Please make sure the answer is right
Pick the best answer
1) Which of the following is not a category of objectives of internal control per the COSO Internal Control Framework?
A) Reliability of financial reporting
B) Achievement of strategic objectives
C) Effectiveness and efficiency of operations
D) Compliance with laws and regulations
E) All of the above are categories of objectives of internal control
2) The internal audit activity's role in the risk management process of an organization may not encompass:
A) No role
B) Auditing the risk management process as part of the internal audit plan.
C) Facilitating identification of risks
D) Accountability for risk management
E) Participation on oversight committees, monitoring activities, and status reporting.
3) The IIA Code of Ethics specifically prohibits a CAE from receiving stock options.
A) True
B) False
4) Which of the following is true about internal vs. external auditing?
A) Internal auditing reports to the external auditors
B) Internal auditing is more focused on financial reporting than external auditing
C) Many of the tool and techniques in auditing are common to both internal and external auditing
D) External auditors cannot rely on any of the work done by internal auditing
E) Both have the same definition of the term “independence.”
5) Which of the following is not part of the definition of internal auditing?
A) Risk management
B) Governance
C) Consulting
D) Add value
E) Implement internal controls
6)Which of the following is true about ERM?
A) The COSO ERM Framework is the only approved ERM framework in the U.S.
B) 90% of all corporations have implemented the entire COSO ERM Framework
C) The COSO ERM Framework is part of the COSO Internal Controls Framework
D) An effective ERM process will guarantee the enterprise will achieve its business objectives
E) None of the above is true
7) In which situation does the internal auditor lack objectivity?
A) The internal auditor recommends standards of performance for an outsourcing contract
B) The internal auditor discusses the status of a system implementation over lunch at a vendor conference
C) The internal auditor performs a review of internal controls over the treasury function eight months after being transferred from that department to internal auditing
D) The internal auditor reviews audit findings with the CAE prior to issuing the final audit report
E) All of the above
8) In the three lines of defense model, the primary responsibility for maintaining effective internal controls belongs to:
A) The audit committee
B) The CEO
C) Internal auditing
D) The risk management function
E) Operational management
9) Which of the following is a change to the updated COSO Internal Control Framework from the 1992 version?
A) The definition of internal controls
B) The 17 principles
C) The three categories of control objectives
D) The five integrated components
E) The importance of managem.
Salient Features of India constitution especially power and functions
Please make sure the answer is right Pick the best answer1.docx
1. Please make sure the answer is right
Pick the best answer
1) Which of the following is not a category of objectives of
internal control per the COSO Internal Control Framework?
A) Reliability of financial reporting
B) Achievement of strategic objectives
C) Effectiveness and efficiency of operations
D) Compliance with laws and regulations
E) All of the above are categories of objectives of internal
control
2) The internal audit activity's role in the risk management
process of an organization may not encompass:
A) No role
B) Auditing the risk management process as part of the internal
audit plan.
C) Facilitating identification of risks
D) Accountability for risk management
E) Participation on oversight committees, monitoring activities,
and status reporting.
3) The IIA Code of Ethics specifically prohibits a CAE from
receiving stock options.
A) True
B) False
2. 4) Which of the following is true about internal vs. external
auditing?
A) Internal auditing reports to the external auditors
B) Internal auditing is more focused on financial reporting than
external auditing
C) Many of the tool and techniques in auditing are common to
both internal and external auditing
D) External auditors cannot rely on any of the work done by
internal auditing
E) Both have the same definition of the term “independence.”
5) Which of the following is not part of the definition of
internal auditing?
A) Risk management
B) Governance
C) Consulting
D) Add value
E) Implement internal controls
6)Which of the following is true about ERM?
A) The COSO ERM Framework is the only approved ERM
framework in the U.S.
B) 90% of all corporations have implemented the entire COSO
ERM Framework
C) The COSO ERM Framework is part of the COSO Internal
Controls Framework
D) An effective ERM process will guarantee the enterprise will
achieve its business objectives
3. E) None of the above is true
7) In which situation does the internal auditor lack
objectivity?
A) The internal auditor recommends standards of performance
for an outsourcing contract
B) The internal auditor discusses the status of a system
implementation over lunch at a vendor conference
C) The internal auditor performs a review of internal controls
over the treasury function eight months after being transferred
from that department to internal auditing
D) The internal auditor reviews audit findings with the CAE
prior to issuing the final audit report
E) All of the above
8) In the three lines of defense model, the primary
responsibility for maintaining effective internal controls
belongs to:
A) The audit committee
B) The CEO
C) Internal auditing
D) The risk management function
E) Operational management
9) Which of the following is a change to the updated COSO
Internal Control Framework from the 1992 version?
A) The definition of internal controls
B) The 17 principles
C) The three categories of control objectives
D) The five integrated components
4. E) The importance of management judgment
10) According to the IPPF, an internal auditor assigned to an
audit engagement:
A) Must be an expert in the area being audited
B) Must be proficient and exercise due professional care
C) Cannot have a relative working anywhere in the company
D) Must be a Certified Internal Auditor
E) Is responsible for detecting fraud
11) Which of the following about how internal auditing adds
value is not true?
A) Different levels in the organization have different opinions
as to how internal auditing can best add value
B) What is considered value add in one organization may not be
considered value add in another organization
C) For any organization consulting is considered to be higher
value add than assurance services
D) How internal auditing can best add value changes over time
E) Internal auditing is limited by resources, staff size and
expertise in where and how they can add value
12) The manager of data processing requested your assistance
on a new computerized accounts payable system being
5. developed. He has two requests:
a) Internal auditing makes suggestions during the development
of the system.
b) Internal auditing assists in the installation of the system and
approves the system after making a final review.
Which of the following statements is correct?
A) The auditors can provide assistance in both areas without
violating the Code of Ethics.
B) The auditors can assist in a) but not b) without violating the
Code of Ethics
C) The auditors can assist in b) but not a) without violating the
Code of Ethics
D) The auditors would violate the Code of Ethics by providing
any of the requested assistance
E) The Code of Ethics is not applicable to the requests from the
manager of data processing
13) Which of the following is not a legitimate role for internal
auditing in cloud computing?
A) Reviewing personnel transition and end-user training plans
B) Providing assurance on IT general controls
C) Reviewing service level agreements
D) Ongoing monitoring of vendor performance
E) Implementing the cloud computing strategy
14) Which of the following is not cited in week 3 as a
limitation of a system of internal controls?
A) Cost/benefits trade-offs in establishing controls
6. B) Average age of senior management
C) Management overrides
D) Collusion
E) Lack of training in control procedures
15) In reviewing the governance process which of the following
is not applicable to the role of top management?
A) Organizational structure
B) Board oversight
C) Corporate culture
D) Management control systems
E) All of the above
16) Which of the following is true about the IPPF?
A) By law in the U.S. internal auditing departments must
comply with all the IIA Standards.
B) Interpretations are not considered to be mandatory guidance
C) The Code of Ethics is part of the Standards
D) Independence as defined in the IPPF is a concept dealing
with an unbiased mental attitude
E) All of the above are not true
17) Which area can risk management and internal auditing not
collaborate?
A) Sharing available resources
B) Being jointly accountable for risk management
C) Assessing and monitoring risks
7. D) Sharing work products
E) Cross-leveraging expertise
18) Which are the following is not considered to be a difference
between ERM and traditional approaches to risk management?
A) ERM encompasses all areas of organizational exposure to
risk
B) ERM manages risks holistically as an interrelated portfolio
across the organization
C) ERM is still evolving but traditional risk management is
fully defined and established
D) ERM views risk management as a source of competitive
advantage
E) All of the above are differences
19) Without effective general computing controls, reliance on
IT systems may not be possible?
A) True
B) False
20) Which of the following about outsourcing is not true?
A) According to COSO ERM the risk can be assumed by the
service provider
B) The level of risk increases when key business operations are
outsourced
C) The organization should consider the risk of performing the
function internally and compare it to the risk of outsourcing
D) Managing the relationship is more difficult because the
service provider may limit the client’s ability to observe and
assess controls
8. E) All of the above are true
21) Which of following is true about Governance, Risk
Management and Compliance?
A) It should be implemented as a technology solution
B) Internal auditing has primary responsibility for ensuring the
organization has implemented GRC
C) Each component of GRC has to be at the same level of
maturity
D) Integrating GRC is a gradual process
E) All of the above are true
22) Based on the IPPF Standards which of the following does
internal auditing not have responsibility for in the area of
governance?
A) Assessing how well the organization promotes ethical values
B) Assessing information technology governance
C) Being a key sponsor of GRC
D) Making recommendations to ensure effective organizational
performance management
E) All of the above are responsibilities of internal auditing
23) Which of the following is not an element of IT governance?
A) Risk management
B) Application controls
C) Resource Management
D) Performance management
E) None of the above
24) Which of the following would be considered a bad risk
9. management practice?
A) Driven from the top down
B) Tailored to the organization
C) Primarily focused on hard controls
D) Integrated in the system of management
E) All of the above
25) It is always preferable to use quantitative techniques to
assess risk.
A) True
B) False
W4 quiz
1. Which of the following policies is most likely to result in an
environment conducive to the occurrence of fraud?
A.
Unreasonable sales and production goals.
B.
The application of some accounting controls on a sample basis.
C.
Budget preparation input by the employees who are responsible
for meeting the budget.
D.
The division’s hiring process frequently results in the rejection
of adequately trained applicants.
2.
What is the responsibility of the internal auditor with respect to
fraud?
A.
An internal auditor should have sufficient knowledge and
10. training so that (s)he is able to detect fraud.
B.
The internal auditor should have the same ability to detect fraud
as a person whose primary responsibility is detecting and
investigating fraud.
C.
An internal auditor’s primary role is to detect and investigate
fraud.
D.
The internal auditor should have sufficient knowledge to
identify the indicators of fraud but is not expected to be an
expert.
3.
While reviewing a division’s accounts, an internal auditor
becomes concerned that the division’s management may have
shipped poor quality merchandise to boost sales and
profitability and thereby increase the manager’s bonus. For this
reason, the internal auditor suspects that returned goods are
being shipped to other customers as new products without full
correction of their defects. Which of the following engagement
procedures is the least effective in determining whether such
shipments took place?
A.
Physically observe the shipping and receiving area for
information of returned goods.
B.
Examine credit memos issued after year end for goods shipped
before year end.
C.
Interview customer service representatives regarding unusual
amounts of customer complaints.
D.
Require the division to take a complete physical inventory at
year end, and observe the taking of the inventory.
4
11. A purchasing agent received expensive gifts from a vendor in
return for directing a significant amount of business to that
vendor. Which of the following organizational policies most
effectively prevents such an occurrence?
A.
The purchasing function should be decentralized so each
department manager or supervisor does his or her own
purchasing.
B.
Important high-volume materials should regularly be purchased
from at least two different sources in order to afford supply
protection.
C.
Competitive bids should be solicited on purchases to the
maximum extent that is practicable.
D.
All purchases exceeding specified monetary amounts should be
approved by an official who determines compliance with
budgetary requirements.
5
Internal auditors have a responsibility for helping to deter
fraud. Which of the following best describes how this
responsibility is usually met?
A.
By evaluating the adequacy and effectiveness of controls in
light of the potential exposure or risk.
B.
By coordinating with security personnel and law enforcement
agencies in the investigation of possible frauds.
C.
By assisting in the design of control systems to prevent fraud.
D.
By testing for fraud in every engagement and following up as
appropriate.
12. 6.
Internal auditing is responsible for assisting in the prevention of
fraud by
A.
Establishing the organization’s governance, operations, and
information systems concerning compliance with laws,
regulations, and contracts.
B.
Examining and evaluating the adequacy and the effectiveness of
control, commensurate with the extent of the potential exposure
or risk in the various segments of the organization’s operations.
C.
Determining whether operating standards are acceptable and are
being met.
D.
Informing the appropriate authorities within the organization
and recommending whatever investigation is considered
necessary in the circumstances when wrongdoing is suspected.
7
Which of the following statements is (are) true regarding the
prevention of fraud?
1. The primary means of preventing fraud is through internal
control established and maintained by management.
2. Internal auditors are responsible for assisting in the
prevention of fraud by examining and evaluating the adequacy
of the internal control system.
3. Internal auditors should assess the operating effectiveness of
fraud-related communication systems.
8
Randy and John had known each other for many years. They had
become best friends in college, where they both majored in
accounting. After graduation, Randy took over the family
business from his father. His family had been in the grocery
business for several generations. When John had difficulty
finding a job, Randy offered him a job in the family store. John
13. proved to be a very capable employee. As John demonstrated
his abilities, Randy began delegating more and more
responsibility to him. After a period of time, John was doing all
of the general accounting and authorization functions for
checks, cash, inventories, documents, records, and bank
reconciliations. (1) John was trusted completely and handled all
financial functions. No one checked his work.
Randy decided to expand the business and opened several new
stores. (2) Randy was always handling the most urgent problem
. . . “crisis management” is what his college professors had
termed it. John assisted with the problems when his other duties
allowed him time.
Although successful at work, John had (3) difficulties with
personal financial problems.
At first, the amounts stolen by John were small. John didn’t
even worry about making the accounts balance. But John
became greedy. “How easy it is to take the money,” he said. He
felt that he was a critical member of the business team (4) and
that he contributed much more to the success of the company
than was represented by his salary. “It would take two or three
people to replace me,” he often thought to himself. As the
amounts became larger and larger, (5) he made the books
balance. Because of these activities, John was able to purchase
an expensive car and take his family on several trips each year.
(6) He also joined an expensive country club. Things were
changing at home, however. (7) John’s family observed that he
was often argumentative and at other times very depressed.
The fraud continued for 6 years. Each year, the business
performed more and more poorly. In the last year, the stores had
a substantial net loss. Randy’s bank required an audit. John
confessed when he thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures, opportunities, and
rationalizations that cause/allow a perpetrator to commit the
fraud are often identified. Symptoms of fraud are also studied.
14. Number 4, “and that he contributed much more . . .,” is an
example of a
A.
Behavioral symptom.
B.
Rationalization.
C.
Situational pressure.
D.
Physical symptom.
9.
The internal auditors’ responsibility regarding fraud includes all
of the following except
A.
Being aware of activities in which fraud is likely to occur.
B.
Ensuring that fraud will not occur.
C.
Determining whether the control environment sets the
appropriate tone at top.
D.
Evaluating the effectiveness of control activities.
10
One factor that distinguishes fraud from other employee crimes
is that fraud involves
A.Intentional deception.
B.Personal gain for the perpetrator. C.Malicious
motives. D.Collusion with a party outside the organization.
11
Randy and John had known each other for many years. They had
become best friends in college, where they both majored in
accounting. After graduation, Randy took over the family
business from his father. His family had been in the grocery
business for several generations. When John had difficulty
15. finding a job, Randy offered him a job in the family store. John
proved to be a very capable employee. As John demonstrated
his abilities, Randy began delegating more and more
responsibility to him. After a period of time, John was doing all
of the general accounting and authorization functions for
checks, cash, inventories, documents, records, and bank
reconciliations. (1) John was trusted completely and handled all
financial functions. No one checked his work.
Randy decided to expand the business and opened several new
stores. (2) Randy was always handling the most urgent problem
. . . “crisis management” is what his college professors had
termed it. John assisted with the problems when his other duties
allowed him time.
Although successful at work, John had (3) difficulties with
personal financial problems.
At first, the amounts stolen by John were small. John didn’t
even worry about making the accounts balance. But John
became greedy. “How easy it is to take the money,” he said. He
felt that he was a critical member of the business team (4) and
that he contributed much more to the success of the company
than was represented by his salary. “It would take two or three
people to replace me,” he often thought to himself. As the
amounts became larger and larger, (5) he made the books
balance. Because of these activities, John was able to purchase
an expensive car and take his family on several trips each year.
(6) He also joined an expensive country club. Things were
changing at home, however. (7) John’s family observed that he
was often argumentative and at other times very depressed.
The fraud continued for 6 years. Each year, the business
performed more and more poorly. In the last year, the stores had
a substantial net loss. Randy’s bank required an audit. John
confessed when he thought the auditors had discovered his
embezzlements.
When discussing frauds, the pressures, opportunities, and
rationalizations that cause/allow a perpetrator to commit the
16. fraud are often identified. Symptoms of fraud are also studied.
Number 1, “John was trusted completely . . .,” is an example of
a(n)
A.
Document symptom.
B.
Physical symptom.
C.
Situational pressure.
D.
Opportunity to commit.
12
Purchases from two new vendors increased dramatically after a
new buyer was hired. The buyer was obtaining kickbacks from
the two vendors based on sales volume. A possible means of
detection is
A.
The use of purchase orders for all purchases.
B.
The receipt of an invoice to put new vendors on the master file.
C.
The use of change analysis and trend analysis of buyer or
vendor activity.
D.
Periodically surveying vendors regarding potential buyer
conflict of interest or ethics violations.
13.
Which of the following wrongful acts committed by an
employee constitutes fraud?
A.
Assault.
B.
Embezzlement.
17. C.
Libel.
D.
Harassment.
14
Which of the following would indicate that fraud may be taking
place in a marketing department?
A.
There is no documentation for some fairly large expenditures
made to a new vendor.
B.
A manager appears to be living a lifestyle that is in excess of
what could be provided by a marketing manager’s salary.
C.
The control environment can best be described as “very loose.”
However, this attitude is justified by management on the
grounds that it is needed for creativity.
D.
All of the answers are correct.
15.
Which of the following statement(s) is (are) true regarding the
deterrence of fraud?
1. The primary means of deterring fraud is through effective
controls initiated by senior management.
2. Internal auditors are responsible for assisting in the
deterrence of fraud by examining and evaluating the adequacy
of controls.
3. Internal auditors are responsible for designing and
implementing fraud prevention controls.
4. Internal auditors should determine whether communication
channels provide management with adequate and reliable
information about the effectiveness of controls and the
occurrence of unusual transactions.
A.
18. 1, 2, and 4 only.
B.
1 only.
C.
2 only.
D.
2 and 3 only.