiary with the Present sufficient factual information without revealing confidential
imprinted name of matters that
the organization’s product and a phone number. could be detrimental to the organization.
A. A.
A dinner and baseball tickets from the manager of a department Disclose all material information obtained by the auditor as of the
being reviewed. date of the final
The tickets are usually made available to employees of that engagement communication.
department. B.
B. Obtain factual information within the established time and C. budget
A dinner and baseball tickets from the manager of a department that parameters.
has never
Disclose material facts known to the internal auditor that could distort “Internal auditors shall not accept anything that may impair or be
the final presumed to
engagement communication if not revealed. impair their professional judgment.”
D. Answer (D) is incorrect. The IIA’s Code of Ethics does not
Answer (A) is incorrect. The Code requires only that internal specifically mention
auditors be prudent use of the CIA designation. Acts discreditable to the profession or the
in the use and protection of information. organization are prohibited, but use of the CIA designation outside
Answer (B) is incorrect. The Code does not address disclosure this the
specifically. employment context is not per se discreditable.
Answer (C) is incorrect. Time and budget parameters are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
addressed in the (720 questions)
Code. Copyright 2013 Gleim Publications Inc. Page 35
Answer (D) is correct. Rule of Conduct 2.3 under the objectivity Printed for Sanja Knezevic
principle states, [70] Gleim #: 1.5.70
“Internal auditors shall disclose all material facts known to them that, In their communication of results, internal auditors are required by
if not The IIA’s Code of
disclosed, may distort the reporting of activities under review.” Ethics to
[69] Gleim #: 1.5.69 Obtain factual information within the established time and A. budget
Which of the following actions by an internal auditor is most likely a parameters.
violation of The B. Reveal material facts that could distort communications if not
IIA’s Code of Ethics? revealed.
A. Accepting payment for teaching auditing at a local university. Present sufficient factual information without revealing confidential
B. Having a material ownership interest in a competitor. information
C. Accepting a moderate gift from a customer of his/her organization. that could be detrimental to the organization.
Allowing use of the Certified Internal Auditor designation in a context C.
not Disclose all material information obtained as of the date of the final
involving his/her employment. engagement
D. communication.
Answer (A) is incorrect. Teaching is compatible with internal D.
auditing. Answer (A) is incorrect. Obtaining information pertains to performing
Answer (B) is incorrect. Having a material ownership interest in a the
competitor is engagement, not communicating results.
more likely to cause a conflict for a director or officer than an internal Answer (B) is correct. Internal auditors should disclose all material
auditor. An facts known
internal auditor would seldom be able during the course of his/her to them that, if not disclosed, may distort the reporting of activities
employment to under review
take action that would enhance the value of the ownership interest. (Rule of Conduct 2.3).
Answer (C) is correct. Rule of Conduct 2.2 under the objectivity Answer (C) is incorrect. The Code of Ethics does not prohibit
principle states, communicating
confidential information to appropriate parties within the organization, disclosed, may distort the reporting of activities under review.”
e.g., senior Moreover, Rule of
management and the board. Conduct 1.3 under the integrity principle states, “Internal auditors
Answer (D) is incorrect. Disclosures by the internal auditors are not shall not
limited to knowingly be a party to any illegal activity, or engage in acts that are
information obtained as of the date of the final engagement discreditable
communication. to the profession of internal auditing or to the organization.”
[71] Gleim #: 1.5.71 Answer (C) is incorrect. Rule of Conduct 4.3 under the competency
Which of the following situations is a violation of The IIA’s Code of principle
Ethics? states, “Internal auditors shall continually improve their proficiency
An internal auditor, with the knowledge and consent of management, and the
accepted a effectiveness and quality of their services.”
token gift from a customer of the organization that was not presumed Answer (D) is incorrect. Although an internal auditor is prohibited
to impair from using
and did not impair judgment. confidential information for personal gain, and an investment in the
A. organization’s
Knowing that management was aware of the situation, an internal stock would be questionable, an investment in a mutual fund is
auditor acceptable.
purposely left a description of an unlawful practice out of the final Gleim CIA Test Prep: Part 1 - Internal Audit Basics
engagement (720 questions)
communication. Copyright 2013 Gleim Publications Inc. Page 36
B. Printed for Sanja Knezevic
An internal auditor shared techniques with internal auditors from fb.com/ciaaofficial
another [72] Gleim #: 1.5.72
organization. The chief audit executive (CAE) of a mid-sized internal audit activity
C. was concerned
Based upon knowledge of the probable success of the employer’s that management might outsource the internal auditing function.
business, an Thus, the CAE
internal auditor invested in a mutual fund that specialized in the same adopted a very aggressive program to promote the internal audit
industry. activity within the
D. organization. The CAE planned to present the results to senior
Answer (A) is incorrect. Acceptance of anything from a customer is management and the
prohibited board and recommend modification of the internal audit activity’s
but only if it would impair or be presumed to impair professional charter after using
judgment. the new program. The following lists six actions the CAE took to
Answer (B) is correct. Rule of Conduct 2.3 under the objectivity promote a positive
principle states, image within the organization:
“Internal auditors shall disclose all material facts known to them that, Engagement assignments concentrated on efficiency. The
if not engagements focused
solely on cost savings, and each engagement communication negotiation took place until acceptable criteria could be agreed upon.
highlighted potential The
costs to be saved. Negative observations were omitted. The focus on engagement communication commented on the engagement client’s
efficiency operations in
was new, but the engagement clients seemed very happy. conjunction with the agreed-upon criteria.
1. 6.
Drafts of all engagement communications were carefully reviewed Which of the following elements of Action 1 taken by the CAE would
with the be considered
engagement clients to get their input. Their comments were carefully inappropriate?
considered The type of engagements was changed before modifying the internal
when developing the final engagement communication. audit
2. activity’s charter and going to the audit committee.
The information technology internal auditor participated as part of a I.
development Negative observations were omitted from the engagement II.
team to review the control procedures to be incorporated into a major communications.
computer Cost savings and recommendations were highlighted in the
application under development. engagement
3. communication.
Given limited resources, the engagement manager performed a risk III.
assessment to A. I and II.
establish engagement work schedule priorities. This was a marked B. I and III.
departure from C. I only.
the previous approach of ensuring that all operations are evaluated D. II and III.
on at least a 3- Gleim CIA Test Prep: Part 1 - Internal Audit Basics
year interval. (720 questions)
4. Copyright 2013 Gleim Publications Inc. Page 37
To save time, the CAE no longer required that a standard internal Printed for Sanja Knezevic
control Answer (A) is correct. The CAE dramatically changed internal
questionnaire be completed for each engagement. audit’s scope of work
5. without consulting with the board. A second violation is the omission
When the internal auditors found that the engagement client had not of negative
developed observations. Under The IIA’s Code of Ethics, the auditors must
specific criteria or data to evaluate operations, the internal auditors disclose all material
were facts known to them that, if not disclosed, may distort the reporting of
instructed to perform research, develop specific criteria, review the activities under
criteria with review (Rule of Conduct 2.3).
the engagement client, and, if acceptable, use them to evaluate the Answer (B) is incorrect. Highlighting potential cost savings is
engagement appropriate for an
client’s operations. If the engagement client disagreed with the engagement communication, and material negative observations
criteria, a must not be omitted.
Answer (C) is incorrect. Omitting negative observations is also a requires internal auditors to disclose all material facts known to them
violation. that, if not
Answer (D) is incorrect. The CAE dramatically changed internal disclosed, might distort the reporting of activities under review.
audit’s scope of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
work without consulting with the board. Moreover, highlighting (720 questions)
potential cost savings Copyright 2013 Gleim Publications Inc. Page 38
is appropriate for an engagement communication. Printed for Sanja Knezevic
Which of the following is permissible under The IIA’s Code of Ethics? [74] Gleim #: 1.6.74
Disclosing confidential, engagement-related information that is Which situation most likely violates The IIA’s Code of Ethics and the
potentially Standards?
damaging to the organization in response to a court order. The chief audit executive (CAE) disagrees with the engagement
A. client about the
Using engagement-related information in a decision to buy an observations and recommendations in a sensitive area. The CAE
ownership interest discusses the
in the employer organization. detail of the observations and the proposed recommendations with a
B. fellow CAE
Accepting an unexpected gift from an employee whom the internal from another organization.
auditor has A.
praised in a recent engagement communication. An organization’s charter for the internal audit activity requires the
C. chief audit
Not reporting significant observations and recommendations about executive (CAE) to present the yearly engagement work schedule to
illegal activity the board for
to the board because management has indicated it will address the its approval and suggestions.
issue. B.
D. The engagement manager has removed the most significant
Answer (A) is correct. The principle of confidentiality permits the observations and
disclosure of recommendations from the final engagement communication. The in-
confidential information if there is a legal or professional obligation to charge
do so. internal auditor opposed the removal, explaining that (s)he knows the
Answer (B) is incorrect. Rule of Conduct 3.2 prohibits internal reported
auditors from conditions exist. The in-charge internal auditor agrees that,
using information for personal gain. technically,
Answer (C) is incorrect. Rule of Conduct 2.2 prohibits internal information is not sufficient to support the observations, but
auditors from management cannot
accepting anything that may impair, or be presumed to impair, their explain the conditions, and the observations are the only reasonable
professional conclusions.
judgment. C.
Answer (D) is incorrect. Rule of Conduct 2.3 under the objectivity Because the internal audit activity lacks skill and knowledge in a
principle specialty area,
the chief audit executive (CAE) has hired an expert. The occurred.
engagement manager has C.
been asked to review the expert’s approach to the assignment. The CAE refuses to provide information about organizational
Although operations to his
knowledgeable about the area under review, the manager is hesitant father, who is a part owner.
to accept the D.
assignment because of lack of expertise. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
D. (720 questions)
Answer (A) is correct. Rule of Conduct 3.1 under the confidentiality Copyright 2013 Gleim Publications Inc. Page 39
principle Printed for Sanja Knezevic
states, “Internal auditors shall be prudent in the use and protection of Answer (A) is incorrect. According to Rule of Conduct 1.1, “Internal
information auditors shall
acquired in the course of their duties.” Discussion of sensitive perform their work with honesty, diligence, and responsibility.”
matters with an Answer (B) is incorrect. According to Rule of Conduct 4.3, “Internal
unauthorized party is the situation most likely to be considered a auditors shall
Code violation. continually improve their proficiency and the effectiveness and
Answer (B) is incorrect. Approval of the engagement work schedule quality of their
by the board services.”
and senior management is required. Answer (C) is incorrect. According to Rule of Conduct 4.2, “Internal
Answer (C) is incorrect. Information must be sufficient to achieve auditors shall
engagement perform internal audit services in accordance with the International
objectives. Standards for the
Answer (D) is incorrect. The Standards allow use of experts when Professional Practice of Internal Auditing (Standards).” The
needed. Standards require
[75] Gleim #: 1.6.75 supporting information to be sufficient, reliable, relevant, and useful.
Which of the following actions taken by a chief audit executive (CAE) Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality
could be principle states,
considered professionally ethical under The IIA’s Code of Ethics? “Internal auditors shall be prudent in the use and protection of
The CAE decides to delay an engagement at a branch so that his information acquired in
nephew, the the course of their duties.” Additionally, Rule of Conduct 3.2 states,
branch manager, will have time to “clean things up.” “Internal auditors
A. shall not use information for any personal gain or in any manner that
To save organizational resources, the CAE cancels all staff training would be contrary
for the next 2 to the law or detrimental to the legitimate and ethical objectives of the
years on the basis that all staff are too new to benefit from training. organization.”
B. Thus, such use of information by the CAE might be illegal under
To save organizational resources, the CAE limits procedures at insider trading rules.
foreign branches [76] Gleim #: 1.6.76
to confirmations from branch managers that no major personnel A chief audit executive (CAE) learned that a staff internal auditor
changes have provided
confidential information to a relative. Both the CAE and staff internal Printed for Sanja Knezevic
auditor are fb.com/ciaaofficial
CIAs. Although the internal auditor did not benefit from the [77] Gleim #: 1.6.77
transaction, the relative Which of the following situations is a violation of The IIA’s Code of
used the information to make a significant profit. The most Ethics?
appropriate way for the An internal auditor was ordered to testify in a court case in which a
CAE to deal with this problem is to merger partner
Verbally reprimand the A. internal auditor. claimed to have been defrauded by the internal auditor’s
B. Summarily discharge the internal auditor and notify The IIA. organization. The
C. Take no action because the internal auditor did not benefit from internal auditor divulged confidential information to the court.
the transaction. A.
Inform The IIA’s Board of Directors and take the personnel action An internal auditor for a manufacturer of office products recently
required by completed an
organizational policy. engagement to evaluate the marketing function. Based on this
D. experience, the
Answer (A) is incorrect. The internal auditor has violated Rule of internal auditor spent several hours one Saturday working as a paid
Conduct 3.2 consultant to a
regarding use of information. The IIA should be notified. hospital in the local area that intended to conduct an engagement to
Answer (B) is incorrect. Summary discharge may not be in evaluate its
accordance with marketing function.
company personnel policies. B.
Answer (C) is incorrect. The auditor improperly used information An internal auditor gave a speech at a local IIA chapter meeting
and violated outlining the
The IIA’s Code of Ethics. Some action is warranted. contents of a program the internal auditor had developed for
Answer (D) is correct. The staff internal auditor has violated Rule of engagements relating
Conduct 3.2 to electronic data interchange (EDI) connections. Several internal
regarding use of information. A violation of The IIA’s Code of Ethics is auditors from
the basis major competitors were in the audience.
for a complaint to the International Ethics Committee, which is C.
responsible for During an engagement, an internal auditor learned that the
receiving, interpreting, and investigating all complaints against organization was about
members or CIAs to introduce a new product that would revolutionize the industry.
on behalf of the Board of Directors of The IIA and making Because of the
recommendations to probable success of the new product, the product manager
the Board on actions to be taken (Administrative Directive 5). In suggested that the
addition, internal auditor buy an additional interest in the organization, which
organizational policy must be followed. the internal
Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditor did.
(720 questions) D.
Answer (A) is incorrect. The principle of confidentiality permits the Answer (A) is incorrect. Disclosure of information technology
disclosure of controls is not
confidential information if there is a legal or professional obligation to detrimental to the objectives of the organization. They are not likely
do so. to be trade secrets.
Answer (B) is incorrect. The hospital is not a competitor or supplier Answer (B) is correct. Rule of Conduct 3.2 under the confidentiality
of the principle states,
internal auditor’s employer. Hence, no conflict of interest is involved. “Internal auditors shall not use information for any personal gain or in
Answer (C) is incorrect. Giving a speech is not a violation of The any manner that
IIA’s Code of would be contrary to the law or detrimental to the legitimate and
Ethics. In fact, The IIA’s motto is “progress through sharing.” ethical objectives of
Answer (D) is correct. Rule of Conduct 3.2 under the confidentiality the organization.”
principle Answer (C) is incorrect. If senior management permits the omission,
states, “Internal auditors shall not use information for any personal the internal
gain or in any auditor is not guilty of failing to disclose material facts.
manner that would be contrary to the law or detrimental to the Answer (D) is incorrect. An investigation of expense accounts is
legitimate and within the internal
ethical objectives of the organization.” auditor’s normal responsibilities, but further investigation of fraud
[78] Gleim #: 1.6.78 should ordinarily be
Which of the following most likely constitutes a violation of The IIA’s made by investigative specialists.
Code of Ethics [79] Gleim #: 1.6.79
by an internal auditor? An internal auditor is performing services in a division in which the
Discussing at a trade convention the organization’s controls over its chief financial
computer officer is a close personal friend, and the internal auditor learns that
networks. the friend is to be
A. replaced after a series of critical labor negotiations. The internal
Purchasing stock in a target entity after overhearing an executive’s auditor relays this
discussion of a information to the friend. Has a violation of The IIA’s Code of Ethics
possible acquisition. occurred?
B. No. The use of the confidential information resulted in no personal
Deleting sensitive information from a final engagement gain to the
communication at the internal auditor.
request of senior management. A.
C. No. The internal auditor was just being honest with B. his/her friend.
Investigating executive expense reports based completely on D. C. Yes. The internal auditor had a conflict of interest with the
rumors of padding. organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Yes. The internal auditor was not prudent in the use of information
(720 questions) acquired in the
Copyright 2013 Gleim Publications Inc. Page 41 course of his/her duties.
Printed for Sanja Knezevic D.
Answer (A) is incorrect. The Rules of Conduct specifically prohibit During the course of an engagement, an internal auditor discovers
using that a clerk is
information in a manner that would be detrimental to the legitimate embezzling funds from the organization. Although this is the first
and ethical embezzlement ever
objectives of the organization. encountered and the organization has a security department, the
Answer (B) is incorrect. The Rules of Conduct specifically prohibit internal auditor
using decides to interrogate the suspect. If the internal auditor is violating
information in a manner that would be detrimental to the legitimate The IIA’s Code of
and ethical Ethics, the rule violated is most likely
objectives of the organization. Failing to exercise A. due diligence.
Answer (C) is incorrect. The facts do not suggest that a conflict of B. Lack of loyalty to the organization.
interest C. Lack of competence in this area.
existed. However, such a conflict would be present, for example, if D. Failing to comply with the law.
the internal Answer (A) is incorrect. The requirement to perform work with
auditor used confidential information to seize a business opportunity diligence does
that not override the competency Rules of Conduct or the need to use
rightfully belonged to the organization. good judgment.
Answer (D) is correct. These facts constitute a violation of The IIA’s Answer (B) is incorrect. Loyalty is better exhibited by consulting with
Code of professionals and knowing the limits of competence.
Ethics. Rule of Conduct 3.1 under the confidentiality principle states, Answer (C) is correct. Rule of Conduct 4.1 under the competency
“Internal principle
auditors shall be prudent in the use and protection of information states, “Internal auditors shall engage only in those services for
acquired in the which they have
course of their duties.” Further, Rule of Conduct 3.2 states, “Internal the necessary knowledge, skills, and experience.” Internal auditors
auditors may not have,
shall not use information for any personal gain or in any manner that and are not expected to have, knowledge equivalent to that of a
would be person whose
contrary to the law or detrimental to the legitimate and ethical primary responsibility is to detect and investigate fraud (Impl. Std.
objectives of the 1210.A2).
organization.” In this case, the decision whether to notify the financial Answer (D) is incorrect. The internal auditor may violate the
officer of suspect’s civil rights
his/her replacement was properly the organization’s. Accordingly, the as a result of inexperience.
internal [81] Gleim #: 1.7.81
auditor was bound not to tell his/her friend. Internal auditors who fail to maintain their proficiency through
Gleim CIA Test Prep: Part 1 - Internal Audit Basics continuing education
(720 questions) could be found to be in violation of
Copyright 2013 Gleim Publications Inc. Page 42 A. The International Standards for the Professional Practice of
Printed for Sanja Knezevic Internal Auditing.
fb.com/ciaaofficial B. The IIA’s Code of Ethics.
[80] Gleim #: 1.7.80
Both the International Standards for the Professional Practice of chief audit executive (CAE). The new CAE is not a member of The
Internal IIA and is not a
Auditing and The IIA’s Code of Ethics. CIA. Henceforth, the internal audit activity will be run strictly by the
C. CAE’s standards,
D. None of the answers are correct. not The IIA’s. All four staff internal auditors are members of The IIA,
Answer (A) is incorrect. The IIA’s Code of Ethics also is violated. but they are not
Rule of CIAs. According to The IIA’s Code of Ethics, what is the best course
Conduct 4.3 under the competency principle states, “Internal auditors of action for the
shall staff internal auditors?
continually improve their proficiency and the effectiveness and The Code does not apply because A. they are not CIAs.
quality of their They should comply with the International Standards for the
services.” Professional
Answer (B) is incorrect. The Standards also are violated because Practice of Internal Auditing.
they require B.
auditors to enhance their knowledge, skills, and other competencies They must respect the legitimate and ethical objectives of the
through organization and
continuing professional development. ignore the Standards.
Answer (C) is correct. Rule of Conduct 4.3 under the competency C.
principle D. They must resign their jobs to avoid improper activities.
states, “Internal auditors shall continually improve their proficiency Answer (A) is incorrect. The IIA’s Code of Ethics may be enforced
and the against IIA
effectiveness and quality of their services.” Furthermore, Attr. Std. members and recipients of, or candidates for, IIA professional
1230 states, certifications.
“Internal auditors must enhance their knowledge, skills, and other Answer (B) is correct. Rule of Conduct 4.2 under the competency
competencies principle
through continuing professional development.” Hence, both The IIA’s states, “Internal auditors shall perform internal audit services in
Code of accordance with
Ethics and the Standards are violated by failing to earn continuing the International Standards for the Professional Practice of Internal
education Auditing.”
credits. Because the internal auditors are members of The Institute, The IIA’s
Answer (D) is incorrect. Both the Code and the Standards would be Code of
violated. Ethics is enforceable against them even though they are not CIAs.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Internal auditors should respect and
(720 questions) contribute to the
Copyright 2013 Gleim Publications Inc. Page 43 legitimate and ethical objectives of the organization, but an IIA
Printed for Sanja Knezevic member, a holder
[82] Gleim #: 1.7.82 of an IIA professional certification, or a candidate for certification may
An organization has recently placed a former operating manager in be liable
the position of for disciplinary action for failure to adhere to the Standards.
Answer (D) is incorrect. The IIA’s Code of Ethics says nothing about Answer (B) is correct. Rule of Conduct 4.2 under the competency
resignation principle requires
to avoid improper activities. internal auditing services to be performed in accordance with the
[83] Gleim #: 1.7.83 Standards.
A new staff internal auditor was told to perform an engagement in an Attr. Std. 1200 requires engagements to be performed with
area with which proficiency and due
the internal auditor was not familiar. Because of time constraints, no professional care. They also should be properly supervised to ensure
supervision was that objectives are
provided. The assignment represented a good learning experience, achieved, quality is assured, and staff is developed (Perf. Std. 2340).
but the area was Answer (C) is incorrect. The Code requires compliance with the
clearly beyond the internal auditor’s competence. Nonetheless, the Standards, and the
internal auditor Standards require proper supervision.
prepared comprehensive working papers and communicated the Answer (D) is incorrect. The Standards and the Code were not
results to followed.
management. In this situation, [84] Gleim #: 1.7.84
The internal audit activity violated the Standards by hiring an internal Which of the following most likely constitutes a violation of The IIA’s
auditor Code of
without proficiency in the area. Ethics?
A. Auditor A has accepted an assignment to perform an engagement at
The internal audit activity violated the Standards by not providing the
adequate electronics manufacturing division. Auditor A has recently joined the
supervision. internal
B. audit activity. But Auditor A was senior auditor for the external audit of
The chief audit executive has not violated The IIA’s Code of Ethics that
because it division and has audited many electronics organizations during the
does not address supervision. past 2 years.
C. A.
The Standards and The IIA’s Code of Ethics were followed by the Auditor B has been assigned to perform an engagement at the
internal audit warehousing
activity. function 6 months from now. Auditor B has no expertise in that area
D. but accepted
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the assignment anyway. Auditor B has signed up for continuing
(720 questions) professional
Copyright 2013 Gleim Publications Inc. Page 44 education courses in warehousing that will be completed before the
Printed for Sanja Knezevic assignment
fb.com/ciaaofficial begins.
Answer (A) is incorrect. All internal auditors need not be proficient in B.
all areas. The Auditor C is content as an internal auditor and has come to look at it
internal audit activity as a whole should have an appropriate mix of as a regular
skills.
9-to-5 job. Auditor C has not engaged in continuing professional [85] Gleim #: 1.7.85
education or Under The IIA’s Code of Ethics, an entity that provides internal
other activities to improve effectiveness during the last 3 years. auditing services is
However, Auditor specifically required to
C feels performance of quality work is the same as before. Maintain certain predetermined staffing requirements A. for
C. engagements.
Auditor D discovered an internal financial fraud during the year. The Comply with the International Standards for the Professional Practice
books were of Internal
adjusted to properly reflect the loss associated with the fraud. Auditor Auditing.
D discussed B.
the fraud with the external auditor when the external auditor reviewed C. Comply with organizational policy.
working D. Participate in a formal continuing education program.
papers detailing the incident. Answer (A) is incorrect. Staffing requirements must be determined
D. based on the
Answer (A) is incorrect. No professional conflict of interest exists per circumstances of each engagement.
se, Answer (B) is correct. The IIA’s Code of Ethics applies not only to
especially given that the internal auditor was previously in public individuals
accounting. but also to entities that provide internal auditing services. Rule of
However, the internal auditor should be aware of potential conflicts. Conduct 4.2
Answer (B) is incorrect. An internal auditor must possess the under the competency principle states, “Internal auditors shall
necessary perform internal
knowledge, skills, and competencies at the time an engagement is audit services in accordance with the International Standards for the
conducted, not Professional
the time it is accepted. Practice of Internal Auditing.”
Answer (C) is correct. Rule of Conduct 4.3 under the competency Answer (C) is incorrect. The Code requires internal auditors to
principle respect and
states, “Internal auditors shall continually improve their proficiency contribute to the legitimate and ethical objectives of the organization
and the and not
effectiveness and quality of their services.” engage in acts discreditable to the organization. However, the Code
Answer (D) is incorrect. The information was disclosed as part of does not
the normal specifically mention compliance with organizational policy.
process of cooperation between the internal and external auditor. Answer (D) is incorrect. The Code requires compliance with the
Because the Standards, and
books were adjusted, the external auditor was expected to inquire as the Standards require internal auditors to enhance their knowledge,
to the nature skills, and
of the adjustment. other competencies through continuing professional development,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics but neither the
(720 questions) Code nor the Standards require formal continuing education.
The IIA’s Code of Ethics incorporates by reference which of the [87] Gleim #: 1.7.87
following rules? Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require
A. Duty to disclose all material facts when reporting on activities. that due
B. Performance with proficiency and due professional care. professional care be used in obtaining information to support an
C. Prudent and lawful use of information. engagement opinion?
D. No acceptance of anything that may impair professional judgment. Sufficient, reliable, relevant, and useful information lends credibility to
Answer (A) is incorrect. Rule of Conduct 2.3 states, “Internal the
auditors shall opinion.
disclose all material facts known to them that, if not disclosed, may A.
distort the To preclude any conflict B. of interest.
reporting of activities under review.” C. To require honesty in performing work.
Answer (B) is correct. Rule of Conduct 4.2 under the competency If internal auditors were permitted to communicate engagement
principle results without
states, “Internal auditors shall perform internal audit services in obtaining sufficient information, they would be in a position to accept
accordance with fees or gifts
the International Standards for the Professional Practice of Internal from engagement clients.
Auditing.” D.
Attribute Standard 1200 requires engagements to be performed with Answer (A) is correct. Engagements must be performed with
proficiency proficiency and due
and due professional care. professional care (Attr. Std. 1200), and the engagement results must
Answer (C) is incorrect. Rule of Conduct 3.1 states, “Internal be
auditors shall be communicated (Perf. Std. 2400). Engagement results include
prudent in the use and protection of information acquired in the observations,
course of their conclusions, opinions, recommendations, and action plans (PA 2410-
duties.” Rule of Conduct 3.2 states, “Internal auditors shall not use 1). If internal
information auditors expressed opinions or otherwise communicated
for any personal gain or in any manner that would be contrary to the engagement results
law or without substantive investigation and compliance with the Standards,
detrimental to the legitimate and ethical objectives of the such
organization.” communications would be meaningless. The Standards are therefore
Answer (D) is incorrect. Rule of Conduct 2.2 states, “Internal incorporated
auditors shall not by reference into The IIA’s Code of Ethics by Rule of Conduct 4.2.
accept anything that may impair or be presumed to impair their Thus, internal
professional auditors must identify sufficient, reliable, relevant, and useful
judgment.” information to
Gleim CIA Test Prep: Part 1 - Internal Audit Basics achieve the engagement’s objectives (Perf. Std. 2310).
(720 questions) Answer (B) is incorrect. A separate ethics rule prohibits conflicts of
Copyright 2013 Gleim Publications Inc. Page 46 interest. Rule
Printed for Sanja Knezevic of Conduct 2.1 states, “Internal auditors shall not participate in any
fb.com/ciaaofficial activity or
relationship that may impair or be presumed to impair their unbiased within the organization, including the nature of the chief audit
assessment. executive’s functional
This participation includes those activities or relationships that may reporting relationship with the board; authorizes access to records,
be in conflict personnel, and
with the interests of the organization.” physical properties relevant to the performance of engagements; and
Answer (C) is incorrect. Rule of Conduct 1.1 requires honesty, defines the scope
diligence, and of internal audit activities (Inter. Std. 1000). Thus, the charter
responsibility in the performance of work. prescribes the internal
Answer (D) is incorrect. Rule of Conduct 2.2 prohibits accepting audit activity’s relationships with other units within the organization
anything that and with those
may impair or be presumed to impair the professional judgment of an outside.
internal [89] Gleim #: 1.8.89
auditor. The board of an organization has charged the chief audit executive
[88] Gleim #: 1.8.88 (CAE) with
During an engagement to evaluate the organization’s accounts upgrading the internal audit activity. The CAE’s first task is to develop
payable function, an a charter. What
internal auditor plans to confirm balances with suppliers. What is the item should be included in the statement of objectives?
source of Report all engagement results to the board A. every quarter.
authority for such contacts with units outside the organization? Notify governmental regulatory agencies of unethical business
A. Internal audit activity policies and procedures. practices by
B. The Standards. organization management.
C. The Code of Ethics. B.
D. The internal audit activity’s charter. C. Evaluate the adequacy and effectiveness of the organization’s
Gleim CIA Test Prep: Part 1 - Internal Audit Basics controls.
(720 questions) D. Submit budget variance reports to management every month.
Copyright 2013 Gleim Publications Inc. Page 47 Answer (A) is incorrect. Only significant engagement results are
Printed for Sanja Knezevic discussed with
Answer (A) is incorrect. Policies and procedures guide the internal the board.
auditors in their Answer (B) is incorrect. Internal auditors ordinarily are not required
consistent compliance with the internal audit activity’s standards of to report
performance. deficiencies in regulatory compliance to the appropriate agencies.
Answer (B) is incorrect. The internal audit activity’s authority is However, they
defined in a charter must observe the law and make disclosures expected by the law and
approved by the board. profession
Answer (C) is incorrect. The purpose of the Code of Ethics is to (Rule of Conduct 1.2).
promote an ethical Answer (C) is correct. The charter establishes the internal audit
culture in the profession of internal auditing. activity’s position
Answer (D) is correct. The charter establishes the internal audit within the organization, including the nature of the chief audit
activity’s position executive’s
functional reporting relationship with the board; authorizes access to Answer (B) is incorrect. Disclosure to the board is an obligation, not
records, an element
personnel, and physical properties relevant to the performance of of authority.
engagements; Answer (C) is correct. The charter establishes the internal audit
and defines the scope of internal audit activities (Inter. Std. 1000). activity’s position
Internal within the organization, including the nature of the chief audit
auditing brings a systematic, disciplined approach to evaluating and executive’s
improving functional reporting relationship with the board; authorizes access to
risk management, control, and governance processes (Definition of records,
Internal personnel, and physical properties relevant to the performance of
Auditing). engagements;
Answer (D) is incorrect. Submission of budgetary variance reports is and defines the scope of internal audit activities (Inter. Attr. Std.
not a 1000).
primary objective of internal auditing. It is a budgetary control that Answer (D) is incorrect. Access to the external auditor’s
management engagement records
may require on a periodic basis. cannot be guaranteed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [91] Gleim #: 1.8.91
(720 questions) The authority of the internal audit activity is limited to that granted by
Copyright 2013 Gleim Publications Inc. Page 48 A. The board and the controller.
Printed for Sanja Knezevic B. Senior management and the Standards.
fb.com/ciaaofficial C. Management and the board.
[90] Gleim #: 1.8.90 D. The board and the chief financial officer.
An element of authority that must be included in the charter of the Answer (A) is incorrect. The controller is not the only member of
internal audit management.
activity is Answer (B) is incorrect. The Standards cannot provide actual
Identification of the organizational units where engagements are A. to authority to an
be performed. internal audit activity.
B. Identification of the types of disclosures that should be made to Answer (C) is correct. The purpose, authority, and responsibility of
the board. the internal
Access to records, personnel, and physical properties relevant to the audit activity must be formally defined in a charter. The CAE must
performance periodically
of engagements. review and present the charter to senior management and the board
C. for approval
D. Access to the external auditor’s engagement records. (Attr. Std. 1000).
Answer (A) is incorrect. The audit schedule is based on a risk Answer (D) is incorrect. Management and the board, not a particular
assessment; it is manager,
thus inappropriate to designate specific engagement areas in the give the internal audit activity its authority.
internal audit [92] Gleim #: 1.8.92
charter. A charter is one of the more important factors positively affecting the
internal audit
activity’s independence. Which of the following is least likely to be A.
part of the Because quality assurance is a new function, seek the approval of
charter? management as
A. Access to records within the organization. a mediator to set the scope of the engagement.
B. The scope of internal audit activities. B.
C. The length of tenure of the chief audit executive. Indicate that the engagement will evaluate the function only in
D. Access to personnel within the organization. accordance with
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the standards set by, and approved by, the quality assurance
(720 questions) function before
Copyright 2013 Gleim Publications Inc. Page 49 beginning the engagement.
Printed for Sanja Knezevic C.
Answer (A) is incorrect. The charter establishes the internal audit Terminate the engagement because it will not be productive without
activity’s position the client’s
within the organization and authorizes access to records. cooperation.
Answer (B) is incorrect. The charter establishes the internal audit D.
activity’s position Answer (A) is correct. The written charter, approved by the board,
within the organization and defines the scope of internal audit defines the
activities. scope of internal audit activities (Inter. Std. 1000).
Answer (C) is correct. The length of the CAE’s employment should Answer (B) is incorrect. The engagement client does not determine
not be codified in the scope of
the charter; it is a matter of ongoing judgment for the board. this type of assurance engagement. A scope limitation imposed by
Answer (D) is incorrect. The charter establishes the internal audit the client might
activity’s position prevent the internal audit activity from achieving its objectives.
within the organization and authorizes access to personnel. Answer (C) is incorrect. Other objectives may be established by
[93] Gleim #: 1.8.93 management and
Internal auditing has planned an engagement to evaluate the the internal auditors. The engagement is not limited to the specific
effectiveness of the standards set
quality assurance function as it affects the receipt of goods, the by the quality assurance department. It considers such standards in
transfer of the goods the
into production, and the scrap costs related to defective items. The development of the engagement program.
engagement client Answer (D) is incorrect. The internal auditors must conduct the
argues that such an engagement is not within the scope of the engagement and
internal audit activity communicate any scope limitations to management and the board.
and should come under the purview of the quality assurance Gleim CIA Test Prep: Part 1 - Internal Audit Basics
department only. What is (720 questions)
the most appropriate response? Copyright 2013 Gleim Publications Inc. Page 50
Refer to the internal audit activity’s charter and the approved Printed for Sanja Knezevic
engagement plan fb.com/ciaaofficial
that includes the area designated for evaluation in the current time [94] Gleim #: 1.8.94
period.
The chief audit executive has assigned an internal auditor to perform of irresponsible policy changes by management. The most effective
a year-end way to ensure that
engagement to evaluate payroll records. The internal auditor has freedom is to
contacted the director A. Have the internal audit charter approved by the board.
of compensation and has been refused access to necessary B. Adopt policies for the functioning of the internal audit activity.
documents. To avoid this C. Establish an audit committee within the board.
problem, Develop written policies and procedures to serve as standards of
Access to records relevant to performance of engagements should performance for
be specified in the internal audit activity.
the internal audit activity’s charter. D.
A. Answer (A) is correct. The internal audit charter is a formal
Internal auditing should be required to report to the CEO of B. the document that
organization. defines the internal audit activity’s purpose, authority, and
By following the long-range planning process, access to all relevant responsibility. Final
records approval of the internal audit charter resides with the board (Inter.
should be guaranteed. Attr. Std.
C. 1000).
D. Board approval should be required for all scope limitations. Answer (B) is incorrect. Adoption of policies for the functioning of
Answer (A) is correct. Specific guidelines are written in the internal the internal
audit audit activity does not protect its organizational position.
activity’s charter authorizing access to records, personnel, and Answer (C) is incorrect. The establishment of an audit committee
physical properties alone does not
relevant to the performance of engagements (Inter. Attr. Std. 1000). ensure the status of the internal audit activity.
Such Answer (D) is incorrect. Written policies and procedures serve to
provisions reduce the likelihood of scope limitations. guide the
Answer (B) is incorrect. The internal audit activity need not report to internal auditor but have little effect on management.
a specific Gleim CIA Test Prep: Part 1 - Internal Audit Basics
individual in the organization, although reporting administratively to (720 questions)
the CEO is Copyright 2013 Gleim Publications Inc. Page 51
desirable. Printed for Sanja Knezevic
Answer (C) is incorrect. Following the long-range planning process [96] Gleim #: 1.8.96
provides no Which of the following is not true with regard to the internal audit
guarantee of access. charter?
Answer (D) is incorrect. The internal audit activity must inform the It defines the authorities and responsibilities for the internal A. audit
board of any activity.
scope limitations, but the board’s approval is not required. B. It specifies the minimum resources needed for the internal audit
[95] Gleim #: 1.8.95 activity.
The organizational position of the internal audit activity should be C. It provides a basis for evaluating the internal audit activity.
free from the effects D. It should be approved by the board.
Answer (A) is incorrect. The charter formally defines the purpose, many different titles are used in practice.
authority, and [98] Gleim #: 1.8.98
responsibilities of the internal audit activity. After the chief audit executive receives approval from the board to
Answer (B) is correct. The charter formally defines the purpose, offer consulting
authority, and services, what should be done?
responsibility of the internal audit activity. Resource requirements are A. The CAE should begin performing consulting services.
based on B. The CAE should get approval from the internal auditors.
risk-based plans that are consistent with organizational objectives; C. The internal audit charter should be amended.
they are not an The board should develop appropriate policies and procedures for
appropriate topic to codify in the internal audit charter. conducting
Answer (C) is incorrect. The board can use the written charter as a such engagements.
basis for D.
evaluating the internal audit activity. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Final approval of the internal audit charter (720 questions)
resides with Copyright 2013 Gleim Publications Inc. Page 52
the board. Printed for Sanja Knezevic
The chief audit executive (CAE) is best defined as the Answer (A) is incorrect. After the CAE receives board approval, the
A. Inspector general. internal audit
B. Person responsible for the internal audit function. charter must be amended and the CAE must establish policies and
C. Outside provider of internal audit services. procedures.
Person responsible for overseeing the contract with the outside Answer (B) is incorrect. The CAE does not need to get additional
provider of approval from the
internal audit services. internal auditors. Only board approval is required.
D. Answer (C) is correct. The purpose, authority, and responsibility of
Answer (A) is incorrect. The specific job title of the chief audit the internal audit
executive may activity must be formally defined in an internal audit charter (Attr. Std.
vary across organizations (The IIA Glossary). 1000). The
Answer (B) is correct. The CAE is a person in a senior position nature of consulting services must be defined in the internal audit
responsible for charter (Impl. Std.
effectively managing the internal audit activity in accordance with the 1000.C1).
internal Answer (D) is incorrect. The CAE must establish policies and
audit charter and the Definition of Internal Auditing, the Code of procedures to guide the
Ethics, and the internal audit activity.
Standards (The IIA Glossary). [99] Gleim #: 1.8.99
Answer (C) is incorrect. The internal audit activity may be insourced. Staff members should be afforded an appropriate means through
Answer (D) is incorrect. The term “chief audit executive” is defined which they can
broadly discuss problems and receive updates regarding the internal audit
because (1) the internal audit activity may be insourced or activity’s policies.
outsourced and (2) The most appropriate forum for this objective is
The internal audit activity’s informal communication A. lines. Answer (A) is incorrect. Management of the internal audit activity
B. Internal memoranda. should develop
C. Staff meetings. engagement work schedules.
D. Employee evaluation conferences. Answer (B) is incorrect. Management of the internal audit activity
Answer (A) is incorrect. Informal communication is not the most should revise
appropriate travel, promotion, and compensation policies.
forum. Answer (C) is correct. In The Practice of Modern Internal Auditing,
Answer (B) is incorrect. Memoranda are usually impersonal and do Sawyer states
not afford a that one reason for staff meetings is to explain “routine administrative
good opportunity for maximum exchange of ideas. matters, to teach
Answer (C) is correct. Formal staff meetings provide the best new techniques, and even to let off steam.” For example, staff
opportunity for members should be able
ensuring that issues are addressed timely and efficiently. In The to raise questions about ineffective procedures, promotions, salaries,
Practice of or other
Modern Internal Auditing, Sawyer states that one reason for staff problems.
meetings is to Answer (D) is incorrect. Developing long-range training programs
explain “routine administrative matters, to teach new techniques, and that will meet the
even to let staff’s needs should be done by management of the internal audit
off steam.” For example, staff members should be able to raise activity.
questions about [101] Gleim #: 1.8.101
ineffective procedures, promotions, salaries, or other problems. Any program for selecting and developing the human resources of
Answer (D) is incorrect. The employee evaluation conference is not the internal audit
a timely activity will fail unless compensation is adequate at all levels of
place to discuss problems and receive updates. responsibility.
[100] Gleim #: 1.8.100 Policies concerning compensation should
The chief audit executive meets with the members of the internal Link internal auditors’ compensation to the pay for comparable
audit activity at positions in the
scheduled staff meetings. Which of the following is the most controller’s department.
appropriate function of A.
such a staff meeting? Provide for cost-of-living, longevity, and merit B. increases annually.
A. Developing the engagement work schedule. Be informal and as flexible as possible to allow the chief audit
B. Revising travel, promotion, and compensation policies. executive to
C. Explaining administrative policies and obtaining suggestions from respond to unusual situations.
the staff. C.
D. Developing long-range training programs that will meet the staff’s Be clearly stated and based on evaluations of position requirements
needs. and individual
Gleim CIA Test Prep: Part 1 - Internal Audit Basics performance.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 53 Answer (A) is incorrect. No necessary correlation exists between
Printed for Sanja Knezevic the work of
internal auditors and of the controller’s staff. internal audit activity’s position.
Answer (B) is incorrect. Increases need not necessarily be annual. Answer (C) is incorrect. Lack of support by the CEO weakens the
Answer (C) is incorrect. Formal, well-defined policies are preferable internal audit
to avoid activity’s position.
misunderstandings. Answer (D) is correct. The CEO’s statement suggests that the
Answer (D) is correct. Internal auditing job descriptions are internal audit activity
important because, lacks the support of senior management and the board. Furthermore,
among other things, they may be used to justify adequate salaries. the lack of
As part of an outside audit committee members may contribute to a loss of
overall personnel management and development program, they independence. The
should be used board’s failure to approve the charter may have the same effect. The
together with periodic, formal performance appraisals as a basis for charter enhances
compensation the independence of the internal audit activity. By specifying the
adjustments and promotions. purpose, authority,
[102] Gleim #: 2.1.1 and responsibility of the internal audit activity, it establishes the
Which of the following facts, by themselves, could contribute to a position of internal
lack of audit in the organization, including the nature of the chief audit
independence of the internal audit activity? executive’s functional
The CEO accused the new auditor of not operating “in the best reporting relationship with the board (Inter. Std. 1000).
interests of the [103] Gleim #: 2.1.2
organization.” To avoid being the apparent cause of conflict between an
I. organization’s senior
II. The majority of audit committee members come from within the management and the board, the chief audit executive should
organization. Communicate all engagement results to both senior management A.
III. The internal audit activity’s charter has not been approved by the and the board.
board. Strengthen the independence of the internal audit activity through
A. I only. organizational
B. II only. position.
C. II and III only. B.
D. I, II, and III. C. Discuss all reports to senior management with the board first.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Request board approval of policies that include internal audit activity
(720 questions) relationships
Copyright 2013 Gleim Publications Inc. Page 54 with the board.
fb.com/ciaaofficial Answer (A) is incorrect. Receipt of all engagement results by senior
Answer (A) is incorrect. The other facts listed could also contribute management
to a lack of and the board is unnecessary and inefficient.
independence. Answer (B) is incorrect. Organizational position helps the internal
Answer (B) is incorrect. Lack of support by the CEO and lack of a audit activity
charter weaken the
to achieve independence but is not, by itself, enough to avoid Answer (A) is incorrect. Under this arrangement, the internal audit
conflict. activity will
Answer (C) is incorrect. The board essentially has an oversight not have direct access to the board; the access will be indirect via
rather than an the controller.
operational role. Answer (B) is correct. To achieve the degree of independence
Answer (D) is correct. To achieve the degree of independence necessary to
necessary to effectively carry out the responsibilities of the internal audit activity,
effectively carry out the responsibilities of the internal audit activity, the CAE has
the chief direct and unrestricted access to senior management and the board
audit executive has direct and unrestricted access to senior (Inter. Std. 1100). Also, the CAE must communicate and interact
management and the directly with the
board. This can be achieved through a dual-reporting relationship board (Attr. Std. 1111).
(Inter. Std. 1100). Answer (C) is incorrect. Whether the controller has experience with
Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal
(720 questions) auditors does not affect the internal audit activity’s independence.
Copyright 2013 Gleim Publications Inc. Page 55 Answer (D) is incorrect. Although desirable, the CIA designation is
Printed for Sanja Knezevic not
[104] Gleim #: 2.1.3 mandatory for a person to become an internal auditor. A CIA should
An organization is in the process of establishing its new internal audit insist on
activity. The independence for the internal audit activity.
controller has no previous experience with internal auditors. Due to [105] Gleim #: 2.1.4
this lack of A medium-sized publicly owned organization operating in Country X
experience, the controller advised the applicants that the CAE will be has grown to a
reporting to the size that the governing authority believes warrants the establishment
external auditors. However, the new chief audit executive will have of an internal
free access to the audit activity. Country X has legislated internal audit requirements for
controller to report anything important. The controller will then convey governmentowned
the CAE’s organizations. The organization changed the bylaws to reflect the
concerns to the board of directors. The internal audit activity will establishment
Be independent because the CAE has direct access A. to the board. of the internal audit activity. The governing authority decided that the
B. Not be independent because the CAE reports to the external chief audit
auditors. executive (CAE) must be a certified internal auditor and will report
Not be independent because the controller has no experience with directly to the
internal newly established audit committee. Which of the items discussed
auditors. above will
C. contribute the most to the new CAE’s independence?
Not be independent because the organization did not specify that the A. The establishment of the internal audit activity is documented in
applicants the bylaws.
must be certified internal auditors. B. Country X has legislated internal auditing requirements.
D. C. The CAE will report to the audit committee.
D. The CAE is to be a certified internal auditor. role of ethics advocate does not impair the internal auditor’s
Gleim CIA Test Prep: Part 1 - Internal Audit Basics independence.
(720 questions) Answer (D) is incorrect. The internal and external audit functions
Copyright 2013 Gleim Publications Inc. Page 56 share
Printed for Sanja Knezevic information and work collaboratively outside of the influence of
fb.com/ciaaofficial management.
Answer (A) is incorrect. Documentation in the bylaws does little to This role does not conflict with the independence standard.
promote [107] Gleim #: 2.1.6
independence. The reporting relationship within the organization’s management
Answer (B) is incorrect. Legislated internal audit requirements in structure that
Country X do not facilitates the day-to-day operations of the internal audit activity is
promote independence. A. Administrative reporting.
Answer (C) is correct. Independence is effectively achieved when B. Financial reporting.
the CAE reports C. Management reporting.
functionally to the board (Inter. Std. 1110). The audit committee is a D. Functional reporting.
subset of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
board. (720 questions)
Answer (D) is incorrect. Independence requires support from senior Copyright 2013 Gleim Publications Inc. Page 57
management and Printed for Sanja Knezevic
the board. Answer (A) is correct. Administrative reporting is the reporting
[106] Gleim #: 2.1.5 relationship within
Which of the following activities undertaken by the internal auditor the organization’s management structure that facilitates the day-to-
might be in day operations of
conflict with the standard of independence? the internal audit activity. Administrative reporting typically includes
Risk management A. consultant. (1) budgeting
B. Product development team leader. and management accounting; (2) human resource administration,
C. Ethics advocate. including personnel
D. External audit liaison. evaluations and compensation; (3) internal communications and
Answer (A) is incorrect. An internal auditor’s acting as a risk information flows;
management and (4) administration of the organization’s internal policies and
consultant does not impair the independence of the internal audit procedures (PA 1110-
activity. 1, para. 4).
Answer (B) is correct. Independence precludes internal auditors Answer (B) is incorrect. Financial reporting focuses primarily on
from assuming reporting
management roles. Product development team leader is a information about performance provided by measures of earnings
management role. and its components.
Answer (C) is incorrect. Internal auditors and the internal audit Answer (C) is incorrect. A form of management reporting is issuance
activity should of financial
take an active role in support of an organization’s ethical culture, statements, which report on the organization’s performance to
assuming the external parties.
Answer (D) is incorrect. Functional reporting involves reporting to of the following activities?
the board to I. Internal communication and information flows
facilitate the internal audit activity’s independence. II. Approval of the internal audit risk assessment and related audit
[108] Gleim #: 2.1.7 plan
An external quality assessment team was evaluating the III. Approval of annual compensation and salary adjustments for the
independence of an internal CAE
audit activity. The internal audit activity performs engagements A. I and II.
concerning all of the B. II and III.
elements included in its scope. Which of the following reporting C. I and III.
responsibilities is D. I, II, and III.
most likely to threaten the internal audit activity’s independence? Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Reporting to the (720 questions)
A. President. Copyright 2013 Gleim Publications Inc. Page 58
B. Treasurer. Printed for Sanja Knezevic
C. Executive vice president. fb.com/ciaaofficial
D. Audit committee. Answer (A) is incorrect. Internal communication and information
Answer (A) is incorrect. Being responsible to the president helps flows are
preserve the administrative reporting items. Administrative reporting is the
internal audit activity’s independence by enhancing its position in the reporting relationship
organization. within the management structure. Furthermore, functional reporting
Answer (B) is correct. The CAE must report to a level within the also involves the
organization board’s approval of annual compensation and salary adjustments for
that allows the internal audit activity to fulfill its responsibilities (Attr. the CAE.
Std. 1110). Answer (B) is correct. Organizational independence is effectively
The higher the level to which the internal audit activity reports, the achieved when the
more likely CAE reports functionally to the board. Examples of functional
that independence will be assured. Reporting to the treasurer limits reporting to the board
the influence involve the board
and independence of the internal audit activity. Approving the internal audit charter
Answer (C) is incorrect. The executive vice president is higher Approving the risk-based internal audit plan
ranking than the Receiving communications from the CAE on the internal audit
treasurer. activity’s
Answer (D) is incorrect. Because the audit committee is a subset of performance
the board, Approving decisions regarding the appointment and removal of the
independence is enhanced when the internal audit activity reports to CAE
the audit Making appropriate inquiries of management and the CAE to
committee. determine whether
[109] Gleim #: 2.1.8 there are inappropriate scope or resource limitations (Inter. Attr. Std.
The CAE should report functionally to the board. The board is 1110)
responsible for which
Answer (C) is incorrect. Internal communication and information Printed for Sanja Knezevic
flows are [111] Gleim #: 2.1.10
administrative reporting items. Moreover, functional reporting also When evaluating the independence of an internal audit activity, a
involves the quality assurance
board’s approval of the internal audit risk assessment and related review team performing an external assessment considers several
audit plan. factors. Which of the
Answer (D) is incorrect. Internal communication and information following factors has the least amount of influence when judging an
flows are internal audit
administrative reporting items. activity’s independence?
[110] Gleim #: 2.1.9 Criteria used in making internal auditors’ A. assignments.
Independence permits internal auditors to render impartial and B. The extent of internal auditor training in communications skills.
unbiased judgments. C. Relationship between engagement records and engagement
The best way to achieve independence is through communications.
Individual knowledge A. and skills. D. Impartial and unbiased judgments.
B. A dual-reporting relationship. Answer (A) is incorrect. How individual internal auditors are
C. Supervision within the organization. assigned relates to
D. Organizational knowledge and skills. independence. The auditor’s personal relationships with operating
Answer (A) is incorrect. Individual knowledge and skills allow personnel,
individual work experience with the engagement client, etc., affect
auditors to achieve professional proficiency. independence.
Answer (B) is correct. Independence is the freedom from conditions Answer (B) is correct. Training in communication relates to the
that threaten knowledge,
the ability of the internal audit activity to carry out internal audit skills, and other competencies needed to perform engagements, not
responsibilities to
in an unbiased manner. To achieve the degree of independence independence.
necessary to Answer (C) is incorrect. If significant engagement observations
effectively carry out the responsibilities of the internal audit activity, found in the
the CAE has engagement records are omitted from the engagement
direct and unrestricted access to senior management and the board. communications,
This can be independence becomes an issue.
achieved through a dual-reporting relationship (Inter. Std. 1100). Answer (D) is incorrect. Unbiased judgment is an aspect of
Answer (C) is incorrect. Supervision ensures that engagement independence.
objectives are [112] Gleim #: 2.1.11
achieved, quality is assured, and staff is developed. The optimal administrative reporting line of the CAE is to
Answer (D) is incorrect. Organizational knowledge and skills allow A. The audit committee.
the internal B. Line management.
audit activity collectively to achieve professional proficiency. C. Board of directors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. CEO or equivalent.
(720 questions) Answer (A) is incorrect. Functional reporting is to the board.
Answer (B) is incorrect. Administrative reporting preferably is to the B.
CEO. The board should have the final authority to approve the internal
Answer (C) is incorrect. The CAE must communicate and interact audit risk
directly with assessment.
the board. Functional reporting needs to be to the board. C.
Answer (D) is correct. Administrative reporting is the reporting The board should approve the CAE’s performance D. evaluation.
relationship Answer (A) is incorrect. Functional reporting to the board facilitates
within the organization’s management structure that facilitates the the
day-to-day independence of the internal audit activity.
operations of the internal audit activity. Administrative reporting Answer (B) is correct. Private meetings between the CAE and the
typically board without
includes (1) budgeting and management accounting; (2) human management present are an essential part of the functional reporting
resource relationship
administration, including personnel evaluations and compensation; (PA 1110-1, para. 3).
(3) internal Answer (C) is incorrect. The board approves all decisions regarding
communications and information flows; and (4) administration of the the
organization’s internal policies and procedures (PA 1110-1, para. 4). performance evaluation, appointment, or removal of the CAE.
Reporting Answer (D) is incorrect. The board approves the internal audit risk
functionally to the board and administratively to the CEO facilitates assessment
organizational independence (PA 1110-1, para. 2). and the related audit plan.
(720 questions) A formal document (charter) approved by the board that defines the
Copyright 2013 Gleim Publications Inc. Page 60 internal audit
Printed for Sanja Knezevic activity’s purpose, authority, and responsibility enhances its
fb.com/ciaaofficial A. Exercise of due professional care.
[113] Gleim #: 2.1.12 B. Proficiency.
Regardless of which reporting relationship the organization chooses, C. Relationship with management.
several key D. Independence.
actions can help ensure that the reporting lines support and enable Answer (A) is incorrect. Due professional care is an attribute of work
the effectiveness performed.
and independence of the internal auditing activity. Which key action Answer (B) is incorrect. Proficiency results from possessing the
will not achieve knowledge,
its functional reporting purpose? skills, and other competencies required for internal auditors to
Organizational independence is effectively achieved when the CAE perform their
reports individual responsibilities.
functionally to the board (Interpretation of Standard 1110). Answer (C) is incorrect. The internal audit activity’s relationship with
A. management is a function of professionalism. The charter
The CAE should meet with the board, with management present, to establishes
reinforce the independence, not a working relationship.
independence of the internal audit activity.
Answer (D) is correct. The charter establishes the internal audit A. Must be sufficient to permit the accomplishment of the activity’s
activity’s responsibilities.
position within the organization, including the nature of the chief audit B. Is best when the reporting relationship is direct to the board of
executive’s functional reporting relationship with the board (Inter. Attr. directors.
Std. Requires only the board’s annual approval of the engagement work
1000). To achieve the degree of independence necessary to schedule,
effectively carry out staffing plan, and financial budget.
the responsibilities of the internal audit activity, the CAE has direct C.
and D. Is guaranteed when the charter specifically defines the activity’s
unrestricted access to senior management and the board (Inter. Attr. independence.
Std. 1100). Answer (A) is correct. The CAE must report to a level within the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization
(720 questions) that allows the internal audit activity to fulfill its responsibilities (Attr.
Copyright 2013 Gleim Publications Inc. Page 61 Std. 1110).
Printed for Sanja Knezevic Answer (B) is incorrect. The internal audit activity requires day-to-
[115] Gleim #: 2.1.14 day support
The reporting structure that is most likely to allow the internal audit that cannot be provided by the board. For this reason, the internal
activity to audit activity
accomplish its responsibilities is to report administratively to the should report administratively to the CEO of the organization.
Board and functionally to the chief A. executive officer. Answer (C) is incorrect. Independence requires reporting to a level
B. Controller and functionally to the chief financial officer. that can deal
C. Chief executive officer and functionally to the board of directors. with more than simple administrative concerns.
D. Chief executive officer and functionally to the external auditor. Answer (D) is incorrect. A statement in the charter does not
Answer (A) is incorrect. The reverse arrangement is appropriate. guarantee
The board is not independence.
involved in the routine management of the firm. [117] Gleim #: 2.1.16
Answer (B) is incorrect. Reporting administratively to the controller The board is most likely to participate in approving
and A. Staff promotions and salary increases.
functionally to the chief financial officer would result in insufficient B. Engagement communication observations, conclusions, and
organizational status for internal auditing. recommendations.
Answer (C) is correct. Reporting functionally to the board and C. Engagement work programs.
administratively to D. Appointment of the chief audit executive.
the organization’s CEO facilitates organizational independence (PA Gleim CIA Test Prep: Part 1 - Internal Audit Basics
1110-1, (720 questions)
para. 2). Copyright 2013 Gleim Publications Inc. Page 62
Answer (D) is incorrect. The external auditor is not part of the Printed for Sanja Knezevic
organizational fb.com/ciaaofficial
hierarchy. Answer (A) is incorrect. The organization’s CAE is responsible for
[116] Gleim #: 2.1.15 staff promotions.
The organizational level to which the internal audit activity reports
Answer (B) is incorrect. The organization’s CAE is responsible for Answer (C) is incorrect. The CAE optimally reports to the CEO for
approving administrative purposes.
engagement communication observations, conclusions, and Answer (D) is correct. Organizational independence is effectively
recommendations. achieved when
Answer (C) is incorrect. The CAE or designee provides appropriate the CAE reports functionally to the board (Inter. Attr. Std. 1110).
engagement Gleim CIA Test Prep: Part 1 - Internal Audit Basics
supervision, which includes providing appropriate instructions during (720 questions)
the planning of Copyright 2013 Gleim Publications Inc. Page 63
the engagement and approving the engagement program. Printed for Sanja Knezevic
Answer (D) is correct. Organizational independence is effectively [119] Gleim #: 2.1.18
achieved when the A service organization is currently experiencing a significant
CAE reports functionally to the board. Examples of functional downsizing and process
reporting to the board reengineering. Its board of directors has redefined the business
involve the board goals and established
Approving the internal audit charter initiatives using in-house developed technology to meet these goals.
Approving the risk-based internal audit plan As a result, a
Receiving communications from the CAE on the internal audit more decentralized approach has been adopted to run the business
activity’s functions by
performance empowering the business branch managers to make decisions and
Approving decisions regarding the appointment and removal of the perform functions
CAE traditionally done at a higher level. The internal auditing staff is made
Making appropriate inquiries of management and the CAE to up of the chief
determine whether audit executive, two managers, and five staff auditors, all with
there are inappropriate scope or resource limitations (Inter. Attr. Std. financial background.
1110) In the past, the primary focus of successful internal audit activities
[118] Gleim #: 2.1.17 has been the service
The IIA has indicated that to achieve necessary independence, the branches and the six regional division headquarters that support the
CAE should report branches. These
functionally to whom? division headquarters are the primary targets for possible elimination.
A. Senior management. The support
B. Shareholders. functions such as human resources, accounting, and purchasing will
C. Chief executive officer. be brought into
D. The board. the national headquarters, and technology will be enhanced to
Answer (A) is incorrect. Organizational independence is facilitated enable and augment
when the these operations. Up to this point, the internal audit activity has
CAE reports functionally to the board and administratively to the reported to the chief
CEO. operating officer. Due to the significant changes, there has been
Answer (B) is incorrect. The CAE should report to the audit some discussion as to
committee (i.e., the changing this reporting relationship. What would be the best
board). reporting relationship?
Administratively and functionally A. to the president. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Administratively to the president and functionally to the board. (720 questions)
C. Administratively to the chief financial officer and functionally to the Copyright 2013 Gleim Publications Inc. Page 64
president. Printed for Sanja Knezevic
D. Administratively and functionally to the chief operating officer. fb.com/ciaaofficial
Answer (A) is incorrect. Organizational independence is effectively Answer (A) is correct. The CAE, reporting functionally to the board
achieved and
when the CAE reports functionally to the board. administratively to the organization’s CEO, facilitates organizational
Answer (B) is correct. The chief audit executive must report to a independence
level within the (PA 1110-1, para. 2). The CAE must communicate and interact
organization that allows the internal audit activity to fulfill its directly with the board
responsibilities (Attr. Std. 1111).
(Attr. Std. 1110). The chief audit executive (CAE), reporting Answer (B) is incorrect. Placing the CAE in a governance position
functionally to the impairs his/her
board and administratively to the organization’s chief executive objectivity.
officer, facilitates Answer (C) is incorrect. Serving as a staff officer and reporting to
organizational independence (PA 1110-1, para. 2). the CFO limit the
Answer (C) is incorrect. The CAE, reporting functionally to the board influence and independence of the internal audit activity.
and Answer (D) is incorrect. Reporting to an administrative vice
administratively to the organization’s chief executive officer, president limits the
facilitates influence and independence of the internal audit activity.
organizational independence. [121] Gleim #: 2.1.20
Answer (D) is incorrect. The best reporting relationship is According to the International Professional Practices Framework, the
administratively to the independence of
president, functionally to the board. the internal audit activity is achieved through
[120] Gleim #: 2.1.19 Staffing A. and supervision.
A charter is being drafted for a newly formed internal audit activity. B. Continuing professional development and due professional care.
Which of the C. Human relations and communications.
following best describes an appropriate organizational position to be D. Organizational status and objectivity.
incorporated into Answer (A) is incorrect. Staffing and supervision relate to
the charter? proficiency rather than
The chief audit executive reports to the chief executive officer but independence.
has access to Answer (B) is incorrect. Continuing professional development and
the board. due
A. professional care relate to proficiency rather than independence.
B. The chief audit executive is a member of the board. Answer (C) is incorrect. Human relations and communications relate
C. The chief audit executive is a staff officer reporting to the chief to to
financial officer. proficiency rather than independence.
D. The chief audit executive reports to an administrative vice Answer (D) is correct. The organizational status most conducive to
president. this degree of
independence is a dual-reporting relationship. Objectivity is an management attitude will most probably have an adverse effect on
individual attribute the internal audit
of each internal auditor. Objectivity requires that internal auditors do activity’s
not Operating A. budget variance.
subordinate their judgment on audit matters to others (Inter. Attr. Std. B. Effectiveness.
1100, para. C. Performance appraisals.
2). D. Policies and procedures.
[122] Gleim #: 2.1.21 Answer (A) is incorrect. An operating budget variance report is a
Freedom from conditions that threaten internal auditors’ ability to do control device
unbiased work is used to monitor actual performance. Lack of management
A. Control. cooperation could cause
B. Compliance. unfavorable variances, but favorable variances also could occur if
C. Independence. many
D. Avoidance of conflicts of interest. engagements were subject to scope impairments.
Answer (A) is incorrect. Control is “any action taken by Answer (B) is correct. In this situation, management is highly averse
management, the board, to analysis
or other parties to manage risk and increase the likelihood that or possible criticism of its actions. Consequently, the internal audit
established activity will
objectives and goals will be achieved” (The IIA Glossary). most likely not report to an organizational level that will allow it to
Answer (B) is incorrect. Compliance is “adherence to policies, plans, fulfill its
procedures, responsibilities (Attr. Std. 1110). Furthermore, engagement
laws, regulations, contracts, or other requirements” (The IIA communications are
Glossary). unlikely to receive adequate consideration, and appropriate action is
Answer (C) is correct. Independence is “the freedom from conditions unlikely to be
that taken on engagement recommendations (PA 1110-1, para. 2).
threaten the ability of the internal audit activity to carry out internal Answer (C) is incorrect. Evaluation of the internal auditing staff
audit should not be
responsibilities in an unbiased manner” (The IIA Glossary). affected by lack of cooperation on the part of noninternal auditing
Answer (D) is incorrect. Conditions other than conflicts of interest management.
may create Answer (D) is incorrect. Policies and procedures of the internal audit
bias or the appearance of bias. activity are
Gleim CIA Test Prep: Part 1 - Internal Audit Basics developed by the internal audit activity. They should not be affected
(720 questions) by
Copyright 2013 Gleim Publications Inc. Page 65 noninternal auditing management.
Printed for Sanja Knezevic [124] Gleim #: 2.2.23
[123] Gleim #: 2.1.22 During the performance of an engagement to evaluate a division’s
In some cultures and organizations, managers insist that an internal controls over
audit activity is not purchasing, the chief purchasing agent asked why the internal
needed to provide a critical assessment of the organization’s auditor had requested
operations. This kind of
documents pertaining to transactions with a particular supplier. The irregularities may dictate a less open environment than would
internal auditor’s normally contribute to a
proper response is to cooperative engagement. However, that is a judgment that should be
A. Treat the inquiry as a scope limitation. made by the chief
Explain the reasons for the information request to promote audit executive in light of the specific circumstances. Moreover, the
cooperation with the internal audit
engagement client. activity must be free from interference in determining the scope of
B. internal auditing,
Refuse to explain the information request to preserve the integrity of performing work, and communicating results (Impl. Std. 1110.A1).
the [125] Gleim #: 2.2.24
engagement process. An appropriate internal auditing role in a feasibility study is to
C. Serve on the task force for the A. preliminary survey.
Consider the specific circumstances before deciding whether to B. Ascertain if the feasibility study addresses cost-benefit
disclose the relationships.
reasons for the information request. C. Determine the requirements for preparing a manual of
D. specifications.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Participate in the drafting of recommendations for the computer
(720 questions) acquisition and
Copyright 2013 Gleim Publications Inc. Page 66 implementation.
fb.com/ciaaofficial Answer (A) is incorrect. Serving on the task force for the preliminary
Answer (A) is incorrect. A scope limitation is a restriction placed survey is
upon the internal appropriate for users and functional management.
audit activity that precludes it from accomplishing its objectives and Answer (B) is correct. Assessing the adequacy of a feasibility study
plans. is properly
Answer (B) is incorrect. The CAE should consider the specific within the scope of work of internal audit. The other three choices
circumstances before involve internal
deciding whether to disclose the reasons for the information request. audit participation in decisions that are properly those of
Answer (C) is incorrect. It is not always necessary or desirable to management.
refuse to explain an Answer (C) is incorrect. Determining the requirements for preparing
information request. a manual of
Answer (D) is correct. At times, an internal auditor may be asked by specifications is appropriate for users and functional management.
the engagement Answer (D) is incorrect. Computer experts should participate in the
client or other parties to explain why a document that has been drafting of
requested is relevant to recommendations for the computer acquisition and implementation.
an engagement. Disclosure or nondisclosure during the engagement [126] Gleim #: 2.2.25
of the reasons Internal auditors must be objective in performing their work. Assume
documents are needed should be determined based on the that the chief
circumstances. Significant audit executive received an annual bonus as part of that individual’s
compensation
package. The bonus may impair the CAE’s objectivity if account balances.
The bonus is administered by the board of directors or its salary [127] Gleim #: 2.2.26
administration Objectivity is most likely impaired by an internal auditor’s
committee. Continuation on an engagement at a division for which (s)he will
A. soon be
The bonus is based on monetary amounts recovered or responsible as the result of a promotion.
recommended future A.
savings as a result of engagements. Reduction of the scope of an engagement due to budget B.
B. restrictions.
C. The scope of internal auditing is evaluating control rather than Participation on a task force that recommends standards for control
account balances. of a new
D. All of the answers are correct. distribution system.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C.
(720 questions) D. Review of a purchasing agent’s contract drafts prior to their
Copyright 2013 Gleim Publications Inc. Page 67 execution.
Printed for Sanja Knezevic Answer (A) is correct. Internal auditors must have an impartial,
Answer (A) is incorrect. The board of directors needs to determine unbiased attitude
the CAE’s and avoid any conflict of interest (Attr. Std. 1120). Conflict of interest
compensation. is a
Answer (B) is correct. Internal auditors must have an impartial, situation in which an internal auditor, who is in a position of trust, has
unbiased attitude and a
avoid any conflict of interest (Attr. Std. 1120). Conflict of interest is a competing professional or personal interest (Inter. Std. 1120). The
situation in internal
which an internal auditor, who is in a position of trust, has a auditor’s promotion may create a bias.
competing professional or Answer (B) is incorrect. Budget restrictions do not constitute an
personal interest (Inter. Std. 1120). In this case, the CAE’s objectivity impairment of
could be independence or objectivity.
impaired if the bonus, a competing personal interest, is based on Answer (C) is incorrect. An internal auditor may recommend, but not
monetary amounts implement,
recovered or recommended future savings as a result of standards of control and still maintain objectivity.
engagements. Answer (D) is incorrect. An internal auditor may review contracts
Answer (C) is incorrect. The internal audit activity’s scope of work prior to their
includes execution.
evaluating and contributing to the improvement of risk management, [128] Gleim #: 2.2.27
control, and In which of the following scenarios does the auditor most likely have
governance processes. organizational
Answer (D) is incorrect. Objectivity is not impaired if the board independence but lack objectivity?
determines the Reports to the audit client but does not report fully about the reason
director’s compensation or if the scope of work is evaluating control for corrective
rather than action taken.
A. B.
B. Reports to the board and reports fully about corrective action Data processing center for which the internal auditor had performed
taken. the service
C. Reports to the audit client and reports fully about corrective action three times previously.
taken. C.
Reports to the board but does not report fully about the reason for Computer system for which the internal auditor had been the internal
corrective audit
action taken. activity’s representative on the design team.
D. D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Objectivity is presumed to be impaired if an
(720 questions) internal
Copyright 2013 Gleim Publications Inc. Page 68 auditor provides assurance services for an activity for which the
Printed for Sanja Knezevic internal auditor
fb.com/ciaaofficial had responsibility within the previous year. Thus, 5 years is a
Answer (A) is incorrect. Reporting to the audit client does not allow reasonable lapse of
the internal audit time to safeguard the employee from a charge of conflict of interest.
activity to fulfill its responsibilities. Answer (B) is correct. The CAE makes staff assignments so that
Answer (B) is incorrect. When the auditor reports to the board and potential and
reports fully about actual conflicts of interest and bias are avoided (PA 1120-1, para. 2).
the corrective action taken, no apparent independence or objectivity A close
issue arises. relative’s involvement with a supplier of an engagement client is an
Answer (C) is incorrect. Reporting to the client indicates a lack of apparent
independence. conflict of interest.
Answer (D) is correct. Organizational independence is effectively Answer (C) is incorrect. Although rotation of assignments is
achieved when the preferable, no
CAE reports functionally to the board (Inter. Attr. Std. 1110). Failing to conflict of interest is involved in performing an assurance service for
report fully the same
about the reason for corrective action may imply bias (a loss of activity repeatedly.
objectivity) with regard Answer (D) is incorrect. Objectivity is not impaired if the internal
to the audit client. auditor’s
[129] Gleim #: 2.2.28 responsibility was limited to recommending standards of control for
An internal auditor most likely will have a conflict of interest by systems or
providing an reviewing procedures before implementation.
assurance service with regard to a [130] Gleim #: 2.2.29
Financial activity in which the internal auditor had been a key Management has requested the internal audit activity to perform an
employee 5 years engagement to
previously. recommend procedures and policies for improving management
A. control over the
Purchasing activity if a major supplier is owned by the internal telephone marketing operations of a major division. The chief audit
auditor’s sister-inlaw. executive should
Not accept the engagement because recommending controls would Recommendations prior to implementation will affect independence,
impair future and the
objectivity regarding this operation. internal auditors will not be able to perform an objective evaluation
A. after the
Not accept the engagement because internal audit activities are system is implemented.
presumed to have A.
expertise regarding accounting controls, not marketing controls. Participation will delay implementation B. of the project.
B. Participation will cause the internal auditors to be labeled as partial
Accept the engagement, but indicate to management that, because owners of the
recommending application, and they will then have to share the blame for any
controls impairs independence, future engagements in the area will problems that
be impaired. remain in the system.
C. C.
Accept the engagement because objectivity will D. not be impaired. D. None of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Internal audit activity independence is not
(720 questions) affected by
Copyright 2013 Gleim Publications Inc. Page 69 recommending control standards or reviewing procedures before
Printed for Sanja Knezevic implementation.
Answer (A) is incorrect. The CAE should accept the engagement. Answer (B) is incorrect. Internal audit activity participation will not
Recommending delay the
controls is not considered to impair independence or objectivity. project unless needed controls were absent.
Answer (B) is incorrect. The engagement should be accepted. The Answer (C) is incorrect. The internal auditors may participate in
internal audit systems
activity must have or obtain the knowledge, skills, and competencies development but must not draft procedures or design, install, or
to evaluate and operate the
improve all of the organization’s risk management, control, and system.
governance processes. Answer (D) is correct. Objectivity is not adversely affected when the
Answer (C) is incorrect. Independence is not impaired by making internal
control auditors recommend standards of control for systems or review
recommendations. procedures before
Answer (D) is correct. The CAE should accept the engagement. they are implemented. Designing, installing, drafting procedures for,
Recommending or operating
standards of control for systems or reviewing procedures prior to systems is presumed to impair objectivity (PA 1120-1, para. 4).
implementation does [132] Gleim #: 2.2.31
not impair objectivity (PA 1120-1, para. 4). Assessing individual objectivity of internal auditors is the
[131] Gleim #: 2.2.30 responsibility of
Which of the following statements is an appropriate reason for the A. The chief executive officer.
internal audit B. The board.
activity not to participate in the systems development process? C. The audit committee.
D. The chief audit executive.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Recommending standards of control is
(720 questions) presumed not to
Copyright 2013 Gleim Publications Inc. Page 70 impair objectivity.
Printed for Sanja Knezevic Answer (D) is correct. The internal auditor’s objectivity is not
fb.com/ciaaofficial adversely affected
Answer (A) is incorrect. Assessing individual objectivity of internal when the auditor recommends standards of control for systems or
auditors is the reviews
responsibility of the chief audit executive. procedures before they are implemented. Designing, installing, or
Answer (B) is incorrect. Assessing individual objectivity of internal drafting
auditors is the procedures for operating systems is presumed to impair objectivity
responsibility of the chief audit executive. (PA 1120-1,
Answer (C) is incorrect. Assessing individual objectivity of internal para. 4).
auditors is the [134] Gleim #: 2.2.33
responsibility of the chief audit executive. Reengineering is the thorough analysis, fundamental rethinking, and
Answer (D) is correct. The CAE must establish policies and complete
procedures to assess the redesign of essential business processes. The intended result is a
objectivity of individual internal auditors. dramatic
[133] Gleim #: 2.2.32 improvement in service, quality, speed, and cost. An internal auditor’s
Which of the following activities is not presumed to impair the involvement in
objectivity of an reengineering should include all of the following except
internal auditor? A. Determining whether the process has senior management’s
Recommending standards of control for a new information I. system support.
application B. Recommending areas for consideration.
Drafting procedures for running a new computer application to C. Developing audit plans for the new system.
ensure that proper D. Directing the implementation of the redesigned process.
controls are installed Gleim CIA Test Prep: Part 1 - Internal Audit Basics
II. (720 questions)
Performing reviews of procedures for a new computer application Copyright 2013 Gleim Publications Inc. Page 71
before it is Printed for Sanja Knezevic
installed Answer (A) is incorrect. Internal auditors may perform the function
III. of determining
A. I only. whether the process has senior management’s support.
B. II only. Answer (B) is incorrect. Internal auditors may perform the function
C. III only. of recommending
D. I and III. areas for consideration.
Answer (A) is incorrect. Performing reviews of procedures is Answer (C) is incorrect. Internal auditors may perform the function
presumed not to of developing
impair objectivity. audit plans for the new system.
Answer (B) is incorrect. Drafting procedures is presumed to impair Answer (D) is correct. Designing, installing, or drafting procedures
objectivity. for operating
systems is presumed to impair objectivity (PA 1120-1, para. 4). D.
[135] Gleim #: 2.2.34 Gleim CIA Test Prep: Part 1 - Internal Audit Basics
An activity appropriately performed by the internal audit activity is (720 questions)
Designing A. systems of control. Copyright 2013 Gleim Publications Inc. Page 72
B. Drafting procedures for systems of control. Printed for Sanja Knezevic
C. Reviewing systems of control before implementation. fb.com/ciaaofficial
D. Installing systems of control. Answer (A) is correct. Confidence in the internal audit activity
Answer (A) is incorrect. Designing systems is presumed to impair derives from
objectivity. independence (an attribute of the internal audit activity as a whole),
Answer (B) is incorrect. Drafting procedures for systems is and objectivity (an
presumed to impair attribute of individual internal auditors). Because designing, installing,
objectivity. drafting
Answer (C) is correct. The internal auditor’s objectivity is not procedures for, or operating systems impairs the objectivity of
adversely affected internal auditors (PA
when the auditor recommends standards of control for systems or 1120-1, para. 4), such services may create a conflict of interest, a
reviews situation in which
procedures before they are implemented (PA 1120-1, para. 4). internal auditors have a competing professional or personal interest.
Answer (D) is incorrect. Installing systems of control is presumed to This may create an
impair appearance of impropriety that undermines confidence in the internal
objectivity. audit activity
[136] Gleim #: 2.2.35 (Inter. Attr. Std. 1120).
Which of the following most seriously compromises confidence in the Answer (B) is incorrect. Dual reporting to the CEO and the board of
internal audit directors is ideal.
activity? Answer (C) is incorrect. The CAE should share information and
Internal auditors frequently draft revised procedures for departments coordinate activities
whose with other internal and external providers to ensure proper coverage
procedures have been criticized in an engagement communication. and minimize
A. duplication of efforts.
The chief audit executive has dual reporting responsibility to the Answer (D) is incorrect. Including the internal audit activity in the
organization’s review cycle of the
chief executive officer and the board of directors. organization’s contracts is appropriate.
B. [137] Gleim #: 2.2.36
The internal audit activity and the organization’s external auditors An organization is planning to develop and implement a new
engage in joint computerized purchase
planning of total engagement coverage to avoid duplicating each order system in one of its manufacturing subsidiaries. The vice
other’s work. president of
C. manufacturing has requested that internal auditors participate on a
The internal audit activity is included in the review cycle of the team consisting of
organization’s representatives from finance, manufacturing, purchasing, and
contracts with other organizations before the contracts are executed. marketing. This team
will be responsible for the implementation effort. Eager to take on this development is for the internal auditor to
high profile Gain familiarity with systems for use in A. subsequent reviews.
project, the chief audit executive assigns a senior internal auditor to B. Help assure that systems have adequate control procedures.
the project to C. Help minimize the cost and development time for new systems.
assist “as needed.” Assuming the senior internal auditor performed D. Propose enhancements for subsequent development and
all of the implementation.
following activities, which one will impair objectivity if the internal Answer (A) is incorrect. Gaining familiarity with systems for use in
auditor is asked to subsequent
review the purchase order system on a post-engagement basis? reviews is not the major reason for the internal auditor’s involvement
Helping to identify and define A. control objectives. in
B. Testing for compliance with system development standards. information systems development.
C. Evaluate risk exposures of systems and programming standards. Answer (B) is correct. The internal audit activity evaluates and
D. Drafting operating procedures for the new system. improves risk
Answer (A) is incorrect. Helping to identify and define control management, control, and governance processes. The internal
objectives is an auditor’s objectivity
appropriate internal audit function. is not adversely affected when the auditor recommends standards of
Answer (B) is incorrect. Internal auditors should evaluate risk control for
exposures and the systems or reviews procedures before they are implemented. The
controls relating to compliance with laws, regulations, and contracts. auditor’s
Answer (C) is incorrect. Internal auditors evaluate risk exposures of objectivity is considered to be impaired if the auditor designs, installs,
information drafts
systems. They may also recommend standards of control or review procedures for, or operates such systems (PA 1120-1, para. 4).
procedures Answer (C) is incorrect. Minimizing the cost and development time
before implementation without adversely affecting their objectivity. for new
Answer (D) is correct. An internal auditor’s objectivity is not systems is not the major reason for the internal auditor’s involvement
adversely affected in
when the auditor recommends standards of control for systems or information systems development.
reviews Answer (D) is incorrect. Proposing enhancements for subsequent
procedures before they are implemented. Designing, installing, development
drafting and implementation is a managerial, not an internal auditing,
procedures for, or operating systems, however, are presumed to function.
impair the internal [139] Gleim #: 2.2.38
auditor’s objectivity (PA 1120-1, para. 4). Assuming that the internal auditing staff possesses the necessary
Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience and
(720 questions) training, which of the following services is most appropriate for a staff
Copyright 2013 Gleim Publications Inc. Page 73 internal auditor
Printed for Sanja Knezevic to undertake?
[138] Gleim #: 2.2.37 A. Substitute for the accounts payable supervisor while (s)he is on
The major reason for the internal auditor’s involvement in information sick leave.
systems
Determine the profitability of alternative investment acquisitions and C. Is freedom from threats to the ability to perform audit work without
select the bias.
best alternative. Prohibits internal auditors from providing consulting services relating
B. to
As part of an evaluation team, review vendor accounting software operations for which they had previous responsibility.
internal D.
controls and rank according to exposures. Answer (A) is correct. Objectivity is “an unbiased mental attitude that
C. allows
Participate in an internal audit of the accounting department shortly internal auditors to perform engagements in such a manner that they
after believe in
transferring from the accounting department. their work product and that no quality compromises are made.
D. Objectivity requires
Answer (A) is incorrect. An internal auditor’s objectivity is presumed that internal auditors do not subordinate their judgment on audit
to be matters to others”
impaired for at least 1 year with respect to activities (s)he previously (The IIA Glossary).
performed. Answer (B) is incorrect. Objectivity also is required in a consulting
Answer (B) is incorrect. Investment decisions are management’s engagement.
responsibility. Answer (C) is incorrect. Independence is freedom from threats to
Answer (C) is correct. An internal auditor’s objectivity is not impaired the ability to
when the perform audit work without bias.
auditor recommends standards of control for systems or reviews Answer (D) is incorrect. Internal auditors may provide consulting
procedures before services
they are implemented (PA 1120-1, para. 4). relating to operations for which they had previous responsibility.
Answer (D) is incorrect. An internal auditor should not be assigned [141] Gleim #: 2.2.40
to The CAE bears the responsibility to do which of the following?
engagements concerning activities (s)he previously performed until A. Assess the level of independence of the board.
at least 1 year Assess the level of knowledge, skills, and competencies of the chief
has elapsed. financial
Gleim CIA Test Prep: Part 1 - Internal Audit Basics officer.
(720 questions) B.
Copyright 2013 Gleim Publications Inc. Page 74 C. Foster collective objectivity.
Printed for Sanja Knezevic D. Foster individual objectivity.
fb.com/ciaaofficial Answer (A) is incorrect. Independence is a quality of the internal
[140] Gleim #: 2.2.39 audit activity,
Internal auditors should be objective. Objectivity not the board.
Requires internal auditors not to subordinate their judgment on audit Answer (B) is incorrect. The concept of knowledge, skills, and
matters to competencies
that of others. applies to individual internal auditors.
A. Answer (C) is incorrect. Objectivity is an individual, not a collective,
Is required only in assurance B. engagements. quality.
Answer (D) is correct. The CAE must establish policies and Answer (A) is incorrect. The CAE’s responsibility with regard to the
procedures to assess objectivity
the objectivity of individual internal auditors. of internal auditors is to assess and maintain.
[142] Gleim #: 2.2.41 Answer (B) is incorrect. The CAE’s responsibility with regard to the
Which of the following is a true statement regarding the timing of objectivity
assessments of of internal auditors is to assess and maintain.
individual objectivity on the part of internal auditors? Answer (C) is incorrect. The CAE’s responsibility with regard to the
A. It must be performed annually. objectivity
B. It must be performed in conjunction with the audit risk of internal auditors is to assess and maintain.
assessment. Answer (D) is correct. The CAE must establish policies and
C. It is performed at the discretion of the board. procedures to assess
D. It is performed at the discretion of the CAE. the objectivity of individual internal auditors.
(720 questions) The CAE bears the responsibility to do which of the following?
Copyright 2013 Gleim Publications Inc. Page 75 A. Encourage the objectivity of the board.
Printed for Sanja Knezevic B. Encourage the objectivity of the CEO.
Answer (A) is incorrect. The CAE determines the appropriate time C. Foster an attitude of professional skepticism among members of
frame for the board.
assessing the objectivity of internal audit staff. D. Maintain individual objectivity.
Answer (B) is incorrect. The CAE determines the appropriate time Answer (A) is incorrect. Objectivity is a quality of individual internal
frame for assessing auditors,
the objectivity of internal audit staff. not the board.
Answer (C) is incorrect. The CAE determines the appropriate time Answer (B) is incorrect. Objectivity is a quality of individual internal
frame for assessing auditors,
the objectivity of internal audit staff. not the CEO.
Answer (D) is correct. The CAE must establish policies and Answer (C) is incorrect. The CAE must establish policies and
procedures to assess the procedures to
objectivity of individual internal auditors. These can take the form of assess the objectivity of individual internal auditors.
periodic reviews Answer (D) is correct. The CAE must establish policies and
of conflicts of interest or as-needed assessments during the staffing procedures to assess
requirements phase the objectivity of individual internal auditors.
of each engagement. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[143] Gleim #: 2.2.42 (720 questions)
Which of the following actions is required of the CAE in regard to the Copyright 2013 Gleim Publications Inc. Page 76
objectivity of Printed for Sanja Knezevic
internal auditors? fb.com/ciaaofficial
A. Maximize. [145] Gleim #: 2.2.44
B. Prioritize. Maintaining individual objectivity of internal auditors is the
C. Manage. responsibility of
D. Assess. The chairperson of the A. board of directors.
B. The chairperson of the audit committee. [147] Gleim #: 2.2.46
C. The external assessment team. Which of the following actions is required of the CAE and internal
D. The chief audit executive. auditors
Answer (A) is incorrect. The responsibility rests with the CAE and themselves in regard to the objectivity of internal auditors?
with internal A. Maintain.
auditors themselves to maintain a sense of objectivity. B. Delegate.
Answer (B) is incorrect. The responsibility rests with the CAE and C. Enhance.
with internal D. Promote.
auditors themselves to maintain a sense of objectivity. The factor Gleim CIA Test Prep: Part 1 - Internal Audit Basics
most important (720 questions)
to the maintenance of individual objectivity. Copyright 2013 Gleim Publications Inc. Page 77
Answer (C) is incorrect. The responsibility rests with the CAE and Printed for Sanja Knezevic
with internal Answer (A) is correct. The responsibility rests with the CAE and with
auditors themselves to maintain a sense of objectivity. internal
Answer (D) is correct. The responsibility rests with the CAE and with auditors themselves to maintain a sense of objectivity.
internal Answer (B) is incorrect. The responsibility rests with the CAE and
auditors themselves to maintain a sense of objectivity. with internal
[146] Gleim #: 2.2.45 auditors themselves to maintain a sense of objectivity.
Maintaining individual objectivity is most dependent on Answer (C) is incorrect. The responsibility rests with the CAE and
Clearly informing auditee departments and functions of The IIA with internal
definition of auditors themselves to maintain a sense of objectivity.
conflict of interest. Answer (D) is incorrect. The responsibility rests with the CAE and
A. with internal
B. An annual evaluation by the board. auditors themselves to maintain a sense of objectivity.
C. An annual evaluation by an external assessment team. [148] Gleim #: 2.3.47
D. Internal auditors avoiding conflicts of interest. When faced with an imposed scope limitation, the chief audit
Answer (A) is incorrect. The responsibility rests with the CAE and executive needs to
with internal Refuse to perform the engagement until the scope limitation A. is
auditors themselves to maintain a sense of objectivity. removed.
Answer (B) is incorrect. The responsibility rests with the CAE and B. Communicate the potential effects of the scope limitation to the
with internal board.
auditors themselves to maintain a sense of objectivity. C. Increase the frequency of engagements concerning the activity in
Answer (C) is incorrect. The responsibility rests with the CAE and question.
with internal D. Assign more experienced personnel to the engagement.
auditors themselves to maintain a sense of objectivity. Answer (A) is incorrect. The engagement may be conducted under
Answer (D) is correct. Internal auditors should be aware of the a scope
possibility of new limitation.
conflicts of interest that may arise owing to changes in personal Answer (B) is correct. A scope limitation, along with its potential
circumstances or effect, needs to
the particular auditees to which an auditor may be assigned.
be communicated, preferably in writing, to the board (PA 1130-1, they are implemented.
para. 3). Answer (B) is correct. Persons transferred to or temporarily engaged
Answer (C) is incorrect. A scope limitation does not necessarily by the internal
require more audit activity should not be assigned to audit those activities they
frequent engagements. previously performed
Answer (D) is incorrect. A scope limitation does not necessarily until at least 1 year has elapsed. Such assignments are presumed to
require more impair objectivity
experienced personnel. (PA 1130.A1-1, para. 1).
[149] Gleim #: 2.3.48 Answer (C) is incorrect. Objectivity is not adversely affected when
In which of the following situations does an internal auditor potentially the internal auditor
lack recommends standards of control for systems or reviews procedures
objectivity? before they are
An internal auditor reviews the procedures for a new electronic data implemented.
interchange Answer (D) is incorrect. Use of staff from other areas to assist the
(EDI) connection to a major customer before it is implemented. internal auditor
A. does not impair objectivity, especially when the staff is from outside
A former purchasing assistant performs a review of internal controls of the area where
over the engagement is being performed.
purchasing 4 months after being transferred to the internal auditing [150] Gleim #: 2.3.49
department. The internal auditors must be able to distinguish carefully between a
B. scope limitation
An internal auditor recommends standards of control and and other limitations. Which of the following is not considered a
performance measures scope limitation?
for a contract with a service organization for the processing of payroll The divisional management of an engagement client has indicated
and that the
employee benefits. division is in the process of converting a major computer system and
C. has indicated
A payroll accounting employee assists an internal auditor in verifying that the information systems portion of the planned engagement will
the physical have to be
inventory of small motors. postponed until next year.
D. A.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics The board reviews the engagement work schedule for the year and
(720 questions) deletes an
Copyright 2013 Gleim Publications Inc. Page 78 engagement that the chief audit executive thought was important to
Printed for Sanja Knezevic conduct.
fb.com/ciaaofficial B.
Answer (A) is incorrect. Objectivity is not adversely affected when The engagement client has indicated that certain customers cannot
the internal be contacted
auditor recommends standards of control for systems or reviews because the organization is in the process of negotiating a long-term
procedures before contract with
the customers and they do not want to upset the customers. account classification dealing with research and development
C. expense. We are aware
None of the answers D. are correct. of the issue. You are directed to discontinue any further investigation
Answer (A) is incorrect. Postponing the portion of an engagement of this matter
concerning a until informed by me to proceed. Under the confidentiality standard of
major computer system is a scope limitation. This delay restricts the your
performance profession, I also direct you not to communicate with the outside
of engagement procedures. auditors regarding
Answer (B) is correct. The board’s decision to delete an this issue.”
engagement from the Which of the following is an appropriate action for the CAE to take
annual engagement work schedule is not a scope limitation. The regarding the
board’s approval questionable item?
of the internal audit plan is part of the functional reporting relationship Immediately report the communication to The IIA and ask for an
of the ethical
internal audit activity to the board (PA 1110-1, para. 3). interpretation and guidance.
Answer (C) is incorrect. Prohibiting contact with certain customers is A.
a scope Inform the president that this scope limitation will need to be reported
limitation. This prohibition restricts the performance of specific to the
procedures. board.
Answer (D) is incorrect. Other answer choices state scope B.
limitations. Continue to investigate the area until all the facts are determined and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics document all
(720 questions) the relevant facts in the engagement records.
Copyright 2013 Gleim Publications Inc. Page 79 C.
Printed for Sanja Knezevic Immediately notify the external auditors of the problem to avoid
[151] Gleim #: 2.3.50 aiding and
During the course of an engagement, an internal auditor makes a abetting a potential crime by the organization.
preliminary D.
determination that a major division has been inappropriately Answer (A) is incorrect. The IIA has no authority in this matter.
capitalizing research and Answer (B) is correct. A scope limitation along with its potential
development expense. The engagement is not yet completed, and effect need to
the internal auditor be communicated, preferably in writing, to the board (PA 1130-1,
has not documented the problem or determined that it really is a para. 3).
problem. However, Answer (C) is incorrect. The CAE needs first to consult the board.
the internal auditor is informed that the chief audit executive has The CAE adds
received the value by serving the organization, and the board may, in fact, be fully
following communication from the president of the organization: aware of the
“The controller of Division B informs me that you have discovered a problem and may not want to incur additional costs.
questionable Answer (D) is incorrect. The engagement work is preliminary, and
the internal
auditor has not yet formed a basis for an opinion. Thus, contacting properties relevant to the performance of engagements (PA 1130-1,
the external para. 2). A scope
auditors is premature. However, if an inquiry is made by the external limitation and its potential effect need to be communicated,
auditors, the preferably in writing, to the board
internal auditors should share the work done to date. (PA 1130-1, para. 3).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Merely delaying the engagement to permit
(720 questions) closing the books is not
Copyright 2013 Gleim Publications Inc. Page 80 usually considered a scope limitation.
Printed for Sanja Knezevic Answer (D) is incorrect. Reporting is necessary.
[152] Gleim #: 2.3.51 An internal auditor who had been supervisor of the accounts payable
Which of the following combinations best illustrates a scope limitation section should
and the appropriate not perform an assurance review of that section
response by the CAE? Because a reasonable period of time in which to establish
Nature of Internal independence cannot be
Limitation Audit Action determined.
A. Engagement client limits scope based upon A.
proprietary information Until at least B. 1 year has elapsed.
Report only to the controller C. Until after the next annual review by the external auditors.
B. Engagement client will not provide access to records D. Until it is clear that the new supervisor has assumed the
needed for approved work schedule responsibilities.
Report to the board Answer (A) is incorrect. The issues are whether (1) objectivity (not
C. Engagement client requests that the engagement be independence) has been restored and (2) at least 1 year has
delayed for 2 weeks to allow it to close its books elapsed.
Report directly to the CEO and controller Answer (B) is correct. Persons transferred to, or temporarily
D. Engagement client will not allow internal auditor to engaged by, the
contact major customers as part of an engagement to internal audit activity should not be assigned to audit activities they
evaluate the efficiency of operations previously
No reporting needed because the performed until at least 1 year has elapsed. Such assignments are
operational engagement concerns presumed to
operational efficiency impair objectivity (PA 1130.A1-1, para. 1).
Answer (A) is incorrect. A scope limitation needs to be reported to Answer (C) is incorrect. The external review does not bear any
the board. relation to
Answer (B) is correct. A scope limitation is a restriction placed on the restoring the internal auditor’s objectivity.
internal audit activity Answer (D) is incorrect. The new supervisor presumably would have
that precludes it from accomplishing its objectives and plans. Among assumed
other things, a scope his/her responsibilities immediately. Hence, 1 year could not have
limitation may restrict the internal audit activity’s access to records, elapsed.
personnel, and physical Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 81 has elapsed. Such assignments are presumed to impair objectivity,
Printed for Sanja Knezevic and additional
[154] Gleim #: 2.3.53 consideration should be exercised when supervising the engagement
A treasury department employee transferred to the internal audit work and
activity of the same communicating engagement results (PA 1130.A1-1, para. 1).
organization last month. The chief financial officer of the organization Answer (D) is incorrect. The preparation of the engagement work
has suggested program offers
that, because of the employee’s significant knowledge in this area, it significant opportunities for bias.
would be a good [155] Gleim #: 2.3.54
idea for the employee to immediately begin an engagement to The internal audit activity encounters a scope limitation from senior
evaluate the treasury management that
department. In this circumstance, the employee should will affect the activity’s ability to meet its goals and objectives for a
Accept the engagement and begin A. work immediately. potential
Discuss the need for such an engagement with the employee’s engagement client. The nature of the scope limitation needs to be
former superior, the Noted in the engagement working papers, but the engagement
treasurer. should be carried
B. out as scheduled and the scope limitation worked around, if possible.
Suggest that the engagement be performed by another member of A.
the internal Communicated to the external auditors, so they can investigate the
audit staff. area in more
C. detail.
Offer to prepare an engagement work program but suggest that B.
interviews with the C. Communicated, preferably in writing, to the board.
employee’s former co-workers be conducted by other members of Communicated to management stating that the limitation will not be
the internal accepted
audit staff. because it would impair the internal audit activity’s independence.
D. D.
Answer (A) is incorrect. The proposed engagement is presumed to Answer (A) is incorrect. The limitation needs to be communicated
impair first to the
objectivity. board.
Answer (B) is incorrect. Internal auditors are not to subordinate their Answer (B) is incorrect. No requirement or need to communicate the
judgment limitation to
on engagement matters to that of others. the external auditor exists.
Answer (C) is correct. Another internal auditor should be assigned. Answer (C) is correct. A scope limitation, along with its potential
Persons effect, needs to
transferred to or temporarily engaged by the internal audit activity be communicated, preferably in writing, to the board (PA 1130-1,
should not be para. 3).
assigned to audit those activities they previously performed until at Answer (D) is incorrect. The internal audit activity exists to help the
least 1 year organization
achieve its objectives. Thus, the internal auditors must communicate were occupied. This scope limitation, along with its potential effect,
with the must be
board about conflicts with management. communicated to which one of the following?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics The organization’s A. board of directors.
(720 questions) B. The board of directors of the VAN.
Copyright 2013 Gleim Publications Inc. Page 82 C. The board of directors of both the organization and the VAN.
Printed for Sanja Knezevic D. The limitation does not need to be communicated at the board of
fb.com/ciaaofficial directors level.
[156] Gleim #: 2.3.55 Answer (A) is correct. The scope limitation and its potential effect
A multinational organization has an agreement with a value-added should be
network (VAN) communicated, preferably in writing, to the board. However, the chief
that provides the encoding and communications transfer for the audit
organization’s executive needs to consider whether it is appropriate to inform the
electronic data interchange (EDI) and electronic funds transfer (EFT) board
transactions. regarding scope limitations that were previously communicated to
Before transfer of data to the VAN, the organization performs online and accepted
preprocessing of by the board (PA 1130-1, para. 3).
the transactions. The internal auditor is responsible for assessing Answer (B) is incorrect. The internal auditor should not
preprocessing communicate directly
controls. In addition, the agreement between the organization and with the board of the VAN.
the VAN states that Answer (C) is incorrect. The internal auditor should not
the internal auditor is allowed to examine and report on the controls communicate directly
in place at the with the board of the VAN.
VAN on an annual basis. The contract specifies that access to the Answer (D) is incorrect. A scope limitation must be communicated to
VAN can occur on a the board.
surprise basis during the second or third quarter of the fiscal year. [157] Gleim #: 2.3.56
This period was An internal auditor assigned to audit a vendor’s compliance with
chosen so it would not interfere with processing during the VAN’s product quality
peak transaction standards is the brother of the vendor’s controller. The auditor should
periods. This provision was not reviewed with internal auditing. The A. Accept the assignment but avoid contact with the controller during
annual fieldwork.
engagement work schedule approved by the board of directors Accept the assignment but disclose the relationship in the
specifies that a full engagement final
review would be done during the current year. communication.
When the internal auditor called to arrange the annual control review B.
during the third C. Notify the vendor of the potential conflict of interest.
quarter, the VAN stated that it could not accommodate the internal D. Notify the chief audit executive of the potential conflict of interest.
auditor because the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
peak processing period started earlier than normal this year and all (720 questions)
VAN personnel Copyright 2013 Gleim Publications Inc. Page 83
Printed for Sanja Knezevic may be responsible for it.
Answer (A) is incorrect. Given a family connection with the auditee, Answer (C) is incorrect. The external auditor should not be notified
even if the unless the
auditor avoids contact with the controller, the appearance of a conflict board believes it is necessary.
of interest Answer (D) is correct. A scope limitation, along with its potential
exists. effect needs to
Answer (B) is incorrect. Situations of potential conflict of interest or be communicated, preferably in writing, to the board (PA 1130-1,
bias should be para. 3).
avoided, not merely disclosed. [159] Gleim #: 2.3.58
Answer (C) is incorrect. Conflicts of interest are to be reported to the Independence is freedom from conditions that threaten the ability of
chief audit the internal audit
executive, not the vendor or engagement client. activity to carry out internal audit responsibilities in an unbiased
Answer (D) is correct. Internal auditors are to report to the chief manner. Which
audit executive policy best promotes independence?
(CAE) any situations in which an actual or potential impairment to Requiring internal auditors to report to the chief audit executive any
independence or conflicts of
objectivity may reasonably be inferred, or if they have questions interest or bias.
about whether a A.
situation constitutes an impairment to objectivity or independence Preventing the internal audit activity from recommending standards
(PA 1130-1, of control for
para. 1). systems that it evaluates.
[158] Gleim #: 2.3.57 B.
The internal audit activity should be free to audit and report on any C. Allowing engagements concerning sensitive operations to be
activity that also outsourced.
reports to its administrative head if it considers such coverage to be Preventing personnel transfers from operating activities to the
appropriate for its internal audit
audit plan. Any limitation in scope or reporting of results of these activity.
activities needs to be D.
brought to the attention of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Chief A. executive officer. (720 questions)
B. Chief financial officer. Copyright 2013 Gleim Publications Inc. Page 84
C. External auditor. Printed for Sanja Knezevic
D. Board. fb.com/ciaaofficial
Answer (A) is incorrect. The CEO may be the administrative head of Answer (A) is correct. Internal auditors are to report to the chief
the internal audit executive
audit activity. (CAE) any situation in which (1) an actual or potential impairment of
Answer (B) is incorrect. The CFO is also responsible for the independence or
organization’s objectivity may reasonably be inferred or (2) they have questions
accounting functions. Thus, when a scope or reporting limitation about whether the
exists, the CFO
situation constitutes an impairment of objectivity or independence. If time, a future engagement may result in the appearance of
the CAE impairment of
determines that impairment exists or may be inferred, (s)he needs to objectivity. Thus, no consideration should be given to the
reassign the engagement status as
auditor(s) (PA 1130-1, para. 1). justification for receiving fees or gifts. The receipt of promotional
Answer (B) is incorrect. Internal auditing may recommend standards items (such as
of control for pens, calendars, or samples) that are available to the general public
systems that it evaluates. and have
Answer (C) is incorrect. Outsourcing certain engagements does not minimal value do not hinder internal auditors’ professional judgments
promote the (PA 1130-
independence of the internal audit activity. 1, para. 4). Impairment of independence or objectivity, in fact or
Answer (D) is incorrect. Transfers from operating activities to the appearance, must
internal audit be disclosed to appropriate parties (Attr. Std. 1130).
activity usually are permitted. However, transferees should not be Answer (B) is incorrect. The value of a weekend vacation is not
assigned to immaterial.
engagements concerning activities they previously performed until at Answer (C) is incorrect. The status of engagements is not a
least 1 year has justification for
elapsed. receiving fees or gifts.
[160] Gleim #: 2.3.59 Answer (D) is incorrect. A supervisor may not approve unethical
An internal auditor has recently received an offer from the manager behavior.
of the marketing Gleim CIA Test Prep: Part 1 - Internal Audit Basics
department of a weekend’s free use of his beachfront condominium. (720 questions)
No engagement is Copyright 2013 Gleim Publications Inc. Page 85
currently being conducted in the marketing department, and none is Printed for Sanja Knezevic
scheduled. The [161] Gleim #: 2.3.60
internal auditor As part of a company-sponsored award program, an internal auditor
Should reject the offer and report it to the appropriate A. supervisor. was offered an
B. May accept the offer because its value is immaterial. award of significant monetary value by a division in recognition of the
C. May accept the offer because no engagement is being conducted cost savings
or planned. that resulted from the auditor’s recommendations. According to the
D. May accept the offer if approved by the appropriate supervisor. International
Answer (A) is correct. An internal auditor is not to accept fees, gifts, Professional Practices Framework, what is the most appropriate
or action for the auditor
entertainment from an employee, client, customer, supplier, or to take?
business associate. Accept the gift because the engagement is already concluded and
Accepting a fee or gift may imply that the auditor’s objectivity has the report
been impaired. issued.
Even though an engagement is not being conducted in the applicable A.
area at that Accept the award under the condition that any proceeds B. go to
charity.
C. Inform audit management and ask for direction on whether to of the internal auditors?
accept the gift. One internal auditor told the review team that, during an engagement
D. Decline the gift and advise the division manager’s superior. to review the
Answer (A) is incorrect. The auditor should not accept the gift, payroll function, the payroll manager approached the auditor. The
despite the manager
previous completion of the engagement and issuance of the report. indicated the need for an accountant to prepare financial statements
Answer (B) is incorrect. The auditor should not accept the award for the
without first manager’s part-time business. The internal auditor agreed to perform
informing and consulting audit management. this work for
Answer (C) is correct. Internal auditors are not to accept fees, gifts, a reduced fee during non-work hours.
or A.
entertainment from an employee, client, customer, supplier, or During an engagement to review the construction of a building
business associate addition to the
that may create the appearance that the auditor’s objectivity has organization’s headquarters, the vice president of facilities
been impaired. management gave the
The status of engagements is not to be considered as justification for internal auditor a commemorative mug with the organization’s logo.
receiving These mugs
fees, gifts, or entertainment. Internal auditors are to report were distributed to all employees present at the ground-breaking
immediately the offer ceremony.
of all material fees or gifts to their supervisors. (PA 1130-1, para. 4). B.
Answer (D) is incorrect. Declining the gift and advising the division After reviewing the installation of a data processing system, the
manager’s internal auditor
superior could erode the audit function’s relationship with the division made recommendations on standards of control. Three months after
in completion of
question. The auditor should inform and consult audit management the engagement, the engagement client requested the internal
for guidance. auditor’s review of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics certain procedures for adequacy. The internal auditor agreed and
(720 questions) performed this
Copyright 2013 Gleim Publications Inc. Page 86 review.
Printed for Sanja Knezevic C.
fb.com/ciaaofficial An internal auditor’s participation was requested on a task force to
[162] Gleim #: 2.3.61 reduce the
An internal audit activity is currently undergoing its first external organization’s inventory losses from theft and shrinkage. This is the
quality assurance first
review since its formation 3 years ago. From interviews, the review consulting assignment undertaken by the internal audit activity. The
team is informed internal
of certain internal auditor activities over the past year. Which of the auditor’s role is to advise the task force on appropriate control
following procedures.
activities could affect the quality assurance review team’s evaluation D.
of the objectivity
Answer (A) is correct. An internal auditor is not to accept a fee, gift, provides assurance services for an activity for which the internal
or auditor had
entertainment from an employee, client, customer, supplier, or responsibility within the previous year (PA 1130.A1-1, para. 1). Thus,
business associate if George
that may create the appearance that the auditor’s objectivity has provides assurance services for payroll, his objectivity is presumed to
been impaired be impaired.
(PA 1130-1, para. 4). However, internal auditors may provide consulting services relating
Answer (B) is incorrect. The receipt of promotional items with to operations for
minimal value which they had previous responsibilities (Impl. Std. 1130.C1).
does not impair objectivity. Answer (C) is incorrect. Providing assurance services regarding
Answer (C) is incorrect. Recommending standards of control before payroll will impair
implementation does not impair the internal auditor’s objectivity as the independence or objectivity of George.
long as (s)he Answer (D) is incorrect. Providing consulting services regarding
does not assume operating responsibilities. payroll will not
Answer (D) is incorrect. Reviewing procedures before impair the objectivity of George.
implementation does not [164] Gleim #: 2.4.63
impair the internal auditor’s objectivity as long as (s)he does not An organization has two manufacturing facilities. Each facility has
assume operating two manufacturing
responsibilities. processes and a separate packaging process. The processes are
[163] Gleim #: 2.3.62 similar at both
George is the new internal auditor for XYZ Corporation. George was facilities. Raw materials used include aluminum, materials to make
in charge of plastic, various
payroll for XYZ just 10 months ago. Performing what services in chemicals, and solvents. Pollution occurs at several operational
regard to payroll is stages, including raw
considered an impairment of independence or objectivity if performed materials handling and storage, process chemical use, finished
by George? goods handling, and
A. Consulting services. disposal. Waste products produced during the manufacturing
B. Assurance services. processes include several
C. Assurance or consulting services. that are considered hazardous. The nonhazardous waste is
D. Neither assurance nor consulting services. transported to the local
Gleim CIA Test Prep: Part 1 - Internal Audit Basics landfill. An outside waste vendor is used for the treatment, storage,
(720 questions) and disposal of all
Copyright 2013 Gleim Publications Inc. Page 87 hazardous waste.
Printed for Sanja Knezevic Management is aware of the need for compliance with environmental
Answer (A) is incorrect. Providing assurance services but not laws. The
consulting services organization recently developed an environmental policy including a
regarding payroll will impair the independence or objectivity of statement that
George. each employee is responsible for compliance with environmental
Answer (B) is correct. Objectivity is presumed to be impaired if an laws.
internal auditor
If the internal audit activity is assigned the responsibility of Grade point average on college A. accounting courses.
conducting an B. Ability to fit well socially into a group.
environmental audit, which of the following actions should be C. Ability to organize and express thoughts well.
performed first? D. Level of detailed knowledge of the organization.
Conduct risk assessments A. for each site. Answer (A) is incorrect. Although accounting educational
B. Review organizational policies and procedures and verify performance is
compliance. undoubtedly one criterion that must be examined, performance in
C. Provide the assigned staff with technical training. one subject area
D. Review the environmental management system. is much too limited a basis for predicting an applicant’s success
Answer (A) is incorrect. The internal auditors should conduct risk given the broad
assessments scope of internal auditing work.
for each site only after qualified people have been assigned to the Answer (B) is incorrect. Social skills are a benefit to any internal
project. auditor but
Answer (B) is incorrect. Audit procedures to verify compliance with cannot be considered the most important characteristic of a good
company candidate.
policies and procedures are performed only after an audit staff with Answer (C) is correct. Internal auditors must have skills in oral and
the needed written
knowledge, skills, and other competencies is assigned to the audit. communications to clearly and effectively convey such matters as
Answer (C) is correct. The internal audit activity collectively must engagement
possess or objectives, evaluations, conclusions, and recommendations (PA
obtain the necessary knowledge, skills, and other competencies 1210-1, para. 1).
needed to conduct Answer (D) is incorrect. Entry-level internal auditors typically have
the audit properly (Attr. Std. 1210). Thus, providing the assigned staff relatively
with little knowledge of the organization. Applicants should demonstrate a
adequate training or employing qualified external service providers is general
a first step knowledge of the organization, but this factor is not the most reliable
in an environmental audit. predictor of
Answer (D) is incorrect. Internal auditors should review the successful performance as an internal auditor.
environmental [166] Gleim #: 2.4.65
management system only after qualified people have been assigned A chief audit executive (CAE) for a very small internal audit
to the project. department has just
Gleim CIA Test Prep: Part 1 - Internal Audit Basics received a request from management to perform an audit of an
(720 questions) extremely complex area
Copyright 2013 Gleim Publications Inc. Page 88 in which the CAE and the department have no expertise. The nature
Printed for Sanja Knezevic of the audit
fb.com/ciaaofficial engagement is within the scope of internal audit activities.
[165] Gleim #: 2.4.64 Management has expressed
When hiring entry-level internal auditing staff, which of the following a desire to have the engagement conducted in the very near future
will most likely because of the high
predict the applicant’s success as an internal auditor?
level of risk involved. Which of the following responses by the CAE skills is a violation of this standard.
would be in Answer (D) is incorrect. Determining whether time is sufficient to
violation of the Standards? develop necessary
Discuss with management the possibility of outsourcing the audit of expertise is an appropriate response. Internal auditors should be
this complex committed to life-long
area. learning. Thus, it is not unreasonable to require them to expand their
A. knowledge, skills,
Add an outside consultant to the audit staff to assist in the and other competencies.
performance of the [167] Gleim #: 2.4.66
audit engagement. Your organization has selected you to develop an internal audit
B. activity. Your
C. Accept the audit engagement and begin immediately, since it is a approach will most likely be to hire
high-risk area. Internal auditors, each of whom possesses all the skills required to
Discuss the timeline of the audit engagement with management to handle all
determine if engagements.
sufficient time exists in which to develop appropriate expertise. A.
D. Inexperienced personnel and train them the way the organization
Gleim CIA Test Prep: Part 1 - Internal Audit Basics wants them
(720 questions) trained.
Copyright 2013 Gleim Publications Inc. Page 89 B.
Printed for Sanja Knezevic Degreed accountants because most internal audit work is C.
Answer (A) is incorrect. Outsourcing (delegating the engagement to accounting related.
an outside service Internal auditors who collectively have the knowledge and skills
provider) is an appropriate response when auditors do not possess needed to
the needed perform the responsibilities of the internal audit activity.
background or skills and cannot develop such skills in a timely D.
fashion. Answer (A) is incorrect. The scope of internal auditing is so broad
Answer (B) is incorrect. Adding a consultant (cosourcing) is an that one
appropriate response individual cannot have the requisite expertise in all areas.
when auditors do not possess the needed background or skills and Answer (B) is incorrect. The internal audit activity should have
cannot develop such personnel with
skills in a timely fashion. various skill levels to permit appropriate matching of internal auditors
Answer (C) is correct. The internal audit activity collectively must with
possess or obtain varying engagement complexities. Furthermore, experienced internal
the knowledge, skills, and other competencies needed to perform its auditors
responsibilities should be available to train and supervise less experienced staff
(Attr. Std. 1210). The auditors in this situation do not have such members.
expertise. Thus, Answer (C) is incorrect. Many skills are needed in internal auditing.
planning and executing the audit engagement without the For example,
appropriate background and
computer skills are needed in engagements involving information [169] Gleim #: 2.4.68
technology. The internal audit activity collectively must possess or obtain certain
Answer (D) is correct. The internal audit activity collectively must competencies,
possess or including an understanding of
obtain the knowledge, skills, and other competencies needed to Internal audit procedures A. and techniques.
perform its B. Accounting principles and techniques.
responsibilities (Attr. Std. 1210). C. Management principles.
[168] Gleim #: 2.4.67 D. Marketing techniques.
The internal audit activity collectively must possess or obtain certain Answer (A) is incorrect. The required competencies include
competencies, proficiency in, not an
including proficiency in understanding of, internal audit standards, procedures, and
A. Internal audit procedures and techniques. techniques.
B. Accounting principles and techniques. Answer (B) is incorrect. The internal audit activity collectively must
C. Management principles. have
D. Marketing techniques. proficiency in, not merely an understanding of, accounting principles
Gleim CIA Test Prep: Part 1 - Internal Audit Basics and
(720 questions) techniques.
Copyright 2013 Gleim Publications Inc. Page 90 Answer (C) is correct. An understanding means the ability to apply
Printed for Sanja Knezevic broad
fb.com/ciaaofficial knowledge to situations likely to be encountered, to recognize
Answer (A) is correct. Proficiency means the ability to apply significant
knowledge to situations deviations, and to be able to carry out the research necessary to
likely to be encountered and to deal with them without extensive arrive at
recourse to technical reasonable solutions. The required competencies include an
research and assistance. Internal auditors must be proficient in understanding of
applying internal audit management principles to recognize and evaluate the materiality and
standards, procedures, and techniques in performing engagements significance
(PA 1210-1, of deviations from good business practice (PA 1210-1, para. 1).
para. 1). Answer (D) is incorrect. Internal auditors ordinarily need not be
Answer (B) is incorrect. Only if internal auditors work extensively proficient in, or
with financial have an understanding or appreciation of, marketing techniques.
records and reports must they have proficiency in accounting [170] Gleim #: 2.4.69
principles and Internal auditing is unique in that its scope often encompasses all
techniques. areas of an
Answer (C) is incorrect. The required competencies include an organization. Thus, it is not possible for each internal auditor to
understanding of, not possess detailed
proficiency in, management principles. competence in all areas that might be the subject of engagements.
Answer (D) is incorrect. Internal auditors ordinarily need not be Which of the
proficient in following competencies must the internal audit activity possess
marketing techniques. collectively?
A. Understanding of taxation and law as it applies to operation of the Answer (B) is correct. An appreciation means the ability to recognize
organization. the
B. Proficiency in accounting principles. existence of problems or potential problems and to identify the
C. Understanding of management principles. additional research
D. Proficiency in information technology. to be undertaken or the assistance to be obtained. Internal auditors
Gleim CIA Test Prep: Part 1 - Internal Audit Basics must have an
(720 questions) appreciation of the fundamentals of business subjects, such as
Copyright 2013 Gleim Publications Inc. Page 91 accounting,
Printed for Sanja Knezevic economics, commercial law, taxation, finance, quantitative methods,
Answer (A) is incorrect. Internal auditors are required to have only information
an appreciation of technology, risk management, and fraud (PA 1210-1, para. 1).
taxation and law. Answer (C) is incorrect. The required competencies include an
Answer (B) is incorrect. Only if internal auditors work extensively understanding,
with financial not an appreciation, of management principles.
records and reports must they have proficiency in accounting Answer (D) is incorrect. Internal auditors ordinarily need not be
principles. proficient in, or
Answer (C) is correct. An understanding is the ability to apply broad have an understanding or appreciation of, marketing techniques.
knowledge to [172] Gleim #: 2.4.71
situations likely to be encountered, to recognize significant The internal audit activity collectively must possess or obtain certain
deviations, and to be able competencies,
to carry out the research necessary to arrive at reasonable solutions. excluding
The required A. Proficiency in applying internal audit standards.
competencies include an understanding of management principles to B. An understanding of management principles.
recognize and C. The ability to maintain good interpersonal relations.
evaluate the materiality and significance of deviations from good D. The ability to conduct training sessions in quantitative methods.
business practice. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Only a knowledge of key IT risks and (720 questions)
controls and available Copyright 2013 Gleim Publications Inc. Page 92
technology-based audit techniques is required of internal auditors. Printed for Sanja Knezevic
The internal audit activity collectively must possess or obtain certain Answer (A) is incorrect. Proficiency in applying internal audit
competencies, standards, procedures,
including an appreciation of and techniques is among the required competencies.
Internal audit procedures A. and techniques. Answer (B) is incorrect. An understanding of management principles
B. Accounting principles and techniques. sufficient to
C. Management principles. recognize and evaluate the materiality and significance of deviations
D. Marketing techniques. from good
Answer (A) is incorrect. The required competencies include business practices is among the required competencies.
proficiency in Answer (C) is incorrect. Skills in dealing with people, understanding
applying internal audit standards, procedures, and techniques. human relations,
and maintaining satisfactory relationships with engagement clients economics, commercial law, taxation, finance, quantitative methods,
are among the information
required competencies. technology, risk management, and fraud.
Answer (D) is correct. The ability to conduct training sessions in Gleim CIA Test Prep: Part 1 - Internal Audit Basics
specific areas is not (720 questions)
among the required competencies. Copyright 2013 Gleim Publications Inc. Page 93
[173] Gleim #: 2.4.72 Printed for Sanja Knezevic
Internal auditors must possess the knowledge, skills, and other [174] Gleim #: 2.4.73
competencies essential The Standards require that internal auditors possess which of the
to the performance of their individual responsibilities. Consequently, following skills?
all internal Internal auditors should understand human relations and be skilled in
auditors should be proficient in applying dealing with
Internal A. auditing standards. people.
B. Quantitative methods. I.
C. Management principles. Internal auditors should be able to recognize and evaluate the
D. Structured systems analysis. materiality and
Answer (A) is correct. All internal auditors should be proficient in significance of deviations from good business practices.
applying II.
internal auditing standards, procedures, and techniques required in Internal auditors should be experts on subjects such as economics,
performing commercial
engagements. Proficiency means the ability to apply knowledge to law, taxation, finance, and information technology.
situations likely III.
to be encountered and to deal with them without extensive recourse Internal auditors should be skilled in oral and written IV.
to technical communication.
research and assistance (PA 1210-1, para. 1). A. II only.
Answer (B) is incorrect. Internal auditors must have an appreciation B. I and III only.
of, not C. III and IV only.
proficiency in, the fundamentals of business subjects such as D. I, II, and IV only.
quantitative Answer (A) is incorrect. Internal auditors also should understand
methods. human relations
Answer (C) is incorrect. Internal auditors must have an and be skilled in dealing with people and in oral and written
understanding of, not communication.
proficiency in, management principles to recognize and evaluate the Answer (B) is incorrect. Internal auditors are expected to have an
materiality appreciation of
and significance of deviations from good business practices. (not be experts in) fields related to their audit responsibilities.
Answer (D) is incorrect. Internal auditors must have an appreciation Moreover, internal
of, not auditors should be able to recognize and evaluate the materiality and
proficiency in, the fundamentals of business subjects such as significance
accounting, of deviations from good business practices.
Answer (C) is incorrect. Internal auditors must have an appreciation D.
of, not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
expertise in, the fundamentals of fields related to their audit (720 questions)
responsibilities. They Copyright 2013 Gleim Publications Inc. Page 94
also should understand human relations and be skilled in dealing Printed for Sanja Knezevic
with people. fb.com/ciaaofficial
Furthermore, they should be able to recognize and evaluate the Answer (A) is incorrect. The internal auditors should be able to
materiality and convey effectively
significance of deviations from good business practices. engagement objectives.
Answer (D) is correct. Skills required by the Standards for internal Answer (B) is incorrect. The internal auditors should be able to
auditors convey effectively
include engagement evaluations.
Skills in dealing with people, understanding human relations, and Answer (C) is correct. Internal auditors must be skilled in oral and
maintaining written
satisfactory relationships with engagement clients. communications so that they can clearly and effectively convey such
Skills in oral and written communications to clearly and effectively matters as
convey engagement objectives, evaluations, conclusions, and
such matters as engagement objectives, evaluations, conclusions, recommendations (PA 1210-1,
and para. 1). The risk assessment used in selecting the area for
recommendations. investigation is not
An understanding of management principles to recognize and necessarily a matter that must be communicated to an engagement
evaluate the client.
materiality and significance of deviations from good business Answer (D) is incorrect. The internal auditors should be able to
practices. convey effectively
An appreciation of (not expertise in) of the fundamentals of business engagement recommendations.
subjects [176] Gleim #: 2.4.75
such as accounting, economics, commercial law, taxation, finance, Internal auditors must have the knowledge, skills, and other
quantitative methods, information technology, risk management, and competencies needed to
fraud perform their individual responsibilities. Which of the following
(PA 1210-1, para. 1). properly describes
[175] Gleim #: 2.4.74 the level of knowledge, skill, or other competency required? Internal
Communication skills are important to internal auditors. They should auditors must
be able to have
convey effectively all of the following to engagement clients except Proficiency in applying internal auditing standards and procedures
A. The objectives designed for a specific engagement. without
B. The engagement evaluations based on a survey. extensive recourse to technical research and assistance.
C. The risk assessment used in selecting the area for investigation. A.
Recommendations that are generated in relationship to a specific Proficiency in applying knowledge of accounting and information
engagement technology to
client. specific or potential problems.
B. What is the most appropriate preventive measure for staff
An understanding of broad techniques used in supporting and communication problems
developing with engagement clients?
engagement observations and the ability to research the proper Provide staff with sufficient training to enhance communication A.
procedures to be skills.
used in any engagement situation. B. Avoid unnecessary communication with engagement clients.
C. C. Discuss communication problems with staff auditors.
A broad appreciation of accounting principles and techniques during D. Meet with engagement clients to resolve communication
engagements problems.
involving the financial records and reports of the organization. Answer (A) is correct. Internal auditors must be skilled in oral and
D. written
Answer (A) is correct. Proficiency means the ability to apply communications so that they can clearly and effectively convey such
knowledge to matters as
situations likely to be encountered and to deal with them without engagement objectives, evaluations, conclusions, and
extensive recommendations (PA
recourse to technical research and assistance. An internal auditor 1210-1, para. 1).
must be Answer (B) is incorrect. The issue is the quality rather than the
proficient in applying internal auditing standards, procedures, and quantity of
techniques in communication.
performing engagements (PA 1210-1, para. 1). Answer (C) is incorrect. Communication problems should be
Answer (B) is incorrect. An appreciation of the fundamentals of, not resolved through
proficiency effective training.
in, information technology is required. Proficiency in accounting Answer (D) is incorrect. Meeting with engagement clients will not
principles and resolve
techniques is required only if the internal auditor works extensively problems caused by poor staff communication skills.
with financial [178] Gleim #: 2.5.77
records and reports. As part of the process to improve internal auditor-engagement client
Answer (C) is incorrect. Proficiency in, not an understanding of, relations, it is
internal auditing very important to deal with how the internal audit activity is
standards, procedures, and techniques is required. perceived. Certain types
Answer (D) is incorrect. Proficiency in, not an appreciation of, of attitudes in the work performed will help create these perceptions.
accounting From a
principles and techniques is required when the internal auditor works management perspective, which attitude is likely to be the most
extensively conducive to a
with financial records and reports. positive perception?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. Objective.
(720 questions) B. Investigative.
Copyright 2013 Gleim Publications Inc. Page 95 C. Interrogatory.
Printed for Sanja Knezevic D. Consultative.
[177] Gleim #: 2.4.76
Answer (A) is incorrect. Objectivity is desirable but, by itself, will not Answer (D) is incorrect. Internal auditors are not independent if they
lead to a implement
more positive relationship. policies and procedures.
Answer (B) is incorrect. An investigative attitude is not likely to [180] Gleim #: 2.5.79
enhance the Which one of the following is responsible for determining the
relationship. appropriate levels of
Answer (C) is incorrect. An interrogatory attitude is not likely to education and experience needed for the internal audit staff?
enhance the Human A. resource manager.
relationship. B. Chief audit executive.
Answer (D) is correct. A consultative attitude leads to two-way C. Chief executive officer.
communication. D. Treasurer.
Consultation considers the client’s viewpoint, helps to dispel fear and Answer (A) is incorrect. Hiring practices are an essential part of
mistrust, understanding
and demonstrates the value of internal auditing to the client. the internal audit staff’s background, but the human resource
[179] Gleim #: 2.5.78 manager is not
The consultative approach to internal auditing emphasizes responsible for determining the appropriate levels of education and
A. Imposition of corrective measures. experience
B. Participation with engagement clients to improve methods. needed for the internal audit staff.
C. Fraud investigation. Answer (B) is correct. The CAE must ensure that the internal audit
D. Implementation of policies and procedures. activity is
Gleim CIA Test Prep: Part 1 - Internal Audit Basics able to fulfill its responsibilities. The CAE must determine the
(720 questions) appropriate levels
Copyright 2013 Gleim Publications Inc. Page 96 of education and experience needed for the internal audit staff to
Printed for Sanja Knezevic fulfill that
fb.com/ciaaofficial responsibility.
Answer (A) is incorrect. Imposition of changes implies an Answer (C) is incorrect. The chief executive officer is not directly
adversarial relationship. responsible for
Answer (B) is correct. Consultation with the engagement client not determining the appropriate levels of education and experience
only facilitates the needed for the
planning and performance of the engagement but is a courtesy that internal audit staff.
enhances the Answer (D) is incorrect. The treasurer is not responsible for
internal auditor-client relationship. Developing a positive relationship determining the
produces a more appropriate levels of education and experience needed for the
favorable environment for the engagement effort. Moreover, involving internal audit staff.
the client in the [181] Gleim #: 2.5.80
engagement process is likely to increase acceptance of All of the following will help the CAE identify the available knowledge,
recommended changes. skills, and
Answer (C) is incorrect. Consultation is less likely when the client is competencies of the internal audit staff except
suspected of A. Hiring practices.
fraud. B. Periodic skills assessment.
C. External service provider. Answer (A) is incorrect. Use of external service providers with
D. Staff performance appraisals. expertise in
Gleim CIA Test Prep: Part 1 - Internal Audit Basics healthcare benefits is also appropriate when comparing healthcare
(720 questions) costs with those
Copyright 2013 Gleim Publications Inc. Page 97 of other programs and training staff to conduct healthcare audits.
Printed for Sanja Knezevic Answer (B) is incorrect. Use of external service providers with
Answer (A) is incorrect. Hiring practices are an essential part of expertise in
understanding the healthcare benefits is also appropriate when evaluating the
background of the internal audit staff. estimated liability for
Answer (B) is incorrect. The CAE should conduct periodic skills postretirement benefits and training staff to conduct healthcare
assessments to audits.
determine the specific resources available. Answer (C) is incorrect. Use of external service providers with
Answer (C) is correct. External service providers are used when the expertise in
internal audit staff healthcare benefits is also appropriate when comparing healthcare
does not have the necessary knowledge, skills, and competencies to costs with those
fulfill the of other programs and evaluating the estimated liability for
responsibilities of the internal audit activity. postretirement
Answer (D) is incorrect. Staff performance appraisals are completed benefits.
at the end of any Answer (D) is correct. If the internal auditors lack the necessary
major internal audit engagement. These appraisals help the CAE expertise,
assess future training external service providers should be employed who can provide the
needs and current staff abilities. requisite
[182] Gleim #: 2.5.81 knowledge, skills, and other competencies. Thus, external service
Use of external service providers with expertise in healthcare providers may
benefits is appropriate provide assistance in (1) estimating the liability for postretirement
when the internal audit activity is benefits,
Evaluating the organization’s estimate of its liability for postretirement (2) developing a comparative analysis of healthcare costs, and (3)
benefits, training the staff
which include healthcare benefits. to audit healthcare costs.
A. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Comparing the cost of the organization’s healthcare program with (720 questions)
other programs Copyright 2013 Gleim Publications Inc. Page 98
offered in the industry. Printed for Sanja Knezevic
B. fb.com/ciaaofficial
Training its staff to conduct an audit of healthcare costs in a major [183] Gleim #: 2.5.82
division of the A chief audit executive has reviewed credentials, checked
organization. references, and interviewed
C. a candidate for a staff position. The CAE concludes that the
All of the answers D. are correct. candidate has a thorough
understanding of internal audit techniques, accounting, and finance. A. Delete the engagement from the schedule.
However, the B. Perform the entire engagement using current staff.
candidate has limited knowledge of economics and information C. Engage an engineering consultant to perform the comparison.
technology. Which D. Accept the contractor’s written representations.
action is most appropriate? Answer (A) is incorrect. The engagement is within the scope of the
Reject the candidate because of the lack of knowledge required A. by internal audit
the Standards. activity.
B. Offer the candidate a position despite lack of knowledge in certain Answer (B) is incorrect. Performing the engagement using the
essential areas. current
Encourage the candidate to obtain additional training in economics (unqualified) staff is inappropriate.
and Answer (C) is correct. If the internal auditors lack the necessary
information technology and then reapply. expertise,
C. external service providers should be employed who can provide the
Offer the candidate a position if other staff members possess requisite
sufficient knowledge knowledge, skills, and other competencies.
in economics and information technology. Answer (D) is incorrect. Accepting the contractor’s representations
D. without
Answer (A) is incorrect. The Standards do not require each internal adequate testing is inappropriate.
auditor to Gleim CIA Test Prep: Part 1 - Internal Audit Basics
possess a knowledge of all relevant subjects. (720 questions)
Answer (B) is incorrect. The internal audit activity’s needs may be Copyright 2013 Gleim Publications Inc. Page 99
for additional Printed for Sanja Knezevic
expertise in economics or information technology. [185] Gleim #: 2.5.84
Answer (C) is incorrect. Encouraging the candidate to obtain If the internal audit activity of a nonpublic company does not have the
additional training skills to
does not adequately address the internal audit activity’s current perform a particular task, an external service provider (ESP) could be
needs. brought in from
Answer (D) is correct. Each member of the internal audit activity The organization’s I. external audit firm
need not be II. An external consulting firm
qualified in all disciplines (PA 1210.A1-1, para. 1). III. The engagement client
[184] Gleim #: 2.5.83 IV. A college or university
An internal audit activity has scheduled an engagement relating to a A. I and II only.
construction B. II and IV only.
contract. One portion of this engagement will include comparing C. I, II, and III only.
materials purchased D. I, II, and IV only.
with those specified in the engineering drawings. The internal audit Answer (A) is incorrect. An ESP from a college or university is also
activity does not acceptable.
have anyone on staff with sufficient expertise to complete this Answer (B) is incorrect. An ESP from a nonpublic organization’s
procedure. The chief external audit
audit executive should firm is also acceptable.
Answer (C) is incorrect. An ESP from the engagement client is not professionalism.
independent. Answer (C) is incorrect. This requirement does not affect use of
Answer (D) is correct. Qualified ESPs may be recruited from many external service
sources. providers.
However, an ESP associated with the engagement client is Answer (D) is correct. Each member of the internal audit activity
unacceptable because need not be
the person would not be independent or objective. qualified in all disciplines (PA 1210.A1-1, para. 1). The internal audit
[186] Gleim #: 2.5.85 activity
A chief audit executive for a large manufacturer is considering should have an appropriate balance of experience, training, and
revising the internal skills to permit the
audit activity’s charter with respect to the minimum educational and performance of a wide range of services. Requiring certain
experience professional
qualifications required. The CAE wants to require all staff auditors to certifications could limit the range of services offered by the internal
possess audit
specialized training in accounting and a professional auditing activity.
certification such as the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Certified Internal Auditor or the Chartered Accountant. One of the (720 questions)
disadvantages of Copyright 2013 Gleim Publications Inc. Page 100
imposing this requirement is that the policy Printed for Sanja Knezevic
Might negatively affect the internal audit activity’s ability to perform fb.com/ciaaofficial
quality [187] Gleim #: 2.5.86
engagements relating to the organization’s financial and accounting A professional engineer applied for a position in the internal audit
systems. activity of a high
A. technology firm. The engineer became interested in the position after
B. Does not promote the professionalism of the internal audit activity. observing
Would prevent the internal audit activity from using external service several internal auditors while they were performing an engagement
providers in the engineering
when it did not have the knowledge, skills, and other competencies department. The chief audit executive
required in Should not hire the engineer because of the lack of knowledge of
certain engagements. internal audit
C. standards.
Could limit the range of services that could be performed due to the A.
internal audit May hire the engineer despite the lack of knowledge of internal B.
activity’s narrow expertise and backgrounds. audit standards.
D. Should not hire the engineer because of the lack of knowledge of
Answer (A) is incorrect. The policy might result in better accounting and
engagements relating to taxes.
financial and accounting systems. C.
Answer (B) is incorrect. Setting minimum professional standards May hire the engineer because of the knowledge of internal auditing
promotes gained in the
previous position. Answer (C) is incorrect. Checking an applicant’s references is an
D. appropriate
Answer (A) is incorrect. Each new employee of an internal audit procedure to determine a prospective auditor’s qualifications.
activity is not Answer (D) is incorrect. Determining previous job experience is
required to have knowledge of internal audit standards. However, the appropriate
internal during the hiring process.
audit activity collectively must have this knowledge. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (B) is correct. Each member of the internal audit activity (720 questions)
need not be Copyright 2013 Gleim Publications Inc. Page 101
qualified in all disciplines (PA 1210.A1-1, para. 1). Printed for Sanja Knezevic
Answer (C) is incorrect. Each individual internal auditor is not [189] Gleim #: 2.5.88
required to have A chief audit executive (CAE) has been requested by the audit
knowledge of accounting or taxes. committee to conduct
Answer (D) is incorrect. The knowledge acquired by observation is an engagement at a chemical factory as soon as possible. The
irrelevant to engagement will include
the skills necessary for internal auditing. reviews of health, safety, and environmental (HSE) management and
[188] Gleim #: 2.5.87 processes. The
Reasonable assurance should be obtained as to each prospective CAE knows that the internal audit activity does not possess the HSE
internal auditor’s knowledge
qualifications and proficiency. Which of the following is the least necessary to conduct such an engagement. The CAE must
useful application Begin the engagement and incorporate HSE training into next year’s
of this principle? planning to
A. Determining that all applicants have an accounting degree. prepare for a follow-up engagement.
B. Obtaining college transcripts. A.
C. Checking an applicant’s references. Suggest to the audit committee that the factory’s own HSE staff
D. Determining previous job experience. conduct the
Answer (A) is correct. Internal auditors must possess the engagement.
knowledge, skills, and B.
other competencies needed to perform their individual Seek permission from the audit committee to obtain appropriate
responsibilities. The support from an
internal audit activity collectively must possess or obtain the HSE professional.
knowledge, skills, C.
and other competencies needed to perform its responsibilities (Attr. Defer the engagement and tell the audit committee that it will take
Std. 1210). several months
Each member of the internal audit activity, however, need not be to train internal audit staff for such an engagement.
qualified in all D.
disciplines (PA 1210.A1-1, para. 1). Answer (A) is incorrect. The CAE should not begin the audit without
Answer (B) is incorrect. Obtaining college transcripts is an notifying
appropriate procedure the audit committee of the knowledge issue and attempting to
to determine a prospective auditor’s qualifications. resolve it.
Answer (B) is incorrect. A review by the factory’s HSE staff will not Copyright 2013 Gleim Publications Inc. Page 102
provide the Printed for Sanja Knezevic
audit committee with an independent review. fb.com/ciaaofficial
Answer (C) is correct. The chief audit executive must obtain Answer (A) is incorrect. Assessing self-insurance controls is outside
competent advice the normal scope
and assistance if the internal auditors lack the knowledge, skills, or of the internal audit activity. The internal auditor may need to engage
other an actuary.
competencies needed to perform all or part of the engagement Answer (B) is incorrect. Assessing self-insurance risks is outside the
(Impl. Std. 1210.A1). normal scope of
Answer (D) is incorrect. Delaying the engagement may have serious the internal audit activity. The internal auditor may need to engage an
consequences given the nature of the HSE issues involved. actuary.
[190] Gleim #: 2.5.89 Answer (C) is incorrect. An internal auditor might be able to
When the engagement was assigned, management asked the determine whether the
internal auditor to healthcare costs are reasonable.
evaluate the appropriateness of using self-insurance to minimize risk Answer (D) is correct. The internal audit activity may use external
to the service providers
organization. Given the scope of the engagement requested by or internal sources that are qualified in disciplines such as
management, should accounting, auditing,
the internal auditor engage an actuarial consultant to assist in the economics, finance, statistics, information technology, engineering,
engagement if these taxation, law,
skills do not exist on staff? environmental affairs, and other areas as needed to meet the internal
No. The internal audit activity is skilled in assessing controls, and the audit activity’s
insurance responsibilities (PA 1210.A1-1, para. 1). Thus, unless the internal
control concepts are not distinctly different from other control audit activity has an
concepts. employee with actuarial skills, an actuarial consultant should be hired
A. to assess selfinsurance
No. It is a normal internal auditor function to assess risk; this risks.
engagement is [191] Gleim #: 2.5.90
therefore not unique. The internal audit activity is considering hiring a person who has a
B. thorough
Yes. An actuary is essential to determine whether the healthcare understanding of internal auditing techniques, accounting, and
costs are principles of
reasonable. management but has nonspecialized knowledge of economics and
C. information
Yes. The actuary has skills not usually found among internal auditors technology. Hiring the person is most appropriate if
to identify A professional development program is agreed to in advance A. of
and quantify self-insurance risks. actual hiring.
D. A mentor is assigned to ensure completion of an individually
Gleim CIA Test Prep: Part 1 - Internal Audit Basics designed
(720 questions) professional development program.
B. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Other internal auditors possess sufficient knowledge of economics (720 questions)
and Copyright 2013 Gleim Publications Inc. Page 103
information technology. Printed for Sanja Knezevic
C. Answer (A) is correct. The CAE should conduct periodic skills
The prospective employee could reasonably be expected to gain assessments to
sufficient determine the specific resources available. Assessments should be
knowledge of these competencies in the long run. performed at least
D. annually.
Answer (A) is incorrect. Regardless of their backgrounds, all internal Answer (B) is incorrect. Periodic skills assessments should be
auditors performed more
must enhance their knowledge, skills, and other competencies frequently than every 5 years.
through continuing Answer (C) is incorrect. Periodic skills assessments do not need to
professional development. be performed
Answer (B) is incorrect. The use of a mentor is encouraged quarterly.
regardless of the new Answer (D) is incorrect. Periodic skills assessments do not need to
internal auditor’s background. be performed
Answer (C) is correct. Internal auditors must possess the semiannually.
knowledge, skills, and [193] Gleim #: 2.5.92
other competencies needed to perform their individual An internal auditor’s objectivity could be compromised in all of the
responsibilities. The following
internal audit activity collectively must possess or obtain the situations except
knowledge, skills, A conflict A. of interest.
and other competencies needed to perform its responsibilities (Attr. An engagement client’s familiarity with the internal auditor due to lack
Std. 1210). of rotation
However, each member of the internal audit activity need not be in assignments.
qualified in all B.
disciplines (PA 1210.A1-1, para. 1). C. The internal auditor’s assumption of operational duties on a
Answer (D) is incorrect. Unless other internal auditors possess temporary basis.
sufficient D. Reliance on an outside service provider when appropriate.
knowledge of these competencies, hiring this person would Answer (A) is incorrect. By definition, a conflict of interest can
accentuate staffing compromise an
deficiencies. internal auditor’s objectivity.
[192] Gleim #: 2.5.91 Answer (B) is incorrect. The CAE can prevent potential and actual
At a minimum, how often should the skills of the internal audit staff conflicts of
be assessed? interest by, when practicable, rotating internal audit staff assignments
A. Annually. periodically.
B. Every 5 years. Answer (C) is incorrect. Persons transferred to, or temporarily
C. Quarterly. engaged by, the
D. Semi-annually.
internal audit activity should not be assigned to audit those activities independent sources. Previous customers or clients who are familiar
they with the ESP’s
previously performed until at least 1 year has elapsed. work can provide feedback based on their direct experience. The
Answer (D) is correct. The CAE must obtain competent advice and consensus of these
assistance if opinions is likely to be reliable.
the internal auditors lack the knowledge, skills, or other Answer (D) is incorrect. Determining the financial interest the ESP
competencies needed to may have in the
perform all or part of the engagement (Impl. Std. 1210.A1). organization relates to assessing independence and objectivity.
Consulting an outside [195] Gleim #: 2.5.94
service provider is therefore appropriate in these circumstances. In some organizations, internal audit functions are outsourced.
[194] Gleim #: 2.5.93 Management in a large
The CAE determines that an external service provider (ESP) organization should recognize that the external auditor may have an
possesses the necessary advantage,
knowledge, skills, and other competencies to perform the compared with the internal auditor, because of the external auditor’s
engagement. The most Familiarity with the organization. Its annual audits provide an in-
effective procedure to evaluate the ESP is depth knowledge
A. Considering the current compensation of the potential ESP. of the organization.
Verifying that no financial, organizational, or personal relationships A.
will prevent Size. It can hire experienced, knowledgeable, and B. certified staff.
the ESP from rendering impartial and unbiased judgments. Size. It is able to offer continuous availability of staff unaffected by
B. other
C. Contacting others familiar with the ESP’s work. priorities.
D. Determining the financial interest the ESP may have in the C.
organization. Structure. It may more easily accommodate engagement
Gleim CIA Test Prep: Part 1 - Internal Audit Basics requirements in distant
(720 questions) locations.
Copyright 2013 Gleim Publications Inc. Page 104 D.
Printed for Sanja Knezevic Answer (A) is incorrect. The internal auditors are likely to be more
fb.com/ciaaofficial familiar with
Answer (A) is incorrect. Considering the current compensation of the organization than the external auditors, given the continuous
the potential ESP nature of their
relates to assessing independence and objectivity. responsibilities.
Answer (B) is incorrect. Verifying that no financial, organizational, or Answer (B) is incorrect. The internal auditor also can hire
personal experienced,
relationships will prevent the ESP from rendering impartial and knowledgeable, and certified staff.
unbiased judgments Answer (C) is incorrect. The internal auditor is more likely to be
relates to assessing independence and objectivity. continuously
Answer (C) is correct. To evaluate the ESP’s reputation, the CAE available. The external auditor has responsibilities to many other
should interview clients.
Answer (D) is correct. Large organizations that are geographically auditors cannot give absolute assurance that noncompliance or
dispersed may irregularities do not
find outsourcing internal audit functions to external auditors to be exist (PA 1220-1, para. 2).
effective. A Answer (D) is incorrect. An internal auditor must recommend
major public accounting firm ordinarily has operations that are improvements to
national or promote conformance with acceptable procedures and practices.
worldwide in scope. [197] Gleim #: 2.6.96
[196] Gleim #: 2.6.95 An internal auditor observes that a receivables clerk has physical
Which of the following statements is true with respect to due access to and control
professional care? of cash receipts. The auditor worked with the clerk several years
An internal auditor should perform detailed tests of all transactions before and has a high
before level of trust in the individual. Accordingly, the auditor notes in the
communicating results. engagement
A. working papers that controls over receipts are adequate. Has the
An item should not be mentioned in an engagement communication auditor exercised due
unless the professional care?
internal auditor is absolutely certain of the item. Yes, reasonable care A. has been taken.
B. B. No, irregularities were not noted.
An engagement communication should never be viewed as providing C. No, alertness to conditions most likely indicative of irregularities
an infallible was not shown.
truth about a subject. D. Yes, the engagement working papers were annotated.
C. Answer (A) is incorrect. The auditor’s engagement observation is
D. An internal auditor has no responsibility to recommend inappropriate
improvements. given the lack of segregation of functions.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. No indication is given that irregularities have
(720 questions) occurred.
Copyright 2013 Gleim Publications Inc. Page 105 Answer (C) is correct. Internal auditors must be alert to those
Printed for Sanja Knezevic conditions and
Answer (A) is incorrect. An internal auditor must conduct reasonable activities where irregularities are most likely to occur and must
examinations identify
and verifications, but detailed tests of all transactions are not inadequate controls (PA 1220-1, para. 1). Thus, the internal auditor
required. did not
Answer (B) is incorrect. Absolute assurance need not, and cannot, exercise due professional care. Cash has a high degree of inherent
be given. risk and should
Answer (C) is correct. Due professional care implies reasonable therefore be subject to strict controls. Access to cash and the
care and competence, recordkeeping
not infallibility or extraordinary performance. Thus, it requires the functions should be separated regardless of the personal qualities of
internal auditor to the
conduct examinations and verifications to a reasonable extent. individuals involved. That the internal auditor trusts the clerk is
Accordingly, internal irrelevant.
Management still needs to be aware that internal control over engagement. However, the assurance engagement may still include
receivables is the item if it is
inadequate. subsequently determined that
Answer (D) is incorrect. Annotating the working papers does not Sufficient A. staff is available.
indicate that the B. Adverse effects related to the item are likely to occur.
auditor exercised due professional care. Cash has a high inherent C. Related information is reliable.
risk of D. Miscellaneous income is affected.
irregularities, and professional judgment and alertness are Answer (A) is incorrect. In the absence of other considerations,
necessary. devoting
[198] Gleim #: 2.6.97 additional engagement effort to an immaterial item is inefficient.
Due professional care implies reasonable care and competence, not Answer (B) is correct. Internal auditors must exercise due
infallibility or professional care by
extraordinary performance. Thus, which of the following is considering the relative complexity, materiality, or significance of
unnecessary? matters to
A. The conduct of examinations and verifications to a reasonable which assurance procedures are applied (Impl. Std. 1220.A1).
extent. Materiality
B. The conduct of extensive examinations. judgments are made in the light of all the circumstances and involve
C. The reasonable assurance that compliance does exist. qualitative as
D. The consideration of the possibility of material irregularities. well as quantitative considerations. Moreover, internal auditors also
Gleim CIA Test Prep: Part 1 - Internal Audit Basics must consider
(720 questions) the interplay of risk with materiality. Consequently, engagement effort
Copyright 2013 Gleim Publications Inc. Page 106 may be
Printed for Sanja Knezevic required for a quantitatively immaterial item if adverse effects are
fb.com/ciaaofficial likely to occur,
Answer (A) is incorrect. Examination and verification need only be for example, a material contingent liability arising from an illegal
undertaken to a payment that is
reasonable extent. otherwise immaterial.
Answer (B) is correct. Due professional care implies reasonable Answer (C) is incorrect. Additional engagement procedures might
care and competence, not be needed
not infallibility or extraordinary performance. It requires the internal if related information is reliable.
auditor to conduct Answer (D) is incorrect. The item is more likely to be included if it
examinations and verifications to a reasonable extent (PA 1220-1, affects
para. 2). recurring income items rather than miscellaneous income.
Answer (C) is incorrect. An internal auditor cannot give absolute [200] Gleim #: 2.6.99
assurance. With regard to the exercise of due professional care, an internal
Answer (D) is incorrect. The possibility of material irregularities must auditor should
be considered. Consider the relative materiality or significance of matters to which
[199] Gleim #: 2.6.98 assurance
An internal auditor judged an item to be immaterial when planning an procedures are applied.
assurance A.
B. Emphasize the potential benefits of an engagement without regard significant fraud by being assigned all but which one of the following
to the cost. tasks?
Consider whether criteria have been established to determine Review large, abnormal, or unexplained A. expenditures.
whether goals are Review sensitive expenses, such as legal fees, consultant fees, and
achieved, not whether those criteria are adequate. foreign sales
C. commissions.
Select procedures that are likely to provide absolute assurance that B.
irregularities C. Review every control feature pertaining to petty cash receipts.
do not exist. D. Review contributions by the organization that appear to be
D. unusual.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. To prevent or detect significant fraud, the
Copyright 2013 Gleim Publications Inc. Page 107 auditor should review large, abnormal, or unexplained expenditures.
Printed for Sanja Knezevic Answer (B) is incorrect. To prevent or detect significant fraud, the
Answer (A) is correct. Exercising due professional care means internal
applying the care and auditor should review sensitive expenses.
skill expected of a reasonably prudent and competent internal auditor Answer (C) is correct. The internal auditor must exercise due
(Attr. Std. 1220). professional care by
Internal auditors must exercise due professional care by considering, considering the relative complexity, materiality, or significance of
among other matters to
things, the relative complexity, materiality, or significance of matters which assurance procedures are applied. The cost of assurance in
to which relation to its
assurance procedures are applied (Impl. Std. 1220.A1). benefits also should be considered (Impl. Std. 1220.A1). Hence, an
Answer (B) is incorrect. The internal auditor should consider the exhaustive
cost in relation to the review of petty cash is not an efficient and effective use of limited
potential benefits before beginning an engagement. internal audit
Answer (C) is incorrect. Adequate criteria are needed to evaluate resources because it will not prevent or detect significant fraud. The
controls. If amount of
determined to be adequate, internal auditors must use such criteria any theft of petty cash will not be substantial.
in their evaluation. Answer (D) is incorrect. To prevent or detect significant fraud, the
If inadequate, internal auditors must work with management to internal
develop appropriate auditor should review unusual contributions.
evaluation criteria. [202] Gleim #: 2.6.101
Answer (D) is incorrect. Internal auditors cannot give absolute To ensure that due professional care has been taken at all times
assurance that during an engagement,
noncompliance or irregularities do not exist. the internal auditor should always
[201] Gleim #: 2.6.100 Ensure that all financial information related to the audit is included in
The internal audit activity can perform an important role in preventing the audit
and detecting plan and examined for nonconformance or irregularities.
A.
B. Ensure that all audit tests are fully documented. assignment.
Consider the possibility of nonconformance or irregularities at all Answer (D) is incorrect. Due professional care does not require that
times during an immaterial
engagement. instances of noncompliance or irregularity be reported to the audit
C. committee.
Communicate any noncompliance or irregularity discovered during Gleim CIA Test Prep: Part 1 - Internal Audit Basics
an (720 questions)
engagement promptly to the audit committee. Copyright 2013 Gleim Publications Inc. Page 109
D. Printed for Sanja Knezevic
(720 questions) A staff internal auditor performed a portion of an engagement to
Copyright 2013 Gleim Publications Inc. Page 108 review an
Printed for Sanja Knezevic organization’s marketing function. In particular, the internal auditor
fb.com/ciaaofficial evaluated the
Answer (A) is incorrect. The automatic inclusion of relevant financial function’s effective and efficient use of resources to identify
information in I. Underused facilities
an audit plan does not guarantee that due professional care has II. Overstaffing or understaffing
been exercised over the III. Nonproductive work
audit as a whole. IV. Procedures that were not cost justified
Answer (B) is incorrect. Keeping detailed working papers does not To test for underused facilities, the internal auditor performed a
ensure that due complete walkthrough
professional care has been exercised during the tests. of all spaces assigned to the marketing function and evaluated the
Answer (C) is correct. Due professional care implies reasonable use of both
care and competence, space and capital equipment. The internal auditor analyzed reports
not infallibility or extraordinary performance. Thus, due professional on space usage for
care requires the the last year and concluded that facilities were neither underused nor
internal auditor to conduct examinations and verifications to a used at maximum
reasonable extent. capacity.
Accordingly, internal auditors cannot give absolute assurance that To test for overstaffing or understaffing, the internal auditor compared
noncompliance or current staffing
irregularities do not exist. Nevertheless, the possibility of material levels with a staffing analysis recently completed by an independent
irregularities or contractor.
noncompliance needs to be considered whenever the internal auditor Because the staffing analysis used work standards and service
undertakes an demands to provide
internal auditing assignment (PA 1220-1, para. 2). Thus, considering factual and reliable information on staffing requirements, the internal
the possibility of auditor was able
nonconformance or material irregularities at all times during an to conclude that staffing levels were optimal.
engagement is the only To test for nonproductive work, the internal auditor interviewed an
way of demonstrating that due professional care has been taken in employee from
an internal audit
each level and, based upon their responses, concluded that no noncompliance needs to be considered whenever the internal auditor
significant amount of undertakes an
nonproductive work was being performed. Thus, the internal auditor internal audit assignment (PA 1220-1, para. 2). Accordingly, the work
concluded that performed with
additional engagement work to search for procedures that were not regard to facilities usage and staffing was adequate and would
cost-justified withstand normal
would not be necessary. scrutiny.
In reference to requirements I and II, due professional care Answer (B) is incorrect. The work performed in both areas was
Was exercised because the internal auditor applied reasonable care adequate and would
and withstand normal scrutiny.
competence in both areas. Answer (C) is incorrect. The work performed in both areas was
A. adequate and would
Was not exercised because the internal auditor failed to apply withstand normal scrutiny.
reasonable care Answer (D) is incorrect. The work performed in both areas was
regarding requirement II. adequate and would
B. withstand normal scrutiny.
Was not exercised because the internal auditor failed to apply Gleim CIA Test Prep: Part 1 - Internal Audit Basics
reasonable care (720 questions)
regarding requirements I and II. Copyright 2013 Gleim Publications Inc. Page 111
C. Printed for Sanja Knezevic
Was not exercised because the internal auditor failed to apply [204] Gleim #: 2.6.103
reasonable care A staff internal auditor performed a portion of an engagement to
regarding requirement I. review an
D. organization’s marketing function. In particular, the internal auditor
Gleim CIA Test Prep: Part 1 - Internal Audit Basics evaluated the
(720 questions) function’s effective and efficient use of resources to identify
Copyright 2013 Gleim Publications Inc. Page 110 I. Underused facilities
Printed for Sanja Knezevic II. Overstaffing or understaffing
fb.com/ciaaofficial III. Nonproductive work
Answer (A) is correct. Due professional care implies reasonable IV. Procedures that were not cost justified
care and competence, To test for underused facilities, the internal auditor performed a
not infallibility or extraordinary performance. Thus, due professional complete walkthrough
care requires the of all spaces assigned to the marketing function and evaluated the
internal auditor to conduct examinations and verifications to a use of both
reasonable extent. space and capital equipment. The internal auditor analyzed reports
Accordingly, internal auditors cannot give absolute assurance that on space usage for
noncompliance or the last year and concluded that facilities were neither underused nor
irregularities do not exist. Nevertheless, the possibility of material used at maximum
irregularities or capacity.
To test for overstaffing or understaffing, the internal auditor compared requirements III and IV.
current staffing Answer (C) is correct. The procedures performed as a basis for
levels with a staffing analysis recently completed by an independent concluding that
contractor. no nonproductive work was accomplished resulted in a failure to
Because the staffing analysis used work standards and service identify
demands to provide sufficient, reliable, relevant, and useful information to achieve the
factual and reliable information on staffing requirements, the internal engagement’s
auditor was able objectives (Perf. Std. 2310). The opinions of individuals whose work
to conclude that staffing levels were optimal. was in
To test for nonproductive work, the internal auditor interviewed an question lacks reliability. Given that the information regarding area IV
employee from was based
each level and, based upon their responses, concluded that no on that for area III, it also is suspect.
significant amount of Answer (D) is incorrect. Due professional care was not exercised in
nonproductive work was being performed. Thus, the internal auditor regard to
concluded that requirements III and IV.
additional engagement work to search for procedures that were not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
cost-justified (720 questions)
would not be necessary. Copyright 2013 Gleim Publications Inc. Page 112
In reference to requirements III and IV, due professional care Printed for Sanja Knezevic
Was exercised because the internal auditor applied reasonable care fb.com/ciaaofficial
and [205] Gleim #: 2.6.104
competence in both areas. Due professional care calls for
A. Detailed reviews of all transactions related to a particular A. function.
Was not exercised because the internal auditor failed to apply Infallibility and extraordinary performance when the system of
reasonable care and internal control is
competence regarding requirement III. known to be weak.
B. B.
Was not exercised because the internal auditor failed to apply Consideration of the possibility of material irregularities during every
reasonable care and engagement.
competence regarding both requirements III and IV. C.
C. Testing in sufficient detail to give absolute assurance that
Was not exercised because the internal auditor failed to apply noncompliance does not
reasonable care and exist.
competence regarding requirement IV. D.
D. Answer (A) is incorrect. Detailed reviews of all transactions are not
Answer (A) is incorrect. Due professional care was not exercised in required.
regard to Answer (B) is incorrect. Reasonable care and skill, not infallibility or
requirements III and IV. extraordinary performance, are necessary.
Answer (B) is incorrect. Due professional care was not exercised in Answer (C) is correct. Due care implies reasonable care and
regard to competence, not
infallibility or extraordinary performance. Due care requires the D.
internal auditor to Answer (A) is incorrect. This review is a standard procedure.
conduct examinations and verifications to a reasonable extent, but Answer (B) is incorrect. Sampling is permissible. Detailed reviews of
does not all
require detailed reviews of all transactions. Accordingly, internal transactions are often not required or feasible.
auditors cannot Answer (C) is incorrect. In exercising due professional care, internal
give absolute assurance that noncompliance or irregularities do not auditors
exist. should be alert to inefficiency.
Nevertheless, the possibility of material irregularities or Answer (D) is correct. Internal auditors cannot give absolute
noncompliance should be assurance that
considered whenever an internal auditor undertakes an internal noncompliance or irregularities do not exist (PA 1220-1, para. 2).
auditing Gleim CIA Test Prep: Part 1 - Internal Audit Basics
assignment (PA 1220-1, para. 2). (720 questions)
Answer (D) is incorrect. Only reasonable, not absolute, assurance Copyright 2013 Gleim Publications Inc. Page 113
can be given. Printed for Sanja Knezevic
[206] Gleim #: 2.6.105 [207] Gleim #: 2.6.106
A certified internal auditor performed an assurance engagement to In exercising due professional care, internal auditors must consider
review a which of the
department store’s cash function. Which of the following actions will following?
be deemed The relative complexity, materiality, or significance of matters to
lacking in due professional care? which assurance
Organizational records were reviewed to determine whether all procedures are applied
employees who I.
handle cash receipts and disbursements were bonded. The extent of assurance procedures necessary to ensure that all
A. significant risks
A flowchart of the entire cash function was developed, but only a will be identified
sample of II.
transactions was tested. The probability of significant errors, irregularities, III. or
B. noncompliance
The final engagement communication included a well-supported A. I and II only.
recommendation B. II and III only.
for the reduction in staff, although it was known that such a reduction C. I and III only.
would D. I, II, and III.
adversely affect morale. Answer (A) is incorrect. The internal auditors need not consider the
C. extent of
Because of a highly developed system of internal control over the assurance procedures necessary to ensure that all significant risks
cash function, will be
the final engagement communication assured senior management identified when exercising due professional care. But the internal
that no auditors must
irregularities existed.
consider the probability of significant errors, irregularities, or care. Accordingly, the Standards require internal auditors to
noncompliance. Consider the probability of significant I. noncompliance
Answer (B) is incorrect. The internal auditors need not consider the Perform assurance procedures with due professional care so that all
extent of significant
assurance procedures necessary to ensure that all significant risks risks are identified
will be II.
identified when exercising due professional care. But the internal III. Weigh the cost of assurance against the benefits
auditors must A. I and II only.
consider the relative complexity, materiality, or significance of matters B. I and III only.
to which C. II and III only.
assurance procedures are applied. D. I, II, and III.
Answer (C) is correct. Internal auditors must exercise due Answer (A) is incorrect. Assurance procedures alone, even when
professional care by performed with
considering the due professional care, do not guarantee that all significant risks will
Extent of work needed to achieve the engagement’s objectives be identified.
Relative complexity, materiality, or significance of matters to which Moreover, internal auditors must weigh the cost of assurance against
assurance procedures are applied the benefits.
Adequacy and effectiveness of governance, risk management, and Answer (B) is correct. Internal auditors must exercise due
control professional care by
processes considering the
Probability of significant errors, fraud, or noncompliance Extent of work needed to achieve the engagement’s objectives
Cost of assurance in relation to potential benefits (Impl. Std. Relative complexity, materiality, or significance of matters to which
1220.A1) assurance procedures are applied
Assurance procedures alone, even when performed with due Adequacy and effectiveness of governance, risk management, and
professional care, do control
not guarantee that all significant risks will be identified (Impl. Std. processes
1220.A3). Probability of significant errors, fraud, or noncompliance
Answer (D) is incorrect. The internal auditors need not consider the Cost of assurance in relation to potential benefits (Impl. Std.
extent of 1220.A1)
assurance procedures necessary to ensure that all significant risks Assurance procedures alone, even when performed with due
will be professional care, do
identified when exercising due professional care. not guarantee that all significant risks will be identified (Impl. Std.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics 1220.A3).
(720 questions) Answer (C) is incorrect. Assurance procedures alone, even when
Copyright 2013 Gleim Publications Inc. Page 114 performed with
Printed for Sanja Knezevic due professional care, do not guarantee that all significant risks will
fb.com/ciaaofficial be identified.
[208] Gleim #: 2.6.107 Furthermore, internal auditors must consider the probability of
Assurance engagements must be performed with proficiency and significant
due professional noncompliance.
Answer (D) is incorrect. Assurance procedures alone, even when professional development and report to the Certification Department
performed with of The IIA.
due professional care, do not guarantee that all significant risks will Answer (C) is incorrect. Continuing education may be obtained by
be identified. participation in
[209] Gleim #: 2.6.108 professional organizations.
Internal auditors are responsible for continuing their education to Answer (D) is incorrect. Prior approval by The IIA is not necessary
maintain their for CPE courses.
proficiency. Which of the following is true regarding the continuing [210] Gleim #: 2.6.109
education During a consulting engagement, an internal auditor should exercise
requirements of the practicing internal auditor? due professional
Internal auditors are required to obtain 40 hours of continuing care by considering which of the following?
professional Needs and expectations of I. engagement clients
education each year and a minimum of 120 hours over a 3-year II. Relative complexity and extent of work needed
period. III. Cost of the consulting engagement
A. A. I and II.
B. CIAs have formal requirements that must be met in order to B. II and III.
continue as CIAs. C. I and III.
Attendance, as an officer or committee member, at formal IIA D. I, II, and III.
meetings does not Answer (A) is incorrect. The internal auditor also must consider the
meet the criteria of continuing professional development. cost of the
C. consulting engagement in relation to the potential benefits when
In-house programs meet continuing professional education exercising due
requirements only if professional care on a consulting engagement.
they have been preapproved by The IIA. Answer (B) is incorrect. The internal auditor also must consider the
D. needs and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics expectations of engagement clients, including the nature, timing, and
(720 questions) communication of engagement results, when exercising due
Copyright 2013 Gleim Publications Inc. Page 115 professional care on a
Printed for Sanja Knezevic consulting engagement.
Answer (A) is incorrect. The Standards do not state formal hour Answer (C) is incorrect. The internal auditor also must consider the
requirements for relative
internal auditors. The intent of the Standards is to provide flexibility in complexity and extent of work needed to achieve the engagement’s
meeting the objectives
requirements. when exercising due professional care on a consulting engagement.
Answer (B) is correct. Internal auditors must enhance their Answer (D) is correct. The internal auditor must exercise due
knowledge, skills, and professional care
other competencies through continuing professional development during a consulting engagement by considering the
(Attr. Std. 1230). To Needs and expectations of engagement clients, including the nature,
maintain the CIA designation, the CIA must commit to a formal timing,
program of continuing and communication of engagement results.
Relative complexity and extent of work needed to achieve the adequate operating standards is a governance process.
engagement’s Answer (C) is incorrect. Internal auditors cannot provide absolute
objectives. assurance
Cost of the consulting engagement in relation to potential benefits regarding irregularities.
(Impl. Std. Answer (D) is incorrect. Establishing suitable criteria of education
1220.C1). and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience for filling internal auditing positions pertains to
(720 questions) proficiency, not due
Copyright 2013 Gleim Publications Inc. Page 116 professional care.
fb.com/ciaaofficial An internal auditor has some suspicion of, but no information about,
[211] Gleim #: 2.6.110 potential
An internal auditor must exercise due professional care in performing misstatement of financial statements. The internal auditor fails to
engagements. exercise due
Due professional care includes professional care by
Establishing direct communication between the chief audit executive Identifying potential ways in which a misstatement could occur and
and the ranking the
board. items for investigation.
A. A.
Evaluating established operating standards and determining whether Informing the engagement manager of the suspicions and asking for
those advice on
standards are adequate. how to proceed.
B. B.
Accumulating sufficient information so that the internal auditor can Not testing for possible misstatement because the engagement work
give absolute program had
assurance that irregularities do not exist. already been approved by engagement management.
C. C.
Establishing suitable criteria of education and experience for filling Expanding the engagement work program, without the engagement
internal client’s
auditing positions. approval, to address the highest ranked ways in which a
D. misstatement may have
Answer (A) is incorrect. Direct communication between the CAE occurred.
and the board D.
relates to independence rather than to due professional care. Answer (A) is incorrect. Ranking the ways in which a misstatement
Answer (B) is correct. In the exercise of due professional care, an could occur
internal auditor is consistent with the standard of due professional care.
must, among other things, consider the adequacy and effectiveness Answer (B) is incorrect. Seeking advice is consistent with exercising
of governance, the standard
risk management, and control processes (Impl. Std. 1220.A1). of due professional care.
Establishing
Answer (C) is correct. Internal auditors must apply the care and skill to provide reasonable assurance to the various stakeholders of the
expected of internal audit
a reasonably prudent and competent internal auditor (Attr. Std. activity that it (1) performs in accordance with its charter, (2) operates
1220). effectively
Engagement work programs are expected to be modified to reflect and efficiently, and (3) is perceived by the stakeholders as adding
changing value and
circumstances. Thus, the internal auditor fails to exercise due improving operations. These processes include appropriate
professional care by supervision, periodic
not investigating a suspected misstatement solely because the work internal assessments and ongoing monitoring of quality assurance,
program had and periodic
already been approved. external assessments (PA 1300-1, para. 2).
Answer (D) is incorrect. The internal auditor does not need the Answer (D) is incorrect. Proper training is a feedforward, not a
engagement feedback, control.
client’s approval to expand the engagement work program. [214] Gleim #: 2.7.113
Gleim CIA Test Prep: Part 1 - Internal Audit Basics An individual became head of the internal audit activity of an
(720 questions) organization 1 week
Copyright 2013 Gleim Publications Inc. Page 117 ago. An engagement client has come to the person complaining
Printed for Sanja Knezevic vigorously that one of
[213] Gleim #: 2.7.112 the internal auditors is taking up an excessive amount of client time
A quality assurance and improvement program of an internal audit on an engagement
activity provides that seems to be lacking a clear purpose. In handling this conflict
reasonable assurance that internal auditing work is performed in with a client, the
accordance with its person should consider
charter. Which of the following are designed to provide feedback on A. Discounting what is said, but documenting the complaint.
the effectiveness Whether existing procedures within the internal audit activity provide
of an internal audit activity? for proper
I. Proper supervision planning and quality assurance.
II. Proper training B.
III. Internal reviews Presenting an immediate defense of the internal auditor based upon
IV. External reviews currently
A. I, II, and III only. known facts.
B. II, III, and IV only. C.
C. I, III, and IV only. D. Promising the client that the internal auditor will finish the work
D. I, II, III, and IV. within 1 week.
Answer (A) is incorrect. Proper training is a feedforward, not a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
feedback, control. (720 questions)
Answer (B) is incorrect. Proper training is a feedforward, not a Copyright 2013 Gleim Publications Inc. Page 118
feedback, control. Printed for Sanja Knezevic
Answer (C) is correct. A quality assurance and improvement fb.com/ciaaofficial
program is designed
Answer (A) is incorrect. The CAE has responsibilities for planning Answer (B) is incorrect. Internal assessment is an element of a
engagement work quality program.
schedules and maintaining a quality assurance and improvement Answer (C) is incorrect. Supervision is an element of a quality
program and cannot program. Ongoing
afford to ignore a potentially valid complaint. reviews are internal assessments that include engagement
Answer (B) is correct. The CAE should examine departmental supervision.
procedures and the Answer (D) is incorrect. External assessment is an element of a
conduct of the specific engagement mentioned to ascertain that quality program.
proper planning and [216] Gleim #: 2.7.115
quality assurance procedures are in place and are being followed. Assessment of a quality assurance and improvement program
Answer (C) is incorrect. Taking a defensive position with the client should include
stifles evaluation of all of the following except
communication, hampers future engagement involvements, and A. Adequacy of the oversight of the work of external auditors.
ignores basic B. Conformance with the Standards and Code of Ethics.
responsibilities for managing the internal audit activity. C. Adequacy of the internal audit activity’s charter.
Answer (D) is incorrect. Making a promise to end the work within a D. Contribution to the organization’s governance processes.
specified time Gleim CIA Test Prep: Part 1 - Internal Audit Basics
without knowledge of the work schedule jeopardizes the authority of (720 questions)
the CAE and the Copyright 2013 Gleim Publications Inc. Page 119
internal audit activity in the current and future engagements. The Printed for Sanja Knezevic
CAE has an Answer (A) is correct. Oversight of the work of external auditors,
obligation to assure that adequate time is allowed for achieving including
engagement objectives. coordination with the internal audit activity, is the responsibility of the
[215] Gleim #: 2.7.114 board (PA
The chief audit executive should develop and maintain a quality 2050-1, para. 1). It is not within the scope of the process for
assurance and monitoring and assessing
improvement program that covers all aspects of the internal audit the quality program.
activity and Answer (B) is incorrect. Conformance with the Definition of Internal
continuously monitors its effectiveness. All of the following are Auditing,
included in a quality Standards, and Code of Ethics, including timely corrective actions to
program except remedy any
Annual appraisals of individual internal auditors’ A. performance. significant instances of nonconformance, is an element of the
B. Periodic internal assessment. assessment of a quality
C. Supervision. program.
D. Periodic external assessments. Answer (C) is incorrect. Adequacy of the internal audit activity’s
Answer (A) is correct. Appraising each internal auditor’s work at charter, goals,
least annually is objectives, policies, and procedures is an element of the assessment
properly a function of the human resources program of the internal of a quality
audit activity. program.
Answer (D) is incorrect. Contribution to the organization’s Printed for Sanja Knezevic
governance, risk fb.com/ciaaofficial
management, and control processes is an element of the Answer (A) is incorrect. Senior management is not responsible for
assessment of a quality the quality
program. assurance and improvement program for the internal audit activity.
[217] Gleim #: 2.7.116 Answer (B) is correct. The chief audit executive must develop and
The internal audit activity’s quality assurance and improvement maintain a quality
program is the assurance and improvement program that covers all aspects of the
responsibility of internal audit
A. External auditors. activity (Attr. Std.1300).
B. The chief audit executive. Answer (C) is incorrect. The directors are not responsible for the
C. The board. quality assurance
D. The audit committee. and improvement program for the internal audit activity.
Answer (A) is incorrect. External auditors may perform an external Answer (D) is incorrect. The audit committee is not responsible for
assessment, the quality
but the CAE is responsible for it. assurance and improvement program for the internal audit activity.
Answer (B) is correct. The chief audit executive must develop and [219] Gleim #: 2.8.118
maintain a At what minimal required frequency does the chief audit executive
quality assurance and improvement program that covers all aspects report the results of
of the internal internal assessments in the form of ongoing monitoring to senior
audit activity (Attr. Std. 1300). management and the
Answer (C) is incorrect. The CAE may report results to the board, board?
but the A. Monthly.
program is the CAE’s responsibility. B. Quarterly.
Answer (D) is incorrect. The CAE may report results to the audit C. Annually.
committee, but D. Biennially.
the program is the CAE’s responsibility. Answer (A) is incorrect. The CAE may report on a monthly basis,
[218] Gleim #: 2.7.117 but the
Which of the following is responsible for developing and maintaining minimal requirement for reporting is annually.
a quality Answer (B) is incorrect. The CAE may report on a quarterly basis,
assurance and improvement program that covers all aspects of the but the
internal audit minimal requirement for reporting is annually.
activity and continuously monitors its effectiveness? Answer (C) is correct. To demonstrate conformance with the
A. Senior management. mandatory IIA
B. Chief audit executive. guidance, the results of external and periodic internal assessments
C. The board of directors. are
D. Audit committee. communicated upon completion of such assessments and the results
Gleim CIA Test Prep: Part 1 - Internal Audit Basics of ongoing
(720 questions) monitoring are communicated at least annually (Inter. Std. 1320).
Answer (D) is incorrect. The CAE is required to report more When is initial use of the conformance phrase by internal auditors
frequently than appropriate?
every 2 years. After an internal review completed within A. the past 5 years.
[220] Gleim #: 2.8.119 B. After an external review completed within the past 10 years.
Internal auditors may report that their activities conform with the C. After an internal review completed within the past 10 years.
Standards. They may D. After an external review completed within the past 5 years.
use this statement only if Answer (A) is incorrect. An internal audit activity must have an
A. It is supported by the results of the quality program. external
An independent external assessment of the internal audit activity is assessment every 5 years.
conducted Answer (B) is incorrect. Initial use of the conformance phrase
annually. requires the
B. completion of an external assessment within the past 5 years.
Senior management or the board is accountable for implementing a Answer (C) is incorrect. Initial use of the conformance phrase
quality requires the
program. completion of an external assessment within the past 5 years.
C. Answer (D) is correct. The chief audit executive may state that the
D. External assessments of the internal audit activity are made by internal audit
external auditors. activity conforms with the International Standards for the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Professional Practice
(720 questions) of Internal Auditing only if the results of the quality assurance and
Copyright 2013 Gleim Publications Inc. Page 121 improvement
Printed for Sanja Knezevic program support this statement (Attr. Std. 1321). To use the phrase,
Answer (A) is correct. The chief audit executive may state that the the chief audit
internal audit executive of an internal audit activity in existence for at least 5 years
activity conforms with the International Standards for the must have
Professional Practice of the results of an external assessment within that period.
Internal Auditing only if the results of the quality assurance and [222] Gleim #: 2.8.121
improvement program Following an external assessment of the internal audit activity, who is
support this statement (Attr. Std. 1321). (are)
Answer (B) is incorrect. An independent external assessment of the responsible for communicating the results to the board?
internal audit A. Internal auditors.
activity must be conducted at least once every 5 years. B. Audit committee.
Answer (C) is incorrect. The CAE must develop and maintain a C. Chief audit executive.
QAIP that covers all D. External auditors.
aspects of the internal audit activity. Answer (A) is incorrect. The chief audit executive (not internal
Answer (D) is incorrect. Assessments also may be made by others auditors) is
who are (1) responsible for communicating the results of external assessments to
independent, (2) qualified, and (3) from outside the organization. the board.
[221] Gleim #: 2.8.120 Answer (B) is incorrect. The chief audit executive (not the audit
committee) is
responsible for communicating the results of external assessments to Internal Auditing and the Standards, and application of the Code of
the board. Ethics, the
Answer (C) is correct. The chief audit executive must communicate results of external and periodic internal assessments are
the results of communicated upon
the QAIP to senior management and the board (Attr. Std. 1320). completion of such assessments and the results of ongoing
Answer (D) is incorrect. The chief audit executive (not external monitoring are
auditors) is communicated at least annually. The results include the assessor’s
responsible for communicating the results of external assessments to or assessment
the board. team’s evaluation with respect to the degree of conformance” (Inter.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Std. 1320).
(720 questions) Answer (C) is incorrect. The results of periodic internal assessments
Copyright 2013 Gleim Publications Inc. Page 122 are
Printed for Sanja Knezevic communicated upon their completion.
fb.com/ciaaofficial Answer (D) is incorrect. The results of ongoing monitoring are
[223] Gleim #: 2.8.122 communicated at
To demonstrate conformance of the internal audit activity with the least annually.
mandatory [224] Gleim #: 2.9.123
guidance of The IIA, Which of the following is part of an internal audit activity’s quality
The chief audit executive determines the form and content of the assurance
results program, rather than being included as part of other responsibilities
communicated. of the chief audit
A. executive (CAE)?
The results of external assessments are communicated upon B. their The CAE provides information about and access to internal audit
completion. working papers
C. The results of periodic internal assessments are communicated at to the external auditors to enable them to understand and determine
least annually. the degree to
D. The results of ongoing monitoring are communicated upon their which they may rely on the internal auditors’ work.
completion. A.
Answer (A) is incorrect. The form, content, and frequency of Management approves a formal charter establishing the purpose,
communicating the authority, and
results of the quality assurance and improvement program is responsibility of the internal audit activity.
established through B.
discussions with senior management and the board and considers C. Each individual internal auditor’s performance is appraised at
the least annually.
responsibilities of the internal audit activity and chief audit executive Supervision of an internal auditor’s work is performed throughout
as contained each audit
in the internal audit charter. engagement.
Answer (B) is correct. “To demonstrate conformance with the D.
Definition of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 123 reviews report to the CAE while performing the reviews and
Printed for Sanja Knezevic communicate results
Answer (A) is incorrect. Providing working papers to the external directly to the CAE (PA 1311-1, para. 7).
auditors relates to Answer (C) is incorrect. The CAE shares information about internal
the responsibility of the CAE to coordinate with external auditors. assessments
Answer (B) is incorrect. A CAE’s responsibility to seek approval of a with appropriate persons outside the internal audit activity, such as
charter to senior
establish the authority, purpose, and responsibility of the internal management.
audit activity is not Answer (D) is incorrect. Results ordinarily are communicated
part of a quality assurance program. directly to the
Answer (C) is incorrect. Individual performance appraisals are part CAE. Given a self-assessment, reporting to the internal audit staff
of a CAE’s essentially
responsibility for personnel management and development. involves having the staff report to itself.
Answer (D) is correct. The CAE develops and maintains a quality [226] Gleim #: 2.9.125
assurance and As a part of a quality program, internal assessment teams most likely
improvement program (Attr. Std. 1300) that includes ongoing and will examine
periodic which of the following to evaluate the quality of engagement planning
assessments (PA 1300-1, para. 2). Ongoing monitoring is and
incorporated into the routine documentation for individual engagements?
policies and practices used to manage the internal audit activity. A. Written engagement work programs.
Engagement B. Project assignment documentation.
supervision is among the processes and tools used in ongoing C. Weekly status reports.
internal assessments (PA D. The long-range engagement work schedule.
1311-1, para. 1). Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[225] Gleim #: 2.9.124 (720 questions)
Ordinarily, those conducting internal quality program assessments Copyright 2013 Gleim Publications Inc. Page 124
report to Printed for Sanja Knezevic
A. The board. fb.com/ciaaofficial
B. The chief audit executive. Answer (A) is correct. Internal assessments must include ongoing
C. Senior management. monitoring of the
D. The internal audit staff. performance of the internal audit activity and periodic self-
Answer (A) is incorrect. At least annually, the CAE reports the assessments or assessments
results of internal by other persons within the organization with sufficient knowledge of
assessments to the board. internal auditing
Answer (B) is correct. The CAE establishes a structure for reporting practices (Attr. Std. 1311). The processes and tools used in ongoing
results of internal
internal assessments that maintains appropriate credibility and assessments include, among other things, selective peer reviews of
objectivity. working papers by
Generally, those assigned responsibility for conducting ongoing and staff not involved in the respective audits (PA 1311-1, para. 1).
periodic
Answer (B) is incorrect. Project assignment documentation contains Copyright 2013 Gleim Publications Inc. Page 125
less relevant Printed for Sanja Knezevic
information for assessment purposes than work programs. Answer (A) is incorrect. An internal assessment will identify tasks
Answer (C) is incorrect. Status reports do not bear directly on that can be
planning. performed better.
Answer (D) is incorrect. The long-range engagement work schedule Answer (B) is incorrect. An internal assessment will determine
does not relate to whether internal audit
planning and documentation for individual engagements. services meet professional standards.
[227] Gleim #: 2.9.126 Answer (C) is incorrect. An internal assessment will set forth
Periodic internal assessments of the internal audit activity primarily recommendations for
serve the needs of improvement.
The A. board of directors. Answer (D) is correct. External assessments must be conducted at
B. The internal audit activity’s staff. least once every 5
C. The chief audit executive (CAE). years by a qualified, independent reviewer or review team from
D. Senior management. outside the
Answer (A) is incorrect. The directors are secondary users of a organization (Attr. Std. 1312). Individuals who perform the external
periodic internal assessment are
assessment. free of any obligation to, or interest in, the organization whose
Answer (B) is incorrect. The internal audit activity staff are internal audit activity is
secondary users of a assessed (PA 1312-1, para. 5).
periodic internal assessment. [229] Gleim #: 2.9.128
Answer (C) is correct. Those conducting internal assessments External assessment of an internal audit activity is not likely to
generally should evaluate
report to the CAE while performing the reviews and communicate Adherence to the internal audit A. activity’s charter.
directly to the B. Conformance with the Standards.
CAE (PA 1311-1, para. 7). C. Detailed cost-benefit analysis of the internal audit activity.
Answer (D) is incorrect. Senior management is a secondary user of D. The tools and techniques employed by the internal audit activity.
a periodic Answer (A) is incorrect. Adherence to the internal audit activity’s
internal assessment. charter is
[228] Gleim #: 2.9.127 within the broad scope of coverage of the external assessment.
Quality program assessments may be performed internally or Answer (B) is incorrect. Conformance with the Standards is within
externally. A the broad
distinguishing feature of an external assessment is its objective to scope of coverage of the external assessment.
A. Identify tasks that can be performed better. Answer (C) is correct. The external assessment has a broad scope
B. Determine whether internal audit services meet professional of coverage
standards. that includes, among other things, conformance with The IIA’s
C. Set forth the recommendations for improvement. mandatory
D. Provide independent assurance. guidance and the internal audit activity’s charter, plans, policies,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics procedures,
(720 questions)
practices, and applicable legislative and regulatory requirements; performed (or that should have been performed under its charter),
and the including (but not
expectations of the internal audit activity expressed by the board, limited to) conformance with the Definition of Internal Auditing, the
senior Code of Ethics,
management, and operational managers (PA 1312-1, para. 10). and the Standards. An external assessment also includes, as
However, the costs appropriate,
and benefits of internal auditing are neither easily quantifiable nor the recommendations for improvement (PA 1312-1, para. 2).
subject of [231] Gleim #: 2.9.130
an external assessment. The interpretation related to quality assurance given by the
Answer (D) is incorrect. The tools and techniques of the internal Standards is that
audit activity are External assessments can provide senior management and the
within the broad scope of coverage of the external assessment. board with
[230] Gleim #: 2.9.129 independent assurance about the quality of the internal audit activity.
An external assessment of an internal audit activity contains an A.
expressed opinion. The Appropriate follow-up to an external assessment is the responsibility
opinion applies of the chief
A. Only to the internal audit activity’s conformance with the audit executive’s immediate supervisor.
Standards. B.
B. Only to the effectiveness of the internal auditing coverage. The internal audit activity is primarily measured against The IIA’s C.
C. Only to the adequacy of internal control. Code of Ethics.
D. To the entire spectrum of assurance and consulting work. Supervision is limited to the planning, examination, evaluation,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics communication,
(720 questions) and follow-up process.
Printed for Sanja Knezevic Answer (A) is correct. External assessments provide an
fb.com/ciaaofficial independent and
Answer (A) is incorrect. An opinion is expressed on all assurance objective evaluation of the internal audit activity’s compliance with
and consulting the Standards
work performed (or that should have been performed under its and Code of Ethics.
charter). Answer (B) is incorrect. The communication of final results of an
Answer (B) is incorrect. The scope of an external assessment external
extends to more than the assessment should include the CAE’s responses. These include an
effectiveness of the internal auditing coverage. action plan and
Answer (C) is incorrect. An external assessment addresses the implementation dates. Moreover, the results are communicated to
internal audit activity, the stakeholders
not the adequacy of the organization’s controls. of the internal audit activity, such as senior management, the board,
Answer (D) is correct. External assessments of an internal audit and the
activity contain an external auditors.
expressed opinion as to the entire spectrum of assurance and Answer (C) is incorrect. The external assessment considers the
consulting work internal audit
activity’s conformance with the Definition of Internal Auditing, the actions are undertaken.
Standards, A.
and the Code of Ethics. Are communicated to employees in writing and are updated by
Answer (D) is incorrect. Supervision begins with planning and operating
continues personnel as conditions change.
throughout the engagement. B.
[232] Gleim #: 3.1.1 Policies and procedures for activities are set out in manuals for use
Which of the following is not implied by the definition of control? by properly
A. Measurement of progress toward goals. trained personnel.
B. Uncovering of deviations from plans. C.
C. Assignment of responsibility for deviations. Internal reviews as to the propriety and effectiveness of the
D. Indication of the need for corrective action. objectives are
Gleim CIA Test Prep: Part 1 - Internal Audit Basics undertaken on a periodic basis by the internal audit activity.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 127 Answer (A) is correct. The elements of control include (1)
Printed for Sanja Knezevic establishing standards
Answer (A) is incorrect. Measurement of progress toward goals is for the operation to be controlled, (2) measuring performance against
implied by the the
definition of control. standards, (3) examining and analyzing deviations, (4) taking
Answer (B) is incorrect. Uncovering of deviations from plans is corrective action,
implied by the and (5) reappraising the standards based on experience. These
definition of control. elements of control
Answer (C) is correct. The elements of control include (1) provide reasonable assurance to management that established
establishing standards for objectives and goals
the operation to be controlled, (2) measuring performance against will be achieved.
the standards, (3) Answer (B) is incorrect. More than simply the establishment and
examining and analyzing deviations, (4) taking corrective action, and communication
(5) reappraising of objectives is required for effective control.
the standards based on experience. Thus, assigning responsibility Answer (C) is incorrect. The essential elements of adoption of
for deviations found standards,
is not a part of the controlling function. comparison, and corrective action are also needed.
Answer (D) is incorrect. Indication of the need for corrective action Answer (D) is incorrect. The essential elements of adoption of
is implied by the standards,
definition of control. comparison, and corrective action are also needed.
Controls provide assurance to management that desired actions will (720 questions)
be accomplished Copyright 2013 Gleim Publications Inc. Page 128
when objectives are established in writing and Printed for Sanja Knezevic
Standards are adopted, results are compared with the standards, fb.com/ciaaofficial
and corrective [234] Gleim #: 3.1.3
An internal auditor is examining inventory control in a merchandising A. Planning looks to the future; controlling is concerned with the past.
division with B. Planning and controlling are completely independent of each
annual sales of US $3,000,000 and a 40% gross profit rate. Tests other.
show that 2% of the Planning prevents problems; controlling is initiated by problems that
monetary amount of purchases do not reach inventory because of have
breakage and occurred.
employee theft. Adding certain controls costing US $35,000 annually C.
could reduce D. Controlling cannot operate effectively without the tools provided
these losses to .5% of purchases. Should the controls be by planning.
recommended? Answer (A) is incorrect. A control system looks to the future when it
Yes, because the projected saving exceeds the cost of A. the added provides for
controls. corrective action and review and revision of standards.
B. No, because the cost of the added controls exceeds the projected Answer (B) is incorrect. Planning and controlling overlap.
savings. Answer (C) is incorrect. Comprehensive planning includes creation
C. Yes, because the ideal system of internal control is the most of controls.
extensive one. Answer (D) is correct. Control is the process of making certain that
Yes, regardless of cost-benefit considerations, because the situation plans are
involves achieving the desired objectives. The elements of control include (1)
employee theft. establishing
D. standards for the operation to be controlled, (2) measuring
Answer (A) is incorrect. The cost exceeds the benefit. performance against
Answer (B) is correct. Controls must be subject to the cost-benefit the standards, (3) examining and analyzing deviations, (4) taking
criterion. The corrective
annual cost of these inventory controls is US $35,000, but the cost action, and (5) reappraising the standards based on experience.
savings is only Planning provides
US $27,000 {(2.0% – 0.5%) × [$3,000,000 sales × (1.0 – 0.4 gross needed tools for the control process by establishing standards, i.e.,
profit rate)]}. the first step.
Hence, the cost exceeds the benefit, and the controls should not be Gleim CIA Test Prep: Part 1 - Internal Audit Basics
recommended. (720 questions)
Answer (C) is incorrect. The ideal system is subject to the cost- Copyright 2013 Gleim Publications Inc. Page 129
benefit criterion. Printed for Sanja Knezevic
The most extensive system of internal controls may not be cost [236] Gleim #: 3.1.5
effective. Which of the following best defines control?
Answer (D) is incorrect. Cost-benefit considerations apply even to Control is the result of proper planning, organizing, and directing A.
employee by management.
theft. B. Controls are statements of what the organization chooses to
[235] Gleim #: 3.1.4 accomplish.
Which of the following statements best describes the relationship Control is provided when cost-effective measures are taken to
between planning restrict deviations
and controlling? to a tolerable level.
C. Control procedures should be designed from the “bottom up” to
Control accomplishes objectives and goals in an accurate, timely, ensure attention
and economical to detail.
fashion. D.
D. Answer (A) is incorrect. Termination of employees who perform
Answer (A) is correct. A control is “any action taken by management, unsatisfactorily
the board, is not a comprehensive definition of control.
and other parties to manage risk and increase the likelihood that Answer (B) is correct. A control is any action taken by management,
established the board,
objectives and goals will be achieved” (The IIA Glossary). Thus, and other parties to manage risk and increase the likelihood that
control is the established
result of proper planning, organizing, and directing by management. objectives and goals will be achieved (IIA Glossary).
Answer (B) is incorrect. Established objectives and goals are what Answer (C) is incorrect. Control is not limited to processing.
the Moreover, it should
organization chooses to accomplish. be designed by management, the board, and others, not by internal
Answer (C) is incorrect. The internal audit activity evaluates the auditors. The
efficiency of internal auditor’s objectivity is impaired by designing such systems.
controls, but the definition of control addresses effectiveness in Answer (D) is incorrect. Some control procedures may be designed
achieving from the
objectives and goals. bottom up, but the concept of control flows from management and
Answer (D) is incorrect. Efficient performance accomplishes the board down
objectives and goals through the organization.
in an accurate, timely, and economical fashion. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[237] Gleim #: 3.1.6 (720 questions)
Internal auditors regularly evaluate controls. Which of the following Copyright 2013 Gleim Publications Inc. Page 130
best describes the Printed for Sanja Knezevic
concept of control as recognized by internal auditors? fb.com/ciaaofficial
Management regularly discharges personnel who do not perform up [238] Gleim #: 3.1.7
to Specific airline ticket information, including fare, class, purchase
expectations. date, and lowest
A. available fare options, as prescribed in the organization’s travel
Management takes action to enhance the likelihood that established policy, is obtained and
goals and reported to department management when employees purchase
objectives will be achieved. airline tickets from the
B. organization’s authorized travel agency. Such a report provides
Control represents specific procedures that accountants and internal information for
auditors Quality of performance in relation to the organization’s A. travel
design to ensure the correctness of processing. policy.
C. B. Identifying costs necessary to process employee business
expense report data.
C. Departmental budget-to-actual comparisons. According to The IIA Glossary appended to the Standards, which of
D. Supporting employer’s business expense deductions. the following are
Answer (A) is correct. Comparison of actual performance against a most directly designed to ensure that risks are contained?
standard A. Risk management processes.
provides information for assessing quality of performance. B. Internal audit activities.
Answer (B) is incorrect. This ticket information is preliminary; C. Control processes.
employees may D. Governance processes.
change tickets and routings prior to their trip. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (C) is incorrect. Departmental budget-to-actual comparisons (720 questions)
do not Copyright 2013 Gleim Publications Inc. Page 131
necessarily reflect the actual costs ultimately incurred. Printed for Sanja Knezevic
Answer (D) is incorrect. Supporting expense deductions may not Answer (A) is incorrect. Risk management is a process to identify,
necessarily assess, manage,
reflect actual costs. and control potential events or situations to provide reasonable
[239] Gleim #: 3.1.8 assurance regarding the
The actions taken to manage risk and increase the likelihood that achievement of the organization’s objectives.
established Answer (B) is incorrect. An internal audit activity is a department,
objectives and goals will be achieved are best described as division, team of
A. Supervision. consultants, or other practitioner(s) that provides independent,
B. Quality assurance. objective assurance and
C. Control. consulting services designed to add value and improve an
D. Compliance. organization’s operations.
Answer (A) is incorrect. Supervision is just one means of achieving Answer (C) is correct. Control processes are the policies,
control. procedures, and activities
Answer (B) is incorrect. Quality assurance relates to just one set of that are part of a control framework, designed to ensure that risks are
objectives and contained within
goals. It does not pertain to achievement of all established the risk tolerances established by the risk management process.
organizational Answer (D) is incorrect. Governance is the combination of
objectives and goals. processes and structures
Answer (C) is correct. Control is “any action taken by management, implemented by the board to inform, direct, manage, and monitor the
the board, activities of the
and other parties to manage risk and increase the likelihood that organization toward the achievement of its objectives.
established [241] Gleim #: 3.2.10
objectives and goals will be achieved” (The IIA Glossary). The requirement that purchases be made from suppliers on an
Answer (D) is incorrect. Compliance is “adherence to policies, approved vendor list is
plans, procedures, an example of a
laws, regulations, contracts, or other requirements” (The IIA A. Preventive control.
Glossary). B. Detective control.
[240] Gleim #: 3.1.9 C. Corrective control.
D. Monitoring control.
Answer (A) is correct. Preventive controls are actions taken prior to Copyright 2013 Gleim Publications Inc. Page 132
the Printed for Sanja Knezevic
occurrence of transactions with the intent of stopping events that will fb.com/ciaaofficial
have [243] Gleim #: 3.2.12
negative effects from occurring. Use of an approved vendor list is a The procedure requiring preparation of a prelisting of incoming cash
control to receipts, with
prevent the use of unacceptable suppliers. copies of the prelist going to the cashier and to accounting, is an
Answer (B) is incorrect. A detective control identifies errors after example of which
they have type of control?
occurred. A. Preventive.
Answer (C) is incorrect. Corrective controls correct the problems B. Corrective.
identified by C. Detective.
detective controls. D. Directive.
Answer (D) is incorrect. Monitoring controls are designed to ensure Answer (A) is correct. A prelisting of cash receipts in the form of
the quality of checks is a
the control system’s performance over time. preventive control. It is intended to deter undesirable events from
[242] Gleim #: 3.2.11 occurring.
Controls that are designed to provide management with assurance of Because irregularities involving cash most likely take place before
the realization of receipts are
specified minimum gross margins on sales are recorded, either remittance advices or a prelisting of checks should
A. Directive controls. be prepared in
B. Preventive controls. the mailroom so as to establish recorded accountability for cash as
C. Detective controls. soon as
D. Output controls. possible. A cash register tape is a form of prelisting for cash received
Answer (A) is correct. The objective of directive controls is to cause over the
or encourage counter. One copy of a prelisting will go to accounting for posting to
desirable events to occur, e.g., providing management with the cash
assurance of the receipts journal, and another is sent to the cashier for reconciliation
realization of specified minimum gross margins on sales. with checks
Answer (B) is incorrect. Preventive controls deter undesirable and currency received.
events from Answer (B) is incorrect. A corrective control remedies an error or
occurring. irregularity.
Answer (C) is incorrect. Detective controls uncover and correct Answer (C) is incorrect. A detective control uncovers an error or
undesirable irregularity that
events that have occurred. has already occurred.
Answer (D) is incorrect. Output controls relate to the accuracy and Answer (D) is incorrect. A directive control causes or encourages a
reasonableness of information processed by a system, not to desirable
operating controls. event.
(720 questions)
Controls may be classified according to the function they are D. Application control.
intended to perform, for Answer (A) is correct. Feedforward controls anticipate and prevent
example, as detective, preventive, or directive. Which of the following problems.
is a directive Policies and procedures serve as feedforward controls because they
control? provide
A. Monthly bank statement reconciliations. guidance on how an activity should be performed to best ensure that
B. Dual signatures on all disbursements over a specific amount. an objective
C. Recording every transaction on the day it occurs. is achieved.
D. Requiring all members of the internal audit activity to be CIAs. Answer (B) is incorrect. Implementation controls are applied during
Answer (A) is incorrect. Monthly bank statement reconciliation is a systems
detective development.
control. The events audited have already occurred. Answer (C) is incorrect. Policies and procedures provide primary
Answer (B) is incorrect. Requiring dual signatures on all guidance before
disbursements over a and during the performance of some task rather than give feedback
specific amount is a preventive control. The control is designed to on its
deter an accomplishment.
undesirable event. Answer (D) is incorrect. Application controls apply to specific
Answer (C) is incorrect. Recording every transaction on the day it applications, e.g.,
occurs is a payroll or accounts payable.
preventive control. The control is designed to deter an undesirable [246] Gleim #: 3.2.15
event. Managerial control can be divided into feedforward, concurrent, and
Answer (D) is correct. Requiring all members of the internal audit feedback
activity to be controls. Which of the following is an example of a feedback control?
CIAs is a directive control. The control is designed to cause or A. Quality control training.
encourage a B. Budgeting.
desirable event to occur. The requirement enhances the C. Forecasting inventory needs.
professionalism and level D. Variance analysis.
of expertise of the internal audit activity. Answer (A) is incorrect. Quality control training is a feedforward, or
Gleim CIA Test Prep: Part 1 - Internal Audit Basics futuredirected,
(720 questions) control.
Copyright 2013 Gleim Publications Inc. Page 133 Answer (B) is incorrect. Budgeting is a feedforward, or future-
Printed for Sanja Knezevic directed, control.
[245] Gleim #: 3.2.14 Answer (C) is incorrect. Forecasting inventory needs is a
An organization’s policies and procedures are part of its overall feedforward, or futuredirected,
system of internal control.
controls. The control function performed by policies and procedures Answer (D) is correct. A feedback control measures actual
is performance, i.e.,
A. Feedforward control. something that has already occurred, to ensure that a desired future
B. Implementation control. state is
C. Feedback control.
attained. It is used to evaluate past activity to improve future [248] Gleim #: 3.2.17
performance. A As part of a total quality control program, a firm not only inspects
variance is a deviation from a standard. Hence, variance analysis is finished goods but
a feedback also monitors product returns and customer complaints. Which type
control. of control best
[247] Gleim #: 3.2.16 describes these efforts?
The operations manager of a company notified the treasurer of that A. Feedback control.
organization 60 B. Feedforward control.
days in advance that a new, expensive piece of machinery was going C. Production control.
to be purchased. D. Inventory control.
This notification allowed the treasurer to make an orderly liquidation Answer (A) is correct. A feedback control measures actual
of some of the performance,
company’s investment portfolio on favorable terms. What type of something that has already occurred, to ensure that a desired future
control was state is
involved? attained. It is used to evaluate the past to improve future
A. Feedback. performance. Inspecting
B. Strategic. finished goods, monitoring product returns, and evaluating
C. Concurrent. complaints are postaction
D. Feedforward. controls intended to eliminate deviations in future cycles of the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics process
(720 questions) under control.
Copyright 2013 Gleim Publications Inc. Page 134 Answer (B) is incorrect. Feedforward controls anticipate problems
Printed for Sanja Knezevic before they
fb.com/ciaaofficial occur.
Answer (A) is incorrect. Feedback controls apply to decision making Answer (C) is incorrect. Customer complaints are not part of
based on production control.
evaluations of past performance. Answer (D) is incorrect. The three types of control are feedforward,
Answer (B) is incorrect. Strategic controls are broad-based and concurrent,
affect an organization and feedback.
over a long period. They apply to such long-term variables as quality [249] Gleim #: 3.2.18
and R&D. The use of financial statement analysis, quality control procedures,
Answer (C) is incorrect. Concurrent controls adjust ongoing and employee
processes. performance evaluations are all examples of
Answer (D) is correct. Feedforward controls provide for the active A. Preliminary controls.
anticipation of B. Concurrent controls.
problems so that they can be avoided or resolved in a timely manner. C. Feedback controls.
Another example D. Feedforward controls.
is the quality control inspection of raw materials and work-in-process Answer (A) is incorrect. Feedforward (preliminary) controls
to avoid anticipate and avoid
defective finished goods. future performance problems, e.g., budgeting.
Answer (B) is incorrect. Concurrent controls are applied midstream, [251] Gleim #: 3.2.20
e.g., Of the following, the controls that are often difficult for internal
inspection on an assembly line. auditors to evaluate
Answer (C) is correct. A feedback control operates to provide because of the lack of criteria or standards are
information about A. Preventive controls.
processes that have already occurred. B. Financial controls.
Answer (D) is incorrect. Feedforward (preliminary) controls C. Corrective controls.
anticipate and avoid D. Operating controls.
future performance problems, e.g., budgeting. Answer (A) is incorrect. Preventive controls keep loss exposures
Gleim CIA Test Prep: Part 1 - Internal Audit Basics from occurring.
(720 questions) They include not only operating controls but also those for which
Copyright 2013 Gleim Publications Inc. Page 135 quantifiable
Printed for Sanja Knezevic standards are readily determined.
[250] Gleim #: 3.2.19 Answer (B) is incorrect. Financial controls, e.g., a budget, are
The internal audit activity of an organization is an integral part of the subject to
organization’s quantifiable standards that are relatively easy to measure.
risk management, control, and governance processes because it Answer (C) is incorrect. Corrective controls are post-detection or
evaluates and remedial
contributes to the improvement of those processes. Select the type controls. They may include controls for which standards are easily
of control provided defined, such
when the internal audit activity conducts a systems development as financial controls.
analysis. Answer (D) is correct. Operating controls are those used in the
A. Feedback control. management
B. Strategic plans. processes of directing and controlling and are based on comparison
C. Policies and procedures. of results with
D. Feedforward control. standards. As an activity becomes less mechanical, however,
Answer (A) is incorrect. A feedback control provides information on standards become
the results more difficult to determine. Control standards for security, for
of a completed activity. example, are less
Answer (B) is incorrect. Strategic plans are developed by senior easily developed than for the output per hour of a machine because
management to the degree of
provide long-range guidance for the organization. security achieved is not readily measurable.
Answer (C) is incorrect. Policies and procedures are developed by Gleim CIA Test Prep: Part 1 - Internal Audit Basics
management. (720 questions)
They are the most basic control subsystem of an organization. Copyright 2013 Gleim Publications Inc. Page 136
Answer (D) is correct. A feedforward control provides information on Printed for Sanja Knezevic
potential fb.com/ciaaofficial
problems so that corrective action can be taken in anticipation, rather [252] Gleim #: 3.2.21
than as a Which of the following operating controls relate to the organizing
result, of a problem. function?
Formal procedures for selecting potential A. suppliers. entity’s objectives and goals. Of the controls listed, only the timely
Procedures providing for clear levels of purchase order approvals sharing of
based on the scheduling information with purchasing personnel fits this
value of the requisition. description.
B. Answer (B) is incorrect. Providing timely feedback relates to the
C. Written objectives and goals for the department. control function,
D. Timely materials reporting to buyers. not the directing function.
Answer (A) is incorrect. Establishing procedures is a function of Answer (C) is incorrect. Prescribing formal procedures for selecting
planning, which potential
is the determination of how an individual activity is to be done. suppliers is a part of the planning function, not the directing function.
Answer (B) is correct. Organizing is the intentional design and Answer (D) is incorrect. Establishing measurable goals for the
structuring of department is a
tasks and roles to accomplish organizational goals. An arrangement part of the planning function, not the directing function.
that requires [254] Gleim #: 3.2.23
purchases of greater value to be authorized at higher management Which of the following is not a type of control?
levels is an A. Preventive.
example of an organizational control. B. Reactive.
Answer (C) is incorrect. Establishing objectives and goals is also a C. Detective.
planning D. Directive.
function. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Provision of timely information is a control (720 questions)
function. Copyright 2013 Gleim Publications Inc. Page 137
Which of the following is an operating control relating to Answer (A) is incorrect. Controls may be preventive.
management’s directing Answer (B) is correct. Controls may be preventive (to deter
function? undesirable events from
Informing purchasing personnel of the future need for long-lead-time occurring), detective (to detect and correct undesirable events which
products in have occurred), or
ample time. directive (to cause or encourage a desirable event to occur).
A. “Reactive” is not a
Supplying buyers with timely, accurate, and useful reports on specified type of control. However, controls may be reactive in the
products received, sense that they
accepted, or rejected. detect an undesirable event and react to it or correct it.
B. Answer (C) is incorrect. Controls may be detective.
C. Prescribing formal procedures for selecting potential suppliers. Answer (D) is incorrect. Controls may be directive.
D. Establishing measurable goals for the department. [255] Gleim #: 3.2.24
Answer (A) is correct. Directing is the process of motivating people An adequate and effective system of internal control provides
in an reasonable assurance
organization to contribute effectively and efficiently to the that objectives will be achieved. Controls may be preventive,
achievement of the detective, or directive.
Which of the following is a detective control for the procurement B. Passive, mitigating control.
function? C. Active, detective control.
Goods received are counted and compared with quantities on D. Detective, preventive control.
purchase order and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
receiving reports. (720 questions)
A. Copyright 2013 Gleim Publications Inc. Page 138
The procurement function is organizationally separate from receiving, Printed for Sanja Knezevic
disbursing, fb.com/ciaaofficial
and accounting. Answer (A) is incorrect. The control is detective, but it is not
B. directive. A directive
Review and approval of each procurement action is required prior to control causes or encourages a desirable event to occur.
the final Answer (B) is incorrect. The control is neither passive nor mitigating.
issuance of a purchase order. It is detected by
C. the clerk in a conscious effort to maintain proper documentation.
Prenumbered standard purchase order forms include all relevant Moreover, a
terms required to mitigating (compensating) control is used when other controls are not
be used in all applicable instances. feasible, for
D. example, supervisory review when segregation of duties is absent.
Answer (A) is correct. Detective controls are designed to detect and Answer (C) is correct. When shipping documents are not received in
correct the shipping
undesirable events that have occurred. Accounting for all goods department (such as copies of the sales invoice, customer order
received and form, and bill of
comparing quantities on purchase orders and receiving reports is an lading), the clerk should attempt to obtain the proper documentation
example. from the
Answer (B) is incorrect. Segregation of duties is a preventive originating organization. This type of control is detective because it
control. Preventive detects and
controls deter undesirable events from occurring. attempts to correct an undesirable event that has occurred. It is also
Answer (C) is incorrect. Review and approval of each procurement active because it
action is a takes a conscious intervention by the clerk to ensure the
preventive control. documentation is received.
Answer (D) is incorrect. Using prenumbered standard purchase Answer (D) is incorrect. The control is not preventive. It does not
order forms is a deter an undesirable
preventive control. event.
[256] Gleim #: 3.2.25 [257] Gleim #: 3.2.26
When a copy of the sale invoice is not received by an organization’s Which of the following is a feedback control?
shipping Preventive A. maintenance.
department, an employee requests the document from the proper B. Inspection of completed goods.
authority. This C. Close supervision of production-line workers.
process is a(n) D. Measuring performance against a standard.
Directive, A. detective control.
Answer (A) is incorrect. Preventive maintenance is a feedforward circumvent controls. For example, comparison of recorded
control. It accountability for assets
attempts to anticipate and prevent problems. with the assets known to be held may fail to detect fraud if persons
Answer (B) is correct. Feedback controls obtain information about having custody of
completed assets collude with recordkeepers.
activities. They permit improvement in future performance by Answer (C) is incorrect. Management can override controls.
learning from past Answer (D) is incorrect. Even a single manager may be able to
mistakes. Thus, corrective action occurs after the fact. Inspection of override controls.
completed [259] Gleim #: 3.3.28
goods is an example of a feedback control. An organization has grown rapidly and has just automated its human
Answer (C) is incorrect. The close supervision of production-line resource system.
workers is a The organization has developed a large database that tracks
concurrent control. It adjusts an ongoing process. employees, employee
Answer (D) is incorrect. Measuring performance against a standard benefits, payroll deductions, job classifications, ethnic code, age,
is a general insurance, medical
aspect of control. protection, and other similar information. Management has asked the
[258] Gleim #: 3.3.27 internal audit
An adequate system of internal controls is most likely to detect a activity to review the new system. The automated system contains a
fraud perpetrated by table of pay rates
a matched with the employee job classifications. The best control to
A. Group of employees in collusion. ensure that the table
B. Single employee. is updated correctly for only valid pay changes is to
C. Group of managers in collusion. Limit access to the data table to management and line supervisors
D. Single manager. who have the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics authority to determine pay rates.
(720 questions) A.
Copyright 2013 Gleim Publications Inc. Page 139 Require a supervisor in the department, who does not have the
Printed for Sanja Knezevic ability to change
Answer (A) is incorrect. A group has a better chance of successfully the table of pay rates, to compare the changes with a signed
perpetrating a management
fraud than does an individual employee. authorization.
Answer (B) is correct. Segregation of duties and other control B.
processes serve to Ensure that adequate edit and reasonableness checks are built into
prevent or detect a fraud committed by an employee acting alone. the automated
One employee may system.
not have the ability to engage in wrongdoing or may be subject to C.
detection by other Require that all pay changes be signed by the employee to verify that
employees in the course of performing their assigned duties. the change
However, collusion may goes to a bona fide employee.
D.
Answer (A) is incorrect. Access to the database should be severely payroll department. Also, a report showing all employees and hours
restricted to worked
personnel within the human resources or payroll departments. should be sent to the supervisor’s department for review.
Answer (B) is correct. To maintain a proper segregation of duties, A.
changes in pay All new employees and their hours worked be entered by the human
rates should be authorized by someone outside the human resources
resources department. department.
Furthermore, authorization should be independently verified by an B.
individual who All changes to employee records be approved by supervisors outside
does not have a recording function. of both
Answer (C) is incorrect. Edit checks will not detect unauthorized human resources and payroll.
changes. C.
Answer (D) is incorrect. The control must ensure that changes in the The payroll department physically delivers paychecks to employees
table of pay rather than
rates are properly authorized and entered into the system. mailing them.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D.
(720 questions) Answer (A) is correct. The payroll department has a recording
Copyright 2013 Gleim Publications Inc. Page 140 function. It should
Printed for Sanja Knezevic not authorize pay rate changes or the addition or deletion of
fb.com/ciaaofficial employees from the
[260] Gleim #: 3.3.29 payroll. Accordingly, authorization of such changes should be made
An organization has grown rapidly and has just automated its human by an
resource system. individual outside the department. Verification of payroll data should
The organization has developed a large database that tracks also be
employees, employee made outside the department. Proper segregation of duties is critical
benefits, payroll deductions, job classifications, ethnic code, age, in the
insurance, medical prevention of payroll fraud.
protection, and other similar information. Management has asked the Answer (B) is incorrect. The entry of new employees and their hours
internal audit should be
activity to review the new system. An employee in the payroll segregated. The human resources department should not be
department is responsible for both
contemplating a fraud involving the addition of a fictitious employee activities.
and the entry of Answer (C) is incorrect. Approving changes in existing employee
fictitious hours worked. The paycheck would then be sent to the records does
payroll employee’s not prevent the fraud of entering a fictitious employee.
home address. The most effective control procedure to prevent this Answer (D) is incorrect. Physical delivery of paychecks does not
type of fraud is to prevent the
require that payroll employee from withholding the fictitious employee’s check.
A report of all new employees added be approved by someone Moreover, a
outside of the
department with a recording function should not have an asset Answer (A) is incorrect. The human resources department should
custody function. not add
Gleim CIA Test Prep: Part 1 - Internal Audit Basics employees and deliver paychecks. These two duties should be
(720 questions) segregated.
Copyright 2013 Gleim Publications Inc. Page 141 Answer (B) is incorrect. The functions are all performed by human
Printed for Sanja Knezevic resources.
[261] Gleim #: 3.3.30 There is no segregation of duties.
An organization has grown rapidly and has just automated its human Answer (C) is correct. The functions of transaction authorization and
resource system. recording
The organization has developed a large database that tracks should be segregated to minimize opportunities for fraud.
employees, employee Furthermore, automatic
benefits, payroll deductions, job classifications, ethnic code, age, check deposit reduces asset custody risk.
insurance, medical Answer (D) is incorrect. Payroll is adding employees and processing
protection, and other similar information. Management has asked the hours.
internal audit These two duties should be performed by different departments.
activity to review the new system. Human resources and payroll are [262] Gleim #: 3.3.31
separate Internal control should follow certain basic principles to achieve its
departments. Which of the following combinations provides the best objectives. One of
segregation of these principles is the segregation of functions. Which one of the
duties? following examples
Human resources adds employees, payroll processes hours, and does not violate the principle of segregation of functions?
human resources The treasurer has the authority to sign checks but gives the signature
delivers the paychecks to employees. block to the
A. assistant treasurer to run the check-signing machine.
Human resources adds employees, reviews and submits payroll A.
hours to payroll The warehouse clerk, who has the custodial responsibility over
for processing, and delivers paychecks to employees. inventory in the
B. warehouse, may authorize disposal of damaged goods.
Human resources adds employees, and payroll processes hours and B.
enters The sales manager has the responsibility to approve credit and the
employee bank account numbers. Paychecks are automatically authority to
deposited in the write off accounts.
employee’s bank account. C.
C. The department time clerk is given the undistributed payroll checks
Payroll adds employees and enters employees’ bank account to mail to
numbers but absent employees.
processes hours only as approved by human resources. Paychecks D.
are Gleim CIA Test Prep: Part 1 - Internal Audit Basics
automatically deposited in the employee’s bank account. (720 questions)
D. Copyright 2013 Gleim Publications Inc. Page 142
Printed for Sanja Knezevic Answer (B) is incorrect. Matching quantity received with the packing
fb.com/ciaaofficial slip does
Answer (A) is correct. The treasurer’s department should have not ensure receipt of the quantity ordered.
custody of assets but Answer (C) is correct. Use of the master price list ensures that the
should not authorize or record transactions. Because the assistant correct retail
treasurer reports to price is marked.
the treasurer, the treasurer is merely delegating an assigned duty Answer (D) is incorrect. Goods may or may not be needed in retail
related to asset sales.
custody. [264] Gleim #: 3.3.33
Answer (B) is incorrect. Authorization to dispose of damaged goods The manager of a production line has the authority to order and
could be used to receive replacement
cover thefts of inventory for which the warehouse clerk has custodial parts for all machinery that requires periodic maintenance. The
responsibility. internal auditor
Transaction authorization is inconsistent with asset custody. received an anonymous tip that the manager ordered substantially
Answer (C) is incorrect. The sales manager could approve credit to more parts than
a controlled were necessary from a family member in the parts supply business.
organization and then write off the account as a bad debt. The sales The unneeded
manager’s parts were never delivered. Instead, the manager processed
authorization of credit is inconsistent with his/her indirect access to receiving documents and
assets. charged the parts to machinery maintenance accounts. The
Answer (D) is incorrect. The time clerk could conceal the payments for the
termination of an employee undelivered parts were sent to the supplier, and the money was
and retain that employee’s paycheck. Recordkeeping is inconsistent divided between the
with asset custody. manager and the family member. Which of the following internal
[263] Gleim #: 3.3.32 controls would have
Upon receipt of purchased goods, receiving department personnel most likely prevented this fraud from occurring?
match the quantity Establishing predefined spending levels for all vendors during the
received with the packing slip quantity and mark the retail price on bidding
the goods based on process.
a master price list. The annotated packing slip is then forwarded to A.
inventory control B. Segregating the receiving function from the authorization of parts
and goods are automatically moved to the retail sales area. The most purchases.
significant C. Comparing the bill of lading for replacement parts to the approved
control strength of this activity is purchase order.
Immediately pricing goods A. for retail sale. Using the company’s inventory system to match quantities requested
B. Matching quantity received with the packing slip. with
C. Using a master price list for marking the sale price. quantities received.
D. Automatically moving goods to the retail sales area. D.
Answer (A) is incorrect. Timing is not as important as the accuracy Gleim CIA Test Prep: Part 1 - Internal Audit Basics
of prices. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 143 An accounts receivable clerk, who approves sales returns and
Printed for Sanja Knezevic allowances, receives
Answer (A) is incorrect. Predefined spending levels would probably customer remittances and deposits them in the bank. Limited
already include supervision is
the fraudulent amounts and would only limit the size of the fraud. maintained over the employee.
Answer (B) is correct. Segregating the parts authorization and C.
receiving functions A clerk in the invoice processing department fails to match a
would have improved internal control. If the parts in question had vendor’s invoice
been sent to the with its related receiving report. Checks are not signed unless all
company and a receiving report had been prepared by an employee appropriate
other than the one documents are attached to a voucher.
ordering the goods, the fraud could not have occurred. Moreover, the D.
receiving Answer (A) is incorrect. The requirement for documentation will
department should not accept goods unless it has a blind copy of a reveal a theft
properly approved when the fund is reimbursed unless the documents can be falsified.
purchase order for the items. Answer (B) is incorrect. The amount involved is probably not
Answer (C) is incorrect. The bill of lading would agree with the material.
purchase order. The Answer (C) is correct. Segregation of duties among key functions is
quantity received (verified by a third party) should be compared to an important
both the bill of control procedure. An accounts receivable clerk who is permitted to
lading and the purchase order. approve sales
Answer (D) is incorrect. The computer matching would only verify returns and allowances and also receive customer remittances could
the fraudulent misappropriate funds received and cover the shortage by debiting
paperwork. sales returns and
[265] Gleim #: 3.3.34 allowances. Limited supervision is insufficient to compensate for lack
Which one of the following is most likely to be considered an internal of
control segregation of duties.
weakness? Answer (D) is incorrect. The requirement for documentation will
The petty cash custodian has the ability to steal petty cash. uncover the
Documentation for all oversight.
disbursements from the fund must be submitted with the request for Gleim CIA Test Prep: Part 1 - Internal Audit Basics
replenishment (720 questions)
of the fund. Copyright 2013 Gleim Publications Inc. Page 144
An inventory control clerk at a manufacturing plant has the ability to fb.com/ciaaofficial
steal one [266] Gleim #: 3.3.35
completed television set from inventory a year. The theft probably will One characteristic of an effective internal control structure is the
never be proper segregation of
detected. duties. The combination of responsibilities that would not be
B. considered a violation of
segregation of functional responsibilities is or sooner if a bankruptcy or other unusual circumstances are
Signing of paychecks and custody of blank A. payroll checks. involved. Credit
B. Preparation of paychecks and check distribution. memoranda are prenumbered and must correlate with receiving
C. Approval of time cards and preparation of paychecks. reports. Which of the
D. Timekeeping and preparation of payroll journal entries. following areas could be viewed as an internal control weakness of
Answer (A) is incorrect. Persons with recordkeeping but not custody the above
of assets organization?
responsibilities should have access to blank checks, while the duty of A. Write-offs of delinquent accounts.
signing B. Credit approvals.
checks (custodianship) should be assigned to persons (e.g., the C. Monthly aging of receivables.
treasurer) with no D. Handling of credit memos.
recordkeeping function. Answer (A) is correct. The accounts receivable manager has the
Answer (B) is incorrect. Payroll preparation and payment to ability to
employees should be perpetrate irregularities because (s)he performs incompatible
segregated since they are incompatible recordkeeping and functions.
custodianship functions. Authorization and recording of transactions should be separate.
Answer (C) is incorrect. Approval of time cards is an authorization Thus, someone
function that outside the accounts receivable department should authorize write-
is incompatible with the recordkeeping function of preparation of offs.
paychecks. Answer (B) is incorrect. Credit approval is an authorization function
Answer (D) is correct. Combining the timekeeping function and the that is
preparation properly segregated from the recordkeeping function.
of the payroll journal entries would not be improper because the Answer (C) is incorrect. Monthly aging is appropriate.
employee has no Answer (D) is incorrect. The procedures regarding credit
access to assets or to employee records in the human resources memoranda are
department. Only standard controls.
through collusion could an embezzlement be perpetrated. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Accordingly, the (720 questions)
functions of authorization, recordkeeping, and custodianship remain Copyright 2013 Gleim Publications Inc. Page 145
separate. Printed for Sanja Knezevic
[267] Gleim #: 3.3.36 [268] Gleim #: 3.3.37
An internal auditor noted that the accounts receivable department is Which of the following controls would prevent the ordering of
separate from quantities in excess of
other accounting activities. Credit is approved by a separate credit an organization’s needs?
department. Control Review of all purchase requisitions by a supervisor in the user
accounts and subsidiary ledgers are balanced monthly. Similarly, department prior to
accounts are aged submitting them to the purchasing department.
monthly. The accounts receivable manager writes off delinquent A.
accounts after 1 year, Automatic reorder by the purchasing department when low inventory
level is
indicated by the system. C. Use predetermined totals (hash totals) of cash receipts to control
B. posting routines.
A policy requiring review of the purchase order before receiving C. a The employee who receives customer mail receipts prepares the
new shipment. daily bank
A policy requiring agreement of the receiving report and packing slip deposit, which is then deposited by another employee.
before D.
storage of new receipts. Answer (A) is incorrect. The bank reconciliation is a detective, not a
D. preventive,
Answer (A) is correct. Supervisory review at the originating control.
department level is Answer (B) is correct. Sequentially numbered receipts should be
one means of control over the number of items ordered. This control issued to
is an maintain accountability for cash collected. Such accountability should
example of the segregation of duties. Authorization should be be
separate from established as soon as possible because cash has a high inherent
recordkeeping and asset custody. risk. Daily cash
Answer (B) is incorrect. Automatic reordering does not consider receipts should be deposited intact so that receipts and bank
future plans, deposits can be
which could lead to purchases of excess material. reconciled. The reconciliation should be performed by someone
Answer (C) is incorrect. Review of the purchase order before independent of
receiving a new the cash custody function.
shipment is a control for the risk of accepting unordered goods. Answer (C) is incorrect. Use of hash totals is a control over the
Answer (D) is incorrect. A policy requiring agreement of the completeness of
receiving report and posting routines, not cash receipts.
packing slip before storage of new receipts is a control over the risk Answer (D) is incorrect. A cash remittance list should be prepared
of receiving before a
an amount other than that ordered. separate employee prepares the bank deposit. The list and deposit
[269] Gleim #: 3.3.38 represent
Which of the following describes the most effective preventive control separate records based on independent counts made by different
to ensure employees.
proper handling of cash receipt transactions? Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Have bank reconciliations prepared by an employee not involved (720 questions)
with cash Copyright 2013 Gleim Publications Inc. Page 146
collections and then have them reviewed by a supervisor. Printed for Sanja Knezevic
A. fb.com/ciaaofficial
One employee issues a prenumbered receipt for all cash collections; [270] Gleim #: 3.3.39
another Checks from customers are received in the organization’s mail room
employee reconciles the daily total of prenumbered receipts to the each day. What
bank deposits. controls should be in place to safeguard them?
B. Establishing a separate post office box for A. customer payments.
B. Forwarding all checks to the cashier upon receipt.
C. Requiring a specific mail clerk to list and restrictively endorse Answer (C) is incorrect. The payroll register should be approved by
each check. an officer of
D. Providing bonding protection for mail clerks. the organization. This control is a strength.
Answer (A) is incorrect. Requiring a specific mail clerk to list and Answer (D) is incorrect. Paychecks should be drawn on a separate
restrictively payroll
endorse each check provides more protection than establishing a checking account. This control is a strength.
separate post [272] Gleim #: 3.3.41
office box for customer payments. The internal auditor recognizes that certain limitations are inherent in
Answer (B) is incorrect. The same person should not both receive any system of
and deposit internal controls. Which one of the following scenarios is the result of
checks. an inherent
Answer (C) is correct. An employee who does not have access to limitation of internal control?
other records A. The comptroller both makes and records cash deposits.
should open the mail and prepare a list of checks received. The A security guard allows one of the warehouse employees to remove
check listing will assets from
later be reconciled with the daily bank deposit and entries to the premises without authorization.
accounts receivable. B.
A restrictive endorsement (“for deposit only”) will put transferees on C. The organization sells to customers on account, without credit
notice to act approval.
accordingly (that is, deposit the check in the organization’s account). An employee who is unable to read is assigned custody of the
Answer (D) is incorrect. Bonding insures against, but does not organization’s
directly prevent, computer tape library and run manuals that are used during the third
losses. shift.
[271] Gleim #: 3.3.40 D.
Which of the following activities performed by a payroll clerk is a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
control weakness (720 questions)
rather than a control strength? Copyright 2013 Gleim Publications Inc. Page 147
A. Has custody of the check signature stamp machine. Printed for Sanja Knezevic
B. Prepares the payroll register. Answer (A) is incorrect. Segregating the functions of recording and
C. Forwards the payroll register to the chief accountant for approval. asset custody is
D. Draws the paychecks on a separate payroll checking account. customary. That the comptroller both makes and records cash
Answer (A) is correct. Payroll checks should be signed by the deposits is an avoidable
treasurer, i.e., by control weakness.
someone who is not involved in timekeeping, recordkeeping, or Answer (B) is correct. Inherent limitations in internal control arise
payroll from mistakes in
preparation. The payroll clerk performs a recordkeeping function. judgment, misunderstandings of instructions, personnel
Answer (B) is incorrect. Preparing the payroll register is one of the carelessness, distraction,
recordkeeping fatigue, collusion, perpetrations by management, changing
tasks of the payroll clerk. conditions, and
deterioration of degrees of compliance. Thus, a control (use of department store’s disbursement cycle reflects a control strength?
security guards) based Individual department managers use prenumbered forms to order
on segregation of functions may be overcome by collusion among merchandise
two or more from vendors.
employees. A.
Answer (C) is incorrect. Transactions can and should be authorized The receiving department is given a copy of the purchase order
before execution. complete with a
The security guard’s failure to obtain authorization for removal of description of goods, quantity ordered, and extended price for all
assets is an merchandise
avoidable control weakness. ordered.
Answer (D) is incorrect. Assignment of an unqualified employee is B.
an avoidable The treasurer’s office prepares checks for suppliers based on
control weakness. vouchers prepared by
[273] Gleim #: 3.3.42 the accounts payable department.
One payroll engagement objective is to determine whether C.
segregation of duties is Individual department managers are responsible for the movement of
proper. Which of the following activities is incompatible? merchandise
Hiring employees and authorizing changes A. in pay rates. from the receiving dock to storage or sales areas as appropriate.
B. Preparing the payroll and filing payroll tax forms. D.
C. Signing and distributing payroll checks. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
D. Preparing attendance data and preparing the payroll. (720 questions)
Answer (A) is incorrect. Hiring employees and authorizing changes Copyright 2013 Gleim Publications Inc. Page 148
in pay rates Printed for Sanja Knezevic
are both personnel functions. fb.com/ciaaofficial
Answer (B) is incorrect. Preparing the payroll and filing payroll tax Answer (A) is incorrect. The managers should submit purchase
forms are requisitions to the
both functions of the payroll department. purchasing department. The purchasing function should be separate
Answer (C) is incorrect. Proper treasury functions include signing from operations.
and Answer (B) is incorrect. To encourage a fair count, the receiving
distributing payroll checks. department should
Answer (D) is correct. Attendance data are accumulated by the receive a copy of the purchase order from which the quantity has
timekeeping been omitted.
function. Preparing the payroll is a payroll department function. For Answer (C) is correct. Accounting for payables is a recording
control function. The matching
purposes, these two functions should be separated to avoid the of the supplier’s invoice, the purchase order, and the receiving report
perpetration and (and usually the
concealment of irregularities. purchase requisition) should be the responsibility of the accounting
[274] Gleim #: 3.3.43 department. These
Which of the following observations made during the preliminary are the primary supporting documents for the payment voucher
survey of a local prepared by the
accounts payable section that will be relied upon by the treasurer in quantities of the materials ordered. A possible error that this system
making payment. could allow is
Answer (D) is incorrect. The receiving department should transfer A. Payment to unauthorized vendors.
goods directly to B. Payment for unauthorized purchases.
the storeroom to maintain security. A copy of the receiving report C. Overpayment for partial deliveries.
should be sent to the D. Delay in recording purchases.
storeroom so that the amount stored can be compared with the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
amount in the report. (720 questions)
[275] Gleim #: 3.3.44 Copyright 2013 Gleim Publications Inc. Page 149
Which of the following controls would help prevent overpaying a Printed for Sanja Knezevic
vendor? Answer (A) is incorrect. Comparing receipts with purchase orders
Reviewing and canceling supporting documents when A. a check is will help detect
issued. unauthorized vendors.
B. Requiring the check signer to mail the check directly to the vendor. Answer (B) is incorrect. Comparing receipts with purchase orders
C. Reviewing the accounting distribution for the expenditure. will help detect
D. Approving the purchase before ordering from the vendor. unauthorized purchases.
Answer (A) is correct. Reviewing and canceling the supporting Answer (C) is correct. To ensure a fair count, the copy of the
documents purchase order sent to
prevents paying a vendor twice for the same purchase. If the person the receiving clerk should not include quantities. The receiving clerk
who signs the should count the
check cancels the required documents, they cannot be recycled in items in the shipment and prepare a receiving report. Copies are
support of a sent to inventory
duplicate payment voucher. Securing the paid voucher file from control and accounts payable.
access by the Answer (D) is incorrect. Using purchase orders to identify receipts
accounts payable clerk is another effective control. will not cause a
Answer (B) is incorrect. Requiring the check signer to mail the delay in recording purchases.
check directly to [277] Gleim #: 3.3.46
the vendor would prevent the check from being misappropriated. Which of the following situations will cause an internal auditor to
Answer (C) is incorrect. Reviewing the accounting distribution for question the
the adequacy of controls over a purchasing function?
expenditure would ensure that the expenditure is debited to the The original and one copy of the purchase order are mailed to the
proper account(s). vendor. The
Answer (D) is incorrect. Approving the purchase before ordering copy on which the vendor acknowledges acceptance is returned to
from the vendor the purchasing
would ensure that only authorized purchases are made. department.
[276] Gleim #: 3.3.45 A.
A receiving department receives copies of purchase orders for use in Receiving reports are forwarded to purchasing where they are
identifying and matched with
recording inventory receipts. The purchase orders list the name of purchase orders and sent to accounts payable.
the vendor and the B.
The accounts payable section prepares documentation C. for Gleim CIA Test Prep: Part 1 - Internal Audit Basics
payments. (720 questions)
Unpaid voucher files and perpetual inventory records are Copyright 2013 Gleim Publications Inc. Page 150
independently Printed for Sanja Knezevic
maintained. fb.com/ciaaofficial
D. Answer (A) is correct. Shipping documents are prepared at the time
Answer (A) is incorrect. This practice ensures accurate of shipment. They
communication. are prenumbered to facilitate detection of unrecorded shipments. A
Answer (B) is correct. Purchasing and receiving should be gap in the sequence
organizationally of documents may indicate an irregularity. An employee outside the
independent. Moreover, comparing the purchase order and the shipping
receiving report department should account for these documents. Sales invoices are
should be the responsibility of a third person. Fraud perpetrated by a generated by the
purchasing organization’s computer system at the same time as the shipping
department employee could be concealed if (s)he is the first to obtain documents and
the should have the same numbers. Thus, every shipping document
receiving report. should be matched
Answer (C) is incorrect. Accounts payable may prepare with a sales invoice to ensure proper billing.
documentation but Answer (B) is incorrect. Accounting for sales invoices alone does
should not sign checks. not prevent or
Answer (D) is incorrect. Separately maintaining unpaid vouchers detect unbilled shipments.
and perpetual Answer (C) is incorrect. Segregating the duties for recording sales
inventory records is acceptable. transactions and
[278] Gleim #: 3.3.47 maintaining customer accounts does not ensure that all shipments
Which of the following ensures that all inventory shipments are billed are invoiced.
to customers? Answer (D) is incorrect. Customers who are not billed may not notify
Shipping documents are prenumbered and are independently the
accounted for and organization.
matched with sales invoices. [279] Gleim #: 3.3.48
A. If internal control is well designed, two tasks that should be
Sales invoices are prenumbered and are independently accounted performed by different
for and traced to persons are
the sales journal. Approval of bad debt write-offs, and reconciliation of the accounts
B. payable
Duties for recording sales transactions and maintaining customer subsidiary ledger and controlling account.
account balances A.
are separated. Distribution of payroll checks and approval of sales B. returns for
C. credit.
D. Customer billing complaints are investigated by the controller’s Posting of amounts from both the cash receipts journal and cash
office. payments journal
to the general ledger. [280] Gleim #: 3.3.49
C. Which one of the following situations represents an internal control
D. Recording of cash receipts and preparation of bank weakness in the
reconciliations. payroll department?
Answer (A) is incorrect. There is no conflict between writing off bad Payroll department personnel are rotated A. in their duties.
debts B. Paychecks are distributed by the employees’ immediate
(accounts receivable) and reconciling accounts payable, which are supervisor.
liabilities. C. Payroll records are reconciled with quarterly tax reports.
Answer (B) is incorrect. Distribution of payroll checks and approval D. The timekeeping function is independent of the payroll
of sales department.
returns are independent functions. People who perform such Answer (A) is incorrect. Periodic rotation of payroll personnel
disparate tasks are inhibits the
unlikely to be able to perpetrate and conceal a fraud. In fact, some perpetration and concealment of fraud.
organizations Answer (B) is correct. Paychecks should not be distributed by
use personnel from an independent function to distribute payroll supervisors
checks. because an unscrupulous person could terminate an employee and
Answer (C) is incorrect. Posting both ledgers would cause no fail to report the
conflict as long as termination. The supervisor could then clock in and out for the
the individual involved did not have access to the actual cash. If a employee and keep
person has the paycheck. A person unrelated to either payroll recordkeeping or
access to records but not the assets, no danger exists of the operating
embezzlement without department should distribute checks.
collusion. Answer (C) is incorrect. This analytical procedure may detect a
Answer (D) is correct. Recording of cash establishes accountability discrepancy.
for assets. Answer (D) is incorrect. Timekeeping should be independent of
The bank reconciliation compares that recorded accountability with asset custody
actual assets. and employee records.
The recording of cash receipts and preparation of bank [281] Gleim #: 3.3.50
reconciliations should Which of the following activities represents both an appropriate
therefore be performed by different individuals because the preparer human resources
of a department function and a deterrent to payroll fraud?
reconciliation could conceal a cash shortage. For example, if a A. Distribution of paychecks.
cashier both B. Authorization of overtime.
prepares the bank deposit and performs the reconciliation, (s)he C. Authorization of additions and deletions from the payroll.
could embezzle D. Collection and retention of unclaimed paychecks.
cash and conceal the theft by falsifying the reconciliation. Answer (A) is incorrect. The treasurer should perform the asset
Gleim CIA Test Prep: Part 1 - Internal Audit Basics custody function
(720 questions) regarding payroll.
Copyright 2013 Gleim Publications Inc. Page 151 Answer (B) is incorrect. Authorizing overtime is a responsibility of
Printed for Sanja Knezevic operating
management. subsequent receipts to conceal the theft. The effect is to overstate
Answer (C) is correct. The payroll department is responsible for receivables, but
assembling no difference between the control total and the total of subsidiary
payroll information (recordkeeping). The human resources amounts would
department is arise.
responsible for authorizing employee transactions, such as hiring, Answer (C) is incorrect. Aging does not involve accounting entries.
firing, and Answer (D) is incorrect. Interception of customer statements might
changes in pay rates and deductions. Segregating the recording and indicate
authorization fraudulent receivables but would not cause the subsidiary ledger
functions helps prevent fraud. discrepancy.
Answer (D) is incorrect. Unclaimed checks should be in the custody [283] Gleim #: 3.3.52
of the An internal auditor noted that several shipments were not billed. To
treasurer until they can be deposited in a special bank account. prevent recurrence
Gleim CIA Test Prep: Part 1 - Internal Audit Basics of such nonbilling, the organization should
(720 questions) Numerically sequence and independently account for all controlling
Copyright 2013 Gleim Publications Inc. Page 152 documents
Printed for Sanja Knezevic (such as packing slips and shipping orders) when sales journal
fb.com/ciaaofficial entries are
[282] Gleim #: 3.3.51 recorded.
An organization has computerized sales and cash receipts journals. A.
The computer B. Undertake a validity check with customers as to orders placed.
programs for these journals have been properly debugged. The Release product for shipment only on the basis of credit approval by
internal auditor the credit
discovered that the total of the accounts receivable subsidiary manager or other authorized person.
accounts differs C.
materially from the accounts receivable control account. This Undertake periodic tests of gross margin rates by product line and
discrepancy could obtain
indicate explanations of significant departures from planned rates.
Credit memoranda being improperly A. recorded. D.
B. Receivables being lapped. Answer (A) is correct. The sequential numbering of documents
C. Receivables not being properly aged. provides a
D. Statements being intercepted prior to mailing. standard control over transactions. The numerical sequence should
Answer (A) is correct. Sales returns and allowances require the be accounted
crediting of for by an independent party. A major objective is to detect
accounts receivable. Thus, the recording of unauthorized credit unrecorded and
memoranda is one unauthorized transactions.
explanation for the discrepancy if sales and cash receipts are Answer (B) is incorrect. This check would not prevent or detect
properly recorded. unrecorded and
Answer (B) is incorrect. Lapping entails the theft of cash receipts unauthorized transactions.
and the use of Answer (C) is incorrect. Credit approval does not ensure billing.
Answer (D) is incorrect. Testing gross margin rates is an analytical employees have a conflict of interest. The result may be excessive
procedure, not prices or
a preventive control. amounts, or poor quality of goods and services acquired.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Accordingly, additions to
(720 questions) the vendor file should be authorized at an appropriate level and not
Copyright 2013 Gleim Publications Inc. Page 153 by the buyers.
Printed for Sanja Knezevic Similarly, bidders’ lists should be approved by supervisory personnel.
[284] Gleim #: 3.3.53 Answer (B) is incorrect. The requirement of a written purchase order
A preliminary survey of the purchasing function indicates that approved by
Department managers initiate purchase requests that must be the plant superintendent is a satisfactory control to prevent
approved by the unnecessary purchases.
plant superintendent, Answer (C) is incorrect. Payment is not made without a receiving
Purchase orders are typed by the purchasing department using report.
prenumbered and Answer (D) is incorrect. Payment requests must be supported by an
controlled forms, approved
Buyers regularly update the official vendor listing as new sources of purchase order.
supply [285] Gleim #: 3.3.54
become known, Management is concerned with the potential for unauthorized
Rush orders can be placed with a vendor by telephone but must be changes in the payroll.
followed by a Which of the following is the proper organizational structure to
written purchase order before delivery can be accepted, and prevent such
Vendor invoice payment requests must be accompanied by a unauthorized changes?
purchase order and The payroll department maintains and authorizes all changes in the
receiving report. personnel
One possible fault of this system is that records.
Purchases could be made from a vendor controlled by a buyer at A.
prices higher than The payroll department is supervised by the management of the
normal. human resources
A. division.
Unnecessary supplies can be purchased by department B. B.
managers. The payroll department’s functions are limited to maintaining the
C. Payment can be made for supplies not received. payroll records,
Payment can be made for supplies received but not ordered by the distributing paychecks, and posting the payroll entries to the general
purchasing ledger.
department. C.
D. D. The personnel department authorizes the hiring and pay levels of
Answer (A) is correct. A risk exposure typical of the purchasing all employees.
function is that Gleim CIA Test Prep: Part 1 - Internal Audit Basics
purchases may be made from vendors with respect to whom buyers (720 questions)
or other Copyright 2013 Gleim Publications Inc. Page 154
Printed for Sanja Knezevic Answer (C) is incorrect. It is a part of the custodial function, which is
fb.com/ciaaofficial the primary
Answer (A) is incorrect. The personnel department should be responsibility of a cashier.
responsible for these Answer (D) is correct. The cashier is an assistant to the treasurer
functions. and thus
Answer (B) is incorrect. The payroll and personnel departments performs an asset custody function. Individuals with custodial
should be functions should
independent. not have access to the accounting records. If the cashier were
Answer (C) is incorrect. The payroll department should not post the allowed to post the
payroll entries to receipts to the accounts receivable subsidiary ledger, an opportunity
the general ledger or distribute the paychecks. These functions are for
the responsibility of embezzlement would arise that could be concealed by falsifying the
the accounting department and the treasurer’s office, respectively. books.
Answer (D) is correct. The payroll department is responsible for [287] Gleim #: 3.3.56
assembling payroll Which one of the following situations represents an internal control
information (recordkeeping). The personnel department is weakness in
responsible for authorizing accounts receivable?
and executing employee transactions such as hiring, firing, and A. Internal auditors confirm customer accounts periodically.
changes in pay rates B. Delinquent accounts are reviewed only by the sales manager.
and deductions. Segregating these functions helps prevent fraud. C. The cashier is denied access to customers’ records and monthly
Thus, the payroll for statements.
each period should be compared with the active employment files of D. Customers’ statements are mailed monthly by the accounts
the personnel receivable department.
department. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[286] Gleim #: 3.3.55 (720 questions)
In a well-designed internal control structure in which the cashier Copyright 2013 Gleim Publications Inc. Page 155
receives remittances Printed for Sanja Knezevic
from the mail room, the cashier should not Answer (A) is incorrect. Periodic confirmation of accounts receivable
A. Endorse the checks. is an internal
B. Prepare the bank deposit slip. control strength.
C. Deposit remittances daily at a local bank. Answer (B) is correct. Internal control over accounts receivable
D. Post the receipts to the accounts receivable subsidiary ledger begins with a proper
cards. segregation of duties. Hence, the cashier, who performs an asset
Answer (A) is incorrect. It is a part of the custodial function, which is custody function,
the primary should not be involved in recordkeeping. Accounts should be
responsibility of a cashier. periodically confirmed
Answer (B) is incorrect. It is a part of the custodial function, which is by an auditor, and delinquent accounts should be reviewed by the
the primary head of accounts
responsibility of a cashier. receivable and the credit manager. Customer statements should be
mailed monthly by
the accounts receivable department without allowing access to the vendor’s invoice has been matched against the corresponding
statements by purchase order and
employees of the cashier’s department. The sales manager should receiving report. This procedure provides assurance that a valid
not be the only transaction has
person to review delinquent accounts because (s)he may have an occurred and that the parties have agreed on the terms, such as
interest in not price and quantity.
declaring an account uncollectible. [289] Gleim #: 3.3.58
Answer (C) is incorrect. An employee with asset-custody To control purchasing and accounts payable, an information system
responsibilities should not must include
have access to records for that asset. certain source documents. For a manufacturing organization, these
Answer (D) is incorrect. Monthly account statements give customers documents should
an opportunity to include
complain about incorrect billings or missing payments. A. Purchase orders, receiving reports, and vendor invoices.
[288] Gleim #: 3.3.57 B. Receiving reports and vendor invoices.
Which one of the following situations represents a strength of internal C. Purchase requisitions, purchase orders, receiving reports, and
control for vendor invoices.
purchasing and accounts payable? Purchase requisitions, purchase orders, inventory reports of goods
Prenumbered receiving reports are A. issued randomly. needed, and
B. Invoices are approved for payment by the purchasing department. vendor invoices.
C. Unmatched receiving reports are reviewed on an annual basis. D.
Vendors’ invoices are matched against purchase orders and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
receiving reports (720 questions)
before a liability is recorded. Copyright 2013 Gleim Publications Inc. Page 156
D. Printed for Sanja Knezevic
Answer (A) is incorrect. Prenumbered receiving reports should be fb.com/ciaaofficial
issued Answer (A) is incorrect. A purchase requisition is also needed.
sequentially. A gap in the sequence may indicate an erroneous or Answer (B) is incorrect. A purchase order and requisition are also
fraudulent necessary.
transaction. Answer (C) is correct. Before ordering an item, the purchasing
Answer (B) is incorrect. Invoices should not be approved by department should
purchasing. That is have on hand a purchase requisition reflecting an authorized request
the job of the accounts payable department. by a user
Answer (C) is incorrect. Annual review of unmatched receiving department. Before a voucher is prepared for paying an invoice, the
reports is too accounts payable
infrequent. More frequent attention is necessary to remedy department should have the purchase requisition, a purchase order
deficiencies in internal (to be certain the
control. items were indeed ordered), the vendor’s invoice, and a receiving
Answer (D) is correct. A voucher should not be prepared for report (to be certain
payment until the the items were received).
Answer (D) is incorrect. A receiving report is needed.
[290] Gleim #: 3.3.59 Answer (D) is incorrect. Consideration of the qualifications of
Auditors document their understanding of internal control with accounting
questionnaires, personnel is not a test of controls over the completeness of any
flowcharts, and narrative descriptions. A questionnaire consists of a cycle. This
series of questions procedure is appropriate during the consideration of the control
concerning controls that auditors consider necessary to prevent or environment.
detect errors and [291] Gleim #: 3.3.60
fraud. The most appropriate question designed to contribute to the The initiation of the purchase of materials and supplies would be the
auditors’ responsibility of
understanding of the completeness of the expenditure (purchases- the
payables) cycle A. Purchasing department.
concerns the B. Stores control department.
Internal verification of quantities, prices, and mathematical accuracy C. Inventory control department.
of sales D. Production department.
invoices. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
A. (720 questions)
Use and accountability of B. prenumbered checks. Copyright 2013 Gleim Publications Inc. Page 157
C. Disposition of cash receipts. Printed for Sanja Knezevic
D. Qualifications of accounting personnel. Answer (A) is incorrect. The purchasing department places orders
Answer (A) is incorrect. Determination of proper amounts of sales that have been
invoices initiated and authorized by others.
concerns the valuation assertion. Also, sales invoices are part of the Answer (B) is incorrect. The stores control department has custody
salesreceivables of materials; it
(revenue) cycle. does not maintain inventory records.
Answer (B) is correct. A completeness assertion concerns whether Answer (C) is correct. The inventory control department would be
all responsible for
transactions and accounts that should be presented in the financial initiating a purchase. It has access to the inventory records and
statements are would therefore know
so presented. The exclusive use of sequentially numbered when stocks were getting low.
documents facilitates Answer (D) is incorrect. The production department manufactures
control over expenditures. An unexplained gap in the sequence alerts goods and obtains
the auditor materials from stores control.
to the possibility that not all transactions have been recorded. A [292] Gleim #: 3.3.61
failure to use Multiple copies of the purchase order are prepared for recordkeeping
prenumbered checks would therefore suggest a higher assessment and distribution
of control risk. with a copy of the purchase order sent to the vendor and one
If a company uses prenumbered checks, it should be easy to retained by the
determine exactly purchasing department. In addition, for proper informational flow and
which checks were used during a period. internal control
Answer (C) is incorrect. Cash receipts are part of the revenue cycle. purposes, a version of the purchase order would be distributed to the
Accounts payable, receiving, and stores control A. departments. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Accounts payable, receiving, and inventory control departments. (720 questions)
C. Accounts payable, accounts receivable, and receiving Copyright 2013 Gleim Publications Inc. Page 158
departments. Printed for Sanja Knezevic
D. Accounts payable, receiving, and production planning fb.com/ciaaofficial
departments. Answer (A) is incorrect. Segregating timekeeping and payroll
Answer (A) is incorrect. The stores control department does not preparation is an
need to know effective control. It prevents one person from claiming that an
that a purchase has been initiated. employee worked
Answer (B) is correct. The accounts payable department should certain hours and then writing a check to that employee. Payment to
receive a copy of an absent or
the purchase order for internal control purposes to ensure that all fictitious employee would therefore require collusion between two
invoices paid are employees.
for properly authorized items. The receiving department should Answer (B) is incorrect. Personnel should be separate from payroll.
receive a copy The former
(with the quantity omitted to encourage an honest count) so that its authorizes the calculation of the payroll by the latter.
employees will Answer (C) is incorrect. Segregating paycheck preparation from
know that incoming shipments were authorized and should be distribution makes it
accepted. In more difficult for checks to be made out to fictitious employees.
addition, the department issuing the purchasing requisition (the Answer (D) is correct. Most companies have their payrolls prepared
inventory control by the same
department) should receive a copy as a notification that the order individuals who maintain the year-to-date records. There is no need
has been placed. for this
Answer (C) is incorrect. The accounts receivable department does segregation of functions because both duties involve recordkeeping.
not need a [294] Gleim #: 3.3.63
copy. If employee paychecks are distributed by hand to employees, which
Answer (D) is incorrect. The production planning department does one of the
not need a following departments should be responsible for the safekeeping of
copy. unclaimed
[293] Gleim #: 3.3.62 paychecks?
Organizational independence in the processing of payroll is achieved A. Payroll department.
by segregation of B. Timekeeping department.
functions that are built into the system. Which one of the following C. Production department in which the employee works or worked.
functional D. Cashier department.
segregations is not required for internal control purposes? Answer (A) is incorrect. The payroll department was responsible for
A. Segregation of timekeeping from payroll preparation. causing the
B. Segregation of personnel function from payroll preparation. check to be written.
C. Segregation of payroll preparation and paycheck distribution. Answer (B) is incorrect. The timekeeping department authorized
D. Segregation of payroll preparation and maintenance of year-to- payment based
date records. on a certain number of hours worked.
Answer (C) is incorrect. A production supervisor or fellow worker Answer (A) is incorrect. Ensuring that a sales order is for a
has an legitimate, creditworthy
opportunity to intercept the check of a fictitious or terminated customer is a function of the credit department.
employee. Answer (B) is incorrect. To maintain proper segregation of functions,
Answer (D) is correct. The responsibility for unclaimed paychecks goods should be
should be pulled by the storeroom department and shipped by the shipping
given to a department that has no opportunity to authorize or write department.
those checks. Answer (C) is incorrect. Invoice preparation and account updating
Because the treasury function serves only an asset custody function should be
and thus has performed by two different departments.
had no input into the paycheck process, it is the logical repository of Answer (D) is correct. Allowing a sales department employee to
unclaimed approve a credit
checks. memo without a receiving report would be unacceptably risky. Sales
[295] Gleim #: 3.3.64 personnel could
Organizational independence is required in the processing of overstate sales in one period and then reverse them in subsequent
customers’ orders in periods. Thus, a copy
order to maintain an internal control structure. Which one of the of the receiving report for returned goods should be sent to billing for
following situations is preparation of a
not a proper segregation of duties in the processing of orders from credit memo after approval by a responsible supervisor who is
customers? independent of sales.
A. Approval by credit department of a sales order prepared by the [296] Gleim #: 3.4.65
sales department. An organization’s directors, management, external auditors, and
Shipping of goods by the shipping department that have been internal auditors all
retrieved from stock play important roles in creating a proper control environment. Senior
by the finished goods storeroom department. management is
B. primarily responsible for
Invoice preparation by the billing department and posting to Establishing a proper organizational culture and specifying a system
customers’ accounts of internal
by the accounts receivable department. control.
C. A.
Approval of a sales credit memo because of a product return by the Designing and operating a control system that provides reasonable
sales assurance that
department with subsequent posting to the customer’s account by established objectives and goals will be achieved.
the accounts B.
receivable department. Ensuring that external and internal auditors adequately monitor the
D. control
Gleim CIA Test Prep: Part 1 - Internal Audit Basics environment.
(720 questions) C.
Copyright 2013 Gleim Publications Inc. Page 159 Implementing and monitoring controls designed by the D. board of
Printed for Sanja Knezevic directors.
Answer (A) is correct. Senior management is primarily responsible space for the next season’s products. Which of the following is a
for control deficiency in
establishing a proper organizational culture and specifying a system this situation?
of internal The store manager can require items to be removed, thus affecting
control. the potential
Answer (B) is incorrect. Senior management is not likely to be performance evaluation of individual product managers.
involved in the A.
detailed design and day-to-day operation of a control system. The product manager negotiates the purchase price and sets B. the
Answer (C) is incorrect. Management administers risk and control selling price.
processes. It Evaluating product managers by total gross profit generated by
cannot delegate this responsibility to the external auditors or to the product line will
internal audit lead to dysfunctional behavior.
activity. C.
Answer (D) is incorrect. The board has oversight governance D. There is no receiving function located at individual stores.
responsibilities but Answer (A) is incorrect. Goods are seasonal, and store space is
ordinarily does not become involved in the details of operations. limited. This is a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics constraint that is consistent with maximizing revenue and profitability
(720 questions) for the
Copyright 2013 Gleim Publications Inc. Page 160 organization.
Printed for Sanja Knezevic Answer (B) is incorrect. The product manager is evaluated based on
fb.com/ciaaofficial sales and
[297] Gleim #: 3.4.66 gross profit; thus, performing both of these duties is not a conflict.
The marketing department for a major retailer assigns separate Answer (C) is incorrect. Evaluating the product managers on gross
product managers for profit and
each product line. Product managers are responsible for ordering budgeted sales holds them accountable for profitability. This
products and approach is
determining retail pricing. Each product manager’s purchasing consistent with their authority over ordering and pricing.
budget is set by the Answer (D) is correct. The receiving function verifies that the goods
marketing manager. Products are delivered to a central distribution received are
center where goods those actually sent by the shipper. Without this function being
are segregated for distribution to the company’s 52 department performed at the
stores. Because store, goods could be lost, pilfered, or simply sent to the wrong store
receipts are recorded at the distribution center, the company does without it
not maintain a being discovered.
receiving function at each store. Product managers are evaluated on Gleim CIA Test Prep: Part 1 - Internal Audit Basics
a combination of (720 questions)
sales and gross profit generated from their product lines. Many Copyright 2013 Gleim Publications Inc. Page 161
products are seasonal Printed for Sanja Knezevic
and individual store managers can require that seasonal products be [298] Gleim #: 3.4.67
removed to make
The marketing department for a major retailer assigns separate would almost certainly result in misallocation. Thus, Item I is a valid
product managers for choice.
each product line. Product managers are responsible for ordering Item II is not a valid choice because the marketing manager asserts
products and his/her
determining retail pricing. Each product manager’s purchasing authority before an unwanted event has taken place. Item III is not a
budget is set by the valid choice
marketing manager. Products are delivered to a central distribution because product managers may be tempted to commit the company
center where goods to buy more
are segregated for distribution to the company’s 52 department product than it can finance. The marketing manager is in a position to
stores. Because coordinate
receipts are recorded at the distribution center, the company does these requests and reconcile them with the budget.
not maintain a Answer (B) is incorrect. The gross profit evaluation is effective in
receiving function at each store. Product managers are evaluated on evaluating
a combination of product managers, but it does not necessarily restrain excess
sales and gross profit generated from their product lines. Many spending.
products are seasonal Answer (C) is incorrect. Approval by the marketing manager is a
and individual store managers can require that seasonal products be preventive
removed to make control, which deters undesirable events from occurring. A detective
space for the next season’s products. Requests for purchases control
beyond those initially detects and corrects undesirable events that have occurred. Also, the
budgeted must be approved by the marketing manager. This gross profit
procedure evaluation is effective only in evaluating the manager.
Should provide for the most efficient allocation of scarce Answer (D) is incorrect. Approval by the marketing manager is a
organizational I. resources. preventive
II. Is a detective control procedure. control, which deters undesirable events from occurring. A detective
III. Is unnecessary because each product manager is evaluated on control
profit generated. detects and corrects undesirable events that have occurred. Also, the
A. I only. gross profit
B. III only. evaluation is effective only in evaluating the manager.
C. II and III only. [299] Gleim #: 3.4.68
D. I, II, and III. Which of the following would minimize defects in finished goods
Answer (A) is correct. The organization has two scarce resources to caused by poor
allocate: its quality raw materials?
purchasing budget and the space available in its retail stores. The A. Documented procedures for the proper handling of work-in-
marketing process inventory.
manager is high enough in the organization to coordinate this B. Required material specifications for all purchases.
allocation. Allowing C. Timely follow-up on all unfavorable usage variances.
individual product managers to approve their own requests to exceed D. Determination of the amount of spoilage at the end of the
budget manufacturing process.
(720 questions) superintendent and implement the use of a special requisition to
Copyright 2013 Gleim Publications Inc. Page 162 issue small tools.
Printed for Sanja Knezevic A.
fb.com/ciaaofficial Initiate a full physical inventory of small tools B. on a monthly basis.
Answer (A) is incorrect. Documented procedures for handling work- Place supply of small tools in a secured area, install a key-access
in-process card system for
inventory do not ensure that materials are of sufficient quality. all employees, and record each key-access transaction on a report
Answer (B) is correct. A preventive control is required in this for the
situation, i.e., one that production superintendent.
ensures an unwanted event does not take place. The most cost- C.
effective way of Close the exit to the employee parking lot and require all plant
achieving the goal is to keep poor quality raw materials from entering employees to use a
the warehouse to doorway by the receiving dock that also provides access to the plant
begin with. Of the controls listed, only required specifications will employees’
accomplish this. parking area.
Answer (C) is incorrect. Follow-up on unfavorable usage variances D.
may lead to Answer (A) is correct. Minimizing the loss of assets requires a
detection and correction of use of substandard materials but does preventive
not prevent or control. Giving responsibility for custody of small tools to one
minimize defects in products already processed. individual
Answer (D) is incorrect. Determination of spoilage after raw establishes accountability. Requiring that requisitions be submitted
materials have been used ensures that
in production is not a preventive control. their use is properly authorized.
[300] Gleim #: 3.4.69 Answer (B) is incorrect. A full physical inventory of small tools on a
An internal auditor notes year-to-year increases for small tool monthly
expense at a basis is a periodic, detective control that is effective only in
manufacturing facility that has produced the same amount of determining the
identical product for the amount of losses.
last 3 years. Production inventory is kept in a controlled staging area Answer (C) is incorrect. Placing small tools in a secured area,
adjacent to the installing a keyaccess
receiving dock, but the supply of small tools is kept in an system, and recording access transactions are preventive and
unsupervised area near the detective
exit to the plant employees’ parking lot. After determining that all of controls but do not record the amount of tools removed from the
the following inventory.
alternatives are equal in cost and are also feasible for local Answer (D) is incorrect. Closing the exit to the employee parking lot
management, the internal does not
auditor would best address the security issue by recommending that limit access to the small tools inventory.
plant management Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Move the small tools inventory to the custody of the production (720 questions)
inventory staging Copyright 2013 Gleim Publications Inc. Page 163
Printed for Sanja Knezevic All research and development costs are charged to expense in
[301] Gleim #: 3.4.70 accordance with the
Which of the following control procedures does an internal auditor applicable accounting principles.
expect to find C.
during an engagement to evaluate risk management and insurance? The research and development budget is properly allocated between
Periodic internal review of the in-force list to evaluate the adequacy new products,
of insurance product maintenance, and cost reduction programs.
coverage. D.
A. Answer (A) is incorrect. Only the human resources department
Required approval of all new insurance policies by the B. should be
organization’s CEO. responsible for hiring. A department responsible for recordkeeping
C. Policy of repetitive standard journal entries to record insurance (e.g., payroll)
expense. should not authorize transactions.
D. Cutoff procedures with regard to insurance expense reporting. Answer (B) is incorrect. Reviewing monetary amounts is a financial
Answer (A) is correct. Obtaining insurance and periodically control.
reviewing its Answer (C) is incorrect. Expensing R&D costs is an accounting
adequacy are among management’s responses to the findings of a treatment rather
risk assessment. than a control.
Insurance coverage should be sufficient to ensure that the relevant Answer (D) is correct. Operating controls are those applicable to
assessed risks production and
are managed in accordance with the organization’s risk appetite. support activities. Because they may lack established criteria or
Answer (B) is incorrect. CEO approval is an operational decision standards, they
ordinarily should be based on management principles and methods. The
delegated to a lower level manager. appropriate
Answer (C) is incorrect. A policy concerning standard journal entries allocation of R&D costs to new products, product maintenance, and
is an cost reduction
accounting control, not a risk management and insurance control. programs is an example. This is in contrast to the expensing of R&D
Answer (D) is incorrect. Cutoff procedures with regard to insurance costs, which
expense is required by the rules of external financial reporting.
reporting are an accounting control, not a risk management and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
insurance control. (720 questions)
Which of the following is an operating control for a research and Printed for Sanja Knezevic
development fb.com/ciaaofficial
department? [303] Gleim #: 3.4.72
A. Research and development personnel are hired by the payroll Obsolete or scrap materials are charged to a predefined project
department. number. The materials
B. Research and development expenditures are reviewed by an are segregated into specified bin locations and eventually
independent person. transported to a public
auction for sale. To reduce the risks associated with this process, an are sold. It also may be less effective than an auction for obtaining
organization the best price.
should employ which of the following procedures? Specifying that a commission be paid to the auction firm creates an
Require managerial approval for materials to be declared I. scrap or incentive to
obsolete. maximize the organization’s return.
II. Permit employees to purchase obsolete or scrap materials prior to Gleim CIA Test Prep: Part 1 - Internal Audit Basics
auction. (720 questions)
III. Limit obsolete or scrap materials sales to a pre-approved buyer. Copyright 2013 Gleim Publications Inc. Page 165
IV. Specify that a fixed fee, rather than a commission, be paid to the Printed for Sanja Knezevic
auction firm. [304] Gleim #: 3.4.73
A. II and III. While performing analytical procedures related to an engagement
B. I only. involving a social
C. II and IV. services agency of a government entity, the internal auditor noted an
D. I, III, and IV. unusually large
Answer (A) is incorrect. Permitting employees to purchase obsolete increase in payments to individual recipients who are under the
or scrap direction of a
materials prior to auction provides even more incentive for particular social worker in the agency. The internal auditor is
misappropriation. considering making a
Limiting obsolete or scrap materials sales to a pre-approved buyer recommendation about appropriate controls to address a potential
does not problem of fictitious
mitigate the risk of misappropriation before the materials are sold. recipients. The internal auditor has identified the following control
Moreover, procedures as
these procedures may be less effective than an auction for obtaining potential items to include in the recommendation.
the best price. Require that all additions to the recipient file be independently
Answer (B) is correct. A preventive control is needed. Management investigated and
approval for approved by a supervisor of the social workers.
materials to be declared scrap or obsolete reduces the risk of I.
misappropriation. Require the use of self-checking digits on the account numbers of all
Otherwise, materials may be more easily misclassified. recipients so
Answer (C) is incorrect. Permitting employees to purchase obsolete that any duplicates will be immediately noted by the system.
or scrap II.
materials prior to auction provides even more incentive for Incorporate a code into the computer program to search for duplicate
misappropriation. names and
Specifying that a commission be paid to the auction firm creates an addresses. Develop an exception report that will go to the section
incentive to supervisor
maximize the organization’s return. whenever duplicates are noted.
Answer (D) is incorrect. Limiting obsolete or scrap materials sales to III.
a preapproved Require that social workers be rotated IV. among recipients.
buyer does not mitigate the risk of misappropriation before the Which of the following control combinations would effectively address
materials the internal
auditor’s concerns and improve control over valid recipients? account numbers are not the risk in this situation. The appropriate
A. I, II, III, and IV. controls prevent
B. I, II, and III. or detect payments to nonexistent recipients that are sent to actual
C. I and IV. addresses under
D. I, III, and IV. the social worker’s control.
Answer (A) is incorrect. Duplicate recipient account numbers are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
the risk in (720 questions)
this situation. The appropriate controls prevent or detect payments to Copyright 2013 Gleim Publications Inc. Page 166
nonexistent Printed for Sanja Knezevic
recipients that are sent to actual addresses under the social worker’s fb.com/ciaaofficial
control. [305] Gleim #: 3.4.74
Answer (B) is incorrect. Duplicate recipient account numbers are not The most appropriate method to prevent fraud or theft during the
the risk in frequent movement
this situation. The appropriate controls prevent or detect payments to of trailers loaded with valuable metal scrap from the manufacturing
nonexistent plant to the
recipients that are sent to actual addresses under the social worker’s organization’s scrap yard about 10 miles away would be to
control. Perform complete physical inventory of the scrap trailers before
However, rotating social workers among recipients may prevent or leaving the plant
detect fraud. and upon arrival at the scrap yard.
Answer (C) is incorrect. A programmed control that searches for and A.
reports Require existing security guards to log the time of plant departure
exceptions (e.g., duplicate names and addresses) detects payments and scrap yard
to multiple arrival. The elapsed time should be reviewed by a supervisor for
recipients at a single or a few addresses. fraud.
Answer (D) is correct. A supervisory review of all additions to the B.
recipient file is Use armed guards to escort the movement of the trailers from the
a detective control that alerts management to nonexistent recipients. plant to the
Once it scrap yard.
becomes widely understood that this review will always be C.
performed, it becomes Contract with an independent hauler for the D. removal of scrap.
a preventive control. A programmed control that searches for and Answer (A) is incorrect. Performing a complete physical inventory of
reports the scrap at
exceptions (e.g., duplicate names and addresses) detects payments both locations would not be economically feasible.
to multiple Answer (B) is correct. Having the security guards record the times of
recipients at a single or a few addresses. Rotating social workers departure
among recipients and arrival is a cost-effective detective control because it entails no
may prevent or detect fraud. The probability of detection is greater additional
when the expenditures. Comparing the time elapsed with the standard time
wrongdoer’s opportunity to conceal fraud is reduced. However, allowed and
duplicate recipient
investigating material variances may detect a diversion of part of the vehicles at a secure location and restricting access establishes
scrap. accountability by
Answer (C) is incorrect. Hiring armed guards to escort the scrap the custodian and allows for proper authorization of their use.
trailers is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
unlikely to be cost-effective unless the scrap is extremely valuable. (720 questions)
Logging Copyright 2013 Gleim Publications Inc. Page 167
departures and arrivals will be sufficient in most cases. Printed for Sanja Knezevic
Answer (D) is incorrect. Using an independent hauler would provide [307] Gleim #: 3.4.76
no Which of the following controls could be used to detect bank deposits
additional assurance of prevention or detection of wrongdoing. that are
[306] Gleim #: 3.4.75 recorded but never made?
A utility with a large investment in repair vehicles would most likely Establishing accountability for receipts at the earliest A. possible
implement which time.
internal control to reduce the risk of vehicle theft or loss? Linking receipts to other internal accountabilities, for example,
A. Review insurance coverage for adequacy. collections to
B. Systematically account for all repair work orders. either accounts receivable or sales.
Physically inventory vehicles and reconcile the results with the B.
accounting C. Consolidating cash receiving points.
records. D. Having bank reconciliations performed by a third party.
C. Answer (A) is incorrect. Early establishment of accountability will not
Maintain vehicles in a secured location with release and return help
subject to approval detect bank deposits recorded on the books but not deposited in the
by a custodian. bank.
D. Answer (B) is incorrect. The issue is not accountability for receipts
Answer (A) is incorrect. Insurance provides for indemnification if but detection
loss or theft of failure to make deposits.
occurs. It thus reduces financial exposure but does not prevent the Answer (C) is incorrect. The number of receiving points does not
actual loss or impact the
theft. failure to make recorded deposits.
Answer (B) is incorrect. An internal control designed to ensure Answer (D) is correct. Having an independent third party prepare the
control over bank
repair work performed has no bearing on the risk of loss. reconciliations would reveal any discrepancies between recorded
Answer (C) is incorrect. Taking an inventory is a detective, not a deposits and the
preventive, bank statements. A bank reconciliation compares the bank statement
control. with
Answer (D) is correct. Physical safeguarding of assets is enacted organization records and resolves differences caused by deposits in
through the use transit,
of preventive controls that reduce the likelihood of theft or other loss. outstanding checks, NSF checks, bank charges, errors, etc.
Keeping the [308] Gleim #: 3.4.77
To minimize the risk that agents in the purchasing department will Management can best strengthen internal control over the custody of
use their positions inventory stored
for personal gain, the organization should in an off-site warehouse by implementing
A. Rotate purchasing agent assignments periodically. Reconciliations of transfer slips to/from the warehouse with A.
B. Request internal auditors to confirm selected purchases and inventory records.
accounts payable. B. Increases in insurance coverage.
C. Specify that all items purchased must pass value-per-unit-of-cost C. Regular reconciliation of physical inventories to accounting
reviews. records.
Direct the purchasing department to maintain records on purchase D. Regular confirmation of the amount on hand with the custodian of
prices paid, the warehouse.
with review of such being required each 6 months. Answer (A) is incorrect. A control over the movement of inventory to
D. and from
Answer (A) is correct. The risk of favoritism is increased when the warehouse provides no assurance over the custody of the
buyers have longterm inventory while in
relationships with specific vendors. Periodic rotation of buyer the warehouse.
assignments Answer (B) is incorrect. Increasing insurance coverage helps
will limit the opportunity to show favoritism. This risk is also reduced protect the
if buyers organization against losses but does not strengthen internal control
are required to take vacations. over the
Answer (B) is incorrect. Confirmation does not enable internal custody of inventory.
auditors to detect Answer (C) is correct. A detective control that will reveal, on a
inappropriate benefits received by purchasing agents or deter long- regular basis, any
term discrepancies between the inventory records and the actual
relationships. inventory on hand is
Answer (C) is incorrect. Value-per-unit-of-cost reviews could be needed. Periodic comparison of the recorded accountability for
helpful in inventory with the
ensuring a certain level of value received for price paid but do not actual physical inventory will accomplish this.
directly focus Answer (D) is incorrect. Confirming with the custodian the amount of
on receipt of inappropriate benefits by purchasing agents. inventory
Answer (D) is incorrect. Review of records every 6 months does not on hand does not verify that the inventory is actually at the
enable the warehouse.
organization to detect receipt of inappropriate benefits by an agent or [310] Gleim #: 3.4.79
deter When a supplier of office products is unable to fill an order
relationships that could lead to such activity. completely, it marks the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics out-of-stock items as back ordered on the customer’s order and
(720 questions) enters these items in a
Copyright 2013 Gleim Publications Inc. Page 168 back order file that management can view or print. Customers are
Printed for Sanja Knezevic becoming
fb.com/ciaaofficial disgruntled with the supplier because it seems unable to keep track
[309] Gleim #: 3.4.78 of and ship out-ofstock
items as soon as they are available. The best approach for ensuring [311] Gleim #: 3.4.80
prompt Which of the following observations by an auditor is most likely to
delivery of out-of-stock items is to indicate the
A. Match the back order file to goods received daily. existence of control weaknesses over safeguarding of assets?
Increase inventory levels to minimize the number of times that out-of- A service department’s location is not well suited to allow adequate
stock service to
conditions occur. other units.
B. I.
Implement electronic data interchange with supply vendors to Employees hired for sensitive positions are not subjected to II.
decrease the time to background checks.
replenish inventory. Managers do not have access to reports that profile overall
C. performance in relation
Reconcile the sum of filled and back orders with the total of all orders to other benchmarked organizations.
placed III.
daily. Management has not taken corrective action to resolve past
D. engagement
Answer (A) is correct. A directive control is appropriate, i.e., one observations related to inventory controls.
designed to IV.
cause or encourage the occurrence of a desirable event. Matching A. I and II only.
the back order B. I and IV only.
file with goods received daily is the surest way of facilitating prompt C. II and III only.
delivery of D. II and IV only.
out-of-stock items. Answer (A) is incorrect. A service department’s location concerns
Answer (B) is incorrect. An increase in inventory minimizes out-of- achieving
stock organizational objectives, not safeguarding of assets.
conditions but has no effect on tracking and shipping goods as soon Answer (B) is incorrect. A service department’s location concerns
as they are achieving
available. organizational objectives, not safeguarding of assets. But failure to
Answer (C) is incorrect. More efficient replenishment of its own do background
inventory has no checks is a control weakness related to asset security.
effect on tracking and shipping goods as soon as they are available. Answer (C) is incorrect. Managers not having access to reports
Answer (D) is incorrect. Reconciling the sum of filled and back profiling overall
orders with the performance concerns achieving organizational objectives.
total of all orders placed daily ensures that orders were either filled or Answer (D) is correct. Internal auditors evaluate risk exposures and
back the adequacy
ordered but will not affect delivery of the items that are out of stock. and effectiveness of controls relating to, among other things,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics safeguarding of
(720 questions) assets (Perf. Std. 2130.A1). Lack of background checks for
Copyright 2013 Gleim Publications Inc. Page 169 employees hired for
sensitive positions and failure to take corrective action on past Answer (C) is correct. The risk of favoritism is increased when
engagement buyers have long-term
observations relating to safeguarding of assets are red flags relationships with specific vendors. Periodic rotation of buyer
signifying control assignments will limit
weaknesses. Regular reference and background checks, integrity the opportunity for any buyer to show favoritism to a particular
tests, and drug supplier.
screening are hiring procedures that may be part of an effective Answer (D) is incorrect. The number of orders placed is not relevant
ethical culture. to preventing
Furthermore, internal auditors follow up on engagement results to favoritism.
determine what [313] Gleim #: 3.4.82
corrective actions have been taken or whether management or the Appropriate internal control for a multinational corporation’s branch
board has office that has a
assumed the risk of not taking action. If the CAE believes the risk monetary transfer unit requires that
assumed may The individual who initiates wire transfers not reconcile A. the bank
be unacceptable to the organization, (s)he must discuss the matter statement.
with senior B. The branch manager receive all wire transfers.
management and the board (Perf. Stds. 2500.A1 and 2600). C. Foreign currency rates be computed separately by two different
[312] Gleim #: 3.4.81 employees.
A control likely to prevent purchasing agents from favoring specific D. Corporate management approve the hiring of monetary transfer
suppliers is unit employees.
Requiring management’s review of a monthly report of the totals Answer (A) is correct. A control is any action taken by management
spent by each to enhance
buyer. the likelihood that established goals and objectives will be achieved.
A. Controls
B. Requiring buyers to adhere to detailed material specifications. include segregation of duties to reduce the risk that any person may
C. Rotating buyer assignments periodically. be able to
D. Monitoring the number of orders placed by each buyer. perpetrate and conceal errors or fraud in the normal course of his/her
Gleim CIA Test Prep: Part 1 - Internal Audit Basics duties.
(720 questions) Different persons should authorize transactions, record transactions,
Copyright 2013 Gleim Publications Inc. Page 170 and maintain
Printed for Sanja Knezevic custody of the assets associated with the transaction. Independent
fb.com/ciaaofficial reconciliation of
Answer (A) is incorrect. Requiring review of a monthly report of the bank accounts is necessary for good internal control.
totals spent by Answer (B) is incorrect. Having the branch manager receive all wire
each buyer does not enable the organization to detect receipt of transfers is
inappropriate benefits not an important internal control consideration.
by an agent or deter relationships that could lead to such activity. Answer (C) is incorrect. Foreign currency translation rates are
Answer (B) is incorrect. Detailed material specifications will not verified, not
prevent buyer computed. Having two employees in the same department perform
favoritism in placing orders. the same task
will not significantly enhance internal control. Require all submitted claims to be accompanied by a signed
Answer (D) is incorrect. Corporate management approval of hiring statement by the
monetary dentist testifying that the claimed procedures were performed.
transfer unit employees is not an important internal control B.
consideration. Send confirmations to the dentists requesting them to confirm the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics exact nature of
(720 questions) the claims submitted to the healthcare processor.
Printed for Sanja Knezevic Develop an integrated test facility and submit false claims to verify
[314] Gleim #: 3.4.83 that the system
An internal auditor is assigned to perform an engagement to evaluate is detecting such claims on a consistent basis.
the D.
organization’s insurance program, including the appropriateness of Answer (A) is correct. Under this detective control, unusual claims
the approach to could be
minimizing risks. The organization self-insures against large casualty identified and followed up to determine if they are legitimate. This
losses and health control is a
benefits provided for all its employees. The organization is a large type of IT input control known as a reasonableness test.
national firm with Answer (B) is incorrect. Requiring a signed statement does not
over 15,000 employees located in various parts of the country. It prevent the
uses an outside dentist from filing a false claim.
claims processor to administer its healthcare program. The Answer (C) is incorrect. Sending confirmations to the dentists does
organization’s medical not prevent
costs have been rising by approximately 8% per year for the past 5 the filing of false claims or a false response to the confirmation.
years, and Answer (D) is incorrect. An integrated test facility would only provide
management is concerned with controlling these costs. The information about the correctness of the processing of the claim or a
healthcare processor false
wishes to implement controls that would help prevent fraud by response to the confirmation, not on the propriety of the claim.
dentists who are [315] Gleim #: 3.4.84
submitting billings for services not provided. Assume further that all An internal auditor is reviewing the organization’s policy regarding
the claims are investing in
submitted electronically to the healthcare processor. Which of the financial derivatives. The internal auditor normally expects to find all
following control of the following
procedures would be the most effective? in the policy except
Develop a program that identifies procedures performed on an A statement indicating whether derivatives are to be used for hedging
individual in or
excess of expectations based on the age of the employee, whether a speculative purposes.
similar A.
procedure was performed recently, or the average cost per claim. A specific authorization limit for the amount and types of derivatives
A. that can be
used by the organization.
B. D.
A specific limit on the amount authorized for C. any single trader. Answer (A) is correct. A lockbox system expedites receipt of funds
A statement requiring board review of each transaction because of and provides
the risk effective control over cash receipts. Donors send their payments to
involved in such transactions. mailboxes,
D. often in numerous locations, that are checked by a bank several
Gleim CIA Test Prep: Part 1 - Internal Audit Basics times a day.
(720 questions) Hence, payments are deposited before being processed by the
Copyright 2013 Gleim Publications Inc. Page 172 organization’s
Printed for Sanja Knezevic accounting system.
fb.com/ciaaofficial Answer (B) is incorrect. The flaw in this procedure is that it focuses
Answer (A) is incorrect. A policy specifying whether derivatives are only on
to be used for deposits that were made. The concern is with cash receipts that were
hedging or speculating is a crucial directive control. not
Answer (B) is incorrect. A policy specifying the authorization limits deposited.
for derivatives is Answer (C) is incorrect. An individual may deposit a check to a
an appropriate directive control. similarly named
Answer (C) is incorrect. A policy specifying the authorization limits organization.
for derivatives is Answer (D) is incorrect. The same person should not be responsible
an appropriate directive control. for the cash
Answer (D) is correct. A policy requiring board review of every receipts and the confirmations. The person could confirm receipts
derivatives even if they
transaction is cost ineffective. Management is responsible for daily were diverted.
operations and is [317] Gleim #: 3.4.86
expected to conform to the policies of the board. A rental car agency’s fleet maintenance division uses a different code
[316] Gleim #: 3.4.85 for each type of
Which of the following control procedures provides the greatest inventory transaction. A daily summary report lists activity by part
assurance that all number and
donations to a not-for-profit organization are immediately deposited transaction code. The report is reconciled by the parts room
to the supervisor to the day’s
organization’s account? material request forms and is then forwarded to the fleet manager for
Use a lockbox to receive A. all donations. approval. The
Perform periodic reviews of the organization’s cash receipts by reconciliation of the summary report to the day’s material request
tracing deposits to forms by the parts
the original posting in the cash receipts records. room supervisor
B. A. Verifies that all material request forms were approved.
C. Require that all donations be made by check. Provides documentation as to what material was available for a
Require issuance of a confirmation receipt to all donors, with the specific
receipt issued by transaction.
the person who opens and deposits the cash receipts. B.
C. Confirms that all material request forms are entered for all parts Answer (B) is incorrect. The dirt removed would not have been
issued. received by the
D. Ensures the accuracy and completeness of data input. organization. Hence, no receiving reports would have existed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. This comparison would not have detected
(720 questions) the specific
Copyright 2013 Gleim Publications Inc. Page 173 reason for a variance.
Printed for Sanja Knezevic Answer (D) is incorrect. The problem was not a mathematical error
Answer (A) is incorrect. This reconciliation would not necessarily but an
include a review of erroneous basis for payment.
authorizations. [319] Gleim #: 3.4.88
Answer (B) is incorrect. The material available for a specific During an engagement involving a purchasing department, an
transaction is not part of internal auditor
the reconciliation. discovered that many purchases were made (at normal prices) from
Answer (C) is incorrect. Not all request forms may have been an office supplier
submitted. whose owner was the brother of the director of purchasing. Controls
Answer (D) is correct. This reconciliation is an input control to verify were in place to
that data entry restrict such purchases and no fraud appears to have been
is accurate and complete. The parts requested should be consistent committed. In this case, the
with the parts used internal auditor should recommend
in the maintenance activities. Unexplained variances should be The development of an approved-vendor file initiated by the buyer
investigated. and approved
[318] Gleim #: 3.4.87 by the director of purchasing.
During an engagement involving a construction contract, the internal A.
auditor B. Establishment of a price policy (range) for all goods.
discovered that the contractor was being paid for each ton of dirt C. The initiation of a conflict-of-interest policy.
removed. The D. The inspection of all receipts by receiving inspectors.
contract called for payment based on cubic yards removed. Which Gleim CIA Test Prep: Part 1 - Internal Audit Basics
internal control (720 questions)
might have prevented this error? Copyright 2013 Gleim Publications Inc. Page 174
Comparison of invoices with purchase orders A. or contracts. Printed for Sanja Knezevic
B. Comparison of invoices with receiving reports. fb.com/ciaaofficial
C. Comparison of actual costs with budgeted costs. Answer (A) is incorrect. An approved-vendor file approved by the
D. Extension checks of invoice amounts. director would not
Answer (A) is correct. This detective control would have revealed prevent a conflict of interest.
that the Answer (B) is incorrect. Price is not a factor when dealing with
contractor’s invoice used a unit of measure different from that in the conflicts of interest.
contract. Answer (C) is correct. A policy is one means of achieving control. It
Thus, the basis of payment was not what was called for in this unit- is a general guide
price contract. to and limit on action that should be clearly stated in writing and
systematically
communicated to appropriate parties. A conflict-of-interest policy by the affected operational unit of the organization of any basis for a
should contain claim.
directives that restrict business dealings with relatives unless Prompt reporting is required to permit the insurer to take whatever
otherwise disclosed to steps it may
and approved by senior management. deem necessary to reduce the ultimate compensable loss. The
Answer (D) is incorrect. The inspection of all receipts by receiving insurance function
inspectors is an then cooperates with the operational unit to document and formally
appropriate receiving control that does not pertain to this situation. submit the
[320] Gleim #: 3.4.89 claim to the carrier. Subsequently, the insurance function will be
Which of the following policies and procedures is consistent with involved in any
effective required review of the claim and negotiation of a settlement.
administration of the insurance function? Answer (D) is incorrect. Prudence dictates that other factors, e.g.,
Billings for insurance coverage are received and payments disbursed the financial
by the resources of the carrier and the fairness and efficiency of claims
insurance manager. handling, be
A. considered in addition to rates.
Policy coverages are adjusted each year by applying a price index to Gleim CIA Test Prep: Part 1 - Internal Audit Basics
previous year (720 questions)
coverages. Copyright 2013 Gleim Publications Inc. Page 175
B. Printed for Sanja Knezevic
Final settlements are negotiated after claims are developed C. and [321] Gleim #: 3.4.90
submitted. A recent inventory shortage at XYZ Corp., an unaffiliated supplier,
Policies are always placed with the carrier that offers the lowest rate contributed to
for a production failures at OPS Corp. in the current period. To avoid
specified level of coverage. future production
D. failures because of supplier inventory shortages, the most
Answer (A) is incorrect. The manager has too many responsibilities; appropriate method is for
there is no OPS to
separation of duties. The receipt of billings and the disbursement of Establish an inventory control A. framework at XYZ.
payments B. Increase the size of orders.
should be done by different people. C. Produce the inventory items instead of purchasing from suppliers.
Answer (B) is incorrect. While policy coverages should be D. Inform XYZ about its risk appetite regarding supply failures.
systematically Answer (A) is incorrect. OPS has no authority to establish an
evaluated each year to assure appropriate coverage, mere inventory control
adjustment for inflation framework at XYZ.
is not adequate to determine the degree of risk that should be Answer (B) is incorrect. Increasing order size does not address the
insured. cause of
Answer (C) is correct. The claims handling process begins with supplier failures.
prompt reporting Answer (C) is incorrect. Although in-house production will eliminate
the external
parties, it may not be the most cost-effective method. The external Answer (D) is incorrect. Use of sales department vehicles by only
party may have sales personnel
cost advantages the organization does not. is appropriate.
Answer (D) is correct. The risk appetite is the level of risk that an Gleim CIA Test Prep: Part 1 - Internal Audit Basics
organization is (720 questions)
willing to accept (The IIA Glossary). Thus, communicating about the Copyright 2013 Gleim Publications Inc. Page 176
risk appetite Printed for Sanja Knezevic
with external parties is an important aspect of risk management. It fb.com/ciaaofficial
allows the [323] Gleim #: 3.4.92
organization to develop strategies to work with suppliers who may An employee should not be able to visit the organization’s safe
have different deposit box containing
objectives. investment securities without being accompanied by another
[322] Gleim #: 3.4.91 employee. What would
A system of internal control includes physical controls over access to be a possible consequence of an employee’s being able to visit the
and use of assets safe deposit box
and records. A departure from the purpose of such procedures is that unaccompanied?
A. Access to the safe-deposit box requires two officers. The employee could pledge organizational investments as security
Only storeroom personnel and line supervisors have access to the for a short-term
raw materials personal bank loan.
storeroom. A.
B. The employee could steal securities and the theft would never B. be
C. The mailroom compiles a list of the checks received in the discovered.
incoming mail. C. It would be impossible to obtain a fidelity bond on the employee.
D. Only salespersons and sales supervisors use sales department There would be no record of when organizational personnel visited
vehicles. the safe
Answer (A) is incorrect. It is appropriate for two officers to be deposit box.
required to open D.
the safe-deposit box. One supervises the other. Answer (A) is correct. The bank should maintain a record, which can
Answer (B) is correct. Storeroom personnel have custody of assets, be
and inspected by organizational personnel, of all safe deposit box visits.
supervisors are in charge of execution functions. To give supervisors Access should
access to the be limited to authorized officers. Organizations typically require the
raw materials storeroom is a violation of the essential internal control presence of
principle of two authorized persons for access to the box. This precaution
segregation of functions. provides
Answer (C) is incorrect. The mailroom typically compiles a prelisting supervisory control over, for example, the temporary removal of the
of cash. securities to
The list is sent to the accountant as a control for actual cash sent to serve as a pledge for a loan (hypothecation of securities).
the cashier. Answer (B) is incorrect. An engagement involving investment
securities would
eventually uncover an outright theft assuming no alteration of the be posted. It should then be compared with the total of items posted
asset records. to the
Answer (C) is incorrect. Obtaining a fidelity bond is contingent upon individual accounts.
the Answer (D) is incorrect. These controls will not detect an initial
character of the employee, not the presence of a specific control. misposting. The
Answer (D) is incorrect. The bank maintains a record of visits. statements and the reconciliation are based on the misposted
[324] Gleim #: 3.4.93 records.
One of two office clerks in a small organization prepares a sales Gleim CIA Test Prep: Part 1 - Internal Audit Basics
invoice; however, the (720 questions)
invoice is incorrectly entered by the bookkeeper in the general ledger Copyright 2013 Gleim Publications Inc. Page 177
and the accounts Printed for Sanja Knezevic
receivable subsidiary ledger for a smaller amount resulting from a [325] Gleim #: 3.4.94
transposition of Which of the following aspects of the administration of a
digits. The customer subsequently remits the amount on the monthly compensation program is the
statement. most important control in the long run?
Assuming only three employees are in the department, the most An informal wage and salary policy to be competitive with the A.
effective control to industry average.
prevent this type of error is B. A plan of job classifications based on predefined evaluation
Assigning the second office clerk to make an independent check of criteria.
prices, C. A wage and salary review plan for individual employee
discounts, extensions, footings, and invoice serial numbers. compensation.
A. D. A level of general compensation that is reasonably competitive.
Requiring that monthly statements be prepared by the bookkeeper Answer (A) is incorrect. A vague policy would contribute little if
and verified by anything to the
one of the other office clerks prior to mailing. fair administration of compensation programs.
B. Answer (B) is correct. Job classifications and grades are established
C. Using predetermined totals to control posting routines. during the
Requiring the bookkeeper to perform periodic reconciliations of the job analysis phase and the general level of compensation in the
accounts community and in
receivable subsidiary ledger and the general ledger. the industry must be determined. Compensation is then fixed based
D. on the plan of
Answer (A) is incorrect. The misposting was an error that occurred job classifications, usually within a range for each grade. A range is
subsequent to necessary to
this step. allow for flexibility. Compensation should be low enough to avoid
Answer (B) is incorrect. These controls will not detect an initial excess cost
misposting. The and to permit competitive pricing but high enough to attract needed
statements and the reconciliation are based on the misposted personnel.
records. Answer (C) is incorrect. A plan for reviewing individual
Answer (C) is correct. A control total should be generated for the compensation
transactions to presupposes a classification plan.
Answer (D) is incorrect. Reasonably competitive compensation is One control objective of the financing/treasury cycle is the proper
predicated on a authorization of
classification plan. transactions involving debt and equity instruments. Which of the
[326] Gleim #: 3.4.95 following controls
To minimize potential financial losses associated with physical would best meet this objective?
assets, the assets Segregation of responsibility for custody of funds from recording of
should be insured in an amount that is the
A. Supported by periodic appraisals. transaction.
B. Determined by the board of directors. A.
Automatically adjusted by an economic indicator such as the Written policies requiring review of major funding/repayment
consumer price proposals by the
index. board.
C. B.
D. Equal to the book value of the individual assets. Use of an underwriter in all cases of new issue of debt or C. equity
Answer (A) is correct. Based on the results of the risk assessment, instruments.
the internal D. Requiring two signatures on all checks of a material amount.
audit activity should evaluate the adequacy and effectiveness of Answer (A) is incorrect. Segregation of responsibility for custody of
controls funds from
encompassing the organization’s governance, operations, and recording of the transaction concerns the objective of safeguarding of
information assets, not
systems. This should include, among other things, safeguarding of authorization.
assets (Impl. Answer (B) is correct. The control objective of authorization
Std. 2120.A1). Safeguarding assets includes insuring them. The concerns the proper
types and execution of transactions in accordance with management’s wishes.
amounts of insurance should be supported by periodic appraisals. One means of
Answer (B) is incorrect. The determination of insurance coverage is achieving this control objective is the establishment of policies as
not a guides to
function of the board of directors. action. When a decision affects the capitalization of the entity, a
Answer (C) is incorrect. The consumer price index generally does policy should be
not provide an in force requiring review at the highest level.
appropriate adjustment factor for fixed assets. Answer (C) is incorrect. Use of an underwriter in all cases of new
Answer (D) is incorrect. Book values may not reflect the issue of debt or
replacement or real equity instruments does not state a control but rather a specific
value of an asset. means of issuing
Gleim CIA Test Prep: Part 1 - Internal Audit Basics securities.
(720 questions) Answer (D) is incorrect. Requiring two signatures on all checks of a
Copyright 2013 Gleim Publications Inc. Page 178 material
Printed for Sanja Knezevic amount concerns the objective of safeguarding of assets, not
fb.com/ciaaofficial authorization.
[327] Gleim #: 3.4.96 [328] Gleim #: 3.4.97
Which of the following describes a control weakness? [329] Gleim #: 3.4.98
Purchasing procedures are well designed and are followed unless A manufacturer uses large quantities of small, inexpensive items,
otherwise such as nuts, bolts,
directed by the purchasing supervisor. washers, and gloves, in the production process. As these goods are
A. purchased, they are
B. Prenumbered blank purchase orders are secured within the recorded in inventory in bulk amounts. Bins are located on the shop
purchasing department. floor to provide
Normal operational purchases fall in the range from US $500 to US timely access to these items. When necessary, the bins are refilled
$1,000 with from inventory, and
two signatures required for purchases over US $1,000. the cost of the items is charged to a consumable supplies account,
C. which is part of
The purchasing agent invests in a publicly traded mutual fund that shop overhead. Which of the following would be an appropriate
lists the stock improvement of
of one of the organization’s suppliers in its portfolio. controls in this environment?
D. Relocate bins to the inventory A. warehouse.
Answer (A) is correct. Well-designed procedures that are set aside Require management review of reports on the cost of consumable
at items used in
management’s discretion are not adequate controls. Control relation to budget.
procedures must be B.
followed consistently to be effective. However, the possibility of C. Lock the bins during normal working hours.
management D. None of these controls are needed for items of minor cost and
override is an inherent limitation of internal control. size.
Answer (B) is incorrect. Use of prenumbered blank purchase orders Answer (A) is incorrect. The bins should be on the shop floor where
secured the nuts,
within the purchasing department is a common control. bolts, etc., are needed.
Answer (C) is incorrect. Requiring a more stringent authorization Answer (B) is correct. In accordance with the cost-benefit criterion,
procedure for control
larger purchases is an appropriate control as long as documentation expenditures for manufacturing supplies (nuts, bolts, etc.) should be
supports the minimal.
purchases. Nevertheless, some controls should be implemented. For example,
Answer (D) is incorrect. The purchasing agent’s mutual fund usage should
investment should be estimated and compared with stock balances and also with the
not be a conflict of interest. The relationship between the return on number of using
the investment personnel. Moreover, variances should be calculated for the
and any possible action by the agent to favor the supplier is very difference between
weak. costs incurred and budgeted amounts.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Locking the bins would limit the efficiency
(720 questions) and
Copyright 2013 Gleim Publications Inc. Page 179 effectiveness of shop personnel.
Answer (D) is incorrect. Controls are needed even for items of minor Answer (A) is incorrect. Organizational structure and assignment of
cost and authority and
size. responsibility are also part of the control environment.
[330] Gleim #: 4.1.1 Answer (B) is incorrect. Integrity and ethical values and assignment
The COSO framework treats internal control as a process designed of authority
to provide and responsibility are also part of the control environment.
reasonable assurance regarding the achievement of objectives Answer (C) is incorrect. Integrity and ethical values and
related to organizational structure
A. Reliability of financial reporting. are also part of the control environment.
B. Effectiveness and efficiency of operations. Answer (D) is correct. The COSO internal control framework lists the
C. Compliance with applicable laws and regulations. following
D. All of the answers are correct. seven elements of the control environment:
Answer (A) is incorrect. The effectiveness and efficiency of Integrity and ethical values
operations and Commitment to competence
compliance with applicable laws and regulations are also correct. Board of directors or audit committee
Answer (B) is incorrect. The reliability of financial reporting and Management’s philosophy and operating style
compliance Organizational structure
with applicable laws and regulations are also correct. Assignment of authority and responsibility
Answer (C) is incorrect. Reliability of financial reporting and Human resource policies and practices
effectiveness and [332] Gleim #: 4.1.3
efficiency of operations are also correct. Which of the following is not a component of the CoCo model?
Answer (D) is correct. The COSO framework treats internal control A. Commitment.
as a process B. Capability.
designed to provide reasonable assurance regarding the C. Control environment.
achievement of objectives D. Monitoring and learning.
related to reliability of financial reporting, effectiveness and efficiency Answer (A) is incorrect. Commitment is a component of the CoCo
of model.
operations, and compliance with applicable laws and regulations. Answer (B) is incorrect. Capability is a component of the CoCo
Gleim CIA Test Prep: Part 1 - Internal Audit Basics model.
(720 questions) Answer (C) is correct. The control environment is not one of the four
Copyright 2013 Gleim Publications Inc. Page 180 components
Printed for Sanja Knezevic of the CoCo model. The four components are commitment,
fb.com/ciaaofficial capability, monitoring
[331] Gleim #: 4.1.2 and learning, and purpose.
Which of the following are elements of the control environment? Answer (D) is incorrect. Monitoring and learning is a component of
Integrity A. and ethical values. the CoCo
B. Organizational structure. model.
C. Assignment of authority and responsibility. [333] Gleim #: 4.1.4
D. All of the answers are correct. In regard to The IIA’s Electronic Systems Assurance and Control
study, which of the
following is not a business assurance objective? Answer (A) is correct. The control environment includes, among
A. Recordability. other things, the
B. Capability. element of human resource policies and practices. Thus, hiring,
C. Protectability. orientation,
D. Functionality. training, evaluation, counseling, promotion, compensation, and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics remedial actions
(720 questions) must be considered by management.
Copyright 2013 Gleim Publications Inc. Page 181 Answer (B) is incorrect. Compensation systems are part of the
Printed for Sanja Knezevic organization’s
Answer (A) is correct. Recordability is not a business assurance control systems.
objective. Answer (C) is incorrect. Audits of the compensation systems can be
Answer (B) is incorrect. Capability is one of the five business combined
assurance objectives. with an audit of other functions that affect corporate bonuses.
Answer (C) is incorrect. Protectability is one of the five business Answer (D) is incorrect. Compensation systems are part of the
assurance objectives. organization’s
Answer (D) is incorrect. Functionality is one of the five business control systems, and they may be audited in combination with other
assurance objectives. functions that
[334] Gleim #: 4.1.5 affect corporate bonuses.
Which of the following statements is correct regarding corporate [335] Gleim #: 4.1.6
compensation The policies and procedures helping to ensure that management
systems and related bonuses? directives are
A bonus system should be considered part of the control executed and actions are taken to address risks to achievement of
environment of an objectives describes
organization and should be considered in formulating a report on A. Risk assessments.
internal control. B. Control environments.
I. C. Control activities.
Compensation systems are not part of an organization’s control D. Monitoring.
system and should Gleim CIA Test Prep: Part 1 - Internal Audit Basics
not be reported as such. (720 questions)
II. Copyright 2013 Gleim Publications Inc. Page 182
An audit of an organization’s compensation system should be Printed for Sanja Knezevic
performed fb.com/ciaaofficial
independently of an audit of the control system over other functions Answer (A) is incorrect. Risk assessment identifies and analyzes
that impact external or internal
corporate bonuses. risks to achievement of the objectives at the activity level as well as
III. the entity level.
A. I only. Answer (B) is incorrect. Control environments reflect the attitude
B. II only. and actions of the
C. III only. board and management regarding the significance of control within
D. II and III only. the organization.
Answer (C) is correct. Control activities are the policies and activity.
procedures helping to Answer (D) is incorrect. The board has oversight governance
ensure that management directives are executed and actions are responsibilities but
taken to address risks ordinarily does not become involved in the details of operations.
to achievement of objectives. [337] Gleim #: 4.1.8
Answer (D) is incorrect. Monitoring is a process that assesses the Which term best reflects the attitude and actions of the board and
quality of the management
system’s performance over time. regarding the significance of control within the organization?
[336] Gleim #: 4.1.7 A. Risk assessment.
An organization’s directors, management, external auditors, and B. Control activities.
internal auditors all C. Control environment.
play important roles in creating a proper control environment. Senior D. Monitoring.
management is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
primarily responsible for (720 questions)
Establishing a proper organizational culture and specifying a system Copyright 2013 Gleim Publications Inc. Page 183
of internal Printed for Sanja Knezevic
control. Answer (A) is incorrect. Risk assessment identifies and analyzes
A. external or internal
Designing and operating a control system that provides reasonable risks to achievement of the objectives at the activity level as well as
assurance that the entity level.
established objectives and goals will be achieved. Answer (B) is incorrect. Control activities are the policies and
B. procedures helping to
Ensuring that external and internal auditors adequately monitor the ensure that management directives are executed and actions are
control taken to address risks
environment. to achievement of objectives.
C. Answer (C) is correct. A control environment reflects the attitude and
Implementing and monitoring controls designed by the D. board of actions of the
directors. board and management regarding the significance of control within
Answer (A) is correct. Senior management is primarily responsible the organization.
for Answer (D) is incorrect. Monitoring is a process that assesses the
establishing a proper organizational culture and specifying a system quality of the
of internal system’s performance over time.
control. [338] Gleim #: 4.1.9
Answer (B) is incorrect. Senior management is not likely to be Internal control can provide only reasonable assurance that the
involved in the organization’s
detailed design and day-to-day operation of a control system. objectives will be met efficiently and effectively. One factor limiting
Answer (C) is incorrect. Management administers risk and control the likelihood of
processes. It achieving those objectives is that
cannot delegate this responsibility to the external auditors or to the The internal auditor’s primary responsibility is the A. detection of
internal audit fraud.
B. The board is active and independent. (720 questions)
C. The cost of internal control should not exceed its benefits. Copyright 2013 Gleim Publications Inc. Page 184
D. Management monitors performance. Printed for Sanja Knezevic
Answer (A) is incorrect. The internal audit activity’s responsibility fb.com/ciaaofficial
regarding Answer (A) is incorrect. The COSO and CoCo models emphasize
controls is to evaluate effectiveness and efficiency and to promote soft controls.
continuous Answer (B) is incorrect. The communication of ethical values and
improvement. the fostering of
Answer (B) is incorrect. An effective governance function mutual trust are soft controls in the CoCo model.
strengthens the control Answer (C) is incorrect. Soft controls have become more necessary
environment. as technology
Answer (C) is correct. A limiting factor is that the cost of internal advances have empowered employees.
control should Answer (D) is correct. One approach to auditing soft controls is
not exceed its expected benefits. Thus, the potential loss associated control selfassessment,
with any which is the involvement of management and staff in the assessment
exposure or risk is weighed against the cost to control it. Although of
the cost-benefit internal controls within their work group.
relationship is a primary criterion that should be considered in [340] Gleim #: 4.1.11
designing and Which of the following broad control objectives listed in The IIA’s
implementing internal control, the precise measurement of costs and Electronic Systems
benefits Assurance and Control differs from the objectives found in the COSO
usually is not possible. internal control
Answer (D) is incorrect. Senior management’s role is to oversee the framework?
establishment, administration, and assessment of the system of risk Effectiveness A. and efficiency.
management B. Financial reporting.
and control processes. C. Compliance.
[339] Gleim #: 4.1.10 D. Safeguarding of assets.
Which of the following statements is not accurate with regard to soft Answer (A) is incorrect. Effectiveness and efficiency of operations is
controls? addressed
A. The COSO and CoCo models emphasize soft controls. in both models.
The communication of ethical values and the fostering of mutual trust Answer (B) is incorrect. Financial reporting is addressed in both
are soft models.
controls in the CoCo model. Answer (C) is incorrect. Compliance with laws and regulations is
B. addressed in
Soft controls have become more necessary as technology advances both models.
have Answer (D) is correct. Safeguarding of assets is not among the
empowered employees. objectives of
C. control found in the COSO internal control framework.
D. Control self-assessment is not an approach to audit soft controls. [341] Gleim #: 4.1.12
Which of the following is the common name for Internal Control: then reconciles the cash received for the day with the computerized
Guidance for record of food
Directors on the Combined Code? orders generated. All differences are investigated immediately by the
A. COSO. restaurant.
B. COBIT. Organizational headquarters has established monitoring controls to
C. The Turnbull Report. determine when an
D. CoCo. individual restaurant might not be recording all its revenue and
Answer (A) is incorrect. The COSO (Committee of Sponsoring transmitting the
Organizations of applicable cash to the corporate headquarters. Which one of the
the Treadway Commission) issued Internal Control – Integrated following is the best
Framework. example of a monitoring control?
Answer (B) is incorrect. COBIT is the integrated framework for The restaurant manager reconciles the cash received with the food
information orders recorded
technology controls issued by the IT Governance Institute. on the computer.
Answer (C) is correct. One of the three most recognized internal A.
control All food orders must be entered on the computer, and segregation of
frameworks is Internal Control: Guidance for Directors on the duties is
Combined Code. maintained between the food servers and the cooks.
It is commonly known as the Turnbull Report and was issued by the B.
Institute of Management prepares a detailed analysis of gross margin per store
Chartered Accountants in England and Wales. and
Answer (D) is incorrect. CoCo refers to Guidance on Control investigates any store that shows a significantly lower gross margin.
(original title: C.
Criteria of Control) issued by the Canadian Institute of Chartered Cash is transmitted to corporate headquarters D. on a daily basis.
Accountants. Answer (A) is incorrect. The manager’s activity is an example of a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics reconciliation
(720 questions) control applied at the store level. Monitoring is an overall control that
Copyright 2013 Gleim Publications Inc. Page 185 determines
Printed for Sanja Knezevic whether other controls are operating effectively.
[342] Gleim #: 4.1.13 Answer (B) is incorrect. The division of duties is an operational
A restaurant chain has over 680 restaurants. All food orders for each control.
restaurant are Answer (C) is correct. Monitoring is a process that assesses the
required to be entered into an electronic device that records all food quality of internal
orders by food control over time. It involves assessment by appropriate personnel of
servers and transmits the order to the kitchen for preparation. All the design
food servers are and operation of controls and the taking of corrective action.
responsible for collecting cash for all their orders and must turn in Monitoring can be
cash at the end of done through ongoing activities or separate evaluations. Ongoing
their shift equal to the sales value of food ordered for their I.D. monitoring
number. The manager
procedures are built into the normal recurring activities of an entity The manager of the program should be independent of the
and include operations assessed.
regular management and supervisory activities. Thus, analysis of Answer (D) is incorrect. An internal audit activity should be
gross margin independent of the
data and investigation of significant deviations is a monitoring operations reviewed and is not a managerial function.
process. [344] Gleim #: 4.1.15
Answer (D) is incorrect. Daily transmission of cash is an operational Which of the following are elements included in the control
control. environment described in
[343] Gleim #: 4.1.14 the COSO internal control framework?
Management has a role in the maintenance of control. In fact, Organizational structure, management philosophy, A. and planning.
management sometimes B. Integrity and ethical values, assignment of authority, and human
is a control. Which of the following most likely involves managerial resource policies.
functions as a C. Competence of personnel, backup facilities, laws, and regulations.
control? D. Risk assessment, assignment of responsibility, and human
A. Monitoring performance. resource practices.
B. Board approval of the charter of the internal audit activity. Answer (A) is incorrect. Planning is not an element of the control
C. Maintenance of a quality assurance program. environment.
D. Establishment of an internal audit activity. Answer (B) is correct. The COSO internal control framework lists the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics following
(720 questions) seven elements of the control environment:
Copyright 2013 Gleim Publications Inc. Page 186 Integrity and ethical values
Printed for Sanja Knezevic Commitment to competence
fb.com/ciaaofficial Board of directors or audit committee
Answer (A) is correct. Monitoring is a component of the control Management’s philosophy and operating style
environment. It is a Organizational structure
process that assesses the quality of the system’s performance over Assignment of authority and responsibility
time. It consists of Human resource policies and practices
ongoing activities built into normal operations to ensure that they Answer (C) is incorrect. Backup facilities, laws, and regulations are
continue to be not elements
performed effectively. Supervision and other ordinary management of the control environment.
functions, Answer (D) is incorrect. Risk assessment is part of planning the
consideration of communications with external parties, and the internal audit
actions of internal and activity and specific engagements.
external auditors are examples. [345] Gleim #: 4.2.16
Answer (B) is incorrect. The board is the entity’s governing body, not The function of the chief risk officer (CRO) is most effective when the
its CRO
management. A. Manages risk as a member of senior management.
Answer (C) is incorrect. A quality assurance program is a form of B. Shares the management of risk with line management.
internal assessment. C. Shares the management of risk with the chief audit executive.
D. Monitors risk as part of the enterprise risk management team.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics effected by an entity’s board of directors, management, and other
(720 questions) personnel,
Copyright 2013 Gleim Publications Inc. Page 187 applied in strategy setting and across the enterprise, designed to
Printed for Sanja Knezevic identify potential
Answer (A) is incorrect. Senior management has an oversight role events that may affect the entity and manage risk to be within its risk
in risk appetite, to
management. provide reasonable assurance regarding the achievement of entity
Answer (B) is incorrect. The risk knowledge at the line level is objectives.”
specific only to that The emphasis is on (1) the objectives of a specific entity and (2)
area of the organization. establishing a
Answer (C) is incorrect. The CAE should not be accountable for a means for evaluating the effectiveness of ERM.
management Answer (D) is incorrect. Enterprise risk management is concerned
function. with selecting
Answer (D) is correct. A CRO is a member of management assigned not the best risk response but the risk response that falls within the
primary enterprise’s
responsibility for enterprise risk management processes. The CRO is risk tolerances and appetite.
most effective [347] Gleim #: 4.2.18
when supported by a specific team with the necessary expertise and Many organizations use electronic funds transfer to pay their
experience related suppliers instead of
to organization-wide risk. issuing checks. Regarding the risks associated with issuing checks,
[346] Gleim #: 4.2.17 which of the
Enterprise risk management following risk management techniques does this represent?
Guarantees achievement of organizational A. objectives. A. Controlling.
B. Requires establishment of risk and control activities by internal B. Accepting.
auditors. C. Transferring.
Involves the identification of events with negative impacts on D. Avoiding.
organizational Gleim CIA Test Prep: Part 1 - Internal Audit Basics
objectives. (720 questions)
C. Copyright 2013 Gleim Publications Inc. Page 188
D. Includes selection of the best risk response for the organization. Printed for Sanja Knezevic
Answer (A) is incorrect. Risk management processes cannot fb.com/ciaaofficial
guarantee Answer (A) is incorrect. Eliminating checks does not represent an
achievement of objectives. ongoing control.
Answer (B) is incorrect. Involvement of internal auditors in Answer (B) is incorrect. Eliminating checks avoids instead of
establishing control accepts the associated
activities impairs their independence and objectivity. risk.
Answer (C) is correct. The COSO document, Enterprise Risk Answer (C) is incorrect. Eliminating checks does not transfer risk to
Management – anyone else.
Integrated Framework, defines enterprise risk management (ERM) Risk is eliminated.
as “a process,
Answer (D) is correct. Risk responses may include avoidance, Printed for Sanja Knezevic
acceptance, sharing, [350] Gleim #: 4.2.21
and reduction. By eliminating checks, the organization avoids all risk Components of enterprise risk management (ERM) are integrated
associated with with the
them. management process. Which of the following correctly states four of
[348] Gleim #: 4.2.19 the eight
Which of the following is a factor affecting risk? components of ERM according to the COSO’s framework?
A. New personnel. Event identification, risk assessment, control activities, and A.
B. New or revamped information systems. objective setting.
C. Rapid growth. B. Internal environment, risk responses, monitoring, and risk
D. All of the answers are correct. minimization.
Answer (A) is incorrect. New or revamped information systems and External environment, information and communication, monitoring,
rapid growth and event
are also factors affecting risk. identification.
Answer (B) is incorrect. New personnel and rapid growth are also C.
factors Objective setting, response to opportunities, risk assessment, and
affecting risk. control
Answer (C) is incorrect. New personnel and new or revamped activities.
information D.
systems are also factors affecting risk. Answer (A) is correct. ERM ensures that (1) a process is established
Answer (D) is correct. New personnel, new or revamped information and (2)
systems, objectives align with the mission and the risk appetite. Event
and rapid growth are all factors that affect risk. identification, risk
[349] Gleim #: 4.2.20 assessment, control activities, and objective setting are components
What is residual risk? of ERM.
A. Impact of risk. Event identification relates to internal and external events affecting
B. Risk that is under control. the
C. Risk that is not managed. organization. Risk assessment considers likelihood and impact (see
D. Underlying risk in the environment. the definitions
Answer (A) is incorrect. The impact of risk is its consequence. of risk in The IIA Glossary) as a basis for risk management. Control
Answer (B) is incorrect. Risk that is under control is managed risk. activities are
Answer (C) is correct. Residual risk is the risk remaining after policies and procedures to ensure the effectiveness of risk
management takes responses. Objective
action to reduce the impact and likelihood of an adverse event. Such setting precedes event identification.
action Answer (B) is incorrect. Risk assessment, not minimization, is a
includes control activities in responding to a risk. component of
Answer (D) is incorrect. The underlying risk is the inherent risk. ERM.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. The internal, not external, environment is a
(720 questions) component
Copyright 2013 Gleim Publications Inc. Page 189 of ERM.
Answer (D) is incorrect. Response to opportunities is a capability of Answer (B) is incorrect. Limitations of ERM can also arise from
ERM. faulty human
[351] Gleim #: 4.2.22 judgment and collusion.
Which of the following control models is fully incorporated into the Answer (C) is incorrect. Limitations of ERM can also arise from
broader integrated faulty human
framework of enterprise risk management (ERM)? judgment and cost-benefit considerations.
A. CoCo. Answer (D) is correct. The limitations of ERM are the same as those
B. COSO. for control in
C. Electronic Systems Assurance and Control. general. They arise from the possibility of (1) faulty human judgment,
D. COBIT. (2) cost-benefit
Answer (A) is incorrect. ERM extends the COSO, not the CoCo, considerations, (3) simple errors or mistakes, (4) collusion, and (5)
model. management
Answer (B) is correct. The Committee of Sponsoring Organizations override.
of the [353] Gleim #: 4.2.24
Treadway Commission published Enterprise Risk Management – Management considers risk appetite for all of the following reasons
Integrated except
Framework. This document describes a model that incorporates the Evaluating A. strategic options.
earlier COSO B. Setting objectives.
internal control framework while extending it to the broader area of C. Developing risk management techniques.
enterprise risk D. Increasing the net present value of investments.
management. Answer (A) is incorrect. Management considers risk appetite when
Answer (C) is incorrect. ERM extends the COSO, not the eSAC, evaluating
model. strategic options.
Answer (D) is incorrect. ERM extends the COSO, not the COBIT, Answer (B) is incorrect. Management considers risk appetite when
model. setting
[352] Gleim #: 4.2.23 objectives.
Limitations of enterprise risk management (ERM) may arise from Answer (C) is incorrect. Management considers risk appetite when
A. Faulty human judgment. developing
B. Cost-benefit considerations. risk management techniques.
C. Collusion. Answer (D) is correct. Risk appetite should be considered in
D. All of the answers are correct. 1. Evaluating strategies,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics 2. Setting related objectives, and
(720 questions) 3. Developing risk management methods.
Copyright 2013 Gleim Publications Inc. Page 190 Increasing the net present value of investments is an operational
Printed for Sanja Knezevic objective. It
fb.com/ciaaofficial would be determined after consideration of the entity’s risk appetite
Answer (A) is incorrect. Limitations of ERM can also arise from cost- and other
benefit strategic factors.
considerations and collusion. [354] Gleim #: 4.2.25
Inherent risk is
A. A potential event that will adversely affect the organization. Answer (A) is correct. An impact factor is a potential result of an
B. Risk response risk. event. These
The risk after management takes action to reduce the impact or events are usually identified through the risk assessment process.
likelihood of an For example, the
adverse event. consequences of fraud may include direct financial loss and harm to
C. its reputation,
The risk when management has not taken action to reduce the which in turn may lead to inability to attract skilled employees or
impact or likelihood customers.
of an adverse event. Answer (B) is incorrect. Inadequacy of internal controls is a risk that
D. normally is
Gleim CIA Test Prep: Part 1 - Internal Audit Basics identified during risk assessment.
(720 questions) Answer (C) is incorrect. The existence of complex or unusual
Copyright 2013 Gleim Publications Inc. Page 191 transactions is a
Printed for Sanja Knezevic risk that normally is identified during risk assessment.
Answer (A) is incorrect. A risk event is a potential event that will Answer (D) is incorrect. Potential override of internal controls is a
affect the entity risk that
adversely. normally is identified during risk assessment.
Answer (B) is incorrect. A risk response is an action taken to reduce [356] Gleim #: 4.2.27
the impact or Which risk response reflects a change from acceptance to sharing?
likelihood of an adverse event, including a control activity. “Risk A. An insurance policy on a manufacturing plant was not renewed.
response risk” is a B. Management purchased insurance on previously uninsured
nonsense term. property.
Answer (C) is incorrect. The risk after management takes action to C. Management sold a manufacturing plant.
reduce the impact After employees stole numerous inventory items, management
or likelihood of an adverse event in responding to a risk is residual implemented
risk. mandatory background checks on all employees.
Answer (D) is correct. Inherent risk is the risk when management D.
has not taken action Gleim CIA Test Prep: Part 1 - Internal Audit Basics
to reduce the impact or likelihood of an adverse event. Thus, it is risk (720 questions)
in the absence of Copyright 2013 Gleim Publications Inc. Page 192
a risk response. Printed for Sanja Knezevic
The internal auditors are assessing the risk of fraud involving senior Answer (A) is incorrect. Not renewing insurance represents a
management. An change from risk
impact factor is sharing to risk acceptance.
Nonretention A. of customers. Answer (B) is correct. The categories of risk responses under the
B. Inadequacy of internal controls. COSO ERM model
C. Unusual transactions. are avoidance, retention (acceptance), reduction, sharing, and
D. Potential override of internal controls. exploitation. If
management does not insure a building, the response is acceptance. A. Rapid response to opportunities.
Ordinarily, B. Organization-level view of risk.
acceptance is based on a judgment that the cost of another response C. Emphasis on specific functions.
is excessive. D. Achieving financial goals.
However, once management purchases insurance, the risk is shared Gleim CIA Test Prep: Part 1 - Internal Audit Basics
with an outside (720 questions)
party. Copyright 2013 Gleim Publications Inc. Page 193
Answer (C) is incorrect. Selling property avoids all the risks of Printed for Sanja Knezevic
ownership. Answer (A) is incorrect. Rapid response to opportunities is a
Answer (D) is incorrect. Management originally accepted the risk of characteristic of ERM,
employee theft which tries to offset potential risks with opportunities.
by not implementing pre-hire investigation. Conducting background Answer (B) is incorrect. ERM tries to view risk as it affects every
checks on all level of an
employees reduces the risk of theft. organization.
[357] Gleim #: 4.2.28 Answer (C) is correct. The enterprise risk management approach
Under the COSO’s ERM framework, which of the following most set forth by the
accurately describes committee of Sponsoring Organizations of the Treadway
risk management responsibilities? Commission (COSO)
In practice, management has primary A. responsibility. attempts to approach an organization as a whole instead of focusing
B. The internal audit activity has an oversight role. on any specific
C. The board provides assurance about the effectiveness of ERM. area or risk.
D. The chief audit executive should serve as chief risk officer. Answer (D) is incorrect. Financial goals are an example of the
Answer (A) is correct. The board has overall responsibility. However, methods ERM uses to
in practice, achieve objectives in one or more separate but overlapping
the board delegates responsibility for ERM to senior management, categories.
which should [359] Gleim #: 4.2.30
ensure that sound processes are in place and functioning. Which of the following members of an organization has ultimate
Answer (B) is incorrect. The internal audit activity provides objective ownership
assurance responsibility of the enterprise risk management, provides leadership
that (1) ERM processes are effective and (2) key risks are managed and direction to
at an senior managers, and monitors the entity’s overall risk activities in
acceptable level. relation to its risk
Answer (C) is incorrect. The board has overall responsibility. appetite?
Answer (D) is incorrect. The CAE must not be the CRO because A. Chief risk officer.
managing risk is B. Chief executive officer.
a responsibility of management, not internal audit. C. Internal auditors.
[358] Gleim #: 4.2.29 D. Chief financial officer.
Which of the following is closely related to traditional risk Answer (A) is incorrect. The risk officer works in assigned areas of
management instead of responsibility
enterprise risk management (ERM)?
in a staff function. The work of a risk officer often extends beyond Answer (B) is correct. The internal audit activity must evaluate and
one specific contribute to the
area because the officer will have the necessary resources to work improvement of governance, risk management, and control
across many processes using a
segments or divisions. systematic and disciplined approach (Perf. Std. 2100). Assurance
Answer (B) is correct. The chief executive officer (CEO) sets the services involve the
tone at the top internal auditor’s objective assessment of management’s risk
of the organization and has ultimate responsibility for ownership of management activities
the ERM. The and the degree to which they are effective.
CEO will influence the composition and conduct of the board, provide Answer (C) is incorrect. Designing and updating the risk
leadership management process is a
and direction to senior managers, and monitor the entity’s overall risk role of management.
activities in Answer (D) is incorrect. The design and implementation of controls
relation to its risk appetite. If any problems arise with the is the
organization’s risk responsibility of management, not internal audit.
appetite, the CEO will also take any measures to adjust the [361] Gleim #: 4.3.32
alignment to better suit The primary reason that a bank would maintain a separate
the organization. compliance function is to
Answer (C) is incorrect. The internal auditors evaluate the ERM and Better manage perceived A. high risks.
may provide B. Strengthen controls over the bank’s investments.
recommendations. C. Ensure the independence of line and senior management.
Answer (D) is incorrect. The CFO is subordinate to the CEO, who D. Better respond to shareholder expectations.
has ultimate Answer (A) is correct. The risk management process identifies,
responsibility for ERM. assesses,
[360] Gleim #: 4.3.31 manages, and controls potential risk exposures. Organizations such
When assessing the risk associated with an activity, an internal as brokers,
auditor should banks, and insurance companies may view risks as sufficiently
A. Determine how the risk should best be managed. critical to warrant
B. Provide assurance on the management of the risk. continuous oversight and monitoring.
C. Update the risk management process based on risk exposures. Answer (B) is incorrect. A separate compliance function may help
D. Design controls to mitigate the identified risks. strengthen
Gleim CIA Test Prep: Part 1 - Internal Audit Basics controls, but this is not its primary purpose.
(720 questions) Answer (C) is incorrect. Risk management is the direct responsibility
Copyright 2013 Gleim Publications Inc. Page 194 of
Printed for Sanja Knezevic management.
fb.com/ciaaofficial Answer (D) is incorrect. A separate compliance function will help
Answer (A) is incorrect. Risk management is a key responsibility of respond to
senior shareholder needs, but this is not its primary purpose.
management and the board, not the internal auditor. [362] Gleim #: 4.3.33
Which of the following goals sets risk management strategies at the and advisory role. The board has an oversight role.
optimum level? Answer (B) is incorrect. Management performs the implementation
A. Minimize costs. role in risk
B. Maximize market share. management, and the board has an oversight role. Internal auditors
C. Minimize losses. are generally
D. Maximize shareholder value. involved in the assurance and advisory role.
Answer (A) is incorrect. Minimizing costs is not a comprehensive Answer (C) is correct. Risk management is a key responsibility of
approach. senior
Answer (B) is incorrect. Maximizing market share is not a management and the board. To achieve its business objectives,
comprehensive management
approach. ensures that sound risk management processes are in place and
Answer (C) is incorrect. Minimizing losses is not a comprehensive functioning.
approach. Boards have an oversight role to determine that appropriate risk
Answer (D) is correct. The risk management processes chosen management
depend on the processes are in place and that these processes are adequate and
organization’s culture, management style, and business objectives. effective. In this
These choices role, they may direct the internal audit activity to assist them by
should optimize stakeholder (for example, shareholder) value by examining,
coping evaluating, reporting, and/or recommending improvements to the
effectively with uncertainty, risks, and opportunities. Thus, adequacy and
maximizing effectiveness of risk management processes (PA 2120-1, para. 1).
shareholder value is a comprehensive approach that relates to risk Management
management and the board are responsible for their organization’s risk
strategies across the organization. management and control
Gleim CIA Test Prep: Part 1 - Internal Audit Basics processes. However, internal auditors acting in a consulting role can
(720 questions) assist the
Copyright 2013 Gleim Publications Inc. Page 195 organization in identifying, evaluating, and implementing risk
Printed for Sanja Knezevic management
[363] Gleim #: 4.3.34 methodologies and controls to address those risks (PA 2120-1, para.
Which of the following represents the best statement of 2).
responsibilities for risk Answer (D) is incorrect. Management is responsible for risk
management? management, not the
Internal oversight role performed by the board.
Management Auditing Board [364] Gleim #: 4.3.35
A. Responsibility for risk Oversight role Advisory role An internal auditor plans to conduct an audit of the adequacy of
B. Oversight role Responsibility for risk Advisory role controls over
C. Responsibility for risk Advisory role Oversight role investments in new financial instruments. Which of the following
D. Oversight role Advisory role Responsibility for risk would not be
Answer (A) is incorrect. Internal auditors are generally involved in required as part of such an engagement?
the assurance
Determine if policies exist which describe the risks the treasurer may determination does not test the adequacy of the controls.
take and the Answer (D) is incorrect. A fundamental control concept over cash-
types of instruments in which the treasurer may make investments. like assets is the
A. treasurer’s establishment of a mechanism to monitor the risks.
Determine the extent of management oversight over investments in [365] Gleim #: 4.3.36
sophisticated When the executive management of an organization decided to form
instruments. a team to
B. investigate the adoption of an activity-based costing (ABC) system,
Determine whether the treasurer is getting higher or lower rates of an internal auditor
return on was assigned to the team. The best reason for including an internal
investments than are treasurers in comparable organizations. auditor is the
C. internal auditor’s knowledge of
Determine the nature of controls established by the treasurer to Activities A. and cost drivers.
monitor the risks B. Information processing procedures.
in the investments. C. Current product cost structures.
D. D. Risk management processes.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. An engineer has more knowledge than an
Copyright 2013 Gleim Publications Inc. Page 196 auditor about activities and cost drivers.
Printed for Sanja Knezevic Answer (B) is incorrect. An information systems expert has more
fb.com/ciaaofficial knowledge than
Answer (A) is incorrect. The first step of such an engagement an internal auditor about information needs and information
should be to determine processing
the nature of policies established to manage the risks associated procedures.
with the investments. Answer (C) is incorrect. A management accountant has more
New financial instruments are very risky. knowledge than an
Answer (B) is incorrect. Sophisticated financial instruments are internal auditor about a company’s current product cost.
complex by their Answer (D) is correct. The internal audit activity’s scope of work
nature and can carry a high level of risk. Thus, the auditor should extends to
determine the nature evaluating the organization’s risk management processes. The
of the risk management process established to monitor and authorize internal audit
such investments. activity should assist the organization by identifying and evaluating
Answer (C) is correct. For this particular engagement, the auditor significant
does not need to exposures to risk and contributing to the improvement of risk
develop a comparison of investment returns with those of other management and
organizations. In fact, control systems.
some financial investment scandals show that such comparisons can [366] Gleim #: 4.3.37
be highly Internal auditors should review the means of physically safeguarding
misleading because high returns were due to taking on a high level assets from
of risk. Also, this losses arising from
A. Misapplication of accounting principles. Answer (A) is incorrect. Internal auditors must evaluate risk
B. Procedures that are not cost justified. exposures relating
C. Exposure to the elements. to, among other things, the organization’s compliance with laws,
D. Underusage of physical facilities. regulations,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics policies, procedures, and contracts.
(720 questions) Answer (B) is correct. Safeguarding assets is an operational activity
Copyright 2013 Gleim Publications Inc. Page 197 and is
Printed for Sanja Knezevic therefore beyond the scope of the internal audit activity.
Answer (A) is incorrect. Misapplication of accounting principles Answer (C) is incorrect. The internal audit activity must evaluate risk
relates to the exposures
reliability of information and not physical safeguards. relating to, among other things, the organization’s compliance with
Answer (B) is incorrect. Procedures that are not cost justified relate laws,
to efficiency, not regulations, policies, procedures, and contracts.
effectiveness, of operations. Answer (D) is incorrect. Ascertaining the extent to which
Answer (C) is correct. The internal audit activity must evaluate risk management has
exposures relating established adequate criteria to determine whether objectives and
to governance, operations, and information systems regarding the goals have been
safeguarding of accomplished is within the scope of internal auditing.
assets (Impl. Std. 2120.A1). For example, internal auditors evaluate [368] Gleim #: 4.3.39
risk arising from In the risk management process, management’s view of the internal
the possibilities of theft, fire, improper or illegal activities, and audit activity’s
exposure to the role is likely to be determined by all of the following factors except
elements. A. Organizational culture.
Answer (D) is incorrect. Underusage of facilities relates to efficiency B. Preferences of the independent auditor.
of operations. C. Ability of the internal audit staff.
[367] Gleim #: 4.3.38 D. Local conditions and customs of the country.
Which of the following activities is outside the scope of internal Gleim CIA Test Prep: Part 1 - Internal Audit Basics
auditing? (720 questions)
Evaluating risk exposures regarding compliance with policies, Copyright 2013 Gleim Publications Inc. Page 198
procedures, and Printed for Sanja Knezevic
contracts. fb.com/ciaaofficial
A. Answer (A) is incorrect. Organizational culture is a factor that
Safeguarding B. of assets. influences
C. Evaluating risk exposures regarding compliance with laws and management’s view of the role of internal auditing.
regulations. Answer (B) is correct. Ultimately, the role of internal auditing in the
Ascertaining the extent to which management has established risk management
criteria to determine process is determined by senior management and the board. Their
whether objectives have been accomplished. view on internal
D. auditing’s role is likely to be determined by factors such as the
culture of the
organization, ability of the internal audit staff, and local conditions effectiveness of the risk management process?
and customs (PA I. Significant risks
2120-1, para. 5). II. Ongoing monitoring activities
Answer (C) is incorrect. The ability of the internal audit staff is a Previous risk evaluation reports by management, internal auditors,
factor that external
influences management’s view of the role of internal auditing. auditors, and any other sources
Answer (D) is incorrect. Local conditions and customs of the country III.
influence A. I and II only.
management’s view of the role of internal auditing. B. I and III only.
[369] Gleim #: 4.3.40 C. II and III only.
Which of the following threatens the independence of an internal D. I, II, and III.
auditor who had Gleim CIA Test Prep: Part 1 - Internal Audit Basics
participated in the initial establishment of a risk management (720 questions)
process? Copyright 2013 Gleim Publications Inc. Page 199
Developing assessments and reports on the risk A. management Printed for Sanja Knezevic
process. Answer (A) is correct. Significant risks and ongoing management
B. Managing the identified risks. activities are
C. Evaluating the adequacy and effectiveness of management’s risk assessed by the internal audit activity as part of the risk management
processes. process (Inter.
D. Recommending controls to address the risks identified. Std. 2120). But review of previous risk evaluation reports is a means
Answer (A) is incorrect. Developing assessments and reports on the of obtaining
organization’s risk management processes is not only an internal evidence for an assessment.
audit role but Answer (B) is incorrect. Review of previous risk evaluation reports
normally also a high audit priority. by management,
Answer (B) is correct. Assuming management’s responsibility for the internal auditors, external auditors, and any other sources is an audit
risk procedure, a
management process is a potential threat to the internal audit means of obtaining evidence for an assessment. Moreover, internal
activity’s auditors assess
independence. It requires a full discussion and board approval (PA ongoing monitoring activities.
2120-1, Answer (C) is incorrect. Review of previous risk evaluation reports
para. 5). by management,
Answer (C) is incorrect. Internal auditors assist both management internal auditors, external auditors, and any other sources is an audit
and the board procedure, a
by examining, evaluating, reporting, and recommending means of obtaining evidence for an assessment. Moreover, internal
improvements on the auditors assess
adequacy and effectiveness of risk management processes. significant risks.
Answer (D) is incorrect. Internal auditors may recommend controls. Answer (D) is incorrect. Review of previous risk evaluation reports
[370] Gleim #: 4.3.41 by management,
Which of the following may be assessed by the internal auditor to internal auditors, external auditors, and any other sources is an audit
determine the procedure.
The board’s expectations of the internal audit activity regarding the Answer (A) is incorrect. The internal audit activity assists in risk
risk management management; it is
process is not the same thing as risk management.
Noted in the work programs for formal consulting A. engagements. Answer (B) is incorrect. Control processes are “the policies,
B. Included in the business continuity plan. procedures, and activities
C. Codified in the charters of the internal audit activity and the board. that are part of a control framework designed to ensure that risks are
D. Reviewed by the internal auditors immediately following a contained within
disaster. the risk tolerances established by the risk management process”
Answer (A) is incorrect. A work program is a listing of specific (The IIA Glossary).
procedures. Answer (C) is correct. Risk management is “a process to identify,
Answer (B) is incorrect. Business continuity planning is just one assess, manage, and
element of risk control potential events or situations to provide reasonable
management. assurance regarding the
Answer (C) is correct. The chief audit executive (CAE) is to obtain achievement of the organization’s objectives” (The IIA Glossary).
an Answer (D) is incorrect. Consulting services are “advisory and
understanding of senior management’s and the board’s expectations related client service
of the internal activities, the nature and scope of which are agreed with the client”
audit activity in the organization’s risk management process. This (The IIA
understanding Glossary).
is then codified in the charters of the internal audit activity and the [373] Gleim #: 4.3.44
board (PA Risk management is the responsibility of management. The role of
2120-1, para. 4). the internal audit
Answer (D) is incorrect. The internal audit activity’s role needs to be activity in the risk management process may include which of the
understood following?
before a crisis. Monitoring I. activities.
[372] Gleim #: 4.3.43 II. Evaluating the risk management process as part of the
Which of the following is the most accurate term for a process to engagement plan.
identify, assess, Participating on oversight committees, monitoring of activities, and
manage, and control potential events or situations to provide status
reasonable assurance reporting.
regarding the achievement of the organization’s objectives? III.
A. The internal audit activity. IV. Managing and coordinating the process.
B. Control process. A. I only.
C. Risk management. B. II only.
D. Consulting service. C. I, II, and III only.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. I, II, III, and IV.
(720 questions) Answer (A) is incorrect. The internal audit activity’s role in the risk
Copyright 2013 Gleim Publications Inc. Page 200 management
process may extend on a continuum from no role to managing and C. Determine the level of risks acceptable to the organization.
coordinating Treat the evaluation of risk management processes in the same
the process. manner as the risk
Answer (B) is incorrect. The internal audit activity’s role in the risk analysis used to plan engagements.
management D.
process also may extend to monitoring activities; participating on Answer (A) is incorrect. Risk management processes vary with the
oversight size and
committees, monitoring of activities, and status reporting; and complexity of an organization’s business activities.
managing and Answer (B) is correct. Internal auditors need to obtain sufficient and
coordinating the process. appropriate
Answer (C) is incorrect. The internal audit activity’s role in the risk evidence to determine that key objectives of the risk management
management processes are
process also may extend to managing and coordinating the process. being met to form an opinion on the adequacy of risk management
Answer (D) is correct. The internal audit activity’s role in the risk processes
management (PA 2120-1, para. 8).
process of an organization can change over time and may include Answer (C) is incorrect. Management and the board determine the
responsibilities level of
along a continuum that extends from (1) no role; (2) auditing the risk acceptable organizational risks.
management Answer (D) is incorrect. Evaluating management’s risk processes
process as part of the internal audit plan; (3) active, continuous differs from the
support and internal auditors’ risk assessment used to plan an engagement, but
involvement in the risk management process, such as participation information
on oversight from a comprehensive risk management process is useful in such
committees, monitoring activities, and status reporting; and (4) planning.
managing and [375] Gleim #: 4.3.46
coordinating the process (PA 2120-1, para. 4). If an organization has no formal risk management processes, the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics chief audit executive
(720 questions) should
Copyright 2013 Gleim Publications Inc. Page 201 A. Establish risk management processes based on industry norms.
Printed for Sanja Knezevic Formulate hypothetical results of possible consequences resulting
[374] Gleim #: 4.3.45 from risks not
The internal audit activity must evaluate the effectiveness and being managed.
contribute to the B.
improvement of risk management processes. With respect to C. Inform regulators that the organization is guilty of an infraction.
evaluating the adequacy Formally discuss with the directors their obligations for risk
of risk management processes, internal auditors most likely should management
Recognize that organizations should use similar techniques A. for processes.
managing risk. D.
B. Determine that the key objectives of risk management processes Answer (A) is incorrect. Internal auditors have no authority to
are being met. establish risk
management processes. They must seek direction from subject to soft controls and soft risk management approaches.
management and the board Answer (B) is incorrect. A risk matrix links identified risks to, for
as to their role in the process. example,
Answer (B) is incorrect. Internal auditors are not required to perform controls or business processes.
a risk Answer (C) is correct. The organization designs risk management
analysis of the possible consequences of not establishing a risk processes
management based on its culture, management style, and business objectives. For
process. However, such a request might be made by management. example, the
Answer (C) is incorrect. In the absence of a specific legal use of derivatives or other sophisticated capital market products by
requirement, internal the
auditors are not required to report to outside parties. organization could require the use of quantitative risk management
Answer (D) is correct. In situations where the organization does not tools. But the
have formal internal auditor determines that the methodology chosen is
risk management processes, the chief audit executive formally sufficiently
discusses with comprehensive and appropriate for the nature of the organization (PA
management and the board their obligations to understand, manage, 2120-1,
and monitor para. 7).
risks within the organization and the need to satisfy themselves that Answer (D) is incorrect. An ERM framework contains broad
there are statements of
processes operating within the organization, even if informal, that classes of risks. They are not stated in the detail (quantitative or not)
provide the required by a
appropriate level of visibility into the key risks and how they are being specific organization.
managed [377] Gleim #: 4.3.48
and monitored (PA 2120-1, para. 3). Which of the following is not a responsibility of the chief audit
Gleim CIA Test Prep: Part 1 - Internal Audit Basics executive?
(720 questions) To communicate the internal audit activity’s plans and resource
Copyright 2013 Gleim Publications Inc. Page 202 requirements to
Printed for Sanja Knezevic senior management and the board for review and approval.
fb.com/ciaaofficial A.
[376] Gleim #: 4.3.47 To coordinate with other internal and external providers of audit and
Quantitative risk management methods are most appropriate for consulting
Assessing A. personnel risks. services to ensure proper coverage and minimize duplication.
B. Developing a risk matrix. B.
C. The use of derivatives by the organization. To oversee the establishment, administration, and assessment of the
D. Identifying risks from the COSO’s enterprise risk management organization’s system of risk management processes.
framework. C.
Answer (A) is incorrect. Matters addressed in the control To follow up on whether appropriate management actions have been
environment, e.g., taken on
integrity and ethical values, human resources, and organizational significant reported risks.
structure are D.
Answer (A) is incorrect. The CAE should communicate the internal White-collar crime is usually perpetrated by outsiders to the
audit detriment of an
activity’s plans and resource requirements, including significant organization, but fraud is perpetrated by insiders to benefit the
interim changes, organization.
to senior management and to the board for review and approval. The D.
CAE also Answer (A) is correct. Fraud is defined in The IIA Glossary as “any
should communicate the impact of resource limitations. illegal act
Answer (B) is incorrect. The CAE should share information and characterized by deceit, concealment, or violation of trust. These
coordinate acts are not
activities with other internal and external providers of relevant dependent upon the threat of violence or physical force.”
assurance and Answer (B) is incorrect. Fraud may be perpetrated internally.
consulting services to ensure proper coverage and minimize Answer (C) is incorrect. Fraud may be perpetrated for the
duplication of efforts. organization’s benefit
Answer (C) is correct. Overseeing the establishment, administration, or for otherwise unselfish reasons.
and Answer (D) is incorrect. Fraud may be perpetrated by insiders and
assessment of the organization’s system of risk management outsiders, and
processes is the role it may be either beneficial or detrimental to an organization.
of senior management, not the CAE (PA 2120-1, para. 2). [379] Gleim #: 4.4.50
Answer (D) is incorrect. The CAE should establish and maintain a Which of the following wrongful acts committed by an employee
system to constitutes fraud?
monitor the disposition of results communicated to management. A. Libel.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Embezzlement.
(720 questions) C. Assault.
Copyright 2013 Gleim Publications Inc. Page 203 D. Harassment.
Printed for Sanja Knezevic Answer (A) is incorrect. Defamation is the unjustifiable
[378] Gleim #: 4.4.49 communication
In the course of their work, internal auditors must be alert for fraud (publication) to a third party of a false statement that injures the
and other forms of plaintiff’s
white-collar crime. The important characteristic that distinguishes reputation and holds him/her up to hatred, contempt, or ridicule. Oral
fraud from other defamation
varieties of white-collar crime is that is slander. Defamation published in more permanent form
Fraud is characterized by deceit, concealment, or A. violation of trust. (newspaper, letter, film)
Unlike other white-collar crimes, fraud is always perpetrated against is libel.
an outside Answer (B) is correct. Fraud is defined in The IIA Glossary as “any
party. illegal act
B. characterized by deceit, concealment, or violation of trust. These
White-collar crime is usually perpetrated for the benefit of an acts are not
organization, but dependent upon the threat of violence or physical force. Frauds are
fraud benefits an individual. perpetrated by
C.
parties and organizations to obtain money, property, or services; to auditors must ascertain the extent to which management has
avoid payment established adequate
or loss of services; or to secure personal or business advantage.” criteria to determine whether objectives and goals have been
Embezzlement is accomplished. If
the intentional appropriation of property entrusted to one’s care. The adequate, internal auditors must use such criteria in their evaluation.
embezzler If inadequate,
converts property to his/her own use and conceals the theft. internal auditors must work with management to develop appropriate
Answer (C) is incorrect. The tort of assault entails placing another in evaluation
reasonable criteria” (Impl. Std. 2210.A3).
fear of a harmful or offensive bodily contact. Answer (D) is incorrect. The internal auditors also may take the
Answer (D) is incorrect. Harassment is the act of persistently actions described
annoying another. in statements I and III.
(720 questions) A key feature that distinguishes fraud from other types of crime or
Copyright 2013 Gleim Publications Inc. Page 204 impropriety is that
Printed for Sanja Knezevic fraud always involves the
fb.com/ciaaofficial A. Violent or forceful taking of property.
[380] Gleim #: 4.4.51 B. Deceitful wrongdoing of management-level personnel.
Internal auditors need to ascertain the extent to which management C. Unlawful conversion of property that is lawfully in the custody of
has established the perpetrator.
adequate control criteria. For this purpose, which of the following D. False representation or concealment of a material fact.
actions may be Answer (A) is incorrect. Fraud usually does not involve force or
appropriate? violence.
Determining whether objectives have I. been accomplished Answer (B) is incorrect. Employees at any level in an organization
II. Using the criteria in their evaluation can commit
III. Working with management to develop appropriate control fraud.
evaluation criteria Answer (C) is incorrect. Embezzlement is the unlawful conversion of
A. I only. property
B. I and II only. that is lawfully in the custody of the perpetrator.
C. I, II, and III. Answer (D) is correct. Fraud is defined in The IIA Glossary as “any
D. II only. illegal act
Answer (A) is incorrect. The internal auditors also may take the characterized by deceit, concealment, or violation of trust. These
actions described acts are not
in statements II and III. dependent upon the threat of violence or physical force.”
Answer (B) is incorrect. The internal auditors also may take the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
action described (720 questions)
in statement III. Copyright 2013 Gleim Publications Inc. Page 205
Answer (C) is correct. “Adequate criteria are needed to evaluate Printed for Sanja Knezevic
controls. Internal [382] Gleim #: 4.4.53
One factor that distinguishes fraud from other employee crimes is Answer (C) is incorrect. Planning fraud prevention activities is a
that fraud involves responsibility of
Intentional A. deception. management.
B. Personal gain for the perpetrator. Answer (D) is incorrect. Controlling fraud prevention activities is a
C. Collusion with a party outside the organization. responsibility
D. Malicious motives. of management.
Answer (A) is correct. Fraud is defined in The IIA Glossary as “any Gleim CIA Test Prep: Part 1 - Internal Audit Basics
illegal act (720 questions)
characterized by deceit, concealment, or violation of trust. These Copyright 2013 Gleim Publications Inc. Page 206
acts are not Printed for Sanja Knezevic
dependent upon the threat of violence or physical force.” fb.com/ciaaofficial
Answer (B) is incorrect. Fraud may be perpetrated for the [384] Gleim #: 4.4.55
organization’s benefit Which of the following statements is(are) true regarding the
or for otherwise unselfish reasons. prevention of fraud?
Answer (C) is incorrect. An employee may act alone. The primary means of preventing fraud is through internal control
Answer (D) is incorrect. Fraud may be perpetrated for the established and
organization’s benefit maintained by management.
or for otherwise unselfish reasons. I.
[383] Gleim #: 4.4.54 Internal auditors are responsible for assisting in the prevention of
In an organization with a separate division that is primarily fraud by
responsible for the examining and evaluating the adequacy of the internal control
prevention of fraud, the internal audit activity is responsible for system.
Examining and evaluating the adequacy and effectiveness of that II.
division’s Internal auditors should assess the operating effectiveness of fraud-
actions taken to prevent fraud. related
A. communication systems.
B. Establishing and maintaining that division’s system of internal III.
control. A. I only.
C. Planning that division’s fraud prevention activities. B. I and II only.
D. Controlling that division’s fraud prevention activities. C. II only.
Answer (A) is correct. Control is the principal means of preventing D. I, II, and III.
fraud. Answer (A) is incorrect. Internal auditors are responsible for
Management is primarily responsible for the establishment and assisting in the
maintenance of prevention of fraud by examining and evaluating the adequacy of the
control. Internal auditors are primarily responsible for preventing internal
fraud by control system, and internal auditors should assess the operating
examining and evaluating the adequacy and effectiveness of control. effectiveness of
Answer (B) is incorrect. Establishing and maintaining control is a fraud-related communication systems.
responsibility Answer (B) is incorrect. Internal auditors should assess the
of management. operating
effectiveness of fraud-related communication systems. fide signatures and cleverly forged ones on authorization forms.
Answer (C) is incorrect. The primary means of preventing fraud is D.
through Gleim CIA Test Prep: Part 1 - Internal Audit Basics
internal control established and maintained by management, and (720 questions)
internal auditors Copyright 2013 Gleim Publications Inc. Page 207
should assess the operating effectiveness of fraud-related Printed for Sanja Knezevic
communication systems. Answer (A) is incorrect. For cost-benefit reasons, controls should be
Answer (D) is correct. Control is the principal means of preventing more extensive
fraud. in high-risk areas.
Management, in turn, is primarily responsible for the establishment Answer (B) is incorrect. Even the best system of control can often
and be circumvented by
maintenance of control. Internal auditors are primarily responsible for collusion.
preventing Answer (C) is correct. Management is responsible for establishing
fraud by examining and evaluating the adequacy and effectiveness and maintaining
of control. internal control. Thus, management also is responsible for the fraud
Internal auditors also should assess the operating effectiveness of prevention
fraud-related program. The control environment element of this program includes a
communication systems and practices, and they should support code of conduct,
fraud-related ethics policy, or fraud policy to set the appropriate tone at the top.
training. Moreover,
[385] Gleim #: 4.4.56 organizations should establish effective fraud-related information and
A significant employee fraud took place shortly after an internal communication
auditing engagement. practices, for example, documentation and dissemination of policies,
The internal auditor may not have properly fulfilled the responsibility guidelines, and
for the results.
prevention of fraud by failing to note and report that Answer (D) is incorrect. Forgery, like collusion, can circumvent even
Policies, practices, and procedures to monitor activities and an effective
safeguard assets were control.
less extensive in low-risk areas than in high-risk areas. [386] Gleim #: 4.4.57
A. Internal auditors have a responsibility for helping to deter fraud.
A system of control that depended upon separation of duties could Which of the
be following best describes how this responsibility is usually met?
circumvented by collusion among three employees. By coordinating with security personnel and law enforcement
B. agencies in the
There were no written policies describing prohibited activities and the investigation of possible frauds.
action A.
required whenever violations are discovered. By testing for fraud in every engagement and following B. up as
C. appropriate.
Divisional employees had not been properly trained to distinguish C. By assisting in the design of control systems to prevent fraud.
between bona
By evaluating the adequacy and effectiveness of controls in light of responsibility of management.
the potential Answer (D) is correct. Internal auditors are responsible for assisting
exposure or risk. in the deterrence
D. of fraud by examining and evaluating the adequacy and the
Answer (A) is incorrect. Investigating possible frauds involves effectiveness of controls.
detection, not [388] Gleim #: 4.4.59
deterrence. Internal auditing is responsible for assisting in the prevention of fraud
Answer (B) is incorrect. Testing for fraud in every engagement is not by
required. Informing the appropriate authorities within the organization and
Answer (C) is incorrect. Designing control systems impairs an recommending
internal auditor’s whatever investigation is considered necessary in the circumstances
objectivity. when
Answer (D) is correct. Control is the principal means of preventing wrongdoing is suspected.
fraud. A.
Management is primarily responsible for the establishment and Establishing the organization’s governance, operations, and
maintenance of information systems
control. Internal auditors are primarily responsible for preventing concerning compliance with laws, regulations, and contracts.
fraud by B.
examining and evaluating the adequacy and effectiveness of control. Examining and evaluating the adequacy and the effectiveness of
[387] Gleim #: 4.4.58 control,
Which of the following describes one of the responsibilities of the commensurate with the extent of the potential exposure or risk in the
internal auditor for various
the deterrence of fraud in an organization? segments of the organization’s operations.
A. Implementation of systems to discourage fraud. C.
B. Prosecuting perpetrators of fraud. Determining whether operating standards are acceptable D. and are
C. Reporting suspected fraud to law enforcement personnel. being met.
D. Evaluating the adequacy of controls to prevent fraud. Answer (A) is incorrect. Informing appropriate authorities in the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization
(720 questions) when the internal auditor suspects wrongdoing concerns the internal
Copyright 2013 Gleim Publications Inc. Page 208 auditor’s
Printed for Sanja Knezevic obligation for detecting, not preventing, fraud.
fb.com/ciaaofficial Answer (B) is incorrect. Management is responsible for establishing
Answer (A) is incorrect. Implementing systems is an operating these
function for which systems.
management is responsible. Answer (C) is correct. Internal auditors are responsible for assisting
Answer (B) is incorrect. Prosecuting perpetrators of fraud is a in the
responsibility of prevention of fraud by examining and evaluating the adequacy and
management. the
Answer (C) is incorrect. Reporting suspected fraud to law effectiveness of controls.
enforcement personnel is a
Answer (D) is incorrect. These standards are criteria to determine Answer (A) is incorrect. Establishing internal control is
whether management’s
operational objectives and goals have been accomplished. They do responsibility.
not concern Answer (B) is incorrect. Maintaining internal control is
prevention of fraud. management’s
[389] Gleim #: 4.4.60 responsibility.
The internal auditors’ responsibility regarding fraud includes all of the Answer (C) is correct. Control is the principal means of preventing
following fraud.
except Management, in turn, is primarily responsible for the establishment
A. Determining whether the control environment sets the appropriate and
tone at top. maintenance of control. Internal auditors are primarily responsible for
B. Ensuring that fraud will not occur. preventing
C. Being aware of activities in which fraud is likely to occur. fraud by examining and evaluating the adequacy and effectiveness
D. Evaluating the effectiveness of control activities. of control.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Operating authority is a management
(720 questions) function.
Printed for Sanja Knezevic An internal auditor who suspects fraud should
Answer (A) is incorrect. Internal auditing is responsible for A. Determine that a loss has been incurred.
evaluating the B. Interview those who have been involved in the control of assets.
organization’s control environment. C. Identify the employees who could be implicated in the case.
Answer (B) is correct. Control is the principal means of preventing D. Recommend an investigation if appropriate.
fraud, and Answer (A) is incorrect. Determining the loss could alert the
management is responsible for establishing and maintaining internal perpetrator of the
control. Thus, fraud. The perpetrator could then destroy or compromise evidence.
internal auditors cannot give absolute assurance that noncompliance Answer (B) is incorrect. Interviewing those who have been involved
or fraud does not in the
exist. control of assets is part of the fraud investigation.
Answer (C) is incorrect. The internal auditor should have sufficient Answer (C) is incorrect. Identifying the employees who could be
knowledge of implicated in
fraud indicators and be alert to opportunities that could allow fraud. the case is part of the fraud investigation.
Answer (D) is incorrect. Assessing the design and operating Answer (D) is correct. An internal auditor’s responsibilities for
effectiveness of fraudrelated detecting fraud
controls is the responsibility of internal auditing. include evaluating fraud indicators and deciding whether any
[390] Gleim #: 4.4.61 additional action is
The internal audit activity’s responsibility for preventing fraud is to necessary or whether an investigation should be recommended.
Establish A. internal control. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Maintain internal control. (720 questions)
C. Evaluate the system of internal control. Copyright 2013 Gleim Publications Inc. Page 210
D. Exercise operating authority over fraud prevention activities. Printed for Sanja Knezevic
fb.com/ciaaofficial Answer (A) is incorrect. Administrative expense is 2% (US $10 ÷
[392] Gleim #: 4.4.63 $500) of
An international nonprofit organization finances medical research. current revenue.
The majority of its Answer (B) is incorrect. Purchases of supplies from fictitious
revenue and support comes from fundraising activities, investments, vendors involve
and specific risk exposures that are far smaller than those arising from
grants from an initial sponsoring corporation. The organization has inappropriate grants.
been in operation Answer (C) is correct. Grants represent 83.6% (US $418 ÷ $500) of
over 15 years and has a small internal audit department. The current
organization has just revenue. Consequently, fraudulent grants constitute a much greater
finished a major fundraising drive that raised US $500 million for the risk exposure
current fiscal than any of the other items listed.
period. Answer (D) is incorrect. The payroll clerk’s addition of ghost
The following are selected data from recent financial statements (US employees involves
dollar figures in risk exposures that are far smaller than those arising from
millions): inappropriate grants.
Current Past [393] Gleim #: 4.4.64
Year Year Internal auditors are more likely to detect fraud by
Revenue US $500 US $425 developing/strengthening their
Investments (average balances) 210 185 ability to
Medical research grants made 418 325 A. Recognize and question changes that occur in organizations.
Investment income 16 20 B. Interrogate fraud perpetrators to discover why the fraud was
Administrative expense 10 6 committed.
Auditors must always be alert for the possibility of fraud. Assume the C. Develop internal controls to prevent the occurrence of fraud.
controls over D. Document computerized operating system programs.
each risk listed below are marginal. Which of the following possible Gleim CIA Test Prep: Part 1 - Internal Audit Basics
frauds or misuses (720 questions)
of organization assets should be considered the area of greatest Copyright 2013 Gleim Publications Inc. Page 211
risk? Printed for Sanja Knezevic
The president is using company travel and entertainment funds for Answer (A) is correct. An internal auditor’s responsibilities for
activities that detecting fraud
might be considered questionable. include evaluating fraud indicators and deciding whether any
A. additional action is
Purchases of supplies are made from B. fictitious vendors. necessary or whether an investigation should be recommended.
Grants are made to organizations that might be associated with the Answer (B) is incorrect. Interrogation of fraud perpetrators occurs
president or are after detection. The
not for purposes dictated in the organization’s charter. danger signals of fraud often involve negative organizational
C. changes.
D. The payroll clerk has added ghost employees. Answer (C) is incorrect. The controls mentioned are preventive, not
detective.
Answer (D) is incorrect. Documentation of operating systems is not advisory capacity.
within the scope Answer (D) is incorrect. The internal auditor should report the matter
of internal auditing and would do little to enhance fraud detection and request
skills. funding for outside service providers only if (s)he has determined that
[394] Gleim #: 4.4.65 the
After noting some red flags, an internal auditor has an increased indicators of fraud are sufficient to recommend an investigation.
awareness that fraud [395] Gleim #: 4.4.66
may be present. Which of the following best describes the internal When an internal auditor identifies multiple factors that have been
auditor’s linked with
responsibility? possible fraudulent conditions and suspects that fraud has taken
Expand activities to determine whether an investigation A. is place, the auditor
warranted. should
Report the possibility of fraud to senior management and the board A. Immediately report to senior management and the board.
and ask them B. Immediately report to the board.
how they would like to proceed. C. Recommend an investigation.
B. D. Extend tests to determine the extent of the fraud.
Consult with external legal counsel to determine the course of action Gleim CIA Test Prep: Part 1 - Internal Audit Basics
to be taken, (720 questions)
including the approval of the proposed engagement work program to Copyright 2013 Gleim Publications Inc. Page 212
make sure it Printed for Sanja Knezevic
is acceptable on legal grounds. fb.com/ciaaofficial
C. Answer (A) is incorrect. Immediate reporting by the CAE to senior
Report the matter to the audit committee and request funding for management and
outside service the board is required only after a sufficient investigation has been
providers to help investigate the possible fraud. made to establish
D. reasonable certainty that a significant fraud has occurred. Thus,
Answer (A) is correct. An internal auditor’s responsibilities for reasonable certainty is
detecting fraud necessary before any fraud reporting is made.
include evaluating fraud indicators and deciding whether any Answer (B) is incorrect. Immediate reporting by the CAE to senior
additional action is management and
necessary or whether an investigation should be recommended. the board is required only after a sufficient investigation has been
Answer (B) is incorrect. The internal auditor should notify the made to establish
appropriate reasonable certainty that a significant fraud has occurred. Thus,
authorities within the organization if (s)he has determined that the reasonable certainty is
indicators of necessary before any fraud reporting is made.
fraud are sufficient to recommend an investigation. Answer (C) is correct. An internal auditor’s responsibilities for
Answer (C) is incorrect. The internal auditor is responsible for detecting fraud
determining the include evaluating fraud indicators and deciding whether any
appropriate response to indicators of fraud. Legal counsel can act additional action is
only in an necessary or whether an investigation should be recommended.
Answer (D) is incorrect. Extended tests to determine the extent of C. Decide whether to recommend an investigation.
fraud are performed D. Discuss the case with the board.
after the fraud has in fact been determined, not suspected. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[396] Gleim #: 4.4.67 (720 questions)
An internal auditor suspects that a mailroom clerk is embezzling Copyright 2013 Gleim Publications Inc. Page 213
funds. In exercising Printed for Sanja Knezevic
due professional care, the internal auditor should Answer (A) is incorrect. The internal auditor should avoid
Reassign the clerk to A. another department. confronting suspected
B. Institute stricter controls over mailroom operations. employees. Employees suspected of theft or fraud have certain
C. Evaluate fraud indicators and decide whether further action is common law and
necessary. statutory rights that, if infringed upon, can be costly to the
D. Confront the clerk with the auditor’s suspicions. organization.
Answer (A) is incorrect. Personnel assignments are the Answer (B) is incorrect. Fellow workers may also be involved in the
responsibility of embezzlement.
management. Answer (C) is correct. An internal auditor’s responsibilities for
Answer (B) is incorrect. The system of internal controls is detecting fraud
management’s include evaluating fraud indicators and deciding whether any
responsibility. additional action is
Answer (C) is correct. An internal auditor’s responsibilities for necessary or whether an investigation should be recommended.
detecting fraud Answer (D) is incorrect. The CAE should determine the extent, if
include evaluating fraud indicators and deciding whether any any, of the fraud
additional action is before presenting it to the board.
necessary or whether an investigation should be recommended. [398] Gleim #: 4.4.69
Answer (D) is incorrect. An internal auditor should not confront a Which of the following best describes an auditor’s responsibility after
suspect until noting some
the proper authorities have been notified and have determined the indicators of fraud?
appropriate Expand activities to determine whether an investigation A. is
action. warranted.
[397] Gleim #: 4.4.68 B. Report the possibility of fraud to senior management and ask how
An internal auditor’s field work uncovers a series of transactions that to proceed.
indicate a C. Consult with external legal counsel to determine the course of
possible embezzlement. Which of the following actions should the action to be taken.
chief audit Report the matter to the audit committee and request funding for
executive take? outside
A. Confront the suspected embezzler to determine that the facts are specialists to help investigate the possible fraud.
correct. D.
Review the finding with the suspect’s fellow workers to see whether Answer (A) is correct. An internal auditor’s responsibilities for
the workers detecting fraud
can furnish additional evidence. include evaluating fraud indicators and deciding whether any
B. additional action is
necessary or whether an investigation should be recommended. detecting and investigating fraud (Impl. Std. 1210.A2).
Answer (B) is incorrect. The internal auditor should notify senior Answer (B) is incorrect. The internal auditor is not expected to have
management the expertise of a
and the board only if (s)he has determined that the indicators of fraud person whose primary responsibility is detecting and investigating
are fraud.
sufficient to recommend an investigation. Answer (C) is incorrect. An internal auditor must have sufficient
Answer (C) is incorrect. The internal auditor does not have the knowledge to
authority to identify the indicators of fraud but is not required to have sufficient
consult with external legal counsel. knowledge and
Answer (D) is incorrect. The internal auditor should notify the audit training to be able to detect fraud.
committee Answer (D) is incorrect. Detecting and investigating fraud is not a
only if (s)he has determined that the indicators of fraud are sufficient primary role of an
to internal auditor.
recommend an investigation. [400] Gleim #: 4.5.71
[399] Gleim #: 4.4.70 Red flags are conditions that indicate a higher likelihood of fraud.
What is the responsibility of the internal auditor with respect to fraud? Which of the
The internal auditor should have sufficient knowledge to identify the following is not considered a red flag?
indicators of Management has delegated the authority to make purchases under a
fraud but is not expected to be an expert. certain value
A. to subordinates.
The internal auditor should have the same ability to detect fraud as a A.
person whose An individual has held the same cash-handling job for an extended
primary responsibility is detecting and investigating fraud. period without
B. any rotation of duties.
An internal auditor should have sufficient knowledge and training so B.
that (s)he is An individual handling marketable securities is responsible for
able to detect fraud. making the
C. purchases, recording the purchases, and reporting any discrepancies
D. An internal auditor’s primary role is to detect and investigate fraud. and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics gains/losses to senior management.
(720 questions) C.
Copyright 2013 Gleim Publications Inc. Page 214 The assignment of responsibility and accountability in the accounts
Printed for Sanja Knezevic receivable
fb.com/ciaaofficial department is not clear.
Answer (A) is correct. Internal auditors must have sufficient D.
knowledge to evaluate Answer (A) is correct. Delegating the authority to make purchases
the risk of fraud and the manner in which it is managed by the under a certain
organization. They are value to subordinates is an acceptable and common practice
not expected to have the expertise of a person whose primary intended to limit risk
responsibility is while promoting efficiency. It is not, by itself, considered a red flag.
Answer (B) is incorrect. Lack of rotation of duties or cross-training adequate training, such as the applicants’ personal integrity.
for sensitive Furthermore, hiring of all
jobs is a red flag. Such a person may have a greater opportunity to adequately trained applicants is unlikely to be necessary.
commit and Answer (D) is incorrect. Under the reasonable assurance concept,
conceal fraud. the cost of controls
Answer (C) is incorrect. An inappropriate combination of duties is a should not exceed their benefits. The cost of applying controls to all
red flag. relevant
Answer (D) is incorrect. Establishing clear lines of authority and transactions rather than a sample may be greater than the resultant
accountability savings.
not only helps to assign culpability but also has preventive effects. [402] Gleim #: 4.5.73
[401] Gleim #: 4.5.72 Internal auditors have been advised to consider red flags to
Which of the following policies is most likely to result in an determine whether
environment conducive to management is involved in a fraud. Which of the following does not
the occurrence of fraud? represent a
Budget preparation input by the employees who are responsible for difficulty in using the red flags as fraud indicators?
meeting the Many common red flags are also associated with situations in which
budget. no fraud
A. exists.
Unreasonable sales and B. production goals. A.
The division’s hiring process frequently results in the rejection of Some red flags are difficult to quantify B. or to evaluate.
adequately C. Red flag information is not gathered as a normal part of an
trained applicants. engagement.
C. The red flags literature is not well enough established to have a
D. The application of some accounting controls on a sample basis. positive impact on
Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal auditing.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 215 Answer (A) is incorrect. Red flags are developed by correlation
Printed for Sanja Knezevic analysis, not
Answer (A) is incorrect. Participatory budgeting can reduce necessarily by causation analysis.
resistance to budgets and Answer (B) is incorrect. Many red flags, such as management’s
reduce the likelihood of inappropriate means being taken to meet the attitude, are
budget. difficult to quantify.
Answer (B) is correct. Unrealistically high sales or production quotas Answer (C) is incorrect. Internal auditors should be able to identify
can be an fraud
incentive to falsify the records or otherwise take inappropriate action indicators and should be alert to opportunities that could allow fraud.
to improve However,
performance measures so that the quotas appear to have been met. internal auditors do not normally perform procedures specifically to
Answer (C) is incorrect. Hiring policies should be based on factors gather red
other than flag information.
Answer (D) is correct. The state of red flags literature is an aid, not a Answer (A) is incorrect. The items described can be detected
difficulty, in through usual
internal auditing. It is well established and will be refined in the future procedures in a financial audit.
as research Answer (B) is incorrect. Although the economy suffered a downturn,
is done. the change
Gleim CIA Test Prep: Part 1 - Internal Audit Basics in working capital is unusual in light of the continuing strong profit
(720 questions) margins and
Copyright 2013 Gleim Publications Inc. Page 216 should be investigated.
Printed for Sanja Knezevic Answer (C) is incorrect. The working capital ratio, the high
fb.com/ciaaofficial employee turnover
[403] Gleim #: 4.5.74 rate, and the sole-source procurement policy are all warning signals
The following are facts about a subsidiary: of fraud.
The subsidiary has been in business for several years and enjoyed Answer (D) is correct. The fact that the organization has reported
good profit high profits
margins although the general economy was in a recession, which when competitors have not may indicate a material misstatement in
affected the financial
competitors. statements. Insufficient working capital may indicate such problems
1. as
The working capital ratio has declined from a healthy 2. 3:1 to 0.9:1. overexpansion, decreases in revenues, transfers of funds to other
Turnover for the last several years has included three controllers, two organizations,
supervisors insufficient credit, and excessive expenditures. The internal auditor
of accounts receivable, four payables supervisors, and numerous should be alert
staff in other for the diversion of funds for personal use through such methods as
financial positions. unrecorded
3. sales and falsified expenditures. Rapid turnover in financial positions
Purchasing policy requires three bids. However, the supervisor of may signify
purchasing at existing problems with which the individuals feel uncomfortable but
the subsidiary has instituted a policy of sole-source procurement to that they do
reduce the not want to disclose. Accountability for funds and other resources
number of suppliers. should be
4. determined upon termination of employment. Use of sole-source
When conducting a financial audit of the subsidiary, the internal procurement
auditor should does not encourage competition to ensure that the organization is
A. Most likely not detect 1., 2., or 3. obtaining the
B. Ignore 2. since the economy had a downturn during this period. required materials or equipment at the best price. Sole-source
Consider 3. to be normal turnover, but be concerned about 2. and 4. procurement, if not
as warning adequately justified, indicates potential favoritism or kickbacks.
signals of fraud. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
C. (720 questions)
D. Consider 1., 2., 3., and 4. as warning signals of fraud. Copyright 2013 Gleim Publications Inc. Page 217
Printed for Sanja Knezevic Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[404] Gleim #: 4.5.75 (720 questions)
An internal auditor should be concerned about the possibility of fraud Copyright 2013 Gleim Publications Inc. Page 218
if Printed for Sanja Knezevic
Cash receipts, net of the amounts used to pay petty cash-type fb.com/ciaaofficial
expenditures, are [405] Gleim #: 4.5.76
deposited in the bank daily. Randy and John had known each other
A. for many years. They had become best
The monthly bank statement reconciliation is performed by the same friends in college, where they both
employee majored in accounting. After graduation,
who maintains the perpetual inventory records. Randy took over the family business from
B. his father. His family had been in the
The accounts receivable subsidiary ledger and accounts payable grocery business for several generations.
subsidiary ledger When John had difficulty finding a job,
are maintained by the same person. Randy offered him a job in the family
C. store. John proved to be a very capable
One person, acting alone, has sole access to the petty cash fund employee. As John demonstrated his
(except for a abilities, Randy began delegating more
provision for occasional surprise counts by a supervisor or auditor). and more responsibility to him. After a
D. period of time, John was doing all of the
Answer (A) is correct. Paying petty cash expenditures from cash general accounting and authorization
receipts functions for checks, cash, inventories,
facilitates the unauthorized removal of cash before deposit. All cash documents, records, and bank
receipts reconciliations. (1) John was trusted
should be deposited intact daily. Petty cash expenditures should be completely and handled all financial
handled functions. No one checked his work.
through an imprest fund. Randy decided to expand the business
Answer (B) is incorrect. The monthly bank reconciliation should not and opened several new stores. (2) Randy
be was always handling the most urgent
performed by a person who makes deposits or writes checks, but the problem . . . “crisis management” is
inventory what his college professors had termed it.
clerk has no such responsibilities. John assisted with the problems when his
Answer (C) is incorrect. There is no direct relationship between the other duties allowed him time.
transactions Although successful at work, John had
posted to the accounts receivable and accounts payable subsidiary (3) difficulties with personal financial
ledgers; having problems.
the same person maintain both does not create a control weakness. At first, the amounts stolen by John were
Answer (D) is incorrect. To establish accountability for petty cash, small. John didn’t even worry about
only one making the accounts balance. But John
person should have access to the fund. became greedy. “How easy it is to take the
money,” he said. He felt that he was a commit fraud. John’s actions went unscrutinized because of the
critical member of the business team absence of an
(4) and that he contributed much more to appropriate segregation of functions and his ability to override
the success of the company than was whatever control
represented by his salary. “It would take procedures were in place.
two or three people to replace me,” he Answer (D) is incorrect. Complete trust is an opportunity to commit
often thought to himself. As the amounts a fraud.
became larger and larger, (5) he made the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
books balance. Because of these (720 questions)
activities, John was able to purchase an Copyright 2013 Gleim Publications Inc. Page 219
expensive car and take his family on Printed for Sanja Knezevic
several trips each year. (6) He also joined [406] Gleim #: 4.5.77
an expensive country club. Things were Randy and John had known each other
changing at home, however. (7) John’s for many years. They had become best
family observed that he was often friends in college, where they both
argumentative and at other times very majored in accounting. After graduation,
depressed. Randy took over the family business from
The fraud continued for 6 years. Each his father. His family had been in the
year, the business performed more and grocery business for several generations.
more poorly. In the last year, the stores When John had difficulty finding a job,
had a substantial net loss. Randy’s bank Randy offered him a job in the family
required an audit. John confessed when he store. John proved to be a very capable
thought the auditors had discovered his employee. As John demonstrated his
embezzlements. abilities, Randy began delegating more
When discussing frauds, the pressures, and more responsibility to him. After a
opportunities, and rationalizations that period of time, John was doing all of the
cause/allow a perpetrator to commit the general accounting and authorization
fraud are often identified. Symptoms of functions for checks, cash, inventories,
fraud are also studied. documents, records, and bank
Number 1, “John was trusted completely . . .,” is an example of a(n) reconciliations. (1) John was trusted
A. Document symptom. completely and handled all financial
B. Situational pressure. functions. No one checked his work.
C. Opportunity to commit. Randy decided to expand the business
D. Physical symptom. and opened several new stores. (2) Randy
Answer (A) is incorrect. Complete trust is an opportunity to commit a was always handling the most urgent
fraud. problem . . . “crisis management” is
Answer (B) is incorrect. Complete trust is an opportunity to commit a what his college professors had termed it.
fraud. John assisted with the problems when his
Answer (C) is correct. Complete trust in an individual is an other duties allowed him time.
opportunity to Although successful at work, John had
(3) difficulties with personal financial D. Rationalization.
problems. Answer (A) is correct. When a manager continually handles the
At first, the amounts stolen by John were most pressing
small. John didn’t even worry about issues of a company, an opportunity for the manager to commit fraud
making the accounts balance. But John is created.
became greedy. “How easy it is to take the The lack of long-range planning creates a potential for fraud because
money,” he said. He felt that he was a organizational objectives may have been replaced with individual
critical member of the business team initiatives.
(4) and that he contributed much more to Answer (B) is incorrect. Crisis management provides an opportunity
the success of the company than was to commit
represented by his salary. “It would take fraud.
two or three people to replace me,” he Answer (C) is incorrect. Crisis management provides an opportunity
often thought to himself. As the amounts to commit
became larger and larger, (5) he made the fraud.
books balance. Because of these Answer (D) is incorrect. Crisis management provides an opportunity
activities, John was able to purchase an to commit
expensive car and take his family on Gleim CIA Test Prep: Part 1 - Internal Audit Basics
several trips each year. (6) He also joined (720 questions)
an expensive country club. Things were Copyright 2013 Gleim Publications Inc. Page 220
changing at home, however. (7) John’s Printed for Sanja Knezevic
family observed that he was often fb.com/ciaaofficial
argumentative and at other times very [407] Gleim #: 4.5.78
depressed. Randy and John had known each other
The fraud continued for 6 years. Each for many years. They had become best
year, the business performed more and friends in college, where they both
more poorly. In the last year, the stores majored in accounting. After graduation,
had a substantial net loss. Randy’s bank Randy took over the family business from
required an audit. John confessed when he his father. His family had been in the
thought the auditors had discovered his grocery business for several generations.
embezzlements. When John had difficulty finding a job,
When discussing frauds, the pressures, Randy offered him a job in the family
opportunities, and rationalizations that store. John proved to be a very capable
cause/allow a perpetrator to commit the employee. As John demonstrated his
fraud are often identified. Symptoms of abilities, Randy began delegating more
fraud are also studied. and more responsibility to him. After a
Number 2, “Randy was always handling the most urgent . . .,” is an period of time, John was doing all of the
example of a(n) general accounting and authorization
Opportunity A. to commit. functions for checks, cash, inventories,
B. Analytical symptom. documents, records, and bank
C. Situational pressure. reconciliations. (1) John was trusted
completely and handled all financial When discussing frauds, the pressures,
functions. No one checked his work. opportunities, and rationalizations that
Randy decided to expand the business cause/allow a perpetrator to commit the
and opened several new stores. (2) Randy fraud are often identified. Symptoms of
was always handling the most urgent fraud are also studied.
problem . . . “crisis management” is Number 3, “Difficulties with personal financial problems,” is an
what his college professors had termed it. example of a(n)
John assisted with the problems when his A. Behavioral symptom.
other duties allowed him time. B. Situational pressure.
Although successful at work, John had C. Rationalization.
(3) difficulties with personal financial D. Opportunity to commit.
problems. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
At first, the amounts stolen by John were (720 questions)
small. John didn’t even worry about Copyright 2013 Gleim Publications Inc. Page 221
making the accounts balance. But John Printed for Sanja Knezevic
became greedy. “How easy it is to take the Answer (A) is incorrect. Personal financial problems are a
money,” he said. He felt that he was a situational pressure to
critical member of the business team commit a fraud.
(4) and that he contributed much more to Answer (B) is correct. Financial difficulties create situational
the success of the company than was pressures or temptations
represented by his salary. “It would take that may contribute to fraud. These situational pressures result from
two or three people to replace me,” he high personal
often thought to himself. As the amounts indebtedness, extravagant lifestyles, gambling problems, etc.
became larger and larger, (5) he made the Answer (C) is incorrect. Personal financial problems are a
books balance. Because of these situational pressure to
activities, John was able to purchase an commit a fraud.
expensive car and take his family on Answer (D) is incorrect. Personal financial problems are a
several trips each year. (6) He also joined situational pressure to
an expensive country club. Things were commit a fraud.
changing at home, however. (7) John’s Gleim CIA Test Prep: Part 1 - Internal Audit Basics
family observed that he was often (720 questions)
argumentative and at other times very Copyright 2013 Gleim Publications Inc. Page 222
depressed. Printed for Sanja Knezevic
The fraud continued for 6 years. Each fb.com/ciaaofficial
year, the business performed more and [408] Gleim #: 4.5.79
more poorly. In the last year, the stores Randy and John had known each other
had a substantial net loss. Randy’s bank for many years. They had become best
required an audit. John confessed when he friends in college, where they both
thought the auditors had discovered his majored in accounting. After graduation,
embezzlements. Randy took over the family business from
his father. His family had been in the several trips each year. (6) He also joined
grocery business for several generations. an expensive country club. Things were
When John had difficulty finding a job, changing at home, however. (7) John’s
Randy offered him a job in the family family observed that he was often
store. John proved to be a very capable argumentative and at other times very
employee. As John demonstrated his depressed.
abilities, Randy began delegating more The fraud continued for 6 years. Each
and more responsibility to him. After a year, the business performed more and
period of time, John was doing all of the more poorly. In the last year, the stores
general accounting and authorization had a substantial net loss. Randy’s bank
functions for checks, cash, inventories, required an audit. John confessed when he
documents, records, and bank thought the auditors had discovered his
reconciliations. (1) John was trusted embezzlements.
problem . . . “crisis management” is Number 4, “and that he contributed much more . . .,” is an example of
what his college professors had termed it. a
John assisted with the problems when his A. Rationalization.
other duties allowed him time. B. Behavioral symptom.
Although successful at work, John had C. Situational pressure.
(3) difficulties with personal financial D. Physical symptom.
problems. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
At first, the amounts stolen by John were (720 questions)
small. John didn’t even worry about Copyright 2013 Gleim Publications Inc. Page 223
making the accounts balance. But John Printed for Sanja Knezevic
became greedy. “How easy it is to take the Answer (A) is correct. Rationalization occurs when a person
money,” he said. He felt that he was a attributes his/her actions
critical member of the business team to rational and creditable motives without analysis of one’s true and
(4) and that he contributed much more to especially
the success of the company than was unconscious motives. Feeling that one is not being paid as much as
represented by his salary. “It would take one is worth is a
two or three people to replace me,” he common rationalization for low-level fraud.
often thought to himself. As the amounts Answer (B) is incorrect. The belief that compensation is inadequate
became larger and larger, (5) he made the is a possible
books balance. Because of these rationalization for improprieties.
activities, John was able to purchase an Answer (C) is incorrect. The belief that compensation is inadequate
expensive car and take his family on is a possible
rationalization for improprieties. At first, the amounts stolen by John were
Answer (D) is incorrect. The belief that compensation is inadequate small. John didn’t even worry about
is a possible making the accounts balance. But John
rationalization for improprieties. became greedy. “How easy it is to take the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics money,” he said. He felt that he was a
(720 questions) critical member of the business team
Copyright 2013 Gleim Publications Inc. Page 224 (4) and that he contributed much more to
Printed for Sanja Knezevic the success of the company than was
fb.com/ciaaofficial represented by his salary. “It would take
[409] Gleim #: 4.5.80 two or three people to replace me,” he
Randy and John had known each other often thought to himself. As the amounts
for many years. They had become best became larger and larger, (5) he made the
friends in college, where they both books balance. Because of these
majored in accounting. After graduation, activities, John was able to purchase an
Randy took over the family business from expensive car and take his family on
problem . . . “crisis management” is Number 5, “he made the books balance,” is an example of a(n)
what his college professors had termed it. A. Physical symptom.
John assisted with the problems when his B. Analytical symptom.
other duties allowed him time. C. Lifestyle symptom.
Although successful at work, John had D. Document symptom.
(3) difficulties with personal financial Gleim CIA Test Prep: Part 1 - Internal Audit Basics
problems. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 225 completely and handled all financial
Printed for Sanja Knezevic functions. No one checked his work.
Answer (A) is incorrect. Making the “books balance” is an example Randy decided to expand the business
of a document and opened several new stores. (2) Randy
symptom. was always handling the most urgent
Answer (B) is incorrect. Making the “books balance” is an example problem . . . “crisis management” is
of a document what his college professors had termed it.
symptom. John assisted with the problems when his
Answer (C) is incorrect. Making the “books balance” is an example other duties allowed him time.
of a document Although successful at work, John had
symptom. (3) difficulties with personal financial
Answer (D) is correct. Tampering with the company’s books is a problems.
document symptom. At first, the amounts stolen by John were
In other words, the indicator of fraud consists of the changes in small. John didn’t even worry about
actual company making the accounts balance. But John
records. became greedy. “How easy it is to take the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics money,” he said. He felt that he was a
(720 questions) critical member of the business team
Copyright 2013 Gleim Publications Inc. Page 226 (4) and that he contributed much more to
Printed for Sanja Knezevic the success of the company than was
fb.com/ciaaofficial represented by his salary. “It would take
When discussing frauds, the pressures, and more responsibility to him. After a
opportunities, and rationalizations that period of time, John was doing all of the
cause/allow a perpetrator to commit the general accounting and authorization
fraud are often identified. Symptoms of functions for checks, cash, inventories,
fraud are also studied. documents, records, and bank
Number 6, “He also joined an expensive country club,” is an example reconciliations. (1) John was trusted
of a completely and handled all financial
A. Rationalization. functions. No one checked his work.
B. Lifestyle symptom. Randy decided to expand the business
C. Behavioral symptom. and opened several new stores. (2) Randy
D. Physical symptom. was always handling the most urgent
Answer (A) is incorrect. Joining an expensive country club is an problem . . . “crisis management” is
example of a what his college professors had termed it.
lifestyle symptom. John assisted with the problems when his
Answer (B) is correct. John was living beyond his means. The other duties allowed him time.
change in lifestyle Although successful at work, John had
was a symptom that indicated the presence of fraud. (3) difficulties with personal financial
Answer (C) is incorrect. Joining an expensive country club is an problems.
example of a At first, the amounts stolen by John were
lifestyle symptom. small. John didn’t even worry about
Answer (D) is incorrect. Joining an expensive country club is an making the accounts balance. But John
example of a became greedy. “How easy it is to take the
lifestyle symptom. money,” he said. He felt that he was a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics critical member of the business team
(720 questions) (4) and that he contributed much more to
Copyright 2013 Gleim Publications Inc. Page 227 the success of the company than was
Printed for Sanja Knezevic represented by his salary. “It would take
year, the business performed more and perpetrators of financial statement fraud (falsified financial
more poorly. In the last year, the stores statements), those who
had a substantial net loss. Randy’s bank have falsified financial statements are less likely to
required an audit. John confessed when he Have experienced an autocratic A. management style.
thought the auditors had discovered his B. Be living beyond their obvious means of support.
embezzlements. C. Rationalize the fraudulent behavior.
When discussing frauds, the pressures, D. Use organizational expectations as justification for the act.
opportunities, and rationalizations that Answer (A) is incorrect. Autocratic management styles have been
cause/allow a perpetrator to commit the linked to
fraud are often identified. Symptoms of management (financial statement) fraud.
fraud are also studied. Answer (B) is correct. Living beyond one’s means has been linked
Number 7, “John’s family observed that he was often argumentative . to employee
. .,” is an fraud (embezzlement), not to financial statement fraud. Fraud
example of a perpetrated for the
A. Rationalization. benefit of the organization ordinarily benefits the wrongdoer
B. Lifestyle symptom. indirectly, whereas
C. Behavioral symptom. fraud that is detrimental to the organization provides immediate,
D. Physical symptom. direct benefits to
Answer (A) is incorrect. Being argumentative is an example of a the employee.
behavioral Answer (C) is incorrect. Rationalization is common to all fraud.
symptom. Answer (D) is incorrect. High expectations are often given as a
Answer (B) is incorrect. Being argumentative is an example of a motivating factor
behavioral by those who have committed financial statement fraud.
symptom. [413] Gleim #: 4.5.84
Answer (C) is correct. A drastic change in an employee’s behavior Internal auditors should have knowledge about factors (red flags)
may indicate that have proven to
the presence of fraud. The guilt and the other forms of stress be associated with management fraud. Which of the following factors
associated with have generally
perpetrating and concealing the fraud may induce noticeable not been associated with management fraud?
changes in behavior. A. Generous performance-based reward systems.
Answer (D) is incorrect. Being argumentative is an example of a B. A domineering management.
behavioral C. Regular comparison of actual results with budgets.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. A management preoccupation with increased financial
(720 questions) performance.
Copyright 2013 Gleim Publications Inc. Page 228 Answer (A) is incorrect. Generous reward systems provide
Printed for Sanja Knezevic incentives for
fb.com/ciaaofficial management to distort performance.
[412] Gleim #: 4.5.83 Answer (B) is incorrect. Pressure from superiors provides an
When comparing perpetrators who have embezzled an incentive for
organization’s funds with management to distort performance.
Answer (C) is correct. Regular comparison of actual results to Answer (C) is incorrect. These data indicate an industry gross profit
budgets provides margin of
feedback and is a normal and necessary part of the control loop. 50% and host firm gross profit margin of 40%. The greater gross
Ineffective profit margin
control is an indicator of possible fraud. realized by the host firm may result from any number of reasonable
Answer (D) is incorrect. A management preoccupation with causes. These
increased financial include (1) greater efficiencies exercised by the host firm, (2) greater
performance provides an incentive for managers to distort sales effort
performance. (or a more highly accepted product), and (3) measurement errors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. These data indicate an industry gross profit
(720 questions) margin of
Copyright 2013 Gleim Publications Inc. Page 229 40% and a host firm gross profit margin of 50%. The lower gross
Printed for Sanja Knezevic profit margin
[414] Gleim #: 4.5.85 realized by the host firm may result from such causes as (1) host firm
Which of the following is an indicator of possible financial reporting inefficiencies; (2) less acceptance of host firm product, or less sales
fraud being effort; and
perpetrated by management of a manufacturer? (3) measurement errors.
A trend analysis discloses (1) sales increases of 50% and (2) cost of [415] Gleim #: 4.5.86
goods sold Which of the following would indicate that fraud may be taking place
increases of 25%. in a marketing
A. department?
A ratio analysis discloses that cost of goods sold B. is 50% of sales. There is no documentation for some fairly large expenditures made
A cross-sectional analysis of common size statements discloses that to a new
(1) the firm’s vendor.
percentage of cost of goods sold to sales is 40% and (2) the industry A.
average A manager appears to be living a lifestyle that is in excess of what
percentage of cost of goods sold to sales is 50%. could be
C. provided by a marketing manager’s salary.
A cross-sectional analysis of common size statements discloses that B.
(1) the firm’s The control environment can best be described as “very loose.”
percentage of cost of goods sold to sales is 50% and (2) the industry However, this
average attitude is justified by management on the grounds that it is needed
percentage of cost of goods sold to sales is 40%. for creativity.
D. C.
Answer (A) is correct. An increase in sales far out of proportion to D. All of the answers are correct.
the increase in Gleim CIA Test Prep: Part 1 - Internal Audit Basics
cost of goods sold is an indicator of possible fraud. (720 questions)
Answer (B) is incorrect. A gross profit margin of 50% is not an Copyright 2013 Gleim Publications Inc. Page 230
indicator of Printed for Sanja Knezevic
fraud. Manufacturers can expect a range of 40-60% for this ratio. fb.com/ciaaofficial
Answer (A) is incorrect. A manager’s excessive lifestyle and a loose B. Routine controls are suspended for certain transactions.
control Purchased material is not delivered to a central location on the
environment are also possible fraud indicators. organization’s
Answer (B) is incorrect. Large undocumented purchases and a premises.
loose control C.
environment are also possible fraud indicators. D. The use of blanket purchase orders.
Answer (C) is incorrect. Large undocumented purchases and a Answer (A) is incorrect. The receipt of goods or services by non-
manager’s excessive organizational
lifestyle are also possible fraud indicators. personnel is a symptom of fraud.
Answer (D) is correct. Among the many indicators of possible fraud Answer (B) is incorrect. Suspension of normal and appropriate
are lack of timely procedures is a
and appropriate documentation (including information about fraud indicator.
authorization) for Answer (C) is incorrect. The receipt of goods or services off-site is a
material transactions, suspicious lifestyle characteristics of symptom of
employees in a position to fraud.
commit fraud, and management’s failure to display and communicate Answer (D) is correct. Fraud is characterized by intentional
an appropriate deception and can be
attitude toward internal control. perpetrated for the benefit or to the detriment of the organization.
[416] Gleim #: 4.5.87 The use of
When an internal auditor followed up on a significant increase in blanket purchase orders is a normal business practice.
maintenance supplies Gleim CIA Test Prep: Part 1 - Internal Audit Basics
during the past year, a purchasing agent explained to the internal (720 questions)
auditor that the Copyright 2013 Gleim Publications Inc. Page 231
primary reason for the increase was painting services and supplies. Printed for Sanja Knezevic
The internal [417] Gleim #: 4.5.88
auditor found a blanket purchase order without the normal bid or When an internal auditor followed up on a significant increase in
quote maintenance supplies
documentation. The blanket purchase order had been signed by the during the past year, a purchasing agent explained to the internal
general manager auditor that the
and named the general manager’s father as the sole contractor for primary reason for the increase was painting services and supplies.
painting services on The internal
the organization’s projects. The auditor also found a number of large auditor found a blanket purchase order without the normal bid or
invoices, quote
authorized for payment by the general manager, that showed the documentation. The blanket purchase order had been signed by the
general manager’s general manager
father as the person who signed for the receipt of the material at the and named the general manager’s father as the sole contractor for
supplier. Which is painting services on
not a symptom of fraud as described in this situation? the organization’s projects. The auditor also found a number of large
Purchased material is not received by authorized organizational A. invoices,
personnel.
authorized for payment by the general manager, that showed the A high standard of living, explained as the result of sound
general manager’s investments and not
father as the person who signed for the receipt of the material at the taking vacations;
supplier. What is An expensive personal car obtained through business contacts;
the common indicator of fraud recognized by the internal auditor in Gasoline and repair bills submitted for a car assigned by the bank
this scenario? that are higher
Analytical procedures revealed an extraordinary increase in A. than the organization’s average (mileage logs were submitted on a
account balances. quarterly
B. Paint and supplies are being purchased for a contractor. basis); and
The purchasing agent is selecting the contractor on the basis of a Marked annoyance with questions from internal auditors.
blanket purchase In this situation, typical indicators of the suspected fraud include all of
order. the following
C. except
D. Invoices are being authorized for payment by the general A. Not taking an annual vacation.
manager. B. Becoming easily annoyed with auditor inquiries about
Answer (A) is correct. Analytical procedures are commonly questionable loans.
performed by C. Explaining a high standard of living as the result of investments.
internal auditors to assess information collected in an engagement. D. Submitting gasoline and repair bills that are higher than company
The average.
assessment results from comparing information with expectations Gleim CIA Test Prep: Part 1 - Internal Audit Basics
identified or (720 questions)
developed by the internal auditor. Thus, an extraordinary increase in Copyright 2013 Gleim Publications Inc. Page 232
an account Printed for Sanja Knezevic
balance should be detected and investigated as the result of applying fb.com/ciaaofficial
analytical Answer (A) is incorrect. Not taking an annual vacation suggests that
methods. the loan officer
Answer (B) is incorrect. The provision of paint is not an issue. fears discovery of wrongdoing in his/her absence.
Answer (C) is incorrect. The purchasing agent is fulfilling this Answer (B) is incorrect. Becoming defensive may indicate a guilty
responsibility in conscience.
accordance with the authority of a purchasing agent’s position. Answer (C) is incorrect. A high standard of living may be
Answer (D) is incorrect. The general manager may appropriately inconsistent with the loan
authorize officer’s income.
payment. Answer (D) is correct. Submitting gasoline and repair bills that are
[418] Gleim #: 4.5.89 higher than
Bank management suspects that a bank loan officer frequently made average is not correlated with making fraudulent loans. These factors
loans to fictitious are not
entities, disbursed loan proceeds to personally established accounts, controllable by the loan officer, so they cannot be indicators of
and then let the unusual activity by
loans go into default. Some pertinent facts about the loan officer him/her.
include [419] Gleim #: 4.5.90
Bank management suspects that a bank loan officer frequently made B. Total asset turnover.
loans to fictitious C. Price-earnings.
entities, disbursed loan proceeds to personally established accounts, D. Current.
and then let the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
loans go into default. Some pertinent facts about the loan officer (720 questions)
include Copyright 2013 Gleim Publications Inc. Page 233
A high standard of living, explained as the result of sound Printed for Sanja Knezevic
investments and not Answer (A) is incorrect. The average collection period equals
taking vacations; average receivables
An expensive personal car obtained through business contacts; divided by average daily net sales. An increase in reported inventory
Gasoline and repair bills submitted for a car assigned by the bank does not affect it.
that are higher Answer (B) is correct. The total asset turnover ratio equals sales
than the organization’s average (mileage logs were submitted on a divided by total
quarterly assets. An increase in reported inventory will increase total assets
basis); and and decrease the
Marked annoyance with questions from internal auditors. ratio.
The most appropriate trend analysis to indicate this potential fraud is Answer (C) is incorrect. The price-earnings ratio (price per share ÷
Loan default rates A. by loan officer. EPS) is not
B. Accumulation of unpaid vacation days. directly affected by fictitious inventory.
C. Automobile operating expenses by loan officer. Answer (D) is incorrect. The current ratio (current assets ÷ current
D. Total monetary volume of loans by loan officer. liabilities) is
Answer (A) is correct. Trend analysis would detect an unexplained increased when fictitious inventory is recorded.
increase in the [421] Gleim #: 4.5.92
default rate caused by bogus loans. Which of the following is an indicator of increased risk of fraud? The
Answer (B) is incorrect. Trend analysis would not detect annual treasurer
vacation not Takes all vacations and has just accepted a promotion to vice
taken. president A. of finance.
Answer (C) is incorrect. Although trend analysis could detect higher B. Takes no vacations and has just accepted a promotion to vice
than average president of finance.
expenses for operation of the car, these expenses have no C. Takes all vacations and has refused promotion to vice president of
relationship to suspected finance.
fraudulent loans. D. Takes no vacations and has refused promotion to vice president of
Answer (D) is incorrect. The default rate is a better indicator than finance.
monetary Answer (A) is incorrect. This combination of behaviors is not
volume. unusual.
[420] Gleim #: 4.5.91 Answer (B) is incorrect. This combination of behaviors is not
An unexpected decrease in which of the following ratios could unusual.
indicate that fictitious Answer (C) is incorrect. This combination of behaviors is not
inventory has been recorded? unusual.
A. Average collection period.
Answer (D) is correct. An employee who refuses to take vacations Answer (A) is correct. The opportunity for fraud has been increased
and turns because
down promotions is engaging in classic behavior that indicates the stockroom personnel select the items for cycle count (poor internal
need to conceal control). Selection
an ongoing fraud. of items should be based on relative values or the relationship of an
[422] Gleim #: 4.5.93 item to the total
An engagement had been scheduled by the chief audit executive to volume of transactions. Moreover, personnel who do not have
address unusual custodial or
inventory shortages revealed in the annual physical inventory recordkeeping responsibilities should control the counts.
process at a large Answer (B) is incorrect. An appropriate and effective cycle count
consumer goods warehouse operation. A cycle count program had process should
been installed in the improve control.
storeroom at the beginning of the year in place of the disruptive Answer (C) is incorrect. The number of adjustments is not indicative
process of counting of the level of
one entire product line at the end of each month. The cycle count control in this situation.
program appeared Answer (D) is incorrect. A properly controlled cycle count process
effective because only nine minor adjustments had been made for could involve
the entire year on stockroom personnel in performing counts.
the several thousand different products located in the storeroom. The [423] Gleim #: 4.5.94
storeroom The internal audit activity has been assigned to perform an
supervisor explained that each of the 15 stockroom personnel engagement involving a
selected one item each division. Based on background review, the internal auditor knows the
day for cycle count based on how efficiently the item could be following about
counted. The management policies:
opportunity for control-related problems including fraud has been Organizational policy is to rapidly promote divisional managers who
increased in the show
stockroom because significant success. Thus, successful managers rarely stay at a
A. Items for cycle count are selected by stockroom personnel. division for more
B. A cycle count program has been installed in place of a less than 3 years.
efficient program. A significant portion of division management’s compensation comes
Only nine minor adjustments have been recorded as a result of the in the form
cycle count of bonuses based on the division’s profitability.
process. The division was identified by senior management as a turnaround
C. opportunity. The
D. Stockroom personnel record cycle count information. division is growing but is not scheduled for a full audit by the external
Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditors this
(720 questions) year. The division has been growing about 7% per year for the past 3
Copyright 2013 Gleim Publications Inc. Page 234 years and uses a
Printed for Sanja Knezevic standard cost system.
fb.com/ciaaofficial
During the preliminary review, the internal auditor notes the following Answer (D) is incorrect. Not all responses are red flags.
changes in [424] Gleim #: 4.5.95
financial data compared with the prior year: An internal auditor is investigating the performance of a division with
Sales have increased by 10%. an unusually
Cost of goods sold has increased by 2%. large increase in sales, gross margin, and profit. Which of the
Inventory has increased by 15%. following indicators is
Divisional net profit has increased by 8%. least likely to indicate the possibility of sales-related fraud in the
Which of the following items might alert the internal auditor to the division?
possibility of fraud A significant portion of divisional management’s compensation is
in the division? based on
The division is not scheduled for an external A. audit this year. reported divisional profits.
B. Sales have increased by 10%. A.
A significant portion of management’s compensation is directly tied to There is an unusually large amount of sales returns recorded B. after
reported year end.
net profit of the division. The internal auditor has taken a random sample of sales invoices but
C. cannot locate
D. All of the answers are correct. a shipping document for a number of the sales transactions selected
Gleim CIA Test Prep: Part 1 - Internal Audit Basics for November
(720 questions) and December.
Printed for Sanja Knezevic D. One of the division’s major competitors went out of business
Answer (A) is incorrect. The lack of a scheduled external audit is not during the year.
an indicator of Answer (A) is incorrect. Basing management compensation on
fraud. reported profits
Answer (B) is incorrect. Sales have normally been increasing by creates an incentive for fraud.
about 7% at this Answer (B) is incorrect. An unusually large amount of sales returns
division. Thus, an increase of 10%, by itself, is not unexpected and after year end
does not raise a red may indicate that invalid sales were recorded near the end of the
flag. year.
Answer (C) is correct. The internal auditor’s responsibilities for Answer (C) is incorrect. The lack of shipping documents may
detecting fraud indicate that
include having sufficient knowledge of fraud to be able to identify invalid sales were recorded during November and December.
indicators that fraud Answer (D) is correct. A decrease in the number of competitors
may have been committed. This knowledge includes the during the year is
characteristics of fraud, the a potential explanation for the increase in sales and profits.
techniques used to commit fraud, and the types of frauds associated [425] Gleim #: 4.5.96
with the activities Which of the following is most likely to be considered an indication of
reviewed. For example, performance may be distorted because possible fraud?
promotion and A. The replacement of the management team after a hostile
compensation (e.g., bonuses) are tied to profitability. takeover.
B. Rapid turnover of the organization’s financial executives. An individual handling marketable securities is responsible for
C. Rapid expansion into new markets. making the
D. A government audit of the organization’s tax returns. purchases, recording the purchases, and reporting any discrepancies
Gleim CIA Test Prep: Part 1 - Internal Audit Basics and gains or
(720 questions) losses to senior management.
Printed for Sanja Knezevic The assignment of responsibility and accountability in the accounts
fb.com/ciaaofficial receivable
Answer (A) is incorrect. The replacement of the management team department is not clear.
after a hostile D.
takeover is not unusual. Answer (A) is correct. Delegating authority for purchases below a
Answer (B) is correct. Even the most effective internal control can certain limit is
sometimes be a common and an acceptable control procedure aimed at limiting risk
circumvented, perhaps by collusion of two or more employees. Thus, while
an auditor must promoting efficiency. It is not, by itself, considered a condition that
be sensitive to certain conditions that might indicate the existence of indicates a
fraud, including higher likelihood of fraud.
high personnel turnover. In the case of financial executives, high Answer (B) is incorrect. Lack of rotation of duties or cross-training
turnover may suggest for sensitive
a pattern of inflation of profits to obtain bonuses or other benefits, to jobs is an identified red flag.
secure Answer (C) is incorrect. An inappropriate segregation of duties is an
advantages in the marketplace, or to conceal incompetence or rash identified
actions. red flag. The same person should not authorize, execute, and
Answer (C) is incorrect. Rapid expansion into new markets is not account for
unusual. transactions and have custody of the assets.
Answer (D) is incorrect. A government audit of the organization’s tax Answer (D) is incorrect. Lack of recorded accountability for assets is
returns is not an
unusual. identified red flag.
[426] Gleim #: 4.5.97 [427] Gleim #: 4.5.98
Which of the following would not be considered a condition that The most common motivation for management fraud is the existence
indicates a higher of
likelihood of fraud? Vices, such as A. a gambling habit.
Management has delegated the authority to make purchases under a B. Job dissatisfaction.
certain C. Financial pressures on the organization.
monetary limit to subordinates. D. The challenge of committing the perfect crime.
An individual has held the same cash-handling job for an extended (720 questions)
period without Copyright 2013 Gleim Publications Inc. Page 237
any rotation of duties. Printed for Sanja Knezevic
B.
Answer (A) is incorrect. Vices are an example of motivators of fraud Answer (C) is incorrect. An entry decreasing revenue is unusual and
perpetratedrfor would
the benefit of individuals and to the organization’s detriment. attract attention.
Answer (B) is incorrect. Job dissatisfaction is an example of Answer (D) is incorrect. This entry would not permanently conceal
motivators of fraud the fraud. It
perpetrated for the benefit of individuals and to the organization’s would simply shift the irreconcilable balance to another asset
detriment. account.
Answer (C) is correct. Management fraud benefits organizations [429] Gleim #: 5.1.1
rather than In a sampling application, the group of items about which the auditor
individuals, so the existence of financial pressures is the most wants to
common motivation. estimate some characteristic is called the
Management perpetrators attempt to make their financial statements A. Population.
appear more B. Attribute of interest.
attractive because of the financial pressures of restrictive loan C. Sample.
covenants, a poor cash D. Sampling unit.
position, loss of significant customers, etc. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. The challenge of committing the perfect (720 questions)
crime is an example Copyright 2013 Gleim Publications Inc. Page 238
of motivators of fraud perpetrated for the benefit of individuals and to Printed for Sanja Knezevic
the fb.com/ciaaofficial
organization’s detriment. Answer (A) is correct. The population is the group of items about
[428] Gleim #: 4.5.99 which an auditor
Which of the following fraudulent entries is most likely to be made to wishes to draw conclusions.
conceal the theft Answer (B) is incorrect. The attribute of interest is the characteristic
of an asset? of the population
Debit expenses and A. credit the asset. the auditor wants to estimate.
B. Debit the asset and credit another asset account. Answer (C) is incorrect. The sample is a subset of the population
C. Debit revenue and credit the asset. used to estimate the
D. Debit another asset account and credit the asset. characteristic.
Answer (A) is correct. Most fraud perpetrators attempt to conceal Answer (D) is incorrect. A sampling unit is the item that is actually
their theft by selected for
charging it against an expense account. The result is that the examination. It is a subset of the population.
recorded asset [430] Gleim #: 5.1.2
balance equals the actual amount on hand, and applying procedures The variability of a population, as measured by the standard
to it will not deviation, is the
detect the theft. Extent to which the individual values of the items in the population
Answer (B) is incorrect. Debiting the stolen asset account simply are spread
increases the about the mean.
discrepancy between the recorded amount and the amount on hand. A.
Degree of asymmetry B. of a distribution.
Tendency of the means of large samples (at least 30 items) to be estimate population variability.
normally Answer (C) is correct. The standard deviation is a measure of
distributed. variability. If the
C. sample is representative, its standard deviation will approximate that
Measure of the closeness of a sample estimate to a corresponding of the
population population.
characteristic. Answer (D) is incorrect. Confidence interval is a synonym for
D. precision. It is the
Answer (A) is correct. The standard deviation measures the degree range around a sample statistic that is expected to contain the true
of dispersion population
of items in a population about its mean. parameter.
Answer (B) is incorrect. The dispersion of items in a population is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
not a function (720 questions)
of the degree of asymmetry of the distribution. For example, a Copyright 2013 Gleim Publications Inc. Page 239
distribution may be Printed for Sanja Knezevic
skewed (positively or negatively) with a large or small standard [432] Gleim #: 5.1.4
deviation. The measure of variability most useful in variables sampling is the
Answer (C) is incorrect. The central limit theorem states that the A. Median.
distribution of B. Range.
sample means for large samples should be normally distributed even C. Standard deviation.
if the D. Mean.
underlying population is not. Answer (A) is incorrect. The median (the value at the 50th
Answer (D) is incorrect. Precision is the interval about the sample percentile) measures
statistic within central tendency, not variability.
which the true value is expected to fall. Answer (B) is incorrect. The range (difference between the largest
[431] Gleim #: 5.1.3 and smallest
The measure of variability of a statistical sample that serves as an values) has far less significance than the standard deviation.
estimate of the Answer (C) is correct. The standard deviation is a mathematical
population variability is the measure of the
A. Basic precision. variability of items in a population about its mean.
B. Range. Answer (D) is incorrect. The mean (arithmetic average) measures
C. Standard deviation. central
D. Confidence interval. tendency, not variability.
Answer (A) is incorrect. Basic precision is the range around the [433] Gleim #: 5.1.5
sample statistic In sampling applications, the standard deviation represents a
that is expected to contain the true population parameter. measure of the
Answer (B) is incorrect. The range is the difference between the A. Expected error rate.
largest and B. Level of confidence desired.
smallest values in a sample. It is a crude measure of variability but is C. Degree of data variability.
not used to D. Extent of precision achieved.
Answer (A) is incorrect. The expected error rate is associated with population value. In practice, the confidence level is regarded as the
attribute probability that a
sampling. precision interval calculated from a simple random sample drawn
Answer (B) is incorrect. The desired confidence level is determined from a normally
by the distributed population will contain the population value.
internal auditor’s judgment. Answer (D) is incorrect. The standard error of the mean is the
Answer (C) is correct. The standard deviation measures the standard deviation of
variability within a the distribution of sample means.
population. [435] Gleim #: 5.1.7
Answer (D) is incorrect. The extent of precision achieved in A 90% confidence interval for the mean of a population based on the
variables sampling is information in a
computed using the standard deviation. sample always implies that there is a 90% chance that the
[434] Gleim #: 5.1.6 Estimate is equal to the true A. population mean.
A specified range is based on an estimate of a population B. True population mean is no larger than the largest endpoint of the
characteristic calculated interval.
from a random sample. The probability that the range contains the C. Standard deviation will not be any greater than 10% of the
true population population mean.
value is the D. True population mean lies within the specified confidence interval.
A. Error rate. Answer (A) is incorrect. Computation of a confidence interval
B. Lower precision limit. permits the
C. Confidence level. probability that the interval contains the population value to be
D. Standard error of the mean. quantified.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. Two-sided confidence intervals are more
(720 questions) common. The
Copyright 2013 Gleim Publications Inc. Page 240 area in each tail of a two-sided, 90% interval is 5%.
Printed for Sanja Knezevic Answer (C) is incorrect. The confidence interval is based on the
fb.com/ciaaofficial standard
Answer (A) is incorrect. The error rate in an attribute sampling deviation, but it has no bearing on the size of the standard deviation.
application is the Answer (D) is correct. The confidence level, e.g., 90%, is specified
proportion of incorrect items in a population. by the
Answer (B) is incorrect. The lower precision limit is the lower bound auditor. A confidence interval based on the specified confidence
of the interval level, also called
constructed from the sample result at a specified confidence level. precision, is the range around a sample value that is expected to
Answer (C) is correct. In principle, given repeated sampling and a contain the true
normally population value. In this situation, if the population is normally
distributed population, the confidence level is the percentage of all distributed and
the precision repeated simple random samples are taken, the probability is that
intervals that may be constructed from simple random samples that 90% of the
will include the confidence intervals constructed around the sample results will
contain the
population value. Answer (A) is correct. Sampling risk is the possibility that
[436] Gleim #: 5.1.8 engagement
The degree to which the auditor is justified in believing that the conclusions based on a sample may differ from those reached if the
estimate based on a test were
random sample will fall within a specified range is called applied to all items in the population. The experience and knowledge
A. Sampling risk. of the
B. Non-sampling risk. auditor are elements of nonsampling risk.
C. Confidence level. Answer (B) is incorrect. As the adverse consequences of
D. Precision. noncompliance increase,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the allowable level of sampling risk tends to decrease.
(720 questions) Answer (C) is incorrect. The acceptable level of sampling risk is one
Copyright 2013 Gleim Publications Inc. Page 241 element of
Printed for Sanja Knezevic the acceptable level of risk of drawing an incorrect audit conclusion.
Answer (A) is incorrect. Sampling risk is the complement of the The other
confidence level. element is nonsampling risk.
Answer (B) is incorrect. Non-sampling risk is the risk of improperly Answer (D) is incorrect. The cost of performing procedures on
auditing the sample selections
sampled items. It cannot be quantified. is weighed against the benefit of minimizing the chance of making an
Answer (C) is correct. The confidence level is the percentage of incorrect
times that one would decision.
expect the sample to adequately represent the population. Thus, a [438] Gleim #: 5.2.10
confidence level of In preparing a sampling plan for an inventory pricing test, which of
90% should result in samples that adequately represent the the following
population 90% of the time. describes an advantage of statistical sampling over nonstatistical
In other words, given repeated random sampling from a normally sampling?
distributed A. Requires nonquantitative expression of sample results.
population, 90% of the confidence intervals that may be constructed B. Provides a quantitative measure of sampling risk.
from simple C. Minimizes nonsampling risk.
random samples will contain the population mean. D. Reduces the level of tolerable error.
Answer (D) is incorrect. Precision is the confidence interval. Answer (A) is incorrect. Statistical sampling provides quantified
[437] Gleim #: 5.2.9 results.
If an internal auditor is sampling to test compliance with a particular Answer (B) is correct. Statistical and nonstatistical sampling are
company policy, both used to
which of the following factors should not affect the allowable level of project the characteristics of a population. However, statistical
sampling risk? sampling permits
The experience and knowledge A. of the auditor. the internal auditor to make a quantitative assessment of how closely
B. The adverse consequences of noncompliance. the sample
C. The acceptable level of risk of making an incorrect audit represents the population for a given level of reliability.
conclusion. Answer (C) is incorrect. Nonsampling risk exists in both statistical
D. The cost of performing auditing procedures on sample selections. and
nonstatistical sampling. An important difference between a statistical and a judgmental
Answer (D) is incorrect. Tolerable error is related to materiality and sample is that with a
auditor statistical sample,
judgment. A. No judgment is required because everything is computed
Gleim CIA Test Prep: Part 1 - Internal Audit Basics according to a formula.
(720 questions) B. A smaller sample can be used.
Copyright 2013 Gleim Publications Inc. Page 242 C. More accurate results are obtained.
Printed for Sanja Knezevic D. Population estimates with measurable reliability can be made.
fb.com/ciaaofficial Answer (A) is incorrect. Judgment is needed to determine
[439] Gleim #: 5.2.11 confidence levels and
An auditor tested a population by examining 60 items selected sample unit definition.
judgmentally and found Answer (B) is incorrect. A statistical sample may result in either a
one error. The main limitation of the auditor’s sample is the inability smaller or
to larger sample.
Quantify A. sampling risk. Answer (C) is incorrect. Either method may produce greater
B. Quantify the acceptable error rate. accuracy.
C. Project the population’s error rate. Answer (D) is correct. The principal benefit of statistical sampling is
D. Determine whether the sample is random. that it
Answer (A) is correct. The limitation of all nonstatistical sampling permits the auditor to make a quantitative assessment of how closely
techniques is the sample
the auditor’s inability to quantify sampling risk. Based on past represents the population for a given level of reliability, i.e., how
experience and unbiased the
intuition, the auditor may conclude that the sampling risk is sample is.
acceptable, but the [441] Gleim #: 5.2.13
auditor is not able to quantify this risk. Statistical sampling is appropriate to estimate the value of an auto
Answer (B) is incorrect. The auditor could quantify the acceptable dealer’s 3,000 lineitem
error rate inventory because statistical sampling is
independently of the sample design. A. Reliable and objective.
Answer (C) is incorrect. The auditor can project an error rate of B. Thorough and complete.
1/60, or .0167. C. Thorough and accurate.
The problem is that the auditor cannot quantify the risk that the rate D. Complete and precise.
in the sample Gleim CIA Test Prep: Part 1 - Internal Audit Basics
is significantly different from the rate in the population. (720 questions)
Answer (D) is incorrect. A mathematician may be able to determine Copyright 2013 Gleim Publications Inc. Page 243
whether the Printed for Sanja Knezevic
auditor’s selections are random, although it is unlikely that they are. Answer (A) is correct. The results of statistical (probability) sampling
If the sample are objective
is representative, it does not matter whether it is random. and subject to the laws of probability. Hence, sampling risk can be
[440] Gleim #: 5.2.12 quantified and
controlled at a specified level of confidence (reliability). Sampling risk A distinguishing characteristic of random number sample selection is
is the risk that that each
the sample selected does not represent the population. A. Item is selected from a stratum having minimum variability.
Answer (B) is incorrect. By definition, a sample is not complete or B. Item’s chance for selection is proportional to its dollar value.
thorough. C. Item in the population has an equal chance of being selected.
Answer (C) is incorrect. By definition, a sample is not thorough. D. Stratum in the population has an equal number of items selected.
Also, it cannot be Answer (A) is incorrect. Stratifying the population does not ensure
considered accurate because of the existence of sampling risk. random
Answer (D) is incorrect. By definition, a sample is not complete. selection.
[442] Gleim #: 5.2.14 Answer (B) is incorrect. Deliberately biasing the sample makes
To project the frequency of shipments to wrong addresses, an random selection
internal auditor chose a impossible.
random sample from the busiest month of each of the four quarters Answer (C) is correct. A random sample is one in which every item
of the most recent in the
year. What underlying concept of statistical sampling did the auditor population has an equal and nonzero chance of being selected.
violate? Answer (D) is incorrect. Stratifying the population does not ensure
Attempting to project a rate of occurrence rather A. than an error random
rate. selection.
B. Failing to give each item in the population an equal chance of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
selection. (720 questions)
C. Failing to adequately describe the population. Copyright 2013 Gleim Publications Inc. Page 244
D. Using multistage sampling in conjunction with attributes. Printed for Sanja Knezevic
Answer (A) is incorrect. Randomness is not associated with a rate fb.com/ciaaofficial
of occurrence [444] Gleim #: 5.2.16
(often referred to as an error rate). Using random numbers to select a sample
Answer (B) is correct. A random sample is one in which every item Is required for a variables A. sampling plan.
in the B. Is likely to result in an unbiased sample.
population has an equal and nonzero chance of being selected for C. Results in a representative sample.
the sample. D. Allows auditors to use smaller samples.
Here, the auditor deliberately excluded shipments from the slower Answer (A) is incorrect. Although random-number sampling may be
months. used for a
Answer (C) is incorrect. The population is adequately described as variables sampling plan, it is not required. Systematic selection is
the four also acceptable
quarters of the most recent year. unless the population is not randomly organized.
Answer (D) is incorrect. Multistage sampling is appropriate when Answer (B) is correct. The principal issue in statistical sampling is
homogeneous selecting a
subpopulations can be identified and sampled from; sample items sample that is representative of the population, i.e., unbiased. This
are then can be
selected from the randomly selected subpopulations. achieved by ensuring the sample is drawn randomly.
[443] Gleim #: 5.2.15
Answer (C) is incorrect. The use of random numbers does not included by an appropriate sampling technique.
always result in a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
representative sample. Statistical methods allow auditors to estimate (720 questions)
the Copyright 2013 Gleim Publications Inc. Page 245
probability that a random sample is not representative. Printed for Sanja Knezevic
Answer (D) is incorrect. The use of random numbers does not affect [446] Gleim #: 5.2.18
sample size. Random numbers can be used to select a sample only when each
[445] Gleim #: 5.2.17 item in the
Which one of the following statements about sampling is true? population
A larger sample is always more representative of the underlying Can be assigned to A. a specific stratum.
population than a B. Is independent of outside influence.
smaller sample. C. Can be identified with a unique number.
A. Is expected to be within plus or minus three standard deviations of
For very large populations, the absolute size of the sample has more the population
impact on the mean.
precision of its results than does its size relative to its population. D.
B. Answer (A) is incorrect. Random-number sampling applies to both
For a given sample size, a simple random sample always produces simple and
the most stratified sampling.
representative sample. Answer (B) is incorrect. No such requirement exists.
C. Answer (C) is correct. A random sample is one in which every item
The limitations of an incomplete sample frame can almost always be in the
overcome by population has an equal and nonzero chance of being selected and
careful sampling techniques. that selection is
D. not influenced by whether any other item is selected.
Answer (A) is incorrect. A large sample selected in a biased way is Answer (D) is incorrect. By definition, there are a few population
often less items outside
representative than a smaller but more carefully selected sample. plus or minus three standard deviations from the population mean.
Answer (B) is correct. When the size of the population is very large, [447] Gleim #: 5.2.19
the absolute A company is simulating the actions of a government agency in
size of the sample may vary considerably even though its size which 50% of the time
relative to the a recall of a product is required, 40% of the time only notification of
population does not. the buyer about a
Answer (C) is incorrect. Simple random sampling does not eliminate potential defect is required, and 10% of the time no action on its part
sampling is required.
risk. Proper execution of a simple random sample increases the Random numbers of 1 to 100 are being used. An appropriate
probability of assignment of random
drawing a representative sample. numbers for the recall category would be
Answer (D) is incorrect. Items excluded from the sampling frame A. 1-40
cannot be B. 40-90
C. 61-100 C.
D. 11-60 The auditor should first determine how similar the new process is to
Answer (A) is incorrect. It is an appropriate assignment of random the old
numbers for process before deciding what to do.
the notification category. D.
Answer (B) is incorrect. This range includes 51 numbers. Answer (A) is incorrect. High statistical power based on an
Answer (C) is incorrect. It is an appropriate assignment of random inappropriate sample
numbers for will only provide a very precise wrong answer.
the notification category. Answer (B) is incorrect. A fresh sample may not be cost effective if
Answer (D) is correct. Given a 50% chance of a recall, 50 different the old
numbers sample is representative of the new process.
should be assigned to that alternative. This answer is the only Answer (C) is incorrect. Nonparametric statistics is applied to
alternative with 50 problems for
numbers (11-60). which specific distributions are not known.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is correct. If the old and new processes are not
(720 questions) substantially similar,
Copyright 2013 Gleim Publications Inc. Page 246 the existing sample will not be representative.
fb.com/ciaaofficial When planning an attribute sampling application, the difference
[448] Gleim #: 5.2.20 between the expected
As part of an internal audit, a benchmark must be established for the error rate and the maximum tolerable error rate is the planned
defect rate for an A. Precision.
innovative new production process. The auditor can either use a B. Reliability.
large sample that is C. Dispersion.
already available from other production processes in the same plant D. Skewness.
or draw a fresh Answer (A) is correct. The precision of an attribute sample (also
sample from the new process. However, a fresh sample would be called the
expensive, time confidence interval or allowance for sampling risk) is an interval
consuming, and much smaller in size. Which one of the following is around the
the best course of sample statistic that the auditor expects to contain the true value of
action for the auditor? the population.
The auditor should accept this large historical sample because In attribute sampling (used for tests of controls), precision is
analyses based on it determined by
will have high statistical power. subtracting the expected error rate from the tolerable error rate in the
A. population.
The auditor should draw a fresh sample and combine it with B. the Answer (B) is incorrect. Reliability is the confidence level. It is the
old sample. percentage of
The auditor should accept the historical sample but use times that repeated samples will be representative of the population
nonparametric statistics to from which
analyze it. they are taken.
Answer (C) is incorrect. Dispersion is the degree of variation in a set In selecting a sample of items for attributes testing, an auditor must
of values. consider the
Answer (D) is incorrect. Skewness is the lack of symmetry in a confidence level factor, the desired precision, and the
frequency A. Recorded monetary amount of the population.
distribution. B. Sampling interval.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Expected occurrence rate.
(720 questions) D. Standard deviation in the population.
Copyright 2013 Gleim Publications Inc. Page 247 Answer (A) is incorrect. The monetary amount of the population
Printed for Sanja Knezevic relates to testing
[450] Gleim #: 5.3.22 for variables.
In evaluating an attribute sample, the range within which the estimate Answer (B) is incorrect. The sampling interval is used in monetary-
of the unit
population characteristic is expected to fall is called sampling.
A. Confidence level. Answer (C) is correct. The expected occurrence rate, also called the
B. Precision. expected
C. Upper error limit. deviation rate, is one of the three necessary factors in determining
D. Expected error rate. sample size for
Answer (A) is incorrect. The confidence level is the specified an attribute test.
measure of how Answer (D) is incorrect. The standard deviation is an element in the
reliable the auditor wants the sample results to be. variables
Answer (B) is correct. The precision of an attribute sample (also sampling formula.
called the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
confidence interval or allowance for sampling risk) is an interval (720 questions)
around the Copyright 2013 Gleim Publications Inc. Page 248
sample statistic that the auditor expects to contain the true value of Printed for Sanja Knezevic
the population. fb.com/ciaaofficial
In attribute sampling (used in tests of controls), precision is [452] Gleim #: 5.3.24
determined by The size of a given sample is jointly a result of characteristics of the
subtracting the expected error rate from the tolerable error rate in the population of
population. interest and decisions made by the internal auditor. Everything else
Answer (C) is incorrect. The confidence interval (precision) is the being equal,
range between sample size will
the lower and upper error limits. Increase if the internal auditor decides to accept more risk of
Answer (D) is incorrect. The expected error rate is a measure of incorrectly
how frequently concluding that controls are effective when they are in fact
the auditor expects the characteristic of interest to exist in the ineffective.
population prior to A.
selecting and evaluating the sample. Double if the internal auditor finds that the variance of the population
[451] Gleim #: 5.3.23 is twice as
large as was indicated in the pilot sample.
B. [454] Gleim #: 5.3.26
Decrease if the internal auditor increases the tolerable C. rate of If all other sample size planning factors were exactly the same in
deviation. attribute sampling,
D. Increase as sampling risk increases. changing the confidence level from 95% to 90% and changing the
Answer (A) is incorrect. An increase in allowable risk decreases desired precision
sample size. from 2% to 5% would result in a revised sample size that would be
Answer (B) is incorrect. Doubling the variability of the population will A. Larger.
cause the B. Smaller.
sample size to more than double. C. Unchanged.
Answer (C) is correct. In an attribute test, the tolerable deviation rate D. Indeterminate.
is inversely Gleim CIA Test Prep: Part 1 - Internal Audit Basics
related to sample size. If it is increased, sample size will decrease. (720 questions)
Answer (D) is incorrect. Sampling risk increases as the sample size Copyright 2013 Gleim Publications Inc. Page 249
decreases. Printed for Sanja Knezevic
[453] Gleim #: 5.3.25 Answer (A) is incorrect. Increasing the confidence level while
An internal auditor is planning to use attribute sampling to test the narrowing the precision
effectiveness of a interval would result in a larger sample size.
specific internal control related to approvals for cash disbursements. Answer (B) is correct. In an attribute test, the confidence level is
In attribute directly related, and
sampling, decreasing the estimated occurrence rate from 5% to 4% the precision is inversely related, to sample size. Thus, if the
while keeping all confidence level is
other sample size planning factors exactly the same would result in a reduced and precision is widened, sample size will be smaller.
revised sample Answer (C) is incorrect. Decreasing the confidence level while
size that would be widening the precision
A. Larger. interval would allow the sample size to be decreased.
B. Smaller. Answer (D) is incorrect. The revised sample size is determinable.
C. Unchanged. [455] Gleim #: 5.3.27
D. Indeterminate. If all other factors specified in an attribute sampling plan remain
Answer (A) is incorrect. Increasing the expected error rate increases constant, decreasing
the sample the confidence level from 95% to 90% would cause the required
size. sample size to
Answer (B) is correct. In an attribute test, the expected deviation A. Increase.
rate is directly B. Decrease.
related to sample size. If it is decreased, sample size will decrease. C. Change by 5%.
Answer (C) is incorrect. Changing one variable while holding all D. Remain the same.
other factors Answer (A) is incorrect. Decreasing the confidence level permits a
constant changes the sample size. smaller
Answer (D) is incorrect. Decreasing the expected error rate while sample size.
holding all Answer (B) is correct. In an attribute test, the confidence level is
other factors constant decreases the sample size. directly related
to sample size. Hence, decreasing the confidence level permits a a more accurate estimate of the true population error rate. Assume
smaller sample an auditor expects a
size to be used. control procedure failure rate of 0.5%. The auditor is making a
Answer (C) is incorrect. The percentage change is not decision on whether to
proportionate. use a 90% or a 95% confidence level and whether to set the
Answer (D) is incorrect. Decreasing the confidence level permits a tolerable control failure
smaller rate at 3% or 4%. Which of the following statements regarding
sample size. efficiency and
[456] Gleim #: 5.3.28 effectiveness of an attribute sample is true?
In an attribute sampling application, holding other factors constant, Decreasing the confidence level to 90% and decreasing the tolerable
sample size will control
increase as which of the following becomes smaller? failure rate to 3% will result in both increased efficiency and
A. Confidence coefficient. effectiveness.
B. Population. A.
C. Planned precision. Decreasing the tolerable failure rate from 4% to 3% will increase B.
D. Expected rate of occurrence. audit efficiency.
Answer (A) is incorrect. A decrease in a numerator factor will Increasing the confidence level to 95% and decreasing the tolerable
decrease the control failure
sample size. rate to 3% will increase audit effectiveness.
Answer (B) is incorrect. A population decrease permits a decrease C.
in sample size. D. Increasing the confidence level to 95% will increase audit
Answer (C) is correct. In an attribute test, planned precision is efficiency.
inversely related to Answer (A) is incorrect. Decreasing the confidence level reduces
sample size; its decrease (tightening) will increase sample size. the sample size
Answer (D) is incorrect. A decrease in a numerator factor will and thus decreases effectiveness.
decrease the Answer (B) is incorrect. Decreasing the tolerable failure rate
sample size. increases the sample
Gleim CIA Test Prep: Part 1 - Internal Audit Basics size and thus decreases efficiency.
(720 questions) Answer (C) is correct. In an attribute test, confidence level and
Copyright 2013 Gleim Publications Inc. Page 250 expected
Printed for Sanja Knezevic deviation rate are in the numerator, while the tolerable deviation rate
fb.com/ciaaofficial is in the
[457] Gleim #: 5.3.29 denominator. Hence, increasing the confidence level increases the
An auditor has to make a number of decisions when using attribute sample size,
sampling. The and decreasing the tolerable rate also increases the sample size. A
term efficiency is used to describe anything that affects sample size. larger sample
The term increases audit effectiveness.
effectiveness is used to describe the likelihood that the statistical Answer (D) is incorrect. Increasing the confidence level increases
sample result will be the sample size
and thus decreases audit efficiency.
[458] Gleim #: 5.3.30 vehicles were reviewed to determine if major repairs were needed.
Which of the following must be known to evaluate the results of an Assuming that all
attribute sample? other factors remain constant, how would sample size and achieved
A. Estimated dollar value of the population. precision be
B. Standard deviation of the sample values. affected by a change in confidence level from 95% to 90%?
C. Actual size of the sample selected. Sample size would be smaller; achieved precision A. would be larger.
D. Finite population correction factor. B. Both sample size and achieved precision would be larger.
Answer (A) is incorrect. Dollar values are irrelevant to attribute C. Both sample size and achieved precision would be smaller.
sampling. D. Sample size would be larger; achieved precision would be
Answer (B) is incorrect. The standard deviation is an element in the smaller.
variables Answer (A) is correct. Because the confidence coefficient of an
sampling formula. attribute test is
Answer (C) is correct. Sample size is used to evaluate the actual directly related to the sample size, a smaller coefficient would result
occurrence rate in a smaller
(number of a particular attribute identified ÷ actual sample size) of sample. Also, since sample size is inversely related to precision, a
the attribute of larger precision
interest, such as a control deviation. would result from using a smaller sample.
Answer (D) is incorrect. The finite population correction factor is Answer (B) is incorrect. Sample size would be smaller, not larger.
used to adjust Answer (C) is incorrect. Achieved precision would be larger, not
an initial computed sample size. smaller.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. The opposite is true: sample size would be
(720 questions) smaller and
Copyright 2013 Gleim Publications Inc. Page 251 achieved precision larger.
[459] Gleim #: 5.3.31 An internal auditor, testing to determine if a division is shipping goods
An individual is an internal auditor for a car rental agency that to customers
operates a fleet of without making the prescribed credit check, decides to use attribute
75,000 vehicles in 1,000 cities throughout North America. As a part of sampling. Each
an operational sales order in the sample is examined for credit approval. Using an
audit, the auditor tested the impact of vehicle age on the incidence of initial estimate of
major repairs. A the occurrence rate of 4%, desired precision of 2.5%, and a
computer program showed that 20% of the fleet has been in service confidence level of 95%,
for more than the required sample size is 214. The total population size is 2,305.
12 months. A sample of 375 is drawn based on Sample items are
Confidence level = 95% selected, and seven sales without the required credit approval are
Expected rate of occurrence = 10% noted. Reducing the
Precision = ±3% desired confidence level from 95% to 90% will result in
The records related to repairs completed after 12 months of service A. Less achieved precision (i.e., higher than 2.5%) if the sample size
for the selected remains at 214.
B. An unchanged sample size if the desired precision remains at Greater than a 95% probability that the actual rate of occurrence in
2.5%. the population
C. A larger sample size if the desired precision remains at 2.5%. is less than the critical rate if no exceptions are found.
D. A smaller sample size if the desired precision remains at 2.5%. D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. The probability is 95% that the actual rate of
(720 questions) occurrence
Copyright 2013 Gleim Publications Inc. Page 252 is equal to or greater than the critical rate if one exception is found.
Printed for Sanja Knezevic Answer (B) is correct. Discovery sampling is a form of attribute
fb.com/ciaaofficial sampling that is
Answer (A) is incorrect. Lowering the confidence level while leaving appropriate when even a single deviation would be critical. The
the sample size sample size is
unchanged will decrease achieved precision. calculated so that it will include at least one instance of a deviation if
Answer (B) is incorrect. Lowering the confidence level while holding deviations
precision occur in the population at a given rate. If no exceptions are found,
constant will allow the sample size to decrease. the correct
Answer (C) is incorrect. Lowering the confidence level while holding conclusion is that the probability is 95% that the occurrence rate is
precision less than the
constant will allow the sample size to decrease. critical rate.
Answer (D) is correct. Because the confidence coefficient of an Answer (C) is incorrect. The probability is 95% that the actual rate is
attribute test is equal to or
directly related to the sample size, a smaller coefficient results in a exceeds the critical rate if any exceptions are found.
smaller sample Answer (D) is incorrect. The probability does not increase if no
(holding all other factors constant). exceptions are
[461] Gleim #: 5.3.33 found.
An auditor applying a discovery-sampling plan with a 5% risk of [462] Gleim #: 5.3.34
overreliance may How does stop-or-go attribute sampling differ from fixed-sample-size
conclude that there is attribute
A 95% probability that the actual rate of occurrence in the population sampling?
is less than Nonsampling A. error is smaller.
the critical rate if only one exception is found. B. Total expected sample size will always be smaller.
A. C. Desired reliability does not have to be specified in advance.
A 95% probability that the actual rate of occurrence in the population D. It cannot be used to determine the assessed level of control risk.
is less than Gleim CIA Test Prep: Part 1 - Internal Audit Basics
the critical rate if no exceptions are found. (720 questions)
B. Copyright 2013 Gleim Publications Inc. Page 253
A 95% probability that the actual rate of occurrence in the population Printed for Sanja Knezevic
is less than Answer (A) is incorrect. Nonsampling error is not affected by the
the critical rate if the occurrence rate in the sample is less than the sampling method.
critical rate. Answer (B) is correct. The objective of stop-or-go sampling,
C. sometimes called
sequential sampling, is to reduce the sample size when the auditor sample items are examined only until enough evidence has been
believes the error gathered to reach
rate in the population is low. Thus, total expected sample size is the desired conclusion.
always lower for stopor- Answer (C) is incorrect. Stratified sampling is more appropriate for
go sampling. heterogeneous populations. Stop-or-go sampling might then be used
Answer (C) is incorrect. Both methods require desired reliability to for each
be specified in stratum.
advance. Answer (D) is incorrect. The confidence limits define precision. An
Answer (D) is incorrect. It expresses the principal objective of stop- increase in
or-go attribute the confidence limits will result in a loss of precision (assuming
sampling. constant sample
[463] Gleim #: 5.3.35 size).
What is the chief advantage of stop-or-go sampling? [464] Gleim #: 5.4.36
The error rate in the population can be projected to within certain A. In a variables sampling application, which of the following will result
precision limits. when
Stop-or-go sampling may reduce the size of the sample that needs to confidence level is changed from 90% to 95%?
be taken A. Standard error of the mean will not be affected.
from a population, thus reducing sampling costs. B. Nonsampling error will decrease.
B. C. Sample size will increase.
Stop-or-go sampling allows sampling analysis to be performed on D. Point estimate of the arithmetic mean will increase.
populations that Gleim CIA Test Prep: Part 1 - Internal Audit Basics
are not homogeneous. (720 questions)
C. Copyright 2013 Gleim Publications Inc. Page 254
Stop-or-go sampling allows the sampler to increase the confidence Printed for Sanja Knezevic
limits of the fb.com/ciaaofficial
analysis without sacrificing precision. Answer (A) is incorrect. The standard error of the mean is the
D. standard deviation of
Answer (A) is incorrect. In stop-or-go sampling, only enough items the distribution of sample means. The larger the sample, the lower
are examined the degree of
to permit the auditor to state that the error rate is below a variability in the sample. An increase in confidence level from 90% to
prespecified rate with a 95% requires a
prespecified level of confidence. Although other methods also larger sample. Thus, the standard error of the mean will be affected.
accomplish this Answer (B) is incorrect. By definition, nonsampling error is
result, stop-or-go sampling has the advantage of greater efficiency. unaffected by changes in
Answer (B) is correct. The objective of stop-or-go sampling, sampling criteria.
sometimes called Answer (C) is correct. In any sampling application (attribute or
sequential sampling, is to reduce the sample size when the auditor variables), an increase
believes the in the confidence level requires a larger sample.
error rate in the population is low. Thus, it may reduce the sample Answer (D) is incorrect. The estimate of the mean may increase or
size because decrease if sample
size changes. tolerable misstatement, the size of the required sample increases
[465] Gleim #: 5.4.37 accordingly, and
In selecting a sample of items for variables testing, an auditor must vice versa. Hence, tolerable misstatement (precision) and sample
consider the size are
desired precision, the standard deviation, and the inversely related.
Recorded monetary amount A. of the population. Answer (C) is incorrect. The relationship is inverse.
B. Acceptable risk level. Answer (D) is incorrect. The relationship is inverse.
C. Expected occurrence rate. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
D. Sampling interval. (720 questions)
Answer (A) is incorrect. The recorded monetary amount is not Copyright 2013 Gleim Publications Inc. Page 255
needed for Printed for Sanja Knezevic
variables testing. [467] Gleim #: 5.4.39
Answer (B) is correct. Four factors determine the size of a classical Using mean-per-unit sampling to estimate the value of inventory, an
variables internal auditor
sample: the confidence coefficient, the estimated standard deviation had the following results:
of the Projected inventory value US $3,000,000
population, the population size, and the tolerable misstatement Confidence level 95%
(desired precision). Confidence interval $2,800,000 to $3,200,000
Answer (C) is incorrect. The expected occurrence rate is a factor in Standard error $100,000
the samplesize Z-value (approximate) 2.0
formula for attribute sampling. Precision $200,000
Answer (D) is incorrect. The sampling (skip) interval is the dollar The recorded value of inventory was US $3,075,000. Which of the
interval following changes
calculated for monetary-unit sampling. will result in a narrower confidence interval?
[466] Gleim #: 5.4.38 An increase in the confidence level A. from 95% to 99%.
If all other factors in a sampling plan are held constant, changing the B. A decrease in the confidence level from 95% to 90%.
measure of C. A decrease in the allowable risk of incorrect rejection.
tolerable misstatement to a smaller value will cause the sample size D. An increase in the precision.
to be Answer (A) is incorrect. Increasing the confidence level results in a
A. Smaller. wider
B. Larger. confidence interval if the standard error is constant.
C. Unchanged. Answer (B) is correct. Decreasing the confidence level of any
D. Indeterminate. variables sample
Answer (A) is incorrect. The relationship is inverse. allows the auditor to narrow the confidence interval.
Answer (B) is correct. The size of the precision interval in a Answer (C) is incorrect. Decreasing the allowable risk of incorrect
variables test is rejection (the
based upon the tolerable misstatement that is determined by complement of the confidence level) increases the confidence level
materiality and results in
judgments. As this value decreases, for example, because of a a wider confidence interval if the standard error is constant.
decrease in
Answer (D) is incorrect. Increasing the precision makes the Answer (D) is incorrect. The risk of incorrect acceptance is not
confidence interval quantified in
wider. nonstatistical sampling.
[468] Gleim #: 5.4.40 [469] Gleim #: 5.4.41
Using mean-per-unit sampling to estimate the value of inventory, an An auditor is using the mean-per-unit method of variables sampling
internal auditor to estimate the
had the following results: correct total value of a group of inventory items. Based on the
Projected inventory value US $3,000,000 sample, the auditor
Confidence level 95% estimates, with precision of ±4% and confidence of 90%, that the
Confidence interval $2,800,000 to $3,200,000 correct total is
Standard error $100,000 US $800,000. Accordingly,
Z-value (approximate) 2.0 There is a 4% chance that the actual correct total is less than US
Precision $200,000 $720,000 or more
The recorded value of inventory was US $3,075,000. If the internal than US $880,000.
auditor had used A.
nonstatistical sampling instead of statistical sampling, which of the The chance that the actual correct total is less than US $768,000 or
following would more than
be true? US $832,000 is 10%.
A. The confidence level could not be quantified. B.
B. The precision would be larger. The probability that the inventory is not significantly overstated is
C. The projected value of inventory would be less reliable. between 6%
D. The risk of incorrect acceptance would be higher. and 14%.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C.
(720 questions) The inventory is not likely to be overstated by more than 4.4% (US
Copyright 2013 Gleim Publications Inc. Page 256 $35,200) or
Printed for Sanja Knezevic understated by more than 3.6% (US $28,800).
fb.com/ciaaofficial D.
Answer (A) is correct. One advantage of statistical sampling is that it Answer (A) is incorrect. The precision, not the confidence level, is
allows the ±4%.
auditor to quantify sampling risk and the confidence level. An auditor Answer (B) is correct. A 90% confidence level implies that 10% of
should never the time the
attempt to quantify the sampling risk or confidence level of a true population total will be outside the computed range. Precision of
nonstatistically drawn ±4% gives
sample. the boundaries of the computed range: US $800,000 × 4% = US
Answer (B) is incorrect. Unless the auditor uses statistical sampling, $32,000. Hence,
(s)he cannot the range is US $768,000 to US $832,000.
quantify precision. Answer (C) is incorrect. Precision is a range of values, not the
Answer (C) is incorrect. Nonstatistical sampling does not always probability
result in less reliable (confidence level) that the true value will be included within that
estimates. However, reliability cannot be quantified. range.
Answer (D) is incorrect. The precision percentage is not multiplied D. Storage locations.
by the Answer (A) is correct. In variables sampling, the objective is to
confidence percentage. estimate the
[470] Gleim #: 5.4.42 dollar value of the population, in this case, inventory. Strata based on
When relatively few items of high monetary value constitute a large dollar
proportion of an values are the usual population characteristic.
account balance, stratified sampling techniques and complete testing Answer (B) is incorrect. Monetary values are the usual characteristic
of the high to create
monetary-value items will generally result in a strata in variables sampling, not number of items.
Simplified evaluation A. of sample results. Answer (C) is incorrect. Turnover volume is a characteristic of
B. Smaller nonsampling error. interest in
C. Larger estimate of population variability. attribute sampling but not in variables sampling.
D. Reduction in sample size. Answer (D) is incorrect. Storage location is not a relevant
Gleim CIA Test Prep: Part 1 - Internal Audit Basics characteristic when
(720 questions) creating strata for variables sampling.
Printed for Sanja Knezevic Which one of the following is not an important consideration in
Answer (A) is incorrect. While stratifying reduces sample size, determining the
stratification requires appropriate sample size?
a combination of sample results from more than one sample, in A. Whether the sample is designed to estimate a mean or a
contrast to simple proportion.
random sampling. B. The amount of variability in the population under study.
Answer (B) is incorrect. A nonsampling error is an error in C. The sensitivity of the decision using this sample to errors of
“performing” audit estimation.
procedures, which is independent of sample selection. D. The cost per sample observation.
Answer (C) is incorrect. Stratified sampling, when properly used, will Answer (A) is correct. Difference and ratio estimation use the same
result in a variables
smaller estimate of population variability. sampling formula. Hence, sample size considerations are the same
Answer (D) is correct. Stratifying a population means dividing it into for both.
subpopulations, Answer (B) is incorrect. The greater the variability, the greater the
thereby reducing sample size. Stratifying allows for greater emphasis required
on larger or more sample size.
important items. Answer (C) is incorrect. The more sensitive the decision is to
[471] Gleim #: 5.4.43 estimation errors,
To use stratified variables sampling to evaluate a large, the greater the appropriate sample size.
heterogeneous inventory, an Answer (D) is incorrect. In accordance with the cost-benefit
appropriate criterion for classifying inventory items into strata is principle, the greater
A. Monetary values. the cost per observation, the smaller the appropriate sample size.
B. Number of items. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
C. Turnover volume. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 258 differences between carrying and audit amounts are not proportional.
Printed for Sanja Knezevic If
fb.com/ciaaofficial differences are proportional, ratio estimation is used. A sufficient
[473] Gleim #: 5.4.45 number of
Difference estimation sampling would be appropriate to use to nonproportional errors must exist to generate a reliable sample
project the monetary estimate.
error in a population if Answer (D) is incorrect. Ratio estimation is appropriate for
Subsidiary ledger book balances for some individual inventory items proportional
are differences.
unknown. [474] Gleim #: 5.4.46
A. Ratio estimation sampling would be inappropriate to use to project
Virtually no differences between the individual carrying amounts and the monetary error
the audited in a population if
amounts exist. The recorded carrying amounts and audited amounts are
B. approximately
A number of nonproportional differences between carrying amounts proportional.
and audited A.
amounts exist. A number of observed differences exist between carrying amounts
C. and audited
Observed differences between carrying amounts and audited amounts.
amounts are B.
proportional to carrying amounts. Observed differences between carrying amounts and audited
D. amounts are
Answer (A) is incorrect. Individual carrying amounts must be known proportional to carrying amounts.
to use C.
difference estimation. Subsidiary ledger book balances for some inventory D. items are
Answer (B) is incorrect. Sufficient misstatements must exist to unknown.
generate a reliable Gleim CIA Test Prep: Part 1 - Internal Audit Basics
sample. (720 questions)
Answer (C) is correct. Difference estimation of population error Copyright 2013 Gleim Publications Inc. Page 259
entails Printed for Sanja Knezevic
determining the differences between the audit and carrying amounts Answer (A) is incorrect. Proportional relationships tend to support
for items in the use of ratio
the sample, calculating the mean difference, and multiplying the estimation.
mean by the Answer (B) is incorrect. A minimum number of differences must be
number of items in the population. This method is used when the present to use
population ratio estimation.
contains sufficient misstatements to provide a reliable sample and Answer (C) is incorrect. The existence of proportional differences
when favors the use of
ratio estimation.
Answer (D) is correct. Ratio estimation is similar to difference When an internal auditor uses monetary-unit statistical sampling to
estimation except that examine the total
it estimates the population error by multiplying the carrying amount of value of invoices, each invoice
the population A. Has an equal probability of being selected.
by the ratio of the total audit amount of the sample items to their total B. Can be represented by no more than one monetary unit.
carrying amount. C. Has an unknown probability of being selected.
It has been demonstrated that both ratio and difference estimation D. Has a probability proportional to its monetary value of being
are reliable and selected.
efficient when small errors predominate and the errors are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
skewed. Moreover, audit (720 questions)
amounts should be proportional to carrying amounts. Consequently, Copyright 2013 Gleim Publications Inc. Page 260
ratio estimation Printed for Sanja Knezevic
requires that carrying amounts be known. fb.com/ciaaofficial
[475] Gleim #: 5.4.47 Answer (A) is incorrect. Each monetary unit, not each invoice, has
Which of the following techniques could be used to estimate the an equal
standard deviation for probability of being selected (unless all invoices are for the same
a sampling plan? amount).
Difference A. estimation. Answer (B) is incorrect. It is possible for two or more monetary units
B. Pilot sample. to be selected
C. Regression. from the same item; e.g., a US $4,500 item will be represented by
D. Discovery sampling. four monetary units
Answer (A) is incorrect. Difference estimation is a type of variables if every 1,000th dollar is selected.
sampling Answer (C) is incorrect. The probability of selection can be
plan that calculates the mean difference between audit and recorded calculated using the
amounts in monetary value of the item and the monetary value of the population.
the sample and then multiplies by the number of items in the Answer (D) is correct. Monetary-unit sampling, also called
population. It is not a probability-proportionalto-
technique for estimating the standard deviation. size sampling, results in the selection of every nth monetary unit.
Answer (B) is correct. Auditors may use the standard deviation of a Thus, a US $1,000
pilot sample item is 1,000 times more likely to be selected than a US $1 monetary
to estimate the standard deviation of a population. unit item. The
Answer (C) is incorrect. Auditors use regression (an extension of probability of selection of a sampled item is directly proportional to
correlation the size of the
analysis) to project balances of accounts or other populations. item.
Answer (D) is incorrect. Discovery sampling is a type of attribute [477] Gleim #: 5.4.49
sampling plan Monetary-unit sampling (MUS) is most useful when the internal
used for detection of critical deviations. Attribute sampling applies to auditor
binary Is testing the accounts A. payable balance.
(yes/no or error/nonerror) propositions. B. Cannot cumulatively arrange the population items.
[476] Gleim #: 5.4.48 C. Expects to find several material misstatements in the sample.
D. Is concerned with overstatements. Answer (A) is incorrect. PPS sampling could be appropriate in an
Answer (A) is incorrect. An audit of accounts payable is primarily examination of
concerned bank accounts if larger items are more important than smaller items
with understatements. (which is usually
Answer (B) is incorrect. The items in the population must be true in variables sampling).
arranged by Answer (B) is incorrect. PPS sampling permits statistical inferences
cumulative monetary total. The first monetary unit is chosen to be made.
randomly, the second Answer (C) is correct. Probability-proportional-to-size sampling, also
equals the random start plus the sample interval in monetary units, called
etc. monetary-unit sampling, gives greater weight to larger, more
Answer (C) is incorrect. As the expected amount of misstatement significant items. If all
increases, the items are of the same importance, PPS is inappropriate.
MUS sample size increases. MUS may also overstate the upper Answer (D) is incorrect. PPS sampling could be appropriate with a
misstatement limit large number of
when misstatements are found. The result might be rejection of an sampling units if larger items are more important than smaller items.
acceptable [479] Gleim #: 5.4.51
balance. Which of the following factors would most likely preclude the auditor
Answer (D) is correct. MUS, also called probability-proportional-to- from using
size (PPS) monetary-unit sampling?
sampling, is a modified version of attribute sampling that relates The auditor expects to find a limited number of understatements of
deviation rates to individual
monetary amounts. It uses the monetary unit as the sampling unit. account balances.
MUS is A.
appropriate for testing account balances, such as those for inventory The auditor expects to find that a large percentage of items sampled
and have
receivables, in which some items may be far larger than others in the misstatements.
population. B.
In effect, MUS stratifies the population because the larger account Individual accounts are not assigned a number, but are listed only C.
balances have a alphabetically.
greater chance of being selected. The auditor expects to find more errors in the larger dollar value
[478] Gleim #: 5.4.50 items than in the
The use of probability-proportional-to-size sampling is inefficient if smaller dollar value items.
A. Bank accounts are being examined. D.
B. Statistical inferences are to be made. Answer (A) is incorrect. Monetary-unit sampling can effectively
C. Each account is of equal importance. handle a small
D. The number of sampling units is large. number of understatement errors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is correct. Monetary-unit sampling, also called
(720 questions) probabilityproportional-
Copyright 2013 Gleim Publications Inc. Page 261 to-size sampling, combines attribute and variables sampling
techniques. It uses the monetary unit as the sampling unit and Answer (A) is incorrect. MUS is efficient when few misstatements
effectively stratifies are expected.
the population because larger items are more likely to be selected. Answer (B) is incorrect. MUS does not assume normally distributed
Monetary-unit populations.
sampling is most useful when few misstatements are expected and Answer (C) is incorrect. MUS uses monetary units as sampling
overstatements units.
are more likely than understatements. Answer (D) is correct. MUS, also called probability-proportional-to-
Answer (C) is incorrect. Account numbers do not have to be size (PPS)
assigned to use sampling, is a modified version of attribute sampling that relates
monetary-unit sampling. deviation rates to
Answer (D) is incorrect. Misstatements in larger balances indicate monetary amounts. It uses a monetary unit as the sampling unit. In
that monetaryunit effect, MUS
sampling should be used. stratifies the population because the larger account balances have a
[480] Gleim #: 5.4.52 greater chance of
An internal auditor is planning to use monetary-unit sampling for being selected. However, as the number of expected misstatements
testing the monetary increases, MUS
value of a large accounts receivable population. The advantages of requires a larger sample size than classical variables sampling.
using monetaryunit [481] Gleim #: 5.4.53
sampling (MUS) include all of the following except that it What effect does an increase in the standard deviation have on the
Is an efficient model for establishing that a low error rate population required sample
is not size of mean-per-unit estimation and probability-proportional-to-size
materially misstated. sampling?
A. Assume no change in any of the other characteristics of the
Does not require the normal distribution approximation required by population and no change
variables in desired precision and confidence.
sampling. Probability
B. Mean-per-Unit Estimation Proportional to Size
Can be applied to a group of accounts because the sampling units A. Increase in sample size Increase in sample size
are B. No change in sample size Decrease in sample size
homogenous. C. Increase in sample size No change in sample size
C. D. Decrease in sample size No change in sample size
Results in a smaller sample size than classical variables sampling for Answer (A) is incorrect. An increase in standard deviation has no
larger effect on the
numbers of misstatements. required sample size for PPS sampling.
D. Answer (B) is incorrect. An increase in standard deviation increases
Gleim CIA Test Prep: Part 1 - Internal Audit Basics sample size
(720 questions) for mean-per-unit estimation but has no effect on the required
Copyright 2013 Gleim Publications Inc. Page 262 sample size for PPS
Printed for Sanja Knezevic sampling.
fb.com/ciaaofficial
Answer (C) is correct. An increase in the standard deviation reflects size sampling, is especially efficient and effective when the
an increase population contains few
in the variability of the population. This increase in the variability of differences. However, variables sampling approaches (e.g., ratio
the sampling estimation) tend to be
units increases sample size in a mean-per-unit test. However, a more efficient (samples are smaller) as the amount of misstatement
change in the increases.
standard deviation has no effect on the required sample size when Monetary-unit sampling is also inefficient when understatements and
PPS sampling negative
is used because the sampling units (monetary units) are not variable. amounts are expected.
Answer (D) is incorrect. An increase in standard deviation increases Answer (C) is incorrect. A high degree of variability in the monetary
sample size amount of items
for mean-per-unit estimation. in the population is not a basis for preferring one of these methods to
[482] Gleim #: 5.4.54 another.
In which of the following situations will monetary-unit sampling be Answer (D) is incorrect. A low degree of variability in the monetary
more effective amount of items
and efficient than ratio estimation? in the population is not a basis for preferring one of these methods to
The population contains a large number of differences between the the other.
recorded [483] Gleim #: 5.5.55
amount and the actual amount. An auditor for the state highway and safety department needs to
A. estimate the average
The population is expected to contain few differences between the highway weight of tractor-trailer trucks using the state’s highway
recorded system. Which
amount and the actual amount. estimation method must be used?
B. A. Mean-per-unit.
The population has a high degree of variability C. in monetary B. Difference.
amount. C. Ratio.
D. The population has a low degree of variability in monetary D. Probability-proportional-to-size.
amount. Answer (A) is correct. Mean-per-unit sampling estimates the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics average value of
(720 questions) population items, in this case, truck weight.
Copyright 2013 Gleim Publications Inc. Page 263 Answer (B) is incorrect. Difference estimation compares recorded
Printed for Sanja Knezevic and audit
Answer (A) is incorrect. Monetary-unit sampling, also called amounts. Recorded amounts are not relevant to the current
probability-proportionalto- procedure.
size sampling, is inefficient compared with classical variables Answer (C) is incorrect. Ratio estimation compares recorded and
sampling when many audit amounts.
differences exist. Recorded amounts are not relevant to the current procedure.
Answer (B) is correct. Monetary-unit sampling, also called Answer (D) is incorrect. Probability-proportional-to-size estimation
probability-proportionalto- compares
recorded and audit amounts. Recorded amounts are not relevant to Answer (C) is incorrect. Increasing the confidence level has no
the current effect on bias.
procedure. Answer (D) is incorrect. Increasing the precision has no effect on
[484] Gleim #: 5.5.56 bias.
An auditor is designing a sampling plan to test the accuracy of daily [485] Gleim #: 5.5.57
production reports Systematic selection can be expected to produce a representative
over the past 3 years. All of the reports contain the same information sample when
except that Random number tables are used to determine the items included A.
Friday reports also contain weekly totals and are prepared by in the sample.
managers rather than by B. The population is arranged randomly with respect to the audit
supervisors. Production normally peaks near the end of a month. If objective.
the auditor wants The sample is determined using multiple random starts and includes
to select two reports per month using an interval sampling plan, more items
which of the than required.
following techniques reduces the likelihood of bias in the sample? C.
A. Estimating the error rate in the population. D. Judgmental sampling is used by the auditor to offset any sampling
B. Using multiple random starts. bias.
C. Increasing the confidence level. Answer (A) is incorrect. Systematic selection is random only with
D. Increasing the precision. respect to the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics start.
(720 questions) Answer (B) is correct. A sample selected using a systematic
Copyright 2013 Gleim Publications Inc. Page 264 sampling procedure
Printed for Sanja Knezevic and a random start will behave as if it were a random sample when
fb.com/ciaaofficial the population
Answer (A) is incorrect. Estimating the deviation rate in the is randomly ordered with respect to the audit objective. Sampling
population has no effect bias due to
on bias. Bias is related to the selection method. systematic selection will be small when the population items are not
Answer (B) is correct. Systematic (interval) sampling involves arranged in a
choosing a random pattern.
start and then selecting subsequent items at fixed intervals. Answer (C) is incorrect. The number of items in a sample is not
However, if the population relevant to the
is not random, for example, because it exhibits cyclical variation, the procedures used to select the specific items in the sample. The use
results will be of multiple
biased. This bias may be overcome by taking repeated systematic random starts might increase the chance that a sample will behave
samples, each with a randomly, but
random start. In effect, each possible systematic sample in the only if the population is arranged randomly.
population is a cluster. Answer (D) is incorrect. Judgmental sampling will not increase the
Thus, the repeated systematic samples, each with a random start, randomness
constitute a random of a sample but will introduce sampling bias into the sample.
sample of clusters. [486] Gleim #: 5.5.58
The most appropriate methodology for drawing a sample from 3,000 contains a large number of small monetary balances and a small
time cards to number of large
check for signatures would be monetary balances, and the auditor expects to find numerous errors
A. Interval sampling. in the account
B. Cluster sampling. balances. The most appropriate sampling technique to estimate the
C. Stratified sampling. monetary amount
D. Variables sampling. of errors is
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Difference or A. ratio estimation.
(720 questions) B. Unstratified mean-per-unit.
Copyright 2013 Gleim Publications Inc. Page 265 C. Probability-proportional-to-size.
Printed for Sanja Knezevic D. Attribute.
Answer (A) is correct. Systematic (interval) sampling is Answer (A) is correct. Difference estimation calculates the average
accomplished by selecting a difference
random start and taking every nth item in the population, if n is the between the audit and recorded amounts of sample items and
sampling interval, multiplies by the
computed by dividing the population by the size of the sample. The number of items in the population. Ratio estimation multiplies the
random start recorded
should be within the first interval. A systematic sampling plan amount of the population by the ratio of the observed amount of the
assumes the items are sample to its
arranged randomly in the population. If the auditor discovers that this total recorded amount. These methods are useful when small errors
is not true, a predominate
random selection method should be used. The population of time and the errors are not skewed. If the number of errors is small, a very
cards may be in large sample
random order. is required to provide a representative difference between audit and
Answer (B) is incorrect. The time cards are not arranged in clusters recorded
(blocks). amounts.
Answer (C) is incorrect. The time cards are not arranged in strata or Answer (B) is incorrect. Mean-per-unit estimation is used to project
subpopulations. a total
Answer (D) is incorrect. The purpose of the sample is to estimate monetary amount by multiplying the mean sample value by the
the rate at which a number of items in
control (presumably supervisors’ signatures) has been applied, not the population. Unstratified means that the population is not divided
the value of the into
population. subpopulations. This method is inappropriate when many small
[487] Gleim #: 5.5.59 balance account
An auditor is testing on a company’s large, normally distributed errors exist.
accounts receivable Answer (C) is incorrect. Probability-proportional-to-size sampling is
file. The objectives of the audit are to test end-of-period monetary used for
balances and estimating monetary amounts of errors when the expected error
accounts receivable posting exception (error) rates. The accounts frequency is low.
receivable file
Because the sampling unit is the monetary unit, this method involving binary (yes/no or right/wrong) propositions. Whether an
increases the item has been
likelihood of selecting large items. posted requires a yes/no answer.
Answer (D) is incorrect. Attribute sampling does not involve [489] Gleim #: 5.5.61
estimation of An auditor is testing on a company’s large, normally distributed
monetary amounts. accounts receivable
Gleim CIA Test Prep: Part 1 - Internal Audit Basics file. The objectives of the audit are to test end-of-period monetary
(720 questions) balances and
Copyright 2013 Gleim Publications Inc. Page 266 accounts receivable posting exception (error) rates. To test the
Printed for Sanja Knezevic accounts receivable file
fb.com/ciaaofficial to compute an estimated monetary total, the auditor could use any
[488] Gleim #: 5.5.60 one of the following
An auditor is testing on a company’s large, normally distributed sampling techniques except
accounts receivable A. Difference or ratio estimation.
file. The objectives of the audit are to test end-of-period monetary B. Unstratified mean-per-unit estimation.
balances and C. Probability-proportional-to-size sampling.
accounts receivable posting exception (error) rates. The expected D. Attribute sampling.
population exception Answer (A) is incorrect. Difference or ratio estimation can be used
rate is 3% for the accounts receivable posting processes. If the to estimate
auditor has established population dollar values. Both methods involve determining the
a 5% tolerable rate, the auditor would use which sampling plan for difference
testing the actual between the audit and recorded amounts of items in the sample.
exception rate? Answer (B) is incorrect. Mean-per-unit estimation averages audit
Difference or mean-A. per-unit estimation. values and
B. Discovery. multiplies them by the units in the population to estimate the account
C. Stratified. balance.
D. Attribute. Answer (C) is incorrect. Probability-proportional-to-size sampling
Answer (A) is incorrect. Difference or mean estimation is used when uses the
sampling monetary unit as the sampling unit. It is a means of testing account
for monetary values. balances.
Answer (B) is incorrect. Discovery sampling is only used when Answer (D) is correct. Attribute sampling is used for applications
exception rates involving
are expected to be very low. binary (yes/no or right/wrong) propositions. Attribute sampling does
Answer (C) is incorrect. Stratified sampling arranges populations for not involve
more estimation of monetary amounts.
efficient sampling. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is correct. The accounts receivable posting exception (720 questions)
rate would be Copyright 2013 Gleim Publications Inc. Page 267
determined using attribute sampling. Attribute sampling is used for Printed for Sanja Knezevic
applications [490] Gleim #: 5.5.62
An internal auditor uses a number of techniques to select samples. A random selection because the auditor is concerned that the monthly
frequently, and sales journal
appropriately, used technique is random selection. In which of the has been held open to record the next month sales. The auditor
following situations should select
would random selection be least justified? The auditor needs to transactions from the latter part of the month and examine supporting
Test sales transactions to determine that they were properly evidence to
authorized and are determine if they were recorded in the proper period.
supported by shipping documents. Answer (D) is incorrect. The auditor can audit the largest monetary-
A. value items
Confirm accounts receivable and has already selected the 10 largest and then randomly sample small items.
accounts for [491] Gleim #: 5.5.63
confirmation. The remaining accounts are not numbered. The auditor The auditor wishes to sample the perpetual inventory records to
only has a develop an estimate of
computer listing of the accounts in alphabetical order approximately the monetary amount of misstatement, if any, in the account balance.
250 pages The account
long with 50 account balances on every page. balance is made up of a large number of small-value items and a
B. small number of
Obtain evidence on the proper sales cut-off by sampling items from large-value items. The auditor has decided to audit all items over US
the monthly $50,000 plus a
sales journal to determine if the items were recorded in the correct random selection of others. This audit decision is made because the
time period. auditor expects to
C. find a large amount of errors in the perpetual inventory records but is
Test the perpetual inventory records to ensure that the sample not sure that it
covers the largest will be enough to justify taking a complete physical inventory. The
monetary value items in the account. auditor expects the
D. errors to vary directly with the value recorded in the perpetual
Answer (A) is incorrect. Testing controls over sales is ideal for records. The most
random selection. efficient sampling procedure to accomplish the auditor’s objectives is
This type of sampling provides evidence about the quality of Monetary-A. unit sampling.
processing B. Ratio estimation.
throughout the year. C. Attribute sampling.
Answer (B) is incorrect. Confirming receivables is appropriate for D. Stratified mean-per-unit sampling.
use of random Gleim CIA Test Prep: Part 1 - Internal Audit Basics
selection. Individual account balances could be selected by using (720 questions)
probabilityproportional- Copyright 2013 Gleim Publications Inc. Page 268
to-size (monetary-unit) sampling or by randomly choosing a page Printed for Sanja Knezevic
number and then selecting an account item (1-50) on each page. fb.com/ciaaofficial
Answer (C) is correct. A sales cutoff test is the least justified Answer (A) is incorrect. Monetary-unit (probability-proportional-to-
situation for use of size) sampling
becomes less accurate when many errors are expected.
Answer (B) is correct. Ratio estimation estimates the population with the time to respond at the expense of employees who are too
misstatement by busy with
multiplying the recorded amount of the population by the ratio of the company work to respond.
total audit Answer (B) is incorrect. Managers and supervisors often do not
amount of the sample to its total recorded amount. It is reliable and have the same
efficient when needs and perceptions as their subordinates and also often
small errors predominate and are not skewed. Thus, ratio estimation misperceive the views
should be used in of employees.
this situation because the auditor is not sampling the very large items Answer (C) is correct. Stratified sampling divides a population into
and the errors are subpopulations, thereby permitting the application of different
not skewed (they vary directly with the size of the recorded values). techniques to each
Answer (C) is incorrect. Attribute sampling is not used to estimate a stratum. This approach reduces the effect of high variability if the
monetary strata are
amount. selected so that variability among the strata is greater than variability
Answer (D) is incorrect. Mean-per-unit (MPU) variables sampling within each
averages audit stratum. For example, one expects to find greater similarities among
values in the sample and multiplies by the number of items in the married
population to people than between married people and unmarried people.
estimate the population value. When many errors are expected, MPU Answer (D) is incorrect. The survey tests perceptions and beliefs,
and stratified not monetary
MPU are not as efficient as ratio estimation. amounts.
An auditor is conducting a survey of perceptions and beliefs of (720 questions)
employees concerning Copyright 2013 Gleim Publications Inc. Page 269
an organization health care plan. The best approach to selecting a Printed for Sanja Knezevic
sample is to [493] Gleim #: 5.5.65
Focus on people who are likely to respond so that a larger sample A. The appropriate sampling plan to use to identify at least one
can be obtained. irregularity, assuming
Focus on managers and supervisors because they can also reflect some number of such irregularities exist in a population, and then to
the opinions of discontinue
the people in their departments. sampling when one irregularity is observed is
B. A. Stop-or-go sampling.
Use stratified sampling where the strata are defined by marital and B. Discovery sampling.
family status, C. Variables sampling.
age, and salaried/hourly status. D. Attribute sampling.
C. Answer (A) is incorrect. Stop-or-go sampling is a variant of attribute
D. Use monetary-unit sampling according to employee salaries. sampling
Answer (A) is incorrect. This convenience sample is likely to intended to reduce sample sizes when the population is relatively
emphasize people deviation free. It
allows for discontinuing sampling when few or no errors are found or application contains a statement of collateral.
for C.
expanding the sample if the initial sample does not provide sufficient Select a sample of payments made on the loan portfolio and trace
assurance. them to loans to
Answer (B) is correct. Discovery sampling is a form of attribute see if the payments are properly applied. For each loan identified,
sampling applied examine the
when a control is critical and a single deviation is important, for loan application to determine that the loan has proper
example, collateralization.
commission of a material fraud. The expected deviation rate should D.
be at or near Gleim CIA Test Prep: Part 1 - Internal Audit Basics
zero, and the sample size is calculated so that the sample will (720 questions)
include at least one Copyright 2013 Gleim Publications Inc. Page 270
example of a deviation if it occurs in the population at a given rate. Printed for Sanja Knezevic
Answer (C) is incorrect. Variables sampling estimates the value of a fb.com/ciaaofficial
population. Answer (A) is correct. In some cases, stratifying the population is
Answer (D) is incorrect. Most attribute sampling applications are not done to reduce the
discontinued when a single deviation is found. effect of high variability by dividing the population into
[494] Gleim #: 5.5.66 subpopulations. Reducing the
A bank’s internal auditor wishes to determine whether all loans are variance within each subpopulation allows the auditor to sample a
supported by smaller number of
sufficient collateral, properly aged regarding current payments, and items while holding precision and confidence level constant. This
accurately procedure is the
categorized as current or noncurrent. The best audit procedure to most appropriate in this situation because it takes a sample from the
accomplish these total loan file and
objectives would be to tests to determine that each sampling unit is properly categorized as
Use generalized audit software to read the total loan file, age the file well as properly
by last collateralized and aged.
payment due, and extract a statistical sample stratified by the current Answer (B) is incorrect. Block sampling (cluster sampling) randomly
and aged selects groups
population. Examine each loan selected for proper collateralization of items as the sampling units. For this plan to be effective, variability
and aging. within the
A. blocks should be greater than variability among them. If blocks of
Select a block sample of all loans in excess of a specified monetary homogeneous
limit and samples are selected, the sample will be biased. Furthermore, this
determine if they are current and properly categorized. For each loan sample only consists
approved, of large loan amounts and does not test for proper collateralization.
verify aging and categorization. Answer (C) is incorrect. Discovery sampling is a form of attribute
B. sampling used to
Select a discovery sample of all loan applications to determine identify critical deviations in a population. The occurrence rate is
whether each assumed to be at or
near 0%, and the method cannot be used to evaluate results initiated, it is carried out until it is completed. Each phase of the
statistically if deviations sample is
are found in the sample. Hence, discovery sampling is used for tests conducted without reference to when the first error is observed.
of controls, but it Answer (D) is correct. Discovery sampling is a form of attribute
is appropriate only when one deviation is critical. Moreover, this sampling used to
procedure is identify critical deviations in a population. The occurrence rate is
inefficient because it samples from loan applications, not loans assumed to be at
approved. or near 0%, and the method cannot be used to evaluate results
Answer (D) is incorrect. This procedure is ineffective. It is based statistically if
only on loans for deviations are found in the sample. Hence, discovery sampling is
which payments are currently being made. It does not include loans used for tests of
that should have controls, but it is appropriate only when one deviation is critical. The
been categorized differently because payments are not being made. sample size
It also does not is calculated so that the sample will contain at least one example of a
address whether the loans are properly classified as current or deviation if
noncurrent. it occurs in the population at a given rate.
Which sampling plan requires no additional sampling once the first (720 questions)
error is found? Copyright 2013 Gleim Publications Inc. Page 271
A. Stratified sampling. Printed for Sanja Knezevic
B. Attribute sampling. [496] Gleim #: 5.5.68
C. Stop-or-go sampling. The supervisor of claims processing for a health insurance firm
D. Discovery sampling. selects all claims
Answer (A) is incorrect. Stratifying the population is done to reduce processed in the past 2 days by a particular employee for audit.
the effect of From this sample, the
high variability by dividing the population into subpopulations. It is not supervisor can develop
concerned An overall representative view of employee A. work for the year.
with errors in the population, and sampling would not stop when the B. A quantification of sampling error.
first error is C. Conclusions about the correctness of processing for the
encountered. department.
Answer (B) is incorrect. The goal of attribute sampling is to arrive at D. An understanding of the details contained in the processing task.
an estimate Answer (A) is incorrect. The sample is not representative of the
of the rate of occurrence of some characteristic in a population. employee’s work
Hence, the entire for the whole year.
sample size must be taken, regardless of when the first error occurs. Answer (B) is incorrect. The sample is a judgment, not a statistical,
Answer (C) is incorrect. Stop-or-go sampling is a sequential sample.
sampling procedure. Answer (C) is incorrect. Conclusions about the whole department
The next step is determined by the results of the previous step. Once cannot be
a step is drawn from a sample of one employee’s work.
Answer (D) is correct. The auditor has used judgment sampling, not sampling is a modified version of attribute sampling that relates
statistical deviation rates to
sampling. Thus, (s)he cannot quantitatively assess precision and monetary amounts.
confidence level Answer (D) is incorrect. Variables sampling is used to estimate the
and therefore is precluded from drawing valid statistical inferences value of a
about the population, not the occurrence rate of deviations.
population. However, this sample should assist the auditor in Gleim CIA Test Prep: Part 1 - Internal Audit Basics
obtaining a (720 questions)
preliminary understanding of the system and in determining whether Copyright 2013 Gleim Publications Inc. Page 272
a statistical Printed for Sanja Knezevic
sample will be needed. fb.com/ciaaofficial
[497] Gleim #: 5.5.69 [498] Gleim #: 5.5.70
When an internal auditor’s sampling objective is to obtain a Assume the internal auditor becomes concerned that significant
measurable assurance that fraud may be taking
a sample will contain at least one occurrence of a specific critical place by dentists who are billing the health care processor for
exception existing in services that were not
a population, the sampling approach to use is provided. For example, employees may have their teeth cleaned, but
A. Random. the dentist
B. Discovery. charges the processor for pulling teeth and developing dentures. The
C. Probability-proportional-to-size. most effective
D. Variables. procedure to determine whether such a fraud exists is to
Answer (A) is incorrect. Random sampling is a method used to Develop a schedule of payments made to individual dentists. Verify
choose the that payments
sample. were made to the dentists by confirming the payments with the
Answer (B) is correct. Discovery sampling is a form of attribute health care
sampling used to processor.
identify critical deviations in a population. The occurrence rate is A.
assumed to be at Take a random sample of payments made to dentists and confirm the
or near 0%, and the method cannot be used to evaluate results amounts
statistically if paid with the dentists’ offices to determine that the amounts agree
deviations are found in the sample. Hence, discovery sampling is with the
used for tests of amounts billed by the dentists.
controls, but it is appropriate only when one deviation is critical. The B.
sample size Take a random sample of claims submitted by dentists and trace
is calculated so that the sample will contain at least one example of a through the
deviation if system to determine whether the claims were paid at the amounts
it occurs in the population at a given rate. billed.
Answer (C) is incorrect. Probability-proportional-to-size (monetary- C.
unit) Take a discovery sample of employee claims that were submitted
through dentist
offices, and confirm the type of service performed by the dentist processed by the department during the past year.
through direct B.
correspondence with the employee who had the service performed. Discovery sampling to select a sample of vouchers processed by the
D. department
Answer (A) is incorrect. Developing a schedule of payments and during the past year.
verifying that C.
the payments were made does not reveal whether the claims were Judgmental sampling to select a sample of vouchers processed by
proper or clerks identified
fraudulent. by the department manager as acting suspiciously.
Answer (B) is incorrect. Verifying that dentists were paid the D.
amounts that they Gleim CIA Test Prep: Part 1 - Internal Audit Basics
billed does not reveal whether the claims were proper or fraudulent. (720 questions)
Answer (C) is incorrect. Verifying that claims were paid at the Copyright 2013 Gleim Publications Inc. Page 273
amounts billed Printed for Sanja Knezevic
does not reveal whether the claims were proper or fraudulent. Answer (A) is incorrect. Simple random sampling is appropriate if
Answer (D) is correct. A discovery sample is used to identify critical the extent of fraud
errors or is to be estimated.
irregularities, that is, when a single deviation is critical. This method Answer (B) is incorrect. Probability-proportional-to-size sampling is
cannot be appropriate if the
used to evaluate the results statistically if deviations are found. monetary value of fraud is to be estimated.
Because dentists Answer (C) is correct. The purpose is to determine whether fraud
are suspected of filing fraudulent claims, the auditor should take a has occurred rather
discovery than to estimate its overall frequency. Discovery sampling is a
sample of employee claims. The internal auditor should then confirm method designed
the work specifically for this purpose. It is a form of attribute sampling used to
done by the dentist according to the claim with the employee. The identify critical
employee is the deviations in a population. The occurrence rate is assumed to be 0%,
best source of information as to whether the service was provided. and statistical
[499] Gleim #: 5.5.71 evaluation of results is impossible if deviations are found. Thus,
After partially completing an internal control review of the accounts discovery sampling is
payable only appropriate when one deviation is critical.
department, an auditor suspects that some type of fraud has Answer (D) is incorrect. Restricting the population to the vouchers
occurred. To ascertain processed by
whether the fraud is present, the best sampling approach is to use suspicious workers presents a significant potential for biasing the
Simple random sampling to select a sample of vouchers processed sample. The
by the department manager may be the guilty party.
department during the past year. [500] Gleim #: 5.5.72
A. Management is legally required to prepare a shipping document for
Probability-proportional-to-size sampling to select a sample of all movement of
vouchers
hazardous materials. The document must be filed with bills of lading. neutralizes variability by defining the sampling unit as an individual
Management monetary unit.
expects 100% compliance with the procedure. Which of the following Answer (C) is correct. The sample size for a variable test depends
sampling on confidence level,
approaches is most appropriate? population size, precision, and variability of the population. The
A. Attribute sampling. standard deviation
B. Discovery sampling. measures variability. The larger the standard deviation, the larger the
C. Targeted sampling. sample size that
D. Variables sampling. is required to achieve specified levels of precision and confidence.
Answer (A) is incorrect. The particular type of attribute sampling that Answer (D) is incorrect. The objective of discovery sampling is to
is select items until at
appropriate in this situation is discovery sampling. least one item is discovered with a particular characteristic, such as
Answer (B) is correct. Discovery sampling is a form of attribute evidence of fraud.
sampling used to [502] Gleim #: 5.5.74
identify critical errors or irregularities, i.e., when the occurrence rate An internal auditor is performing a test to determine whether a gas
is assumed to and electric
be 0%. appliance manufacturer should move its service center from one
Answer (C) is incorrect. Targeted sampling is a nonsense answer. location to another.
Answer (D) is incorrect. Variables sampling concerns amounts. The service center houses the service trucks that are used to drive to
[501] Gleim #: 5.5.73 the customers’
Variability of the monetary amount of individual items in a population locations to service their appliances. The internal auditor wants to
affects sample determine the
size in which of the following sampling plans? reduction in average miles driven as a result of moving to the other
A. Attribute sampling. location. Which of
B. Monetary-unit sampling. the following statistical sampling methods would be most appropriate
C. Mean-per-unit sampling. for this test?
D. Discovery sampling. A. Attribute sampling.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Discovery sampling.
(720 questions) C. Probability-proportional-to-size (monetary-unit) sampling.
Copyright 2013 Gleim Publications Inc. Page 274 D. Mean-per-unit sampling.
Printed for Sanja Knezevic Answer (A) is incorrect. Attribute sampling will not produce a
fb.com/ciaaofficial quantitative value.
Answer (A) is incorrect. Attribute sampling tests binary (yes/no) Answer (B) is incorrect. Discovery sampling is used to uncover an
propositions. It is not attribute that
used for tests of monetary amounts, so the variability of monetary exists in the population with a low rate of occurrence, not to estimate
amounts is not an a variable.
issue in determining sample size. Answer (C) is incorrect. Individual carrying amounts adding up to a
Answer (B) is incorrect. Monetary-unit (probability-proportional-to- total carrying
size) sampling amount are required for probability-proportional-to-size (monetary-
unit) sampling
to be used. cannot estimate the average length of time to process the claims. It
Answer (D) is correct. Mean-per-unit sampling is the only variables could, however, be
sampling used to estimate the probability that a claim is not processed within
method designed to estimate a variable for which individual carrying the company’s
amounts of defined standard.
items in a population are not available. Answer (D) is incorrect. Discovery sampling is used to determine if
[503] Gleim #: 5.5.75 an isolated event
The internal auditor for an insurance company is conducting an audit is occurring in the population. It would be used here only if exceeding
of claims the policy for
processing and wants to assess the average length of time taken to claims processing were expected to be extremely rare and extremely
process automobile important.
claims to determine whether processing is being completed within [504] Gleim #: 5.5.76
standards set by An auditor is checking the accuracy of a computer-printed inventory
company policy. The auditor plans to take a sample of claims made listing to
during the year determine whether the total monetary value of inventory is
and perform the needed analysis. The most appropriate sampling significantly overstated.
method is Because there is not adequate time or resources to check all items in
A. Mean-per-unit variables sampling. the warehouse, a
B. Probability-proportional-to-size sampling. sample of inventory items must be used. If the sample size is fixed,
C. Attribute sampling. which one of the
D. Discovery sampling. following would be the most accurate sampling approach in this
Gleim CIA Test Prep: Part 1 - Internal Audit Basics case?
(720 questions) Select those items that are most A. easily inspected.
Copyright 2013 Gleim Publications Inc. Page 275 B. Employ simple random sampling.
Printed for Sanja Knezevic Sample so that the probability of a given inventory item being
Answer (A) is correct. Mean-per-unit (MPU) variables sampling selected is
averages audit values proportional to the number of units sold for that item.
in the sample and multiplies by the number of items in the population C.
to estimate the Sample so that the probability of a given inventory item being
population value. This is the most appropriate sampling procedure selected is
because it allows proportional to its book value.
the auditor to calculate the mean for the processing time and D.
construct a confidence Answer (A) is incorrect. Using ease of inspection as a selection
interval around the mean. criterion provides
Answer (B) is incorrect. Probability-proportional-to-size sampling no statistical validity.
uses attribute Answer (B) is incorrect. Simple random sampling selects units of
sampling methods to estimate monetary amounts. It is not inventory.
appropriate in this situation. Large and small items are equally likely to be chosen. Thus, it will
Answer (C) is incorrect. Attribute sampling tests binary propositions probably result
and therefore
in a sample that accounts for a lesser percentage of the total those areas generating the highest levels of dissatisfaction. Pareto
monetary value than diagrams such
PPS sampling. as this one are tools for facilitating this kind of analysis.
Answer (C) is incorrect. Although better than simple random Answer (B) is incorrect. Complaints about CD-ROMs and software
sampling, selection are
of items with high sales volumes may result in a sample with a infrequent.
relatively small Answer (C) is correct. Complaints based on lack of user knowledge
monetary value. and hardware
Answer (D) is correct. The audit objective is to determine whether problems are by far the most frequent according to this chart.
the total Consequently, the
monetary amount of inventory is significantly overstated. Hence, company should devote its resources primarily to these issues.
monetary-unit Answer (D) is incorrect. Cost information is not provided.
(probability-proportional-to-size) sampling is appropriate. It increases [506] Gleim #: 5.6.78
the An organization has collected data on the complaints made by
likelihood that a sample of a given size will include high monetary- personal computer users
value and has categorized the complaints.
inventory items. (Refer to Figure FIGURE18_12.)
Gleim CIA Test Prep: Part 1 - Internal Audit Basics The chart displays the
(720 questions) A. Arithmetic mean of each computer complaint.
Copyright 2013 Gleim Publications Inc. Page 276 B. Relative frequency of each computer complaint.
Printed for Sanja Knezevic C. Median of each computer complaint.
fb.com/ciaaofficial D. Absolute frequency of each computer complaint.
[505] Gleim #: 5.6.77 Answer (A) is incorrect. The chart does not display arithmetic
An organization has collected data on the complaints made by means, relative
personal computer users frequencies, or medians of each type of complaint.
and has categorized the complaints. Answer (B) is incorrect. The chart does not display arithmetic
(Refer to Figure FIGURE18_12.) means, relative
Using the information collected, the organization should focus on frequencies, or medians of each type of complaint.
The total number of personal computer complaints A. that occurred. Answer (C) is incorrect. The chart does not display arithmetic
The number of computer complaints associated with CD-ROM means, relative
problems and new frequencies, or medians of each type of complaint.
software usage. Answer (D) is correct. This Pareto diagram depicts the frequencies
B. of complaints
The number of computer complaints associated with the lack of user in absolute terms. It displays the actual number of each type of
knowledge complaint. The
and hardware problems. chart does not display arithmetic means, relative frequencies, or
C. medians of each
D. The cost to alleviate all computer complaints. type of complaint.
Answer (A) is incorrect. The organization should focus its scarce Gleim CIA Test Prep: Part 1 - Internal Audit Basics
resources on (720 questions)
Copyright 2013 Gleim Publications Inc. Page 277 A. C chart.
Printed for Sanja Knezevic B. P chart.
[507] Gleim #: 5.6.79 C. R chart.
Statistical quality control often involves the use of control charts D. X-bar chart.
whose basic purpose Answer (A) is incorrect. A C chart is also an attribute control chart. It
is to shows
Determine when accounting control procedures A. are not working. defects per item.
B. Control labor costs in production operations. Answer (B) is correct. A P chart is based on an attribute
C. Detect performance trends away from normal operations. (acceptable/not
D. Monitor internal control applications of information technology. acceptable) rather than a measure of a variable, specifically, the
Answer (A) is incorrect. Quality control concerns product quality, not percentage of
controls defects in a sample.
over accounting procedures. Answer (C) is incorrect. An R chart displays the range of dispersion
Answer (B) is incorrect. Quality control concerns product quality, not of a variable,
costs. such as size or weight.
Answer (C) is correct. Statistical control charts are graphic aids for Answer (D) is incorrect. An X-bar chart plots the sample mean for a
monitoring variable.
the status of any process subject to random variations. The Gleim CIA Test Prep: Part 1 - Internal Audit Basics
processes are measured (720 questions)
periodically, and the values are plotted on the chart. If the value falls Copyright 2013 Gleim Publications Inc. Page 278
within the Printed for Sanja Knezevic
control limits, no action is taken. If the value falls outside the limits, fb.com/ciaaofficial
the process is [509] Gleim #: 5.6.81
considered “out of control,” and an investigation is made for possible A health insurer uses a computer application to monitor physician bill
corrective amounts for
action. Another advantage of the chart is that it makes trends visible. various surgical procedures. This program allows the organization to
Answer (D) is incorrect. Quality control concerns product quality, not better control
information technology. reimbursement rates. The X-bar chart below is an example of the
[508] Gleim #: 5.6.80 output from this
The statistical quality control department prepares a control chart application.
showing the (Refer to Figure CIA2_7_59.)
percentages of defective production. Simple statistical calculations Select the interpretation that best explains the data plotted on the
provide control chart.
limits that indicate whether assignable causes of variation are A. Random variation.
explainable on chance B. Abnormal variation.
grounds. The chart is particularly valuable in determining whether the C. Normal variation.
quality of D. Cyclic variation.
materials received from outside vendors is consistent from month to Answer (A) is incorrect. Random variations should fall within
month. What is realistically
the best term for this chart? determined control limits.
Answer (B) is correct. Statistical quality control charts are graphic Answer (D) is incorrect. Determining the appropriate timing of
aids for inspections is
monitoring the status of any process subject to random variations. only one step toward approaching quality control. Consequently, it is
The X-bar chart not the
presented here depicts the sample means for a variable. If the values primary component of the quality control function.
fall within Gleim CIA Test Prep: Part 1 - Internal Audit Basics
the upper and lower control limits, no action is taken. Accordingly, (720 questions)
values outside Copyright 2013 Gleim Publications Inc. Page 279
these limits are abnormal and should be investigated for possible Printed for Sanja Knezevic
corrective [511] Gleim #: 5.6.83
action. An automobile parts manufacturer has received complaints from
Answer (C) is incorrect. Normal variations should fall within customers about
realistically declining quality. After a quick review, management realizes the
determined control limits. problem has no
Answer (D) is incorrect. In time series analysis, cyclic variation is single source. To perform a thorough process of problem
the fluctuation identification, the most
in the value of a variable caused by change in the level of general appropriate tool is a(n)
business Fishbone A. (Ishikawa) diagram.
activity. B. Histogram.
[510] Gleim #: 5.6.82 C. Pareto diagram.
The most important component of quality control is D. ISO 9000 audit.
A. Ensuring that goods and services conform to the design Answer (A) is correct. A fishbone diagram (also called a cause-and-
specifications. effect
B. Satisfying upper management. diagram or an Ishikawa diagram) is a total quality management
C. Conforming with ISO-9000 specifications. process
D. Determining the appropriate timing of inspections. improvement technique. It is useful in studying causation (why the
Answer (A) is correct. The intent of quality control is to ensure that actual and
goods and desired situations differ). This format organizes the analysis of
services conform to the design specifications. Whether the focus is causation and
on helps to identify possible interactions among causes.
feedforward, feedback, or concurrent control, the emphasis is on Answer (B) is incorrect. A histogram displays the continuum of
ensuring product values for an
or service conformity. independent variable. It is useful for visually inspecting the range of a
Answer (B) is incorrect. Quality control is geared toward satisfying quantifiable
the customer, variable.
not upper management. Answer (C) is incorrect. A Pareto diagram (also known as 80:20
Answer (C) is incorrect. Ensuring the conformance with ISO-9000 analysis)
specifications displays the values of an independent variable such that managers
is a component of a compliance audit, not quality control. can quickly
identify the areas most in need of attention. The variables involved Copyright 2013 Gleim Publications Inc. Page 280
must be Printed for Sanja Knezevic
quantifiable. fb.com/ciaaofficial
Answer (D) is incorrect. An ISO 9000 audit focuses on process, not [513] Gleim #: 5.6.85
product, The director of sales asks for a count of customers grouped in
quality. descending numerical
[512] Gleim #: 5.6.84 rank by (1) the number of orders they place during a single year and
A manufacturer mass produces nuts and bolts on its assembly line. (2) the dollar
The line amounts of the average order. The visual format of these two pieces
supervisors sample every nth unit for conformance with of information is
specifications. Once a most likely to be a
nonconforming part is detected, the machinery is shut down and Fishbone A. (Ishikawa) diagram.
adjusted. The most B. Cost of quality report.
appropriate tool for this process is a C. Kaizen diagram.
A. Fishbone (Ishikawa) diagram. D. Pareto diagram.
B. Cost of quality report. Answer (A) is incorrect. A fishbone diagram is useful for determining
C. ISO 9000 audit. the
D. Statistical quality control chart. unknown causes of problems, not for stratifying quantifiable
Answer (A) is incorrect. A fishbone diagram is useful for determining variables.
the Answer (B) is incorrect. The contents of a cost of quality report are
unknown causes of problems, not routine mechanical adjustments. stated in
Answer (B) is incorrect. The contents of a cost of quality report are monetary terms. This report is not helpful for determining when to
stated in adjust
monetary terms. This tool is not helpful for determining when to machinery.
adjust Answer (C) is incorrect. Kaizen diagram is not a meaningful term in
machinery. this context.
Answer (C) is incorrect. An ISO 9000 audit focuses on the quality of Answer (D) is correct. A Pareto diagram (also known as 80:20
the analysis) displays
organization’s total process, not the routine adjustment of machinery. the values of an independent variable such that managers can
Answer (D) is correct. Statistical quality control is a method of quickly identify the
determining areas most in need of attention.
whether the shipment or production run of units lies within acceptable [514] Gleim #: 6.1.1
limits. It is In planning an assurance engagement, a survey could assist with all
also used to determine whether production processes are out of of the following
control. Statistical except
control charts are graphic aids for monitoring the status of any A. Obtaining engagement client comments and suggestions on
process subject to control problems.
random variations. B. Obtaining preliminary information on controls.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Identifying areas for engagement emphasis.
(720 questions) D. Evaluating the adequacy and effectiveness of controls.
Answer (A) is incorrect. A survey could assist with obtaining client Answer (B) is incorrect. The permanent engagement file probably
comments contains
and suggestions on control problems. information, such as problems detected in prior years that will help in
Answer (B) is incorrect. A survey could assist with obtaining the development
preliminary of appropriate questions to ask this year.
information on controls. Answer (C) is incorrect. The prior engagement communications will
Answer (C) is incorrect. A survey could assist with identifying areas likely assist in
for developing the current year’s questionnaire.
engagement emphasis. Answer (D) is incorrect. Knowing what the department is supposed
Answer (D) is correct. Internal auditors conduct a survey to (1) to do will help the
become familiar internal auditor develop knowledgeable questions.
with activities, risks, and controls to identify areas for engagement [516] Gleim #: 6.1.3
emphasis and During which phase of the engagement does the internal auditor
(2) invite comments and suggestions from engagement clients (PA identify the objectives
2210.A1-1, and related controls of the activity being examined?
para. 3). A survey is not sufficient for evaluating the adequacy and A. Preliminary survey.
effectiveness B. Staff selection.
of controls. Evaluation requires testing. C. Work program preparation.
[515] Gleim #: 6.1.2 D. Final communication of results.
An assurance engagement in the quality control department is being Answer (A) is correct. If appropriate, internal auditors conduct a
planned. Which of survey to (1)
the following is least likely to be used in the preparation of a become familiar with activities, risks, and controls to identify areas for
preliminary survey engagement emphasis and (2) invite comments and suggestions
questionnaire? from engagement
A. An analysis of quality control documents. clients (PA 2210.A1-1, para. 3).
B. The permanent engagement file. Answer (B) is incorrect. Staff selection is the process of deciding
C. The prior engagement communications. which internal
D. Management’s charter for the quality control department. auditors will work on the engagement.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. The work program is prepared after the
(720 questions) preliminary
Copyright 2013 Gleim Publications Inc. Page 281 survey.
Printed for Sanja Knezevic Answer (D) is incorrect. Final communication of results occurs after
Answer (A) is correct. Internal auditors conduct a survey to (1) the
become familiar with completion of the engagement.
activities, risks, and controls to identify areas for engagement Gleim CIA Test Prep: Part 1 - Internal Audit Basics
emphasis and (2) invite (720 questions)
comments and suggestions from engagement clients (PA 2210.A1-1, Copyright 2013 Gleim Publications Inc. Page 282
para. 3). An Printed for Sanja Knezevic
analysis of quality control documents is a part of field work, which fb.com/ciaaofficial
follows the survey. [517] Gleim #: 6.1.4
The preliminary survey indicates that severe staff reductions at the D.
engagement Answer (A) is correct. A preliminary survey allows the internal
location have resulted in extensive amounts of overtime among auditor to (1)
accounting staff. become familiar with activities, risks, and controls to identify areas for
Department members are visibly stressed and very vocal about the engagement emphasis and (2) invite comments and suggestions
effects of the from engagement
cutbacks. Accounting payrolls are nearly equal to prior years, and clients (PA 2210.A1-1, para. 3). In this case, additional planning is
many key controls, necessary to
such as segregation of duties, are no longer in place. The accounting modify the engagement for the difficult circumstances discovered
supervisor now during the
performs all operations within the cash receipts and posting process preliminary survey and to address the responsibilities of the internal
and has no time to audit activity.
review and approve transactions generated by the remaining Answer (B) is incorrect. What additional work will be necessary is
members of the not clear in
department. Journal entries for the last 6 months since the staff these circumstances.
reductions show Answer (C) is incorrect. Management has not accepted this plan of
increasing numbers of prior-month adjustments and corrections, action.
including revenues, Answer (D) is incorrect. Issuing a final communication of results at
cost of sales, and accruals that had been misstated or forgotten this point
during month-end would violate the Standards, including those relating to objectivity,
closing activity. The internal auditor should due
Discuss these observations with management of the internal audit professional care, and performance of the engagement.
activity to [518] Gleim #: 6.1.5
determine whether further work would be an efficient use of internal Which of the following best describes a preliminary survey?
auditing A standardized questionnaire used to obtain an understanding of
resources at this time. management
A. objectives.
Proceed with the scheduled engagement but add personnel based A.
on the expected A statistical sample of key employee attitudes, skills, B. and
number of observations and anticipated lack of assistance from local knowledge.
accounting A “walk-through” of the financial control system to identify risks and
management. the controls
B. that can address those risks.
Research temporary help agencies and evaluate the cost and benefit C.
of outsourcing A process used to become familiar with activities and risks to identify
needed services. areas for
C. engagement emphasis.
Suspend further engagement work and issue the final D.
communication of results Gleim CIA Test Prep: Part 1 - Internal Audit Basics
because the conclusions are obvious. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 283 or loans.
Printed for Sanja Knezevic B.
Answer (A) is incorrect. A preliminary survey covers many areas Review minutes of board meetings to identify changes in policies
besides management affecting
objectives. investments and loans.
Answer (B) is incorrect. A preliminary survey would not normally C.
include statistical All of the answers D. are correct.
sampling. Answer (A) is incorrect. The internal auditors should also interview
Answer (C) is incorrect. A walk-through of controls is merely one management
possible and review board minutes.
component of a preliminary survey. Answer (B) is incorrect. The internal auditors should also review
Answer (D) is correct. If appropriate, internal auditors conduct a reports of other
survey to (1) become auditors and review board minutes.
familiar with the activities, risks, and controls to identify areas for Answer (C) is incorrect. The internal auditors should also review
engagement reports of other
emphasis and (2) invite comments and suggestions from auditors and interview management.
engagement clients Answer (D) is correct. Typical components of a preliminary survey
(PA 2210.A1-1, para. 3). include,
[519] Gleim #: 6.1.6 among other things, interviews and reviews of prior audit reports and
The internal auditors of a financial institution are performing an other
engagement to relevant documentation.
evaluate the institution’s investing and lending activities. During the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
last year, the (720 questions)
institution has adopted new policies and procedures for monitoring Copyright 2013 Gleim Publications Inc. Page 284
investments and Printed for Sanja Knezevic
the loan portfolio. The internal auditors know that the organization fb.com/ciaaofficial
has invested in [520] Gleim #: 6.1.7
new types of financial instruments during the year and is heavily An internal auditor conducts a preliminary survey and identifies a
involved in the use of number of
financial derivatives to appropriately hedge risks. If the internal significant engagement issues and reasons for pursuing them in
auditors were to more depth. The
conduct a preliminary review, which of the following procedures engagement client informally communicates concurrence with the
should be preliminary survey
performed? results and asks that the internal auditor not report on the areas of
Review reports of engagements performed by regulatory and significant concern
external auditors until the client has an opportunity to respond to the problem areas.
since the last internal audit engagement. Which of the
A. following engagement responses is not appropriate?
Interview management to identify changes made in policies Keep the engagement on schedule and discuss with management
regarding investments the need for
completing the engagement on a timely basis. [521] Gleim #: 6.1.8
A. During a preliminary survey, an auditor found that several accounts
Consider the risk involved in the areas involved, and, if the risk is payable vouchers
high, proceed for major suppliers required adjustments for duplicate payment of
with the engagement. prior invoices. This
B. would indicate
Consider the engagement to be terminated with no communication of A need for additional testing to determine related controls and the
results current
needed because the engagement client has already agreed to take exposure to duplicate payments made to suppliers.
constructive A.
action. The possibility of unrecorded liabilities for the amount of B. the
C. overpayments.
Work with the engagement client to keep the engagement on Insufficient controls in the receiving area to ensure timely notice to
schedule and address the accounts
the significant issues in more depth, as well as the client’s payable area that goods have been received and inspected.
responses, during the C.
course of the engagement. The existence of a sophisticated accounts payable system that
D. correlates
Answer (A) is incorrect. The internal auditor has identified significant overpayments to open invoices and therefore requires no further
engagement issues. No basis is given for not pursuing the audit concern.
engagement. D.
Answer (B) is incorrect. The internal auditor should always consider Gleim CIA Test Prep: Part 1 - Internal Audit Basics
the risk (720 questions)
associated with the potential observations as a basis for determining Copyright 2013 Gleim Publications Inc. Page 285
the need for Printed for Sanja Knezevic
more immediate attention. Answer (A) is correct. One reason for conducting a preliminary
Answer (C) is correct. The apparently constructive action by the survey is to become
engagement familiar with the activities, risks, and controls to identify areas for
client may be a delaying tactic intended to conceal more serious engagement
problems after the emphasis (PA 2210.A1-1, para. 3). Accordingly, this preliminary
internal auditor has identified significant engagement issues. survey information
Moreover, no basis should prompt the auditor to identify the magnitude of duplicate
is given for not pursuing the engagement. The internal auditor always payments.
considers Answer (B) is incorrect. Unrecorded liabilities are not likely to result
the risk associated with the potential observations as a basis for in the generation
determining the of duplicate accounts payable vouchers.
need for more immediate attention. Answer (C) is incorrect. The existence of duplicate payments is
Answer (D) is incorrect. The internal auditor has identified significant most likely related to
engagement issues. No basis is given for not pursuing the a problem in accounts payable.
engagement.
Answer (D) is incorrect. Duplicate payments are not overpayments. Answer (C) is incorrect. The review for effectiveness determines
Duplicate whether
payments are exceptions and should be handled as such. management has directed processes to provide reasonable
[522] Gleim #: 6.1.9 assurance that goals and
You are an internal auditing supervisor who is reviewing the working objectives will be achieved.
papers of a staff Answer (D) is incorrect. Internal auditors review operations and
internal auditor’s overall examination of the firm’s sales function. The programs to
pages are not ascertain the extent to which results are consistent with goals and
numbered or cross-referenced. Furthermore, the working papers objectives.
were dropped and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
reassembled at random before they were brought to you. You decide (720 questions)
to put the Copyright 2013 Gleim Publications Inc. Page 286
working papers in the proper order according to the Standards. The Printed for Sanja Knezevic
first stage of this fb.com/ciaaofficial
activity is to identify each page as a part of (1) the preliminary survey, [523] Gleim #: 6.1.10
(2) the review During an operational engagement, an internal auditor compares the
of the adequacy of control processes, (3) the review for effectiveness inventory
of control turnover rate of a subsidiary with established industry standards to
processes, or (4) the review of results. The second page the Evaluate the accuracy of the subsidiary’s internal A. financial reports.
supervisor selects B. Test the subsidiary’s controls designed to safeguard assets.
documents an interview with a salesperson discussing the overall Determine if the subsidiary is complying with organizational
sales cycle. This procedures regarding
page belongs with which activity? inventory levels.
A. Preliminary survey. C.
B. Review for adequacy of control processes. Assess the performance of the subsidiary and indicate where
C. Review for effectiveness of control processes. additional
D. Review of results. engagement work may be needed.
Answer (A) is correct. Planning includes performing, if appropriate, a D.
survey to Answer (A) is incorrect. Evaluating the reliability and integrity of
(1) become familiar with the activities, risks, and controls to identify financial
areas for records is one component of a financial, not an operational,
engagement emphasis and (2) invite comments and suggestions engagement.
from engagement Answer (B) is incorrect. Evaluating the safeguarding of assets is
clients (PA 2210.A1-1, para. 3). Interviews with the engagement one component
client may be of a financial, not an operational, engagement.
conducted as part of the survey to obtain an overall understanding of Answer (C) is incorrect. Testing inventory turnover addresses
operations. economy and
Answer (B) is incorrect. The review for adequacy determines efficiency issues, not compliance.
whether control Answer (D) is correct. Analytical procedures are often used during
processes exist that are properly planned and designed. the
preliminary survey to identify potential areas for additional [525] Gleim #: 6.1.12
engagement work. The audit committee has raised a few issues that the internal audit
[524] Gleim #: 6.1.11 activity will
In advance of a preliminary survey, a chief audit executive sends a examine during an operational audit for the current year. When
memorandum and performing the
questionnaire to the supervisors of the department to be evaluated. preliminary survey, which of the following is not an appropriate
What is the most technique?
likely result of that procedure? Performing A. interviews.
A. It creates apprehension about the engagement. B. Developing questionnaires.
B. It involves the engagement client’s supervisory personnel in the C. Determining the largest risk of financial statement misstatement.
engagement. D. All of the answers are appropriate techniques.
C. It is an uneconomical approach to obtaining information. Answer (A) is incorrect. Performing interviews allows the auditor to
D. It is only useful for engagements of distant locations. explore
Answer (A) is incorrect. Greater knowledge of the upcoming objectives, goals, and standards of operation, along with risks. The
engagement is more interview also
likely to remove some of the apprehension about the engagement. allows the auditor to gain insights into management’s style.
Answer (B) is correct. Sending a memorandum and questionnaire to Answer (B) is incorrect. Questionnaires can trigger appropriate
the preparation for
engagement client is part of a participative approach. It helps involve the auditor’s arrival as well as give the auditor insight into the
the organization’s
supervisors of the engagement client’s department and thereby operations.
encourages a more Answer (C) is correct. Determining potential misstatements is not
collegial approach to the engagement. Obtaining the assistance of the objective of
the engagement an operational audit. Additionally, a final risk analysis is developed at
client in data gathering, evaluating operations, and solving problems a later time
should result in the audit, not during the preliminary survey. A preliminary risk
in improved relations and in more effective and efficient assessment is
engagements. appropriate during this stage.
Answer (C) is incorrect. Sending a memorandum and questionnaire Answer (D) is incorrect. The development and use of risk analysis to
to the determine
engagement client is normally more economical. Some of the basic the largest risk of misstatement is not an appropriate preliminary
data gathering survey
will be done by those most competent to do it rapidly. technique.
Answer (D) is incorrect. Sending a memorandum and questionnaire [526] Gleim #: 6.2.13
is A well-designed internal control questionnaire should
advantageous in most circumstances. Elicit “yes” or “no” responses rather than narrative responses and be
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organized by
(720 questions) department.
Copyright 2013 Gleim Publications Inc. Page 287 A.
Printed for Sanja Knezevic B. Be a sufficient source of data for assessment of control risk.
C. Help evaluate the effectiveness of internal control. while on site. The internal auditor’s supervisor should be critical of
D. Be independent of the objectives of the internal auditing the above
engagement. procedure because
Answer (A) is incorrect. Yes/no question formats and organizing Engagement information must be corroborated A. in some way.
question B. Internal control questionnaires cannot be relied upon.
sequence by department may facilitate administering the The internal auditors were not present while the questionnaire was
questionnaire, but other being filled
formats and methods of question organization are possible. out.
Answer (B) is incorrect. The questionnaire is a tool to help C.
understand and D. The questionnaire was not designed to address accounting
document internal control but is not sufficient as the sole source of operations and controls.
information to Answer (A) is correct. Self-assessment questionnaires provide
support the assessment of control risk. indirect
Answer (C) is correct. An internal control questionnaire consists of a information. Because this information is provided by engagement
series of client personnel
questions about the organization’s controls designed to prevent or and not by independent sources, it must be confirmed.
detect errors or Answer (B) is incorrect. The adaptability of general-purpose internal
fraud. Answers to the questions help the internal auditor to identify control
specific questionnaires to different organizational units, personnel, and
controls relevant to specific assertions and to design tests of controls functional units is
to evaluate one of their strengths.
the effectiveness of their design and operation. Answer (C) is incorrect. Internal control questionnaires can be
Answer (D) is incorrect. The internal control questionnaire must be designed so that
designed to the engagement client can answer the questions without the internal
achieve the engagement objectives. auditor’s
Gleim CIA Test Prep: Part 1 - Internal Audit Basics presence.
(720 questions) Answer (D) is incorrect. An internal control questionnaire does not
Copyright 2013 Gleim Publications Inc. Page 288 need to
Printed for Sanja Knezevic address accounting information to ensure integrity.
[527] Gleim #: 6.2.14 Management answered “yes” to every question when filling out an
Management answered “yes” to every question when filling out an internal control
internal control questionnaire and stated that all listed requirements and control
questionnaire and stated that all listed requirements and control activities were part of
activities were part of their procedures. An internal auditor retrieved this questionnaire from
their procedures. An internal auditor retrieved this questionnaire from management
management during the preliminary survey visit but did not review the responses
during the preliminary survey visit but did not review the responses with management
with management while on site. The auditor’s supervisor is writing the performance
assessment for the
auditor on this preliminary survey assignment. The supervisor cites [529] Gleim #: 6.2.16
the need to review Which of the following statements indicates the wrong way to use an
management’s responses on the control questionnaire. The auditor internal control
should have questionnaire?
interviewed management for additional information because the Clarifying all answers with written remarks A. and explanations.
interview technique Filling out the questionnaire during an interview with the person who
A. Provides the opportunity to insert questions to probe promising has
areas. responsibility for the area that is being reviewed.
Is the most efficient way to upgrade the information to the level of B.
objective C. Constructing the questionnaire so that a “no” response requires
evidence. attention.
B. Supplementing the completed questionnaire with a narrative
C. Is the least costly audit technique when a large amount of description or
information is involved. flowchart.
Is the only audit procedure that does not require confirmation and D.
walk-through of Answer (A) is correct. Only those answers that appear inappropriate
the information obtained. should be
D. pursued by asking for clarification or explanation. In this way,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics problem areas may
(720 questions) be pinpointed and either compensating controls identified or
Copyright 2013 Gleim Publications Inc. Page 289 extensions to the
Printed for Sanja Knezevic engagement procedures planned.
Answer (A) is correct. During face-to-face contact, a skilled Answer (B) is incorrect. Filling out the questionnaire during an
interviewer can react to interview with
potential problems and expand questioning of more relevant the person who has responsibility for the area that is being reviewed
subjects. Thus, the is an
interview allows for cross-examination. Moreover, the interview appropriate use of an internal control questionnaire.
provides an Answer (C) is incorrect. Constructing the questionnaire so that a
opportunity to observe body language. “no” response
Answer (B) is incorrect. Interviews do not produce objective requires attention is an appropriate use of an internal control
evidence unless the questionnaire.
information corroborates facts already in evidence. Answer (D) is incorrect. Supplementing the completed questionnaire
Answer (C) is incorrect. Interviews tend to be more costly in relation with a
to the amount of narrative description or flowchart is an appropriate use of an internal
information generated. They involve more preparation and control
discussion time than other questionnaire.
techniques. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Critical information obtained during an (720 questions)
interview must be Copyright 2013 Gleim Publications Inc. Page 290
followed up and confirmed. Printed for Sanja Knezevic
fb.com/ciaaofficial SOP questionnaires must be mailed and controlled by the internal
[530] Gleim #: 6.2.17 audit activity to
An internal auditing manager is conducting the annual meeting with be considered in relation to the proposed engagement schedule.
manufacturing D.
division management to discuss proposed engagement plans and Answer (A) is correct. A specific advantage of an SOP questionnaire
activities for the next is that it
year. After some discussion about the past year’s activity at 12 plants may be used by local management to periodically ensure that
in the division, employee practices
the divisional vice president agrees that all significant remain current with relevant, valid, and up-to-date standard operating
recommendations made by the procedures.
internal auditing staff refer to key controls and related operating The overall level of control and the control environment improve
activities that are when follow-up
correctly described for local management within the volume of activities are performed to determine that controls are being
standard operating implemented as
procedures for the division. The vice president proposes to transcribe intended.
key control Answer (B) is incorrect. SOP questionnaires have no effect on
activities from the division’s extensive written procedures to a self- inherent risk, and
assessment the internal auditors have no information that such a control will be
standard operating procedure (SOP) questionnaire. What effective.
significance should the Answer (C) is incorrect. Standard operating procedures, as
internal auditing manager attach to such SOP questionnaires in described, provide
relation to the directive controls that appear to be adequate. Approval by the
proposed engagement schedule for the next year? internal audit
The SOP questionnaires should improve control adequacy, but the activity does not affect the operation of these controls.
internal Answer (D) is incorrect. Control of SOP questionnaires by the
auditors need to verify that controls are working as documented in internal audit
the SOP. activity does not affect the information obtained. Such information
A. must be
Adding this control should eliminate significant engagement verified to be considered objective.
recommendations in [531] Gleim #: 6.2.18
the coming year, so the scope of engagement activities can be An auditor is considering developing a questionnaire to research
reduced employee attitudes
accordingly. toward control procedures. Which of the following is a criterion that
B. should not be
Engagement activity can be reduced if the vice president agrees to considered in designing the questionnaire?
require the Questions must be worded to ensure a valid interpretation A. by the
internal audit activity’s approval of all divisional standard operating respondents.
procedures. Questions must be reliably worded so that they measure what was
C. intended to be
measured.
B. D. All of the answers are correct.
C. The questionnaire should be short to increase the response rate. Answer (A) is correct. The major problem is that the auditor was too
D. Questions should be worded such that a “No” answer indicates a oriented to
problem. the questionnaire and failed to give appropriate consideration to the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics other
(720 questions) information offered. Questionnaires are limited, and the auditor
Copyright 2013 Gleim Publications Inc. Page 291 needs to be
Printed for Sanja Knezevic flexible enough to gather other information when it is offered.
Answer (A) is incorrect. The validity and reliability of each question Answer (B) is incorrect. A questionnaire’s advantage is that it
are extremely provides a
important. Bias and ambiguity must be avoided. structured, comprehensive approach to evidence gathering.
Answer (B) is incorrect. The validity and reliability of each question Answer (C) is incorrect. Questionnaires are limited, but the problem
are extremely is with their
important. Bias and ambiguity must be avoided. application, not necessarily with their nature.
Answer (C) is incorrect. When questionnaires are too long, people Answer (D) is incorrect. Two of the responses are not appropriate
tend not to fill conclusions.
them out. [533] Gleim #: 6.2.20
Answer (D) is correct. Many types of questions can be used. Which of the following is not an advantage of sending an internal
Questions can be control
multiple-choice, checklists, fill-in-the-blank, essay, Likert scales, questionnaire prior to an audit engagement?
items (options The engagement client can use the questionnaire for self-evaluation
indicating degrees of agreement or disagreement), etc. prior to the
[532] Gleim #: 6.2.19 auditor’s visit.
The auditor used a questionnaire during interviews to gather A.
information about the The questionnaire will help the engagement client understand the
nature of claims processing. Unfortunately, the questionnaire did not scope of the
cover a number engagement.
of pieces of information offered by the person being interviewed. B.
Consequently, the Preparing the questionnaire will help the auditor plan the scope of
auditor did not document the potential problems for further audit the engagement
investigation. The and organize the information to be gathered.
primary deficiency with the process is that C.
The auditor failed to consider the importance of the information A. The engagement client will respond only to the questions asked,
offered. without
A questionnaire was used in a situation in which a structured volunteering additional information.
interview should D.
have been used. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. (720 questions)
C. Questionnaires do not allow for opportunities to document other Copyright 2013 Gleim Publications Inc. Page 292
information. Printed for Sanja Knezevic
fb.com/ciaaofficial control concerns are not overlooked.
Answer (A) is incorrect. Answering the questionnaire will help the Answer (B) is incorrect. A questionnaire is relatively easy to
engagement client complete. For the
identify areas where procedures are weak or not properly most part, only yes/no responses are elicited from management and
documented. employees.
Answer (B) is incorrect. The questionnaire will communicate the Answer (C) is correct. Questionnaires are designed to be inflexible
areas that the in that the
auditor plans to evaluate. responses to certain questions are expected. Questionnaires are not
Answer (C) is incorrect. The auditor can use the preparation of the easily adapted
questionnaire to to unique situations. The approach that offers the most flexibility is a
organize the information to be gathered. narrative
Answer (D) is correct. An internal control questionnaire consists of a memorandum describing internal control. The next most flexible
series of approach is a
questions about the organization’s controls designed to prevent or flowchart.
detect errors or Answer (D) is incorrect. The completed questionnaire can become
fraud. Answers to the questions help the internal auditor to identify part of the
specific controls working papers to document the internal auditor’s becoming familiar
relevant to specific assertions and to design tests of controls to with the
evaluate the engagement client’s activities, risks, and controls.
effectiveness of their design and operation. However, the information [535] Gleim #: 6.2.22
obtained is Which of the following statements describes an internal control
limited to that elicited by the questions asked. questionnaire? It
[534] Gleim #: 6.2.21 A. Provides detailed evidence regarding the substance of the control
A questionnaire consists of a series of questions relating to controls system.
normally required Takes less of the engagement client’s time to complete than other
to prevent or detect errors and fraud that may occur for each type of control
transaction. evaluation devices.
Which of the following is not an advantage of a questionnaire? B.
A questionnaire provides a framework that minimizes the possibility C. Requires that the internal auditor be in attendance to properly
of administer it.
overlooking aspects of internal control. D. Provides indirect evidence that might need corroboration.
A questionnaire can be B. easily completed. (720 questions)
C. A questionnaire is flexible in design and application. Copyright 2013 Gleim Publications Inc. Page 293
The completed questionnaire provides documentation that the Printed for Sanja Knezevic
internal auditor Answer (A) is incorrect. Questionnaires usually provide for yes/no
become familiar with internal control. responses and
D. therefore provide less detailed evidence than some other
Answer (A) is incorrect. A questionnaire provides a framework to procedures.
assure that
Answer (B) is incorrect. Questionnaires tend to be lengthy, and their In which phase of the engagement will the internal auditor confirm
completion is these responses?
time-consuming. A. Planning.
Answer (C) is incorrect. An auditor need not be present. B. Identifying, analyzing, evaluating, and recording.
Answer (D) is correct. An internal control questionnaire consists of a C. The survey.
series of D. Preliminary preparation.
questions about the controls designed to prevent or detect errors or Answer (A) is incorrect. The internal auditor obtains responses to
irregularities. the internal
Answers to the questions help the internal auditor to identify specific control questionnaire during the planning phase. These responses
internal control will be
policies and procedures relevant to specific assertions and to design confirmed during the performance of the engagement.
tests of controls to Answer (B) is correct. During the performance of the engagement,
evaluate the effectiveness of their design and operation. The “internal
questionnaire provides a auditors must identify, analyze, evaluate, and document sufficient
framework to assure that specific concerns are not overlooked, but it information to
is not a sufficient achieve the engagement’s objectives” (Perf. Std. 2300). This process
means of understanding the entire system. Thus, the evidence includes
obtained is indirect and confirming compliance with internal controls. An example is validating
requires corroboration by means of observation, interviews, the
flowcharting, examination responses to the internal control questionnaire.
of documents, etc. Answer (C) is incorrect. The planning phase includes the survey, if
[536] Gleim #: 6.2.23 appropriate.
As part of a payroll engagement, an internal auditor used an internal The survey includes becoming familiar with the activity to be
control reviewed,
questionnaire. Positive responses were given to each of the following identifying areas for special emphasis, obtaining information for use
questions by the in
payroll department manager: engagement performance, and determining whether further work is
Is authorization by the personnel department required to make necessary. For
additions to the example, the survey might include seeking answers to the internal
payroll and to change pay rates? control
1. questionnaire.
Are check totals reconciled to payroll register data before checks are Answer (D) is incorrect. The planning phase includes the survey
distributed to (preliminary
employees? preparation).
2. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Are the functions of preparing the payroll and distributing paychecks (720 questions)
performed Copyright 2013 Gleim Publications Inc. Page 294
by different persons? Printed for Sanja Knezevic
3. fb.com/ciaaofficial
[537] Gleim #: 6.3.24
When conducting interviews during the early stages of an internal A.
auditing Electronically record the interview to capture everything that
engagement, it is more effective to everyone says; then
Ask for specific answers that A. can be quantified. type everything said into a computer for documentation.
B. Ask people about their jobs. B.
C. Ask surprise questions about daily procedures. Hire a professional secretary to take notes, allowing complete
D. Take advantage of the fact that fear is an important part of the concentration on the
engagement. interview; then delete unimportant points after the meeting.
Answer (A) is incorrect. Later field work will cover information that C.
can be Organize notes around topics on the interview plan and note
quantified. Building rapport is more important in the early interviews. responses in the
Answer (B) is correct. To improve internal auditor-client cooperation, appropriate area, reviewing the notes after the meeting to make
the internal additions.
auditor should, to the extent feasible, humanize the engagement D.
process. For Gleim CIA Test Prep: Part 1 - Internal Audit Basics
example, individuals feel more important being asked people-type (720 questions)
questions, such Copyright 2013 Gleim Publications Inc. Page 295
as asking people about their jobs, rather than control-type questions. Printed for Sanja Knezevic
Answer (C) is incorrect. Unless fraud is suspected or the Answer (A) is incorrect. Extensive note taking may interfere with
engagement concerns communication
cash or negotiable securities, the more effective approach is to with the respondent. Maintaining eye contact and observing
defuse the nonverbal signals is
engagement client anxiety that results from anticipating the difficult if the interviewer is preoccupied with his/her notes.
engagement. Answer (B) is incorrect. Recording might be used for controversial
Answer (D) is incorrect. Although engagement client fear is a natural material, but it
part of usually will not elicit positive feelings from the respondent. For most
anticipating the engagement, the internal auditor should keep it from organizational
playing an purposes, exact quotes are unnecessary.
important role by using good interpersonal skills to build a positive, Answer (C) is incorrect. Aside from cost, this option is unworkable
participative given the loss of
relationship with the engagement client. confidentiality and the probable negative reaction from the
[538] Gleim #: 6.3.25 respondent.
When an internal auditor is interviewing to gain information, (s)he will Answer (D) is correct. Preparing for the interview is crucial. The
not be able to internal auditor
remember everything that was said in the interview. The most should have learned as much as possible about the engagement
effective way to record client, determined the
interview information for later use is to engagement objectives, and prepared questions. During the
Write notes quickly, trying to write down everything in detail as it is interview, the internal
said; then auditor should record notes on a split page, which lists the questions
highlight important points after the meeting. on one side and
contains space for responses on the other. After the interview, the to maintain focus during a far-ranging discussion. It assumes that the
internal auditor internal
should expand on the notes while the material is still fresh. auditor has done some homework and is prepared to listen
[539] Gleim #: 6.3.26 intelligently. Active
As part of an engagement to evaluate safety management programs, listening permits anticipation because the mind can process
an internal auditor information more
interviews the individual responsible for writing, issuing, and rapidly than most people speak. Thus, the listener has time to
maintaining safety analyze the
procedures. While the internal auditor’s primary interest is to identify information and determine what is most important.
the controls Gleim CIA Test Prep: Part 1 - Internal Audit Basics
ensuring that procedures are kept current, the individual has a (720 questions)
tremendous amount of Copyright 2013 Gleim Publications Inc. Page 296
information and seems intent on telling the internal auditor most of it. Printed for Sanja Knezevic
What might the fb.com/ciaaofficial
internal auditor do to guard against missing what is important? [540] Gleim #: 6.3.27
Write down everything the individual says. If the internal auditor gets To elicit views on broad organizational risks and objectives from the
behind, ask board and senior
for a pause and catch up. After the interview, the internal auditor can management, an internal auditor should
sift through List specific risk factors A. for consideration.
the notes and be confident of finding the key information. B. Develop spreadsheets with quantitative data relevant to the
A. industry.
Tape record the interview and later extract the relevant B. C. Use a nondirective approach to initiating discussion of mitigating
information. risks.
Do not sort through extraneous information. Revisit the topic with the Ask each member of management about specific risks listed in an
individual’s industry
supervisor and obtain any needed information at that time. reference.
C. D.
During the conversation, make an effort to anticipate the approach of Answer (A) is incorrect. Although such factors may be relevant, they
a point of will not
critical interest. necessarily create an opportunity for management to brainstorm.
D. Answer (B) is incorrect. Facts provide more of a teaching tool than a
Answer (A) is incorrect. The internal auditor will probably miss proper
important points means to start relevant discussion.
in the effort to write everything down. Answer (C) is correct. Effective interview planning includes
Answer (B) is incorrect. Recording the entire interview is inefficient. formulating basic
Answer (C) is incorrect. This procedure would be a waste of questions. An internal auditor may use a directive approach by
everyone’s time, and asking narrowly
the internal auditor still may not obtain the information sought. focused questions. A preferable alternative given the interviewees
Answer (D) is correct. Anticipation is one approach the internal and the subject
auditor can use
matter is a nondirective approach using broad questions that are D. Put the speaker at ease. A nervous speaker will be difficult to
more likely to understand.
provide clarification and yield unexpected observations. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Although an industry reference may raise (720 questions)
many valid Copyright 2013 Gleim Publications Inc. Page 297
points, it may not address concerns specific to the organization. Printed for Sanja Knezevic
[541] Gleim #: 6.3.28 Answer (A) is incorrect. Listening tends to be more difficult than
Tolerating silence, asking open-ended questions, and paraphrasing talking. Most people
are three aids to prefer to express their own ideas rather than listen.
more effective Answer (B) is incorrect. A good listener does not interrupt and
A. Meetings. makes smooth
B. Listening. transitions between listening and speaking.
C. Interviews. Answer (C) is correct. Questions asked at appropriate times during
D. Feedback. the interview can
Answer (A) is incorrect. These methods may slow down a meeting. indicate that the interviewer is listening attentively. When done
Answer (B) is correct. Listening entails decoding and understanding correctly, this also
the first allows the interviewer to probe deeper when additional clarification is
message sent. The sender then becomes a listener with respect to needed.
the feedback. Answer (D) is incorrect. Making eye contact and using other
Hence, listening is necessary at both ends of the communication appropriate nonverbal
channel. Other cues characteristic of attentive listening will tend to put the speaker
aids to effective listening are using body language to encourage the at ease and
speaker, enhance the communication process.
showing appropriate emotion to signify empathy, understanding and [543] Gleim #: 6.3.30
correcting for Listening effectiveness is best increased by
one’s biases, avoiding making premature judgments, and briefly Resisting both internal and external A. distractions.
summarizing B. Waiting to review key concepts until the speaker is through
what has been said. talking.
Answer (C) is incorrect. These methods may or may not help C. Tuning out messages that do not seem to fit the meeting purpose.
depending on the D. Factoring in biases to evaluate the information being given.
purpose of the interview. Answer (A) is correct. Concentrating on what the speaker is saying
Answer (D) is incorrect. Only paraphrasing relates to feedback. is critical to
[542] Gleim #: 6.3.29 effective listening. This result is best achieved by resisting internal
Auditors must be effective listeners, especially when asking complex and external
questions. To distractions. Physical distractions such as noise, a tendency to be
improve their listening, auditors should take care to do all the overly aware of
following except the speaker’s physical and other differences from the listener,
A. Stop talking. It is very difficult to listen and talk at the same time. focusing on
B. Be patient. Allow the speaker ample time to respond. interesting details at the expense of major points, or emotional
C. Avoid all questions until the speaker has concluded. reactions to a
statement with which the listener disagrees should be avoided. about a reply is not listening.
Answer (B) is incorrect. Given that a person listens faster than a Answer (B) is incorrect. The nonverbal messages are not always
speaker talks, more important.
(s)he can review the key concepts silently without waiting for the Answer (C) is incorrect. An effective listener tries to remember the
speaker to important points.
conclude. This process helps the listener remember them better Being distracted by interesting details is a mistake because of the
without notes. danger of missing
Answer (C) is incorrect. Seemingly unrelated information may be critical information.
important. Answer (D) is correct. The mind can process information more
Answer (D) is incorrect. The listener should concentrate on the rapidly than most
information while people speak. Thus, the listener has time to analyze the information
listening. Later, that person can allow for bias on both the listener’s and determine
part and the what is most important and how it relates to known information. This
speaker’s part. process of active
[544] Gleim #: 6.3.31 listening helps the interviewer maintain focus.
An internal auditor is interviewing an employee. While listening to the [545] Gleim #: 6.3.32
interviewee, A supportive behavior that a listener, such as an auditor or a
the internal auditor should supervisor, can use to
A. Prepare a response to the interviewee. encourage a speaker is to
Take mental notes on the speaker’s nonverbal communication Look away from the speaker to avoid A. any intimidation.
because it is more B. Interject a similar incident or experience.
important than what is being said. C. Stop other activity or work while the person is talking.
B. D. Not respond verbally until the speaker stops talking.
Make sure all details, as well as the main ideas of the interviewee, Answer (A) is incorrect. Looking away is discouraging.
are Answer (B) is incorrect. Interruptions devalue the speaker and the
remembered. speaker’s
C. message.
Integrate the incoming information from the interviewee with Answer (C) is correct. An effective listener enhances the
information that is communication process
already known. by sending appropriate nonverbal signals to the speaker. Thus, even
D. though a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics person can probably listen and do some routine work, a listener who
(720 questions) wishes to
Copyright 2013 Gleim Publications Inc. Page 298 convey a positive and encouraging message should stop other
Printed for Sanja Knezevic activities and focus
fb.com/ciaaofficial complete attention on the speaker.
Answer (A) is incorrect. Planning a reply before the speaker has Answer (D) is incorrect. Complete silence may appear disapproving.
finished may cause [546] Gleim #: 6.3.33
the listener to miss an important point or make an unfounded When evaluating communication, the internal auditor should be
assumption. Thinking aware that nonverbal
communication together.
A. Is independent of a person’s cultural background. D.
B. Is often imprecise. Answer (A) is incorrect. Good listeners are objective, not
C. Always conveys a more truthful response than verbal judgmental.
communication. Answer (B) is correct. Active listening involves acceptance of the
D. Always conveys less information than verbal communication. speaker’s
Answer (A) is incorrect. Nonverbal communication is heavily ideas, that is, deferring judgment until the speaker has finished.
influenced by Empathy is a
culture. For example, a nod of the head may have opposite sensitive awareness of the speaker’s feelings, thoughts, and
meanings in different experience. An
cultures. empathic listener understands what the speaker wants to
Answer (B) is correct. Nonverbal communication (body language) communicate rather than
consists of what the listener wants to understand. Listening with intensity
facial expressions, vocal intonations, posture, gestures, appearance, involves
and physical concentrating on the speaker’s message and disregarding
distance. Thus, by its nature, nonverbal communication is much less distractions. An active
precise than listener also is responsible for completeness. (S)he considers
verbal communication. nonverbal and
Answer (C) is incorrect. Nonverbal communication is not necessarily emotional content and asks questions to clarify the communication.
more Answer (C) is incorrect. A good listener makes eye contact.
truthful than verbal communication. Answer (D) is incorrect. Formulating arguments and conclusions
Answer (D) is incorrect. Nonverbal communication can sometimes before the
convey more speaker has finished is the antithesis of acceptance.
information than verbal communication. [548] Gleim #: 6.4.35
Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditor must weigh the cost of an engagement procedure
(720 questions) against the
Copyright 2013 Gleim Publications Inc. Page 299 persuasiveness of the evidence to be gathered. Observation is one
Printed for Sanja Knezevic engagement
[547] Gleim #: 6.3.34 procedure that involves cost-benefit trade-offs. Which of the following
Internal auditors should be active listeners to gain the most statements
information in an internal regarding observation as an engagement technique is (are) true?
audit interview. Which of the following best describes how an active Observation is limited because individuals may react differently when
listener behaves being
in an interview? The listener observed.
Judges and evaluates the information A. as it is presented. I.
B. Listens with acceptance, empathy, and intensity. When testing financial statement balances, observation is more
C. Avoids looking directly at the speaker and interrupting his or her persuasive for the
train of thought. completeness assertion than it is for the existence assertion.
Formulates arguments and conclusions as pieces of the speaker’s II.
information fit
Observation is effective in providing information about how the measurement system” that the Industrial Products Division
organization’s implemented 2 years ago.
processes differ from those specified by written policies. This system consists of an annual mail survey conducted by the
III. division’s customer
A. I only. service office. A survey is sent to 100 purchasing departments
B. II only. randomly selected from
C. I and III only. all customers who made purchases in the prior 12 months. The
D. I, II, and III. survey is three pages
Gleim CIA Test Prep: Part 1 - Internal Audit Basics long, and its 30 questions use a mixture of response modes (e.g.,
(720 questions) some questions are
Copyright 2013 Gleim Publications Inc. Page 300 open-ended, some are multiple-choice, and others use a response
Printed for Sanja Knezevic scale). The customer
fb.com/ciaaofficial service office mails the survey in September and tabulates the
Answer (A) is incorrect. Observation also is effective for determining results for
whether written questionnaires returned by October 15. Only one mailing is sent. If
policies have been put into practice. the customer does
Answer (B) is incorrect. Observation is more persuasive for the not return the questionnaire, no follow-up is conducted. When the
existence assertion survey was last
than for the completeness assertion. conducted, 45 of the questionnaires were not returned. Nonresponse
Answer (C) is correct. Observation consists of watching the physical bias is often a
activities of the concern in conducting mail surveys. The main reason that
employees in the organization to see how they perform their duties. nonresponse bias can cause
The internal difficulties in a sample such as the one taken by the customer
auditor can determine whether written policies have been put into service office is that
practice. The sample means and standard errors are A. harder to compute.
Observation is limited because employees who know they are being B. Those who did not respond may be systematically different from
observed may those who did.
behave differently while being observed. Moreover, observation is C. The questionnaire is too short.
more persuasive for D. Confidence intervals are narrower.
the existence or occurrence assertion (whether assets or liabilities Answer (A) is incorrect. Formulas are as easy to use with bad data
exist and whether as with good
transactions have occurred) than for the completeness assertion data.
(whether all Answer (B) is correct. The sample will not be truly random if
transactions that should be reported are reported). respondents as a
Answer (D) is incorrect. Observation is more persuasive for the group differ from nonrespondents. Thus, people may choose not to
existence assertion respond for
than for the completeness assertion. reasons related to the purpose of the questionnaire.
[549] Gleim #: 6.4.36 Answer (C) is incorrect. Longer questionnaires increase
An internal auditing team has been assigned to review “the customer nonresponse bias.
satisfaction
Answer (D) is incorrect. Nonresponse decreases sample size, so Answer (C) is incorrect. Audiovisual aids, complex sequences, and
confidence other
intervals would be wider rather than narrower. varieties of questions are made possible by the interactive nature of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics interviews.
(720 questions) Answer (D) is correct. One of the principal advantages of mail
Copyright 2013 Gleim Publications Inc. Page 301 surveys is their
Printed for Sanja Knezevic cost efficiency. Mailing costs are lower than the costs of telephone
[550] Gleim #: 6.4.37 interviews and
An internal auditing team has been assigned to review “the customer still lower than the costs of face-to-face interviews.
satisfaction Gleim CIA Test Prep: Part 1 - Internal Audit Basics
measurement system” that the Industrial Products Division (720 questions)
implemented 2 years ago. Copyright 2013 Gleim Publications Inc. Page 302
This system consists of an annual mail survey conducted by the Printed for Sanja Knezevic
division’s customer fb.com/ciaaofficial
service office. A survey is sent to 100 purchasing departments [551] Gleim #: 6.4.38
randomly selected from An internal auditing team has been assigned to review “the customer
all customers who made purchases in the prior 12 months. The satisfaction
survey is three pages measurement system” that the Industrial Products Division
long, and its 30 questions use a mixture of response modes (e.g., implemented 2 years ago.
some questions are This system consists of an annual mail survey conducted by the
open-ended, some are multiple-choice, and others use a response division’s customer
scale). The customer service office. A survey is sent to 100 purchasing departments
service office mails the survey in September and tabulates the randomly selected from
results for all customers who made purchases in the prior 12 months. The
questionnaires returned by October 15. Only one mailing is sent. If survey is three pages
the customer does long, and its 30 questions use a mixture of response modes (e.g.,
not return the questionnaire, no follow-up is conducted. When the some questions are
survey was last open-ended, some are multiple-choice, and others use a response
conducted, 45 of the questionnaires were not returned. Which of the scale). The customer
following is not service office mails the survey in September and tabulates the
an advantage of face-to-face interviews over mail surveys? results for
The response rate is A. typically higher. questionnaires returned by October 15. Only one mailing is sent. If
B. Interviewers can increase a respondent’s comprehension of the customer does
questions. not return the questionnaire, no follow-up is conducted. When the
C. Survey designers can use a wider variety of types of questions. survey was last
D. They are less expensive because mailing costs are avoided. conducted, 45 of the questionnaires were not returned. Many
Answer (A) is incorrect. Mail surveys often have low response rates. questionnaires are made
Answer (B) is incorrect. The interviewer’s ability to interpret up of a series of different questions that use the same response
responses and categories (e.g.,
rephrase questions increases response quality.
strongly agree, agree, neither, disagree, strongly disagree). Some An internal auditing team has been assigned to review “the customer
designs will have satisfaction
different groups of respondents answer alternative versions of the measurement system” that the Industrial Products Division
questionnaire that implemented 2 years ago.
present the questions in different orders and reverse the orientation This system consists of an annual mail survey conducted by the
of the endpoints of division’s customer
the scale (e.g., agree on the right and disagree on the left or vice service office. A survey is sent to 100 purchasing departments
versa). The purpose of randomly selected from
such questionnaire variations is to all customers who made purchases in the prior 12 months. The
Eliminate intentional A. misrepresentations. survey is three pages
B. Reduce the effects of pattern response tendencies. long, and its 30 questions use a mixture of response modes (e.g.,
C. Test whether respondents are reading the questionnaire. some questions are
Make it possible to get information about more than one population open-ended, some are multiple-choice, and others use a response
parameter scale). The customer
using the same questions. service office mails the survey in September and tabulates the
D. results for
Answer (A) is incorrect. Questionnaire variations cannot eliminate questionnaires returned by October 15. Only one mailing is sent. If
intentional the customer does
misrepresentations. not return the questionnaire, no follow-up is conducted. When the
Answer (B) is correct. The sequence and format of questions have survey was last
many known conducted, 45 of the questionnaires were not returned. Several of
effects. For example, questions should be in a logical order, and the internal auditing
personal team members are concerned about the low response rate, the poor
questions should be asked last because of the emotions they may quality of the
evoke. One questionnaire design, and the potentially biased wording of some of
method for reducing these effects is to use questionnaire variations the questions.
that cause They suggest that the customer service office might want to
these biases to average out across the sample. supplement the survey
Answer (C) is incorrect. Questionnaire variations cannot test with some unobtrusive data collection such as observing customer
whether respondents interactions in the
are reading the questionnaire. office or collecting audiotapes of phone conversations with
Answer (D) is incorrect. Questionnaire variations cannot make it customers. Which of the
possible to get following is not a potential advantage of unobtrusive data collection
information about more than one population parameter using the compared to
same questions. surveys or interviews?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Interactions with customers can be observed as they occur in their A.
(720 questions) natural setting.
Copyright 2013 Gleim Publications Inc. Page 303 B. It is easier to make precise measurements of the variables under
Printed for Sanja Knezevic study.
[552] Gleim #: 6.4.39 C. Unexpected or unusual events are more likely to be observed.
D. People are less likely to alter their behavior because they are Answer (B) is incorrect. Ratio analysis considers the internal
being studied. relationships of financial
Answer (A) is incorrect. Observing the phenomenon in its natural data.
setting Answer (C) is incorrect. Use of rating scales requires the participant
eliminates some aspects of experimental bias. to participate
Answer (B) is correct. Lack of experimental control and actively. Thus, it is not unobtrusive.
measurement precision Answer (D) is correct. A rating scale may be used when a range of
are weaknesses of observational research. Another is that some opinions is
things, such as expected. The scale represents a continuum of responses. In this
private behavior, attitudes, feelings, and motives, cannot be case, it reflects
observed. probability statements.
Answer (C) is incorrect. The possibility of observing unexpected or [554] Gleim #: 6.4.41
unusual Which of the following procedures is the least effective in gathering
behavior makes unobtrusive measures useful for exploratory information about
investigations. the nature of the processing and potential problems?
Answer (D) is incorrect. If research subjects are unaware of being Interview supervisors in the claims department to find out more about
studied, they the
are less likely to do what they think the researcher wants, censor procedures used, and the rationale for the procedures, and obtain
their comments, their
etc. observations about the nature and efficiency of processing.
[553] Gleim #: 6.4.40 A.
An internal auditing team developed a preliminary questionnaire with Send an email message to all clerical personnel detailing the alleged
the following problems and
response choices: request them to respond.
I. Probably not a problem B.
II. Possibly a problem Interview selected clerical employees in the claims department to
III. Probably a problem find out more
The questionnaire illustrates the use of about the procedures used, and the rationale for the procedures, and
A. Trend analysis. obtain their
B. Ratio analysis. observations about the nature and efficiency of processing.
C. Unobtrusive measures or observations. C.
D. Rating scales. Distribute a questionnaire to gain a greater understanding of the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics responsibilities
(720 questions) for claims processing and the control procedures utilized.
Printed for Sanja Knezevic Answer (A) is incorrect. Interviewing supervisors and employees is
fb.com/ciaaofficial a good
Answer (A) is incorrect. Trend analysis extrapolates past and method of learning more about the nature of processing and
current conditions. soliciting input as to
the potential causes of the problems being investigated. These Being incapable of translating the experience or sound reasoning
individuals are intended to be
intimately involved with the processing of transactions. captured by each item on the checklist.
Answer (B) is correct. Sending an email message to clerical staff is D.
the least Answer (A) is incorrect. A checklist may omit factors the importance
effective communication and information-gathering technique. It is of which
impersonal could not be foreseen.
and alleges inefficiencies before evidence has indicated that the Answer (B) is incorrect. Each item will not be of equal significance.
problems are Answer (C) is correct. Checklists increase the uniformity of data
caused by inefficiencies in processing. This impersonal method acquisition.
might have been They ensure that a standard approach to assessing risk is taken and
useful if the auditor wished to solicit open responses, but not enough minimize the
guidance is possibility of omitting consideration of factors that can be anticipated.
given to encourage that kind of response. Answer (D) is incorrect. A checklist does not substitute for the sound
Answer (C) is incorrect. Interviewing supervisors and employees is professional judgment needed to understand the process of
a good assessing risk.
method of learning more about the nature of processing and [556] Gleim #: 6.5.43
soliciting input as to The chief audit executive was reviewing recent reports that had
the potential causes of the problems being investigated. These recommended
individuals are additional engagements because of risk exposures to the
intimately involved with the processing of transactions. organization. Which of the
Answer (D) is incorrect. Using a questionnaire is a procedure that is following represents the greatest risk and should be the next
not as assignment?
effective as interviewing individuals, but it is an efficient method of A. Three prenumbered receiving reports were missing.
gathering B. There were several purchase orders issued without purchase
preliminary information that would be useful in structuring the requisitions.
interviews. Payment had been made for routine inventory items without a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics purchase order or
(720 questions) receiving report.
Printed for Sanja Knezevic D. Several times cash receipts had been held over an extra day
[555] Gleim #: 6.4.42 before depositing.
Checklists used to assess risk have been criticized for all of the Answer (A) is incorrect. The absence of a receiving report or
following reasons purchase requisition
except will prevent payment if disbursements are properly controlled.
Providing a false sense of security that all relevant factors A. are Answer (B) is incorrect. Certain routine purchases may not require
addressed. requisitions.
B. Inappropriately implying equal weight to each item on the Answer (C) is correct. Payment vouchers for merchandise should be
checklist. supported by
C. Decreasing the uniformity of data acquisition.
(1) a properly authorized purchase requisition, (2) a purchase order Answer (D) is correct. One purpose of the risk assessment is to
executing the highlight areas
transaction, (3) a receiving report indicating all goods ordered have that should be addressed during the engagement. A potentially major
been received control
in good condition, and (4) a vendor invoice confirming the amount deficiency is a significant area warranting special emphasis and
owed. Lack of should be noted to
such support for cash payments suggests a high risk of fraud. ensure the needed coverage in the engagement work program.
Answer (D) is incorrect. Assuming other controls are in place, the [558] Gleim #: 6.5.45
extent of the Data-gathering activities such as interviewing operating personnel,
risk is the loss of 1 day’s receipts. identifying
Gleim CIA Test Prep: Part 1 - Internal Audit Basics standards to be used to evaluate performance, and assessing risks
(720 questions) inherent in a
Copyright 2013 Gleim Publications Inc. Page 306 department’s operations are typically performed in which phase of an
Printed for Sanja Knezevic audit
fb.com/ciaaofficial engagement?
[557] Gleim #: 6.5.44 A. Field work.
During a preliminary survey of the accounts receivable function, an B. Preliminary survey.
internal auditor C. Engagement program development.
discovered a potentially major control deficiency while preparing a D. Examination and evaluation of evidence.
flowchart. What Answer (A) is incorrect. The preliminary survey must be performed
immediate action should the internal auditor take regarding the before the
weakness? field work can be undertaken.
Perform sufficient testing to determine its A. cause and effect. Answer (B) is correct. Internal auditors must conduct a preliminary
B. Report it to the level of management responsible for corrective assessment of
action. the risks relevant to the activity under review. Engagement objectives
Schedule a separate engagement to evaluate that segment of the must reflect
accounts the results of this assessment (Impl. Std. 2210.A1). Moreover,
receivable function. planning should
C. include performing, as appropriate, a survey to (1) become familiar
Highlight the weakness to ensure that procedures to test it are with the
included in the activities, risks, and controls to identify areas for engagement
engagement work program. emphasis and
D. (2) invite comments and suggestions from engagement clients (PA
Answer (A) is incorrect. Testing of the control will be performed 2210.A1-1,
during the field para. 3). Thus, among many other things, a survey should include
work phase of the engagement. discussions with
Answer (B) is incorrect. There is no need to report the potential the engagement client (e.g., interviews with operating personnel) and
defect. Testing is documenting key control activities (including identifying performance
needed before reporting the defect to management. standards).
Answer (C) is incorrect. A separate engagement is not needed.
Answer (C) is incorrect. The preliminary survey must be performed Answer (D) is incorrect. The evaluation of internal control is based
before the on
engagement program can be developed. professional judgment. Information based on judgment is subjective.
Answer (D) is incorrect. The preliminary survey must be performed [560] Gleim #: 6.5.47
before the Levels of production stoppages over the past year at a large
evidence can be examined or evaluated. laminating business were
Gleim CIA Test Prep: Part 1 - Internal Audit Basics abnormally high due to machine malfunctions. Would it be
(720 questions) appropriate for the internal
Copyright 2013 Gleim Publications Inc. Page 307 auditing function to develop a survey examining attitudes toward line
Printed for Sanja Knezevic operations,
[559] Gleim #: 6.5.46 rotation of work zones, training, maintenance schedule, etc., for the
Internal auditors must make a preliminary assessment of risks when machine operators
conducting an to complete?
assurance engagement. This assessment may involve quantitative A. Yes, the survey is reliable without corroboration.
(objective) and B. Yes, the examined areas are relevant to the malfunctions.
subjective factors. The least subjective factor is C. No, the examined areas are irrelevant to the malfunctions.
The organization’s recognized losses A. on derivatives. D. No, the survey is inappropriate without corroboration.
B. The auditor’s assessment of management responses. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
C. Changes in the auditee’s business forecast. (720 questions)
D. The evaluation of internal control. Copyright 2013 Gleim Publications Inc. Page 308
Answer (A) is correct. In planning the engagement, internal auditors Printed for Sanja Knezevic
must fb.com/ciaaofficial
consider the significant risks and the means by which the potential Answer (A) is incorrect. Reliability without corroboration is not the
impact of risk reason why the
is kept to an acceptable level (Perf. Std. 2201). Risk factors have use of the survey is appropriate. The auditors should keep in mind
differing degrees the potential need to
of objectivity. The most objective (least subjective) factors are facts. corroborate the information before making any final assessment.
The Answer (B) is correct. Internal auditors must conduct a preliminary
organization’s losses on derivatives are facts and therefore objective assessment of the
to the extent risks relevant to the activity under review. Engagement objectives
measurable. Objective information is such that it can be supported by must reflect the
facts or results of this assessment (Impl. Std. 2210.A1). If appropriate,
numbers. Subjective information is a judgment and may be internal auditors
interpreted differently conduct a survey to (1) become familiar with the activities, risks, and
by different people. controls to
Answer (B) is incorrect. The auditor’s assessment of management identify areas for engagement emphasis and (2) invite comments
responses is a and suggestions from
professional judgment. engagement clients (PA 2210.A1-1, para. 3). The survey is
Answer (C) is incorrect. The business forecast is not a fact. appropriate as a means to
conduct a preliminary assessment because the examined areas are Answer (C) is incorrect. The failure to adhere to organizational
relevant. The policies, plans,
auditors should keep in mind the potential need to corroborate the and procedures or to comply with relevant laws and regulations is
information before just one type of
making any final assessment, but this does not prevent use of the adverse effect that can result from unmitigated risk.
survey. Answer (D) is incorrect. The failure to accomplish established
Answer (C) is incorrect. The examined areas are relevant to the objectives and
malfunctions. goals for operations or programs is just one type of adverse effect
Answer (D) is incorrect. The need for corroboration will be that can result
determined after the from unmitigated risk.
survey is completed. The possible need for corroboration does not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
preclude the use of (720 questions)
the survey. Copyright 2013 Gleim Publications Inc. Page 309
In planning an engagement, the internal auditor establishes [562] Gleim #: 6.5.49
objectives to address the Which of the following activities represents the greatest risk to a
risk associated with the activity. Risk is the post-merger
Possibility that the balance or class of transactions and related manufacturing organization and is therefore most likely to be the
assertions contains subject of an internal
misstatements that could be material to the financial statements. audit engagement?
A. Combining A. imprest funds.
Uncertainty of the occurrence of an event that could affect the B. Combining purchasing functions.
achievement of C. Combining legal functions.
objectives. D. Combining marketing functions.
B. Answer (A) is incorrect. Imprest funds are typically immaterial in
Failure to adhere to organizational policies, plans, and procedures or amount.
to comply Answer (B) is correct. Purchasing functions ordinarily represent the
with relevant laws and regulations. greatest
C. exposure to loss of the items listed and are therefore most likely to
Failure to accomplish established objectives and goals for operations be evaluated.
D. or programs. The financial exposure in the purchasing function is ordinarily greater
Answer (A) is incorrect. The risk of material misstatement in than in, for
financial statement example, the legal and marketing functions. After a merger, risk is
assertions is just one adverse effect that can result from unmitigated heightened
risk. because of the difficulty of combining the systems of the two
Answer (B) is correct. Risk is the possibility that an event having an organizations. Thus,
impact on the likelihood of an engagement is increased.
the achievement of objectives will occur. Risk is measured in terms Answer (C) is incorrect. Legal functions do not typically represent a
of impact and risk of loss
likelihood (The IIA Glossary). as great as the purchasing functions.
Answer (D) is incorrect. Marketing functions do not typically Printed for Sanja Knezevic
represent a risk of fb.com/ciaaofficial
loss as great as the purchasing functions. Answer (A) is incorrect. Independence is jeopardized when an
[563] Gleim #: 6.6.50 operator is involved in
An auditor is least likely to use computer software to the process.
A. Construct parallel simulations. Answer (B) is correct. Independence can be preserved when the
B. Access client data files. auditor acquires
C. Prepare spreadsheets. general audit software (GAS) from an external source rather than
D. Assess computer control risk. relying on auditeedeveloped
Answer (A) is incorrect. Parallel simulation involves using an audit software. Also, efficiency is enhanced to the extent GAS can be
auditor’s program used
to reproduce the logic of management’s program. (as compared to manual auditing or writing special audit programs).
Answer (B) is incorrect. Computer software makes accessing The leading GAS
company files packages are currently ACL and IDEA.
much faster and easier. Answer (C) is incorrect. Printing out the entire file is both
Answer (C) is incorrect. Many audit spreadsheet programs are unnecessary and inefficient.
available. Answer (D) is incorrect. Overreliance on an auditee’s programmer
Answer (D) is correct. The auditor is required to evaluate the impairs
adequacy and independence.
effectiveness of the system of internal control and to assess risk to [565] Gleim #: 6.6.52
plan the audit. Which of the following cannot be performed by an auditor using
This assessment is a matter of professional judgment that cannot be generalized audit
accomplished software (GAS)?
with a computer alone. Identifying missing A. check numbers.
[564] Gleim #: 6.6.51 B. Correcting erroneous data elements, making them suitable for
When an auditor performs tests on a computerized inventory file audit testwork.
containing over C. Matching identical product information in separate data files.
20,000 line items, that auditor can maintain independence and D. Aging accounts receivable.
perform most Answer (A) is incorrect. Identifying gaps is a function of major GAS
efficiently by packages.
A. Asking the console operator to print every item that costs more Answer (B) is correct. GAS can help an auditor identify erroneous
than US $100. data, but
B. Using a generalized audit software package. correcting them before performing testwork is inappropriate.
C. Obtaining a printout of the entire file and then selecting each nth Answer (C) is incorrect. Merging files is a function of GAS
item. packages.
D. Using the systems department’s programmer to write an Answer (D) is incorrect. Aging is a function of GAS packages.
extraction program. [566] Gleim #: 6.6.53
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Which of the following is not true about audit use of the Internet?
(720 questions) A. It is a useful research tool for gathering audit-related information.
Copyright 2013 Gleim Publications Inc. Page 310 B. It provides a secure medium to transmit confidential information.
C. Electronic communication is the major use of the Internet by D.
internal auditors. Answer (A) is incorrect. Self-checking digits and hash totals are
D. An electronic record of a user’s web browsing activities is created. application
Answer (A) is incorrect. The Internet is a useful audit tool for controls used by clients.
gathering and Answer (B) is incorrect. GAS may permit far more comprehensive
disseminating audit-related information. tests of
Answer (B) is correct. Users transmitting sensitive information controls than in a manual audit.
across the Internet Answer (C) is correct. A detailed knowledge of the client’s system is
must understand the threats that arise that could compromise the unnecessary
confidentiality of because a generalized audit software package is designed to
the data. Security measures, such as encryption technology, need to process data files
be taken to from almost any platform. The leading packages are currently ACL
ensure that the information is viewed only by those authorized to (Audit
view it. Command Language) and IDEA (Interactive Data Extraction and
Answer (C) is incorrect. The major use of the Internet by internal Analysis).
auditors is Answer (D) is incorrect. The auditor is required to apply analytical
electronic communication. procedures in
Answer (D) is incorrect. Web browsing leaves an electronic record the planning and overall review phases of the audit.
of the user’s [568] Gleim #: 6.6.55
search path. Which of the following strategies will an auditor most likely consider
Gleim CIA Test Prep: Part 1 - Internal Audit Basics in auditing an
(720 questions) entity that processes most of its financial data only in electronic form,
Copyright 2013 Gleim Publications Inc. Page 311 such as a
Printed for Sanja Knezevic paperless system?
[567] Gleim #: 6.6.54 Continuous monitoring and analysis of transaction processing with
A primary advantage of using generalized audit software (GAS) an embedded
packages in auditing audit module.
the financial statements of a client that uses a computer system is A.
that the auditor may Increased reliance on internal control activities that emphasize the
Substantiate the accuracy of data through self-checking digits A. and segregation of
hash totals. duties.
B. Reduce the level of required tests of controls to a relatively small B.
amount. Verification of encrypted digital certificates used to monitor the
Access information stored on computer files without a complete authorization of
understanding of transactions.
the client’s hardware and software features. C.
C. Extensive testing of firewall boundaries that restrict the recording of
Consider increasing the use of substantive tests of transactions in outside
place of network traffic.
analytical procedures. D.
Answer (A) is correct. An audit module embedded in the client’s D.
software Answer (A) is incorrect. Embedded audit modules are no more
routinely selects and abstracts certain transactions. They may be vulnerable to
tagged and traced computer viruses than any other software.
through the information system. An alternative is recording in an Answer (B) is incorrect. The advantage of embedded audit modules
audit log, that is, is that
in a file accessible only by the auditor. auditors are not required to monitor them continuously to obtain valid
Answer (B) is incorrect. The same level of segregation of duties as results.
in a manual Answer (C) is incorrect. Embedded audit modules cannot be easily
system is not feasible in highly sophisticated computer systems. modified
Answer (C) is incorrect. Encrypted digital signatures help ensure the through management tampering.
authenticity Answer (D) is correct. Continuous monitoring and analysis of
of the sender of information, but verifying them is a less pervasive transaction
and significant processing can be achieved with an embedded audit module. To be
procedure than continuous monitoring of transactions. successful, the
Answer (D) is incorrect. Firewalls exclude unauthorized activity from internal auditor may need to be involved in the design of the
entering a application.
system; however, such activity would be independent of the internal Designing the system may impair independence unless the client
processing of makes all
financial information. management decisions.
(720 questions) If a financial institution overstated revenue by charging too much of
Copyright 2013 Gleim Publications Inc. Page 312 each loan
Printed for Sanja Knezevic payment to interest income and too little to repayment of principal,
fb.com/ciaaofficial which of the
[569] Gleim #: 6.6.56 following audit procedures would be least likely to detect the error?
Which of the following is the primary reason that many auditors Performing an analytical review by comparing interest income this
hesitate to use period as a
embedded audit modules? percentage of the loan portfolio with the interest income percentage
Embedded audit modules cannot be protected from A. computer for the prior
viruses. period.
Auditors are required to monitor embedded audit modules A.
continuously to obtain Using an integrated test facility (ITF) and submitting interest
valid results. payments for various
B. loans in the ITF portfolio to determine if they are recorded correctly.
C. Embedded audit modules can easily be modified through B.
management tampering. Using test data and submitting interest payments for various loans in
Auditors are required to be involved in the system design of the the test
application to be portfolio to determine if they are recorded correctly.
monitored. C.
Using generalized audit software to select a random sample of loan [571] Gleim #: 6.6.58
payments What computer-assisted audit technique (CAAT) would an auditor
made during the period, calculating the correct posting amounts, and use to identify a
tracing the fictitious or terminated employee?
postings that were made to the various accounts. Parallel simulation of payroll A. calculations.
D. B. Exception testing for payroll deductions.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Recalculations of net pay.
(720 questions) D. Tagging and tracing of payroll tax-rate changes.
Copyright 2013 Gleim Publications Inc. Page 313 Answer (A) is incorrect. In a parallel simulation, data that were
Printed for Sanja Knezevic processed by the
Answer (A) is correct. Analytical review is the least effective engagement client’s system are reprocessed through the auditor’s
procedure. It provides program to
only a comparison with the prior period when the same error may determine whether the output obtained matches the output
have been made. generated by the
Moreover, it is a global test that does not isolate the cause of a client’s system. This technique might identify problems with the
suspected misstatement. client’s
Answer (B) is incorrect. The concern is whether the interest rate processing but would not identify a fictitious or terminated employee.
calculation is made Answer (B) is correct. Exception testing for payroll deductions is a
correctly. Using an ITF, the auditor creates a test record within the type of CAAT
client’s actual that can identify employees who have no deductions. This is
system. Fictitious transactions affecting the test record along with important because
actual transactions fictitious or terminated employees will generally not have any
are processed. Client operating personnel need not be aware of the deductions.
testing process. Answer (C) is incorrect. A CAAT program can recalculate such
Accordingly, an ITF is an effective way to detect computational amounts as gross
errors. pay, net pay, taxes and other deductions, and accumulated or used
Answer (C) is incorrect. Using the test data approach, the auditor leave times.
develops and These recalculations can help determine whether the payroll
processes a set of valid and invalid transactions using the client’s program is operating
application correctly or employee files have been altered, but it would not identify
programs. Based on the understanding of the programmed controls, a fictitious
the auditor has an or terminated employee.
expectation of the results of the processing. The auditor can Answer (D) is incorrect. In this type of CAAT program, certain actual
determine if the client’s transactions are “tagged.” As they proceed through the system, a
controls are working effectively to reject and report invalid and data file is
questionable created that traces the processing through the system and permits
transactions. subsequent
Answer (D) is incorrect. Using GAS is the most effective procedure. review of that processing. However, this procedure would not identify
The auditor is a fictitious
taking a detailed sample of actual transactions. or terminated employee.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A.
(720 questions) Develop monitoring programs to identify unusual types of claims or
Copyright 2013 Gleim Publications Inc. Page 314 an unusual
Printed for Sanja Knezevic number of claims by demographic classes for investigation by the
fb.com/ciaaofficial claims
[572] Gleim #: 6.6.59 department.
An organization provides credit cards to selected employees for B.
business use. The Use generalized audit software to match the claimant identification
credit card company provides a computer file of all transactions by number with a
employees of the master list of valid policyholders.
organization. An auditor plans to use generalized audit software C.
(GAS) to select Develop batch controls over all items received from a particular
relevant transactions for testing. Which of the following would not be hospital and
readily process those claims in batches.
identified using GAS? D.
High-monetary-A. amount transactions. Answer (A) is incorrect. An integrated test facility is useful in
B. Fraudulent transactions. determining the
C. Transactions for specific cardholders. correctness of processing of validly entered transactions. The issue
D. Suppliers used by each cardholder. in this case is
Answer (A) is incorrect. GAS can be used to search for unusual the validity of the entered transactions.
transactions, Answer (B) is correct. Monitoring assesses the quality of internal
such as those exceeding a specific dollar amount. control over
Answer (B) is correct. It is highly unlikely that the accounts payable time. Ongoing monitoring occurs as part of routine operations. It
system includes
contains sufficient evidence of fraudulent transactions. GAS can be management and supervisory review, comparisons, reconciliations,
used to and other
explore indicators of fraud, but it probably would not identify them. actions by personnel as part of their regular activities. Thus,
Answer (C) is incorrect. Transaction data can be filtered using GAS. monitoring of the
Answer (D) is incorrect. Suppliers used by cardholders can be number and nature of claims may serve to detect failures of internal
summarized using control.
GAS. Answer (C) is incorrect. An edit control should be built into the
[573] Gleim #: 6.6.60 application to
Insurers may receive hospitalization claims directly from hospitals by test for valid policy numbers.
computer media; Answer (D) is incorrect. Batch controls are designed to ensure that
no paper is transmitted from the hospital to the insurer. Which of the all items
following submitted are processed, i.e., that they are not lost or added to.
controls is most effective in detecting fraud in such an environment? Batch controls
Use integrated test facilities to test the correctness of processing in a serve a control purpose, but the major concern in this situation is the
manner that validity of
is transparent to data processing. the input.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Accounts payable schedule verification may include the use of
(720 questions) analytical information.
Copyright 2013 Gleim Publications Inc. Page 315 Which of the following is analytical information?
Printed for Sanja Knezevic A. Comparing the schedule with the accounts payable ledger or
[574] Gleim #: 6.6.61 unpaid voucher file.
A company that has many branch stores has decided to use its best- B. Comparing the balance on the schedule with the balances of prior
performing store as years.
a benchmark organization for the purpose of analyzing the accuracy Comparing confirmations received from selected creditors with the
and reliability of accounts
branch store financial reporting. Which one of the following is the payable ledger.
most likely measure C.
to be included in a financial benchmark? D. Examining vendors’ invoices in support of selected items on the
High turnover A. of employees. schedule.
B. High level of employee participation in setting budgets. Answer (A) is incorrect. Comparing the schedule with the accounts
C. High amount of bad debt write-offs. payable
D. High number of suppliers. ledger or unpaid voucher file is a test of details.
Answer (A) is incorrect. Turnover of employees is an internal Answer (B) is correct. Analytical procedures are useful in identifying
nonfinancial (1)
benchmark. unexpected differences, (2) the absence of differences when they
Answer (B) is incorrect. Employee participation in setting budgets is are expected, (3)
an internal potential errors, (4) potential fraud or illegal acts, or (5) other unusual
nonfinancial benchmark. or
Answer (C) is correct. Internal benchmarking is the application of nonrecurring transactions or events (PA 2320-1, para. 2). Thus, they
best practices may include
in one part of the organization (e.g., a high-performing branch store) comparison of current-period information with budgets, forecasts, or
to its other similar
parts (other branches). This process requires, among other things, information for prior periods.
use of Answer (C) is incorrect. Comparing confirmations received from
quantitative and qualitative measures. A key indicator for financial selected
performance creditors with the accounts payable ledger is a test of details.
measurement is the amount of bad debt write-offs. A high level of Answer (D) is incorrect. Examining vendors’ invoices in support of
bad debt writeoffs selected
could indicate fraud, which would compromise the accuracy and items on the schedule is a test of details.
reliability of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
financial reports. Bad debt write-offs may result from recording (720 questions)
fictitious sales. Copyright 2013 Gleim Publications Inc. Page 316
Answer (D) is incorrect. The number of suppliers is not a financial Printed for Sanja Knezevic
benchmark. fb.com/ciaaofficial
[575] Gleim #: 6.7.62 [576] Gleim #: 6.7.63
Analytical procedures
Are considered direct information about the assertion A. being determining the extent to which analytical procedures should be used
evaluated. during the
B. Involve such tests as confirmation of receivables. engagement:
C. May provide the best available information for the completeness A. Adequacy of the system of internal control.
assertion. B. Significance of the area being examined.
D. Are never sufficient by themselves to support management C. Precision with which the results of analytical audit procedures can
assertions. be predicted.
Answer (A) is incorrect. Although relevant, analytical information is D. All of the answers are correct.
not direct. It Answer (A) is incorrect. The adequacy of the system of internal
is a means of gathering information without testing particular control should be
transactions considered.
directly. Answer (B) is incorrect. The significance of the area being
Answer (B) is incorrect. Analytical information involves a study of examined should be
plausible considered.
relationships among data. Confirmation is a substantive test of Answer (C) is incorrect. The precision with which the results of
details. analytical
Answer (C) is correct. Analytical procedures usually involve procedures can be predicted should be considered.
summarizing and Answer (D) is correct. When determining the extent to which
comparing data so that trends and other important relationships may analytical
be detected. procedures should be used, the internal auditor considers (1) the
Procedures range from simple comparisons of amounts reported to significance of
advanced the area being examined, (2) the assessment of risk management in
statistical and modeling techniques. The use of analytical procedures the audited
involves area, (3) the adequacy of the internal control system, (4) the
judgment and focuses on the overall reasonableness of recorded availability and
amounts. Thus, reliability of financial and nonfinancial information, (5) the precision
analytical procedures provide information that all transactions and with which
accounts that the results of analytical audit procedures can be predicted, (6) the
should be presented are included. In some circumstances, the availability and
internal auditor may comparability of information regarding the industry in which the
be able to determine that analytical procedures by themselves organization
provide the desired operates, and (7) the extent to which other procedures provide
level of assurance. evidence (PA 2320-
Answer (D) is incorrect. For assertions of low materiality, analytical 1, para. 5).
information Gleim CIA Test Prep: Part 1 - Internal Audit Basics
may be considered sufficient. (720 questions)
During an engagement, the internal auditor should consider the Printed for Sanja Knezevic
following factor(s) in [578] Gleim #: 6.7.65
The internal auditor of an organization with a recently automated results from comparing information with expectations identified or
human resources developed by
system reviews the retirement benefits plan and determines that the the internal auditor. Analytical procedures are useful in identifying (1)
pension and unexpected
medical benefits have been changed several times in the past 10 differences, (2) the absence of differences when they are expected,
years. The internal (3) potential
auditor wishes to determine whether further investigation is justified. errors, (4) potential fraud or illegal acts, or (5) other unusual or
The most nonrecurring
appropriate engagement procedure is to transactions or events (PA 2320-1, para. 2). Accordingly, significant
Review the trend of overall retirement expense over the last 10 changes,
years. If it has such as those in pension and medical benefits, require the internal
increased, further investigation is needed. auditor to refine
A. his/her expectations. In these circumstances, the internal auditor
Use generalized audit software to take a monetary-unit sample of must stratify the
retirement pay sample according to the plans in effect when the employees retired
and determine whether each retired employee was paid correctly. and develop a
B. predicted result for each person based on the stratum to which (s)he
Review reasonableness of retirement pay and medical expenses on belongs.
a per-person Answer (D) is incorrect. Taking an attribute sample of retirement pay
basis stratified by which plan was in effect when the employee does not
retired. meet the engagement objective of determining whether further
C. investigation is
Use generalized audit software to take an attribute sample of warranted.
retirement pay and [579] Gleim #: 6.7.66
perform detailed testing to determine whether each person chosen Analytical procedures enable the internal auditor to predict the
was given the balance or quantity of
proper benefits. an item. Information to develop this estimate can be obtained by all
D. of the following
Answer (A) is incorrect. Reviewing the trend of overall retirement except
expense over Tracing transactions through the system to determine whether
the last 10 years does not consider the changes in plans or the procedures are
number of being applied as prescribed.
employees retired. A.
Answer (B) is incorrect. The sample should be stratified. The Comparing financial data with data for comparable prior periods,
population is not anticipated
homogeneous. results (e.g., budgets and forecasts), and similar data for the industry
Answer (C) is correct. Analytical procedures often provide the in which the
internal auditor entity operates.
with an efficient and effective means of obtaining evidence. The B.
assessment
Studying the relationships of elements of financial data that would be Adequacy of financial statement A. disclosure.
expected to B. Existence of specific errors or omissions.
conform to a predictable pattern based upon the entity’s experience. C. Overall reasonableness of statement contents.
C. D. Use of an erroneous cutoff date.
Studying the relationships of financial data with relevant D. Answer (A) is incorrect. Analytical procedures concern
nonfinancial data. interrelationships among
Gleim CIA Test Prep: Part 1 - Internal Audit Basics data, not the propriety of disclosure.
(720 questions) Answer (B) is incorrect. Analytical procedures are concerned with
Copyright 2013 Gleim Publications Inc. Page 318 overall
Printed for Sanja Knezevic reasonableness, not the existence of specific errors.
fb.com/ciaaofficial Answer (C) is correct. Analytical procedures often provide the
Answer (A) is correct. Tracing transactions through the system is a internal auditor
test of controls with an efficient and effective means of obtaining evidence. The
directed toward the operating effectiveness of internal control, not an assessment
analytical results from comparing information with expectations identified or
procedure. developed by
Answer (B) is incorrect. The basic premise of analytical procedures the internal auditor. Analytical procedures are useful in identifying (1)
is that plausible unexpected
relationships among data may be reasonably expected to exist and differences, (2) the absence of differences when they are expected,
continue in the (3) potential
absence of known conditions to the contrary. Well-drafted budgets errors, (4) potential fraud or illegal acts, or (5) other unusual or
and forecasts nonrecurring
prepared at the beginning of the year should therefore be compared transactions or events (PA 2320-1, para. 2). Thus, a comparison of
with actual results, current-period
and engagement client information should be compared with data for information with budgets or previous-period information is helpful in
the industry in planning the
which the engagement client operates. engagement. This comparison may identify conditions, such as
Answer (C) is incorrect. The internal auditor should expect financial unreasonable
ratios and amounts in financial statements, that may require subsequent
relationships to exist and to remain relatively stable in the absence of engagement
reasons for procedures.
variation. Answer (D) is incorrect. Analytical procedures detect unreasonable
Answer (D) is incorrect. Financial information is related to amounts, not
nonfinancial information; the specific causes of unexpected conditions.
e.g., salary expense should be related to the number of hours Gleim CIA Test Prep: Part 1 - Internal Audit Basics
worked. (720 questions)
Analytical procedures in which current financial statements are Printed for Sanja Knezevic
compared with budgets [581] Gleim #: 6.7.68
or previous statements are primarily intended to determine the
A rental car organization’s fleet maintenance division uses a different materials issued may reveal a discrepancy. One possible explanation
code for each for excessive
type of inventory transaction. A daily summary report lists activity by issuance of materials is employee theft.
part number and [582] Gleim #: 6.7.69
transaction code. The report is reconciled by the parts room During an operational audit engagement, an auditor compared the
supervisor to the day’s inventory turnover
material request forms and is then forwarded to the fleet manager for rate of a subsidiary with established industry standards in order to
approval. The A. Evaluate the accuracy of internal financial reports.
use of transaction codes provides the fleet manager with information B. Test controls designed to safeguard assets.
concerning the C. Determine compliance with corporate procedures regarding
types of inventory activities. The internal auditor is considering an inventory levels.
analytical review of D. Assess performance and indicate where additional audit work may
transaction codes and materials used. The objective of this review is be needed.
to Answer (A) is incorrect. Comparison with industry standards will not
Provide information about overstocked A. inventory items. test the
B. Reveal shortages in perpetual inventory records. accuracy of internal reporting.
C. Determine whether inventory items are properly valued. Answer (B) is incorrect. Comparison with industry standards will not
D. Identify possible material lost due to employee theft. test the
Answer (A) is incorrect. The summary report does not include controls designed to safeguard the inventory.
stocking levels. Answer (C) is incorrect. Comparison with industry standards will not
Answer (B) is incorrect. The summary report concerns only issued test
items. compliance.
Answer (C) is incorrect. The summary report does not address the Answer (D) is correct. Inventory turnover provides analytical
valuation information. It
assertion. equals cost of sales divided by average inventory. A low turnover
Answer (D) is correct. Analytical procedures often provide the ratio implies
internal auditor that inventory is excessive, for example, because the goods are
with an efficient and effective means of obtaining evidence. The obsolete or
assessment because the organization has overestimated demand. Accordingly,
results from comparing information with expectations identified or such an
developed by analytical procedure will provide an indication of the efficiency and
the internal auditor. Analytical procedures are useful in identifying (1) effectiveness
unexpected of the subsidiary’s management of the inventory.
differences, (2) the absence of differences when they are expected, Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(3) potential (720 questions)
errors, (4) potential fraud or illegal acts, or (5) other unusual or Copyright 2013 Gleim Publications Inc. Page 320
nonrecurring Printed for Sanja Knezevic
transactions or events (PA 2320-1, para. 2). An analysis of materials fb.com/ciaaofficial
used and [583] Gleim #: 6.7.70
The use of an analytical review to verify the correctness of various each other. Analytical review of these expenses does not require that
operating expenses they be
would not be a preferred approach if related to revenue.
An auditor notes strong indicators of a specific fraud involving A. [584] Gleim #: 6.8.71
these accounts. A company with many branch stores has decided to benchmark one
B. Operations are relatively stable and have not changed much over of its stores for the
the past year. purpose of analyzing the accuracy and reliability of branch store
An auditor would like to identify large, unusual, or non-recurring financial reporting.
transactions Which one of the following is the most likely measure to be included
during the year. in a financial
C. benchmark?
Operating expenses vary in relation to other operating expenses, but A. High turnover of employees.
not in relation B. High level of employee participation in setting budgets.
to revenue. C. High amount of bad debt write-offs.
D. D. High number of suppliers.
Answer (A) is correct. Analytical auditing procedures assist internal Answer (A) is incorrect. Turnover of employees is not a financial
auditors in benchmark.
identifying conditions that may require subsequent engagement Answer (B) is incorrect. Employee participation in setting budgets is
procedures. not a
Accordingly, if the auditor already suspects fraud involving operating financial benchmark.
expenses, a Answer (C) is correct. The level of bad debts written off as
more directed audit approach is appropriate. uncollectible is a
Answer (B) is incorrect. Operational stability suggests that the benchmark stated in financial terms. A level exceeding the
normal analytical benchmark could
relationships involving operating expenses continue to exist. This indicate fraud, which compromises the accuracy and reliability of
stability helps financial
the auditor to develop expectations that may be used for comparison reports. Bad debt write-offs may result from recording fictitious sales.
with actual Answer (D) is incorrect. The number of suppliers is not a financial
results. benchmark.
Answer (C) is incorrect. Analytical review is useful in identifying Gleim CIA Test Prep: Part 1 - Internal Audit Basics
unusual or (720 questions)
nonrecurring transactions or events. Copyright 2013 Gleim Publications Inc. Page 321
Answer (D) is incorrect. Analytical review is appropriate when Printed for Sanja Knezevic
plausible [585] Gleim #: 6.8.72
relationships among the data allow the auditor to develop or identify The legislative auditing bureau of a country is required to perform
reasonable compliance
expectations that may be compared with actual data. For example, engagements involving organizations that are issued defense
such contracts on a cost-plus
relationships may include the ways in which operating expenses vary basis. Contracts are clearly written to define acceptable costs,
relative to including developmental
research cost and appropriate overhead rates. I.
During the past year, the government has engaged in extensive Comparison of the security system with recent publications on state-
outsourcing of its of-the-art
activities. The outsourcing included contracts to run cafeterias, systems
provide janitorial II.
services, manage computer operations and systems development, Tests of the functionality of III. the security system
and provide A. II only.
engineering of construction projects. The contracts were modeled B. I and II only.
after those used for C. III only.
years in the defense industry. The legislative internal auditors are D. I, II, and III.
being called upon to Answer (A) is incorrect. Benchmarking (identifying the best
expand their efforts to include compliance engagements involving practices of similar
these contracts. entities) also provides relevant information.
Upon initial investigation of these outsourced areas, the internal Answer (B) is correct. Comparison of the security system with best
auditor found many practices
areas in which the outsourced management has apparently implemented for similar systems and with recent publications on
expanded its authority and state-of-the-art
responsibility. For example, the contractor that manages computer systems is the best approach. It compares the system being
operations has developed with cutting
developed a highly sophisticated security program that may edge systems and provides the internal auditor with a basis to
represent the most address the
advanced information security in the industry. The internal auditor outsourcer’s claim that the system is the minimum necessary for the
reviews the organization.
contract and sees reference only to providing appropriate levels of Answer (C) is incorrect. Testing the functionality of the system
computing security. provides
The internal auditor suspects that the governmental agency may be information on whether the system works, not whether it is
incurring appropriate for the
developmental costs that the outsourcer may use for competitive entity.
advantage in Answer (D) is incorrect. Testing the functionality of the system
marketing services to other organizations. provides
Assuming that a high degree of security is needed, which of the information on whether the system works, not whether it is
following potential appropriate for the
sources of information will also be relevant to the internal auditor’s entity.
assessment of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
whether the governmental unit is being charged for computer (720 questions)
security that exceeds the Copyright 2013 Gleim Publications Inc. Page 322
entity’s needs? Printed for Sanja Knezevic
Comparison of the security system with best practices implemented fb.com/ciaaofficial
for similar [586] Gleim #: 6.8.73
systems An example of an internal nonfinancial benchmark is
The labor rate of comparably skilled employees at a major A. C. Researching and identifying best-in-class performance.
competitor’s plant. D. Data analysis.
The average actual cost per pound of a specific product at the Answer (A) is incorrect. Organizing benchmarking teams is a
company’s most subsequent phase.
efficient plant. Answer (B) is correct. The first phase in the benchmarking process
B. is to select
A US $50,000 limit on the cost of employee training programs at and prioritize benchmarking projects. The next phase is to organize
each of the benchmarking
company’s plants. teams. Researching and identifying best-in-class is the third phase in
C. the
The percentage of customer orders delivered on time at the benchmarking process. The fourth phase is data analysis, and the
company’s most final phase is the
efficient plant. implementation phase.
D. Answer (C) is incorrect. Researching and identifying best-in-class
Answer (A) is incorrect. The labor rate of comparably skilled performance is
employees at a a subsequent phase.
major competitor’s plant is a financial measure. Answer (D) is incorrect. Data analysis is a subsequent phase.
Answer (B) is incorrect. The average actual cost per pound of a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
specific product (720 questions)
at the company’s most efficient plant is a financial measure. Copyright 2013 Gleim Publications Inc. Page 323
Answer (C) is incorrect. A US $50,000 limit on the cost of employee Printed for Sanja Knezevic
training [588] Gleim #: 6.8.75
programs at each of the company’s plants is a financial measure. Which of the following statements regarding benchmarking is false?
Answer (D) is correct. Benchmarking is a continuous evaluation of Benchmarking involves continuously evaluating the practices of best-
the practices in-class
of the best organizations in their class and the adaptation of organizations and adapting company processes to incorporate the
processes to reflect best of these
the best of these practices. It entails analysis and measurement of practices.
key outputs A.
against those of the best organizations. This procedure also involves Benchmarking, in practice, usually involves a company’s formation of
identifying benchmarking teams.
the underlying key actions and causes that contribute to the B.
performance Benchmarking is an ongoing process that entails quantitative and
difference. The percentage of orders delivered on time at the qualitative
company’s most measurement of the difference between the company’s performance
efficient plant is an example of an internal nonfinancial benchmark. of an activity
[587] Gleim #: 6.8.74 and the performance by the best in the world or the best in the
What is the first phase in the benchmarking process? industry.
A. Organize benchmarking teams. C.
B. Select and prioritize benchmarking projects.
The benchmarking organization against which a firm is comparing Answer (D) is incorrect. This stage involves the setting up of
itself must be a databases and
direct competitor. information-gathering methods.
D. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (A) is incorrect. It is a true statement about benchmarking. (720 questions)
Answer (B) is incorrect. It is a true statement about benchmarking. Copyright 2013 Gleim Publications Inc. Page 324
Answer (C) is incorrect. It is a true statement about benchmarking. Printed for Sanja Knezevic
Answer (D) is correct. Benchmarking is an ongoing process that fb.com/ciaaofficial
entails [590] Gleim #: 6.8.77
quantitative and qualitative measurement of the difference between Researching and identifying best-in-class performance is often the
the company’s most difficult
performance of an activity and the performance by a best-in-class phase. Which of the following is not a critical step?
organization. Setting A. up databases.
The benchmarking organization against which a firm is comparing B. Choosing information-gathering methods.
itself need not C. Formatting questionnaires.
be a direct competitor. The important consideration is that the D. Employee training and empowerment.
benchmarking Answer (A) is incorrect. Setting up databases is a critical step in the
organization be an outstanding performer in its industry. researching
[589] Gleim #: 6.8.76 and identifying phase.
The phase of the benchmarking process in which the team must be Answer (B) is incorrect. Choosing information-gathering methods is
able to justify its a critical
recommendations is the step in the researching and identifying phase.
Prioritize benchmarking A. projects phase. Answer (C) is incorrect. Formatting questionnaires is a critical step
B. Implementation phase. in the
C. Data analysis phase. researching and identifying phase.
D. Researching and identifying best in class performance phase. Answer (D) is correct. The critical steps in the researching and
Answer (A) is incorrect. This is the stage where businesses must identifying phase
understand key are setting up databases, choosing information-gathering methods,
business processes and drivers. formatting
Answer (B) is correct. Leadership is most important in the questionnaires, and selecting benchmarking partners. Employee
implementation phase training and
of the benchmarking process because the team must be able to empowerment is part of total quality management (TQM).
justify its [591] Gleim #: 6.8.78
recommendations. Also, the process improvement teams must Which of the following is true of benchmarking?
manage the Benchmarking is typically accomplished by comparing an
implementation of approved changes. organization’s
Answer (C) is incorrect. The data analysis phase entails identifying performance with the performance of its closest competitors.
performance A.
gaps and understanding the reasons they exist. Benchmarking can be performed using either qualitative or
quantitative
comparisons. [592] Gleim #: 6.8.79
B. An organization wants to improve on its performance measures for a
Benchmarking is normally limited to manufacturing operations and new business
production line. Which type of benchmarking is most likely to provide information
processes. useful for this
C. purpose?
Benchmarking is accomplished by comparing an organization’s A. Functional.
performance to B. Competitive.
that of the best-performing organizations. C. Generic.
D. D. Internal.
Answer (A) is incorrect. Benchmarking involves a comparison with Answer (A) is correct. The type of benchmarking most likely to help
industry improve
leaders or world-class operations. It uses either industry-wide performance measures for a new business line is functional
amounts (to protect benchmarking.
the confidentiality of information provided by participating Comparison with organizations that perform related functions within
organizations) or the same
amounts from cooperating organizations. technological area provides information about what is being achieved
Answer (B) is incorrect. Benchmarking requires measurements, elsewhere in
which involve the new business line.
quantitative comparisons. Answer (B) is incorrect. Comparison with the best competitors
Answer (C) is incorrect. Benchmarking can be applied to all of the focuses on
functional performance in related organizations as a whole and likely includes
areas in an organization. In fact, manufacturing often tends to be some
industry-specific, activities unrelated to the new business line.
whereas activities such as processing an order or paying an invoice Answer (C) is incorrect. Comparison of processes that are virtually
are not. the same
Nonmanufacturing functions often provide a greater opportunity to regardless of industry (such as document processing) would not be
improve by as helpful as
learning from global leaders. comparison of processes that are similar in function.
Answer (D) is correct. Benchmarking is a continuous evaluation of Answer (D) is incorrect. Comparison against the best within the
the practices same
of the best organizations in their class and the adaptation of organization may be misleading. It does not provide information
processes to reflect about what is
the best of these practices. It entails analysis and measurement of being accomplished outside the organization in the new business
key outputs line.
against those of the best organizations. [593] Gleim #: 6.9.80
Gleim CIA Test Prep: Part 1 - Internal Audit Basics An inexperienced internal auditor notified the senior auditor of a
(720 questions) significant variance
Copyright 2013 Gleim Publications Inc. Page 325 from the engagement client’s budget. The senior told the new
Printed for Sanja Knezevic internal auditor not to
worry because the senior had heard that there had been an fb.com/ciaaofficial
unauthorized work stoppage [594] Gleim #: 6.9.81
that probably accounted for the difference. Which of the following A small city managed its own pension fund. According to the city
statements is most charter, investments
appropriate? could be made only in bonds, money market funds, or high-quality
The new internal auditor should have investigated the matter fully stocks. The internal
and not auditor has already verified the existence of the pension fund’s
bothered the senior. assets. The fund
A. balance was not very large and was managed by the city treasurer.
The senior used proper judgment in curtailing what could have been The internal auditor
a wasteful decided to estimate income from investments of the fund by
investigation. multiplying the average
B. fund balance by a weighted-average rate based on the current
The senior should have halted the engagement until the variance portfolio mix. Upon
was fully doing so, the internal auditor found that recorded return was
explained. substantially less than
C. was expected. The internal auditor’s next procedure should be to
The senior should have aided the new internal auditor in formulating Inquire of the treasurer as to the reason that income appears to be
a plan for less than
accumulating appropriate information. expected.
D. A.
Answer (A) is incorrect. An inexperienced internal auditor should Prepare a more detailed estimate of income by consulting a dividend
refer this and reporting
matter to the senior. service that lists the interest or dividends paid on specific stocks and
Answer (B) is incorrect. The facts given do not support the bonds.
conclusion that B.
accumulating additional information would be wasteful. Inform management and the board that fraud is suspected and
Answer (C) is incorrect. The variance needs explanation, but the suggest that legal
engagement counsel be called in to complete the investigation.
should continue. C.
Answer (D) is correct. When analytical audit procedures identify Select a sample of entries to the pension fund income account and
unexpected trace to the
results or relationships, the internal auditor evaluates such results or cash journal to determine if cash was received.
relationships D.
(PA 2320-1, para. 6). The senior allowed the identified variance to go Answer (A) is incorrect. The internal auditor should refine the
unevaluated. estimate further
Gleim CIA Test Prep: Part 1 - Internal Audit Basics before discussing the matter with the treasurer. Even if the internal
(720 questions) auditor has
Copyright 2013 Gleim Publications Inc. Page 326 confidence in the first estimate, the suspicion of potential fraud
Printed for Sanja Knezevic should lead the
internal auditor to do further work, e.g., tracing the estimated income Place a note in the working papers to review this matter in detail
developed in during the next
the first step to the cash receipts book before confronting the engagement.
treasurer. D.
Answer (B) is correct. When analytical audit procedures identify Gleim CIA Test Prep: Part 1 - Internal Audit Basics
unexpected (720 questions)
results or relationships, for example, when pension fund assets are Copyright 2013 Gleim Publications Inc. Page 327
suspiciously Printed for Sanja Knezevic
low, the internal auditor evaluates such results or relationships (PA Answer (A) is correct. When analytical audit procedures identify
2320-1, unexpected results
para. 6). Before inquiring of client management, the auditor should or relationships, the internal auditor evaluates such results or
obtain more relationships. The auditor
detailed information about the unexpected results or relationships. may ask management about the reasons for the difference and
Answer (C) is incorrect. The internal auditor does not have sufficient would corroborate
information management’s explanation (PA 2320-1, para. 6).
to justify the conclusion that fraud has occurred. Answer (B) is incorrect. The engagement work program is a guide
Answer (D) is incorrect. This procedure would provide information that does not
only about restrict the auditor from pursuing information unknown at the time
recorded income. that the program
[595] Gleim #: 6.9.82 was written.
While testing the effectiveness of inventory controls, the internal Answer (C) is incorrect. The facts do not yet support a conclusion
auditor makes a note that fraud has
in the working papers that most of the cycle count adjustments for occurred.
the facility involved Answer (D) is incorrect. The risk of a material misstatement of
transactions of the machining department. The machining inventory should be
department also had addressed promptly.
generated an extraordinary number of cycle count adjustments in [596] Gleim #: 6.9.83
comparison with An internal auditor was evaluating the effectiveness and efficiency of
other departments last year. The internal auditor should the operation of
Interview management and apply other engagement procedures to the motor pool. The engagement work program included the use of
determine analytical
whether transaction controls and procedures within the machining procedures to observe the trend of expenses for major overhauls of
department are heavy-wheeled
adequate. vehicles. This trend showed a substantial increase in the last year of
A. the ratios of
Do no further work because the concern was not identified by the monetary amounts spent in relation to (1) the number of vehicles
analytical being used, (2) the
procedures included in the engagement work program. mileage of the vehicles, (3) the age of the equipment, and (4)
B. environmental
Notify internal auditing management that C. fraud is suspected.
conditions. The auditor’s investigation indicated that two new Answer (A) is incorrect. Discussing the matter with the
maintenance firms were superintendent could
being used. The expenditure packages from the maintenance work compromise the investigation if (s)he is engaged in fraudulent
were complete; activities or tells
however, the billings for the work had an unusual regularity. The someone who is.
identification of the Answer (B) is correct. When analytical procedures identify
vehicles being serviced did not correspond to the vehicle unexpected results or
maintenance reports. relationships, the internal auditor evaluates such results or
Possible engagement procedures include relationships. This
Discussing the matter with the superintendent of maintenance and evaluation includes determining whether the difference from
asking for an expectations could be a
explanation result of fraud, error, or a change in conditions. The auditor may ask
1. management
Preparing a schedule of the types of maintenance being performed about the reasons for the difference and would corroborate
and comparing management’s explanation,
it with manufacturers’ maintenance guides for example, by modifying expectations and recalculating the
2. difference or by applying
Analyzing vehicles’ trip tickets to determine if they contain indications other audit procedures (PA 2320-1, para. 6). Substantial increases in
of maintenance cost
problems needing attention ratios indicate a need for a more extensive investigation. Items 4 and
3. 5 could provide
Reviewing deadline reports to determine that vehicles were not in information regarding the status of vehicles. If discrepancies are
service on the found, the appropriate
dates of maintenance work authorities within the organization should be consulted.
4. Answer (C) is incorrect. Discussing the matter with the
Reviewing dispatch schedules to determine whether vehicles were superintendent could
dispatched for compromise the investigation, and the days that the vehicles were in
use on days the maintenance work was reported as performed use is irrelevant.
5. Answer (D) is incorrect. Items 2 and 3, although potential indicators
Discussing the matter 6. with plant security of fraud, do not
Which of the above actions should have the highest priority? provide conclusive information.
A. 1, 6, and 4. [597] Gleim #: 6.9.84
B. 4, 5, and 6. The internal auditor of a construction enterprise that builds
C. 6, 5, and 1. foundations for bridges and
D. 2, 3, and 4. large buildings performed a review of the expense accounts for
Gleim CIA Test Prep: Part 1 - Internal Audit Basics equipment (augers)
(720 questions) used to drill holes in rocks to set the foundation for the buildings.
Copyright 2013 Gleim Publications Inc. Page 328 During the review,
Printed for Sanja Knezevic the internal auditor noted that the expenses related to some of the
fb.com/ciaaofficial auger accounts had
increased dramatically during the year. The internal auditor inquired controls such as independent receiving reports be implemented.
of the Follow up to see
construction manager who offered the explanation that the augers if the controls are properly implemented.
last 2 to 3 years and D.
are expensed when purchased. Thus, the internal auditor should see Gleim CIA Test Prep: Part 1 - Internal Audit Basics
a decrease in the (720 questions)
expense accounts for these augers in the next year but would expect Copyright 2013 Gleim Publications Inc. Page 329
an increase in the Printed for Sanja Knezevic
expenses of other augers. The internal auditor also found out that the Answer (A) is incorrect. The auditor has an ethical duty to report
construction material facts that, if
manager is responsible for the inventorying and receiving of the not disclosed, may distort the reporting of activities under review
augers and is a part (Rule of Conduct
owner of a business that supplies augers to the organization. The 2.3).
supplier was Answer (B) is incorrect. The results should be reported to
approved by the president to improve the quality of equipment. management. The
Assume the internal suggested procedure is incomplete and not likely to determine the
auditor did not find a satisfactory explanation for the results of the causes of the
analytical problem.
procedures performed and has conducted the appropriate follow-up Answer (C) is correct. When analytical audit procedures identify
procedures. The unexpected results or
engagement in this area is otherwise complete. Which of the relationships, the internal auditor evaluates such results or
following would be the relationships. Unexplained
most appropriate action to take? results or relationships discovered by applying analytical procedures
Note the actions and follow-up next year. Defer the reporting to may be an
management until indication of a significant problem (e.g., a potential error, fraud, or
a satisfactory explanation can be obtained. illegal act). Results
A. or relationships that are not adequately explained may indicate a
Expand engagement procedures by observing the receipt of all situation to be
augers during a communicated to senior management and the board. Depending on
reasonable period of time and trace the receipts to the appropriate the circumstances,
accounts. the internal auditor may recommend appropriate action (PA 2320-1,
Determine causes of any discrepancies. para. 6).
B. Answer (D) is incorrect. The results should be reported to other
Report the observations, as they are, to management and levels of
recommend an management. The internal auditor has already noted that the
investigation for possible fraud. construction manager has
C. a conflict of interest. Furthermore, the internal auditor cannot insist
Report the observations to the construction manager and insist that that controls be
appropriate implemented; (s)he can only recommend.
[598] Gleim #: 6.9.85
Which result of an analytical procedure suggests the existence of Copyright 2013 Gleim Publications Inc. Page 330
obsolete Printed for Sanja Knezevic
merchandise? fb.com/ciaaofficial
Decrease in the inventory A. turnover rate. Answer (A) is incorrect. An inventory turnover analysis may also
B. Decrease in the ratio of gross profit to sales. indicate potential
C. Decrease in the ratio of inventory to accounts payable. problems in purchasing activities and the presence of obsolete
D. Decrease in the ratio of inventory to accounts receivable. inventory.
Answer (A) is correct. Inventory turnover is equal to cost of sales Answer (B) is incorrect. An inventory turnover analysis may also
divided by indicate erroneous
average inventory. If inventory is increasing at a faster rate than demand forecasts and the presence of obsolete inventory.
sales, the turnover Answer (C) is incorrect. An inventory turnover analysis may also
rate decreases and suggests a buildup of unsalable inventory. The indicate potential
ratios of gross problems in purchasing activities and erroneous demand forecasts.
profit to sales, inventory to accounts payable, and inventory to Answer (D) is correct. Inventory turnover provides analytical
accounts receivable information. It equals
do not necessarily change when obsolete merchandise is on hand. cost of sales divided by average inventory. A low turnover ratio
Answer (B) is incorrect. The ratio of gross profit to sales does not implies that inventory
necessarily is excessive, for example, because the goods are obsolete or
change when obsolete merchandise is on hand. because the organization
Answer (C) is incorrect. The ratio of inventory to accounts payable has overestimated demand.
does not [600] Gleim #: 6.9.87
necessarily change when obsolete merchandise is on hand. An internal auditor’s preliminary analysis of accounts receivable
Answer (D) is incorrect. The ratio of inventory to accounts turnover revealed the
receivable does not following rates:
necessarily change when obsolete merchandise is on hand. Year 1 Year 2 Year 3
[599] Gleim #: 6.9.86 7.3 6.2 4.3
An internal auditor decides to perform an inventory turnover analysis Which of the following is the most likely cause of the decrease in
for both raw accounts receivable
materials inventory and finished goods inventory. The analysis would turnover?
be potentially Increase in the cash A. discount offered.
useful in B. Liberalization of credit policy.
Identifying products for which management has not been attuned to C. Shortening of due date terms.
changes in D. Increased cash sales.
market demand. Answer (A) is incorrect. An increase in cash sales that reduces
A. credit sales as a
B. Identifying potential problems in purchasing activities. result of an increased cash discount has an indeterminate effect on
C. Identifying obsolete inventory. the turnover
D. All of the answers are correct. ratio. Both the numerator and the denominator are decreased but not
Gleim CIA Test Prep: Part 1 - Internal Audit Basics necessarily
(720 questions)
by the same amount. An increase in cash sales not affecting credit divided by average accounts receivable. Accounts receivable
sales has no turnover will decrease if
effect on the ratio. net credit sales decrease or average accounts receivable increase.
Answer (B) is correct. The accounts receivable turnover ratio equals Liberalization of
net credit credit policy will increase receivables.
sales divided by average accounts receivable. Accounts receivable Answer (C) is incorrect. Shortening due dates decreases the
turnover will average accounts
decrease if net credit sales decrease or average accounts receivable receivable outstanding and increases the ratio if other factors are
increase. held constant.
Liberalization of credit policy will increase receivables. Answer (D) is incorrect. Increased cash sales have an
Answer (C) is incorrect. Shortening due dates decreases the indeterminate effect on the
average accounts turnover ratio.
receivable outstanding and increases the ratio if other factors are [602] Gleim #: 6.9.89
held constant. Two major retail organizations, both publicly traded and operating in
Answer (D) is incorrect. Increased cash sales have an the same
indeterminate effect on the geographic area, have recently merged. Both are approximately the
turnover ratio. same size and have
[601] Gleim #: 6.9.88 internal audit activities. Organization A has little EDI experience.
A company’s accounts receivable turnover rate decreased from 7.3 Organization B has
to 4.3 over the last invested heavily in information technology and has EDI connections
3 years. What is the most likely cause for the decrease? with its major
A. An increase in the discount offered for early payment. vendors.
B. A more liberal credit policy. The board has asked the internal auditors from both organizations to
C. A change in net payment due from 30 to 25 days. analyze risk areas
D. Increased cash sales. that should be addressed after the merger. The chief audit executive
Gleim CIA Test Prep: Part 1 - Internal Audit Basics of Organization B
(720 questions) has suggested that the two internal audit activities have a planning
Copyright 2013 Gleim Publications Inc. Page 331 meeting to share
Printed for Sanja Knezevic work programs, scope of engagement coverage, and copies of
Answer (A) is incorrect. An increase in cash sales that reduces engagement
credit sales as a result communications that were delivered to their boards. Management
of an increased cash discount has an indeterminate effect on the has also suggested
turnover ratio. Both that the internal auditors review the compatibility of the organizations’
the numerator and the denominator are decreased but not two computer
necessarily by the same systems and control philosophy for individual store operations.
amount. An increase in cash sales not affecting credit sales has no The two organizations agree to share data on store operations. The
effect on the ratio. data reveal that
Answer (B) is correct. The accounts receivable turnover ratio equals three stores in Organization A are characterized by significantly lower
net credit sales gross margins,
higher-than-average sales volume, and higher levels of employee even as gross margins are squeezed.
bonuses. The three [603] Gleim #: 6.9.90
stores are part of a set of six that are managed by a relatively new An internal auditor performs an analytical review by comparing the
section manager. In gross margins of
addition, the store managers of the three stores are also relatively various divisional operations with those of other divisions and with
new. The most likely the individual
cause of the observed data is division’s performance in previous years. The internal auditor notes a
The relative inexperience of A. the store managers. significant
B. Problems with employee training and employee ability to meet increase in the gross margin at one division. The internal auditor
customer needs. does some
Fraudulent activity whereby goods are taken from the stores, thus preliminary investigation and also notes that no changes occurred in
resulting in the products,
lower gross margins. production methods, or divisional management during the year. The
C. most likely cause
Promotional activities that offer large discounts coupled with the of the increase in gross margin is a(n)
payment of Increase in the number of competitors selling A. similar products.
bonuses to employees who reach targeted sales goals. Decrease in the number of suppliers of the material used in
D. manufacturing the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics product.
(720 questions) B.
Copyright 2013 Gleim Publications Inc. Page 332 C. Overstatement of year-end inventory.
Printed for Sanja Knezevic D. Understatement of year-end accounts receivable.
fb.com/ciaaofficial Answer (A) is incorrect. An increase in the number of competitors
Answer (A) is incorrect. The inexperience of the store managers has most likely
no necessary results in price competition and a decrease in sales revenue and
correlation with higher sales and bonuses. gross margin.
Answer (B) is incorrect. Problems with employee ability to meet Answer (B) is incorrect. A decrease in the number of suppliers most
customer needs likely results
might result in lower sales volume and bonuses. in less price competition on the supply side, with a consequent
Answer (C) is incorrect. No evidence of fraud is given. If fraud were increase in costs
occurring, and decrease in gross margin.
inventory shrinkage would be apparent. Also, this explanation does Answer (C) is correct. An overstatement of year-end inventory
not account for the results in an
higher sales and bonuses. increase in the gross margin (sales – cost of sales). Overstating
Answer (D) is correct. Large discounts stimulate demand (increase ending inventory
unit sales volume) understates cost of sales.
but reduce the gross commissions profit (gross margin). If Answer (D) is incorrect. An understatement of accounts receivable
commissions are pegged to understates
sales volume, the compensation of the sales staff will increase in sales and the gross margin.
these circumstances Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions) According to Performance Standard 2100, internal auditors are
Copyright 2013 Gleim Publications Inc. Page 333 involved in
Printed for Sanja Knezevic evaluating and improving the effectiveness of control processes
[604] Gleim #: 6.9.91 using a systematic
A medium-sized municipality provides 8.5 billion gallons of water per and disciplined approach. Thus, internal auditors should determine
year for 31,000 the extent to
customers. The water meters are replaced at least every 5 years to which results are consistent with goals. They also should determine
ensure accurate the extent to
billing. The water department tracks unmetered water to identify which management has established adequate criteria. If adequate,
water consumption auditors should
that is not being billed. The department recently issued the following use these criteria in their evaluation.
water activity Answer (D) is incorrect. This cannot be determined from the
report: information given.
Activity Month 1 Month 2 Month 3 Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Actual 1st (720 questions)
Quarter Copyright 2013 Gleim Publications Inc. Page 334
1st Quarter Printed for Sanja Knezevic
Goal fb.com/ciaaofficial
Meters Replaced 475 400 360 1,235 1,425 [605] Gleim #: 6.9.92
Leaks Reported 100 100 85 285 A medium-sized municipality provides 8.5 billion gallons of water per
Leaks Repaired 100 100 85 285 100% year for 31,000
Unmetered Water 2% 6% 2% 4% 2% customers. The water meters are replaced at least every 5 years to
Based on the activity reported for the meter replacement program, an ensure accurate
internal auditor billing. The water department tracks unmetered water to identify
would conclude that water consumption
Established operating standards are understood A. and are being that is not being billed. The department recently issued the following
met. water activity
B. Any corrective action needed has probably been taken during the report:
quarter. Activity Month 1 Month 2 Month 3
C. Deviations from the goal should be analyzed and corrected. Actual 1st
D. Meters should be changed every 3 years. Quarter
Answer (A) is incorrect. The actual number of meters replaced is 1st Quarter
less than the Goal
goal; therefore, the goal is not being met. Meters Replaced 475 400 360 1,235 1,425
Answer (B) is incorrect. Corrective action has apparently not been Leaks Reported 100 100 85 285
taken. Actual Leaks Repaired 100 100 85 285 100%
replacement did not meet the goal. Unmetered Water 2% 6% 2% 4% 2%
Answer (C) is correct. The goal has not been met and corrective Based on the activity reported for the unmetered water, an internal
action is needed. auditor would
conclude that
Established operating standards are understood A. and are being Answer (A) is incorrect. The inventory turnover rate must be
met. compared with industry
B. Further audit investigation of unmetered water is not warranted. averages to determine whether it is relatively high or low.
C. Deviations from the goal were probably not corrected. Answer (B) is incorrect. The information provided by the inventory
D. The operating standard should be changed. turnover rate is
Answer (A) is incorrect. The actual unmetered water percentage insufficient to conclude that inventory is valued at more than net
was greater than realizable value.
the goal; therefore, the goal was not met. Answer (C) is incorrect. More information is needed before
Answer (B) is correct. Analytical auditing procedures assist internal conclusions can be drawn
auditors in about obsolescence, valuation, or cost.
identifying conditions, which may require subsequent engagement Answer (D) is correct. The inventory turnover rate equals cost of
procedures. sales divided by
Month 3 performance met the standard, so the deviation in Month 2 average inventory. An inventory turnover rate tells the internal auditor
was probably how many times
corrected, and further audit work is not warranted. the inventory has been sold during the period. However, the rate
Answer (C) is incorrect. The deviation in Month 2 was apparently cannot be interpreted
corrected. without additional information. Thus, the internal auditor cannot
Answer (D) is incorrect. There is no evidence that the operating determine whether
standard is obsolete items are in inventory, inventory valuation is too high, or
inappropriate. inventory costs are
[606] Gleim #: 6.9.93 too high.
Assume an internal auditor computes an inventory turnover rate by [607] Gleim #: 6.9.94
product line and The following represents accounts receivable information for a
identifies a number of product lines with a rate of less than 3.5. corporation for a 3-
Which of the year period:
following conclusions can be justified by these engagement results? Year 1 Year 2 Year 3
I. The identified product lines contain obsolete inventory. Net accounts receivable as a
II. Inventory is valued at more than net realizable value. percentage of total assets 23.4% 27.3% 30.8%
Inventory costs are too high because the organization is carrying Accounts receivable turnover ratio 6.98 6.05 5.21
obsolete All of the following are plausible explanations for these changes
inventory. except
III. Fictitious sales may A. have been recorded.
A. I and III only. B. Credit and collection procedures have become ineffective.
B. II only. C. Allowance for bad debts is understated.
C. I, II, and III. D. Sales returns for credit have been overstated.
D. None of the answers are correct. Answer (A) is incorrect. Fictitious sales is a plausible answer. They
Gleim CIA Test Prep: Part 1 - Internal Audit Basics would
(720 questions) generate additional uncollectible accounts receivable that are not
Copyright 2013 Gleim Publications Inc. Page 335 necessarily
reflected in the allowance for bad debts. The result would be a lower Answer (A) is incorrect. A finding (observation) is an objective
turnover statement of fact
ratio and a higher ratio of net receivables to total assets. about the results of audit testwork without interpretation or
Answer (B) is incorrect. Ineffective credit and collection procedures commentary.
is a plausible Answer (B) is incorrect. The IIA Glossary defines engagement
answer. They could contribute to increases in uncollectible accounts objectives as
receivable broad statements developed by internal auditors that define intended
that are not necessarily reflected in the allowance for bad debts. The engagement
result would accomplishments.
be a lower turnover ratio and a higher ratio of net receivables to total Answer (C) is correct. A conclusion/opinion is the auditor’s
assets. interpretation of the
Answer (C) is incorrect. An understated allowance for bad debts is a results of testwork. The conclusion/opinion allows the reader to
plausible understand the
answer. It would contribute to overstatement of net accounts meaning of what the auditor discovered during the course of
receivable as a testwork.
percentage of total assets and decreases in receivables turnover. Answer (D) is incorrect. A finding (observation) is an objective
Answer (D) is correct. Overstated sales returns for credit is not a statement of fact
plausible about the results of audit testwork without interpretation or
answer. They would understate (not overstate) net accounts commentary.
receivable. This [609] Gleim #: 6.10.96
understatement would result in lower (not higher) net accounts After completing an engagement work program step regarding
receivable materials movement
balances as a percentage of total assets and higher (not lower) between storage and assembly, the internal auditor would most likely
receivables turnover prepare a(n)
(sales ÷ average accounts receivable). A. Observation.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Report.
(720 questions) C. Conclusion.
Copyright 2013 Gleim Publications Inc. Page 336 D. Opinion.
Printed for Sanja Knezevic Answer (A) is correct. A finding (observation) is an objective
fb.com/ciaaofficial statement of fact
[608] Gleim #: 6.10.95 about the results of audit testwork without interpretation or
“Except for the missing documentation noted above, the system of commentary.
internal controls Answer (B) is incorrect. The engagement report is the final product
over petty cash is functioning as intended.” The above statement is of the
an example of a(n) engagement.
A. Observation. Answer (C) is incorrect. After performing testwork, the next step for
B. Objective. the internal
C. Conclusion. auditor is to draft his/her findings/observations.
D. Finding. Answer (D) is incorrect. After performing testwork, the next step for
the internal
auditor is to draft his/her findings/observations. about the results of audit testwork without interpretation or
[610] Gleim #: 6.10.97 commentary.
Which two terms are often used interchangeably? Answer (B) is incorrect. A conclusion/opinion is the auditor’s
A. “Conclusion” and “opinion.” interpretation of
B. “Finding” and “conclusion.” the results of testwork.
C. “Finding” and “opinion.” Answer (C) is incorrect. A conclusion/opinion is the auditor’s
D. “Opinion” and “observation.” interpretation of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the results of testwork.
(720 questions) Answer (D) is incorrect. A recommendation is a description of
Copyright 2013 Gleim Publications Inc. Page 337 actions that the
Printed for Sanja Knezevic auditor believes the auditee should undertake to remedy the negative
Answer (A) is correct. Conclusions/opinions are the internal observations
auditor’s evaluations of made in the course of the engagement.
the effects of the observations and recommendations on the [612] Gleim #: 6.10.99
activities reviewed. They The single most important factor in drawing a useful conclusion or
usually put the observations and recommendations in perspective stating a useful
based upon their opinion in an engagement report is
overall implications. To some extent, the terms are interchangeable. A. Use of statistical sampling techniques.
Answer (B) is incorrect. “Finding” is a synonym for “observation.” B. Senior management interest in the engagement outcome.
“Conclusion” is a C. Auditee management assurances.
synonym for “opinion.” D. Auditor judgment.
Answer (C) is incorrect. “Finding” is a synonym for “observation.” Gleim CIA Test Prep: Part 1 - Internal Audit Basics
“Opinion” is a (720 questions)
synonym for “conclusion.” Copyright 2013 Gleim Publications Inc. Page 338
Answer (D) is incorrect. “Opinion” is a synonym for “conclusion.” Printed for Sanja Knezevic
“Observation” is a fb.com/ciaaofficial
synonym for “finding.” Answer (A) is incorrect. Statistical sampling allows the auditor to
[611] Gleim #: 6.10.98 state the results of
“Three of six petty cash funds examined failed to contain either the testwork with a certain level of confidence, but it is not a substitute
correct amount of for auditor
funds or sufficient documentation in lieu of funds, a 50% judgment.
noncompliance rate.” The Answer (B) is incorrect. The level of interest of senior management
above statement is an example of a(n) in the engagement
A. Observation. must not affect the auditor’s judgment in drawing conclusions and
B. Opinion. stating opinions.
C. Conclusion. Answer (C) is incorrect. Assurances provided by auditee
D. Recommendation. management are among
Answer (A) is correct. A finding/observation is an objective many factors used by internal auditors as input into forming
statement of fact findings/observations and
the resulting conclusions/opinions.
Answer (D) is correct. Auditor judgment is the essential element in A. Present his/her findings to the chief audit executive.
moving from a B. Prepare a preliminary report on internal controls for presentation
finding/observation to a conclusion/opinion. No formula can tell an to the board.
auditor whether a C. Report his/her results to the auditor in charge.
certain exception rate is indicative of a working or failing control. D. Prepare a plan for testing internal controls.
An internal auditor interviewed client personnel and obtained an (720 questions)
understanding of the Copyright 2013 Gleim Publications Inc. Page 339
auditee department’s operations. The auditor then performed Printed for Sanja Knezevic
testwork. The auditor’s Answer (A) is incorrect. The internal audit staffer presents his/her
presentation of the results of the testwork will usually take the form of results to the
a auditor in charge of the engagement, not to the chief audit executive.
A. Finding. Answer (B) is incorrect. Preliminary results are not sufficient for the
B. Conclusion. preparation of a
C. Recommendation. report. Also, the internal audit staffer presents his/her results to the
D. Meeting with senior management. auditor in charge of
Answer (A) is correct. A finding (observation) is an objective the engagement, not to the board.
statement of fact Answer (C) is correct. The auditor in charge of the engagement is
about the results of audit testwork without interpretation or responsible for
commentary. coordinating the results of audit work and ensuring that work
Answer (B) is incorrect. A conclusion/opinion can only be drawn performed supports
once the results conclusions and opinions. For this reason, internal audit staff must
of testwork have taken the form of a finding/observation. report the results of
Answer (C) is incorrect. A recommendation can only be prepared audit work to the auditor in charge.
once a Answer (D) is incorrect. The auditor in charge must determine
finding/observation has been formulated and a conclusion/opinion whether it is
has been stated. appropriate to proceed with testing controls after reviewing the
Answer (D) is incorrect. Unless the auditor has found evidence of internal audit staffer’s
fraud or a results.
control deficiency that requires immediate correction, meeting with [615] Gleim #: 7.1.2
senior The internal auditor has concluded that an engagement client’s
management is not the appropriate next step. system of internal
[614] Gleim #: 7.1.1 controls is inadequate to achieve management’s objectives. The
An internal audit staffer has just completed an assessment of the most appropriate next
engagement client’s step is to
operating and financial controls. The auditor’s preliminary conclusion Test controls to determine whether they are functioning A. as
is that controls designed.
are adequately designed to achieve management’s operating and B. Halt the engagement and issue a report about inadequate
financial objectives. controls.
The auditor’s next step is to C. Draw preliminary conclusions about internal control.
Contact the engagement client’s direct supervisor to recommend that Answer (C) is incorrect. Working papers provide the principal
the head of support for results.
the department or function under audit is transferred or terminated. Answer (D) is correct. Engagement working papers generally (1) aid
D. in planning,
Answer (A) is incorrect. If controls are poorly designed, testing their performance, and review of engagements; (2) provide the principal
operation is support for
most likely a poor use of audit resources. engagement results; (3) document whether engagement objectives
Answer (B) is incorrect. A determination that internal controls are were achieved;
inadequate is (4) support the accuracy and completeness of the work performed;
not sufficient grounds for halting a scheduled engagement. (5) provide a basis
Answer (C) is correct. Internal auditors gain an understanding of the for the internal audit activity’s quality assurance and improvement
design of the program; and
engagement client’s internal controls. The auditors then draw (6) facilitate third-party review (PA 2330-1, para. 2).
conclusions about [617] Gleim #: 7.2.4
whether internal controls are designed adequately to achieve An internal auditor’s working papers should support the
management’s observations, conclusions,
control objectives. and recommendations to be communicated. One of the purposes of
Answer (D) is incorrect. Advising on such personnel matters is not this requirement is
an appropriate to
internal audit function. Provide support for the internal audit activity’s A. financial budget.
[616] Gleim #: 7.2.3 B. Facilitate quality assurance reviews.
Which of the following does not describe one of the functions of C. Provide control over working papers.
engagement working Permit the audit committee to review observations, conclusions, and
papers? recommendations.
A. Facilitates third-party reviews. D.
B. Aids in the planning, performance, and review of engagements. Answer (A) is incorrect. Financial budgets are based on the planned
C. Provides the principal support for engagement communications. scope of
D. Aids in the professional development of the operating staff. internal audit work.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is correct. Engagement working papers, among other
(720 questions) things, provide
Copyright 2013 Gleim Publications Inc. Page 340 a basis for the internal audit activity’s quality assurance and
Printed for Sanja Knezevic improvement
fb.com/ciaaofficial program (PA 2330-1, para. 2).
Answer (A) is incorrect. The facilitation of third-party reviews is a Answer (C) is incorrect. Control over working papers is obtained by
function of other means.
working papers. Answer (D) is incorrect. Audit committees rarely review the full draft
Answer (B) is incorrect. Working papers aid in the planning, of a final
performance, and review engagement communication, much less the supporting working
of engagements. papers.
[618] Gleim #: 7.2.5
A working paper is complete when it planning, performing, and reviewing the engagement (PA 2330-1,
A. Complies with the internal audit activity’s format requirements. para. 2).
B. Contains all of the attributes of an observation. Answer (B) is incorrect. Working papers do not provide the means
C. Is clear, concise, and accurate. for
D. Satisfies the engagement objective for which it is developed. preparation of the financial statements.
Answer (A) is incorrect. Format requirements are superficial and Answer (C) is incorrect. Documentation of control weaknesses is
indicate only only one
that mechanical requirements have been met. They do not relate to example of working paper content, not the primary purpose for them.
content. Answer (D) is incorrect. The preparation of adequate working
Answer (B) is incorrect. A working paper may relate to only a part of papers is a
an requirement of the Standards but is not the primary purpose for their
observation. existence.
Answer (C) is incorrect. Clarity, concision, and accuracy are [620] Gleim #: 7.2.7
desirable The internal auditor prepares working papers primarily for the benefit
characteristics of working paper content. These qualities may be of
present although A. The external auditor.
the working paper is not complete. B. The internal audit activity.
Answer (D) is correct. Engagement working papers, among other C. The engagement client.
things, D. Senior management.
document whether engagement objectives were achieved (PA 2330- Answer (A) is incorrect. Benefits to the external auditor are
1, para. 2). secondary.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is correct. Engagement working papers generally (1) aid
(720 questions) in planning,
Copyright 2013 Gleim Publications Inc. Page 341 performance, and review of engagements; (2) provide the principal
Printed for Sanja Knezevic support for
[619] Gleim #: 7.2.6 engagement results; (3) document whether engagement objectives
The primary purpose of an internal auditor’s working papers is to were achieved;
Provide documentation of the planning and execution of engagement (4) support the accuracy and completeness of the work performed;
procedures (5) provide a
performed. basis for the internal audit activity’s quality assurance and
A. improvement program;
Serve as a means with which to prepare the financial B. statements. and (6) facilitate third-party review (PA 2330-1, para. 2). Hence, they
Document weaknesses in internal control with recommendations to primarily
management benefit internal auditors.
for improvement. Answer (C) is incorrect. Benefits to the engagement client are
C. secondary.
D. Comply with the Standards. Answer (D) is incorrect. Benefits to senior management are
Answer (A) is correct. Engagement working papers, among other secondary.
things, aid in [621] Gleim #: 7.2.8
Which of the following is the most important if working papers are to [622] Gleim #: 7.2.9
have the The primary purpose of an engagement working paper prepared in
characteristics that will ensure that they achieve their primary connection with
purposes? payroll expense is to
A. Working papers must be of standard format and standard content. Record payroll data and analyses to support reported A.
Working papers must be properly indexed and cross-referenced to recommendations.
the draft final B. Verify the work done by the internal auditor.
engagement communication. C. Record the names of all employees.
B. D. Provide documentation to support payroll taxes due.
Working papers must provide sufficient, reliable, and useful Answer (A) is correct. Working papers document the information
information to obtained, the
support the engagement results. analyses made, and the support for the conclusions and engagement
C. results (PA
Working papers must be arranged in logical order following the 2330-1, para. 1).
engagement work Answer (B) is incorrect. Verification of work done is a secondary
program sequence. purpose.
D. Answer (C) is incorrect. A list of employee names is but one part of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the
(720 questions) information required to support observations, conclusions, and
Copyright 2013 Gleim Publications Inc. Page 342 recommendations.
Printed for Sanja Knezevic Answer (D) is incorrect. Payroll expense, not payroll tax, is the
fb.com/ciaaofficial subject of this
Answer (A) is incorrect. Standard content is impossible. working paper.
Engagements concern [623] Gleim #: 7.2.10
different subjects. Which of the following most completely describes the appropriate
Answer (B) is incorrect. Indexing and cross-referencing are content of working
desirable but are not as papers?
fundamental as providing sufficient, reliable, relevant, and useful A. Engagement objectives, procedures, and conclusions.
information. B. Engagement purposes, criteria, techniques, and
Answer (C) is correct. Working papers document the information recommendations.
obtained, the Engagement objectives, procedures, observations, conclusions, and
analyses made, and the support for the conclusions and engagement recommendations.
results (PA 2330- C.
1, para. 1). In turn, internal auditors must identify sufficient, reliable, D. Engagement subject, purposes, sampling information, and
relevant, and analysis.
useful information to achieve the engagement’s objectives (Perf. Std. Answer (A) is incorrect. Working papers should also include
2310). observations and
Answer (D) is incorrect. Logical order is desirable but is not as recommendations.
fundamental as Answer (B) is incorrect. This list describes means rather than ends.
providing sufficient, reliable, relevant, and useful information.
Answer (C) is correct. The primary purpose of working papers is to basis for the internal audit activity’s quality assurance and
support the improvement program;
observations, conclusions, and recommendations to be and (6) facilitate third-party review (PA 2330-1, para. 2).
communicated. Hence, Answer (B) is incorrect. Many documents may be examined that
they document the information obtained and the analyses made in prove to be
arriving at the irrelevant to the engagement objectives. These documents need not
foregoing results. The working papers also must document whether be included.
the Answer (C) is incorrect. In many circumstances, the exact wording
engagement objectives were achieved and the performance of of a procedure
engagement is not needed to support an observation or recommendation. A
procedures. Furthermore, working papers will contain engagement reference to the
work programs procedure in the working papers may be adequate.
(PA 2330-1, paras. 1 and 2). Answer (D) is incorrect. Some previous working papers may be
Answer (D) is incorrect. Working papers should support all of the outdated.
engagement However, parts of previous working papers may be included in
results. current working
Gleim CIA Test Prep: Part 1 - Internal Audit Basics papers subject to updating.
(720 questions) [625] Gleim #: 7.2.12
Copyright 2013 Gleim Publications Inc. Page 343 The chief audit executive establishes policies for
Printed for Sanja Knezevic A. Standardized working papers.
[624] Gleim #: 7.2.11 B. Defining the hours available for individual engagements.
Engagement working papers include C. Defining standardized tick marks and ensuring compliance with
Providing a basis for evaluating the internal audit A. quality program. them.
B. Copies of all source documents examined in the course of the Ensuring the written documentation of all conversations held
engagement. throughout the
C. Copies of all procedures that were reviewed during the engagement.
engagement. D.
All working papers prepared during a previous engagement Answer (A) is correct. The CAE establishes working paper policies
performed in the same for the
area. various types of engagements performed. Standardized engagement
D. working
Answer (A) is correct. Engagement working papers generally (1) aid papers, such as questionnaires and audit programs, may improve
in planning, the engagement’s
performance, and review of engagements; (2) provide the principal efficiency and facilitate the delegation of engagement work (PA 2330-
support for 1, para. 4).
engagement results; (3) document whether engagement objectives Answer (B) is incorrect. The time devoted to an engagement
were achieved; depends on its
(4) support the accuracy and completeness of the work performed; complexity and other unique circumstances.
(5) provide a Answer (C) is incorrect. Defining standardized tick marks and
ensuring
compliance with them is not required. questionnaires and audit programs, may improve the engagement’s
Answer (D) is incorrect. Only conversations relevant to the efficiency and
engagement must be facilitate the delegation of engagement work (PA 2330-1, para. 4).
documented. Answer (B) is incorrect. Standard forms do not necessarily result in
Gleim CIA Test Prep: Part 1 - Internal Audit Basics greater
(720 questions) professionalism.
Copyright 2013 Gleim Publications Inc. Page 344 Answer (C) is incorrect. Standard forms clearly reduce time spent in
Printed for Sanja Knezevic workingpaper
fb.com/ciaaofficial preparation but do not necessarily result in greater neatness.
[626] Gleim #: 7.2.13 Answer (D) is incorrect. Standard forms do not necessarily result in
An internal auditor’s working papers should be reviewed by the greater
Management of the A. engagement client. accuracy.
B. Management of the internal audit activity. [628] Gleim #: 7.3.15
C. Audit committee of the board. An adequately documented working paper should
D. Management of the organization’s security division. A. Be concise but complete.
Answer (A) is incorrect. The engagement client should seldom see, B. Follow a unique form and arrangement.
much less C. Contain examples of all forms and procedures used by the
review, working papers. engagement client.
Answer (B) is correct. Internal auditors prepare working papers. D. Not contain copies of engagement client records.
Internal audit Gleim CIA Test Prep: Part 1 - Internal Audit Basics
management reviews the prepared working papers (PA 2330-1, para. (720 questions)
1). Copyright 2013 Gleim Publications Inc. Page 345
Answer (C) is incorrect. The audit committee will most likely review Printed for Sanja Knezevic
summary Answer (A) is correct. Clarity, conciseness, and accuracy are
communications, not working papers. desirable qualities of
Answer (D) is incorrect. Management of the security division might working papers, but completeness and support for conclusions are
be shown paramount
working papers relevant to an investigation but does not have the considerations.
status of a Answer (B) is incorrect. Working papers should be uniform and
reviewer. consistent.
[627] Gleim #: 7.2.14 Answer (C) is incorrect. Working papers should contain only
Standardized working papers are often used, chiefly because they information related to an
allow working engagement objective.
papers to be prepared more Answer (D) is incorrect. Copies of engagement client records should
A. Efficiently. be included
B. Professionally. whenever necessary.
C. Neatly. [629] Gleim #: 7.3.16
D. Accurately. An internal auditor prepared a working paper that consisted of a list
Answer (A) is correct. Standardized engagement working papers, of employee
such as names and identification numbers as well as the following statement:
By matching random numbers with employee identification numbers, internal auditor used scratch paper and copies of the reports to verify
40 employee the accuracy of
personnel files were selected to verify that they contain all computations and compared the data used in the computations with
documents required by the supporting
organization’s policy 501. No exceptions were noted. documents. The internal auditor wrote a note for the working papers
The internal auditor did not place any tick marks on this working describing these
paper. Which one of procedures and then discarded the scratch paper and report copies.
the following changes will improve the internal auditor’s working The note stated,
paper the most? The ratios and other statistics in the quarterly reports to the board
Use of tick marks to show that each A. file was examined. were checked for the
B. Removal of the employee names to protect their confidentiality. last 4 quarters and appropriate supporting documents were
C. Justification for the sample size. examined. All amounts
D. Listing of the actual documents examined for each employee. appear to be appropriate.
Answer (A) is incorrect. Tick marks are not necessary. The same In this situation,
procedures were Four quarters do not provide a large enough sample on which to
applied to all sample items, and no exceptions were detected. base a
Answer (B) is incorrect. Working papers are kept confidential, so conclusion.
removal of A.
employee names is unnecessary. The internal auditor’s working papers are not sufficient to facilitate an
Answer (C) is correct. The working paper should fully document the efficient
use of review of the internal auditor’s work.
statistical techniques. Thus, it should specify how the sample size for B.
this attribute The internal auditor should have included the scratch paper in C. the
sampling application was determined (factors such as confidence working papers.
level, precision, The internal auditor did not consider whether the information in the
etc.) report to the
Answer (D) is incorrect. Reference to the organization’s policy is board was compiled efficiently.
equivalent to D.
listing the documents examined. Answer (A) is incorrect. The problem did not state or imply that
Gleim CIA Test Prep: Part 1 - Internal Audit Basics sampling was
(720 questions) used.
Copyright 2013 Gleim Publications Inc. Page 346 Answer (B) is correct. The internal auditor’s working papers do not
Printed for Sanja Knezevic support the
fb.com/ciaaofficial conclusions and engagement results because they do not document
[630] Gleim #: 7.3.17 the procedures
Productivity statistics are provided quarterly to the board of directors. and the information obtained. A reviewer cannot check the internal
An internal auditor’s work
auditor checked the ratios and other statistics in the four most recent without obtaining additional copies of the quarterly reports and
reports. The independently
recalculating the statistics. The review would be more efficient if the support in circumstances such as insurance claims, fraud cases, and
internal lawsuits. Claims
auditor had included the graphs in the working papers and had used analysis is appropriately included in the working papers because it
tick marks permits assessment
with explanations to show which computations were checked and to of the risks associated with the two key factors (equipment in use
describe what and time spent by
the internal auditor did to verify the amounts used in the employees at such equipment) leading to claims.
computations. Answer (B) is incorrect. Confirmations of workers’ compensation
Answer (C) is incorrect. Scratch paper is usually not suitable for claims fail to
working papers. identify exposure to risks; they only support claims paid by the carrier
Unorganized working papers are difficult to review and understand. under the
Answer (D) is incorrect. The problem did not state or imply that an workers’ compensation policies.
objective of Answer (C) is incorrect. Documentation supporting purchases of
the engagement was to evaluate efficiency. personal computers
[631] Gleim #: 7.3.18 cannot be expected to address risk assessments.
Employees using personal computers have been reporting Answer (D) is incorrect. Listings of all personal computers in use
occupational injuries and and the employees
claiming substantial workers’ compensation benefits. The working using them fail to indicate the risks associated with the extent of
papers of an usage and the type of
engagement performed to determine the extent of the organization’s equipment.
exposure to such [632] Gleim #: 7.3.19
personal injury liability should include Which of the following is an unnecessary feature of a working paper
Analysis of claims by type of equipment and extent of use by prepared in
individual connection with maintenance costs?
employees. The internal auditor has initialed and dated the working paper as of
A. the date
Confirmations from insurance carriers as to claims paid under completed even though the working paper was prepared over the
workers’ preceding 4
compensation policies in force. working days.
B. A.
C. Reviews of documentation supporting purchases of personal Total repair expense for the month preceding the engagement B. is
computers. shown.
D. Listings of all personal computers in use and the employees who The chief audit executive has initialed the working paper as reviewer
use them. although the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics working paper was prepared by another person.
(720 questions) C.
Copyright 2013 Gleim Publications Inc. Page 347 Total acquisition cost of property, plant, and equipment for the
Printed for Sanja Knezevic preceding month is
Answer (A) is correct. One potential use of engagement working shown.
papers is to provide D.
Answer (A) is incorrect. The date of completion and signature or Answer (A) is incorrect. Program documentation is likely to change
initials of the each year and
internal auditor are important for control of the engagement. will require reevaluation during each engagement.
Answer (B) is incorrect. The working papers concern maintenance Answer (B) is incorrect. Auditor-prepared programs and test data
cost, and the are likely to change
amount for the month preceding the engagement is necessary for each year and will require reevaluation for each engagement.
subsequent Answer (C) is incorrect. Prior year’s working papers revised to
period review. reflect changes in the
Answer (C) is incorrect. Working papers that document the current year pertain to the current year’s engagement. Thus, they
engagement should should be contained
be prepared by the internal auditor and reviewed by management of in the current section of the working papers.
the internal Answer (D) is correct. The permanent section of the working papers
audit activity. should contain
Answer (D) is correct. Because total acquisition cost of property, the information necessary for continuing engagements.
plant, and Administrative controls over
equipment is irrelevant to maintenance costs, this feature is the computer operations of each location, which are not likely to
unnecessary to change from year to
support the observations, conclusions, and recommendations year, are appropriately included in the permanent section of the
concerning these working papers.
costs. [634] Gleim #: 7.3.21
[633] Gleim #: 7.3.20 Each individual working paper should, at a minimum, contain a(n)
When performing an engagement to evaluate the computerized Expression of the internal auditor’s A. overall opinion.
purchasing activities of B. Tick mark legend.
a manufacturing organization, which of the following should be C. Complete flowchart of the system of internal controls for the area
included in the being reviewed.
permanent file portion of the engagement working papers? D. Descriptive heading.
A. Copies of the computer program documentation. Answer (A) is incorrect. An expression of an opinion in the working
B. Printouts using internal auditor-prepared programs and test data. papers is
C. Prior year’s working papers revised to reflect changes during the premature and an indicator of bias.
current year. Answer (B) is incorrect. A tick mark legend should not appear on
Information concerning administrative controls over the computer each working
operations at paper.
each location. Answer (C) is incorrect. A flowchart of internal controls will likely be
D. included
Gleim CIA Test Prep: Part 1 - Internal Audit Basics in a working paper at the beginning of a significant engagement
(720 questions) segment, but each
Copyright 2013 Gleim Publications Inc. Page 348 working paper will not contain a flowchart.
Printed for Sanja Knezevic Answer (D) is correct. Each working paper must, at a minimum,
fb.com/ciaaofficial identify the
engagement and describe the contents or purpose of the working Answer (D) is incorrect. The purpose of supervisory review of
paper, for working papers is to
example, in the heading. Also, each working paper should be signed determine that working papers adequately support observations,
(initialed) conclusions, and
and dated by the internal auditor and contain an index or reference recommendations.
number. [636] Gleim #: 7.3.23
Furthermore, verification symbols (tick marks) are likely to appear on Internal auditors often include summaries within their working
most papers. Which of the
working papers and should be explained. following best describes the purpose of such summaries?
[635] Gleim #: 7.3.22 Summaries are prepared to conform A. with the Standards.
Engagement working papers are indexed by means of reference Summaries are usually required to complete each section of an
numbers. The primary engagement work
purpose of indexing is to program.
A. Permit cross-referencing and simplify supervisory review. B.
B. Support the final engagement communication. Summaries distill the most useful information from several working
C. Eliminate the need for follow-up reviews. papers into a
Determine that working papers adequately support observations, more usable form.
conclusions, and C.
recommendations. Summaries document that the internal auditor has considered all
D. relevant
Gleim CIA Test Prep: Part 1 - Internal Audit Basics information.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 349 Answer (A) is incorrect. Summaries are not required by the
Printed for Sanja Knezevic Standards.
Answer (A) is correct. Indexing permits cross-referencing. It is Answer (B) is incorrect. Summaries are not usually required by
important because it engagement work
simplifies supervisory review either during the engagement or programs.
subsequently by creating Answer (C) is correct. Working papers document an engagement.
a trail of related items through the working papers. It thus facilitates They contain
preparation of the records of planning, the preliminary survey, the engagement work
final engagement communications, later engagements for the same program,
engagement client, the results of field work, and other related matters. Summaries help
and internal and external assessments of the internal audit activity. to coordinate
Answer (B) is incorrect. The working papers as a whole should working papers related to a subject by providing concise statements
support the final of the most
engagement communication. important information. Thus, they provide for an orderly and logical
Answer (C) is incorrect. Follow-up is necessitated by engagement flow of
client conditions, information and facilitate supervisory review.
not the state of working papers. Answer (D) is incorrect. Summaries are not necessary to document
that the
internal auditor has considered all relevant information. information, but appropriately cross-referencing information in the
[637] Gleim #: 7.3.24 working papers
When engagement conclusions are challenged, the internal auditor’s assists in the factual rebuttal of challenges.
factual rebuttal is [638] Gleim #: 7.3.25
best facilitated by Which of the following conditions constitutes inappropriate working-
A. Summaries in the engagement work program. paper
B. Pro forma working papers. preparation?
C. Cross-referencing of the working papers. All forms and directives used by the engagement client are included
D. Explicit procedures in the engagement work program. in the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics working papers.
(720 questions) A.
Copyright 2013 Gleim Publications Inc. Page 350 Flowcharts are included in B. the working papers.
Printed for Sanja Knezevic C. Engagement observations are cross-referenced to supporting
fb.com/ciaaofficial documentation.
Answer (A) is incorrect. The engagement work program guides the D. Tick marks are explained in notes.
collection of Answer (A) is correct. Performance Standard 2330 states that
information, but appropriately cross-referencing information in the internal auditors
working papers must document relevant information to support the conclusions and
assists in the factual rebuttal of challenges. engagement
Answer (B) is incorrect. Pro forma working papers save time in the results. Thus, working papers should be confined to information that
information is material
collection process by guiding the internal auditor to ensure that all and relevant to the engagement and the observations, conclusions,
significant points and
are covered. recommendations. Hence, forms and directives used by the
Answer (C) is correct. Each working paper should have an index or engagement client
reference number. should be included only to the extent they support the observations,
Indexing permits cross-referencing, which simplifies supervisory conclusions,
review either during and recommendations and are consistent with engagement
the engagement or subsequently by creating an information trail of objectives.
related items Answer (B) is incorrect. A graphic representation of the engagement
through the working papers. It thus facilitates preparation of the final client’s
engagement controls, document flows, and other activities is often vital for
communication, later engagements involving the same client, internal understanding
and external operations and is therefore a necessary part of the documentation.
quality assessments, and factual rebuttal of challenges by clearly Answer (C) is incorrect. Cross-referencing is essential to the orderly
identifying sources arrangement
and locations of facts. and understanding of working papers and reduces duplication.
Answer (D) is incorrect. The engagement work program guides the Answer (D) is incorrect. Tick marks are verification symbols that
collection of should be
standard throughout the engagement. They should be described in a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
note. (720 questions)
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Copyright 2013 Gleim Publications Inc. Page 352
(720 questions) Printed for Sanja Knezevic
Copyright 2013 Gleim Publications Inc. Page 351 fb.com/ciaaofficial
[639] Gleim #: 7.3.26 XYZ
Which type of working-paper summary is typically used to Bank Reconciliation
consolidate numerical data June 30, Year 1
scattered among several schedules? (Amounts in currency units)
Statistical A. summaries. Balance per bank (a) 16,482.97
B. Segment summaries. Deposits in transit (b)
C. Results summaries. 6/29 2,561.14
D. Pyramid summaries. 6/30 1,572.28 4,133.42
Answer (A) is correct. Summarization of facts in the working papers Subtotal 20,616.39
is a means Outstanding checks
of emphasizing important information, establishing perspective, (c)
providing an 248 842.11
overview, aiding memory, training staff, facilitating supervisory 952 2,000.00
review, and 968 571.00
controlling engagements. By the use of indexing and cross- 969 459.82
referencing, summaries 970 714.25 4,587.18
may be used to relate different working papers that concern a given Subtotal 16,029.21
point. A Bank service charge 12.50
statistical summary condenses the related numerical information NSF check returned
from engagement (d)
work programs. 350.00
Answer (B) is incorrect. A segment summary is a narrative with Error on check #954 (14.00)
respect to a Balance per books (e) To T/B 16,377.71
particular part of the engagement. It should appear at the beginning Legend:
of each (a) Confirmed with bank -- see
section of the working papers, which should be organized logically confirmation on W/P A-4.
according to (b)Verified by tracing to July 15
the different objectives of the engagement. cutoff statement; traced to cash
Answer (C) is incorrect. A results summary provides the significant receipts journal.
facts about (c) Okay.
engagement observations. (d)Examined supporting
Answer (D) is incorrect. The term “pyramid summaries” is not documentation and traced to final
meaningful in this disposition.
context. (e) Footed total and compared with
balance in general ledger. 6/29 2,561.14
This working paper will be considered deficient if which other 6/30 1,572.28 4,133.42
relevant engagement Subtotal 20,616.39
working paper is not cross-referenced and included in the cash Outstanding checks
section of the workingpaper (c)
file? 248 842.11
A. Petty cash count. 952 2,000.00
B. Confirmation of cash balance with bank. 968 571.00
C. Copies of deposit slips for deposits in transit. 969 459.82
D. Engagement client representation that the cash balance per 970 714.25 4,587.18
books was accurate. Subtotal 16,029.21
Answer (A) is incorrect. Petty cash is not relevant. This working Bank service charge 12.50
paper concerns NSF check returned
cash in the bank. (d)
Answer (B) is correct. Confirming the cash balance in the bank 350.00
account as of the Error on check #954 (14.00)
end of the period is a standard engagement procedure. It provides Balance per books (e) To T/B 16,377.71
direct, Legend:
externally generated information to support the reported cash (a) Confirmed with bank -- see
amount. confirmation on W/P A-4.
Answer (C) is incorrect. Under ordinary circumstances, copies of (b)Verified by tracing to July 15
deposit slips are cutoff statement; traced to cash
not required as long as an adequate explanation of engagement receipts journal.
procedures relative (c) Okay.
to deposits in transit is provided. (d)Examined supporting
Answer (D) is incorrect. The engagement client’s representation is documentation and traced to final
not relevant disposition.
when outside confirmation and analysis of cash records supports the (e) Footed total and compared with
cash balance. balance in general ledger.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A deficiency in this working paper is that
(720 questions) A standardized cash reconciliation working A. paper was not used.
Copyright 2013 Gleim Publications Inc. Page 353 B. All verification symbols were not properly explained.
Printed for Sanja Knezevic C. Analytical review procedures were not performed.
[641] Gleim #: 7.3.28 D. Cross-referencing of working papers was not accomplished.
XYZ Answer (A) is incorrect. Efficiency can be achieved through
Bank Reconciliation standardization;
June 30, Year 1 however, not every working paper can be standardized. This working
(Amounts in currency units) paper may
Balance per bank (a) 16,482.97 be subject to standardization but is not inadequate in that respect.
Deposits in transit (b)
Answer (B) is correct. Each engagement working paper should B.
contain a heading, Eliminate any cross-references to other working papers because the
which usually consists of the name of the client’s organization or system is
function, a title unclear.
or description of the contents or purpose of the paper, and the date C.
or period Provide a cross-referencing system that shows the relationship
covered. Each working paper should be signed (initialed) and dated among
by the internal observations, conclusions, recommendations, and the related facts.
auditor and contain an index or reference number. Verification D.
symbols (tick Answer (A) is incorrect. A full set of properly indexed and cross-
marks) are also likely to appear on most working papers and should referenced
be adequately working papers, not a separate analysis, is necessary.
explained in a note. In this example, the explanation for tick mark (c) Answer (B) is incorrect. Proper cross-referencing avoids the need to
does not memorize
detail the procedures used to review outstanding checks. the locations of supporting information.
Answer (C) is incorrect. Analytical procedures are usually not as Answer (C) is incorrect. Cross-references should be added, not
relevant to the deleted.
examination of cash as to other assets and liabilities. Answer (D) is correct. Cross-referencing is important because it
Answer (D) is incorrect. Cross-referencing was accomplished. simplifies review
Gleim CIA Test Prep: Part 1 - Internal Audit Basics either during the engagement or subsequently by creating a trail of
(720 questions) related items
Copyright 2013 Gleim Publications Inc. Page 354 through the working papers. It thus facilitates preparation of the final
Printed for Sanja Knezevic engagement
fb.com/ciaaofficial communication and later engagements for the same engagement
[642] Gleim #: 7.3.29 client.
During the working-paper review, an internal auditing supervisor finds [643] Gleim #: 7.3.30
that the Which of the following concepts distinguishes the retention of
internal auditor’s observations are not adequately cross-referenced computerized audit
to supporting documentation from the traditional hard copy form?
documentation. The supervisor will most likely instruct the internal Analyses, conclusions, and recommendations are filed on electronic
auditor to media and are
Prepare a working paper to indicate that the full scope of the therefore subject to computer system controls and security
engagement was procedures.
carried out. A.
A. Evidential support for all findings is copied and provided to local
Familiarize him/herself with the sequence of working papers so that management
(s)he will be during the closing conference and to each person receiving the final
able to answer questions about the conclusions stated in the final report.
engagement B.
communication.
Computerized data files can be used in computer C. audit D. Misplaces working papers occasionally.
procedures. Answer (A) is incorrect. Continuous physical control of working
Audit programs can be standardized to eliminate the need for a papers during
preliminary survey fieldwork may be appropriate.
at each location. Answer (B) is incorrect. Engagement clients may be shown working
D. papers with
Answer (A) is correct. The only difference between the the CAE’s approval.
computerized audit Answer (C) is incorrect. Internal and external auditors commonly
documentation and hard copy form is how the working papers are grant access to
stored. each others’ work programs and working papers.
Electronic audit documentation is saved either on disks or hard drive, Answer (D) is correct. The internal audit activity controls
whereas engagement working
hard copy is stored in a file cabinet. Unlike computerized audit papers and provides access to authorized personnel only (PA
documentation, 2330.A1-1, para. 1).
hard copies are not subject to computer controls and security By misplacing working papers occasionally, the internal auditor is
procedures. thus violating
Answer (B) is incorrect. Evidential support would be retained and the confidentiality concept.
provided on [645] Gleim #: 7.4.32
the basis of the nature of the finding and not the media used for Working papers contain a record of engagement work performed and
storing audit much
documentation. confidential information. They are the property of the internal audit
Answer (C) is incorrect. This capability is not an exclusive function activity, which is
of responsible for their security. Which of the following is the most
computerized audit documentation. important control
Answer (D) is incorrect. Though the nature of the preliminary survey requirement for working papers?
may change A. Allow access to working papers only to internal audit activity
in some cases, the requirement for this phase of the audit is not personnel.
eliminated by Provide for the protection of working papers at all times and to the
computerized audit documentation. extent
Gleim CIA Test Prep: Part 1 - Internal Audit Basics appropriate.
(720 questions) B.
Copyright 2013 Gleim Publications Inc. Page 355 Make the administrative section of the internal audit activity
Printed for Sanja Knezevic responsible for the
[644] Gleim #: 7.4.31 security of working papers.
Which of the following actions constitutes a violation of the C.
confidentiality concept D. Purge working papers periodically of materials that are considered
regarding working papers? An internal auditor confidential.
Takes working papers to his/her hotel A. room overnight. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Shows working papers on occasion to engagement clients. (720 questions)
C. Allows the external auditor to copy working papers. Copyright 2013 Gleim Publications Inc. Page 356
Printed for Sanja Knezevic Answer (A) is correct. The working papers are essential to the
fb.com/ciaaofficial proper functioning
Answer (A) is incorrect. Working papers may be shown to of the internal audit activity. Among many other purposes, they
engagement clients or document the
others if engagement objectives will not be compromised. information obtained, the analyses made, and the support for the
Answer (B) is correct. Working papers should always be properly conclusions and
protected. During engagement results. Unauthorized changes or removal of
the field work, they should be in the internal auditor’s physical information would
possession or control or seriously compromise the integrity of the internal audit activity’s work.
otherwise protected against fire, theft, or other disaster. For example, For this
the internal reason, the chief audit executive must ensure that working papers
auditor may use the engagement client’s safe or other security are kept secure.
facilities. In the internal Answer (B) is incorrect. Engagement clients may be shown working
auditing office, they should be kept in locked files and should be papers in
formally signed out proper circumstances, for example, when client fraud is not an issue.
when removed from the files. When others (government auditors, the Answer (C) is incorrect. A secondary objective is to facilitate
external audit subsequent
firm, etc.) review the working papers, the reviews should take place engagements in the same department.
in the internal Answer (D) is incorrect. A secondary objective is to facilitate
auditing office. Secure files should be provided for long-term storage, engagements by
and itemized external auditors.
records of their location should be maintained. When electronic Gleim CIA Test Prep: Part 1 - Internal Audit Basics
working papers are (720 questions)
placed online, computer system security measures should be similar Copyright 2013 Gleim Publications Inc. Page 357
to those used for Printed for Sanja Knezevic
other highly sensitive information of the organization. [647] Gleim #: 7.4.34
Answer (C) is incorrect. This arrangement is awkward for working A fire destroyed a large portion of an organization’s inventory.
papers needed at Management is filing
the engagement site. an insurance claim and needs to use the internal auditors’ working
Answer (D) is incorrect. Lack of relevance to future needs, not papers in preparing
confidentiality, is the the claim. Management
criterion for destruction of working papers. May not use the working papers in preparing A. the claim.
[646] Gleim #: 7.4.33 May use the working papers in preparing the claim, but such use
The primary objective of maintaining security over working papers is should be
to approved by the chief audit executive.
Prohibit unauthorized changes or removal A. of information. B.
B. Prohibit engagement clients from seeing working papers. Should be precluded from preparing the claim, and this function
C. Facilitate subsequent engagements in the same department. should be
D. Facilitate engagements by external auditors. performed by the internal audit activity.
C.
May use the working papers in preparing the claim, but such use when their involvement in fraud is suspected.
should be Answer (B) is incorrect. The working papers usually should not be
approved by the organization’s external auditors. shown to
D. engagement clients when internal auditor-client relations might
Answer (A) is incorrect. Working papers may be used for “other thereby be
business damaged or the engagement objectives compromised.
purposes.” Answer (C) is incorrect. Access to noncontroversial matter may
Answer (B) is correct. One potential use of engagement working nevertheless
papers is to permit circumvention of engagement procedures.
provide support in the organization’s pursuit of insurance claims, Answer (D) is correct. When the engagement objectives will not be
fraud cases, and compromised, the internal auditor may show all or part of the working
lawsuits. In such cases, management and other members of the papers to
organization may the engagement client. For instance, the results of certain
request access to engagement working papers. This access may be engagement procedures
necessary to may be shared with the engagement client to encourage corrective
substantiate or explain engagement observations and action. Thus,
recommendations or to use working papers as well as drafts of engagement communications
engagement documentation for other business purposes. The CAE may be reviewed
should approve with engagement clients to verify their accuracy, completeness, and
these requests. Accordingly, the insurance claim is an “other significance.
business purpose,” But complete disclosure may permit circumvention of the internal
and management may use the internal auditors’ working papers in auditors’
preparing the procedures, and working papers should never be shared with
claim. engagement clients
Answer (C) is incorrect. Management, not the internal audit activity, in fraud investigations.
should Gleim CIA Test Prep: Part 1 - Internal Audit Basics
prepare the insurance claim. (720 questions)
Answer (D) is incorrect. The approval of external auditors is not Copyright 2013 Gleim Publications Inc. Page 358
needed. Printed for Sanja Knezevic
The internal auditor is most likely to make working papers available [649] Gleim #: 7.5.36
to the Working papers should be disposed of when they are of no further
engagement client when use. Retention
A. Fraud is suspected. policies must
B. The internal auditors have recorded specific damaging comments. Specify a minimum retention A. period of 3 years.
C. The internal auditor considers the content noncontroversial. B. Be prepared by the audit committee.
D. Engagement client comments are needed to evaluate significance C. Be approved by legal counsel.
and accuracy. D. Be approved by the external auditor.
Answer (A) is incorrect. Working papers are never shown to Answer (A) is incorrect. Working papers should not be retained for
engagement clients an arbitrary
period. The duration of retention is a function of usefulness, including These retention requirements must be consistent with the
legal organization’s
considerations. guidelines and any pertinent regulatory or other requirements
Answer (B) is incorrect. The CAE must develop retention policies. (Impl. Std. 2330.A2). Although working papers pertaining to fraud
Answer (C) is correct. The chief audit executive must develop investigations
retention might be kept apart from others, no working paper will have to be
requirements for engagement records, regardless of the medium in kept
which each indefinitely.
record is stored. These retention requirements must be consistent Answer (C) is incorrect. Approval by legal counsel is appropriate.
with the Answer (D) is incorrect. Legal and contractual requirements may
organization’s guidelines and any pertinent regulatory or other determine the
requirements retention period.
(Impl. Std. 2330.A2). Thus, approval by the organization’s legal Gleim CIA Test Prep: Part 1 - Internal Audit Basics
counsel is (720 questions)
appropriate. Copyright 2013 Gleim Publications Inc. Page 359
Answer (D) is incorrect. Retention policies need not be approved by Printed for Sanja Knezevic
the external [651] Gleim #: 7.5.38
auditor. When current-file working papers are no longer of use to the internal
[650] Gleim #: 7.5.37 audit activity,
Which of the following states an inappropriate policy relating to the they should be
retention of A. Destroyed.
engagement working papers? B. Placed in the custody of the organizational legal department for
A. Working papers should be disposed of when they have no further safekeeping.
use. C. Transferred to the permanent file.
B. Working papers prepared for fraud investigators should be D. Transferred to the custody of the engagement client for ease of
retained indefinitely. future records.
C. Working-paper retention schedules should be approved by legal Answer (A) is correct. Working papers should be destroyed after
counsel. they have
Working-paper retention schedules should consider legal and served their purpose. Any parts having continuing value should be
contractual brought
requirements. forward to current working papers or to the permanent file.
D. Answer (B) is incorrect. If working papers are useful, they should be
Answer (A) is incorrect. The duration of retention should be controlled
determined by by the internal auditors.
usefulness. Answer (C) is incorrect. Useless working papers should be
Answer (B) is correct. The CAE must develop retention destroyed.
requirements for Answer (D) is incorrect. Engagement clients should not have
engagement records, regardless of the medium in which each record custody of
is stored. confidential papers.
[652] Gleim #: 7.5.39
The best description of the principal purpose for retaining working disclosure.
papers is to C.
A. Help perform the engagement in an orderly fashion. Documents revealing attorneys’ thought processes will be subject to
B. Maintain the engagement work program for reuse in the next forced
engagement. disclosure.
C. Provide support for the final engagement communication. D.
D. Provide a basis for supervisory review. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (A) is incorrect. An important but secondary purpose of (720 questions)
working paper Copyright 2013 Gleim Publications Inc. Page 360
retention is orderly performance of engagements. Printed for Sanja Knezevic
Answer (B) is incorrect. An important but secondary purpose of fb.com/ciaaofficial
working paper Answer (A) is correct. Most of an organization’s records that are not
retention is the reuse of work programs. protected by the
Answer (C) is correct. Engagement working papers provide the attorney-client privilege may be accessible in criminal proceedings.
principal support In noncriminal
for the engagement results (PA 2330-1, para. 2). They should be proceedings, the issue of access is less clear (PA 2330.A1-2, para.
retained after the 1).
final engagement communication has been issued for a time that is Answer (B) is incorrect. The work product of attorneys, not auditors,
consistent with is usually
organizational guidelines and any pertinent regulatory or other protected.
requirements. Answer (C) is incorrect. A mere expectation of confidentiality does
Answer (D) is incorrect. An important but secondary purpose of not protect
working paper records from disclosure if they are not subject to a legal privilege.
retention is supervisory review. Answer (D) is incorrect. Documents revealing attorneys’ thought
[653] Gleim #: 7.5.40 processes or
An internal audit activity’s policies regarding engagement records strategies are usually privileged.
should address such [654] Gleim #: 7.6.41
matters as their content, retention period, handling of access Which of the following tools would best give a graphical
requests, and representation of a sequence
responsibility for control and security. Which of the following of activities and decisions?
statements relevant to A. Flowchart.
the development of these policies is true? B. Control chart.
Most records not protected by the attorney-client privilege are C. Histogram.
accessible in D. Run chart.
criminal proceedings. Answer (A) is correct. Flowcharting is an essential aid in the
A. program
B. The work product of the internal auditors is protected from development process that involves a sequence of activities and
disclosure. decisions. A
Records created with an expectation of confidentiality are protected flowchart is a pictorial diagram of the definition, analysis, or solution
from of a
problem in which symbols are used to represent operations, data system that a flowchart does.
flow, equipment, Answer (D) is incorrect. A detailed narrative does not provide the
etc. means of evaluating
Answer (B) is incorrect. A control chart is used to monitor deviations complex operations that a flowchart does.
from [656] Gleim #: 7.6.43
desired quality measurements during repetitive operations. Internal auditors often flowchart a control system and reference the
Answer (C) is incorrect. A histogram is a bar chart showing flowchart to
conformance to a narrative descriptions of certain activities. This is an appropriate
standard bell curve. procedure to
Answer (D) is incorrect. A run chart tracks the frequency or amount Determine whether the system meets established management A.
of a given objectives.
variable over time. B. Document that the system meets international auditing
[655] Gleim #: 7.6.42 requirements.
Which method of evaluating internal controls during the preliminary C. Determine whether the system can be relied upon to produce
survey provides accurate information.
the internal auditor with the best visual grasp of a system and a D. Gain the understanding necessary to test the effectiveness of the
means for analyzing system.
complex operations? Answer (A) is incorrect. To determine whether the system meets
A. A flowcharting approach. established
B. A questionnaire approach. management objectives, the auditor must perform more extensive
C. A matrix approach. procedures. A
D. A detailed narrative approach. flowchart is an aid to understanding the system. It does not provide
Gleim CIA Test Prep: Part 1 - Internal Audit Basics evidence
(720 questions) about the actual operating effectiveness of the system.
Copyright 2013 Gleim Publications Inc. Page 361 Answer (B) is incorrect. International auditing standards do not
Printed for Sanja Knezevic require the use of
Answer (A) is correct. Flowcharts are graphical representations of flowcharts.
the step-by-step Answer (C) is incorrect. To determine whether the system can be
progression of transactions, including document (information) relied upon to
preparation, produce accurate information, the auditor must perform more
authorization, flow, storage, etc. Flowcharting allows the internal extensive
auditor to analyze a procedures. A flowchart is an aid to understanding the system. It
system and to identify the strengths and weaknesses of the does not provide
purported internal controls evidence about the actual operating effectiveness of the system.
and the appropriate areas of audit emphasis. Answer (D) is correct. Flowcharting is a pictorial method of
Answer (B) is incorrect. A questionnaire approach provides only an analyzing and
agenda for understanding the processes and procedures involved in operations,
evaluation. whether
Answer (C) is incorrect. A matrix approach does not provide the manual or computerized. Flowcharting is therefore useful in the
visual grasp of the preliminary
survey and in obtaining an understanding of internal control. It is also Answer (B) is incorrect. This information is not given in a flowchart.
helpful in Answer (C) is incorrect. This information is not given in a flowchart.
systems development. Answer (D) is correct. Flowcharts are graphical representations of
[657] Gleim #: 7.6.44 the step-bystep
An internal auditor develops a flowchart primarily to progression of transactions including document (information)
A. Detect errors and irregularities. preparation,
B. Analyze a system and identify internal controls. authorization, flow, storage, etc. Flowcharting allows the internal
C. Determine functional responsibilities. auditor to
D. Reduce the need for interviewing auditee personnel. analyze a system and to identify the strengths and weaknesses of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the purported
(720 questions) internal controls and the appropriate areas of audit emphasis.
Printed for Sanja Knezevic Of the following, which is the most efficient source for an auditor to
fb.com/ciaaofficial use to evaluate a
Answer (A) is incorrect. Flowcharts only show where errors and company’s overall control system?
irregularities might A. Control flowcharts.
occur. B. Copies of standard operating procedures.
Answer (B) is correct. Flowcharting is a tool commonly used to learn C. A narrative describing departmental history, activities, and forms
what set of usage.
procedures is supposed to be in effect in a control system. An D. Copies of industry operating standards.
internal control Answer (A) is correct. Control flowcharting is a graphical means of
flowchart is a pictorial diagram of documents and their processing representing
and disposition the sequencing of activities and information flows with related control
within the system. It is a basis for preliminary evaluation and is points. It
followed by testing to provides an efficient and comprehensive method of describing
see if the prescribed procedures are in effect and are working as relatively complex
intended. activities, especially those involving several departments.
Answer (C) is incorrect. Questionnaires are used to determine Answer (B) is incorrect. Copies of procedures and related forms do
functional not provide
responsibilities. an efficient overview of processing activities.
Answer (D) is incorrect. Flowchart development usually requires Answer (C) is incorrect. A narrative review covering the history and
asking questions of forms usage
the auditee. of the department is not as efficient or comprehensive as
[658] Gleim #: 7.6.45 flowcharting for the
An auditor frequently uses flowcharts to determine whether there is purpose of communicating relevant information about controls.
Satisfactory performance A. of an operation. Answer (D) is incorrect. Industry standards do not provide a picture
B. Sufficient but not excessive personnel assigned to an operation. of existing
C. Authority to meet the performance criteria. practice for subsequent audit activity.
D. Inefficiency and lack of controls. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (A) is incorrect. This information is not given in a flowchart. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 363 documentation with a copy of the program flowchart. Prepare an
Printed for Sanja Knezevic overview
[660] Gleim #: 7.6.47 flowchart that links these details.
A flowchart of process activities and controls may provide A.
Information on where A. fraud could occur. Start with a shipment of goods and trace the transaction back
B. Information on the extent of a past fraud. through the
C. An indication of where fraud has occurred in a process. origination of the sales order as received from the sales
D. No information related to fraud prevention. representative.
Answer (A) is correct. Flowcharting is a pictorial method of analyzing B.
and Start with the receipt of a sales order from a sales representative and
understanding the processes and procedures involved in operations, “walk
whether through” both the manual and computerized processing at
manual or computerized. Flowcharting is therefore useful in the headquarters and the
preliminary plant until the goods are shipped and billed.
survey and in obtaining an understanding of internal control. It is also C.
helpful in Obtain a copy of the plants’ systems flowchart for the sales process,
systems development. Consequently, by indicating control interview
weaknesses, flowcharts relevant personnel to determine if any changes have been made,
show where fraud may occur. and then develop
Answer (B) is incorrect. Flowcharts do not provide any evidence of an overview flowchart which will highlight the basic process.
the extent of D.
fraud. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (C) is incorrect. Other procedures would be needed to (720 questions)
detect where fraud Copyright 2013 Gleim Publications Inc. Page 364
has occurred. Printed for Sanja Knezevic
Answer (D) is incorrect. Flowcharts provide evidence of where fraud fb.com/ciaaofficial
may occur. Answer (A) is incorrect. The issue is the processing of sales orders,
Flowcharts therefore help in prevention. not the system for
[661] Gleim #: 7.6.48 making changes in the sales price data.
The internal auditor wishes to develop a flowchart of (1) the process Answer (B) is incorrect. Starting with the completed transaction
of receiving sales does not identify
order information at headquarters, (2) the transmission of the data to processing steps in which documents or data were diverted and
the plants to processed separately.
generate the shipment, and (3) the plants’ processing of the Answer (C) is correct. The survey during the engagement planning
information for shipment. phase helps the
The internal auditor should internal auditor to become familiar with activities, risks, and controls
Start with management’s decisions to set sales prices. Gather and to identify
internal areas for audit emphasis. Flowcharting is a typical survey procedure,
documentation on the approval process for changing sales prices. and the walkthrough
Complement is a means of gathering information to be reflected in the flowchart.
Answer (D) is incorrect. Processing steps that occur other than at Printed for Sanja Knezevic
the plant level must Answer (A) is incorrect. The figure does not show physical media or
also be considered. input/output
[662] Gleim #: 7.6.49 procedures (manifestations of how the system works rather than
The diamond-shaped symbol is commonly used in flowcharting to what it accomplishes).
show or represent a Flowcharts depict these matters.
Process or a single step in a procedure A. or program. Answer (B) is incorrect. The figure is a data flow diagram; it depicts
B. Terminal output display. the flow of data
C. Decision point, conditional testing, or branching. within and out of the system. Flowcharts show how input/output
D. Predefined process. procedures are
Answer (A) is incorrect. The rectangle is the appropriate symbol for conducted.
a process or Answer (C) is correct. A data flow diagram shows how data flow to,
a single step in a procedure or program. from, and within
Answer (B) is incorrect. A terminal display is signified by a symbol a system and the processes that manipulate the data.
similar to the Answer (D) is incorrect. The figure does not show how
shape of a cathode ray tube. accountability is allocated in
Answer (C) is correct. Flowcharts illustrate in pictorial fashion the the system. Accountability transfers are usually shown in flowcharts.
flow of data, [664] Gleim #: 7.6.51
documents, and/or operations in a system. Flowcharts may (Refer to Figure CIA2_08_14.)
summarize a system or This figure could be expanded to show the
present great detail, e.g., as found in program flowcharts. The Edit checks used in preparing purchase orders A. from stock records.
diamond-shaped B. Details of the preparation of purchase orders.
symbol represents a decision point or test of a condition in a program C. Physical media used for stock records, the vendor file, and
flowchart, purchase orders.
that is, the point at which a determination must be made as to which D. Workstations required in a distributed system for preparing
logic path purchase orders.
(branch) to follow. Answer (A) is incorrect. A data flow diagram does not depict edit
Answer (D) is incorrect. A predefined processing step is represented checks.
by a Answer (B) is correct. A data flow diagram can be used to depict
rectangle with double lines on either side. lower-level
[663] Gleim #: 7.6.50 details as well as higher-level processes. A system can be divided
(Refer to Figure CIA2_08_14.) into subsystems,
This figure shows how and each subsystem can be further subdivided at levels of increasing
A. Physical media are used in the system. detail. Thus,
B. Input/output procedures are conducted. any process can be expanded as many times as necessary to show
C. Data flow within and out of the system. the required
D. Accountability is allocated in the system. level of detail.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Flowcharts, not data flow diagrams, show
(720 questions) the physical
media on which data such as stock records, the vendor file, and Answer (D) is incorrect. A systems flowchart should show both
purchase orders manual and computer
are maintained. processing.
Answer (D) is incorrect. Flowcharts, not data flow diagrams, show [666] Gleim #: 7.6.53
the Graphical notations that show the flow and transformation of data
workstations through which data pass and the sequence of activities. within a system or
[665] Gleim #: 7.6.52 business area are called
An internal auditor reviews and adapts a systems flowchart to A. Action diagrams.
understand the flow of B. Program structure charts.
information in the processing of cash receipts. Which of the following C. Conceptual data models.
statements is D. Data flow diagrams.
true regarding the use of such flowcharts? The flowcharts Answer (A) is incorrect. Action diagrams are process logic notations
Show specific control procedures used, such as edit tests that are that
implemented and combine graphics and text to support the definition of technical rules.
batch control reconciliations. Answer (B) is incorrect. Program structure charts are graphical
A. depictions of the
B. Are a good guide to potential segregation of duties. hierarchy of modules or instructions in a program.
C. Are generally kept up to date for systems changes. Answer (C) is incorrect. Conceptual data modules are independent
D. Show only computer processing, not manual processing. definitions of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the data requirements that are explained in terms of entities and
(720 questions) relationships.
Copyright 2013 Gleim Publications Inc. Page 366 Answer (D) is correct. Data flow diagrams show how data flow to,
Printed for Sanja Knezevic from, and
fb.com/ciaaofficial within the system and the processes that manipulate the data. A data
Answer (A) is incorrect. A program flowchart will identify the specific flow diagram
edit tests can be used to depict lower-level details as well as higher-level
implemented. processes. A
Answer (B) is correct. Systems flowcharts are overall graphic system can be divided into subsystems, and each subsystem can be
analyses of the flow of further
data and the processing steps in an information system. Accordingly, subdivided at levels of increasing detail. Thus, any process can be
they can be used expanded as
to show segregation of duties and the transfer of data between many times as necessary to show the required level of detail.
different segments in the [667] Gleim #: 7.6.54
organization. In documenting the procedures used by several interacting
Answer (C) is incorrect. The flowcharts are usually not kept up to departments the internal
date for changes. auditor will most likely use a(n)
Thus, the auditor will have to interview key personnel to determine A. Horizontal (or systems) flowchart.
changes in B. Vertical flowchart.
processing since the flowchart was developed. C. Gantt chart.
D. Internal control questionnaire.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. A vertical flowchart is usually designed to
(720 questions) provide for
Copyright 2013 Gleim Publications Inc. Page 367 written descriptions.
Printed for Sanja Knezevic Answer (B) is correct. A horizontal or systems flowchart depicts the
Answer (A) is correct. Flowcharting is a useful tool for systems functions or
development as well departments involved in a process successively from left to right.
as understanding the internal control structure. A flowchart is a Thus, the steps
pictorial diagram of the performed by a function or department are presented in the same
definition, analysis, or solution of a problem in which symbols are column. A
used to represent vertical flowchart displays step-by-step processes effectively, but it
operations, data flow, equipment, etc. A systems flowchart provides does not
an overall view of delineate the system’s components as well. By emphasizing the flow
the inputs, processes, and outputs of a system, such as a set of of processing
interacting departments. between departments or people, a horizontal flowchart more clearly
Answer (B) is incorrect. A vertical flowchart does not highlight the shows any
interaction inappropriate separation of duties and lack of independent checks on
between departments. performance.
Answer (C) is incorrect. A Gantt chart is not a tool for documenting Answer (C) is incorrect. A horizontal flowchart is usually shorter.
procedures. Gantt Space for
charts typically are used in industry as a method of recording written descriptions is not usually provided.
progress toward goals for Answer (D) is incorrect. More of the flow of processing can be
employees and machinery. depicted on one
Answer (D) is incorrect. An internal control questionnaire does not page than in a vertical flowchart with written descriptions.
highlight the [669] Gleim #: 7.7.56
interaction between departments. Engagement information is usually considered relevant when it is
[668] Gleim #: 7.6.55 A. Derived through valid statistical sampling.
Which of the following is a true statement comparing a horizontal B. Objective and unbiased.
flowchart with a C. Factual, adequate, and convincing.
vertical flowchart? D. Consistent with the engagement objectives.
A horizontal flowchart provides more room for written descriptions Gleim CIA Test Prep: Part 1 - Internal Audit Basics
that parallel (720 questions)
the symbols. Copyright 2013 Gleim Publications Inc. Page 368
A horizontal flowchart brings into sharper focus the assignment of fb.com/ciaaofficial
duties and Answer (A) is incorrect. Whether sampling is appropriate and the
independent checks on performance. results are valid are
B. issues related to the determination of sufficiency and reliability rather
A horizontal flowchart C. is usually longer. than relevance.
D. A horizontal flowchart does not provide as broad a picture at a Answer (B) is incorrect. Objectivity and lack of bias do not ensure
glance. that information
will support observations and recommendations and be consistent the issues is logical is a matter of relevance. Information must be
with the engagement relevant, but
objectives. relevant information may not be sufficient.
Answer (C) is incorrect. Sufficient information is factual, adequate, [671] Gleim #: 7.7.58
and convincing so Reliable information is
that a prudent, informed person would reach the same conclusions Supportive of the engagement observations and consistent with the
as the internal engagement
auditor. objectives.
Answer (D) is correct. Relevant information supports engagement A.
observations and B. Helpful in assisting the organization in meeting prescribed goals.
recommendations and is consistent with the objectives for the Factual, adequate, and convincing so that a prudent person would
engagement reach the same
(Inter. Std. 2310). conclusion as the internal auditor.
[670] Gleim #: 7.7.57 C.
To determine the sufficiency of information regarding interpretation of Competent and the best attainable through the use of appropriate
a contract, an engagement
internal auditor uses techniques.
The best obtainable A. information. D.
B. Subjective judgments. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
C. Objective evaluations. (720 questions)
D. Logical relationships between information and issues. Copyright 2013 Gleim Publications Inc. Page 369
Answer (A) is incorrect. The best information attainable is reliable Printed for Sanja Knezevic
but not Answer (A) is incorrect. Relevant information supports engagement
necessarily sufficient. observations and
Answer (B) is incorrect. An evaluation of the sufficiency of is consistent with engagement objectives.
information requires Answer (B) is incorrect. Useful information assists the organization
objective judgments. The “prudent, informed person” language states in meeting goals.
an Answer (C) is incorrect. Sufficient information is factual, adequate,
objectivity criterion. and convincing to
Answer (C) is correct. Sufficient information is factual, adequate, a prudent person.
and convincing Answer (D) is correct. Reliable information is the best attainable
so that a prudent, informed person would reach the same information through
conclusions as the the use of appropriate engagement techniques (Inter. Std. 2310). An
auditor (Inter. Std. 2310). Since the internal auditor must avoid original document
distortion by is the prime example of such information.
personal feelings, prejudices, or interpretations, this judgment must [672] Gleim #: 7.7.59
be objective. When sampling methods are used, the concept of sufficiency of
Answer (D) is incorrect. Whether the relationship between the information means
information and that the samples selected provide
Reasonable assurance that they are representative of the A. Answer (B) is incorrect. Competence is a characteristic of reliable
sampled population. information.
B. The best information that is reasonably obtainable. Answer (C) is incorrect. Relevant information supports engagement
Reasonable assurance that the information has a logical relationship observations.
to the Answer (D) is correct. Sufficient information is factual, adequate,
engagement objective. and convincing
C. so that a prudent, informed person would reach the same
D. Absolute assurance that a sample is representative of the conclusions as the
population. auditor (Inter. Std. 2310).
Answer (A) is correct. Sufficient information is factual, adequate, Gleim CIA Test Prep: Part 1 - Internal Audit Basics
and convincing (720 questions)
so that a prudent, informed person would reach the same Copyright 2013 Gleim Publications Inc. Page 370
conclusions as the Printed for Sanja Knezevic
auditor (Inter. Std. 2310). If properly designed and executed, a fb.com/ciaaofficial
statistical sample is [674] Gleim #: 7.7.61
representative of the sampled population. In an operational audit, the internal auditors discovered an increase
Answer (B) is incorrect. The best information reasonably obtainable in absenteeism.
is reliable Accordingly, the chief audit executive decided to identify information
information. about workforce
Answer (C) is incorrect. The logical relationship indicates relevance. morale. To achieve this engagement objective, the internal auditors
Answer (D) is incorrect. Cost-benefit considerations usually must understand
preclude absolute that
assurance. Morale cannot be A. reliably analyzed.
[673] Gleim #: 7.7.60 B. Only outcomes that are directly quantifiable can be reliably
Which of the following is an essential factor in evaluating the analyzed.
sufficiency of Reliable information may be obtained about morale factors such as
information? The information must job
A. Be well documented and cross-referenced in the working papers. satisfaction.
B. Be based on references that are considered competent. C.
Bear a direct relationship to the observation and include all of the D. Morale is always proportional to compensation.
elements of an Answer (A) is incorrect. Difficulty of analysis does not preclude
observation. reliability.
C. Answer (B) is incorrect. With proper engagement tools, even
D. Be convincing enough for a prudent person to reach the same emotional
decision. responses may be measured and analyzed reliably.
Answer (A) is incorrect. Documentation and cross-referencing are Answer (C) is correct. Reliable information is the best information
desirable but attainable
have no specific relationship to any of the characteristics of through the use of appropriate engagement techniques (Inter. Std.
information 2310). Such
(sufficiency, reliability, relevance, and usefulness).
information need not consist only of quantifiable outcomes, such as criteria or should work with management to develop such criteria.
rates of Answer (B) is incorrect. Failure to hire a person from a minority
workforce turnover and absenteeism. Reliable information may be group this year
identified about is irrelevant without knowing the total hires for the period.
such difficult-to-measure things as attitudes toward supervisors, Answer (C) is incorrect. An affirmative-action policy is clearly
other workers, auditable.
and compensation. For example, surveys may produce statistically Answer (D) is incorrect. This conclusion cannot be reached without
valid knowledge
information about job satisfaction. of the actual company policy.
Answer (D) is incorrect. According to research and common human Gleim CIA Test Prep: Part 1 - Internal Audit Basics
experience, (720 questions)
the availability of, for example, intrinsic awards (e.g., personal Copyright 2013 Gleim Publications Inc. Page 371
achievement) may Printed for Sanja Knezevic
offset a low level of extrinsic awards (e.g., compensation). [676] Gleim #: 7.7.63
[675] Gleim #: 7.7.62 Reliable evidence is best defined as evidence that
While testing a division’s compliance with company affirmative-action Is the A. best attainable.
policies, an B. Is obtained by observing people, property, and events.
auditor found that Is supplementary to other evidence already gathered and tends to
1. 5% of the employees are from minority groups. strengthen or
2. No one from a minority group has been hired in the past year. confirm it.
The most appropriate conclusion for the auditor to reach is that C.
A. Insufficient evidence exists of compliance with affirmative-action Proves an intermediate fact, or group of facts, from which still other
policies. facts can be
B. The division is violating the company’s policies. inferred.
C. The company’s policies cannot be audited and hence cannot be D.
enforced. Answer (A) is correct. Reliable information is the best information
With 5% of its employees from minority groups, the division is attainable
effectively through the use of appropriate engagement techniques (Inter. Std.
complying. 2310).
D. Information is reliable when the auditor’s results can be verified by
Answer (A) is correct. Sufficient information is factual, adequate, others.
and convincing Reliable information is also valid. It accurately represents the
so that a prudent, informed person would reach the same observed
conclusions as the phenomena. Information must be collected using reasonable efforts
auditor (Inter. Std. 2310). Without knowledge of guidelines for subject to
compliance, the such inherent limitations as the cost-benefit constraint. Accordingly,
auditor cannot draw a reasonable conclusion given the insufficiency internal
of the facts. auditors employ efficient methods, e.g., statistical sampling and
Hence, the auditor must determine whether management has analytical
established adequate auditing procedures.
Answer (B) is incorrect. Physical evidence is obtained by observing Answer (B) is correct. The bank deposits can be verified by
people, examining bank
property, and events. Physical evidence is not necessarily reliable. In statements obtained directly from the bank. Information obtained
fact, the from an independent
quality of reliability is more often associated with documentary source is usually more reliable than information secured solely within
evidence. the entity.
Answer (C) is incorrect. Corroborative evidence is supplementary to Moreover, it is obviously relevant to the issue of whether cash
other receipts are deposited
evidence already gathered and tends to strengthen or confirm it. intact. A reasonable internal auditor should judge that the comparison
Although of the
corroborative evidence may be reliable, much reliable evidence is organization’s records with independently obtained bank statements
primary rather is persuasive of
than supplementary. the proposition that cash receipts are not deposited intact. Thus, the
Answer (D) is incorrect. Circumstantial evidence proves an information is also
intermediate fact, or sufficient.
group of facts, from which still other facts can be inferred. Answer (C) is incorrect. The information is sufficient, reliable, and
Circumstantial relevant.
evidence is not necessarily reliable. Answer (D) is incorrect. The information is sufficient and reliable.
[677] Gleim #: 7.7.64 [678] Gleim #: 7.8.65
While performing an engagement relating to an organization’s cash What characteristic of information is satisfied by an original signed
controls, the document?
internal auditor observed that cash deposits are not deposited intact A. Sufficiency.
daily. A B. Reliability.
comparison of a sample of cash receipts lists revealed that each C. Relevance.
cash receipt list D. Usefulness.
equaled cash journal entry amounts but not daily bank deposits Answer (A) is incorrect. Sufficient information is factual, adequate,
amounts, and cash and
receipts list totals equaled bank deposit totals in the long run. This convincing. The information contained on the document may be none
information as of those
support for the internal auditor’s observations is things.
A. Sufficient but not reliable or relevant. Answer (B) is correct. Reliable information is the best information
B. Sufficient, reliable, and relevant. attainable
C. Not sufficient, reliable, or relevant. through the use of appropriate engagement techniques (Inter. Std.
D. Relevant but not sufficient or reliable. 2310). An
Gleim CIA Test Prep: Part 1 - Internal Audit Basics original document is the prime example of such information.
(720 questions) Answer (C) is incorrect. Relevance concerns the relationship of the
Copyright 2013 Gleim Publications Inc. Page 372 information
Printed for Sanja Knezevic to some objective of the engagement. No engagement objective is
fb.com/ciaaofficial disclosed in the
Answer (A) is incorrect. The information is reliable and relevant.
question. Thus, whether the information on the document is relevant Answer (C) is incorrect. The information is not sufficient. Hence, it
to the cannot be
investigation cannot be determined. conclusive. The inherent limitations of this engagement require that
Answer (D) is incorrect. Usefulness is achieved if the item helps the internal auditors
organization rely on information that is merely persuasive rather than convincing
(the internal auditor, in this case) to accomplish predetermined goals. beyond all doubt.
No such Answer (D) is correct. Sufficient information is factual, adequate,
goals are specified. and convincing so
[679] Gleim #: 7.8.66 that a prudent, informed person would reach the same conclusions
An internal auditor is evaluating the advertising function. The as the auditor
organization has (Inter. Std. 2310). Sufficiency is based on the internal auditor’s
engaged a medium-sized local advertising agency to place professional judgment
advertising in magazine as to the amounts, kinds, and persuasiveness of information
publications. As part of the review of the engagement working required. Testimony from
papers, the internal individuals who may be neither objective nor knowledgeable is
auditing supervisor is evaluating the information collected. The unlikely to be
internal auditor sufficient.
reviewed the language in the advertising for its legality and [680] Gleim #: 7.8.67
compliance with fair trade An internal auditor has set an engagement objective of determining
regulations by interviewing the organization’s advertising manager, whether all cash
the product receipts are deposited intact daily. To satisfy this objective, the
marketing director (who may not have been objective), and five of the internal auditor
organization’s interviewed the controller who gave assurances that all cash receipts
largest customers (who may not have been knowledgeable). The are deposited as
supervisor can soon as is reasonably possible. As information that can be used to
justifiably conclude that the information is satisfy the stated
A. Reliable. engagement objective, the controller’s assurances are
B. Irrelevant. Sufficient but not reliable A. or relevant.
C. Conclusive. B. Sufficient, reliable, and relevant.
D. Insufficient. C. Not sufficient, reliable, or relevant.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Relevant but not sufficient or reliable.
(720 questions) Answer (A) is incorrect. The information is not sufficient or reliable.
Copyright 2013 Gleim Publications Inc. Page 373 Answer (B) is incorrect. The information is relevant but not sufficient
Printed for Sanja Knezevic or reliable.
Answer (A) is incorrect. The advertising director and the product Answer (C) is incorrect. The information is relevant.
marketing director Answer (D) is correct. Internal auditors must identify sufficient,
are not objective. reliable, relevant,
Answer (B) is incorrect. The information is relevant but not and useful information to achieve engagement objectives (Perf. Std.
sufficient. 2310).
Relevant information supports engagement observations and requested, not sold.
recommendations Answer (B) is incorrect. This memorandum is an uncorroborated
and is consistent with the objectives for the engagement. Sufficient statement.
information is Answer (C) is incorrect. A/R records showing cash collections from
factual, adequate, and convincing so that a prudent, informed person the customer are
would reach less direct than the shipping document and invoice and provide only
the same conclusions as the auditor. Reliable information is the best circumstantial
information support regarding the validity of the sale.
attainable through the use of appropriate procedures (Inter. Std. Answer (D) is correct. Reliable information is the best information
2310). The attainable through
controller’s assurance is relevant because it pertains to the cash the use of appropriate engagement techniques (Inter. Std. 2310).
receipts. However, Information is
it lacks reliability because it was not obtained from an independent ordinarily more reliable if it is obtained from a source independent of
source. the client. The
Furthermore, the information is not sufficient because, by itself, it shipping document and invoice provide direct information that the
does not sale was made, and
provide a reasonable basis for a conclusion. the bill of lading is externally generated documentation that the
[681] Gleim #: 7.8.68 merchandise was
In deciding whether recorded sales are valid, which of the following shipped.
items of [682] Gleim #: 7.8.69
information is most reliable? The chief audit executive is reviewing some of the basic concepts
A. A copy of the customer’s purchase order. inherent in the
A memorandum from the director of the shipping department stating performance of an engagement with three internal auditors who are
that another on a rotation
employee verified the personal delivery of the merchandise to the assignment. After 6 months in the internal audit activity, they will
customer. move back to line
B. positions. Each of them has fairly extensive organizational
C. Accounts receivable records showing cash collections from the experience and is on a fast
customer. track to a high-level management line position. To develop their
The shipping document, independent bill of lading, and the invoice analytical decisionmaking
for the abilities, the CAE pulls some old engagement working papers,
merchandise. holding back
D. the review notes and clearing comments. The CAE asks the team to
Gleim CIA Test Prep: Part 1 - Internal Audit Basics indicate the
(720 questions) informational criteria that are violated. During the planning stage of
Copyright 2013 Gleim Publications Inc. Page 374 an engagement,
Printed for Sanja Knezevic the internal auditor made an on-site observation of the vehicle
fb.com/ciaaofficial maintenance
Answer (A) is incorrect. The customer’s purchase order only proves department and included the following statement in a memorandum
that the item was summary of the
results: The chief audit executive is reviewing some of the basic concepts
“We noted that several maintenance garages were deteriorating inherent in the
badly. Fencing around performance of an engagement with three internal auditors who are
the property was in need of repair.” on a rotation
Which of the following informational criteria, if any, is violated? assignment. After 6 months in the internal audit activity, they will
A. Sufficiency. move back to line
B. Reliability. positions. Each of them has fairly extensive organizational
C. Relevance. experience and is on a fast
D. No criteria are violated. track to a high-level management line position. To develop their
Answer (A) is incorrect. The sufficiency criterion has not been analytical decisionmaking
violated. Physical abilities, the CAE pulls some old engagement working papers,
observation by the internal auditor is sufficient to determine holding back
deterioration and the review notes and clearing comments. The CAE asks the team to
need for repairs. indicate the
Answer (B) is incorrect. The reliability criterion has not been informational criteria that are violated. The organization’s inventories
violated. On-site are under the
observation is an appropriate technique to determine deterioration administration of three production managers. The internal auditors
and needed perform a standard
repairs. limited test of finished goods inventory balances every year. During
Answer (C) is incorrect. The relevance criterion has not been this year’s
violated. The engagement concerning inventories, the internal auditors noted
information obtained by the internal auditor supports observations finished goods
about the inventories were abnormally high, sales were consistent with prior
physical condition of the department. years, and returns
Answer (D) is correct. The observations made about the vehicle and allowances appeared normal. The internal auditors performed
maintenance the usual random
department contain sufficient information (factual, adequate, and sample recount of several finished goods inventory cards without
convincing so discrepancy and then
that a prudent, informed person would reach the same conclusions) extended the testing to include 10 raw materials and 10 work-in-
that is reliable process cards, noting
(the best attainable through the use of appropriate engagement no exceptions. The following statement was included in the
techniques) and engagement working
relevant (supports engagement observations and recommendations papers:
and is “Our standard test of finished goods inventories revealed no
consistent with the objectives for the engagement) (Inter. Std. 2310). exceptions to the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics inventory count. We extended our tests this year to include both raw
(720 questions) materials and
Copyright 2013 Gleim Publications Inc. Page 375 work-in-process without exception. At the time of our engagement,
Printed for Sanja Knezevic the supervising
[683] Gleim #: 7.8.70
inventory managers were not available; however, the division assignment. After 6 months in the internal audit activity, they will
secretary indicated that move back to line
performance standards were on file. It appears that there is adequate positions. Each of them has fairly extensive organizational
awareness and experience and is on a fast
understanding of the performance standards.” track to a high-level management line position. To develop their
Which of the following informational criteria is not violated? analytical decisionmaking
A. Sufficiency. abilities, the CAE pulls some old engagement working papers,
B. Reliability. holding back
C. Relevance. the review notes and clearing comments. The CAE asks the team to
D. All criteria are violated. indicate the
Answer (A) is incorrect. The criterion of sufficiency has been informational criteria that are violated. The organization is required to
violated. comply with
Answer (B) is incorrect. The criterion of reliability has been violated. certain specific standards related to environmental issues. One of
Answer (C) is incorrect. The criterion of relevance has been these standards
violated. requires that certain hazardous chemicals be placed in certified
Answer (D) is correct. The conclusion violates the criteria of containers for
sufficiency, shipment to a governmental disposal site. The container must bear
reliability, and relevance. The sufficiency criterion is violated because an inspection seal
recounting signed within the last 90 days by a governmental inspector. Based on
several inventory items is insufficient given the abnormally high the following
inventory. The tests, the internal auditor concluded that the organization was in
reliability criterion is violated because the performance standard compliance for the
information is engagement period:
not the best attainable. The internal auditors should interview Determine from each chemical loading supervisor that compliance
inventory managers requirements
to determine their awareness and understanding of the performance are understood.
standards. The I.
relevance criterion is violated because the information related to raw Inspect sealed containers for evidence II. of leakage.
materials and III. Ask chemical loading personnel about procedures performed.
work-in-process does not pertain to the finished goods inventory. Which of the following informational criteria, if any, is violated?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. Sufficiency.
(720 questions) B. Reliability.
Copyright 2013 Gleim Publications Inc. Page 376 C. Relevance.
Printed for Sanja Knezevic D. No criteria are violated.
fb.com/ciaaofficial Answer (A) is correct. Sufficient information is factual, adequate,
[684] Gleim #: 7.8.71 and convincing
The chief audit executive is reviewing some of the basic concepts so that a prudent, informed person would reach the same
inherent in the conclusions as the
performance of an engagement with three internal auditors who are internal auditor (Inter. Std. 2310). These tests are insufficient
on a rotation because the internal
auditor did not determine that each container had an inspection seal Direct observation of various advertising 2. media used
signed within 3. Review of a marketing survey of general public reaction to the
the last 90 days. marketing plan
Answer (B) is incorrect. The information is reliable. It is the best Which of the following informational criteria, if any, is violated?
information A. Sufficiency.
attainable through the use of appropriate engagement techniques. B. Reliability.
Answer (C) is incorrect. The information is relevant. It supports C. Relevance.
engagement D. No criteria are violated.
observations and recommendations and is consistent with the Answer (A) is incorrect. The sufficiency criterion has not been
objectives for the violated. The
engagement. analytical comparison, direct observation, and review of the market
Answer (D) is incorrect. The sufficiency criterion was violated. survey
Gleim CIA Test Prep: Part 1 - Internal Audit Basics provide sufficient information about the effectiveness and validity of
(720 questions) expenditures.
Copyright 2013 Gleim Publications Inc. Page 377 Answer (B) is incorrect. The reliability criterion has not been
Printed for Sanja Knezevic violated. Analysis,
[685] Gleim #: 7.8.72 observation, and review by the internal auditors are all methods of
The chief audit executive is reviewing some of the basic concepts obtaining
inherent in the competent information.
performance of an engagement with three internal auditors who are Answer (C) is incorrect. The relevance criterion has not been
on a rotation violated. The
assignment. After 6 months in the internal audit activity, they will analytical comparisons, direct observations, and review of the
move back to line marketing survey
positions. Each of them has fairly extensive organizational are all types of information pertinent to the evaluation of the
experience and is on a fast marketing
track to a high-level management line position. To develop their expenditures.
analytical decisionmaking Answer (D) is correct. The identified information is sufficient (factual,
abilities, the CAE pulls some old engagement working papers, adequate,
holding back and convincing so that a prudent, informed person would reach the
the review notes and clearing comments. The CAE asks the team to same
indicate the conclusions), reliable (the best attainable through the use of
informational criteria that are violated. In an engagement to evaluate appropriate
the effectiveness engagement techniques), and relevant (supports engagement
and validity of a subsidiary’s marketing expenditures, the internal observations and
auditors identified recommendations and is consistent with the objectives for the
the following information: engagement)
Analytical comparisons of advertising expenditures and changes in (Inter. Std. 2310).
shopping Gleim CIA Test Prep: Part 1 - Internal Audit Basics
patterns and item sales (720 questions)
1. Copyright 2013 Gleim Publications Inc. Page 378
Printed for Sanja Knezevic Answer (B) is incorrect. The reliability criterion has not been
fb.com/ciaaofficial violated, although
[686] Gleim #: 7.8.73 the sufficiency criterion has been violated.
The chief audit executive is reviewing some of the basic concepts Answer (C) is incorrect. Although the relevance criterion has been
inherent in the violated, the
performance of an engagement with three internal auditors who are reliability criterion has not been violated.
on a rotation Answer (D) is incorrect. The sufficiency and relevance criteria have
assignment. After 6 months in the internal audit activity, they will been
move back to line violated.
positions. Each of them has fairly extensive organizational [687] Gleim #: 7.8.74
experience and is on a fast Management is investigating the acquisition of an upgraded version
track to a high-level management line position. To develop their of the existing
analytical decisionmaking client-server system to increase the system’s capacity. Management
abilities, the CAE pulls some old engagement working papers, has requested that
holding back the internal auditor perform an operational engagement to determine
the review notes and clearing comments. The CAE asks the team to the efficiency of
indicate the the existing computer processing resource. What is the most relevant
informational criteria that are violated. In an engagement performed source of
at the information to meet the engagement objective?
organization’s real estate development subsidiary, the engagement A. A survey of current user satisfaction.
objective was to A review of computer job log records, listings of scheduled jobs, and
determine that capitalized land improvements had been assigned computer
equally to all down-time.
developed lots. The internal auditors identified the following B.
information: C. A comparison of server capacity with desktop computer capacity.
Independent appraisals 1. of all lot values D. A detailed analysis of hard drive growth over the last 3 years.
2. Sales records for similar subdivision lots Gleim CIA Test Prep: Part 1 - Internal Audit Basics
3. An analysis of market values of each lot (720 questions)
Which of the following informational criteria, if any, are violated? Copyright 2013 Gleim Publications Inc. Page 379
A. Sufficiency and relevance. Printed for Sanja Knezevic
B. Reliability and sufficiency. Answer (A) is incorrect. User satisfaction surveys are subjective and
C. Relevance and reliability. are not directly
D. No criteria are violated. related to efficient use of the hardware resources.
Answer (A) is correct. The conclusion violates the criteria of Answer (B) is correct. Reviewing job logs, job schedules, and
sufficiency and documentation of
relevance. The sufficiency criterion is violated because information computer down-time provides an objective record of actual hardware
about cost usage. The
allocation is missing. The relevance criterion is violated because the internal auditor may also wish to consider such matters as
information percentage usage of the
identified does not pertain to the objective.
CPU by time of day, the number of online transactions per hour by D. Records of inventories stored at off-site locations.
time of day, Gleim CIA Test Prep: Part 1 - Internal Audit Basics
average and peak response times by time of day, and average and (720 questions)
peak batch job Copyright 2013 Gleim Publications Inc. Page 380
turnaround time by time of day. Printed for Sanja Knezevic
Answer (C) is incorrect. This comparison does not address the fb.com/ciaaofficial
engagement objective. Answer (A) is incorrect. Although informative, monthly gross profit
Answer (D) is incorrect. The growth of hard drive use only and inventory
addresses a portion of the levels have no bearing on legal ownership.
engagement objective. Answer (B) is incorrect. Purchase orders represent a commitment to
[688] Gleim #: 7.8.75 purchase, not
In testing the write-off of a deteriorated piece of equipment, the best legal ownership.
information about Answer (C) is correct. Mere possession of inventory does not signify
the condition of the equipment is that another
The equipment manager’s statement regarding A. condition. party does not have a claim to it. For example, the inventory may be
B. Accounting records showing maintenance and repair costs. held on
C. A physical inspection of the actual piece of equipment. consignment. Payment of vendor invoices is the culmination of the
D. The production department’s equipment downtime report. purchases-payables
Answer (A) is incorrect. The equipment manager’s statement cycle. The paid invoice evidences the purchaser’s ownership of the
regarding inventory.
condition, standing alone, is not conclusive. Answer (D) is incorrect. Records of inventories stored at off-site
Answer (B) is incorrect. Accounting records are less persuasive locations verify the
than the internal existence of the inventory, not legal ownership.
auditor’s direct observation. [690] Gleim #: 7.9.77
Answer (C) is correct. The most reliable form of engagement During interviews with the inventory management personnel, an
information is that internal auditor
obtained through the internal auditor’s direct experience. Thus, a learned that salespersons often order inventory for stock without
physical receiving the
inspection provides the best information about the current condition approval of the vice president of sales. Also, detail testing showed
of equipment. that there are no
Answer (D) is incorrect. Internal reports are less persuasive than the written approvals on purchase orders for replacement parts. The
internal results of detail
auditor’s direct observation. testing are a good example of
[689] Gleim #: 7.8.76 Indirect A. information.
The most reliable information an internal auditor can assess when B. Circumstantial information.
determining an C. Corroborative information.
organization’s legal title to inventories is D. Subjective information.
A. Monthly gross profit and inventory levels. Answer (A) is incorrect. Detail testing provides direct information
B. Purchase orders. that the
C. Paid vendor invoices.
approvals were not received. Indirect information establishes physical existence, subsequent events, subsidiary records, and
immediately related testimony by the
facts from which the main fact may be inferred. engagement client and third parties. Oral or written statements (e.g.,
Answer (B) is incorrect. Circumstantial information tends to prove a letters to the
fact by internal auditor) derived from inquiries or interviews are testimonial
proving other events or circumstances that afford a basis for a information.
reasonable Answer (C) is incorrect. Documentary information exists in some
inference of the occurrence of the fact. Thus, it is also indirect permanent form,
information. such as checks, invoices, shipping records, receiving reports, and
Answer (C) is correct. Corroborative information is evidence from a purchase orders. It
different includes both external information, e.g., bills of lading received by the
source that supplements and confirms other information. For engagement
example, oral client from common carriers, and documents originating within the
testimony that a certain procedure was not performed may be engagement
corroborated by the client’s organization.
absence of documentation. Answer (D) is incorrect. Analytical information is derived from the
Answer (D) is incorrect. Subjective information is opinion-oriented study and
and is not comparison of relationships among data.
dependable for reaching engagement conclusions. No subjective [692] Gleim #: 7.9.79
information is The chief audit executive is reviewing the working papers produced
present in this situation. by an internal
[691] Gleim #: 7.9.78 auditor during a fraud investigation. Among the items contained in
A letter to the internal auditor in response to an inquiry is an example the working papers
of which type of is a description of an item of physical information. Which of the
information? following is the most
A. Physical. probable source of this item of information?
B. Testimonial. Observing A. conditions.
C. Documentary. B. Interviewing people.
D. Analytical. C. Examining records.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. Computing variances.
(720 questions) Answer (A) is correct. Physical information results from the
Copyright 2013 Gleim Publications Inc. Page 381 verification of the
Printed for Sanja Knezevic actual existence of things, activities, or individuals by observation,
Answer (A) is incorrect. Physical information results from the inspection, or
verification of the count. It may take the form of photographs, maps, charts, or other
actual existence of something by observation, inspection, or count. depictions.
Answer (B) is correct. Information may consist of authoritative Answer (B) is incorrect. Interviewing produces testimonial
documentation, information.
calculations by the internal auditor, internal control, interrelationships Answer (C) is incorrect. The examination of records requires
among the data, documentary
information and produces analytical information. A page of the internal auditor’s working papers containing the
Answer (D) is incorrect. Computations and verifications lead to computations that
analytical demonstrate the existence of an error or irregularity.
information. D.
[693] Gleim #: 7.9.80 Answer (A) is incorrect. Photographic information is physical.
An internal auditor takes a photograph of the engagement client’s Answer (B) is incorrect. Statements received in response to
workplace. The inquiries or
photograph is a form of what kind of information? interviews are testimonial.
A. Physical. Answer (C) is correct. Documentary information exists in some
B. Testimonial. permanent form,
C. Documentary. such as checks, invoices, shipping records, receiving reports, and
D. Analytical. purchase orders.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics It includes both external information, e.g., shipping documents
(720 questions) provided by
Copyright 2013 Gleim Publications Inc. Page 382 carriers, and documents originating within the engagement client’s
Printed for Sanja Knezevic organization.
fb.com/ciaaofficial Answer (D) is incorrect. The study and comparison of relationships
Answer (A) is correct. Physical information results from the among data
verification of the actual results in analytical information.
existence of things, activities, or individuals by observation, [695] Gleim #: 7.9.82
inspection, or count. It The internal auditor for a construction contractor finds materials costs
may take the form of photographs, maps, charts, or other depictions. increasing as a
Answer (B) is incorrect. Testimonial information consists of oral or percentage of billings and suspects that materials billed to the
written organization are being
statements derived from inquiries or interviews. delivered to another contractor. What type of information will best
Answer (C) is incorrect. Documentary information consists of letters, enable the internal
memoranda, auditor to determine whether erroneous billings occurred?
invoices, shipping and receiving reports, etc. A. Documentary.
Answer (D) is incorrect. Analytical information is derived from a B. Physical examination.
study and C. Confirmation.
comparison of the relationships among data. D. Analytical.
Which of the following is an example of documentary information? (720 questions)
A photograph of an engagement A. client’s workplace. Copyright 2013 Gleim Publications Inc. Page 383
B. A letter from a former employee alleging a fraud. Printed for Sanja Knezevic
A page of the general ledger containing irregularities placed there by Answer (A) is correct. Documentary information exists in some
the permanent form, such
perpetrator of a fraud. as checks, invoices, shipping records, receiving reports, and
C. purchase orders. It
includes both external information, e.g., shipping documents Answer (B) is correct. Analytical information obtained by determining
provided by carriers, and employee
documents originating within the engagement client’s organization. participation in optional programs is the most persuasive. Actual
By matching participation
invoices received from vendors with receiving documents prepared requires an affirmative act that strongly suggests a positive employee
by organizational evaluation
personnel, the nonreceipt of items billed to the organization can be of a program.
detected. Also, the Answer (C) is incorrect. Employee participation ratios are more
invoices received may well indicate that delivery was made to an persuasive than
address other than the personnel director’s testimony about employee satisfaction.
the organization’s storage area or a construction site. Answer (D) is incorrect. The effectiveness of the means of
Answer (B) is incorrect. Physical examination is not usually communicating
possible. The materials information about the programs is not relevant to employee
will not be available at the organization’s premises. satisfaction.
Answer (C) is incorrect. Testimonial information obtained through [697] Gleim #: 7.9.84
confirmation is In an engagement to review travel expenses, the internal auditor
unlikely to be helpful. The supplier will confirm shipment of goods calculates average
and the amount of expenses per day traveled for all sales personnel and then examines
the invoice but will not report the delivery address. detailed receipts
Answer (D) is incorrect. Analytical procedures are not likely to be for those with high averages. These procedures represent the
effective unless identification of which
budgets were very carefully developed, all conditions remained types of information?
virtually constant, and A. Documentary and physical.
the amounts were relatively large. B. Analytical and physical.
[696] Gleim #: 7.9.83 C. Documentary and analytical.
During an engagement to review the personnel function, an internal D. Physical and testimonial.
auditor notes that Gleim CIA Test Prep: Part 1 - Internal Audit Basics
there are several employee benefit programs and that participation in (720 questions)
some of the Copyright 2013 Gleim Publications Inc. Page 384
programs is optional. Which of the following is the best information Printed for Sanja Knezevic
for assessing the fb.com/ciaaofficial
acceptability of various benefit programs to employees? Answer (A) is incorrect. The information is documentary but not
Discuss satisfaction levels with program A. participants. physical.
B. Evaluate program participation ratios and their trends. Answer (B) is incorrect. The information is analytical but not
C. Discuss satisfaction levels with the director of personnel. physical.
D. Evaluate methods used to make employees aware of available Answer (C) is correct. Documentary information includes accounting
program options. records,
Answer (A) is incorrect. Responses from participants, by definition, outgoing correspondence, receiving reports, etc. Analytical
do not information results from
include testimony by nonparticipants.
analysis and verification and includes computations and When evaluating the propriety of a payment to a consultant, the most
comparisons. The travel appropriate
expense receipts are documentary information. The calculations of information for the internal auditor to obtain and review is
average travel A. Oral information in the form of opinions of operating management.
expenses are analytical information. B. Documentary information in the form of a contract.
Answer (D) is incorrect. The information is neither physical nor Analytical information in the form of comparisons with prior years’
testimonial. expenditures
[698] Gleim #: 7.9.85 on consultants.
An internal auditor arrived at the conclusion that the segregation of C.
duties in the D. Physical information in the form of the consultant’s report.
counting and recording of cash receipts was adequate. What type of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
information is (720 questions)
this? Copyright 2013 Gleim Publications Inc. Page 385
A. Analytical. Printed for Sanja Knezevic
B. Documentary. Answer (A) is incorrect. Oral information tends to be less reliable
C. Physical. than information in
D. Testimonial. some permanent form.
Answer (A) is correct. Analytical information is drawn from the Answer (B) is correct. A contract is a document that formalizes an
consideration of agreement between
the interrelationships among data or, in the case of the control, the the parties. It provides persuasive information that the payment was
particular properly
policies and procedures of which it is composed. Analysis produces authorized.
circumstantial Answer (C) is incorrect. Comparisons with prior years’ payments
information in the form of inferences or conclusions based on may be invalid if
examining the circumstances have changed.
components as a whole for consistencies, inconsistencies, cause- Answer (D) is incorrect. The report indicates that some work was
and-effect done but not that
relationships, relevant and irrelevant items, etc. the payment was authorized or in the appropriate amount.
Answer (B) is incorrect. Documentary information exists in some [700] Gleim #: 7.9.87
permanent The most reliable forms of documentary evidence are those
form, such as checks, invoices, shipping records, receiving reports, documents that are
and purchase A. Prenumbered.
orders. B. Internally generated.
Answer (C) is incorrect. Physical information consists of the internal C. Easily duplicated.
auditor’s D. Authorized by a responsible official.
direct observation and inspection, e.g., of the counting of inventory. Answer (A) is incorrect. The use of prenumbered and sequentially
Answer (D) is incorrect. Testimonial information is provided by the issued
statements of documents is an effective control, but such documents may be
engagement client personnel and others. accessible to an
[699] Gleim #: 7.9.86 employee who is perpetrating fraud.
Answer (B) is incorrect. Internally generated documents are not the (720 questions)
most reliable Copyright 2013 Gleim Publications Inc. Page 386
among the choices. Printed for Sanja Knezevic
Answer (C) is incorrect. Ease of duplication would tend to reduce fb.com/ciaaofficial
rather than [702] Gleim #: 7.10.89
increase reliability of a document. To verify the proper value of costs charged to real property records
Answer (D) is correct. Externally generated documents are deemed for improvements
to be more to the property, the best source of information is
reliable than those produced by the auditee. However, the Inspection by the internal auditor of real property A. improvements.
evidentiary value of the A letter signed by the real property manager asserting the propriety
latter is enhanced if they are subject to effective control. Accordingly, of costs
authorization by an appropriate party lends credibility to a document incurred.
because it B.
increases the probability that the underlying transaction is valid. C. Original invoices supporting entries into the accounting records.
[701] Gleim #: 7.9.88 D. Comparison of billed amounts with contract estimates.
The most likely source of information indicating employee theft of Answer (A) is incorrect. An inspection confirms that the
inventory is improvements were
A. Physical inspection of the condition of inventory items on hand. made, not their cost.
B. A warehouse employee’s verbal charge of theft. Answer (B) is incorrect. Records or documents generated internally
C. Differences between an inventory count and perpetual inventory are less
records. reliable than those produced externally.
D. Accounts payable transactions vouched to inventory receiving Answer (C) is correct. To verify real property costs, the best method
reports. of obtaining
Answer (A) is incorrect. Physical inspection of items on hand does engagement information is to examine records. Records originating
not disclose outside the
shortages or indicate theft. engagement client, such as original invoices, are much more reliable
Answer (B) is correct. Testimonial information may not be conclusive than internal
and should documents or engagement client testimony. Also, these invoices
be supported by other forms of information whenever possible. support actual
However, it may accounting record entries.
provide a lead not indicated by other procedures. Answer (D) is incorrect. A comparison of billed amounts with
Answer (C) is incorrect. Differences between inventory counts and contract estimates
perpetual measures the reasonableness of costs but is less persuasive than
records are normal and, by themselves, do not indicate theft. original invoices
Answer (D) is incorrect. Vouching transactions from accounts supporting entries into the accounting records.
payable to [703] Gleim #: 7.10.90
receiving reports provides no information about a shortage or theft Ordinarily, what source of information should most affect the internal
arising after auditor’s
receipt of the goods. conclusions?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. External.
B. Inquiry. Answer (B) is incorrect. The information is also internal and not
C. Oral. sufficient.
D. Informal. Answer (C) is incorrect. The information is not sufficient to
Answer (A) is correct. External information is ordinarily more reliable determine the cause.
than the Answer (D) is correct. The organization employs an external
other types of information listed because it is generated from sources inventory service
independent and internal personnel for data entry and balancing, so the sources
of the engagement client. The internal auditor should select the of information
strongest are both external and internal. However, the information is not
information available to support engagement observations, sufficient to
conclusions, and determine the cause of the shortages. Sufficient information is
recommendations. factual, adequate,
Answer (B) is incorrect. Information derived from inquiries is and convincing so that a prudent, informed person would reach the
ordinarily less same
reliable than external information. conclusions as the internal auditor (Inter. Std. 2310). The documents
Answer (C) is incorrect. Oral information is ordinarily less reliable reviewed
than external will not reveal the cause of the shortages.
information. [705] Gleim #: 7.10.92
Answer (D) is incorrect. Informal information is ordinarily less During an investigation of unexplained inventory shrinkage, an
reliable than internal auditor is
external information. testing inventory additions as recorded in the perpetual inventory
Gleim CIA Test Prep: Part 1 - Internal Audit Basics records. Because of
(720 questions) internal control weaknesses, the information recorded on receiving
Copyright 2013 Gleim Publications Inc. Page 387 reports may not be
Printed for Sanja Knezevic reliable. Under these circumstances, which of the following
[704] Gleim #: 7.10.91 documents provides the
An internal auditor’s objective is to determine the cause of inventory best information about additions to inventory?
shortages shown A. Purchase orders.
by the physical inventories taken by an independent service B. Purchase requisitions.
organization that used C. Vendors’ invoices.
some engagement client personnel. The internal auditor addresses D. Vendors’ statements.
this objective by Answer (A) is incorrect. The quantity ordered may not equal the
reviewing the count sheets, inventory printouts, and memos from the quantity shipped
last inventory. by the vendor.
The source of information and the sufficiency of this information are Answer (B) is incorrect. The quantity requested in a purchase
Internal A. and not sufficient. requisition may not
B. External and sufficient. equal the quantity shipped by the vendor as a result of modification
C. Both external and internal and sufficient. by the
D. Both external and internal and not sufficient. purchasing department or vendor stockouts.
Answer (A) is incorrect. The information is also external.
Answer (C) is correct. The vendors’ invoice confirms that the proper relevant source of information about environmental violations. This
amount due externally
has been recorded. A vendor’s invoices provide the best source of generated documentation and the engagement client’s responses
information thereto may
about additions to inventory. Vendors’ invoices provide an external indicate a significant loss exposure for the engagement client.
source of Answer (D) is incorrect. External auditors do not have ready access
information regarding shipments to the engagement client. These to the needed
amounts should information.
be equal to quantities added to inventory (after possible adjustment [707] Gleim #: 7.10.94
for items The most conclusive information to support supplier account
returned to the vendor because of damage, etc.). balances is obtained by
Answer (D) is incorrect. Vendors’ statements normally list only the A. Reviewing the vendor statements obtained from the accounts
invoice payable clerk.
number, date, and total. They do not list invoice detail such as B. Obtaining confirmations of balances from the suppliers.
quantities shipped. C. Performing analytical account analysis.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Interviewing the accounts payable manager to determine the internal
(720 questions) controls
Copyright 2013 Gleim Publications Inc. Page 388 maintained over accounts payable processing.
fb.com/ciaaofficial Answer (A) is incorrect. Vendor statements obtained from the
[706] Gleim #: 7.10.93 accounts payable
In engagement planning, internal auditors should review all relevant clerk may be inaccurate, purposely misstated, or prepared for
information. nonexisting vendors.
Which of the following sources of information would most likely help Answer (B) is correct. Confirmation has the advantage of obtaining
identify information
suspected violations of environmental regulations? from sources external to the entity. Information from external sources
Discussions with operating A. executives. provides
B. Review of trade publications. greater assurances of reliability than information from sources within
C. Review of correspondence the entity has conducted with the entity.
governmental agencies. Answer (C) is incorrect. Analytical account analysis is effective for
Discussions conducted with the external auditors in coordinating identifying
engagement circumstances that require additional consideration.
efforts. Answer (D) is incorrect. Interviewing an employee provides oral, or
D. testimonial,
Answer (A) is incorrect. Operating management is a possibly biased information, which is inherently less reliable than information
source. obtained from
Answer (B) is incorrect. This source is not sufficiently specific. independent sources.
Answer (C) is correct. Correspondence from regulators is likely to be [708] Gleim #: 7.10.95
a valid and A set of engagement working papers contained a copy of a
document providing
information that an expensive item that had been special-ordered D. Examination of the account balances contained in general and
was actually on hand subsidiary ledgers.
on a particular date. The most likely source of this information is a Answer (A) is correct. First-hand observation by the auditor is more
printout from a persuasive
computerized than analytical reviews performed, client-prepared records examined
A. Purchases journal. by the
B. Cash payments journal. auditor, or interviews with client personnel.
C. Perpetual inventory file. Answer (B) is incorrect. Items purchased may no longer be present
D. Receiving report file. in the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics department being reviewed, even though they were originally
(720 questions) purchased for that
Copyright 2013 Gleim Publications Inc. Page 389 department.
Printed for Sanja Knezevic Answer (C) is incorrect. Interviews are useful in gaining insight into
Answer (A) is incorrect. The purchases journal indicates when the operations
item was ordered and understanding exceptions but are not sufficient.
but not whether it was still on hand at a specific later date. Answer (D) is incorrect. Ledger balances may not indicate whether
Answer (B) is incorrect. The cash payments journal indicates when assets have
the item was paid been moved or stolen.
for but not whether it was still on hand at a specific later date. [710] Gleim #: 7.11.97
Answer (C) is correct. In a perpetual inventory system, purchases Which of the following types of tests is the most persuasive if an
are directly recorded internal auditor
in the inventory account, and cost of goods sold is determined as the wants assurance of the existence of inventory stored in a
goods are sold. A warehouse?
computerized perpetual inventory file has a record of each debit or Examining the shipping documents that support recorded transfers to
credit transaction and from the
with its date, amount, etc., and the inventory balance for any given warehouse.
date could therefore A.
be determined. B. Obtaining written confirmation from management.
Answer (D) is incorrect. The receiving report indicates when the C. Physically observing the inventory in the warehouse.
item was received D. Examining warehouse receipts contained in the engagement
but not whether it was still on hand at a specific later date. client’s records.
Which of the following techniques is most likely to result in sufficient (720 questions)
information Copyright 2013 Gleim Publications Inc. Page 390
with regard to an engagement to review the quantity of fixed assets Printed for Sanja Knezevic
on hand in a fb.com/ciaaofficial
particular department? Answer (A) is incorrect. Shipping documents are not as reliable as
Physical A. observation. personal
B. Analytical review of purchase requests and subsequent invoices. knowledge.
C. Interviews with department management.
Answer (B) is incorrect. Testimonial information is not as reliable as information. The information was generated internally but passed
personal through
knowledge. outsiders who confirmed it (honored the check) before sending it
Answer (C) is correct. Direct knowledge obtained through the directly to the
internal auditor’s internal auditor. Such information is very persuasive.
physical observation is the most reliable information about the Answer (C) is incorrect. Internal information is less persuasive than
existence of the external
inventory. information.
Answer (D) is incorrect. Warehouse receipts are not as reliable as Answer (D) is incorrect. The invoice is external information of debt
personal but not of
knowledge. payment. The information concerning payment is internal and not
[711] Gleim #: 7.11.98 persuasive. A
Documents provide information with differing degrees of reference to a check is not as reliable as the check itself.
persuasiveness. If the [712] Gleim #: 7.11.99
engagement objective is to obtain information that payment has An internal auditor at a savings and loan association concludes that
actually been made for a secured real
a specific invoice from a vendor, which of the following documents estate loan is collectible. Which of the following engagement
ordinarily is the procedures provides the
most persuasive? most persuasive information about the loan’s collectibility?
An entry in the engagement client’s cash disbursements journal A. Confirming the loan balance with the borrower.
supported by a B. Reviewing the loan file for proper authorization by the credit
voucher package containing the vendor’s invoice. committee.
A. C. Examining documentation of a recent, independent appraisal of
A canceled check, made out to the vendor and referenced to the the real estate.
invoice, included D. Examining the loan application for appropriate borrowers’
in a cutoff bank statement that the internal auditor received directly signatures.
from the bank. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. (720 questions)
An accounts payable subsidiary ledger that shows payment C. of the Copyright 2013 Gleim Publications Inc. Page 391
invoice. Printed for Sanja Knezevic
D. A vendor’s original invoice stamped “PAID” and referenced to a Answer (A) is incorrect. A confirmation provides information about a
check number. loan’s
Answer (A) is incorrect. The engagement client either has initiated existence, not its collectibility.
or had an Answer (B) is incorrect. Information about the loan’s authorization is
opportunity to alter the voucher and the invoice. not relevant to
Answer (B) is correct. A canceled check included in a cutoff bank its collectibility.
statement Answer (C) is correct. Real estate appraisals are based on
received directly from the bank provides external as well as internal estimated resale value or
documentary future cash flows. A recent, independent appraisal provides
information about the
borrower’s ability to repay the loan. Such an appraisal tends to be Gleim CIA Test Prep: Part 1 - Internal Audit Basics
reasonably reliable (720 questions)
because it is timely and derives from an expert source independent Copyright 2013 Gleim Publications Inc. Page 392
of the engagement Printed for Sanja Knezevic
client. fb.com/ciaaofficial
Answer (D) is incorrect. The validity of the loan is not relevant to the Answer (A) is incorrect. An unsubstantiated response to an inquiry
borrower’s of management is
ability to repay the loan. usually considered the least persuasive information.
[713] Gleim #: 7.11.100 Answer (B) is incorrect. Observation of procedures for acquisition
The most persuasive information regarding the asset value of newly would not be as
acquired persuasive as examination of the asset.
computers is Answer (C) is correct. Information is considered more or less
Inquiry A. of management. persuasive depending
B. Observation of engagement client’s procedures. on the engagement client’s degree of control. The following is a
C. Physical examination. hierarchy from most
D. Documentation prepared externally. persuasive to least persuasive: internal auditor’s examination and
Answer (A) is incorrect. An unsubstantiated response to an inquiry observation,
of externally developed information, internally developed information,
management ordinarily yields the least persuasive information. and oral
Answer (B) is incorrect. Observation of procedures for acquisition information from the client. Thus, the most persuasive information
would not be about the existence
as persuasive as documents showing the cost of the asset. assertion for a new asset is physical examination.
Answer (C) is incorrect. Physical examination of the asset reveals Answer (D) is incorrect. Documentation is less relevant to the
only limited existence assertion than
information as to the asset’s value. physical examination.
Answer (D) is correct. Information is considered more or less [715] Gleim #: 7.11.102
persuasive Which of the following represents the general order of
depending on how much control the engagement client has over it. persuasiveness, from most to
The most least, for the types of information listed below?
persuasive information relevant to the valuation assertion is Inquiry I. of management
documentation that is II. Observation of engagement client’s procedures
prepared externally. III. Physical examination
[714] Gleim #: 7.11.101 IV. Documentation prepared externally
The most persuasive information about the existence of newly A. III, II, IV, I.
acquired computers for B. IV, I, II, III.
the sales department is C. II, IV, I, III.
A. Inquiry of management. D. IV, III, I, II.
B. Observation of engagement client’s procedures. Answer (A) is correct. An auditor’s physical examination provides
C. Physical examination. the most
D. Documentation prepared externally.
persuasive form of evidence. First-hand observation by the auditor of may have evolved over time.
client Answer (B) is correct. The physical inspection of an engagement
personnel performing procedures is the next most persuasive. client’s facilities,
Information records, and processing steps is the most persuasive information.
originating from a third party is less persuasive than information The internal auditor
personally reviews actual documents and determines what personnel actually
gathered by the auditor but more persuasive than information do with them.
originating with the Answer (C) is incorrect. The program flowchart excludes manual
client. Oral information from the client is the least convincing. processing steps.
Answer (B) is incorrect. The internal auditor’s physical examination Answer (D) is incorrect. The treasurer may not know how the
(III) and specific clerical
observation (II) are more persuasive than externally developed processing may have changed. Furthermore, the treasurer may have
information (IV). reason not to
Answer (C) is incorrect. The internal auditor’s physical examination describe processing accurately.
(III) is the [717] Gleim #: 7.11.104
most persuasive evidence of all. The internal auditor is concerned with the overall valuation of
Answer (D) is incorrect. The internal auditor’s observation (II) is inventory. Rank the
more persuasive following sources of engagement information from most persuasive
than both externally developed information (IV) and inquiry of to least persuasive
management (I). in addressing the assertion as to the valuation of inventory.
[716] Gleim #: 7.11.103 Calculate inventory turnover by I. individual product.
The internal auditor wants to understand the actual flow of data Assess the net realizability of all inventory items with a turnover ratio
regarding cash of 2.0 or
processing. The most convincing information is obtained by less by interviewing the marketing manager as to the marketability of
A. Reviewing the systems flowchart. the product.
Performing a walk-through of the processing and obtaining copies of II.
all Calculate the net realizable value (NRV) of all inventory products
documents used. (using software
B. to calculate NRV based on the last selling price) and compare NRV
Reviewing the programming flowchart for information about control with cost.
procedures III.
placed into the computer programs. Take a statistical sample of inventory and examine the latest
C. purchase documents
D. Interviewing the treasurer. (invoices and receiving slips) to calculate inventory cost.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics IV.
(720 questions) A. I, II, III, IV.
Copyright 2013 Gleim Publications Inc. Page 393 B. I, IV, II, III.
Printed for Sanja Knezevic C. IV, I, III, II.
Answer (A) is incorrect. The systems flowchart might not indicate D. II, III, IV, I.
how processing Answer (A) is incorrect. The proper order is IV, I, III, II.
Answer (B) is incorrect. The proper order is IV, I, III, II. [718] Gleim #: 7.11.105
Answer (C) is correct. Sampling inventory and examining purchase Which of the following are least valuable in predicting the amount of
documents uncollectible
are procedures that provide the most persuasive information in accounts for an organization?
establishing cost, Published economic indices indicating a general A. business
which is the basis of determining the valuation of inventory. They rely downturn.
on the Dollar amounts of accounts actually written off by the organization for
internal auditor’s own observations and on inspection of documents each of the
from external past 6 months.
sources. The next most persuasive information is derived from the B.
internal C. Total monthly sales for each of the past 6 months.
auditor’s analytical procedures. A change in inventory turnover or a Written forecasts from the credit manager regarding expected future
very low level cash
of inventory turnover indicates potential obsolescence of inventory collections.
and the need D.
for the internal auditor to perform additional procedures, e.g., Answer (A) is incorrect. Although these statistics might not be quite
examining as relevant
subsequent sales to determine whether inventory should be written as some of the other data, they are reliable, having been compiled
down. and published
Calculation of net realizable value may indicate a valuation problem. by an independent source.
The Answer (B) is incorrect. The dollar amounts of write-offs are relevant
difficulty with this procedure is that the last sales price may not be and
appropriate. reliable, representing the actual experience of the organization.
The marketing manager’s opinion about marketability is the least Answer (C) is incorrect. These amounts include cash as well as
persuasive credit sales. Thus,
information. It is a form of testimonial information from an individual the inclusion of cash sales reduces the relevance of these data.
who may However, prior
have a vested interest in persuading the internal auditor that the sales also represent the actual experience of the organization and
goods will be sold therefore have a
at their normal prices in the normal course of business. In addition, high degree of reliability.
the arbitrary Answer (D) is correct. Written forecasts from the credit manager
cutoff value of 2.0 may not be justified. The cutoff should be based may be relevant
on the nature and useful, but they cannot be considered sufficient or reliable.
of the client’s inventory. Opinion evidence
Answer (D) is incorrect. The proper order is IV, I, III, II. does not have as much reliability as factual evidence. In addition, the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics source of the
(720 questions) evidence may have a bias, which should be considered by the
Copyright 2013 Gleim Publications Inc. Page 394 internal auditor
Printed for Sanja Knezevic when evaluating the reliability of this data.
Which of the following examples of audit evidence is the most externally, they are subsequently processed by the engagement
persuasive? client. Thus, they are
A. Real estate deeds that were properly recorded with a government more reliable than purely internal information but less reliable than
agency. purely external
B. Canceled checks written by the treasurer and returned from a information.
bank. [720] Gleim #: 7.11.107
C. Time cards for employees that are stored by a manager. One objective of an internal auditing engagement involving the
D. Vendor invoices filed by the accounting department. receiving function is to
Gleim CIA Test Prep: Part 1 - Internal Audit Basics determine whether receiving clerks independently count incoming
(720 questions) supplies before
Copyright 2013 Gleim Publications Inc. Page 395 completing the quantity received section of the receiving report.
Printed for Sanja Knezevic Which of the
Answer (A) is correct. Real estate deeds recorded in public records following is the most persuasive information supporting the assertion
are documentary that the counts
information generated by external parties. They are not processed by are made?
the engagement The receiving section supervisor’s assurance, based on personal
client. Accordingly, this purely external evidence is more persuasive observation, that
than information the counts are made.
originating with, or processed by, the engagement client. A.
Answer (B) is incorrect. Canceled checks written by the treasurer A receiving clerk’s initials on all receiving reports attesting that the
and returned from a count was
bank constitute internal-external information. Such information made.
originates with the B.
engagement client but is processed externally. Because the bank’s Assurance, from the warehouse supervisor, that the accuracy of the
acceptance of perpetual
checks provides some confirmation of their validity, they are more inventory is the result of the reliability of the entries in the quantity
reliable than purely received
internal evidence. section.
Answer (C) is incorrect. Time cards for employees that are stored by C.
a manager are Periodic observations by the internal auditor over the course D. of
considered internal information. They are generated by, and remain the engagement.
with, the Answer (A) is incorrect. Testimonial information is not as reliable as
engagement client. Purely internal information is less reliable than the internal
information from auditor’s direct personal observation.
external sources. Answer (B) is incorrect. Testimonial information is not as reliable as
Answer (D) is incorrect. Vendor invoices filed by the accounting the internal
department are auditor’s direct personal observation.
considered external-internal information. Although the invoices were Answer (C) is incorrect. Testimonial information is not as reliable as
created the internal
auditor’s direct personal observation.
Answer (D) is correct. An internal auditor’s presumption about the
validity of
information is that the internal auditor’s direct personal knowledge,
obtained
through physical examination, observation, computation, and
inspection is more
persuasive than information obtained indirectly.

1

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

1

Загружено:

Авторское право:

Доступные форматы

[1] Gleim #: 1.1.1 Answer (D) is correct.

The Definition of Internal Auditing states, in

Вам также может понравиться