Chapter 11

1. Continuous assurance auditing is the process of installing control‐related monitors in IT

systems that will send audit _________ or ________ internal auditors if the IT system’s
processing signals a deviation with one or another audit limit or parameter.
a. Signals ; messages
b. Evidence ; planning
c. Signals ; evidence
d. Messages ; planning
e. All of them is false
2. These following steps are true that Internal audit might perform this CAATT‐oriented
approach, except ….
a. Determine CAATT objectives.
b. Understand the supporting IT systems.
c. Develop CAATT programs.
d. Test and process the CAATT.
e. Develop continuous audit routines to assess controls and identify deficiencies.
3. The following steps should be considered in the planning and implementation of
internal CAA processes
a. Define CAA output requirements
b. Select CAA analysis tools
c. Develop audit objectives for the CAA
d. Prepare and test the CAA application
e. All of the above
4. The following steps should be considered in the planning and implementing of
internal CAA processes are below, except:
a. assess separated data
b. define CAA output
c. select CAA analysis tools
d. develop audit objectives for the CAA
e. prepare and test the CAA application
5. If you give a reasonable opinion unconditionally, the financial report reader assumes?
a. accountants do not find irregularities
b. the company is good at financial matters
c. financial statements are correct
d. internal control structure is good
e. assess internal control systems
6. ...... is an internal audit process that produces audit results simultaneously with, or
shortly after, the occurrence of actual events.
a. CIA
b. ISA
c. SOA
d. CAA
e. AICPA
7. Internal audit might perform this CAAT‐oriented approach through the following
steps, except ...
a. Determine CAATT objectives
b. Understand the supporting IT systems
c. Develop CAATT programs
d. Assess the CAATT process
e. CAATT test and process

Chapter 12
1. The following below is true about the CSA process...
a. Goals & objectives
b. Perform risk assessment
c. Implement control activities
d. Monitor performace
e. All of these
2. Which of the following options is not one of the GAIN Annual Benchmarking Survey
Table of Contents section 1 ?
a. Demographic Information: Financial
b. Revenues and Assets per Auditor
c. Respondents by Expense Class
d. Demographic Information: Employees
e. Respondents by Industry
3. The IIA’s GAIN is a knowledge exchange forum to:
a. Share, compare, and validate internal audit practices
b. Learn from the challenges and solutions of internal audit peers
c. Gain leading internal audit practices from top organizations
d. Enhance internal audit operational effectiveness and efficiency
e. All of the above
4. Process designed to help departements within an enterprise to assess and then evaluate
their internal controls is called:
a. COSO
b. CSA
c. CAA
d. CAAT
e. ERP
5. In the internal audit, there are various positions for various levels and the type of
internal audit itself within a company, except ...
a. CAE
b. Responsibility for Internal Audit Management
c. Responsibility of Internal Audit Staff
d. Employee specialist
e. Audit Specialist information system
6. GAIN gathers this type of contributed data from a range of worldwide internal audit
functions.
Summary Information
1. Revenues and Assets per Auditor
2. Expenses and Employees per Auditor
a. SECTION 1
b. SECTION 2
c. SECTION 3
d. SECTION 4
e. SECTION 5
7. Based on the extensive set of CSA materials published by the IIA,1 a facilitated CSA
session can follow any of four meeting formats, except ...
a. Objective‐based CSA‐facilitated sessions
b. Risk‐based CSA‐facilitated sessions
c. Control‐based CSA‐facilitated sessions
d. Process‐based CSA‐facilitated sessions
e. Test-based CSA-facilitated sessions

Chapter 11 – Continuous Auditing and Computer-Assisted Audit Techniques

1. The process of installing control-related monitors in IT systems that will send audit-
related signals or messages to auditors if the IT system’s processing signals a
deviation with one or another audit limit or parameter called..
a. CBOK
b. CAA
c. XBRL
d. ACL
2. This are the basic characteristic of Continuous Assurance Auditing except:
a. Repetitive software audit monitors are built into IT applications
b. CAA records areas of potential interest for internal audit’s attention
c. CAA is often installed in the form of dashboard screens to monitor ongoing
status
d. Internal audit is generally responsible for the CAA software, often installed
independently and without the knowledge of some users, and may face problems if
application users make certain IT changes
3. CAATT’s can enhance internal audit processes in some of the following areas,
except:
a. Increase audit coverage
b. Focus on risk areas
c. Improve audit certainty
d. Increase cost-effectiveness
4. The examples of specified areas in examining records based on criteria specified by
internal audit..
a. Account receivable balances for amounts over the credit limit
b. Fixed assets additions for vouching
c. Payroll details with personnel files
d. Interest calculations
5. An open-standard marking language developed by a consortium of over 200
companies and agencies, and strongly supported by AICPA in the United States is called…
a. XML
b. HTML
c. COBOL
d. XBRL
6. The following is a four-step approach to develop a CAATT:
a. Determine the objectives; design the computer-assisted application; program or
code and then test the application; process and complete the CAATT
b. Design the computer-assisted application; determine the objectives; program or code
and then test the application; process and complete the CAATT
c. Program or code; determine the objectives; design the computer-assisted application;
process and complete the CAATT
d. Determine the objectives; program or code; design the computer-assisted application;
process and complete the CAATT
Chapter 12 – Control Self-Assessments and Internal Audit Benchmarking
1. The following is false statement about the CSA model..
a. CSA is a process designed to help top management to assess and then evaluate
their internal controls
b. CSA is a control assessment process that for some has been viewed as more
approachable than the COSO internal control framework
c. CSA is a continuous improvement process similar to method described and used by
quality assurance
d. CSA is an approach where individual departments in an enterprise can formally meet,
in a facilitated group format.
2. The following is potential benefits from CSA process, except:
a. Increasing the scope of internal control reporting during a given period
b. Targeting internal control-related work by placing a greater focus on high-risk
c. Increasing the effectiveness of internal audit-recommended corrective actions by
transferring internal control ownership and responsibility to operating employees
d. Increasing the cost of internal control in the enterprise
3. The CSA session that focus on CSA teams listing risks to achieve internal control
objectives is……CSA-facilitated sessions
a. Objective-based
b. Risk-based
c. Control-based
d. Process-based
4. The CSA session that focus on selected activities that are elements of a chain of
processes is……CSA-facilitated sessions
a. Objective-based
b. Risk-based
c. Control-based
d. Process-based
5. A best practice where an enterprise evaluates various aspects of its own processes in
relation to associated practices, usually within their other peer enterprises is called..
a. Self-assessments
b. Benchmarking
c. CSA analysis
d. GAIN
6. The step when we will be asking other enterprises to give us some potentially
confidential company information in benchmarking study is..
a. Define the objectives of the benchmarking study
b. Establish a set of potential partners who may be willing to participate
c. Develop specific goals and objectives for the benchmark study
d. Clear up legal and confidentiality issues