Home Page Social Science Economics Finance Accounting CIA Exam Part 1: Study Unit (4) - Flashcards

CIA Exam Part 1: Study Unit (4) – Flashcards

Kaiya Hebert

8 July 2022

Unlock all answers in this set

Unlock answers

question

Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that A. The individual who initiates wire transfers not reconcile the bank statement. B. Foreign currency rates be computed separately by two different employees. C. Corporate management approve the hiring of monetary transfer unit employees. D. The branch manager receive all wire transfers.

answer

Answer (A) is correct. Answer (A) is correct. A control is any action taken by management to enhance the likelihood that established goals and objectives will be achieved. Controls include segregation of duties to reduce the risk that any person may be able to perpetrate and conceal errors or fraud in the normal course of his or her duties. Different persons should authorize transactions, record transactions, and maintain custody of the assets associated with the transaction. Independent reconciliation of bank accounts is necessary for good internal control.

question

Which of the following observations made during the preliminary survey of a local department store's disbursement cycle reflects a control strength? A. The receiving department is given a copy of the purchase order complete with a description of goods, quantity ordered, and extended price for all merchandise ordered. B. Individual department managers are responsible for the movement of merchandise from the receiving dock to storage or sales areas as appropriate. C. The chief financial officer's office prepares checks for suppliers based on vouchers prepared by the accounts payable department. D. Individual department managers use prenumbered forms to order merchandise from vendors.

answer

Answer (C) is correct. Accounting for payables is a recording function. The matching of the supplier's invoice, the purchase order, and the receiving report (and usually the purchase requisition) should be the responsibility of the accounting department. These are the primary supporting documents for the payment voucher prepared by the accounts payable section that will be relied upon by the chief financial officer in making payment.

question

The internal auditor recognizes that certain limitations are inherent in any system of internal controls. Which one of the following scenarios is the result of an inherent limitation of internal control? A. The organization sells to customers on account, without credit approval. B. A security guard allows one of the warehouse employees to remove assets from the premises without authorization. C. An employee who is unable to read is assigned custody of the organization's computer tape library and run manuals that are used during the third shift. D. The comptroller both makes and records cash deposits.

answer

Answer (B) is correct. Inherent limitations in internal control arise from mistakes in judgment, misunderstandings of instructions, personnel carelessness, distraction, fatigue, collusion, perpetrations by management, changing conditions, and deterioration of degrees of compliance. Thus, a control (use of security guards) based on segregation of functions may be overcome by collusion among two or more employees.

question

An internal auditor is assigned to perform an engagement to evaluate the organization's insurance program, including the appropriateness of the approach to minimizing risks. The organization self-insures against large casualty losses and health benefits provided for all its employees. The organization is a large national firm with over 15,000 employees located in various parts of the country. It uses an outside claims processor to administer its healthcare program. The organization's medical costs have been rising by approximately 8% per year for the past 5 years, and management is concerned with controlling these costs. The healthcare processor wishes to implement controls that would help prevent fraud by dentists who are submitting billings for services not provided. Assume further that all the claims are submitted electronically to the healthcare processor. Which of the following control procedures would be the most effective? A. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis. B. Require all submitted claims to be accompanied by a signed statement by the dentist testifying that the claimed procedures were performed. C. Send confirmations to the dentists requesting them to confirm the exact nature of the claims submitted to the healthcare processor. D. Develop a program that identifies procedures performed on an individual in excess of expectations based on the age of the employee, whether a similar procedure was performed recently, or the average cost per claim.

answer

Answer (D) is correct. Under this detective control, unusual claims could be identified and followed up to determine if they are legitimate. This control is a type of IT input control known as a reasonableness test.

question

The following is a section of a system flowchart for a payroll application: Batched time cards Input of payroll date time card data batched time cards Validation of payroll data Time card data valid time card data Errors X Symbol X could represent A. Erroneous time cards. B. Unclaimed payroll checks. C. Batched time cards. D. An error report.

answer

Answer (D) is correct. Symbol X is a document, that is, hard copy output of the validation routine shown. The time card data, the validated data, and the errors are recorded on magnetic disk after the validation process. Thus, either an error report or the valid time card information is represented by Symbol X.

question

When a copy of the sale invoice is not received by an organization's shipping department, an employee requests the document from the proper authority. This process is a(n) A. Detective, preventive control. B. Passive, mitigating control. C. Directive, detective control. D. Active, detective control.

answer

Answer (D) is correct. When shipping documents are not received in the shipping department (such as copies of the sales invoice, customer order form, and bill of lading), the clerk should attempt to obtain the proper documentation from the originating organization. This type of control is detective because it detects and attempts to correct an undesirable event that has occurred. It is also active because it takes a conscious intervention by the clerk to ensure the documentation is received.

question

A utility with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss? A. Maintain vehicles in a secured location with release and return subject to approval by a custodian. B. Systematically account for all repair work orders. C. Physically inventory vehicles and reconcile the results with the accounting records. D. Review insurance coverage for adequacy.

answer

Answer (A) is correct. Physical safeguarding of assets is enacted through the use of preventive controls that reduce the likelihood of theft or other loss. Keeping the vehicles at a secure location and restricting access establishes accountability by the custodian and allows for proper authorization of their use.

question

Checks from customers are received in the organization's mail room each day. What controls should be in place to safeguard them? A. Forwarding all checks to the cashier upon receipt. B. Establishing a separate post office box for customer payments. C. Requiring a specific mail clerk to list and restrictively endorse each check. D. Providing bonding protection for mail clerks.

answer

Answer (C) is correct. An employee who does not have access to other records should open the mail and prepare a list of checks received. The check listing will later be reconciled with the daily bank deposit and entries to accounts receivable. A restrictive endorsement ("for deposit only") will put transferees on notice to act accordingly (that is, deposit the check in the organization's account).

question

Organizational independence is required in the processing of customers' orders in order to maintain an internal control structure. Which one of the following situations is not a proper segregation of duties in the processing of orders from customers? A. Invoice preparation by the billing department and posting to customers' accounts by the accounts receivable department. B. Approval by credit department of a sales order prepared by the sales department. C. Shipping of goods by the shipping department that have been retrieved from stock by the finished goods storeroom department. D. Approval of a sales credit memo because of a product return by the sales department with subsequent posting to the customer's account by the accounts receivable department.

answer

Answer (D) is correct. Allowing a sales department employee to approve a credit memo without a receiving report would be unacceptably risky. Sales personnel could overstate sales in one period and then reverse them in subsequent periods. Thus, a copy of the receiving report for returned goods should be sent to billing for preparation of a credit memo after approval by a responsible supervisor who is independent of sales.

question

An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts A. Provide a visual depiction of clients' activities. B. Indicate whether controls are operating effectively. C. Identify internal control deficiencies more prominently. D. Reduce the need to observe clients' employees performing routine tasks.

answer

Answer (A) is correct. Systems flowcharts provide a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations. In many instances, a flowchart is preferable to a questionnaire because a picture is usually more easily comprehended.

question

A recent inventory shortage at XYZ Corp., an unaffiliated supplier, contributed to production failures at OPS Corp. in the current period. To avoid future production failures because of supplier inventory shortages, the most appropriate method is for OPS to A. Increase the size of orders. B. Establish an inventory control framework at XYZ. C. Inform XYZ about its risk appetite regarding supply failures. D. Produce the inventory items instead of purchasing from suppliers.

answer

Answer (C) is correct. The risk appetite is the level of risk that an organization is willing to accept (The IIA Glossary). Thus, communicating about the risk appetite with external parties is an important aspect of risk management. It allows the organization to develop strategies to work with suppliers who may have different objectives.

question

An adequate and effective system of internal control provides reasonable assurance that objectives will be achieved. Controls may be preventive, detective, or directive. Which of the following is a detective control for the procurement function? A. Goods received are counted and compared with quantities on purchase order and receiving reports. B. Prenumbered standard purchase order forms include all relevant terms required to be used in all applicable instances. C. The procurement function is organizationally separate from receiving, disbursing, and accounting. D. Review and approval of each procurement action is required prior to the final issuance of a purchase order.

answer

Answer (A) is correct. Detective controls are designed to detect and correct undesirable events that have occurred. Accounting for all goods received and comparing quantities on purchase orders and receiving reports is an example.

question

Fact Pattern: An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. Question: 13 An employee in the payroll department is contemplating a fraud involving the addition of a fictitious employee and the entry of fictitious hours worked. The paycheck would then be sent to the payroll employee's home address. The most effective control procedure to prevent this type of fraud is to require that A. A report of all new employees added be approved by someone outside of the payroll department. Also, a report showing all employees and hours worked should be sent to the supervisor's department for review. B. All new employees and their hours worked be entered by the human resources department. C. All changes to employee records be approved by supervisors outside of both human resources and payroll. D. The payroll department physically delivers paychecks to employees rather than mailing them.

answer

Answer (A) is correct. The payroll department has a recording function. It should not authorize pay rate changes or the addition or deletion of employees from the payroll. Accordingly, authorization of such changes should be made by an individual outside the department. Verification of payroll data should also be made outside the department. Proper segregation of duties is critical in the prevention of payroll fraud.

question

Which of the following policies and procedures is consistent with effective administration of the insurance function? A. Billings for insurance coverage are received and payments disbursed by the insurance manager. B. Policy coverages are adjusted each year by applying a price index to previous year coverages. C. Final settlements are negotiated after claims are developed and submitted. D. Policies are always placed with the carrier that offers the lowest rate for a specified level of coverage.

answer

Answer (C) is correct. The claims handling process begins with prompt reporting by the affected operational unit of the organization of any basis for a claim. Prompt reporting is required to permit the insurer to take whatever steps it may deem necessary to reduce the ultimate compensable loss. The insurance function then cooperates with the operational unit to document and formally submit the claim to the carrier. Subsequently, the insurance function will be involved in any required review of the claim and negotiation of a settlement.

question

When documenting internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a A. Symbolic representation of a system or series of sequential processes. B. Diagram that clearly indicates an organization's internal reporting structure. C. Pictorial presentation of the flow of instructions in a client's internal computer system. D. Graphic illustration of the flow of operations that is used to replace the auditor's internal control questionnaire.

answer

Answer (A) is correct. A systems flowchart is a symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client's organization.

question

The operations manager of a company notified the chief financial officer of that organization 60 days in advance that a new, expensive piece of machinery was going to be purchased. This notification allowed the chief financial officer to make an orderly liquidation of some of the company's investment portfolio on favorable terms. What type of control was involved? A. Feedback. B. Concurrent. C. Feedforward. D. Strategic.

answer

Answer (C) is correct. Feedforward controls provide for the active anticipation of problems so that they can be avoided or resolved in a timely manner. Another example is the quality control inspection of raw materials and work-in-process to avoid defective finished goods.

question

Managerial control can be divided into feedforward, concurrent, and feedback controls. Which of the following is an example of a feedback control? A. Budgeting. B. Quality control training. C. Variance analysis. D. Forecasting inventory needs.

answer

Answer (C) is correct. A feedback control measures actual performance, i.e., something that has already occurred, to ensure that a desired future state is attained. It is used to evaluate past activity to improve future performance. A variance is a deviation from a standard. Hence, variance analysis is a feedback control.

question

Upon receipt of purchased goods, receiving department personnel match the quantity received with the packing slip quantity and mark the retail price on the goods based on a master price list. The annotated packing slip is then forwarded to inventory control and goods are automatically moved to the retail sales area. The most significant control strength of this activity is A. Matching quantity received with the packing slip. B. Immediately pricing goods for retail sale. C. Automatically moving goods to the retail sales area. D. Using a master price list for marking the sale price.

answer

Answer (D) is correct. Use of the master price list ensures that the correct retail price is marked.

question

Of the following, which is the most efficient source for an auditor to use to evaluate a company's overall control system? A. Copies of standard operating procedures. B. Copies of industry operating standards. C. A narrative describing departmental history, activities, and forms usage. D. Control flowcharts.

answer

Answer (D) is correct. Control flowcharting is a graphical means of representing the sequencing of activities and information flows with related control points. It provides an efficient and comprehensive method of describing relatively complex activities, especially those involving several departments.

question

Fact Pattern: The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager's purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company's 52 department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season's products. Question: 20 Which of the following is a control deficiency in this situation? A. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. B. The store manager can require items to be removed, thus affecting the potential performance evaluation of individual product managers. C. There is no receiving function located at individual stores. D. The product manager negotiates the purchase price and sets the selling price.

answer

Answer (C) is correct. The receiving function verifies that the goods received are those actually sent by the shipper. Without this function being performed at the store, goods could be lost, pilfered, or simply sent to the wrong store without it being discovered.

question

Which of the following is a feedback control? A. Preventive maintenance. B. Measuring performance against a standard. C. Inspection of completed goods. D. Close supervision of production-line workers

answer

Answer (C) is correct. Feedback controls obtain information about completed activities. They permit improvement in future performance by learning from past mistakes. Thus, corrective action occurs after the fact. Inspection of completed goods is an example of a feedback control.

question

Internal auditors often flowchart a control system and reference the flowchart to narrative descriptions of certain activities. This is an appropriate procedure to A. Determine whether the system meets established management objectives. B. Document that the system meets international auditing requirements. C. Gain the understanding necessary to test the effectiveness of the system. D. Determine whether the system can be relied upon to produce accurate information.

answer

Answer (C) is correct. Flowcharting is a pictorial method of analyzing and understanding the processes and procedures involved in operations, whether manual or computerized. Flowcharting is therefore useful in the preliminary survey and in obtaining an understanding of internal control. It is also helpful in systems development.

question

Organizational independence in the processing of payroll is achieved by segregation of functions that are built into the system. Which one of the following functional segregations is not required for internal control purposes? A. Segregation of payroll preparation and paycheck distribution. B. Segregation of personnel function from payroll preparation. C. Segregation of timekeeping from payroll preparation. D. Segregation of payroll preparation and maintenance of year-to-date records.

answer

Answer (D) is correct. Most companies have their payrolls prepared by the same individuals who maintain the year-to-date records. There is no need for this segregation of functions because both duties involve recordkeeping.

question

Of the following, the controls that are often difficult for internal auditors to evaluate because of the lack of criteria or standards are A. Preventive controls. B. Corrective controls. C. Operating controls. D. Financial controls.

answer

Answer (C) is correct. Operating controls are those used in the management processes of directing and controlling and are based on comparison of results with standards. As an activity becomes less mechanical, however, standards become more difficult to determine. Control standards for security, for example, are less easily developed than for the output per hour of a machine because the degree of security achieved is not readily measurable.

question

Which of the following activities represents both an appropriate human resources department function and a deterrent to payroll fraud? A. Authorization of overtime. B. Authorization of additions and deletions from the payroll. C. Collection and retention of unclaimed paychecks. D. Distribution of paychecks.

answer

Answer (B) is correct. The payroll department is responsible for assembling payroll information (recordkeeping). The human resources department is responsible for authorizing employee transactions, such as hiring, firing, and changes in pay rates and deductions. Segregating the recording and authorization functions helps prevent fraud.

question

Which of the following control procedures provides the greatest assurance that all donations to a not-for-profit organization are immediately deposited in its account? A. Require issuance of a confirmation receipt to all donors, with the receipt issued by the person who opens and deposits the cash receipts. B. Use a lockbox to receive all donations. C. Perform periodic reviews of the organization's cash receipts by tracing deposits to the original posting in the cash receipts records. D. Require that all donations be made by check.

answer

Answer (B) is correct. A lockbox system expedites receipt of funds and provides effective control over cash receipts. Donors send their payments to lockboxes, often in numerous locations, that are checked by a bank several times a day. Thus, payments are deposited before being processed by the organization's accounting system.

question

Which of the following is a true statement comparing a horizontal flowchart with a vertical flowchart? A. A horizontal flowchart does not provide as broad a picture at a glance. B. A horizontal flowchart brings into sharper focus the assignment of duties and independent checks on performance. C. A horizontal flowchart provides more room for written descriptions that parallel the symbols. D. A horizontal flowchart is usually longer.

answer

Answer (B) is correct. A horizontal or systems flowchart depicts the functions or departments involved in a process successively from left to right. Thus, the steps performed by a function or department are presented in the same column. A vertical flowchart displays step-by-step processes effectively, but it does not delineate the system's components as well. By emphasizing the flow of processing between departments or people, a horizontal flowchart more clearly shows any inappropriate separation of duties and lack of independent checks on performance.

question

To minimize potential financial losses associated with physical assets, the assets should be insured in an amount that is A. Automatically adjusted by an economic indicator such as the consumer price index. B. Supported by periodic appraisals. C. Equal to the book value of the individual assets. D. Determined by the board of directors.

answer

Answer (B) is correct. Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization's governance, operations, and information systems. This should include, among other things, safeguarding of assets (Impl. Std. 2120.A1). Safeguarding assets includes insuring them. The types and amounts of insurance should be supported by periodic appraisals.

question

An internal auditor noted that the accounts receivable department is separate from other accounting activities. Credit is approved by a separate credit department. Control accounts and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly. The accounts receivable manager writes off delinquent accounts after 1 year, or sooner if a bankruptcy or other unusual circumstances are involved. Credit memoranda are prenumbered and must correlate with receiving reports. Which of the following areas could be viewed as an internal control weakness of the above organization? A. Write-offs of delinquent accounts. B. Monthly aging of receivables. C. Credit approvals. D. Handling of credit memos.

answer

Answer (A) is correct. The accounts receivable manager has the ability to perpetrate irregularities because (s)he performs incompatible functions. Authorization and recording of transactions should be separate. Thus, someone outside the accounts receivable department should authorize write-offs.

question

The internal audit activity of an organization is an integral part of the organization's risk management, control, and governance processes because it evaluates and contributes to the improvement of those processes. Select the type of control provided when the internal audit activity conducts a systems development analysis. A. Policies and procedures. B. Feedback control. C. Strategic plans. D. Feedforward control.

answer

Answer (D) is correct. A feedforward control provides information on potential problems so that corrective action can be taken in anticipation, rather than as a result, of a problem.

question

An internal auditor notes year-to-year increases for small tool expense at a manufacturing facility that has produced the same amount of identical product for the last 3 years. Production inventory is kept in a controlled staging area adjacent to the receiving dock, but the supply of small tools is kept in an unsupervised area near the exit to the plant employees' parking lot. After determining that all of the following alternatives are equal in cost and are also feasible for local management, the internal auditor would best address the security issue by recommending that plant management A. Move the small tools inventory to the custody of the production inventory staging superintendent and implement the use of a special requisition to issue small tools. B. Close the exit to the employee parking lot and require all plant employees to use a doorway by the receiving dock that also provides access to the plant employees' parking area. C. Initiate a full physical inventory of small tools on a monthly basis. D. Place supply of small tools in a secured area, install a key-access card system for all employees, and record each key-access transaction on a report for the production superintendent.

answer

Answer (A) is correct. Minimizing the loss of assets requires a preventive control. Giving responsibility for custody of small tools to one individual establishes accountability. Requiring that requisitions be submitted ensures that their use is properly authorized.

question

Which of the following control procedures does an internal auditor expect to find during an engagement to evaluate risk management and insurance? A. Policy of repetitive standard journal entries to record insurance expense. B. Periodic internal review of the in-force list to evaluate the adequacy of insurance coverage. C. Required approval of all new insurance policies by the organization's CEO. D. Cutoff procedures with regard to insurance expense reporting.

answer

Answer (B) is correct. Obtaining insurance and periodically reviewing its adequacy are among management's responses to the findings of a risk assessment. Insurance coverage should be sufficient to ensure that the relevant assessed risks are managed in accordance with the organization's risk appetite.

question

Which of the following controls would prevent the ordering of quantities in excess of an organization's needs? A. Review of all purchase requisitions by a supervisor in the user department prior to submitting them to the purchasing department. B. A policy requiring review of the purchase order before receiving a new shipment. C. Automatic reorder by the purchasing department when low inventory level is indicated by the system. D. A policy requiring agreement of the receiving report and packing slip before storage of new receipts.

answer

Answer (A) is correct. Supervisory review at the originating department level is one means of control over the number of items ordered. This control is an example of the segregation of duties. Authorization should be separate from recordkeeping and asset custody.

question

Controls provide assurance to management that desired actions will be accomplished when objectives are established in writing and A. Internal reviews as to the propriety and effectiveness of the objectives are undertaken on a periodic basis by the internal audit activity. B. Policies and procedures for activities are set out in manuals for use by properly trained personnel. C. Standards are adopted, results are compared with the standards, and corrective actions are undertaken. D. Are communicated to employees in writing and are updated by operating personnel as conditions change.

answer

Answer (C) is correct. The elements of control include (1) establishing standards for the operation to be controlled, (2) measuring performance against the standards, (3) examining and analyzing deviations, (4) taking corrective action, and (5) reappraising the standards based on experience. These elements of control provide reasonable assurance to management that established objectives and goals will be achieved.

question

answer

question

Organizational independence in the processing of payroll is achieved by segregation of functions that are built into the system. Which one of the following functional segregations is not required for internal control purposes? A. Segregation of timekeeping from payroll preparation. B. Segregation of payroll preparation and paycheck distribution. C. Segregation of payroll preparation and maintenance of year-to-date records. D. Segregation of personnel function from payroll preparation.

answer

Answer (C) is correct. Most companies have their payrolls prepared by the same individuals who maintain the year-to-date records. There is no need for this segregation of functions because both duties involve recordkeeping.

question

Which of the following is not implied by the definition of control? A. Measurement of progress toward goals. B. Indication of the need for corrective action. C. Uncovering of deviations from plans. D. Assignment of responsibility for deviations.

answer

Answer (D) is correct. The elements of control include (1) establishing standards for the operation to be controlled, (2) measuring performance against the standards, (3) examining and analyzing deviations, (4) taking corrective action, and (5) reappraising the standards based on experience. Thus, assigning responsibility for deviations found is not a part of the controlling function.

question

The use of financial statement analysis, quality control procedures, and employee performance evaluations are all examples of A. Concurrent controls. B. Preliminary controls. C. Feedback controls. D. Feedforward controls.

answer

Answer (C) is correct. A feedback control operates to provide information about processes that have already occurred.

question

Which one of the following is most likely to be considered an internal control weakness? A. The petty cash custodian has the ability to steal petty cash. Documentation for all disbursements from the fund must be submitted with the request for replenishment of the fund. B. An accounts receivable clerk, who approves sales returns and allowances, receives customer remittances and deposits them in the bank. Limited supervision is maintained over the employee. C. An inventory control clerk at a manufacturing plant has the ability to steal one completed television set from inventory a year. The theft probably will never be detected. D. A clerk in the invoice processing department fails to match a vendor's invoice with its related receiving report. Checks are not signed unless all appropriate documents are attached to a voucher.

answer

Answer (B) is correct. Segregation of duties among key functions is an important control procedure. An accounts receivable clerk who is permitted to approve sales returns and allowances and also receive customer remittances could misappropriate funds received and cover the shortage by debiting sales returns and allowances. Limited supervision is insufficient to compensate for lack of segregation of duties.

question

If internal control is well designed, two tasks that should be performed by different persons are A. Distribution of payroll checks and approval of sales returns for credit. B. Posting of amounts from both the cash receipts journal and cash payments journal to the general ledger. C. Recording of cash receipts and preparation of bank reconciliations. D. Approval of bad debt write-offs, and reconciliation of the accounts payable subsidiary ledger and controlling account.

answer

Answer (C) is correct. Recording of cash establishes accountability for assets. The bank reconciliation compares that recorded accountability with actual assets. The recording of cash receipts and preparation of bank reconciliations should therefore be performed by different individuals because the preparer of a reconciliation could conceal a cash shortage. For example, if a cashier both prepares the bank deposit and performs the reconciliation, (s)he could embezzle cash and conceal the theft by falsifying the reconciliation.

question

An internal auditor noted that several shipments were not billed. To prevent recurrence of such nonbilling, the organization should A. Release product for shipment only on the basis of credit approval by the credit manager or other authorized person. B. Numerically sequence and independently account for all controlling documents (such as packing slips and shipping orders) when sales journal entries are recorded. C. Undertake periodic tests of gross margin rates by product line and obtain explanations of significant departures from planned rates. D. Undertake a validity check with customers as to orders placed.

answer

Answer (B) is correct. The sequential numbering of documents provides a standard control over transactions. The numerical sequence should be accounted for by an independent party. A major objective is to detect unrecorded and unauthorized transactions.

question

An internal auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts A. Are a good guide to potential segregation of duties. B. Show specific control procedures used, such as edit tests that are implemented and batch control reconciliations. C. Show only computer processing, not manual processing. D. Are generally kept up to date for systems changes.

answer

Answer (A) is correct. Systems flowcharts are overall graphic analyses of the flow of data and the processing steps in an information system. Accordingly, they can be used to show segregation of duties and the transfer of data between different segments in the organization.

question

In a well-designed internal control structure in which the cashier receives remittances from the mail room, the cashier should not A. Deposit remittances daily at a local bank. B. Endorse the checks. C. Post the receipts to the accounts receivable subsidiary ledger cards. D. Prepare the bank deposit slip.

answer

Answer (C) is correct. The cashier is an assistant to the chief financial officer and thus performs an asset custody function. Individuals with custodial functions should not have access to the accounting records. If the cashier were allowed to post the receipts to the accounts receivable subsidiary ledger, an opportunity for embezzlement would arise that could be concealed by falsifying the books.

question

Which one of the following situations represents an internal control weakness in accounts receivable? A. Customers' statements are mailed monthly by the accounts receivable department. B. Internal auditors confirm customer accounts periodically. C. The cashier is denied access to customers' records and monthly statements. D. Delinquent accounts are reviewed only by the sales manager.

answer

Answer (D) is correct. Internal control over accounts receivable begins with a proper segregation of duties. Hence, the cashier, who performs an asset custody function, should not be involved in recordkeeping. Accounts should be periodically confirmed by an auditor, and delinquent accounts should be reviewed by the head of accounts receivable and the credit manager. Customer statements should be mailed monthly by the accounts receivable department without allowing access to the statements by employees of the cashier's department. The sales manager should not be the only person to review delinquent accounts because (s)he may have an interest in not declaring an account uncollectible.

question

A flowchart of process activities and controls may provide A. An indication of where fraud has occurred in a process. B. No information related to fraud prevention. C. Information on where fraud could occur. D. Information on the extent of a past fraud.

answer

question

An internal auditor is reviewing the organization's policy regarding investing in financial derivatives. The internal auditor normally expects to find all of the following in the policy except A. A specific limit on the amount authorized for any single trader. B. A statement indicating whether derivatives are to be used for hedging or speculative purposes. C. A statement requiring board review of each transaction because of the risk involved in such transactions. D. A specific authorization limit for the amount and types of derivatives that can be used by the organization.

answer

Answer (C) is correct. A policy requiring board review of every derivatives transaction is cost ineffective. Management is responsible for daily operations and is expected to conform to the policies of the board.

question

An auditor's flowchart of a client's accounting system is a diagrammatic representation that depicts the auditor's A. Assessment of the risks of material misstatement. B. Assessment of the control environment's effectiveness. C. Understanding of the system. D. Identification of weaknesses in the system.

answer

Answer (C) is correct. The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of this documentation are influenced by the nature and complexity of the entity's controls (AU-C 315). For example, documentation of the understanding of internal control of a complex information system in which many transactions are electronically initiated, authorized, recorded, processed, or reported may include questionnaires, flowcharts, or decision tables.

question

An adequate and effective system of internal control provides reasonable assurance that objectives will be achieved. Controls may be preventive, detective, or directive. Which of the following is a detective control for the procurement function? A. Review and approval of each procurement action is required prior to the final issuance of a purchase order. B. Goods received are counted and compared with quantities on purchase order and receiving reports. C. Prenumbered standard purchase order forms include all relevant terms required to be used in all applicable instances. D. The procurement function is organizationally separate from receiving, disbursing, and accounting.

answer

Answer (B) is correct. Detective controls are designed to detect and correct undesirable events that have occurred. Accounting for all goods received and comparing quantities on purchase orders and receiving reports is an example.

question

answer

Answer (A) is correct. Feedforward controls provide for the active anticipation of problems so that they can be avoided or resolved in a timely manner. Another example is the quality control inspection of raw materials and work-in-process to avoid defective finished goods.

question

Which of the following aspects of the administration of a compensation program is the most important control in the long run? A. An informal wage and salary policy to be competitive with the industry average. B. A wage and salary review plan for individual employee compensation. C. A level of general compensation that is reasonably competitive. D. A plan of job classifications based on predefined evaluation criteria.

answer

Answer (D) is correct. Job classifications and grades are established during the job analysis phase and the general level of compensation in the community and in the industry must be determined. Compensation is then fixed based on the plan of job classifications, usually within a range for each grade. A range is necessary to allow for flexibility. Compensation should be low enough to avoid excess cost and to permit competitive pricing but high enough to attract needed personnel.

question

One of two office clerks in a small organization prepares a sales invoice; however, the invoice is incorrectly entered by the bookkeeper in the general ledger and the accounts receivable subsidiary ledger for a smaller amount resulting from a transposition of digits. The customer subsequently remits the amount on the monthly statement. Assuming only three employees are in the department, the most effective control to prevent this type of error is A. Assigning the second office clerk to make an independent check of prices, discounts, extensions, footings, and invoice serial numbers. B. Using predetermined totals to control posting routines. C. Requiring that monthly statements be prepared by the bookkeeper and verified by one of the other office clerks prior to mailing. D. Requiring the bookkeeper to perform periodic reconciliations of the accounts receivable subsidiary ledger and the general ledger.

answer

Answer (B) is correct. A control total (total amount of sales invoices) should be generated for the transactions to be posted. It should then be compared with the total of items posted to the individual accounts (total of amounts posted to the general ledger and the accounts receivable subsidiary ledger).

question

Obsolete or scrap materials are charged to a predefined project number. The materials are segregated into specified bin locations and eventually transported to a public auction for sale. To reduce the risks associated with this process, an organization should employ which of the following procedures? 1.Require managerial approval for materials to be declared scrap or obsolete. 2.Permit employees to purchase obsolete or scrap materials prior to auction. 3.Limit obsolete or scrap materials sales to a pre-approved buyer. 4.Specify that a fixed fee, rather than a commission, be paid to the auction firm. A. 1, 3, and 4. B. 1 only. C. 2 and 3. D. 2 and 4.

answer

Answer (B) is correct. A preventive control is needed. Management approval for materials to be declared scrap or obsolete reduces the risk of misappropriation. Otherwise, materials may be more easily misclassified.

question

Which of the following describes a control weakness? A. Prenumbered blank purchase orders are secured within the purchasing department. B. Normal operational purchases fall in the range from US $500 to US $1,000 with two signatures required for purchases over US $1,000. C. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the organization's suppliers in its portfolio.

answer

Answer (C) is correct. Well-designed procedures that are set aside at management's discretion are not adequate controls. Control procedures must be followed consistently to be effective. However, the possibility of management override is an inherent limitation of internal control.

question

Which of the following is a feedback control? A. Inspection of completed goods. B. Measuring performance against a standard. C. Close supervision of production-line workers. D. Preventive maintenance.

answer

Answer (A) is correct. Feedback controls obtain information about completed activities. They permit improvement in future performance by learning from past mistakes. Thus, corrective action occurs after the fact. Inspection of completed goods is an example of a feedback control.

question

A recent inventory shortage at XYZ Corp., an unaffiliated supplier, contributed to production failures at OPS Corp. in the current period. To avoid future production failures because of supplier inventory shortages, the most appropriate method is for OPS to A. Produce the inventory items instead of purchasing from suppliers. B. Inform XYZ about its risk appetite regarding supply failures. C. Increase the size of orders. D. Establish an inventory control framework at XYZ.

answer

Answer (B) is correct. The risk appetite is the level of risk that an organization is willing to accept (The IIA Glossary). Thus, communicating about the risk appetite with external parties is an important aspect of risk management. It allows the organization to develop strategies to work with suppliers who may have different objectives.

question

An internal auditor develops a flowchart primarily to A. Determine functional responsibilities. B. Reduce the need for interviewing auditee personnel. C. Analyze a system and identify internal controls. D. Detect errors and irregularities.

answer

Answer (C) is correct. Flowcharting is a tool commonly used to learn what set of procedures is supposed to be in effect in a control system. An internal control flowchart is a pictorial diagram of documents and their processing and disposition within the system. It is a basis for preliminary evaluation and is followed by testing to see if the prescribed procedures are in effect and are working as intended.

question

According to The IIA Glossary appended to the Standards, which of the following are most directly designed to ensure that risks are contained? A. Internal audit activities. B. Control processes. C. Governance processes. D. Risk management processes.

answer

Answer (B) is correct. Control processes are the policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process.

question

Which one of the following situations represents a strength of internal control for purchasing and accounts payable? A. After vendor invoices are approved for payment, the purchasing department issues payment vouchers. B. Vendors' invoices are matched against purchase orders and receiving reports before a liability is recorded. C. Prenumbered receiving reports are issued randomly. D. Unmatched receiving reports are reviewed on an annual basis.

answer

Answer (B) is correct. A voucher should not be prepared for payment until the vendor's invoice has been matched against the corresponding purchase order and receiving report. This procedure provides assurance that a valid transaction has occurred and that the parties have agreed on the terms, such as price and quantity.

question

The manager of a production line has the authority to order and receive replacement parts for all machinery that requires periodic maintenance. The internal auditor received an anonymous tip that the manager ordered substantially more parts than were necessary from a family member in the parts supply business. The unneeded parts were never delivered. Instead, the manager processed receiving documents and charged the parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier, and the money was divided between the manager and the family member. Which of the following internal controls would have most likely prevented this fraud from occurring? A. Comparing the bill of lading for replacement parts to the approved purchase order. B. Establishing predefined spending levels for all vendors during the bidding process. C. Using the company's inventory system to match quantities requested with quantities received. D. Segregating the receiving function from the authorization of parts purchases.

answer

Answer (D) is correct. Segregating the parts authorization and receiving functions would have improved internal control. If the parts in question had been sent to the company and a receiving report had been prepared by an employee other than the one ordering the goods, the fraud could not have occurred. Moreover, the receiving department should not accept goods unless it has a blind copy of a properly approved purchase order for the items.

question

An adequate system of internal controls is most likely to detect a fraud perpetrated by a A. Single manager. B. Group of managers in collusion. C. Group of employees in collusion. D. Single employee.

answer

Answer (D) is correct. Segregation of duties and other control processes serve to prevent or detect a fraud committed by an employee acting alone. One employee may not have the ability to engage in wrongdoing or may be subject to detection by other employees in the course of performing their assigned duties. However, collusion may circumvent controls. For example, comparison of recorded accountability for assets with the assets known to be held may fail to detect fraud if persons having custody of assets collude with recordkeepers.

question

The procedure requiring preparation of a prelisting of incoming cash receipts, with copies of the prelist going to the cashier and to accounting, is an example of which type of control? A. Detective. B. Corrective. C. Preventive. D. Directive.

answer

Answer (C) is correct. A prelisting of cash receipts in the form of checks is a preventive control. It is intended to deter undesirable events from occurring. Because irregularities involving cash most likely take place before receipts are recorded, either remittance advices or a prelisting of checks should be prepared in the mailroom so as to establish recorded accountability for cash as soon as possible. A cash register tape is a form of prelisting for cash received over the counter. One copy of a prelisting will go to accounting for posting to the cash receipts journal, and another is sent to the cashier for reconciliation with checks and currency received.

question

Which of the following would minimize defects in finished goods caused by poor quality raw materials? A. Timely follow-up on all unfavorable usage variances. B. Documented procedures for the proper handling of work-in-process inventory. C. Determination of the amount of spoilage at the end of the manufacturing process. D. Required material specifications for all purchases.

answer

Answer (D) is correct. A preventive control is required in this situation, i.e., one that ensures an unwanted event does not take place. The most cost-effective way of achieving the goal is to keep poor quality raw materials from entering the warehouse to begin with. Of the controls listed, only required specifications will accomplish this.

question

Fact Pattern: An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. Question: 33 Human resources and payroll are separate departments. Which of the following combinations provides the best segregation of duties? A. Payroll adds employees and enters employees' bank account numbers but processes hours only as approved by human resources. Paychecks are automatically deposited in the employee's bank account. B. Human resources adds employees, reviews and submits payroll hours to payroll for processing, and delivers paychecks to employees. C. Human resources adds employees, payroll processes hours, and human resources delivers the paychecks to employees. D. Human resources adds employees, and payroll processes hours and enters employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.

answer

Answer (D) is correct. The functions of transaction authorization and recording should be segregated to minimize opportunities for fraud. Furthermore, automatic check deposit reduces asset custody risk.

question

Auditors document their understanding of internal control with questionnaires, flowcharts, and narrative descriptions. A questionnaire consists of a series of questions concerning controls that auditors consider necessary to prevent or detect errors and fraud. The most appropriate question designed to contribute to the auditors' understanding of the completeness of the expenditure (purchases-payables) cycle concerns the A. Qualifications of accounting personnel. B. Disposition of cash receipts. C. Internal verification of quantities, prices, and mathematical accuracy of sales invoices. D. Use and accountability of prenumbered checks.

answer

Answer (D) is correct. A completeness assertion concerns whether all transactions and accounts that should be presented in the financial statements are so presented. The exclusive use of sequentially numbered documents facilitates control over expenditures. An unexplained gap in the sequence alerts the auditor to the possibility that not all transactions have been recorded. A failure to use prenumbered checks would therefore suggest a higher assessment of control risk. If a company uses prenumbered checks, it should be easy to determine exactly which checks were used during a period.

question

Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that A. Foreign currency rates be computed separately by two different employees. B. The individual who initiates wire transfers not reconcile the bank statement. C. The branch manager receive all wire transfers. D. Corporate management approve the hiring of monetary transfer unit employees.

answer

Answer (B) is correct. A control is any action taken by management to enhance the likelihood that established goals and objectives will be achieved. Controls include segregation of duties to reduce the risk that any person may be able to perpetrate and conceal errors or fraud in the normal course of his or her duties. Different persons should authorize transactions, record transactions, and maintain custody of the assets associated with the transaction. Independent reconciliation of bank accounts is necessary for good internal control.

question

A rental car agency's fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day's material request forms and is then forwarded to the fleet manager for approval. The reconciliation of the summary report to the day's material request forms by the parts room supervisor A. Ensures the accuracy and completeness of data input. B. Confirms that all material request forms are entered for all parts issued. C. Verifies that all material request forms were approved. D. Provides documentation as to what material was available for a specific transaction.

answer

Answer (A) is correct. This reconciliation is an input control to verify that data entry is accurate and complete. The parts requested should be consistent with the parts used in the maintenance activities. Unexplained variances should be investigated.

question

The most appropriate method to prevent fraud or theft during the frequent movement of trailers loaded with valuable metal scrap from the manufacturing plant to the organization's scrap yard about 10 miles away would be to A. Use armed guards to escort the movement of the trailers from the plant to the scrap yard. B. Contract with an independent hauler for the removal of scrap. C. Require existing security guards to log the time of plant departure and scrap yard arrival. The elapsed time should be reviewed by a supervisor for fraud. D. Perform complete physical inventory of the scrap trailers before leaving the plant and upon arrival at the scrap yard.

answer

Answer (C) is correct. Having the security guards record the times of departure and arrival is a cost-effective detective control because it entails no additional expenditures. Comparing the time elapsed with the standard time allowed and investigating material variances may detect a diversion of part of the scrap.

question

Which of the following is not a type of control? A. Preventive. B. Directive. C. Detective. D. Reactive.

answer

Answer (D) is correct. Controls may be preventive (to deter undesirable events from occurring), detective (to detect and correct undesirable events which have occurred), or directive (to cause or encourage a desirable event to occur). "Reactive" is not a specified type of control. However, controls may be reactive in the sense that they detect an undesirable event and react to it or correct it.

question

An internal auditor is examining inventory control in a merchandising division with annual sales of US $3,000,000 and a 40% gross profit rate. Tests show that 2% of the monetary amount of purchases do not reach inventory because of breakage and employee theft. Adding certain controls costing US $35,000 annually could reduce these losses to .5% of purchases. Should the controls be recommended? A. Yes, because the ideal system of internal control is the most extensive one. B. Yes, because the projected saving exceeds the cost of the added controls. C. Yes, regardless of cost-benefit considerations, because the situation involves employee theft. D. No, because the cost of the added controls exceeds the projected savings.

answer

Answer (D) is correct. Controls must be subject to the cost-benefit criterion. The annual cost of these inventory controls is US $35,000, but the cost savings is only US $27,000 {(2.0% - 0.5%) × [$3,000,000 sales × (1.0 - 0.4 gross profit rate)]}. Hence, the cost exceeds the benefit, and the controls should not be recommended.

question

The internal audit activity of an organization is an integral part of the organization's risk management, control, and governance processes because it evaluates and contributes to the improvement of those processes. Select the type of control provided when the internal audit activity conducts a systems development analysis. A. Strategic plans. B. Feedforward control. C. Feedback control. D. Policies and procedures.

answer

Answer (B) is correct. A feedforward control provides information on potential problems so that corrective action can be taken in anticipation, rather than as a result, of a problem.

question

Which of the following ensures that all inventory shipments are billed to customers? A. Shipping documents are prenumbered and are independently accounted for and matched with sales invoices. B. Customer billing complaints are investigated by the controller's office. C. Duties for recording sales transactions and maintaining customer account balances are separated. D. Sales invoices are prenumbered and are independently accounted for and traced to the sales journal.

answer

Answer (A) is correct. Shipping documents are prepared at the time of shipment. They are prenumbered to facilitate detection of unrecorded shipments. A gap in the sequence of documents may indicate an irregularity. An employee outside the shipping department should account for these documents. Sales invoices are generated by the organization's computer system at the same time as the shipping documents and should have the same numbers. Thus, every shipping document should be matched with a sales invoice to ensure proper billing.

question

Which of the following describes the most effective preventive control to ensure proper handling of cash receipt transactions? A. One employee issues a prenumbered receipt for all cash collections; another employee reconciles the daily total of prenumbered receipts to the bank deposits. B. The employee who receives customer mail receipts prepares the daily bank deposit, which is then deposited by another employee. C. Use predetermined totals (hash totals) of cash receipts to control posting routines. D. Have bank reconciliations prepared by an employee not involved with cash collections and then have them reviewed by a supervisor.

answer

Answer (A) is correct. Sequentially numbered receipts should be issued to maintain accountability for cash collected. Such accountability should be established as soon as possible because cash has a high inherent risk. Daily cash receipts should be deposited intact so that receipts and bank deposits can be reconciled. The reconciliation should be performed by someone independent of the cash custody function.

question

As part of a total quality control program, a firm not only inspects finished goods but also monitors product returns and customer complaints. Which type of control best describes these efforts? A. Production control. B. Inventory control. C. Feedback control. D. Feedforward control.

answer

Answer (C) is correct. A feedback control measures actual performance, something that has already occurred, to ensure that a desired future state is attained. It is used to evaluate the past to improve future performance. Inspecting finished goods, monitoring product returns, and evaluating complaints are post-action controls intended to eliminate deviations in future cycles of the process under control.

question

answer

question

Fact Pattern: Question: 45 Data flow diagram could be expanded to show the A. Details of the preparation of purchase orders. B. Workstations required in a distributed system for preparing purchase orders. C. Edit checks used in preparing purchase orders from stock records. D. Physical media used for stock records, the vendor file, and purchase orders

answer

Answer (A) is correct. A data flow diagram can be used to depict lower-level details as well as higher-level processes. A system can be divided into subsystems, and each subsystem can be further subdivided at levels of increasing detail. Thus, any process can be expanded as many times as necessary to show the required level of detail.

question

If employee paychecks are distributed by hand to employees, which one of the following departments should be responsible for the safekeeping of unclaimed paychecks? A. Timekeeping department. B. Payroll department. C. Cashier department. D. Production department in which the employee works or worked.

answer

Answer (C) is correct. The responsibility for unclaimed paychecks should be given to a department that has no opportunity to authorize or write those checks. Because the treasury function serves only an asset custody function and thus has had no input into the paycheck process, it is the logical repository of unclaimed checks.

question

Which of the following policies and procedures is consistent with effective administration of the insurance function? A. Policy coverages are adjusted each year by applying a price index to previous year coverages. B. Policies are always placed with the carrier that offers the lowest rate for a specified level of coverage. C. Billings for insurance coverage are received and payments disbursed by the insurance manager. D. Final settlements are negotiated after claims are developed and submitted.

answer

Answer (D) is correct. The claims handling process begins with prompt reporting by the affected operational unit of the organization of any basis for a claim. Prompt reporting is required to permit the insurer to take whatever steps it may deem necessary to reduce the ultimate compensable loss. The insurance function then cooperates with the operational unit to document and formally submit the claim to the carrier. Subsequently, the insurance function will be involved in any required review of the claim and negotiation of a settlement.

question

The internal auditor recognizes that certain limitations are inherent in any system of internal controls. Which one of the following scenarios is the result of an inherent limitation of internal control? A. The organization sells to customers on account, without credit approval. B. The comptroller both makes and records cash deposits. C. An employee who is unable to read is assigned custody of the organization's computer tape library and run manuals that are used during the third shift. D. A security guard allows one of the warehouse employees to remove assets from the premises without authorization.

answer

Answer (D) is correct. Inherent limitations in internal control arise from mistakes in judgment, misunderstandings of instructions, personnel carelessness, distraction, fatigue, collusion, perpetrations by management, changing conditions, and deterioration of degrees of compliance. Thus, a control (use of security guards) based on segregation of functions may be overcome by collusion among two or more employees.

question

The internal auditor wishes to develop a flowchart of (1) the process of receiving sales order information at headquarters, (2) the transmission of the data to the plants to generate the shipment, and (3) the plants' processing of the information for shipment. The internal auditor should A. Start with the receipt of a sales order from a sales representative and "walk through" both the manual and computerized processing at headquarters and the plant until the goods are shipped and billed. B. Obtain a copy of the plants' systems flowchart for the sales process, interview relevant personnel to determine if any changes have been made, and then develop an overview flowchart which will highlight the basic process. C. Start with management's decisions to set sales prices. Gather internal documentation on the approval process for changing sales prices. Complement documentation with a copy of the program flowchart. Prepare an overview flowchart that links these details. D. Start with a shipment of goods and trace the transaction back through the origination of the sales order as received from the sales representative.

answer

Answer (A) is correct. The survey during the engagement planning phase helps the internal auditor to become familiar with activities, risks, and controls and to identify areas for audit emphasis. Flowcharting is a typical survey procedure, and the walk-through is a means of gathering information to be reflected in the flowchart.

question

Controls may be classified according to the function they are intended to perform, for example, as detective, preventive, or directive. Which of the following is a directive control? A. Recording every transaction on the day it occurs. B. Requiring all members of the internal audit activity to be CIAs. C. Dual signatures on all disbursements over a specific amount. D. Monthly bank statement reconciliations.

answer

Answer (B) is correct. Requiring all members of the internal audit activity to be CIAs is a directive control. The control is designed to cause or encourage a desirable event to occur. The requirement enhances the professionalism and level of expertise of the internal audit activity.

question

An internal auditor noted that the accounts receivable department is separate from other accounting activities. Credit is approved by a separate credit department. Control accounts and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly. The accounts receivable manager writes off delinquent accounts after 1 year, or sooner if a bankruptcy or other unusual circumstances are involved. Credit memoranda are prenumbered and must correlate with receiving reports. Which of the following areas could be viewed as an internal control weakness of the above organization? A. Handling of credit memos. B. Credit approvals. C. Write-offs of delinquent accounts. D. Monthly aging of receivables.

answer

Answer (C) is correct. The accounts receivable manager has the ability to perpetrate irregularities because (s)he performs incompatible functions. Authorization and recording of transactions should be separate. Thus, someone outside the accounts receivable department should authorize write-offs.

question

Controls that are designed to provide management with assurance of the realization of specified minimum gross margins on sales are A. Preventive controls. B. Directive controls. C. Output controls. D. Detective controls.

answer

Answer (B) is correct. The objective of directive controls is to cause or encourage desirable events to occur, e.g., providing management with assurance of the realization of specified minimum gross margins on sales.

question

The actions taken to manage risk and increase the likelihood that established objectives and goals will be achieved are best described as A. Control. B. Compliance. C. Supervision. D. Quality assurance.

answer

Answer (A) is correct. Control is "any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved" (The IIA Glossary).

question

To minimize potential financial losses associated with physical assets, the assets should be insured in an amount that is A. Determined by the board of directors. B. Equal to the book value of the individual assets. C. Automatically adjusted by an economic indicator such as the consumer price index. D. Supported by periodic appraisals.

answer

Answer (D) is correct. Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organization's governance, operations, and information systems. This should include, among other things, safeguarding of assets (Impl. Std. 2120.A1). Safeguarding assets includes insuring them. The types and amounts of insurance should be supported by periodic appraisals.

question

One payroll engagement objective is to determine whether segregation of duties is proper. Which of the following activities is incompatible? A. Signing and distributing payroll checks. B. Preparing attendance data and preparing the payroll. C. Preparing the payroll and filing payroll tax forms. D. Hiring employees and authorizing changes in pay rates.

answer

Answer (B) is correct. Attendance data are accumulated by the timekeeping function. Preparing the payroll is a payroll department function. For control purposes, these two functions should be separated to avoid the perpetration and concealment of irregularities.

question

The initiation of the purchase of materials and supplies would be the responsibility of the A. Production department. B. Purchasing department. C. Inventory control department. D. Stores control department.

answer

Answer (C) is correct. The inventory control department would be responsible for initiating a purchase. It has access to the inventory records and would therefore know when stocks were getting low.

question

Which of the following tools would best give a graphical representation of a sequence of activities and decisions? A. Control chart. B. Histogram. C. Run chart. D. Flowchart.

answer

Answer (D) is correct. Flowcharting is an essential aid in the program development process that involves a sequence of activities and decisions. A flowchart is a pictorial diagram of the definition, analysis, or solution of a problem in which symbols are used to represent operations, data flow, equipment, etc.

question

A manufacturer uses large quantities of small, inexpensive items, such as nuts, bolts, washers, and gloves, in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary, the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which of the following would be an appropriate improvement of controls in this environment? A. Lock the bins during normal working hours. B. None of these controls are needed for items of minor cost and size. C. Require management review of reports on the cost of consumable items used in relation to budget. D. Relocate bins to the inventory warehouse.

answer

Answer (C) is correct. In accordance with the cost-benefit criterion, control expenditures for manufacturing supplies (nuts, bolts, etc.) should be minimal. Nevertheless, some controls should be implemented. For example, usage should be estimated and compared with stock balances and also with the number of using personnel. Moreover, variances should be calculated for the difference between costs incurred and budgeted amounts.

question

When a supplier of office products is unable to fill an order completely, it marks the out-of-stock items as back ordered on the customer's order and enters these items in a back order file that management can view or print. Customers are becoming disgruntled with the supplier because it seems unable to keep track of and ship out-of-stock items as soon as they are available. The best approach for ensuring prompt delivery of out-of-stock items is to A. Reconcile the sum of filled and back orders with the total of all orders placed daily. B. Implement electronic data interchange with supply vendors to decrease the time to replenish inventory. C. Match the back order file to goods received daily. D. Increase inventory levels to minimize the number of times that out-of-stock conditions occur.

answer

Answer (C) is correct. A directive control is appropriate, i.e., one designed to cause or encourage the occurrence of a desirable event. Matching the back order file with goods received daily is the surest way of facilitating prompt delivery of out-of-stock items.

question

Which of the following controls could be used to detect bank deposits that are recorded but never made? A. Consolidating cash receiving points. B. Linking receipts to other internal accountabilities, for example, collections to either accounts receivable or sales. C. Establishing accountability for receipts at the earliest possible time. D. Having bank reconciliations performed by a third party.

answer

Answer (D) is correct. Having an independent third party prepare the bank reconciliations would reveal any discrepancies between recorded deposits and the bank statements. A bank reconciliation compares the bank statement with organization records and resolves differences caused by deposits in transit, outstanding checks, NSF checks, bank charges, errors, etc.

question

One control objective of the financing or treasury cycle is the proper authorization of transactions involving debt and equity instruments. Which of the following controls would best meet this objective? A. Requiring two signatures on all checks of a material amount. B. Use of an underwriter in all cases of new issue of debt or equity instruments. C. Segregation of responsibility for custody of funds from recording of the transaction. D. Written policies requiring review of major funding or repayment proposals by the board.

answer

Answer (D) is correct. The control objective of authorization concerns the proper execution of transactions in accordance with management's wishes. One means of achieving this control objective is the establishment of policies as guides to action. When a decision affects the capitalization of the entity, a policy should be in force requiring review at the highest level.

question

Which one of the following situations represents an internal control weakness in the payroll department? A. Payroll department personnel are rotated in their duties. B. The timekeeping function is independent of the payroll department. C. Paychecks are distributed by the employees' immediate supervisor. D. Payroll records are reconciled with quarterly tax reports.

answer

Answer (C) is correct. Paychecks should not be distributed by supervisors because an unscrupulous person could terminate an employee and fail to report the termination. The supervisor could then clock in and out for the employee and keep the paycheck. A person unrelated to either payroll recordkeeping or the operating department should distribute checks.

question

Checks from customers are received in the organization's mail room each day. What controls should be in place to safeguard them? A. Providing bonding protection for mail clerks. B. Establishing a separate post office box for customer payments. C. Forwarding all checks to the cashier upon receipt. D. Requiring a specific mail clerk to list and restrictively endorse each check.

answer

Answer (D) is correct. An employee who does not have access to other records should open the mail and prepare a list of checks received. The check listing will later be reconciled with the daily bank deposit and entries to accounts receivable. A restrictive endorsement ("for deposit only") will put transferees on notice to act accordingly (that is, deposit the check in the organization's account).

question

Fact Pattern: While performing analytical procedures related to an engagement involving a social services agency of a government entity, the internal auditor noted an unusually large increase in payments to individual recipients who are under the direction of a particular social worker in the agency. Question: 64 The internal auditor is considering making a recommendation about appropriate controls to address a potential problem of fictitious recipients. The internal auditor has identified the following control procedures as potential items to include in the recommendation. 1.Require that all additions to the recipient file be independently investigated and approved by a supervisor of the social workers. 2.Require the use of self-checking digits on the account numbers of all recipients so that any duplicates will be immediately noted by the system. 3.Incorporate a code into the computer program to search for duplicate names and addresses. Develop an exception report that will go to the section supervisor whenever duplicates are noted. 4.Require that social workers be rotated among recipients. Which of the following control combinations would effectively address the internal auditor's concerns and improve control over valid recipients? A. 1, 2, 3, and 4. B. 1, 3, and 4. C. 1, 2, and 3. D. 1 and 4.

answer

Answer (B) is correct. A supervisory review of all additions to the recipient file is a detective control that alerts management to nonexistent recipients. Once it becomes widely understood that this review will always be performed, it becomes a preventive control. A programmed control that searches for and reports exceptions (e.g., duplicate names and addresses) detects payments to multiple recipients at a single or a few addresses. Rotating social workers among recipients may prevent or detect fraud. The probability of detection is greater when the wrongdoer's opportunity to conceal fraud is reduced. However, duplicate recipient account numbers are not the risk in this situation. The appropriate controls prevent or detect payments to nonexistent recipients that are sent to actual addresses under the social worker's control.

question

Which of the following activities represents both an appropriate human resources department function and a deterrent to payroll fraud? A. Authorization of overtime. B. Distribution of paychecks. C. Collection and retention of unclaimed paychecks. D. Authorization of additions and deletions from the payroll.

answer

Answer (D) is correct. The payroll department is responsible for assembling payroll information (recordkeeping). The human resources department is responsible for authorizing employee transactions, such as hiring, firing, and changes in pay rates and deductions. Segregating the recording and authorization functions helps prevent fraud.

question

Upon receipt of purchased goods, receiving department personnel match the quantity received with the packing slip quantity and mark the retail price on the goods based on a master price list. The annotated packing slip is then forwarded to inventory control and goods are automatically moved to the retail sales area. The most significant control strength of this activity is A. Automatically moving goods to the retail sales area. B. Immediately pricing goods for retail sale. C. Using a master price list for marking the sale price. D. Matching quantity received with the packing slip.

answer

Answer (C) is correct. Use of the master price list ensures that the correct retail price is marked.

question

Which of the following activities performed by a payroll clerk is a control weakness rather than a control strength? A. Draws the paychecks on a separate payroll checking account. B. Forwards the payroll register to the chief accountant for approval. C. Has custody of the check signature stamp machine. D. Prepares the payroll register.

answer

Answer (C) is correct. Payroll checks should be signed by someone who is not involved in timekeeping, recordkeeping, or payroll preparation. The payroll clerk performs a recordkeeping function.

question

An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts A. Provide a visual depiction of clients' activities. B. Reduce the need to observe clients' employees performing routine tasks. C. Indicate whether controls are operating effectively. D. Identify internal control deficiencies more prominently.

answer

question

One characteristic of an effective internal control structure is the proper segregation of duties. The combination of responsibilities that would not be considered a violation of segregation of functional responsibilities is A. Approval of time cards and preparation of paychecks. B. Preparation of paychecks and check distribution. C. Signing of paychecks and custody of blank payroll checks. D. Timekeeping and preparation of payroll journal entries.

answer

Answer (D) is correct. Combining the timekeeping function and the preparation of the payroll journal entries would not be improper because the employee has no access to assets or to employee records in the human resources department. Only through collusion could an embezzlement be perpetrated. Accordingly, the functions of authorization, recordkeeping, and custodianship remain separate.

question

Fact Pattern: The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager's purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company's 52 department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season's products. Question: 71 Requests for purchases beyond those initially budgeted must be approved by the marketing manager. This procedure 1.Should provide for the most efficient allocation of scarce organizational resources. 2.Is a detective control procedure. 3.Is unnecessary because each product manager is evaluated on profit generated. A. 2 and 3 only. B. 1, 2, and 3. C. 3 only. D. 1 only.

answer

Answer (D) is correct. The organization has two scarce resources to allocate: its purchasing budget and the space available in its retail stores. The marketing manager is high enough in the organization to coordinate this allocation. Allowing individual product managers to approve their own requests to exceed budget would almost certainly result in misallocation. Thus, Item I is a valid choice. Item II is not a valid choice because the marketing manager asserts his or her authority before an unwanted event has taken place. Item III is not a valid choice because product managers may be tempted to commit the company to buy more product than it can finance. The marketing manager is in a position to coordinate these requests and reconcile them with the budget.

question

Which method of evaluating internal controls during the preliminary survey provides the internal auditor with the best visual grasp of a system and a means for analyzing complex operations? A. A detailed narrative approach. B. A flowcharting approach. C. A questionnaire approach. D. A matrix approach.

answer

Answer (B) is correct. Flowcharts are graphical representations of the step-by-step progression of transactions, including document (information) preparation, authorization, flow, storage, etc. Flowcharting allows the internal auditor to analyze a system and to identify the strengths and weaknesses of the purported internal controls and the appropriate areas of audit emphasis.

question

During an engagement involving a construction contract, the internal auditor discovered that the contractor was being paid for each ton of dirt removed. The contract called for payment based on cubic yards removed. Which internal control might have prevented this error? A. Comparison of invoices with receiving reports. B. Comparison of invoices with purchase orders or contracts. C. Comparison of actual costs with budgeted costs. D. Extension checks of invoice amounts.

answer

Answer (B) is correct. This detective control would have revealed that the contractor's invoice used a unit of measure different from that in the contract. Thus, the basis of payment was not what was called for in this unit-price contract.

question

A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allow is A. Delay in recording purchases. B. Payment to unauthorized vendors. C. Payment for unauthorized purchases. D. Overpayment for partial deliveries.

answer

Answer (D) is correct. To ensure a fair count, the copy of the purchase order sent to the receiving clerk should not include quantities. The receiving clerk should count the items in the shipment and prepare a receiving report. Copies are sent to inventory control and accounts payable.

question

An employee should not be able to visit the organization's safe deposit box containing investment securities without being accompanied by another employee. What would be a possible consequence of an employee's being able to visit the safe deposit box unaccompanied? A. It would be impossible to obtain a fidelity bond on the employee. B. There would be no record of when organizational personnel visited the safe deposit box. C. The employee could steal securities and the theft would never be discovered. D. The employee could pledge organizational investments as security for a short-term personal bank loan.

answer

Answer (D) is correct. The bank should maintain a record, which can be inspected by organizational personnel, of all safe deposit box visits. Access should be limited to authorized officers. Organizations typically require the presence of two authorized persons for access to the box. This precaution provides supervisory control over, for example, the temporary removal of the securities to serve as a pledge for a loan (hypothecation of securities).

question

A control likely to prevent purchasing agents from favoring specific suppliers is A. Monitoring the number of orders placed by each buyer. B. Requiring buyers to adhere to detailed material specifications. C. Rotating buyer assignments periodically. D. Requiring management's review of a monthly report of the totals spent by each buyer.

answer

Answer (C) is correct. The risk of favoritism is increased when buyers have long-term relationships with specific vendors. Periodic rotation of buyer assignments will limit the opportunity for any buyer to show favoritism to a particular supplier.

question

Fact Pattern: The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager's purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company's 52 department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season's products. Question: 77 Which of the following is a control deficiency in this situation? A. The product manager negotiates the purchase price and sets the selling price. B. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. C. There is no receiving function located at individual stores. D. The store manager can require items to be removed, thus affecting the potential performance evaluation of individual product managers.

answer

question

Which of the following controls would help prevent overpaying a vendor? A. Reviewing the accounting distribution for the expenditure. B. Reviewing and canceling supporting documents when a check is issued. C. Requiring the check signer to mail the check directly to the vendor. D. Approving the purchase before ordering from the vendor.

answer

Answer (B) is correct. Reviewing and canceling the supporting documents prevents paying a vendor twice for the same purchase. If the person who signs the check cancels the required documents, they cannot be recycled in support of a duplicate payment voucher. Securing the paid voucher file from access by the accounts payable clerk is another effective control.

question

Of the following, which is the most efficient source for an auditor to use to evaluate a company's overall control system? A. Copies of standard operating procedures. B. Control flowcharts. C. Copies of industry operating standards. D. A narrative describing departmental history, activities, and forms usage.

answer

Answer (B) is correct. Control flowcharting is a graphical means of representing the sequencing of activities and information flows with related control points. It provides an efficient and comprehensive method of describing relatively complex activities, especially those involving several departments.

question

Which of the following is a true statement comparing a horizontal flowchart with a vertical flowchart? A. A horizontal flowchart brings into sharper focus the assignment of duties and independent checks on performance. B. A horizontal flowchart is usually longer. C. A horizontal flowchart provides more room for written descriptions that parallel the symbols. D. A horizontal flowchart does not provide as broad a picture at a glance.

answer

Answer (A) is correct. A horizontal or systems flowchart depicts the functions or departments involved in a process successively from left to right. Thus, the steps performed by a function or department are presented in the same column. A vertical flowchart displays step-by-step processes effectively, but it does not delineate the system's components as well. By emphasizing the flow of processing between departments or people, a horizontal flowchart more clearly shows any inappropriate separation of duties and lack of independent checks on performance.

question

Specific airline ticket information, including fare, class, purchase date, and lowest available fare options, as prescribed in the organization's travel policy, is obtained and reported to department management when employees purchase airline tickets from the organization's authorized travel agency. Such a report provides information for A. Identifying costs necessary to process employee business expense report data. B. Quality of performance in relation to the organization's travel policy. C. Departmental budget-to-actual comparisons. D. Supporting employer's business expense deductions.

answer

Answer (B) is correct. Comparison of actual performance against a standard provides information for assessing quality of performance.

question

A system of internal control includes physical controls over access to and use of assets and records. A departure from the purpose of such procedures is that A. Access to the safe-deposit box requires two officers. B. The mailroom compiles a list of the checks received in the incoming mail. C. Only salespersons and sales supervisors use sales department vehicles. D. Only storeroom personnel and line supervisors have access to the raw materials storeroom.

answer

Answer (D) is correct. Storeroom personnel have custody of assets, and supervisors are in charge of execution functions. To give supervisors access to the raw materials storeroom is a violation of the essential internal control principle of segregation of functions.

question

Graphical notations that show the flow and transformation of data within a system or business area are called A. Conceptual data models. B. Action diagrams. C. Program structure charts. D. Data flow diagrams.

answer

Answer (D) is correct. Data flow diagrams show how data flow to, from, and within the system and the processes that manipulate the data. A data flow diagram can be used to depict lower-level details as well as higher-level processes. A system can be divided into subsystems, and each subsystem can be further subdivided at levels of increasing detail. Thus, any process can be expanded as many times as necessary to show the required level of detail.

question

Which of the following is an operating control for a research and development department? A. All research and development costs are charged to expense in accordance with the applicable accounting principles. B. Research and development personnel are hired by the payroll department. C. The research and development budget is properly allocated between new products, product maintenance, and cost reduction programs. D. Research and development expenditures are reviewed by an independent person.

answer

Answer (C) is correct. Operating controls are those applicable to production and support activities. Because they may lack established criteria or standards, they should be based on management principles and methods. The appropriate allocation of R&D costs to new products, product maintenance, and cost reduction programs is an example. This is in contrast to the expensing of R&D costs, which is required by the rules of external financial reporting.

question

Management is concerned with the potential for unauthorized changes in the payroll. Which of the following is the proper organizational structure to prevent such unauthorized changes? A. The payroll department maintains and authorizes all changes in the personnel records. B. The personnel department authorizes the hiring and pay levels of all employees. C. The payroll department's functions are limited to maintaining the payroll records, distributing paychecks, and posting the payroll entries to the general ledger. D. The payroll department is supervised by the management of the human resources division.

answer

Answer (B) is correct. The payroll department is responsible for assembling payroll information (recordkeeping). The personnel department is responsible for authorizing and executing employee transactions such as hiring, firing, and changes in pay rates and deductions. Segregating these functions helps prevent fraud. Thus, the payroll for each period should be compared with the active employment files of the personnel department.

question

Internal auditors regularly evaluate controls. Which of the following best describes the concept of control as recognized by internal auditors? A. Control procedures should be designed from the "bottom up" to ensure attention to detail. B. Control represents specific procedures that accountants and internal auditors design to ensure the correctness of processing. C. Management takes action to enhance the likelihood that established goals and objectives will be achieved. D. Management regularly discharges personnel who do not perform up to expectations.

answer

Answer (C) is correct. A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved (The IIA Glossary).

question

Which of the following observations made during the preliminary survey of a local department store's disbursement cycle reflects a control strength? A. Individual department managers use prenumbered forms to order merchandise from vendors. B. Individual department managers are responsible for the movement of merchandise from the receiving dock to storage or sales areas as appropriate. C. The chief financial officer's office prepares checks for suppliers based on vouchers prepared by the accounts payable department. D. The receiving department is given a copy of the purchase order complete with a description of goods, quantity ordered, and extended price for all merchandise ordered.

answer

question

Organizational independence is required in the processing of customers' orders in order to maintain an internal control structure. Which one of the following situations is not a proper segregation of duties in the processing of orders from customers? A. Shipping of goods by the shipping department that have been retrieved from stock by the finished goods storeroom department. B. Approval of a sales credit memo because of a product return by the sales department with subsequent posting to the customer's account by the accounts receivable department. C. Approval by credit department of a sales order prepared by the sales department. D. Invoice preparation by the billing department and posting to customers' accounts by the accounts receivable department.

answer

Answer (B) is correct. Allowing a sales department employee to approve a credit memo without a receiving report would be unacceptably risky. Sales personnel could overstate sales in one period and then reverse them in subsequent periods. Thus, a copy of the receiving report for returned goods should be sent to billing for preparation of a credit memo after approval by a responsible supervisor who is independent of sales.

question

A utility with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss? A. Maintain vehicles in a secured location with release and return subject to approval by a custodian. B. Physically inventory vehicles and reconcile the results with the accounting records. C. Review insurance coverage for adequacy. D. Systematically account for all repair work orders

answer

question

An organization's policies and procedures are part of its overall system of internal controls. The control function performed by policies and procedures is A. Application control. B. Implementation control. C. Feedforward control. D. Feedback control.

answer

Answer (C) is correct. Feedforward controls anticipate and prevent problems. Policies and procedures serve as feedforward controls because they provide guidance on how an activity should be performed to best ensure that an objective is achieved.

question

Which of the following situations will cause an internal auditor to question the adequacy of controls over a purchasing function? A. Receiving reports are forwarded to purchasing where they are matched with purchase orders and sent to accounts payable. B. Unpaid voucher files and perpetual inventory records are independently maintained. C. The original and one copy of the purchase order are mailed to the vendor. The copy on which the vendor acknowledges acceptance is returned to the purchasing department. D. The accounts payable section prepares documentation for payments.

answer

Answer (A) is correct. Purchasing and receiving should be organizationally independent. Moreover, comparing the purchase order and the receiving report should be the responsibility of a third person. Fraud perpetrated by a purchasing department employee could be concealed if (s)he is the first to obtain the receiving report.

question

An organization has computerized sales and cash receipts journals. The computer programs for these journals have been properly debugged. The internal auditor discovered that the total of the accounts receivable subsidiary accounts differs materially from the accounts receivable control account. This discrepancy could indicate A. Receivables not being properly aged. B. Receivables being lapped. C. Statements being intercepted prior to mailing. D. Credit memoranda being improperly recorded.

answer

Answer (D) is correct. Sales returns and allowances require the crediting of accounts receivable. Thus, the recording of unauthorized credit memoranda is one explanation for the discrepancy if sales and cash receipts are properly recorded.

question

Which of the following statements best describes the relationship between planning and controlling? A. Controlling cannot operate effectively without the tools provided by planning. B. Planning looks to the future; controlling is concerned with the past. C. Planning and controlling are completely independent of each other. D. Planning prevents problems; controlling is initiated by problems that have occurred.

answer

Answer (A) is correct. Control is the process of making certain that plans are achieving the desired objectives. The elements of control include (1) establishing standards for the operation to be controlled, (2) measuring performance against the standards, (3) examining and analyzing deviations, (4) taking corrective action, and (5) reappraising the standards based on experience. Planning provides needed tools for the control process by establishing standards, i.e., the first step.

question

When documenting internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a A. Diagram that clearly indicates an organization's internal reporting structure. B. Symbolic representation of a system or series of sequential processes. C. Pictorial presentation of the flow of instructions in a client's internal computer system. D. Graphic illustration of the flow of operations that is used to replace the auditor's internal control questionnaire.

answer

Answer (B) is correct. A systems flowchart is a symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client's organization.

question

An auditor frequently uses flowcharts to determine whether there is A. Authority to meet the performance criteria. B. Satisfactory performance of an operation. C. Inefficiency and lack of controls. D. Sufficient but not excessive personnel assigned to an operation.

answer

Answer (C) is correct. Flowcharts are graphical representations of the step-by-step progression of transactions including document (information) preparation, authorization, flow, storage, etc. Flowcharting allows the internal auditor to analyze a system and to identify the strengths and weaknesses of the purported internal controls and the appropriate areas of audit emphasis.

question

A preliminary survey of the purchasing function indicates that •Department managers initiate purchase requests that must be approved by the plant superintendent, •Purchase orders are typed by the purchasing department using prenumbered and controlled forms, •Buyers regularly update the official vendor listing as new sources of supply become known, •Rush orders can be placed with a vendor by telephone but must be followed by a written purchase order before delivery can be accepted, and •Vendor invoice payment requests must be accompanied by a purchase order and receiving report. One possible fault of this system is that A. Unnecessary supplies can be purchased by department managers. B. Purchases could be made from a vendor controlled by a buyer at prices higher than normal. C. Payment can be made for supplies received but not ordered by the purchasing department. D. Payment can be made for supplies not received.

answer

Answer (B) is correct. A risk exposure typical of the purchasing function is that purchases may be made from vendors with respect to whom buyers or other employees have a conflict of interest. The result may be excessive prices or amounts, or poor quality of goods and services acquired. Accordingly, additions to the vendor file should be authorized at an appropriate level and not by the buyers. Similarly, bidders' lists should be approved by supervisory personnel.

question

In documenting the procedures used by several interacting departments the internal auditor will most likely use a(n) A. Vertical flowchart. B. Gantt chart. C. Horizontal (or systems) flowchart. D. Internal control questionnaire.

answer

Answer (C) is correct. Flowcharting is a useful tool for systems development as well as understanding the internal control structure. A flowchart is a pictorial diagram of the definition, analysis, or solution of a problem in which symbols are used to represent operations, data flow, equipment, etc. A systems flowchart provides an overall view of the inputs, processes, and outputs of a system, such as a set of interacting departments.

question

To minimize the risk that agents in the purchasing department will use their positions for personal gain, the organization should A. Request internal auditors to confirm selected purchases and accounts payable. B. Specify that all items purchased must pass value-per-unit-of-cost reviews. C. Direct the purchasing department to maintain records on purchase prices paid, with review of such being required each 6 months. D. Rotate purchasing agent assignments periodically.

answer

Answer (D) is correct. The risk of favoritism is increased when buyers have long-term relationships with specific vendors. Periodic rotation of buyer assignments will limit the opportunity to show favoritism. This risk is also reduced if buyers are required to take vacations.

question

To control purchasing and accounts payable, an information system must include certain source documents. For a manufacturing organization, these documents should include A. Purchase requisitions, purchase orders, receiving reports, and vendor invoices. B. Purchase requisitions, purchase orders, inventory reports of goods needed, and vendor invoices. C. Receiving reports and vendor invoices. D. Purchase orders, receiving reports, and vendor invoices.

answer

Answer (A) is correct. Before ordering an item, the purchasing department should have on hand a purchase requisition reflecting an authorized request by a user department. Before a voucher is prepared for paying an invoice, the accounts payable department should have the purchase requisition, a purchase order (to be certain the items were indeed ordered), the vendor's invoice, and a receiving report (to be certain the items were received).

question

When a copy of the sale invoice is not received by an organization's shipping department, an employee requests the document from the proper authority. This process is a(n) A. Detective, preventive control. B. Directive, detective control. C. Passive, mitigating control. D. Active, detective control.

answer

question

Of the following, the controls that are often difficult for internal auditors to evaluate because of the lack of criteria or standards are A. Financial controls. B. Operating controls. C. Corrective controls. D. Preventive controls.

answer

Answer (B) is correct. Operating controls are those used in the management processes of directing and controlling and are based on comparison of results with standards. As an activity becomes less mechanical, however, standards become more difficult to determine. Control standards for security, for example, are less easily developed than for the output per hour of a machine because the degree of security achieved is not readily measurable.

question

The normal sequence of documents and operations on a well-prepared systems flowchart is A. Top to bottom and right to left. B. Top to bottom and left to right. C. Bottom to top and left to right. D. Bottom to top and right to left.

answer

Answer (B) is correct. The direction of flow in the normal sequence of documents and operations on a well-prepared systems flowchart is from top to bottom and from left to right.

question

The diamond-shaped symbol is commonly used in flowcharting to show or represent a A. Process or a single step in a procedure or program. B. Terminal output display. C. Predefined process. D. Decision point, conditional testing, or branching.

answer

Answer (D) is correct. Flowcharts illustrate in pictorial fashion the flow of data, documents, and/or operations in a system. Flowcharts may summarize a system or present great detail, e.g., as found in program flowcharts. The diamond-shaped symbol represents a decision point or test of a condition in a program flowchart, that is, the point at which a determination must be made as to which logic path (branch) to follow.

question

Management can best strengthen internal control over the custody of inventory stored in an off-site warehouse by implementing A. Reconciliations of transfer slips to/from the warehouse with inventory records. B. Regular reconciliation of physical inventories to accounting records. C. Regular confirmation of the amount on hand with the custodian of the warehouse. D. Increases in insurance coverage.

answer

Answer (B) is correct. A detective control that will reveal, on a regular basis, any discrepancies between the inventory records and the actual inventory on hand is needed. Periodic comparison of the recorded accountability for inventory with the actual physical inventory will accomplish this.

question

Which of the following observations by an auditor is most likely to indicate the existence of control weaknesses over safeguarding of assets? 1.A service department's location is not well suited to allow adequate service to other units. 2.Employees hired for sensitive positions are not subjected to background checks. 3.Managers do not have access to reports that profile overall performance in relation to other benchmarked organizations. 4.Management has not taken corrective action to resolve past engagement observations related to inventory controls. A. 2 and 4 only. B. 1 and 4 only. C. 1 and 2 only. D. 2 and 3 only.

answer

Answer (A) is correct. Internal auditors evaluate risk exposures and the adequacy and effectiveness of controls relating to, among other things, safeguarding of assets (Perf. Std. 2130.A1). Lack of background checks for employees hired for sensitive positions and failure to take corrective action on past engagement observations relating to safeguarding of assets are red flags signifying control weaknesses. Regular reference and background checks, integrity tests, and drug screening are hiring procedures that may be part of an effective ethical culture. Furthermore, internal auditors follow up on engagement results to determine what corrective actions have been taken or whether management or the board has assumed the risk of not taking action. If the CAE believes the risk assumed may be unacceptable to the organization, (s)he must discuss the matter with senior management and the board (Perf. Stds. 2500.A1 and 2600).

question

Fact Pattern: An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. Question: 108 The automated system contains a table of pay rates matched with the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes is to A. Ensure that adequate edit and reasonableness checks are built into the automated system. B. Limit access to the data table to management and line supervisors who have the authority to determine pay rates. C. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee. D. Require a supervisor in the department, who does not have the ability to change the table of pay rates, to compare the changes with a signed management authorization.

answer

Answer (D) is correct. To maintain a proper segregation of duties, changes in pay rates should be authorized by someone outside the human resources department. Furthermore, authorization should be independently verified by an individual who does not have a recording function.

question

An internal auditor notes year-to-year increases for small tool expense at a manufacturing facility that has produced the same amount of identical product for the last 3 years. Production inventory is kept in a controlled staging area adjacent to the receiving dock, but the supply of small tools is kept in an unsupervised area near the exit to the plant employees' parking lot. After determining that all of the following alternatives are equal in cost and are also feasible for local management, the internal auditor would best address the security issue by recommending that plant management A. Initiate a full physical inventory of small tools on a monthly basis. B. Move the small tools inventory to the custody of the production inventory staging superintendent and implement the use of a special requisition to issue small tools. C. Close the exit to the employee parking lot and require all plant employees to use a doorway by the receiving dock that also provides access to the plant employees' parking area. D. Place supply of small tools in a secured area, install a key-access card system for all employees, and record each key-access transaction on a report for the production superintendent.

answer

Answer (B) is correct. Minimizing the loss of assets requires a preventive control. Giving responsibility for custody of small tools to one individual establishes accountability. Requiring that requisitions be submitted ensures that their use is properly authorized.

question

Multiple copies of the purchase order are prepared for recordkeeping and distribution with a copy of the purchase order sent to the vendor and one retained by the purchasing department. In addition, for proper informational flow and internal control purposes, a version of the purchase order would be distributed to the A. Accounts payable, receiving, and inventory control departments. B. Accounts payable, receiving, and stores control departments. C. Accounts payable, accounts receivable, and receiving departments. D. Accounts payable, receiving, and production planning departments.

answer

Answer (A) is correct. The accounts payable department should receive a copy of the purchase order for internal control purposes to ensure that all invoices paid are for properly authorized items. The receiving department should receive a copy (with the quantity omitted to encourage an honest count) so that its employees will know that incoming shipments were authorized and should be accepted. In addition, the department issuing the purchasing requisition (the inventory control department) should receive a copy as a notification that the order has been placed.

question

Fact Pattern: An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. Question: 110 An employee in the payroll department is contemplating a fraud involving the addition of a fictitious employee and the entry of fictitious hours worked. The paycheck would then be sent to the payroll employee's home address. The most effective control procedure to prevent this type of fraud is to require that A. A report of all new employees added be approved by someone outside of the payroll department. Also, a report showing all employees and hours worked should be sent to the supervisor's department for review. B. All new employees and their hours worked be entered by the human resources department. C. All changes to employee records be approved by supervisors outside of both human resources and payroll. D. The payroll department physically delivers paychecks to employees rather than mailing them.

answer

question

Which of the following best defines control? A. Control is provided when cost-effective measures are taken to restrict deviations to a tolerable level. B. Control is the result of proper planning, organizing, and directing by management. C. Controls are statements of what the organization chooses to accomplish. D. Control accomplishes objectives and goals in an accurate, timely, and economical fashion.

answer

Answer (B) is correct. A control is "any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved" (The IIA Glossary). Thus, control is the result of proper planning, organizing, and directing by management.

question

Internal auditors often flowchart a control system and reference the flowchart to narrative descriptions of certain activities. This is an appropriate procedure to A. Gain the understanding necessary to test the effectiveness of the system. B. Document that the system meets international auditing requirements. C. Determine whether the system can be relied upon to produce accurate information. D. Determine whether the system meets established management objectives

answer

Answer (A) is correct. Flowcharting is a pictorial method of analyzing and understanding the processes and procedures involved in operations, whether manual or computerized. Flowcharting is therefore useful in the preliminary survey and in obtaining an understanding of internal control. It is also helpful in systems development.

question

The requirement that purchases be made from suppliers on an approved vendor list is an example of a A. Detective control. B. Corrective control. C. Monitoring control. D. Preventive control.

answer

Answer (D) is correct. Preventive controls are actions taken prior to the occurrence of transactions with the intent of stopping errors from occurring. Use of an approved vendor list is a control to prevent the use of unacceptable suppliers.

question

Internal control should follow certain basic principles to achieve its objectives. One of these principles is the segregation of functions. Which one of the following examples does not violate the principle of segregation of functions? A. The department time clerk is given the undistributed payroll checks to mail to absent employees. B. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse, may authorize disposal of damaged goods. C. The sales manager has the responsibility to approve credit and the authority to write off accounts. D. The chief financial officer has the authority to sign checks but gives the signature block to the assistant chief financial officer to run the check-signing machine.

answer

Answer (D) is correct. The chief financial officer's department should have custody of assets but should not authorize or record transactions. Because the assistant chief financial officer reports to the chief financial officer, the chief financial officer is merely delegating an assigned duty related to asset custody.

question

Managerial control can be divided into feedforward, concurrent, and feedback controls. Which of the following is an example of a feedback control? A. Variance analysis. B. Budgeting. C. Quality control training. D. Forecasting inventory needs.

answer

Answer (A) is correct. A feedback control measures actual performance, i.e., something that has already occurred, to ensure that a desired future state is attained. It is used to evaluate past activity to improve future performance. A variance is a deviation from a standard. Hence, variance analysis is a feedback control.

question

During an engagement involving a purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supplier whose owner was the brother of the director of purchasing. Controls were in place to restrict such purchases and no fraud appears to have been committed. In this case, the internal auditor should recommend A. The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing. B. The inspection of all receipts by receiving inspectors. C. The initiation of a conflict-of-interest policy. D. Establishment of a price policy (range) for all goods.

answer

Answer (C) is correct. A policy is one means of achieving control. It is a general guide to and limit on action that should be clearly stated in writing and systematically communicated to appropriate parties. A conflict-of-interest policy should contain directives that restrict business dealings with relatives unless otherwise disclosed to and approved by senior management.

CIA Exam Part 1: Study Unit (4) – Flashcards

Unlock all answers in this set

Haven't found what you were looking for?

Search for samples, answers to your questions and flashcards