Sie sind auf Seite 1von 343

[1] Gleim #: 1.1.1 Answer (D) is correct.

The Definition of Internal Auditing states, in


The purposes of the Standards include all of the following except part,
Establishing the basis for the measurement of internal A. audit “Internal auditing is an independent, objective assurance and
performance. consulting activity
B. Guiding the ethical conduct of internal auditors. designed to add value and improve an organization’s operations.”
C. Stating basic principles that represent the practice of internal [3] Gleim #: 1.1.3
auditing. One of the purposes of the International Standards for the
D. Fostering improved organizational processes and operations. Professional Practice of
Answer (A) is incorrect. Establishing the basis for the evaluation of Internal Auditing (“the Standards”) is to
internal audit A. Encourage the professionalization of internal auditing.
performance is one of The IIA’s stated purposes of the Standards. Establish the independence of the internal audit activity and
Answer (B) is correct. Guiding the ethical conduct of internal emphasize the
auditors is the objectivity of internal auditing.
purpose of the Code of Ethics, not the Standards. B.
Answer (C) is incorrect. Delineating basic principles that represent Encourage external auditors to make more extensive use of the work
the practice of of internal
internal auditing is one of The IIA’s stated purposes of the Standards. auditors.
Answer (D) is incorrect. Fostering improved organizational C.
processes and D. Establish the basis for evaluating internal auditing performance.
operations is one of The IIA’s stated purposes of the Standards. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[2] Gleim #: 1.1.2 (720 questions)
The proper organizational role of internal auditing is to Copyright 2013 Gleim Publications Inc. Page 1
A. Assist the external auditor to reduce external audit fees. Printed for Sanja Knezevic
B. Perform studies to assist in the attainment of more efficient Answer (A) is incorrect. The professionalization of internal auditing
operations. is important but
C. Serve as the investigative arm of the board. is not a direct purpose of the Standards.
Serve as an independent, objective assurance and consulting activity Answer (B) is incorrect. Independence and objectivity are but two
that adds aspects of the
value to operations. practice of internal auditing as it should be.
D. Answer (C) is incorrect. The Standards do not formally encourage
Answer (A) is incorrect. Reducing external audit fees may be a external auditors to
direct result of make more extensive use of the work of internal auditors.
internal audit work, but it is not a reason for staffing an internal audit Answer (D) is correct. The IIA provides the following purposes of the
activity. Standards:
Answer (B) is incorrect. The primary role of internal auditing Delineate basic principles that represent the practice of 1. internal
includes, but is not auditing.
limited to, assessing the efficiency of operations. Provide a framework for performing and promoting a broad range of
Answer (C) is incorrect. Internal auditors serve management as well value-added
as the board. internal audit activities.
2.
3. Establish the basis for evaluating internal auditing performance. Answer (D) is correct. The internal audit activity helps an
4. Foster improved organizational processes and operations. organization
[4] Gleim #: 1.1.4 accomplish its objectives by bringing a systematic, disciplined
Which Standards expand upon the other categories of Standards? approach to
A. Performance Standards. evaluate and improve the effectiveness of risk management, control,
B. Attribute Standards. and
C. Implementation Standards. governance processes (Definition of Internal Auditing).
D. All of the choices are correct. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (A) is incorrect. Performance Standards apply to all internal (720 questions)
audit Copyright 2013 Gleim Publications Inc. Page 2
services. Printed for Sanja Knezevic
Answer (B) is incorrect. Attribute Standards apply to all internal audit fb.com/ciaaofficial
services. [6] Gleim #: 1.1.6
Answer (C) is correct. Implementation Standards expand upon the An internal auditor often faces special problems when performing an
Attribute and engagement at a
Performance Standards. They provide requirements applicable to foreign subsidiary. Which of the following statements is false with
specific respect to the
engagements. conduct of international engagements?
Answer (D) is incorrect. Only Implementation Standards expand The IIA Standards do not apply outside of A. the United States.
upon the The internal auditor should determine whether managers are in
standards in other categories. compliance with
[5] Gleim #: 1.1.5 local laws.
A major reason for establishing an internal audit activity is to B.
Relieve overburdened management of the responsibility for There may be justification for having different organizational policies
establishing effective in force in
controls. foreign branches.
A. C.
B. Safeguard resources entrusted to the organization. It is preferable to have multilingual internal auditors conduct
C. Ensure the reliability and integrity of financial and operational engagements at
information. branches in foreign nations.
D. Evaluate and improve the effectiveness of control processes. D.
Answer (A) is incorrect. Management is responsible for the Answer (A) is correct. Pronouncements by The IIA have no
establishment of geographic limits.
internal control. Compliance with the concepts in the Standards is essential for the
Answer (B) is incorrect. Governance, risk management, and control responsibilities
processes of internal auditors to be met, regardless of the national environment.
ultimately serve to safeguard the organization’s resources. Answer (B) is incorrect. The internal audit activity must evaluate the
Answer (C) is incorrect. Ensuring the reliability and integrity of adequacy
financial and and effectiveness of controls, including those relating to compliance
operational information is a management responsibility. with laws,
regulations, policies, procedures, and contracts. Printed for Sanja Knezevic
Answer (C) is incorrect. Varying laws and customs and other [8] Gleim #: 1.1.8
environmental Which of the following best describes the purpose of the internal
factors justify policy differences. audit activity?
Answer (D) is incorrect. The internal audit activity collectively must To add value and improve an organization’s A. operations.
possess the To assist management with the design and implementation of risk
knowledge, skills, and other competencies needed to perform its management
responsibilities. and control systems.
[7] Gleim #: 1.1.7 B.
The purpose of the internal audit activity can be best described as To examine and evaluate an organization’s accounting system as a
A. Adding value to the organization. service to
B. Providing additional assurance regarding fair presentation of management.
financial statements. C.
Expressing an opinion on the adequate design and functioning of the D. To monitor the organization’s internal control system for the
system of external auditors.
internal control. Answer (A) is correct. The Definition of Internal Auditing states, in
C. part,
Assuring the absence of any fraud that would materially affect the “Internal auditing is an independent, objective assurance and
financial consulting activity
statements. designed to add value and improve an organization’s operations.”
D. Answer (B) is incorrect. Performing the functions of design and
Answer (A) is correct. Internal auditing is an independent, objective implementation
assurance of risk management and control systems would impair the objectivity
and consulting activity designed to add value and improve an of the
organization’s internal auditors. An internal auditor may, however, recommend
operations (Definition of Internal Auditing). control standards
Answer (B) is incorrect. Assisting the external auditors in their audit and review procedures prior to their implementation.
of the Answer (C) is incorrect. Internal auditing is much broader than
financial statements is one of many possible tasks of the internal examining and
audit activity, but evaluating an organization’s accounting system.
it is not its primary purpose. Answer (D) is incorrect. Internal auditing serves the organization,
Answer (C) is incorrect. Assessing internal control is one of many not the external
tasks of the auditors.
internal audit activity, but it is not its primary purpose. [9] Gleim #: 1.1.9
Answer (D) is incorrect. Detecting fraud is one of many possible The internal audit activity’s scope of responsibilities includes
tasks of the A. Eliminating risk.
internal audit activity, but it is not its primary purpose. B. Managing risk.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. Evaluating risk.
(720 questions) D. Controlling risk.
Copyright 2013 Gleim Publications Inc. Page 3
Answer (A) is incorrect. Eliminating risks is a responsibility of [11] Gleim #: 1.1.11
management. According to The IIA’s International Professional Practices
Answer (B) is incorrect. Managing risk is a responsibility of Framework, which of the
management. following constitute mandatory guidance for implementing the
Answer (C) is correct. The internal audit activity helps an Standards?
organization A. Development Aids.
accomplish its objectives by bringing a systematic, disciplined B. Practice Aids.
approach to C. Performance Standards.
evaluate and improve the effectiveness of risk management, control, D. Practice Advisories.
and Answer (A) is incorrect. Development Aids are not part of the IPPF.
governance processes (Definition of Internal Auditing). Managing, Answer (B) is incorrect. Practice Aids are not part of the IPPF.
controlling, Answer (C) is correct. The mandatory guidance portion of the IPPF
and eliminating risk are responsibilities of management. consists of
Answer (D) is incorrect. Controlling risk is a responsibility of the Definition of Internal Auditing, the Code of Ethics, Attribute
management. Standards,
[10] Gleim #: 1.1.10 Performance Standards, and Implementation Standards.
The Standards consist of three types of Standards. Which Standards Answer (D) is incorrect. Practice Advisories are strongly
apply to the recommended guidance.
characteristics of providers of internal auditing services? [12] Gleim #: 1.1.12
A. Implementation Standards. Under the Sarbanes-Oxley Act of 2002 (SOX),
B. Performance Standards. A. At least one member of the audit committee must be a financial
C. Attribute Standards. expert.
D. Independence Standards. B. The chairman of the board of directors must be a financial expert.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C. The audit committee must rotate at least one seat on an annual
(720 questions) basis.
Copyright 2013 Gleim Publications Inc. Page 4 D. All members of the audit committee must be financial experts.
Printed for Sanja Knezevic Answer (A) is correct. Under the terms of SOX, at least one member
fb.com/ciaaofficial of the audit
Answer (A) is incorrect. Implementation Standards apply to specific committee must be a financial expert.
types of Answer (B) is incorrect. The SOX requirement regarding a financial
engagements. expert does
Answer (B) is incorrect. Performance Standards describe the nature not refer to the chairman of the board.
of internal Answer (C) is incorrect. SOX imposes no requirements regarding
auditing and provide quality criteria for evaluation of internal audit membership
performance. rotation of the audit committee.
Answer (C) is correct. Attribute Standards concern the Answer (D) is incorrect. Under the terms of SOX, only one member
characteristics of organizations of the audit
and parties providing internal auditing services. committee need be a financial expert.
Answer (D) is incorrect. The IPPF does not contain Independence Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Standards. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 5 [14] Gleim #: 1.1.14
Printed for Sanja Knezevic Which one of the following must be included in the internal audit
[13] Gleim #: 1.1.13 charter?
The Sarbanes-Oxley Act of 2002 (SOX) imposes which of the A. Internal audit scope.
following B. Internal audit responsibility.
requirements? C. Chief audit executive’s compensation plan.
The board of directors must be composed entirely of independent A. Number of full-time internal audit employees deemed to be the
shareholders. necessary
At least one member of the audit committee must be a former partner minimum.
of the D.
independent public accounting firm. Answer (A) is incorrect. Scope is an aspect of individual internal
B. audit
The audit committee must be composed entirely of independent engagements.
members of the Answer (B) is correct. The purpose, authority, and responsibility of
board. the internal
C. audit activity must be formally defined in an internal audit charter.
Once the audit committee has selected the independent public Answer (C) is incorrect. The CAE’s compensation plan is not an
accounting firm, the appropriate
committee must not interfere with the firm’s conduct of the financial matter to include in the internal audit charter.
statement Answer (D) is incorrect. The staffing of the internal audit activity is
audit. determined
D. by the CAE and the board; it is not an appropriate matter to include
Answer (A) is incorrect. The SOX requirement regarding in the internal
independent members audit charter.
refers to the audit committee, not the entire board. [15] Gleim #: 1.1.15
Answer (B) is incorrect. SOX does not impose a requirement Which one of the following is not included in the internal audit
regarding charter?
mandatory former employment with the independent public A. Risk assessment of the internal audit activity.
accounting firm. B. Responsibility of the internal audit activity.
Answer (C) is correct. Under the terms of SOX, each member of the C. Purpose of the internal audit activity.
issuer’s D. Authority of the internal audit activity.
audit committee must be an independent member of the board of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
directors. To be (720 questions)
independent, a director must not be affiliated with, or receive any Copyright 2013 Gleim Publications Inc. Page 6
compensation Printed for Sanja Knezevic
(other than for service on the board) from, the issuer. fb.com/ciaaofficial
Answer (D) is incorrect. The audit committee must be directly Answer (A) is correct. A risk assessment is not appropriate for
responsible for inclusion in the
appointing, compensating, and overseeing the work of the internal audit charter.
independent auditor.
Answer (B) is incorrect. The appropriate contents of the internal Answer (C) is incorrect. Internal audit engagements are scheduled
audit charter are the based on a risk
purpose, authority, and responsibility of the internal audit activity. assessment, not simply time elapsed since the last engagement.
Answer (C) is incorrect. The appropriate contents of the internal Answer (D) is incorrect. Internal audit engagements are scheduled
audit charter are the based on a risk
purpose, authority, and responsibility of the internal audit activity. assessment, only one of the elements of which is monetary
Answer (D) is incorrect. The appropriate contents of the internal materiality.
audit charter are the [17] Gleim #: 1.1.17
purpose, authority, and responsibility of the internal audit activity. The purpose, authority, and responsibility of the internal audit activity
[16] Gleim #: 1.1.16 are formally
The transportation department of a publicly held company has asked defined in
the internal audit The records of the proceedings of the A. board of directors.
activity to review the design specifications for a proposed new B. The corporate bylaws.
warehouse and repair C. The memorandum of understanding.
facility. The best reason for the internal audit activity to decline the D. A formal, written charter.
request is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Such a review does not fall within the authority granted in the internal (720 questions)
audit Copyright 2013 Gleim Publications Inc. Page 7
charter. Printed for Sanja Knezevic
A. Answer (A) is incorrect. While the records of board meetings do
The CEO and the head of the transportation department are reflect discussions
neighbors and belong related to the internal audit charter, they are no substitute for an
to the same social clubs. actual formal charter.
B. Answer (B) is incorrect. The corporate bylaws are not the
The internal audit activity performed a thorough review of the appropriate place to define
transportation the purpose, authority, and responsibility of the internal audit activity.
department the previous year. Answer (C) is incorrect. A memorandum of understanding is an
C. agreement between
The transportation department’s budget is immaterial to the parties expressing their common will that does not necessarily
organization’s total contain the elements of
budget. a contract.
D. Answer (D) is correct. The purpose, authority, and responsibility of
Answer (A) is correct. The internal audit activity’s purpose, authority, the internal audit
and activity must be formally defined in a written charter, consistent with
responsibility are specifically granted in the form of a written charter the Definition of
approved by Internal Auditing, the Code of Ethics, and the Standards.
the board. [18] Gleim #: 1.1.18
Answer (B) is incorrect. An attitude of independence is required for The types of services provided by the internal audit activity can best
internal be described as
auditors, not for auditees and management. Auditing A. and engagement.
B. Auditing and consulting. inevitable conflicts arise between the internal audit activity and the
C. Assurance and consulting. department or
D. Auditing and assurance. function under review.
Answer (A) is incorrect. Engagement is not a type of internal audit Answer (D) is incorrect. The support of management and the board
service. is crucial
Answer (B) is incorrect. The IIA Glossary defines assurance and when inevitable conflicts arise between the internal audit activity and
consulting, not the
auditing and consulting, as the types of services provided by the department or function under review.
internal audit Gleim CIA Test Prep: Part 1 - Internal Audit Basics
activity. (720 questions)
Answer (C) is correct. The internal audit activity provides Copyright 2013 Gleim Publications Inc. Page 8
independent, objective Printed for Sanja Knezevic
assurance and consulting services designed to add value and fb.com/ciaaofficial
improve an [20] Gleim #: 1.1.20
organization’s operations (Definition of Internal Auditing). Which of the following is not appropriate for inclusion in the internal
Answer (D) is incorrect. The IIA Glossary defines assurance and audit charter?
consulting, not The nature of the chief audit executive’s functional reporting
auditing and assurance, as the types of services provided by the relationship with the
internal audit board.
activity. A.
[19] Gleim #: 1.1.19 Authorization of internal audit access to records, personnel, and
Support from which persons or combination of persons listed below physical
is most important properties.
to the success of the internal audit activity? B.
A. The chief executive officer and chief financial officer. Definition of the scope of internal C. audit activities.
B. The chief executive officer. D. Authorization of the board to approve the charter.
C. Management and the board. Answer (A) is incorrect. The nature of the chief audit executive’s
D. The audit committee. functional
Answer (A) is incorrect. The support of management and the board reporting relationship with the board is one of the elements to be
is crucial included in the
when inevitable conflicts arise between the internal audit activity and internal audit charter.
the Answer (B) is incorrect. Authorization of internal audit access to
department or function under review. records,
Answer (B) is incorrect. The support of management and the board personnel, and physical properties is one of the elements to be
is crucial included in the
when inevitable conflicts arise between the internal audit activity and internal audit charter.
the Answer (C) is incorrect. Definition of the scope of internal audit
department or function under review. activities is one
Answer (C) is correct. The support of management and the board is of the elements to be included in the internal audit charter.
crucial when
Answer (D) is correct. Final approval of the internal audit charter Accordingly, internal auditors are professionals who serve others by
resides with the providing
board. The board has this power inherently. assurance and consulting services.
[21] Gleim #: 1.2.21 Answer (D) is incorrect. In some situations, responsibility to the
A primary purpose of establishing a code of conduct within a public at large
professional may conflict with and be more important than loyalty to one’s
organization is to organization.
Reduce the likelihood that members of the profession will be sued for Gleim CIA Test Prep: Part 1 - Internal Audit Basics
substandard (720 questions)
work. Copyright 2013 Gleim Publications Inc. Page 9
A. Printed for Sanja Knezevic
Ensure that all members of the profession perform at approximately [22] Gleim #: 1.2.22
the same An accounting association established a code of ethics for all
level of competence. members. What is one of
B. the association’s primary purposes of establishing the code of
C. Promote an ethical culture among professionals who serve others. ethics?
Require members of the profession to exhibit loyalty in all matters To outline criteria for professional behavior to maintain standards of
pertaining to integrity and
the affairs of their organization. objectivity.
D. A.
Answer (A) is incorrect. Although this result may follow from To establish standards to follow for effective accounting B. practice.
establishing a code To provide a framework within which accounting policies could be
of conduct, it is not the primary purpose. To consider it so would be effectively
self-serving. developed and executed.
Answer (B) is incorrect. A code of conduct can help to establish C.
minimum To outline criteria that can be used in conducting interviews of
standards of competence, but it would be impossible to ensure potential new
equality of accountants.
competence by all members of a profession. D.
Answer (C) is correct. The IIA’s Code of Ethics is typical. Its purpose Answer (A) is correct. The primary purpose of a code of ethical
is “to behavior for a
promote an ethical culture in the profession of internal auditing.” The professional organization is to promote an ethical culture among
definition professionals
of internal auditing states that it is “an independent, objective who serve others.
assurance and Answer (B) is incorrect. National standards-setting bodies, not a
consulting activity.” Moreover, internal auditing is founded on “the code of ethics,
trust placed provide guidance for effective accounting practice.
in its objective assurance about governance, risk management, and Answer (C) is incorrect. A code of ethics does not provide the
control.” framework within
which accounting policies are developed.
Answer (D) is incorrect. The primary purpose is not for interviewing (720 questions)
new Copyright 2013 Gleim Publications Inc. Page 10
accountants. Printed for Sanja Knezevic
[23] Gleim #: 1.2.23 fb.com/ciaaofficial
The best reason for establishing a code of conduct within an Answer (A) is correct. An organization’s code of ethical conduct is
organization is that such the established
codes general value system the organization wishes to apply to its
A. Are typically required by governments. members’ activities by
B. Express standards of individual behavior for members of the communicating organizational purposes and beliefs and establishing
organization. uniform ethical
C. Provide a quantifiable basis for personnel evaluations. guidelines for members, which include guidance on behavior for
D. Have tremendous public relations potential. members in making
Answer (A) is incorrect. Governments typically lack the power to decisions.
impose ethical Answer (B) is incorrect. The organizational details of the
codes on nongovernment personnel (the Sarbanes-Oxley Act of profession’s governing body
2002 contains a are stated in the by-laws of a professional organization.
partial exception to this general rule). Answer (C) is incorrect. Certain actions may be legal, but contrary
Answer (B) is correct. An organization’s code of ethical conduct is to an
the organization’s code of ethics. For example, an internal auditor may
established general value system the organization wishes to apply to not perform a
its members’ service for which (s)he does not possess the necessary knowledge,
activities. It communicates organizational purposes and beliefs and skills, and
establishes experience.
uniform ethical guidelines for members, which include guidance on Answer (D) is incorrect. The Standards establish a basis for the
behavior for measurement of
members in making decisions. internal audit performance.
Answer (C) is incorrect. Codes of conduct provide qualitative, not [25] Gleim #: 1.2.25
quantitative, In analyzing the differences between two recently merged
standards. businesses, the chief audit
Answer (D) is incorrect. Other purposes of a code of conduct are executive of Organization A notes that it has a formal code of ethics
much more and Organization
significant. B does not. The code of ethics covers such things as purchase
[24] Gleim #: 1.2.24 agreements,
The code of ethics of a professional organization sets forth relationships with vendors, and other issues. Its purpose is to guide
A. Broad standards of conduct for the members of the organization. individual
B. The organizational details of the profession’s governing body. behavior within the firm. Which of the following statements regarding
C. A list of illegal activities that are proscribed to the members of the the existence of
profession. the code of ethics in A can be logically inferred?
D. A basis for the measurement of internal audit performance. A exhibits a higher standard of ethical behavior I. than does B.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
A has established objective criteria by which an individual’s actions Copyright 2013 Gleim Publications Inc. Page 11
can be Printed for Sanja Knezevic
evaluated. [26] Gleim #: 1.2.26
II. A review of an organization’s code of conduct revealed that it
The absence of a formal code of ethics in B would prevent a contained
successful review of comprehensive guidelines designed to inspire high levels of ethical
ethical behavior in that organization. behavior. The
III. review also revealed that employees were knowledgeable of its
A. I and II. provisions. However,
B. II only. some employees still did not comply with the code. What element
C. III only. should a code of
D. II and III. conduct contain to enhance its effectiveness?
Answer (A) is incorrect. The mere existence of A’s code of ethics Periodic review and acknowledgment A. by all employees.
does not B. Employee involvement in its development.
ensure that its principles are followed. C. Public knowledge of its contents and purpose.
Answer (B) is correct. A formal code of ethics effectively (1) D. Provisions for disciplinary action in the event of violations.
communicates Answer (A) is incorrect. Periodic review and acknowledgment would
acceptable values to all members, (2) provides a method of policing ensure
and employee knowledge and acceptance of the code, which are not at
disciplining members for violations, (3) establishes objective issue.
standards against Answer (B) is incorrect. Employee involvement in development
which individuals can measure their own performance, and (4) would encourage
communicates the employee acceptance, which is not at issue.
organization’s value system to outsiders. Answer (C) is incorrect. Public knowledge might affect the behavior
Answer (C) is incorrect. The absence of a formal code of ethics of some
does not preclude individuals but not to the same extent as the perceived likelihood of
a successful review of ethical behavior in an organization. Policies sanctions for
and procedures wrongdoing.
may provide the criteria for such an engagement. Answer (D) is correct. Penalties for violations of a code of conduct
Answer (D) is incorrect. The existence of a code of ethics does should
establish enhance its effectiveness. Some individuals will be deterred from
objective criteria by which individual actions can be evaluated. misconduct if
However, the they expect it to be detected and punished.
absence of a formal code of ethics does not preclude a successful [27] Gleim #: 1.2.27
review of ethical A formal code of ethics should do all of the following except
behavior in an organization. Policies and procedures may provide the A. Effectively communicate acceptable values to all members.
criteria for B. Communicate the organization’s value system to outsiders.
such an engagement. C. Reflect only legal standards of conduct for individuals and the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization.
(720 questions)
Provide a method of policing and disciplining members of the management accountants requires independence from conflicts of
organization for economic interest.
violations. Answer (C) is incorrect. A typical code of ethical conduct for
D. financial managers or
Answer (A) is incorrect. A code of ethics should effectively management accountants requires independence from conflicts of
communicate professional interest.
acceptable values to all organization members. Answer (D) is correct. The code of ethical conduct for financial
Answer (B) is incorrect. A code of ethics should communicate the managers or
organization’s management accountants in an organization should require
value system to those outside the organization. credibility in presenting
Answer (C) is correct. An ethical organization aspires to a higher information, preparing reports, and making analyses.
standard of [29] Gleim #: 1.2.29
behavior than mere legality. Objectivity is an ethical requirement for all persons engaged in the
Answer (D) is incorrect. A code of ethics should indeed provide a professional
method of practice of internal auditing. One aspect of objectivity requires
policing and disciplining members for violations. Performance of professional duties in accordance A. with relevant
[28] Gleim #: 1.2.28 laws.
A typical code of ethical conduct for financial managers or B. Avoidance of conflict of interest.
management accountants C. Refraining from using confidential information for unethical or
in an organization requires all of the following except illegal advantage.
Integrity and a refusal to compromise professional values for the D. Maintenance of an appropriate level of professional expertise.
sake of personal Answer (A) is incorrect. Observing the law is a component of
goals. integrity.
A. Answer (B) is correct. Commitment to independence from conflicts
B. Independence from conflicts of economic interest. of economic
C. Independence from conflicts of professional interest. or professional interest is an aspect of objectivity.
D. Subjectivity in presenting information, preparing reports, and Answer (C) is incorrect. Refraining from using confidential
making analyses. information for
Gleim CIA Test Prep: Part 1 - Internal Audit Basics unethical or illegal advantage is an aspect of confidentiality.
(720 questions) Answer (D) is incorrect. Maintenance of an appropriate level of
Copyright 2013 Gleim Publications Inc. Page 12 professional
Printed for Sanja Knezevic expertise is an aspect of competency.
fb.com/ciaaofficial [30] Gleim #: 1.3.30
Answer (A) is incorrect. A typical code of ethical conduct for financial The IIA Rules of Conduct set forth in The IIA’s Code of Ethics
managers or A. Describe behavior norms expected of internal auditors.
management accountants in an organization requires integrity and a B. Are guidelines to assist internal auditors in dealing with
refusal to engagement clients.
compromise professional values for the sake of personal goals. C. Are interpreted by the Principles.
Answer (B) is incorrect. A typical code of ethical conduct for financial D. Apply only to particular conduct specifically mentioned.
managers or
Answer (A) is correct. The IIA’s Code of Ethics extends beyond the action is not consistent with The IIA’s Code of Ethics.
definition of D.
internal auditing to include two essential components: (1) Principles Answer (A) is incorrect. Seeking the advice of legal counsel on all
that are ethical
relevant to the profession and practice of internal auditing and (2) decisions is impracticable.
Rules of Answer (B) is correct. The Code includes Principles (integrity,
Conduct that describe behavior norms expected of internal auditors objectivity,
(Introduction). confidentiality, and competency) relevant to the profession and
Answer (B) is incorrect. The Rules of Conduct provide guidance to practice of internal
internal auditing and Rules of Conduct that describe behavioral norms for
auditors in the discharge of their responsibility to all those whom they internal auditors
serve. and that interpret the Principles. Internal auditors are expected to
Engagement clients are not the only parties served by internal apply and
auditing. uphold the Principles. Furthermore, that a particular conduct is not
Answer (C) is incorrect. The Rules of Conduct are an aid in mentioned in
interpreting the the Rules does not prevent it from being unacceptable or
Principles. discreditable.
Answer (D) is incorrect. The conduct may be unacceptable or Answer (C) is incorrect. Seeking the advice of the board on all
discreditable ethical decisions
although not mentioned in the Rules of Conduct. is impracticable. Furthermore, the advice might not be consistent
Gleim CIA Test Prep: Part 1 - Internal Audit Basics with the
(720 questions) profession’s standards.
Copyright 2013 Gleim Publications Inc. Page 13 Answer (D) is incorrect. If the organization’s standards are not
Printed for Sanja Knezevic consistent with, or
[31] Gleim #: 1.3.31 as high as, the profession’s standards, the internal auditor is held to
Today’s internal auditor will often encounter a wide range of potential the standards
ethical of the profession.
dilemmas, not all of which are explicitly addressed by The IIA’s Code [32] Gleim #: 1.3.32
of Ethics. If the In complying with The IIA’s Code of Ethics, an internal auditor should
internal auditor encounters such a dilemma, the internal auditor A. Use individual judgment in the application of the principles set
should always forth in the Code.
Seek counsel from an independent attorney to determine the Respect and contribute to the objectives of the organization even if it
personal is engaged
consequences of potential actions. in illegal activities.
A. B.
Apply and uphold the principles embodied in The IIA’s B. Code of Go beyond the limitation of personal technical skills to advance the
Ethics. interest of the
C. Seek the counsel of the board before deciding on an action. organization.
Act consistently with the code of ethics adopted by the organization C.
even if such D. Primarily apply the competency principle in establishing trust.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal auditor’s former employer in determining priorities in the new
(720 questions) job.
Copyright 2013 Gleim Publications Inc. Page 14 A.
Printed for Sanja Knezevic The new internal audit activity does not use PPS sampling, and the
fb.com/ciaaofficial internal
Answer (A) is correct. The IIA’s Code of Ethics includes principles auditor believes PPS sampling has advantages for many of the
that internal engagements
auditors are expected to apply and uphold. They are interpreted by conducted by the new employer. The internal auditor conducts
the Rules of training sessions
Conduct, behavior norms expected of internal auditors. That a and develops forms to implement sampling in the same manner as
particular conduct is not the previous
mentioned in the Rules of Conduct does not prevent it from being employer.
unacceptable or B.
discreditable. Consequently, a reasonable inference is that individual While at the previous firm, the internal auditor conducted a great deal
judgment is of research
necessary in the application of the principles and the Rules of to identify “best practices” for the management of the treasury
Conduct. function. Because
Answer (B) is incorrect. An internal auditor “shall not knowingly be a most of the research was done at home and during non-office hours,
party to any the internal
illegal activity.” Furthermore, an internal auditor is bound to respect auditor retained much of the research and plans to use it in
and contribute conducting a review of
only to the legitimate and ethical objectives of the organization. the treasury function at the new employer.
Answer (C) is incorrect. Internal auditors “shall engage only in those C.
services for None of the answers represent a violation D. of the Code.
which they have the necessary knowledge, skills, and experience.” Answer (A) is incorrect. Disclosing the former employer’s risk
Answer (D) is incorrect. Applying and upholding the integrity assessment
principle is the means approach does not violate the Code.
by which an internal auditor establishes trust as a basis for reliance Answer (B) is incorrect. Disclosing sampling methods does not
on his/her violate the Code.
judgment. Answer (C) is incorrect. Disclosing information about best practices
[33] Gleim #: 1.3.33 of other
An internal auditor, recently terminated by an organization due to organizations does not violate the Code.
downsizing, has Answer (D) is correct. The former employer’s risk assessment
found a job with another organization in the same industry. Which of approach may be
the following viewed as general information about “best practices.” Hence,
disclosures made by the internal auditor to the new organization applying this
would constitute a approach on behalf of a new employer is acceptable. With regard to
violation of The IIA’s Code of Ethics? the former
The internal auditor used the risk assessment approach that was employer’s sampling methods, the internal auditor is applying
used by the knowledge of a
commonly used engagement procedure. It is not confidential discreditable even if it is not mentioned in the Rules of Conduct.
information. Answer (C) is incorrect. It is not feasible to seek the audit
Moreover, gathering information about best practices of other committee’s advice for
organizations is part all potential dilemmas. Furthermore, the advice might not be
of the continuing education of the internal auditor. Thus, the listed consistent with the
responses are profession’s standards.
not violations of the Code. Answer (D) is incorrect. If the organization’s standards are not
Gleim CIA Test Prep: Part 1 - Internal Audit Basics consistent with, or
(720 questions) as high as, the profession’s standards, the internal auditor should
Copyright 2013 Gleim Publications Inc. Page 15 abide by the
Printed for Sanja Knezevic latter.
[34] Gleim #: 1.3.34 [35] Gleim #: 1.3.35
An internal auditor who encounters an ethical dilemma not explicitly The IIA’s Code of Ethics does not require
addressed by A. Contribution to the legitimate and ethical objectives of the
The IIA’s Code of Ethics should always organization.
Seek counsel from an independent attorney to determine the B. Objectivity, honesty, and diligence.
personal C. Continual improvement in proficiency.
consequences of potential actions. D. A report on each engagement.
A. Answer (A) is incorrect. Rule of Conduct 1.4 states, “Internal
Take action consistent with the principles embodied in The IIA’s B. auditors shall
Code of Ethics. respect and contribute to the legitimate and ethical objectives of the
C. Seek the counsel of the audit committee before deciding on an organization.”
action. Answer (B) is incorrect. Rule of Conduct 1.1 imposes an obligation
Act consistently with the employing organization’s code of ethics of honesty,
even if such diligence, and responsibility. Moreover, objectivity is one of the four
action would not be consistent with The IIA’s Code of Ethics. Principles
D. stated in the Code.
Answer (A) is incorrect. The auditor must act consistently with the Answer (C) is incorrect. Continual improvement in proficiency and in
spirit of The the
IIA’s Code of Ethics. It is not practical to seek the advice of legal effectiveness and quality of services is required by Rule of Conduct
counsel for all 4.3.
ethical decisions. Moreover, unethical behavior may not be illegal. Answer (D) is correct. The Standards, not the Code of Ethics,
Answer (B) is correct. The IIA’s Code of Ethics is based on require internal
principles relevant to auditors to communicate the engagement results.
the profession and practice of internal auditing that internal auditors Gleim CIA Test Prep: Part 1 - Internal Audit Basics
are expected (720 questions)
to apply and uphold: integrity, objectivity, confidentiality, and Copyright 2013 Gleim Publications Inc. Page 16
competency. Printed for Sanja Knezevic
Furthermore, the Code states that particular conduct may be fb.com/ciaaofficial
unacceptable or [36] Gleim #: 1.4.36
An internal auditor working for a chemical manufacturer believed that confidential, audit-related information that could potentially damage
toxic waste was the auditor’s
being dumped in violation of the law. Out of loyalty to the organization.
organization, no A.
information regarding the dumping was collected. The internal An auditor used audit-related information in a decision to buy stock
auditor issued by the
Violated the Code of Ethics by knowingly becoming a party A. to an employer corporation.
illegal act. B.
Violated the Code of Ethics by failing to protect the well-being of the After praising an employee in a recent audit engagement
general communication, an
public. auditor accepted a gift from the employee.
B. C.
Did not violate the Code of Ethics. Loyalty to the employer in all An auditor did not report significant observations about illegal activity
matters is to the
required. board because management indicated that it would resolve the
C. issue.
Did not violate the Code of Ethics. Conclusive information about D.
wrongdoing was Answer (A) is correct. Rule of Conduct 1.2 under the integrity
not gathered. principal states,
D. “Internal auditors shall observe the law and make disclosures
Answer (A) is correct. Rule of Conduct 1.3 under the integrity expected by the law
principle prohibits and the profession.” Thus, auditors must comply with subpoenas.
knowingly being a party to any illegal activity. By failing to collect Answer (B) is incorrect. Rule of Conduct 3.2 prohibits auditors from
information using audit
about a known violation of law, the auditor became party to the illegal information for personal gain.
act. Answer (C) is incorrect. Rule of Conduct 2.2 prohibits an auditor
Answer (B) is incorrect. The IIA’s Code of Ethics does not impose a from accepting
duty to the anything that might be presumed to impair the auditor’s professional
general public. judgment.
Answer (C) is incorrect. The IIA’s Code of Ethics does not impose Answer (D) is incorrect. Rule of Conduct 1.3 prohibits auditors from
an overriding knowingly
duty of loyalty to the employer. being a party to any illegal or improper activity. Significant
Answer (D) is incorrect. The internal auditor should have collected observations of illegal
and reported activity should be reported to the board.
such information in accordance with the Standards. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[37] Gleim #: 1.4.37 (720 questions)
Which of the following is permissible under The IIA’s Code of Ethics? Copyright 2013 Gleim Publications Inc. Page 17
In response to a subpoena, an auditor appeared in a court of law and Printed for Sanja Knezevic
disclosed [38] Gleim #: 1.4.38
The IIA’s Code of Ethics requires internal auditors to perform their under review (Rule of Conduct 2.3). An internal auditor also must
work with respect and
Honesty, diligence, A. and responsibility. contribute to the legitimate and ethical objectives of the organization
B. Timeliness, sobriety, and clarity. (Rule of
C. Knowledge, skills, and competencies. Conduct 1.4). Thus, when apparent violations of antitrust statutes by
D. Punctuality, objectivity, and responsibility. officers
Answer (A) is correct. Rule of Conduct 1.1 under the integrity come to the internal auditor’s attention, (s)he should report to the
principle states, board of
“Internal auditors shall perform their work with honesty, diligence, directors rather than directly to the government regulators. An
and internal auditor
responsibility.” must also observe the law and make any disclosures required by the
Answer (B) is incorrect. Timeliness, sobriety, and clarity are not law or by the
mentioned in the profession (Rule of Conduct 1.2).
Code. Answer (B) is incorrect. Everyone has a legal obligation to
Answer (C) is incorrect. Knowledge, skills, and competencies are cooperate with a
mentioned in criminal investigation. An internal auditor must observe the law and
the Standards. make any
Answer (D) is incorrect. Punctuality is not mentioned in the Code. disclosures required by the law or by the profession (Rule of Conduct
[39] Gleim #: 1.4.39 1.2).
Which situation is most likely a violation of The IIA’s Code of Ethics? Answer (C) is incorrect. An internal auditor should report apparent
Reporting apparent violations of antitrust statutes by officers to improprieties
government to the board.
regulators. Answer (D) is incorrect. Everyone has a legal and moral obligation
A. to report
B. Cooperating with the government’s criminal investigation of the violent crimes immediately.
organization. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Reporting apparent violations of antitrust statutes by officers to the (720 questions)
board of Copyright 2013 Gleim Publications Inc. Page 18
directors. Printed for Sanja Knezevic
C. fb.com/ciaaofficial
Immediately reporting a violent crime observed at work to local law [40] Gleim #: 1.5.40
enforcement In applying the Rules of Conduct set forth in The IIA’s Code of Ethics,
agencies. internal
D. auditors are expected to
Answer (A) is correct. An internal auditor must not knowingly be a Not be unduly influenced by their own interests in A. forming
party to any judgments.
illegal activity (Rule of Conduct 1.3), and (s)he must disclose all B. Compare them with standards of other professions.
material facts C. Be guided by the desires of the engagement client.
known to him/her that, if not disclosed, might distort the reporting of D. Use discretion in deciding whether to use them.
activities
Answer (A) is correct. The objectivity principle contained in The IIA’s Copyright 2013 Gleim Publications Inc. Page 19
Code of Printed for Sanja Knezevic
Ethics states, in part, “Internal auditors make a balanced assessment [42] Gleim #: 1.5.42
of all the A CIA is working in a noninternal-auditing position as the director of
relevant circumstances and are not unduly influenced by their own purchasing. The
interests or by CIA signed a contract to procure a large order from the supplier with
others in forming judgments.” the best price,
Answer (B) is incorrect. Standards of other professions are not quality, and performance. Shortly after signing the contract, the
intended to supplier presented the
provide guidance to internal auditors. CIA with a gift of significant monetary value. Which of the following
Answer (C) is incorrect. Auditors should be independent of the statements
engagement regarding the acceptance of the gift is true?
client. Acceptance of the gift is prohibited only if it A. is not customary.
Answer (D) is incorrect. Internal auditors must follow The IIA’s Code Acceptance of the gift violates The IIA’s Code of Ethics and is
of Ethics. prohibited for a
[41] Gleim #: 1.5.41 CIA.
Which of the following statements is not appropriate to include in a B.
manufacturer’s Because the CIA is no longer acting as an internal auditor,
conflict of interest policy? An employee shall not acceptance of the gift is
A. Accept money, gifts, or services from a customer. governed only by the organization’s code of conduct.
B. Participate (directly or indirectly) in the management of a public C.
agency. Because the contract was signed before the gift was offered,
C. Borrow from or lend money to vendors. acceptance of the gift
D. Use organizational information for private purposes. does not violate either The IIA’s Code of Ethics or the organization’s
Answer (A) is incorrect. A conflict of interest policy should prohibit code of
the transfer conduct.
of benefits between an employee and those with whom the D.
organization deals. Answer (A) is incorrect. Acceptance of the gift could easily be
Answer (B) is correct. A prohibition on public service is ordinarily presumed to have
inappropriate. impaired the CIA’s professional judgment.
Public service is a right, if not a duty, of all citizens. Answer (B) is correct. Members of The Institute of Internal Auditors
Answer (C) is incorrect. A conflict of interest policy should prohibit and
financial recipients of, or candidates for, IIA professional certifications are
dealings between an employee and those with whom the subject to
organization deals. disciplinary action for breaches of The IIA’s Code of Ethics. Rule of
Answer (D) is incorrect. A conflict of interest policy should prohibit Conduct 2.2
the use of under the objectivity principle states, “Internal auditors shall not
organization information for private gain. accept anything
Gleim CIA Test Prep: Part 1 - Internal Audit Basics that may impair or be presumed to impair their professional
(720 questions) judgment.”
Answer (C) is incorrect. The CIA is still governed by The IIA’s code (720 questions)
of conduct. Copyright 2013 Gleim Publications Inc. Page 20
Answer (D) is incorrect. The timing of signing the contract is Printed for Sanja Knezevic
irrelevant. fb.com/ciaaofficial
[43] Gleim #: 1.5.43 [44] Gleim #: 1.5.44
The chief audit executive (CAE) has been appointed to a committee In a review of travel and entertainment expenses, a certified internal
to evaluate the auditor
appointment of the external auditors. The engagement partner for the questioned the business purposes of an officer’s reimbursed travel
external expenses. The
accounting firm wants the CAE to join her for a week of hunting at officer promised to compensate for the questioned amounts by not
her private lodge. claiming legitimate
The CAE should expenses in the future. If the officer makes good on the promise, the
A. Accept, assuming both their schedules allow it. internal auditor
B. Refuse on the grounds of conflict of interest. Can ignore the original charging of the nonbusiness A. expenses.
C. Accept as long as it is not charged to employer time. B. Should inform the tax authorities in any event.
Ask the comptroller whether accepting the invitation is a violation of C. Should still include the finding in the final engagement
the communication.
organization’s code of ethics. Should recommend that the officer forfeit any frequent flyer miles
D. received as part
Answer (A) is incorrect. The auditor should not accept. of the questionable travel.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity D.
principle states, Answer (A) is incorrect. The possibly fraudulent behavior of the
“Internal auditors shall not participate in any activity or relationship officer is a
that may material fact that should be reported regardless of whether the
impair or be presumed to impair their unbiased assessment. This questioned
participation expenses are reimbursed.
includes those activities or relationships that may be in conflict with Answer (B) is incorrect. Communication of results to parties outside
the interests the
of the organization.” Furthermore, under Rule of Conduct 2.2, organization is not required in the absence of a legal mandate.
“Internal auditors Answer (C) is correct. Rule of Conduct 2.3 under the objectivity
shall not accept anything that may impair or be presumed to impair principle states,
their “Internal auditors shall disclose all material facts known to them that,
professional judgment.” if not
Answer (C) is incorrect. Not charging the time to the company is not disclosed, may distort the reporting of activities under review.”
sufficient to Answer (D) is incorrect. Management should determine what
eliminate conflict-of-interest concerns. constitutes just
Answer (D) is incorrect. The auditor should know that accepting the compensation.
invitation [45] Gleim #: 1.5.45
raises conflict of interest issues. During an engagement performed at a manufacturing division of a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics defense contractor,
the internal auditor discovered that the organization apparently was Answer (A) is correct. Although an argument can be made that the
inappropriately internal auditor
adding costs to a cost-plus governmental contract. The internal should report the matter to the board and senior management, there
auditor discussed the is no indication
matter with senior management, who suggested that the internal that the internal auditor is deliberately withholding material facts that,
auditor seek an if not disclosed,
opinion from legal counsel. Upon review, legal counsel indicated that may distort reports of activities under review (Rule of Conduct 2.3).
the practice was Hence, no
questionable but was not technically in violation of the government violation of the Code occurred.
contract. Based on Answer (B) is incorrect. Material fraud, if suspected, should be
legal counsel’s decision, the internal auditor decided to omit any brought to the
discussion of the attention of management. However, in this case, the internal auditor
practice in the final engagement communication sent to senior gathered sufficient
management and the information to dispel the suspicion of fraud.
board. However, the internal auditor did informally communicate legal Answer (C) is incorrect. The internal auditor did not deliberately
counsel’s withhold important
decision to senior management. Did the internal auditor violate The information.
IIA’s Code of Answer (D) is incorrect. The internal auditor has gathered sufficient
Ethics? information.
No. The internal auditor followed up the matter with appropriate Internal legal counsel’s opinion appears to be sufficient.
personnel within [46] Gleim #: 1.5.46
the organization and reached a conclusion that no fraud was An internal auditor discovered some material inefficiencies in a
involved. purchasing function.
A. The purchasing manager is the internal auditor’s next-door neighbor
No. If a fraud is suspected, it should be resolved at the divisional and best friend. In
level where it is accordance with The IIA’s Code of Ethics, the internal auditor should
taking place. Objectively include the facts of the case in the engagement A.
B. communications.
Yes. It is a violation because all important information, even if B. Not report the incident because of loyalty to the friend.
resolved, should Include the facts of the case in a special communication submitted
be reported to the board. only to the
C. friend.
Yes. Internal legal counsel’s opinion is not sufficient. The internal C.
auditor should D. Not report the friend unless the activity is illegal.
have sought advice from outside legal counsel. Answer (A) is correct. Rule of Conduct 2.3 under the objectivity
D. principle states,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics “Internal auditors shall disclose all material facts known to them that,
(720 questions) if not
Copyright 2013 Gleim Publications Inc. Page 21 disclosed, may distort the reporting of activities under review.”
Printed for Sanja Knezevic
Answer (B) is incorrect. This action is at variance with the internal Answer (B) is incorrect. Serving on the board of the local bank may
auditor’s also be in conflict
duties. with the best interests of the auditor’s employer.
Answer (C) is incorrect. This action is at variance with the internal Answer (C) is correct. Rule of Conduct 2.1 under the objectivity
auditor’s principle states,
duties. “Internal auditors shall not participate in any activity or relationship
Answer (D) is incorrect. This action is at variance with the internal that may impair or
auditor’s be presumed to impair their unbiased assessment. This participation
duties. includes those
[47] Gleim #: 1.5.47 activities or relationships that may be in conflict with the interests of
An internal auditor for a large regional bank was asked to serve on the
the board of organization.” Accordingly, service on the board of the local bank
directors of a local bank. The bank competes in many of the same constitutes a
markets as the conflict of interest and may prejudice the internal auditor’s ability to
regional bank but focuses more on consumer financing than on carry out
business financing. objectively his/her duties regarding potential acquisitions.
In accepting this position, the internal auditor Answer (D) is incorrect. Serving on the board of the local bank
Violates The IIA’s Code of Ethics because serving on the board may creates a conflict of
be in conflict interest and may prejudice the internal auditor’s ability to perform
with the best interests of the internal auditor’s employer his/her duties.
I. [48] Gleim #: 1.5.48
Violates The IIA’s Code of Ethics because the information gained Which of the following concurrent occupations could appear to
while serving subvert the ethical
on the board of directors of the local bank may influence behavior of an internal auditor?
recommendations Internal auditor and a well-known charitable organization’s local in-
regarding potential acquisitions house
II. chairperson.
A. I only. A.
B. II only. Internal auditor and part-time business B. insurance broker.
C. I and II. Internal auditor and adjunct faculty member of a local business
D. Neither I nor II. college that
Gleim CIA Test Prep: Part 1 - Internal Audit Basics educates potential employees.
(720 questions) C.
Copyright 2013 Gleim Publications Inc. Page 22 Internal auditor and landlord of multiple housing that publicly
Printed for Sanja Knezevic advertises for
fb.com/ciaaofficial tenants in a local community newspaper listing monthly rental fees.
Answer (A) is incorrect. Serving on the board of the local bank D.
creates a conflict of Answer (A) is incorrect. The activities of a charity are unlikely to be
interest and may prejudice the internal auditor’s ability to perform contrary to
his/her duties. the interests of the organization.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity professional judgment (Rule of Conduct 2.2). Moreover, relationships
principle states, with
“Internal auditors shall not participate in any activity or relationship professional organizations are not likely to create a conflict of interest
that may or impair or be
impair or be presumed to impair their unbiased assessment. This presumed to impair internal auditors’ unbiased judgment (Rule of
participation Conduct 2.1). Also,
includes those activities or relationships that may be in conflict with the consulting engagement should not result in the improper use of
the interests information (Rule
of the organization.” As a business insurance broker, the internal of Conduct 3.2).
auditor may lose Answer (B) is incorrect. Serving as a consultant to competitors
his/her objectivity because (s)he might benefit from a change in the might create a conflict
employer’s of interest.
insurance coverage. Answer (C) is incorrect. Serving as a consultant to suppliers might
Answer (C) is incorrect. Teaching is compatible with internal create a conflict of
auditing. interest.
Answer (D) is incorrect. Whereas dealing in commercial properties Answer (D) is incorrect. Internal auditors should “be prudent in the
might involve use and protection
a conflict, renting residential units most likely does not. of information acquired in the course of their duties” (Rule of Conduct
[49] Gleim #: 1.5.49 3.1).
Internal auditors should be prudent in their relationships with persons Furthermore, such discussion might be “detrimental to the legitimate
and and ethical
organizations external to their employers. Which of the following objectives of the organization” (Rule of Conduct 3.2).
activities will most [50] Gleim #: 1.5.50
likely not adversely affect internal auditors’ ethical behavior? An internal auditor has been assigned to an engagement at a foreign
A. Accepting compensation from professional organizations for subsidiary. The
consulting work. internal auditor is aware that the social climate of the country is such
B. Serving as consultants to competitor organizations. that “facilitating
C. Serving as consultants to suppliers. payments” (bribes) are an accepted part of doing business. The
D. Discussing engagement plans or results with external parties. internal auditor has
Gleim CIA Test Prep: Part 1 - Internal Audit Basics completed the engagement and has found significant weaknesses
(720 questions) relating to important
Copyright 2013 Gleim Publications Inc. Page 23 controls. The subsidiary’s manager offers the internal auditor a
Printed for Sanja Knezevic substantial “facilitating
Answer (A) is correct. Professional organizations are unlikely to be payment” to omit the observations from the final engagement
employees, communication with a
clients, customers, suppliers, or business associates of the provision that the internal auditor could revisit the subsidiary in 6
organization. Hence, the months to verify that
consulting fees are not likely to impair or be presumed to impair the the problem areas have been properly addressed. The internal
internal auditors’ auditor should
Not accept the payment because such acceptance is in conflict with fb.com/ciaaofficial
the Code of [51] Gleim #: 1.5.51
Ethics. An internal auditor engages in the preparation of income tax forms
A. during the tax
Not accept the payment, but omit the observations as long as a season. For which of the following activities will the internal auditor
verification visit is most likely be in
made in 6 months. violation of The IIA’s Code of Ethics?
B. Writing a tax guide intended for publication and sale to A. the general
Accept the offer because it is consistent with the ethical concepts of public.
the country in Preparing the personal tax return, for a fee, for one of the
which the subsidiary is doing business. organization’s division
C. managers.
Accept the payment because it has the effect of doing the greatest B.
good for the C. Teaching an evening tax seminar, for a fee, at a local university.
greatest number; the internal auditor is better off, the subsidiary is Preparing tax returns for elderly citizens, regardless of their
better off, and associations, as a
the organization is better off because there is strong motivation to public service.
correct the D.
deficiencies. Answer (A) is incorrect. Writing a tax guide for sale to the general
D. public is
Answer (A) is correct. Rule of Conduct 2.2 under the objectivity unlikely to impair the internal auditor’s professional judgment.
principle states, Answer (B) is correct. Rule of Conduct 2.2 under the objectivity
“Internal auditors shall not accept anything that may impair or be principle states,
presumed to “Internal auditors shall not accept anything that may impair or be
impair their professional judgment.” presumed to
Answer (B) is incorrect. Rule of Conduct 2.3 requires internal impair their professional judgment.” Preparing a personal tax return
auditors to for a division
“disclose all material facts known to them that, if not disclosed, may manager for a fee falls under this prohibition.
distort the Answer (C) is incorrect. Teaching an evening tax seminar is unlikely
reporting of activities under review.” to impair
Answer (C) is incorrect. The profession’s standards, not the the internal auditor’s professional judgment.
customs of Answer (D) is incorrect. Engaging in a public service separate from
individual countries or regions, should guide the internal auditor’s the interests
conduct. and activities of the organization is unlikely to impair professional
Answer (D) is incorrect. The action is explicitly prohibited by the judgment.
Code of Ethics. [52] Gleim #: 1.5.52
Gleim CIA Test Prep: Part 1 - Internal Audit Basics An internal auditing team has made observations and
(720 questions) recommendations that should
Copyright 2013 Gleim Publications Inc. Page 24 significantly improve a division’s operating efficiency. Out of
Printed for Sanja Knezevic appreciation of this
work, and because it is the holiday season, the division manager organization’s charter. All the grants, however, were approved and
presents the in-charge documented by the
internal auditor with a gift of moderate value. Which of the following president. The chair of the grant authorization committee, who is also
best describes a member of the
the action prescribed by The IIA’s Code of Ethics? board of directors, proposes that the committee meet and
A. Not accept it prior to submission of the final engagement retroactively approve all the
communication. grants before the engagement communication is issued. If the
B. Not accept it if the gift is presumed to impair the internal auditor’s committee meets and
judgment. approves the grants before such issuance, the internal auditor should
C. Not accept it, regardless of other circumstances, because its Not report the grants in question because they were approved before
value is significant. the issuance
D. Accept it, regardless of other circumstances, because its value is of the engagement communication.
insignificant. A.
Answer (A) is incorrect. The timing of the gift is irrelevant. Discuss the matter with the chair of the grant committee to determine
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity the rationale
principle states, for not approving the grants earlier. If the grants are routine,
“Internal auditors shall not accept anything that may impair or be discussion of the
presumed to grant committee’s inaction should be omitted from the engagement
impair their professional judgment.” communication.
Answer (C) is incorrect. According to Rule of Conduct 2.2, the B.
decision whether Include the items in the communication as an override of the
to accept a gift should be based on the potential impairment of the organization’s
auditor’s controls. Details about each grant should be reported, and the
judgment. internal auditor
Answer (D) is incorrect. The decision to accept or reject the gift should investigate further for fraud.
should be based C.
on whether the internal auditor’s professional judgment will be Report the override of control D. to the board.
impaired or be Answer (A) is incorrect. The control override should be reported.
presumed to be impaired. Answer (B) is incorrect. The routine nature of the grants is irrelevant
Gleim CIA Test Prep: Part 1 - Internal Audit Basics to the issue
(720 questions) of the violation of the charter.
Copyright 2013 Gleim Publications Inc. Page 25 Answer (C) is incorrect. Details about each grant need not be
Printed for Sanja Knezevic included unless the
[53] Gleim #: 1.5.53 internal auditor believes that fraud may have occurred. Moreover, the
During an examination of grants awarded by a not-for-profit appropriate
organization, an internal organizational authorities should be informed if wrongdoing is
auditor discovered a number of grants made without the approval of suspected.
the grant Answer (D) is correct. Rule of Conduct 2.3 under the objectivity
authorization committee (which includes outside representatives), as principle states,
required by the
“Internal auditors shall disclose all material facts known to them that, Answer (A) is incorrect. The internal auditor did not withhold
if not information but
disclosed, may distort the reporting of activities under review.” The properly followed up upon learning of the information.
management Answer (B) is incorrect. The internal auditor did not withhold
override of an important control over approval of grants created a information but
material risk properly followed up upon learning of the information.
exposure. The internal auditor is ethically obligated to report the Answer (C) is correct. There is no violation of either The IIA’s Code
matter to senior of Ethics or the
officials charged with performing the governance function. Standards. The internal auditor did not withhold information and
[54] Gleim #: 1.5.54 properly followed up
An internal auditor, nearly finished with an engagement, discovers upon learning of the information.
that the director of Answer (D) is incorrect. The internal auditor did not withhold
marketing has a gambling habit. The gambling issue is not directly information but
related to the properly followed up upon learning of the information.
existing engagement, and the internal auditor is under pressure to [55] Gleim #: 1.5.55
complete it quickly. An engagement at a foreign subsidiary disclosed payments to local
The internal auditor notes the problem and passes the information on government
to the chief audit officials in return for orders. What action does The IIA’s Code of
executive but does no further follow-up. The internal auditor’s actions Ethics suggest for an
Are in violation of The IIA’s Code of Ethics for withholding meaningful internal auditor in such a case?
information. Refrain from any action that might be detrimental to A. the
A. organization.
Are in violation of the Standards because the internal auditor did not B. Report the incident to appropriate regulatory authorities.
properly C. Inform appropriate organizational officials.
follow up on a red flag that might indicate the existence of fraud. D. Report the practice to the board of The Institute of Internal
B. Auditors.
C. Are not in violation of either The IIA’s Code of Ethics or the Answer (A) is incorrect. Informing organizational officials is not
Standards. detrimental to
Are in violation of The IIA’s Code of Ethics for withholding meaningful the organization.
information and are in violation of the Standards because the internal Answer (B) is incorrect. The Code does not require that the incident
auditor did be reported
not properly follow up on a red flag that might indicate the existence to regulatory authorities.
of fraud. Answer (C) is correct. Such payments may be illegal. Rule of
D. Conduct 2.3 under
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the objectivity principle states, “Internal auditors shall disclose all
(720 questions) material facts
Copyright 2013 Gleim Publications Inc. Page 26 known to them that, if not disclosed, may distort the reporting of
Printed for Sanja Knezevic activities under
fb.com/ciaaofficial review.”
Answer (D) is incorrect. The Code does not require reporting to The Answer (D) is incorrect. The employee could be directed to other
IIA. methods of
[56] Gleim #: 1.5.56 communicating the information in order to maintain her anonymity.
During an engagement, an employee with whom you have [57] Gleim #: 1.5.57
developed a good working The chief audit executive is aware of a material inventory shortage
relationship informs you that she has some information about senior caused by internal
management that control deficiencies at one manufacturing plant. The shortage and
is damaging to the organization and may concern illegal activities. related causes are of
The employee does sufficient magnitude to affect the external auditor’s report. Based on
not want her name associated with the release of the information. The IIA’s Code
Which of the of Ethics, what is the CAE’s most appropriate course of action?
following actions is considered to be inconsistent with The IIA’s Code Say nothing; guard against interfering with the independence of the
of Ethics and external
the Standards? auditors.
Assure the employee that you can maintain her anonymity and listen A.
to the Discuss the issue with management and take appropriate action to
information. ensure that the
A. external auditors are informed.
B. Suggest that the employee consider talking to legal counsel. B.
Inform the employee that you will attempt to keep the source of the Inform the external auditors of the possibility of a shortage but allow
information them to
confidential and will look into the matter further. make an independent assessment of the amount.
C. C.
D. Inform the employee of other methods of communicating this type Communicate the shortages to the board and allow them to
of information. communicate it to the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics external auditor.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 27 Answer (A) is incorrect. The shortage is a material fact that could
Printed for Sanja Knezevic distort a report
Answer (A) is correct. An internal auditor cannot guarantee of activities under review if not revealed.
anonymity. Information Answer (B) is correct. All material facts known by the internal
communicated to an internal auditor is not deemed to be privileged. auditors should be
Answer (B) is incorrect. Suggesting that the person seek expert disclosed (Rule of Conduct 2.3). The CAE should share information
legal advice from a and
qualified individual is appropriate. coordinate activities with other internal and external providers of
Answer (C) is incorrect. Promising merely to attempt to keep the relevant
source of the assurance and consulting services (Perf. Std. 2050).
information confidential is allowable. This promise is not a guarantee Answer (C) is incorrect. The condition is known and the external
of auditors should
confidentiality. be told more than that a possibility of a shortage exists.
Answer (D) is incorrect. Information should be shared and activities Answer (B) is incorrect. The CAE should share information and
coordinated coordinate
with the external auditor. activities with the external auditors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Although the internal audit activity’s main
(720 questions) focus may be
Copyright 2013 Gleim Publications Inc. Page 28 on risk management, control, and governance processes, a material
Printed for Sanja Knezevic misstatement
fb.com/ciaaofficial must be communicated.
[58] Gleim #: 1.5.58 Answer (D) is incorrect. When performing an audit, the external
Through an engagement performed at the credit department, the auditors should
chief audit executive determine what work should be performed by the internal auditor.
(CAE) became aware of a material misstatement of the year-end [59] Gleim #: 1.5.59
accounts receivable An internal auditor has uncovered facts that could be interpreted as
balance. The external auditors have completed their engagement indicating
without detecting the unlawful activity on the part of an engagement client. The internal
misstatement. What should the CAE do in this situation? auditor decides not
Inform the external auditors of A. the misstatement. to inform senior management and the board of these facts because
Report the misstatement to management when the external auditors of lack of proof.
present a The internal auditor, however, decides that, if questions are raised
report. regarding the
B. omitted facts, they will be answered fully and truthfully. In taking this
Exclude the misstatement from the final engagement communication action, the
because the internal auditor
external auditors are responsible for expressing an opinion on the Has not violated The IIA’s Code of Ethics or the Standards because
financial confidentiality takes precedence over all other standards.
statements. A.
C. Has not violated The IIA’s Code of Ethics or the Standards because
Perform additional engagement procedures on accounts receivable the internal
balances to auditor is committed to answering all questions fully and truthfully.
benefit the external auditors. B.
D. Has violated The IIA’s Code of Ethics because unlawful acts should
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity have been
principle states, reported to the appropriate regulatory agency to avoid potential
“Internal auditors shall disclose all material facts known to them that, “aiding and
if not abetting” by the internal auditor.
disclosed, may distort the reporting of activities under review.” C.
Additionally, the Has violated the Standards because the internal auditor should
CAE should share information and coordinate activities with the inform the
external auditors appropriate authorities in the organization if fraud may be indicated.
(Perf. Std. 2050). D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A.
(720 questions) Acquaint the chief audit executive with the situation and offer
Copyright 2013 Gleim Publications Inc. Page 29 assurance that it
Printed for Sanja Knezevic will have no impact on objectivity.
Answer (A) is incorrect. Reporting a possible irregularity to the B.
appropriate Proceed with the audit because the personal investments C. are not
organizational authorities is not a breach of the duty of confidentiality an issue.
owed to the Proceed with the audit because the investment is insignificant
organization. relative to the
Answer (B) is incorrect. The internal auditor has an affirmative duty whole of the target company’s stock.
to report the D.
results of his/her work. Answer (A) is correct. Rule of Conduct 2.1 under the objectivity
Answer (C) is incorrect. The possibility of unlawful activities should principle states,
be reported to “Internal auditors shall not participate in any activity or relationship
the appropriate personnel within the organization. that may
Answer (D) is correct. The internal auditor should inform the impair or be presumed to impair their unbiased assessment. This
appropriate authorities participation
in the organization if the indicators of the commission of a fraud are includes those activities or relationships that may be in conflict with
sufficient to the interests
recommend an investigation. Hence, the internal auditor has a duty of the organization.” In these circumstances, the internal auditor
to act even though lacks the
the available facts do not prove that an irregularity has occurred. appearance of objectivity because the outcome of the engagement
Moreover, Rule of could directly
Conduct 2.3 states, “Internal auditors shall disclose all material facts affect the acquisition decision and the price of the stock. The use of
known to them the
that, if not disclosed, may distort the reporting of activities under information also would be a violation of the Code and possibly of
review.” insider trading
[60] Gleim #: 1.5.60 rules as well. Rule of Conduct 3.2 under the confidentiality principle
An internal auditor has been assigned to an engagement to evaluate states,
a possible “Internal auditors shall not use information for any personal gain or in
acquisition. Coincidentally, a significant portion of this internal any manner
auditor’s personal that would be contrary to the law or detrimental to the legitimate and
investment portfolio is composed of the target organization’s stock. ethical
What is the objectives of the organization.”
internal auditor’s preferable course of action in this situation based Answer (B) is incorrect. The appearance as well as the reality of
on The IIA’s Code loss of
of Ethics? independence must be considered.
Acquaint the chief audit executive with the situation and ask to be Answer (C) is incorrect. The internal auditor might be deemed to
assigned to have a personal
another audit. stake in the results of the engagement.
Answer (D) is incorrect. The investment is significant to the internal contrary to the Standards.
auditor. Answer (C) is incorrect. The employee’s patenting of new
Gleim CIA Test Prep: Part 1 - Internal Audit Basics developments violates
(720 questions) the general policy that all important new discoveries are the property
Copyright 2013 Gleim Publications Inc. Page 30 of the
Printed for Sanja Knezevic organization. Furthermore, if the practice is an alternative way to
fb.com/ciaaofficial provide benefits
[61] Gleim #: 1.5.61 to an employee, it may violate employee compensation rules. It may
During the course of an engagement, an internal auditor discovered also need to
that a research and be reported to various taxing authorities.
development employee has been patenting new developments that Answer (D) is correct. Under the Standards, internal auditors should
are unrelated to the communicate engagement results. Rule of Conduct 4.2 states,
basic business of the organization. The organization does not have a “Internal auditors
specific policy shall perform internal auditing services in accordance with the
addressing patents on developments that are not related to its basic International
business, but it has Standards for the Professional Practice of Internal Auditing.” Rule of
a general policy that all important new discoveries by employees are Conduct
the property of 2.3 under the objectivity principle states, “Internal auditors shall
the organization. The employee is considered one of the most disclose all
prestigious in the field. material facts known to them that, if not disclosed, may distort the
The employee’s actions have been condoned by local management reporting of
as an extra activities under review.” Hence, the failure to report violates The IIA’s
incentive to keep the employee at the lab. A decision not to report Code of
the employee’s Ethics and the Standards.
action is [62] Gleim #: 1.5.62
A violation of The IIA’s A. Code of Ethics. Which of the following actions could be construed as a violation of
B. A violation of the reporting requirements in the Standards. The IIA’s Code of
Justified because divisional management is aware of the practice, Ethics?
and it is not in Failing to report to management information that would be material to
violation of organizational policies. management’s judgment.
C. A.
Both a violation of The IIA’s Code of Ethics AND a violation of the B. Expressing an opinion on internal financial statements.
reporting Turning a case over to the security department when an internal
requirements in the Standards. auditor suspects
D. fraud but has no proof.
Answer (A) is incorrect. Failing to report the violation of C.
organizational policy is Including an internal control problem in a final engagement
contrary to The IIA’s Code of Ethics. communication when
Answer (B) is incorrect. Failing to report the violation of it has been corrected prior to completion of the engagement.
organizational policy is D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics disclosed, may distort the reporting of activities under review.”
(720 questions) Moreover, Rule
Copyright 2013 Gleim Publications Inc. Page 31 of Conduct 1.3 under the integrity principle states, “Internal auditors
Printed for Sanja Knezevic shall not
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity knowingly be a party to any illegal activity, or engage in acts that are
principle states, discreditable
“Internal auditors shall disclose all material facts known to them that, to the profession of internal auditing or to the organization.”
if not disclosed, Answer (B) is incorrect. Internal auditors must report material facts
may distort the reporting of activities under review.” that, if not
Answer (B) is incorrect. Expressing an opinion on internal financial disclosed, could distort the reporting of activities. They also may not
statements is knowingly
acceptable since it is for internal use only. be a party to an illegal activity.
Answer (C) is incorrect. Turning a case over to the security Answer (C) is incorrect. Internal auditors may not knowingly be a
department is acceptable party to an
as long as the internal auditor is careful not to state any final illegal activity.
conclusions that are not Answer (D) is incorrect. Internal auditors ordinarily are not required
supported by factual information. to disclose
Answer (D) is incorrect. Such reporting is routine. voluntarily any illegal or improper acts to outside individuals or
[63] Gleim #: 1.5.63 organizations.
During an engagement, an internal auditor learned that certain They should try to work within their organizations. However, under
individuals in the Rule of
organization were involved in industrial espionage for the benefit of Conduct 1.2, they should make any disclosures expected by the law
the organization. or by the
According to The IIA’s Code of Ethics, what is the internal auditor’s profession.
proper course of [64] Gleim #: 1.5.64
action? Which of the following activities of an internal auditor is most likely to
Report the facts to the appropriate individuals within A. the be acceptable
organization. under The IIA’s Code of Ethics?
B. No action is required because this condition is not detrimental to Late arrivals and early departures from work because this practice is
the organization. common in
Note the condition in the working papers but refrain from reporting it the organization.
because it A.
benefits the organization. Frequent luncheons and other socializing with major suppliers of the
C. organization
D. Report the condition to the appropriate governmental regulatory without the consent of senior management.
agency. B.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity C. Conducting an unrelated business outside of office hours.
principle states, D. Acceptance of a material gift from a supplier.
“Internal auditors shall disclose all material facts known to them that, Gleim CIA Test Prep: Part 1 - Internal Audit Basics
if not (720 questions)
Copyright 2013 Gleim Publications Inc. Page 32 removed by internal audit management.
Printed for Sanja Knezevic B.
fb.com/ciaaofficial To keep the engagement effort within the budgeted time, the internal
Answer (A) is incorrect. Internal auditors should exercise diligence auditor was
in performing directed to and did curtail testing in an area that looked suspicious
their duties. and later was
Answer (B) is incorrect. Rule of Conduct 2.1 under the objectivity proved to contain massive irregularities.
principle states, C.
“Internal auditors shall not participate in any activity or relationship A control system that had been recommended by the internal audit
that may impair or staff during the
be presumed to impair their unbiased assessment. This participation previous engagement was found to be defective. The internal auditor
includes those reported the
activities or relationships that may be in conflict with the interests of defective function as an engagement client failure.
the organization.” D.
Answer (C) is correct. Nothing in The IIA’s Code of Ethics prohibits Answer (A) is incorrect. Immaterial facts need not be included.
operating an Answer (B) is incorrect. The ethical transgression, if any, was not
unrelated business outside of regular office hours. The activity does made by the
not, in itself, internal auditor but by internal audit management.
constitute a conflict of interest, a use of information for personal gain, Answer (C) is incorrect. The ethical transgression, if any, was not
or an made by the
impairment of the internal auditor’s unbiased assessment. internal auditor but by internal audit management.
Answer (D) is incorrect. Rule of Conduct 2.2 under the objectivity Answer (D) is correct. Reporting the defective function as an
principle states, engagement client
“Internal auditors shall not accept anything that may impair or be failure is a violation of the internal auditor’s ethical obligation to
presumed to impair disclose all
their professional judgment.” material facts known to him/her that, if not disclosed, may distort the
[65] Gleim #: 1.5.65 reporting of
Which of the following items is a violation by an internal auditor of activities under review (Rule of Conduct 2.3).
The IIA’s Code of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Ethics? (720 questions)
Certain facts recorded in the internal auditor’s working papers that Copyright 2013 Gleim Publications Inc. Page 33
helped to Printed for Sanja Knezevic
support the basic allegations made by the internal auditor regarding [66] Gleim #: 1.5.66
a case of fraud Which of the following actions by an internal auditor would violate
were not included in the final engagement communication. The IIA’s Code of
A. Ethics?
Information in the internal auditor’s working papers that proved a Attendance at an educational program offered by an engagement
criminal act was client to all
included in the internal auditor’s draft communication. The comments employees.
were later A.
Acceptance of airline tickets from an B. engagement client. been reviewed and for which there are no plans for a future
Disclosure, in an engagement communication, of all material facts engagement. The
relevant to the tickets are usually made available to employees of that department.
area reviewed. C.
C. D. A bottle of whiskey from the organization’s treasurer.
Disposal of a small ownership interest in the organization prior to Answer (A) is correct. Rule of Conduct 2.2 under the objectivity
learning of a principle states,
business downturn. “Internal auditors shall not accept anything that may impair or be
D. presumed to
Answer (A) is incorrect. Continuing education is consistent with the impair their professional judgment.” A small promotional item, such
duty to as a pen of
continually improve proficiency and the effectiveness and quality of minimal value, is unlikely to affect an auditor’s judgment.
services Answer (B) is incorrect. A gift from an employee whose department
(Rule of Conduct 4.3). may be
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity reviewed most likely violates Rule of Conduct 2.2.
principle states, Answer (C) is incorrect. A gift from an employee whose department
“Internal auditors shall not accept anything that may impair or be may be
presumed to reviewed most likely violates Rule of Conduct 2.2.
impair their professional judgment.” Answer (D) is incorrect. A gift from an employee whose department
Answer (C) is incorrect. Rule of Conduct 2.3 requires full disclosure may be
of material reviewed most likely violates Rule of Conduct 2.2.
facts when reporting on activities. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. A stock transaction not based on insider (720 questions)
information is Copyright 2013 Gleim Publications Inc. Page 34
not an impropriety. Printed for Sanja Knezevic
[67] Gleim #: 1.5.67 fb.com/ciaaofficial
An internal auditor may receive which of the following without [68] Gleim #: 1.5.68
violating The IIA’s In their reporting, internal auditors are required by The IIA’s Code of
Code of Ethics? Ethics to
A pen received from the sales manager of a subsidiary with the Present sufficient factual information without revealing confidential
imprinted name of matters that
the organization’s product and a phone number. could be detrimental to the organization.
A. A.
A dinner and baseball tickets from the manager of a department Disclose all material information obtained by the auditor as of the
being reviewed. date of the final
The tickets are usually made available to employees of that engagement communication.
department. B.
B. Obtain factual information within the established time and C. budget
A dinner and baseball tickets from the manager of a department that parameters.
has never
Disclose material facts known to the internal auditor that could distort “Internal auditors shall not accept anything that may impair or be
the final presumed to
engagement communication if not revealed. impair their professional judgment.”
D. Answer (D) is incorrect. The IIA’s Code of Ethics does not
Answer (A) is incorrect. The Code requires only that internal specifically mention
auditors be prudent use of the CIA designation. Acts discreditable to the profession or the
in the use and protection of information. organization are prohibited, but use of the CIA designation outside
Answer (B) is incorrect. The Code does not address disclosure this the
specifically. employment context is not per se discreditable.
Answer (C) is incorrect. Time and budget parameters are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
addressed in the (720 questions)
Code. Copyright 2013 Gleim Publications Inc. Page 35
Answer (D) is correct. Rule of Conduct 2.3 under the objectivity Printed for Sanja Knezevic
principle states, [70] Gleim #: 1.5.70
“Internal auditors shall disclose all material facts known to them that, In their communication of results, internal auditors are required by
if not The IIA’s Code of
disclosed, may distort the reporting of activities under review.” Ethics to
[69] Gleim #: 1.5.69 Obtain factual information within the established time and A. budget
Which of the following actions by an internal auditor is most likely a parameters.
violation of The B. Reveal material facts that could distort communications if not
IIA’s Code of Ethics? revealed.
A. Accepting payment for teaching auditing at a local university. Present sufficient factual information without revealing confidential
B. Having a material ownership interest in a competitor. information
C. Accepting a moderate gift from a customer of his/her organization. that could be detrimental to the organization.
Allowing use of the Certified Internal Auditor designation in a context C.
not Disclose all material information obtained as of the date of the final
involving his/her employment. engagement
D. communication.
Answer (A) is incorrect. Teaching is compatible with internal D.
auditing. Answer (A) is incorrect. Obtaining information pertains to performing
Answer (B) is incorrect. Having a material ownership interest in a the
competitor is engagement, not communicating results.
more likely to cause a conflict for a director or officer than an internal Answer (B) is correct. Internal auditors should disclose all material
auditor. An facts known
internal auditor would seldom be able during the course of his/her to them that, if not disclosed, may distort the reporting of activities
employment to under review
take action that would enhance the value of the ownership interest. (Rule of Conduct 2.3).
Answer (C) is correct. Rule of Conduct 2.2 under the objectivity Answer (C) is incorrect. The Code of Ethics does not prohibit
principle states, communicating
confidential information to appropriate parties within the organization, disclosed, may distort the reporting of activities under review.”
e.g., senior Moreover, Rule of
management and the board. Conduct 1.3 under the integrity principle states, “Internal auditors
Answer (D) is incorrect. Disclosures by the internal auditors are not shall not
limited to knowingly be a party to any illegal activity, or engage in acts that are
information obtained as of the date of the final engagement discreditable
communication. to the profession of internal auditing or to the organization.”
[71] Gleim #: 1.5.71 Answer (C) is incorrect. Rule of Conduct 4.3 under the competency
Which of the following situations is a violation of The IIA’s Code of principle
Ethics? states, “Internal auditors shall continually improve their proficiency
An internal auditor, with the knowledge and consent of management, and the
accepted a effectiveness and quality of their services.”
token gift from a customer of the organization that was not presumed Answer (D) is incorrect. Although an internal auditor is prohibited
to impair from using
and did not impair judgment. confidential information for personal gain, and an investment in the
A. organization’s
Knowing that management was aware of the situation, an internal stock would be questionable, an investment in a mutual fund is
auditor acceptable.
purposely left a description of an unlawful practice out of the final Gleim CIA Test Prep: Part 1 - Internal Audit Basics
engagement (720 questions)
communication. Copyright 2013 Gleim Publications Inc. Page 36
B. Printed for Sanja Knezevic
An internal auditor shared techniques with internal auditors from fb.com/ciaaofficial
another [72] Gleim #: 1.5.72
organization. The chief audit executive (CAE) of a mid-sized internal audit activity
C. was concerned
Based upon knowledge of the probable success of the employer’s that management might outsource the internal auditing function.
business, an Thus, the CAE
internal auditor invested in a mutual fund that specialized in the same adopted a very aggressive program to promote the internal audit
industry. activity within the
D. organization. The CAE planned to present the results to senior
Answer (A) is incorrect. Acceptance of anything from a customer is management and the
prohibited board and recommend modification of the internal audit activity’s
but only if it would impair or be presumed to impair professional charter after using
judgment. the new program. The following lists six actions the CAE took to
Answer (B) is correct. Rule of Conduct 2.3 under the objectivity promote a positive
principle states, image within the organization:
“Internal auditors shall disclose all material facts known to them that, Engagement assignments concentrated on efficiency. The
if not engagements focused
solely on cost savings, and each engagement communication negotiation took place until acceptable criteria could be agreed upon.
highlighted potential The
costs to be saved. Negative observations were omitted. The focus on engagement communication commented on the engagement client’s
efficiency operations in
was new, but the engagement clients seemed very happy. conjunction with the agreed-upon criteria.
1. 6.
Drafts of all engagement communications were carefully reviewed Which of the following elements of Action 1 taken by the CAE would
with the be considered
engagement clients to get their input. Their comments were carefully inappropriate?
considered The type of engagements was changed before modifying the internal
when developing the final engagement communication. audit
2. activity’s charter and going to the audit committee.
The information technology internal auditor participated as part of a I.
development Negative observations were omitted from the engagement II.
team to review the control procedures to be incorporated into a major communications.
computer Cost savings and recommendations were highlighted in the
application under development. engagement
3. communication.
Given limited resources, the engagement manager performed a risk III.
assessment to A. I and II.
establish engagement work schedule priorities. This was a marked B. I and III.
departure from C. I only.
the previous approach of ensuring that all operations are evaluated D. II and III.
on at least a 3- Gleim CIA Test Prep: Part 1 - Internal Audit Basics
year interval. (720 questions)
4. Copyright 2013 Gleim Publications Inc. Page 37
To save time, the CAE no longer required that a standard internal Printed for Sanja Knezevic
control Answer (A) is correct. The CAE dramatically changed internal
questionnaire be completed for each engagement. audit’s scope of work
5. without consulting with the board. A second violation is the omission
When the internal auditors found that the engagement client had not of negative
developed observations. Under The IIA’s Code of Ethics, the auditors must
specific criteria or data to evaluate operations, the internal auditors disclose all material
were facts known to them that, if not disclosed, may distort the reporting of
instructed to perform research, develop specific criteria, review the activities under
criteria with review (Rule of Conduct 2.3).
the engagement client, and, if acceptable, use them to evaluate the Answer (B) is incorrect. Highlighting potential cost savings is
engagement appropriate for an
client’s operations. If the engagement client disagreed with the engagement communication, and material negative observations
criteria, a must not be omitted.
Answer (C) is incorrect. Omitting negative observations is also a requires internal auditors to disclose all material facts known to them
violation. that, if not
Answer (D) is incorrect. The CAE dramatically changed internal disclosed, might distort the reporting of activities under review.
audit’s scope of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
work without consulting with the board. Moreover, highlighting (720 questions)
potential cost savings Copyright 2013 Gleim Publications Inc. Page 38
is appropriate for an engagement communication. Printed for Sanja Knezevic
[73] Gleim #: 1.6.73 fb.com/ciaaofficial
Which of the following is permissible under The IIA’s Code of Ethics? [74] Gleim #: 1.6.74
Disclosing confidential, engagement-related information that is Which situation most likely violates The IIA’s Code of Ethics and the
potentially Standards?
damaging to the organization in response to a court order. The chief audit executive (CAE) disagrees with the engagement
A. client about the
Using engagement-related information in a decision to buy an observations and recommendations in a sensitive area. The CAE
ownership interest discusses the
in the employer organization. detail of the observations and the proposed recommendations with a
B. fellow CAE
Accepting an unexpected gift from an employee whom the internal from another organization.
auditor has A.
praised in a recent engagement communication. An organization’s charter for the internal audit activity requires the
C. chief audit
Not reporting significant observations and recommendations about executive (CAE) to present the yearly engagement work schedule to
illegal activity the board for
to the board because management has indicated it will address the its approval and suggestions.
issue. B.
D. The engagement manager has removed the most significant
Answer (A) is correct. The principle of confidentiality permits the observations and
disclosure of recommendations from the final engagement communication. The in-
confidential information if there is a legal or professional obligation to charge
do so. internal auditor opposed the removal, explaining that (s)he knows the
Answer (B) is incorrect. Rule of Conduct 3.2 prohibits internal reported
auditors from conditions exist. The in-charge internal auditor agrees that,
using information for personal gain. technically,
Answer (C) is incorrect. Rule of Conduct 2.2 prohibits internal information is not sufficient to support the observations, but
auditors from management cannot
accepting anything that may impair, or be presumed to impair, their explain the conditions, and the observations are the only reasonable
professional conclusions.
judgment. C.
Answer (D) is incorrect. Rule of Conduct 2.3 under the objectivity Because the internal audit activity lacks skill and knowledge in a
principle specialty area,
the chief audit executive (CAE) has hired an expert. The occurred.
engagement manager has C.
been asked to review the expert’s approach to the assignment. The CAE refuses to provide information about organizational
Although operations to his
knowledgeable about the area under review, the manager is hesitant father, who is a part owner.
to accept the D.
assignment because of lack of expertise. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
D. (720 questions)
Answer (A) is correct. Rule of Conduct 3.1 under the confidentiality Copyright 2013 Gleim Publications Inc. Page 39
principle Printed for Sanja Knezevic
states, “Internal auditors shall be prudent in the use and protection of Answer (A) is incorrect. According to Rule of Conduct 1.1, “Internal
information auditors shall
acquired in the course of their duties.” Discussion of sensitive perform their work with honesty, diligence, and responsibility.”
matters with an Answer (B) is incorrect. According to Rule of Conduct 4.3, “Internal
unauthorized party is the situation most likely to be considered a auditors shall
Code violation. continually improve their proficiency and the effectiveness and
Answer (B) is incorrect. Approval of the engagement work schedule quality of their
by the board services.”
and senior management is required. Answer (C) is incorrect. According to Rule of Conduct 4.2, “Internal
Answer (C) is incorrect. Information must be sufficient to achieve auditors shall
engagement perform internal audit services in accordance with the International
objectives. Standards for the
Answer (D) is incorrect. The Standards allow use of experts when Professional Practice of Internal Auditing (Standards).” The
needed. Standards require
[75] Gleim #: 1.6.75 supporting information to be sufficient, reliable, relevant, and useful.
Which of the following actions taken by a chief audit executive (CAE) Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality
could be principle states,
considered professionally ethical under The IIA’s Code of Ethics? “Internal auditors shall be prudent in the use and protection of
The CAE decides to delay an engagement at a branch so that his information acquired in
nephew, the the course of their duties.” Additionally, Rule of Conduct 3.2 states,
branch manager, will have time to “clean things up.” “Internal auditors
A. shall not use information for any personal gain or in any manner that
To save organizational resources, the CAE cancels all staff training would be contrary
for the next 2 to the law or detrimental to the legitimate and ethical objectives of the
years on the basis that all staff are too new to benefit from training. organization.”
B. Thus, such use of information by the CAE might be illegal under
To save organizational resources, the CAE limits procedures at insider trading rules.
foreign branches [76] Gleim #: 1.6.76
to confirmations from branch managers that no major personnel A chief audit executive (CAE) learned that a staff internal auditor
changes have provided
confidential information to a relative. Both the CAE and staff internal Printed for Sanja Knezevic
auditor are fb.com/ciaaofficial
CIAs. Although the internal auditor did not benefit from the [77] Gleim #: 1.6.77
transaction, the relative Which of the following situations is a violation of The IIA’s Code of
used the information to make a significant profit. The most Ethics?
appropriate way for the An internal auditor was ordered to testify in a court case in which a
CAE to deal with this problem is to merger partner
Verbally reprimand the A. internal auditor. claimed to have been defrauded by the internal auditor’s
B. Summarily discharge the internal auditor and notify The IIA. organization. The
C. Take no action because the internal auditor did not benefit from internal auditor divulged confidential information to the court.
the transaction. A.
Inform The IIA’s Board of Directors and take the personnel action An internal auditor for a manufacturer of office products recently
required by completed an
organizational policy. engagement to evaluate the marketing function. Based on this
D. experience, the
Answer (A) is incorrect. The internal auditor has violated Rule of internal auditor spent several hours one Saturday working as a paid
Conduct 3.2 consultant to a
regarding use of information. The IIA should be notified. hospital in the local area that intended to conduct an engagement to
Answer (B) is incorrect. Summary discharge may not be in evaluate its
accordance with marketing function.
company personnel policies. B.
Answer (C) is incorrect. The auditor improperly used information An internal auditor gave a speech at a local IIA chapter meeting
and violated outlining the
The IIA’s Code of Ethics. Some action is warranted. contents of a program the internal auditor had developed for
Answer (D) is correct. The staff internal auditor has violated Rule of engagements relating
Conduct 3.2 to electronic data interchange (EDI) connections. Several internal
regarding use of information. A violation of The IIA’s Code of Ethics is auditors from
the basis major competitors were in the audience.
for a complaint to the International Ethics Committee, which is C.
responsible for During an engagement, an internal auditor learned that the
receiving, interpreting, and investigating all complaints against organization was about
members or CIAs to introduce a new product that would revolutionize the industry.
on behalf of the Board of Directors of The IIA and making Because of the
recommendations to probable success of the new product, the product manager
the Board on actions to be taken (Administrative Directive 5). In suggested that the
addition, internal auditor buy an additional interest in the organization, which
organizational policy must be followed. the internal
Gleim CIA Test Prep: Part 1 - Internal Audit Basics auditor did.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 40
Answer (A) is incorrect. The principle of confidentiality permits the Answer (A) is incorrect. Disclosure of information technology
disclosure of controls is not
confidential information if there is a legal or professional obligation to detrimental to the objectives of the organization. They are not likely
do so. to be trade secrets.
Answer (B) is incorrect. The hospital is not a competitor or supplier Answer (B) is correct. Rule of Conduct 3.2 under the confidentiality
of the principle states,
internal auditor’s employer. Hence, no conflict of interest is involved. “Internal auditors shall not use information for any personal gain or in
Answer (C) is incorrect. Giving a speech is not a violation of The any manner that
IIA’s Code of would be contrary to the law or detrimental to the legitimate and
Ethics. In fact, The IIA’s motto is “progress through sharing.” ethical objectives of
Answer (D) is correct. Rule of Conduct 3.2 under the confidentiality the organization.”
principle Answer (C) is incorrect. If senior management permits the omission,
states, “Internal auditors shall not use information for any personal the internal
gain or in any auditor is not guilty of failing to disclose material facts.
manner that would be contrary to the law or detrimental to the Answer (D) is incorrect. An investigation of expense accounts is
legitimate and within the internal
ethical objectives of the organization.” auditor’s normal responsibilities, but further investigation of fraud
[78] Gleim #: 1.6.78 should ordinarily be
Which of the following most likely constitutes a violation of The IIA’s made by investigative specialists.
Code of Ethics [79] Gleim #: 1.6.79
by an internal auditor? An internal auditor is performing services in a division in which the
Discussing at a trade convention the organization’s controls over its chief financial
computer officer is a close personal friend, and the internal auditor learns that
networks. the friend is to be
A. replaced after a series of critical labor negotiations. The internal
Purchasing stock in a target entity after overhearing an executive’s auditor relays this
discussion of a information to the friend. Has a violation of The IIA’s Code of Ethics
possible acquisition. occurred?
B. No. The use of the confidential information resulted in no personal
Deleting sensitive information from a final engagement gain to the
communication at the internal auditor.
request of senior management. A.
C. No. The internal auditor was just being honest with B. his/her friend.
Investigating executive expense reports based completely on D. C. Yes. The internal auditor had a conflict of interest with the
rumors of padding. organization.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Yes. The internal auditor was not prudent in the use of information
(720 questions) acquired in the
Copyright 2013 Gleim Publications Inc. Page 41 course of his/her duties.
Printed for Sanja Knezevic D.
Answer (A) is incorrect. The Rules of Conduct specifically prohibit During the course of an engagement, an internal auditor discovers
using that a clerk is
information in a manner that would be detrimental to the legitimate embezzling funds from the organization. Although this is the first
and ethical embezzlement ever
objectives of the organization. encountered and the organization has a security department, the
Answer (B) is incorrect. The Rules of Conduct specifically prohibit internal auditor
using decides to interrogate the suspect. If the internal auditor is violating
information in a manner that would be detrimental to the legitimate The IIA’s Code of
and ethical Ethics, the rule violated is most likely
objectives of the organization. Failing to exercise A. due diligence.
Answer (C) is incorrect. The facts do not suggest that a conflict of B. Lack of loyalty to the organization.
interest C. Lack of competence in this area.
existed. However, such a conflict would be present, for example, if D. Failing to comply with the law.
the internal Answer (A) is incorrect. The requirement to perform work with
auditor used confidential information to seize a business opportunity diligence does
that not override the competency Rules of Conduct or the need to use
rightfully belonged to the organization. good judgment.
Answer (D) is correct. These facts constitute a violation of The IIA’s Answer (B) is incorrect. Loyalty is better exhibited by consulting with
Code of professionals and knowing the limits of competence.
Ethics. Rule of Conduct 3.1 under the confidentiality principle states, Answer (C) is correct. Rule of Conduct 4.1 under the competency
“Internal principle
auditors shall be prudent in the use and protection of information states, “Internal auditors shall engage only in those services for
acquired in the which they have
course of their duties.” Further, Rule of Conduct 3.2 states, “Internal the necessary knowledge, skills, and experience.” Internal auditors
auditors may not have,
shall not use information for any personal gain or in any manner that and are not expected to have, knowledge equivalent to that of a
would be person whose
contrary to the law or detrimental to the legitimate and ethical primary responsibility is to detect and investigate fraud (Impl. Std.
objectives of the 1210.A2).
organization.” In this case, the decision whether to notify the financial Answer (D) is incorrect. The internal auditor may violate the
officer of suspect’s civil rights
his/her replacement was properly the organization’s. Accordingly, the as a result of inexperience.
internal [81] Gleim #: 1.7.81
auditor was bound not to tell his/her friend. Internal auditors who fail to maintain their proficiency through
Gleim CIA Test Prep: Part 1 - Internal Audit Basics continuing education
(720 questions) could be found to be in violation of
Copyright 2013 Gleim Publications Inc. Page 42 A. The International Standards for the Professional Practice of
Printed for Sanja Knezevic Internal Auditing.
fb.com/ciaaofficial B. The IIA’s Code of Ethics.
[80] Gleim #: 1.7.80
Both the International Standards for the Professional Practice of chief audit executive (CAE). The new CAE is not a member of The
Internal IIA and is not a
Auditing and The IIA’s Code of Ethics. CIA. Henceforth, the internal audit activity will be run strictly by the
C. CAE’s standards,
D. None of the answers are correct. not The IIA’s. All four staff internal auditors are members of The IIA,
Answer (A) is incorrect. The IIA’s Code of Ethics also is violated. but they are not
Rule of CIAs. According to The IIA’s Code of Ethics, what is the best course
Conduct 4.3 under the competency principle states, “Internal auditors of action for the
shall staff internal auditors?
continually improve their proficiency and the effectiveness and The Code does not apply because A. they are not CIAs.
quality of their They should comply with the International Standards for the
services.” Professional
Answer (B) is incorrect. The Standards also are violated because Practice of Internal Auditing.
they require B.
auditors to enhance their knowledge, skills, and other competencies They must respect the legitimate and ethical objectives of the
through organization and
continuing professional development. ignore the Standards.
Answer (C) is correct. Rule of Conduct 4.3 under the competency C.
principle D. They must resign their jobs to avoid improper activities.
states, “Internal auditors shall continually improve their proficiency Answer (A) is incorrect. The IIA’s Code of Ethics may be enforced
and the against IIA
effectiveness and quality of their services.” Furthermore, Attr. Std. members and recipients of, or candidates for, IIA professional
1230 states, certifications.
“Internal auditors must enhance their knowledge, skills, and other Answer (B) is correct. Rule of Conduct 4.2 under the competency
competencies principle
through continuing professional development.” Hence, both The IIA’s states, “Internal auditors shall perform internal audit services in
Code of accordance with
Ethics and the Standards are violated by failing to earn continuing the International Standards for the Professional Practice of Internal
education Auditing.”
credits. Because the internal auditors are members of The Institute, The IIA’s
Answer (D) is incorrect. Both the Code and the Standards would be Code of
violated. Ethics is enforceable against them even though they are not CIAs.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Internal auditors should respect and
(720 questions) contribute to the
Copyright 2013 Gleim Publications Inc. Page 43 legitimate and ethical objectives of the organization, but an IIA
Printed for Sanja Knezevic member, a holder
[82] Gleim #: 1.7.82 of an IIA professional certification, or a candidate for certification may
An organization has recently placed a former operating manager in be liable
the position of for disciplinary action for failure to adhere to the Standards.
Answer (D) is incorrect. The IIA’s Code of Ethics says nothing about Answer (B) is correct. Rule of Conduct 4.2 under the competency
resignation principle requires
to avoid improper activities. internal auditing services to be performed in accordance with the
[83] Gleim #: 1.7.83 Standards.
A new staff internal auditor was told to perform an engagement in an Attr. Std. 1200 requires engagements to be performed with
area with which proficiency and due
the internal auditor was not familiar. Because of time constraints, no professional care. They also should be properly supervised to ensure
supervision was that objectives are
provided. The assignment represented a good learning experience, achieved, quality is assured, and staff is developed (Perf. Std. 2340).
but the area was Answer (C) is incorrect. The Code requires compliance with the
clearly beyond the internal auditor’s competence. Nonetheless, the Standards, and the
internal auditor Standards require proper supervision.
prepared comprehensive working papers and communicated the Answer (D) is incorrect. The Standards and the Code were not
results to followed.
management. In this situation, [84] Gleim #: 1.7.84
The internal audit activity violated the Standards by hiring an internal Which of the following most likely constitutes a violation of The IIA’s
auditor Code of
without proficiency in the area. Ethics?
A. Auditor A has accepted an assignment to perform an engagement at
The internal audit activity violated the Standards by not providing the
adequate electronics manufacturing division. Auditor A has recently joined the
supervision. internal
B. audit activity. But Auditor A was senior auditor for the external audit of
The chief audit executive has not violated The IIA’s Code of Ethics that
because it division and has audited many electronics organizations during the
does not address supervision. past 2 years.
C. A.
The Standards and The IIA’s Code of Ethics were followed by the Auditor B has been assigned to perform an engagement at the
internal audit warehousing
activity. function 6 months from now. Auditor B has no expertise in that area
D. but accepted
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the assignment anyway. Auditor B has signed up for continuing
(720 questions) professional
Copyright 2013 Gleim Publications Inc. Page 44 education courses in warehousing that will be completed before the
Printed for Sanja Knezevic assignment
fb.com/ciaaofficial begins.
Answer (A) is incorrect. All internal auditors need not be proficient in B.
all areas. The Auditor C is content as an internal auditor and has come to look at it
internal audit activity as a whole should have an appropriate mix of as a regular
skills.
9-to-5 job. Auditor C has not engaged in continuing professional [85] Gleim #: 1.7.85
education or Under The IIA’s Code of Ethics, an entity that provides internal
other activities to improve effectiveness during the last 3 years. auditing services is
However, Auditor specifically required to
C feels performance of quality work is the same as before. Maintain certain predetermined staffing requirements A. for
C. engagements.
Auditor D discovered an internal financial fraud during the year. The Comply with the International Standards for the Professional Practice
books were of Internal
adjusted to properly reflect the loss associated with the fraud. Auditor Auditing.
D discussed B.
the fraud with the external auditor when the external auditor reviewed C. Comply with organizational policy.
working D. Participate in a formal continuing education program.
papers detailing the incident. Answer (A) is incorrect. Staffing requirements must be determined
D. based on the
Answer (A) is incorrect. No professional conflict of interest exists per circumstances of each engagement.
se, Answer (B) is correct. The IIA’s Code of Ethics applies not only to
especially given that the internal auditor was previously in public individuals
accounting. but also to entities that provide internal auditing services. Rule of
However, the internal auditor should be aware of potential conflicts. Conduct 4.2
Answer (B) is incorrect. An internal auditor must possess the under the competency principle states, “Internal auditors shall
necessary perform internal
knowledge, skills, and competencies at the time an engagement is audit services in accordance with the International Standards for the
conducted, not Professional
the time it is accepted. Practice of Internal Auditing.”
Answer (C) is correct. Rule of Conduct 4.3 under the competency Answer (C) is incorrect. The Code requires internal auditors to
principle respect and
states, “Internal auditors shall continually improve their proficiency contribute to the legitimate and ethical objectives of the organization
and the and not
effectiveness and quality of their services.” engage in acts discreditable to the organization. However, the Code
Answer (D) is incorrect. The information was disclosed as part of does not
the normal specifically mention compliance with organizational policy.
process of cooperation between the internal and external auditor. Answer (D) is incorrect. The Code requires compliance with the
Because the Standards, and
books were adjusted, the external auditor was expected to inquire as the Standards require internal auditors to enhance their knowledge,
to the nature skills, and
of the adjustment. other competencies through continuing professional development,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics but neither the
(720 questions) Code nor the Standards require formal continuing education.
Copyright 2013 Gleim Publications Inc. Page 45 [86] Gleim #: 1.7.86
Printed for Sanja Knezevic
The IIA’s Code of Ethics incorporates by reference which of the [87] Gleim #: 1.7.87
following rules? Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require
A. Duty to disclose all material facts when reporting on activities. that due
B. Performance with proficiency and due professional care. professional care be used in obtaining information to support an
C. Prudent and lawful use of information. engagement opinion?
D. No acceptance of anything that may impair professional judgment. Sufficient, reliable, relevant, and useful information lends credibility to
Answer (A) is incorrect. Rule of Conduct 2.3 states, “Internal the
auditors shall opinion.
disclose all material facts known to them that, if not disclosed, may A.
distort the To preclude any conflict B. of interest.
reporting of activities under review.” C. To require honesty in performing work.
Answer (B) is correct. Rule of Conduct 4.2 under the competency If internal auditors were permitted to communicate engagement
principle results without
states, “Internal auditors shall perform internal audit services in obtaining sufficient information, they would be in a position to accept
accordance with fees or gifts
the International Standards for the Professional Practice of Internal from engagement clients.
Auditing.” D.
Attribute Standard 1200 requires engagements to be performed with Answer (A) is correct. Engagements must be performed with
proficiency proficiency and due
and due professional care. professional care (Attr. Std. 1200), and the engagement results must
Answer (C) is incorrect. Rule of Conduct 3.1 states, “Internal be
auditors shall be communicated (Perf. Std. 2400). Engagement results include
prudent in the use and protection of information acquired in the observations,
course of their conclusions, opinions, recommendations, and action plans (PA 2410-
duties.” Rule of Conduct 3.2 states, “Internal auditors shall not use 1). If internal
information auditors expressed opinions or otherwise communicated
for any personal gain or in any manner that would be contrary to the engagement results
law or without substantive investigation and compliance with the Standards,
detrimental to the legitimate and ethical objectives of the such
organization.” communications would be meaningless. The Standards are therefore
Answer (D) is incorrect. Rule of Conduct 2.2 states, “Internal incorporated
auditors shall not by reference into The IIA’s Code of Ethics by Rule of Conduct 4.2.
accept anything that may impair or be presumed to impair their Thus, internal
professional auditors must identify sufficient, reliable, relevant, and useful
judgment.” information to
Gleim CIA Test Prep: Part 1 - Internal Audit Basics achieve the engagement’s objectives (Perf. Std. 2310).
(720 questions) Answer (B) is incorrect. A separate ethics rule prohibits conflicts of
Copyright 2013 Gleim Publications Inc. Page 46 interest. Rule
Printed for Sanja Knezevic of Conduct 2.1 states, “Internal auditors shall not participate in any
fb.com/ciaaofficial activity or
relationship that may impair or be presumed to impair their unbiased within the organization, including the nature of the chief audit
assessment. executive’s functional
This participation includes those activities or relationships that may reporting relationship with the board; authorizes access to records,
be in conflict personnel, and
with the interests of the organization.” physical properties relevant to the performance of engagements; and
Answer (C) is incorrect. Rule of Conduct 1.1 requires honesty, defines the scope
diligence, and of internal audit activities (Inter. Std. 1000). Thus, the charter
responsibility in the performance of work. prescribes the internal
Answer (D) is incorrect. Rule of Conduct 2.2 prohibits accepting audit activity’s relationships with other units within the organization
anything that and with those
may impair or be presumed to impair the professional judgment of an outside.
internal [89] Gleim #: 1.8.89
auditor. The board of an organization has charged the chief audit executive
[88] Gleim #: 1.8.88 (CAE) with
During an engagement to evaluate the organization’s accounts upgrading the internal audit activity. The CAE’s first task is to develop
payable function, an a charter. What
internal auditor plans to confirm balances with suppliers. What is the item should be included in the statement of objectives?
source of Report all engagement results to the board A. every quarter.
authority for such contacts with units outside the organization? Notify governmental regulatory agencies of unethical business
A. Internal audit activity policies and procedures. practices by
B. The Standards. organization management.
C. The Code of Ethics. B.
D. The internal audit activity’s charter. C. Evaluate the adequacy and effectiveness of the organization’s
Gleim CIA Test Prep: Part 1 - Internal Audit Basics controls.
(720 questions) D. Submit budget variance reports to management every month.
Copyright 2013 Gleim Publications Inc. Page 47 Answer (A) is incorrect. Only significant engagement results are
Printed for Sanja Knezevic discussed with
Answer (A) is incorrect. Policies and procedures guide the internal the board.
auditors in their Answer (B) is incorrect. Internal auditors ordinarily are not required
consistent compliance with the internal audit activity’s standards of to report
performance. deficiencies in regulatory compliance to the appropriate agencies.
Answer (B) is incorrect. The internal audit activity’s authority is However, they
defined in a charter must observe the law and make disclosures expected by the law and
approved by the board. profession
Answer (C) is incorrect. The purpose of the Code of Ethics is to (Rule of Conduct 1.2).
promote an ethical Answer (C) is correct. The charter establishes the internal audit
culture in the profession of internal auditing. activity’s position
Answer (D) is correct. The charter establishes the internal audit within the organization, including the nature of the chief audit
activity’s position executive’s
functional reporting relationship with the board; authorizes access to Answer (B) is incorrect. Disclosure to the board is an obligation, not
records, an element
personnel, and physical properties relevant to the performance of of authority.
engagements; Answer (C) is correct. The charter establishes the internal audit
and defines the scope of internal audit activities (Inter. Std. 1000). activity’s position
Internal within the organization, including the nature of the chief audit
auditing brings a systematic, disciplined approach to evaluating and executive’s
improving functional reporting relationship with the board; authorizes access to
risk management, control, and governance processes (Definition of records,
Internal personnel, and physical properties relevant to the performance of
Auditing). engagements;
Answer (D) is incorrect. Submission of budgetary variance reports is and defines the scope of internal audit activities (Inter. Attr. Std.
not a 1000).
primary objective of internal auditing. It is a budgetary control that Answer (D) is incorrect. Access to the external auditor’s
management engagement records
may require on a periodic basis. cannot be guaranteed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [91] Gleim #: 1.8.91
(720 questions) The authority of the internal audit activity is limited to that granted by
Copyright 2013 Gleim Publications Inc. Page 48 A. The board and the controller.
Printed for Sanja Knezevic B. Senior management and the Standards.
fb.com/ciaaofficial C. Management and the board.
[90] Gleim #: 1.8.90 D. The board and the chief financial officer.
An element of authority that must be included in the charter of the Answer (A) is incorrect. The controller is not the only member of
internal audit management.
activity is Answer (B) is incorrect. The Standards cannot provide actual
Identification of the organizational units where engagements are A. to authority to an
be performed. internal audit activity.
B. Identification of the types of disclosures that should be made to Answer (C) is correct. The purpose, authority, and responsibility of
the board. the internal
Access to records, personnel, and physical properties relevant to the audit activity must be formally defined in a charter. The CAE must
performance periodically
of engagements. review and present the charter to senior management and the board
C. for approval
D. Access to the external auditor’s engagement records. (Attr. Std. 1000).
Answer (A) is incorrect. The audit schedule is based on a risk Answer (D) is incorrect. Management and the board, not a particular
assessment; it is manager,
thus inappropriate to designate specific engagement areas in the give the internal audit activity its authority.
internal audit [92] Gleim #: 1.8.92
charter. A charter is one of the more important factors positively affecting the
internal audit
activity’s independence. Which of the following is least likely to be A.
part of the Because quality assurance is a new function, seek the approval of
charter? management as
A. Access to records within the organization. a mediator to set the scope of the engagement.
B. The scope of internal audit activities. B.
C. The length of tenure of the chief audit executive. Indicate that the engagement will evaluate the function only in
D. Access to personnel within the organization. accordance with
Gleim CIA Test Prep: Part 1 - Internal Audit Basics the standards set by, and approved by, the quality assurance
(720 questions) function before
Copyright 2013 Gleim Publications Inc. Page 49 beginning the engagement.
Printed for Sanja Knezevic C.
Answer (A) is incorrect. The charter establishes the internal audit Terminate the engagement because it will not be productive without
activity’s position the client’s
within the organization and authorizes access to records. cooperation.
Answer (B) is incorrect. The charter establishes the internal audit D.
activity’s position Answer (A) is correct. The written charter, approved by the board,
within the organization and defines the scope of internal audit defines the
activities. scope of internal audit activities (Inter. Std. 1000).
Answer (C) is correct. The length of the CAE’s employment should Answer (B) is incorrect. The engagement client does not determine
not be codified in the scope of
the charter; it is a matter of ongoing judgment for the board. this type of assurance engagement. A scope limitation imposed by
Answer (D) is incorrect. The charter establishes the internal audit the client might
activity’s position prevent the internal audit activity from achieving its objectives.
within the organization and authorizes access to personnel. Answer (C) is incorrect. Other objectives may be established by
[93] Gleim #: 1.8.93 management and
Internal auditing has planned an engagement to evaluate the the internal auditors. The engagement is not limited to the specific
effectiveness of the standards set
quality assurance function as it affects the receipt of goods, the by the quality assurance department. It considers such standards in
transfer of the goods the
into production, and the scrap costs related to defective items. The development of the engagement program.
engagement client Answer (D) is incorrect. The internal auditors must conduct the
argues that such an engagement is not within the scope of the engagement and
internal audit activity communicate any scope limitations to management and the board.
and should come under the purview of the quality assurance Gleim CIA Test Prep: Part 1 - Internal Audit Basics
department only. What is (720 questions)
the most appropriate response? Copyright 2013 Gleim Publications Inc. Page 50
Refer to the internal audit activity’s charter and the approved Printed for Sanja Knezevic
engagement plan fb.com/ciaaofficial
that includes the area designated for evaluation in the current time [94] Gleim #: 1.8.94
period.
The chief audit executive has assigned an internal auditor to perform of irresponsible policy changes by management. The most effective
a year-end way to ensure that
engagement to evaluate payroll records. The internal auditor has freedom is to
contacted the director A. Have the internal audit charter approved by the board.
of compensation and has been refused access to necessary B. Adopt policies for the functioning of the internal audit activity.
documents. To avoid this C. Establish an audit committee within the board.
problem, Develop written policies and procedures to serve as standards of
Access to records relevant to performance of engagements should performance for
be specified in the internal audit activity.
the internal audit activity’s charter. D.
A. Answer (A) is correct. The internal audit charter is a formal
Internal auditing should be required to report to the CEO of B. the document that
organization. defines the internal audit activity’s purpose, authority, and
By following the long-range planning process, access to all relevant responsibility. Final
records approval of the internal audit charter resides with the board (Inter.
should be guaranteed. Attr. Std.
C. 1000).
D. Board approval should be required for all scope limitations. Answer (B) is incorrect. Adoption of policies for the functioning of
Answer (A) is correct. Specific guidelines are written in the internal the internal
audit audit activity does not protect its organizational position.
activity’s charter authorizing access to records, personnel, and Answer (C) is incorrect. The establishment of an audit committee
physical properties alone does not
relevant to the performance of engagements (Inter. Attr. Std. 1000). ensure the status of the internal audit activity.
Such Answer (D) is incorrect. Written policies and procedures serve to
provisions reduce the likelihood of scope limitations. guide the
Answer (B) is incorrect. The internal audit activity need not report to internal auditor but have little effect on management.
a specific Gleim CIA Test Prep: Part 1 - Internal Audit Basics
individual in the organization, although reporting administratively to (720 questions)
the CEO is Copyright 2013 Gleim Publications Inc. Page 51
desirable. Printed for Sanja Knezevic
Answer (C) is incorrect. Following the long-range planning process [96] Gleim #: 1.8.96
provides no Which of the following is not true with regard to the internal audit
guarantee of access. charter?
Answer (D) is incorrect. The internal audit activity must inform the It defines the authorities and responsibilities for the internal A. audit
board of any activity.
scope limitations, but the board’s approval is not required. B. It specifies the minimum resources needed for the internal audit
[95] Gleim #: 1.8.95 activity.
The organizational position of the internal audit activity should be C. It provides a basis for evaluating the internal audit activity.
free from the effects D. It should be approved by the board.
Answer (A) is incorrect. The charter formally defines the purpose, many different titles are used in practice.
authority, and [98] Gleim #: 1.8.98
responsibilities of the internal audit activity. After the chief audit executive receives approval from the board to
Answer (B) is correct. The charter formally defines the purpose, offer consulting
authority, and services, what should be done?
responsibility of the internal audit activity. Resource requirements are A. The CAE should begin performing consulting services.
based on B. The CAE should get approval from the internal auditors.
risk-based plans that are consistent with organizational objectives; C. The internal audit charter should be amended.
they are not an The board should develop appropriate policies and procedures for
appropriate topic to codify in the internal audit charter. conducting
Answer (C) is incorrect. The board can use the written charter as a such engagements.
basis for D.
evaluating the internal audit activity. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Final approval of the internal audit charter (720 questions)
resides with Copyright 2013 Gleim Publications Inc. Page 52
the board. Printed for Sanja Knezevic
[97] Gleim #: 1.8.97 fb.com/ciaaofficial
The chief audit executive (CAE) is best defined as the Answer (A) is incorrect. After the CAE receives board approval, the
A. Inspector general. internal audit
B. Person responsible for the internal audit function. charter must be amended and the CAE must establish policies and
C. Outside provider of internal audit services. procedures.
Person responsible for overseeing the contract with the outside Answer (B) is incorrect. The CAE does not need to get additional
provider of approval from the
internal audit services. internal auditors. Only board approval is required.
D. Answer (C) is correct. The purpose, authority, and responsibility of
Answer (A) is incorrect. The specific job title of the chief audit the internal audit
executive may activity must be formally defined in an internal audit charter (Attr. Std.
vary across organizations (The IIA Glossary). 1000). The
Answer (B) is correct. The CAE is a person in a senior position nature of consulting services must be defined in the internal audit
responsible for charter (Impl. Std.
effectively managing the internal audit activity in accordance with the 1000.C1).
internal Answer (D) is incorrect. The CAE must establish policies and
audit charter and the Definition of Internal Auditing, the Code of procedures to guide the
Ethics, and the internal audit activity.
Standards (The IIA Glossary). [99] Gleim #: 1.8.99
Answer (C) is incorrect. The internal audit activity may be insourced. Staff members should be afforded an appropriate means through
Answer (D) is incorrect. The term “chief audit executive” is defined which they can
broadly discuss problems and receive updates regarding the internal audit
because (1) the internal audit activity may be insourced or activity’s policies.
outsourced and (2) The most appropriate forum for this objective is
The internal audit activity’s informal communication A. lines. Answer (A) is incorrect. Management of the internal audit activity
B. Internal memoranda. should develop
C. Staff meetings. engagement work schedules.
D. Employee evaluation conferences. Answer (B) is incorrect. Management of the internal audit activity
Answer (A) is incorrect. Informal communication is not the most should revise
appropriate travel, promotion, and compensation policies.
forum. Answer (C) is correct. In The Practice of Modern Internal Auditing,
Answer (B) is incorrect. Memoranda are usually impersonal and do Sawyer states
not afford a that one reason for staff meetings is to explain “routine administrative
good opportunity for maximum exchange of ideas. matters, to teach
Answer (C) is correct. Formal staff meetings provide the best new techniques, and even to let off steam.” For example, staff
opportunity for members should be able
ensuring that issues are addressed timely and efficiently. In The to raise questions about ineffective procedures, promotions, salaries,
Practice of or other
Modern Internal Auditing, Sawyer states that one reason for staff problems.
meetings is to Answer (D) is incorrect. Developing long-range training programs
explain “routine administrative matters, to teach new techniques, and that will meet the
even to let staff’s needs should be done by management of the internal audit
off steam.” For example, staff members should be able to raise activity.
questions about [101] Gleim #: 1.8.101
ineffective procedures, promotions, salaries, or other problems. Any program for selecting and developing the human resources of
Answer (D) is incorrect. The employee evaluation conference is not the internal audit
a timely activity will fail unless compensation is adequate at all levels of
place to discuss problems and receive updates. responsibility.
[100] Gleim #: 1.8.100 Policies concerning compensation should
The chief audit executive meets with the members of the internal Link internal auditors’ compensation to the pay for comparable
audit activity at positions in the
scheduled staff meetings. Which of the following is the most controller’s department.
appropriate function of A.
such a staff meeting? Provide for cost-of-living, longevity, and merit B. increases annually.
A. Developing the engagement work schedule. Be informal and as flexible as possible to allow the chief audit
B. Revising travel, promotion, and compensation policies. executive to
C. Explaining administrative policies and obtaining suggestions from respond to unusual situations.
the staff. C.
D. Developing long-range training programs that will meet the staff’s Be clearly stated and based on evaluations of position requirements
needs. and individual
Gleim CIA Test Prep: Part 1 - Internal Audit Basics performance.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 53 Answer (A) is incorrect. No necessary correlation exists between
Printed for Sanja Knezevic the work of
internal auditors and of the controller’s staff. internal audit activity’s position.
Answer (B) is incorrect. Increases need not necessarily be annual. Answer (C) is incorrect. Lack of support by the CEO weakens the
Answer (C) is incorrect. Formal, well-defined policies are preferable internal audit
to avoid activity’s position.
misunderstandings. Answer (D) is correct. The CEO’s statement suggests that the
Answer (D) is correct. Internal auditing job descriptions are internal audit activity
important because, lacks the support of senior management and the board. Furthermore,
among other things, they may be used to justify adequate salaries. the lack of
As part of an outside audit committee members may contribute to a loss of
overall personnel management and development program, they independence. The
should be used board’s failure to approve the charter may have the same effect. The
together with periodic, formal performance appraisals as a basis for charter enhances
compensation the independence of the internal audit activity. By specifying the
adjustments and promotions. purpose, authority,
[102] Gleim #: 2.1.1 and responsibility of the internal audit activity, it establishes the
Which of the following facts, by themselves, could contribute to a position of internal
lack of audit in the organization, including the nature of the chief audit
independence of the internal audit activity? executive’s functional
The CEO accused the new auditor of not operating “in the best reporting relationship with the board (Inter. Std. 1000).
interests of the [103] Gleim #: 2.1.2
organization.” To avoid being the apparent cause of conflict between an
I. organization’s senior
II. The majority of audit committee members come from within the management and the board, the chief audit executive should
organization. Communicate all engagement results to both senior management A.
III. The internal audit activity’s charter has not been approved by the and the board.
board. Strengthen the independence of the internal audit activity through
A. I only. organizational
B. II only. position.
C. II and III only. B.
D. I, II, and III. C. Discuss all reports to senior management with the board first.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Request board approval of policies that include internal audit activity
(720 questions) relationships
Copyright 2013 Gleim Publications Inc. Page 54 with the board.
Printed for Sanja Knezevic D.
fb.com/ciaaofficial Answer (A) is incorrect. Receipt of all engagement results by senior
Answer (A) is incorrect. The other facts listed could also contribute management
to a lack of and the board is unnecessary and inefficient.
independence. Answer (B) is incorrect. Organizational position helps the internal
Answer (B) is incorrect. Lack of support by the CEO and lack of a audit activity
charter weaken the
to achieve independence but is not, by itself, enough to avoid Answer (A) is incorrect. Under this arrangement, the internal audit
conflict. activity will
Answer (C) is incorrect. The board essentially has an oversight not have direct access to the board; the access will be indirect via
rather than an the controller.
operational role. Answer (B) is correct. To achieve the degree of independence
Answer (D) is correct. To achieve the degree of independence necessary to
necessary to effectively carry out the responsibilities of the internal audit activity,
effectively carry out the responsibilities of the internal audit activity, the CAE has
the chief direct and unrestricted access to senior management and the board
audit executive has direct and unrestricted access to senior (Inter. Std. 1100). Also, the CAE must communicate and interact
management and the directly with the
board. This can be achieved through a dual-reporting relationship board (Attr. Std. 1111).
(Inter. Std. 1100). Answer (C) is incorrect. Whether the controller has experience with
Gleim CIA Test Prep: Part 1 - Internal Audit Basics internal
(720 questions) auditors does not affect the internal audit activity’s independence.
Copyright 2013 Gleim Publications Inc. Page 55 Answer (D) is incorrect. Although desirable, the CIA designation is
Printed for Sanja Knezevic not
[104] Gleim #: 2.1.3 mandatory for a person to become an internal auditor. A CIA should
An organization is in the process of establishing its new internal audit insist on
activity. The independence for the internal audit activity.
controller has no previous experience with internal auditors. Due to [105] Gleim #: 2.1.4
this lack of A medium-sized publicly owned organization operating in Country X
experience, the controller advised the applicants that the CAE will be has grown to a
reporting to the size that the governing authority believes warrants the establishment
external auditors. However, the new chief audit executive will have of an internal
free access to the audit activity. Country X has legislated internal audit requirements for
controller to report anything important. The controller will then convey governmentowned
the CAE’s organizations. The organization changed the bylaws to reflect the
concerns to the board of directors. The internal audit activity will establishment
Be independent because the CAE has direct access A. to the board. of the internal audit activity. The governing authority decided that the
B. Not be independent because the CAE reports to the external chief audit
auditors. executive (CAE) must be a certified internal auditor and will report
Not be independent because the controller has no experience with directly to the
internal newly established audit committee. Which of the items discussed
auditors. above will
C. contribute the most to the new CAE’s independence?
Not be independent because the organization did not specify that the A. The establishment of the internal audit activity is documented in
applicants the bylaws.
must be certified internal auditors. B. Country X has legislated internal auditing requirements.
D. C. The CAE will report to the audit committee.
D. The CAE is to be a certified internal auditor. role of ethics advocate does not impair the internal auditor’s
Gleim CIA Test Prep: Part 1 - Internal Audit Basics independence.
(720 questions) Answer (D) is incorrect. The internal and external audit functions
Copyright 2013 Gleim Publications Inc. Page 56 share
Printed for Sanja Knezevic information and work collaboratively outside of the influence of
fb.com/ciaaofficial management.
Answer (A) is incorrect. Documentation in the bylaws does little to This role does not conflict with the independence standard.
promote [107] Gleim #: 2.1.6
independence. The reporting relationship within the organization’s management
Answer (B) is incorrect. Legislated internal audit requirements in structure that
Country X do not facilitates the day-to-day operations of the internal audit activity is
promote independence. A. Administrative reporting.
Answer (C) is correct. Independence is effectively achieved when B. Financial reporting.
the CAE reports C. Management reporting.
functionally to the board (Inter. Std. 1110). The audit committee is a D. Functional reporting.
subset of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
board. (720 questions)
Answer (D) is incorrect. Independence requires support from senior Copyright 2013 Gleim Publications Inc. Page 57
management and Printed for Sanja Knezevic
the board. Answer (A) is correct. Administrative reporting is the reporting
[106] Gleim #: 2.1.5 relationship within
Which of the following activities undertaken by the internal auditor the organization’s management structure that facilitates the day-to-
might be in day operations of
conflict with the standard of independence? the internal audit activity. Administrative reporting typically includes
Risk management A. consultant. (1) budgeting
B. Product development team leader. and management accounting; (2) human resource administration,
C. Ethics advocate. including personnel
D. External audit liaison. evaluations and compensation; (3) internal communications and
Answer (A) is incorrect. An internal auditor’s acting as a risk information flows;
management and (4) administration of the organization’s internal policies and
consultant does not impair the independence of the internal audit procedures (PA 1110-
activity. 1, para. 4).
Answer (B) is correct. Independence precludes internal auditors Answer (B) is incorrect. Financial reporting focuses primarily on
from assuming reporting
management roles. Product development team leader is a information about performance provided by measures of earnings
management role. and its components.
Answer (C) is incorrect. Internal auditors and the internal audit Answer (C) is incorrect. A form of management reporting is issuance
activity should of financial
take an active role in support of an organization’s ethical culture, statements, which report on the organization’s performance to
assuming the external parties.
Answer (D) is incorrect. Functional reporting involves reporting to of the following activities?
the board to I. Internal communication and information flows
facilitate the internal audit activity’s independence. II. Approval of the internal audit risk assessment and related audit
[108] Gleim #: 2.1.7 plan
An external quality assessment team was evaluating the III. Approval of annual compensation and salary adjustments for the
independence of an internal CAE
audit activity. The internal audit activity performs engagements A. I and II.
concerning all of the B. II and III.
elements included in its scope. Which of the following reporting C. I and III.
responsibilities is D. I, II, and III.
most likely to threaten the internal audit activity’s independence? Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Reporting to the (720 questions)
A. President. Copyright 2013 Gleim Publications Inc. Page 58
B. Treasurer. Printed for Sanja Knezevic
C. Executive vice president. fb.com/ciaaofficial
D. Audit committee. Answer (A) is incorrect. Internal communication and information
Answer (A) is incorrect. Being responsible to the president helps flows are
preserve the administrative reporting items. Administrative reporting is the
internal audit activity’s independence by enhancing its position in the reporting relationship
organization. within the management structure. Furthermore, functional reporting
Answer (B) is correct. The CAE must report to a level within the also involves the
organization board’s approval of annual compensation and salary adjustments for
that allows the internal audit activity to fulfill its responsibilities (Attr. the CAE.
Std. 1110). Answer (B) is correct. Organizational independence is effectively
The higher the level to which the internal audit activity reports, the achieved when the
more likely CAE reports functionally to the board. Examples of functional
that independence will be assured. Reporting to the treasurer limits reporting to the board
the influence involve the board
and independence of the internal audit activity. Approving the internal audit charter
Answer (C) is incorrect. The executive vice president is higher Approving the risk-based internal audit plan
ranking than the Receiving communications from the CAE on the internal audit
treasurer. activity’s
Answer (D) is incorrect. Because the audit committee is a subset of performance
the board, Approving decisions regarding the appointment and removal of the
independence is enhanced when the internal audit activity reports to CAE
the audit Making appropriate inquiries of management and the CAE to
committee. determine whether
[109] Gleim #: 2.1.8 there are inappropriate scope or resource limitations (Inter. Attr. Std.
The CAE should report functionally to the board. The board is 1110)
responsible for which
Answer (C) is incorrect. Internal communication and information Printed for Sanja Knezevic
flows are [111] Gleim #: 2.1.10
administrative reporting items. Moreover, functional reporting also When evaluating the independence of an internal audit activity, a
involves the quality assurance
board’s approval of the internal audit risk assessment and related review team performing an external assessment considers several
audit plan. factors. Which of the
Answer (D) is incorrect. Internal communication and information following factors has the least amount of influence when judging an
flows are internal audit
administrative reporting items. activity’s independence?
[110] Gleim #: 2.1.9 Criteria used in making internal auditors’ A. assignments.
Independence permits internal auditors to render impartial and B. The extent of internal auditor training in communications skills.
unbiased judgments. C. Relationship between engagement records and engagement
The best way to achieve independence is through communications.
Individual knowledge A. and skills. D. Impartial and unbiased judgments.
B. A dual-reporting relationship. Answer (A) is incorrect. How individual internal auditors are
C. Supervision within the organization. assigned relates to
D. Organizational knowledge and skills. independence. The auditor’s personal relationships with operating
Answer (A) is incorrect. Individual knowledge and skills allow personnel,
individual work experience with the engagement client, etc., affect
auditors to achieve professional proficiency. independence.
Answer (B) is correct. Independence is the freedom from conditions Answer (B) is correct. Training in communication relates to the
that threaten knowledge,
the ability of the internal audit activity to carry out internal audit skills, and other competencies needed to perform engagements, not
responsibilities to
in an unbiased manner. To achieve the degree of independence independence.
necessary to Answer (C) is incorrect. If significant engagement observations
effectively carry out the responsibilities of the internal audit activity, found in the
the CAE has engagement records are omitted from the engagement
direct and unrestricted access to senior management and the board. communications,
This can be independence becomes an issue.
achieved through a dual-reporting relationship (Inter. Std. 1100). Answer (D) is incorrect. Unbiased judgment is an aspect of
Answer (C) is incorrect. Supervision ensures that engagement independence.
objectives are [112] Gleim #: 2.1.11
achieved, quality is assured, and staff is developed. The optimal administrative reporting line of the CAE is to
Answer (D) is incorrect. Organizational knowledge and skills allow A. The audit committee.
the internal B. Line management.
audit activity collectively to achieve professional proficiency. C. Board of directors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. CEO or equivalent.
(720 questions) Answer (A) is incorrect. Functional reporting is to the board.
Copyright 2013 Gleim Publications Inc. Page 59
Answer (B) is incorrect. Administrative reporting preferably is to the B.
CEO. The board should have the final authority to approve the internal
Answer (C) is incorrect. The CAE must communicate and interact audit risk
directly with assessment.
the board. Functional reporting needs to be to the board. C.
Answer (D) is correct. Administrative reporting is the reporting The board should approve the CAE’s performance D. evaluation.
relationship Answer (A) is incorrect. Functional reporting to the board facilitates
within the organization’s management structure that facilitates the the
day-to-day independence of the internal audit activity.
operations of the internal audit activity. Administrative reporting Answer (B) is correct. Private meetings between the CAE and the
typically board without
includes (1) budgeting and management accounting; (2) human management present are an essential part of the functional reporting
resource relationship
administration, including personnel evaluations and compensation; (PA 1110-1, para. 3).
(3) internal Answer (C) is incorrect. The board approves all decisions regarding
communications and information flows; and (4) administration of the the
organization’s internal policies and procedures (PA 1110-1, para. 4). performance evaluation, appointment, or removal of the CAE.
Reporting Answer (D) is incorrect. The board approves the internal audit risk
functionally to the board and administratively to the CEO facilitates assessment
organizational independence (PA 1110-1, para. 2). and the related audit plan.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [114] Gleim #: 2.1.13
(720 questions) A formal document (charter) approved by the board that defines the
Copyright 2013 Gleim Publications Inc. Page 60 internal audit
Printed for Sanja Knezevic activity’s purpose, authority, and responsibility enhances its
fb.com/ciaaofficial A. Exercise of due professional care.
[113] Gleim #: 2.1.12 B. Proficiency.
Regardless of which reporting relationship the organization chooses, C. Relationship with management.
several key D. Independence.
actions can help ensure that the reporting lines support and enable Answer (A) is incorrect. Due professional care is an attribute of work
the effectiveness performed.
and independence of the internal auditing activity. Which key action Answer (B) is incorrect. Proficiency results from possessing the
will not achieve knowledge,
its functional reporting purpose? skills, and other competencies required for internal auditors to
Organizational independence is effectively achieved when the CAE perform their
reports individual responsibilities.
functionally to the board (Interpretation of Standard 1110). Answer (C) is incorrect. The internal audit activity’s relationship with
A. management is a function of professionalism. The charter
The CAE should meet with the board, with management present, to establishes
reinforce the independence, not a working relationship.
independence of the internal audit activity.
Answer (D) is correct. The charter establishes the internal audit A. Must be sufficient to permit the accomplishment of the activity’s
activity’s responsibilities.
position within the organization, including the nature of the chief audit B. Is best when the reporting relationship is direct to the board of
executive’s functional reporting relationship with the board (Inter. Attr. directors.
Std. Requires only the board’s annual approval of the engagement work
1000). To achieve the degree of independence necessary to schedule,
effectively carry out staffing plan, and financial budget.
the responsibilities of the internal audit activity, the CAE has direct C.
and D. Is guaranteed when the charter specifically defines the activity’s
unrestricted access to senior management and the board (Inter. Attr. independence.
Std. 1100). Answer (A) is correct. The CAE must report to a level within the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization
(720 questions) that allows the internal audit activity to fulfill its responsibilities (Attr.
Copyright 2013 Gleim Publications Inc. Page 61 Std. 1110).
Printed for Sanja Knezevic Answer (B) is incorrect. The internal audit activity requires day-to-
[115] Gleim #: 2.1.14 day support
The reporting structure that is most likely to allow the internal audit that cannot be provided by the board. For this reason, the internal
activity to audit activity
accomplish its responsibilities is to report administratively to the should report administratively to the CEO of the organization.
Board and functionally to the chief A. executive officer. Answer (C) is incorrect. Independence requires reporting to a level
B. Controller and functionally to the chief financial officer. that can deal
C. Chief executive officer and functionally to the board of directors. with more than simple administrative concerns.
D. Chief executive officer and functionally to the external auditor. Answer (D) is incorrect. A statement in the charter does not
Answer (A) is incorrect. The reverse arrangement is appropriate. guarantee
The board is not independence.
involved in the routine management of the firm. [117] Gleim #: 2.1.16
Answer (B) is incorrect. Reporting administratively to the controller The board is most likely to participate in approving
and A. Staff promotions and salary increases.
functionally to the chief financial officer would result in insufficient B. Engagement communication observations, conclusions, and
organizational status for internal auditing. recommendations.
Answer (C) is correct. Reporting functionally to the board and C. Engagement work programs.
administratively to D. Appointment of the chief audit executive.
the organization’s CEO facilitates organizational independence (PA Gleim CIA Test Prep: Part 1 - Internal Audit Basics
1110-1, (720 questions)
para. 2). Copyright 2013 Gleim Publications Inc. Page 62
Answer (D) is incorrect. The external auditor is not part of the Printed for Sanja Knezevic
organizational fb.com/ciaaofficial
hierarchy. Answer (A) is incorrect. The organization’s CAE is responsible for
[116] Gleim #: 2.1.15 staff promotions.
The organizational level to which the internal audit activity reports
Answer (B) is incorrect. The organization’s CAE is responsible for Answer (C) is incorrect. The CAE optimally reports to the CEO for
approving administrative purposes.
engagement communication observations, conclusions, and Answer (D) is correct. Organizational independence is effectively
recommendations. achieved when
Answer (C) is incorrect. The CAE or designee provides appropriate the CAE reports functionally to the board (Inter. Attr. Std. 1110).
engagement Gleim CIA Test Prep: Part 1 - Internal Audit Basics
supervision, which includes providing appropriate instructions during (720 questions)
the planning of Copyright 2013 Gleim Publications Inc. Page 63
the engagement and approving the engagement program. Printed for Sanja Knezevic
Answer (D) is correct. Organizational independence is effectively [119] Gleim #: 2.1.18
achieved when the A service organization is currently experiencing a significant
CAE reports functionally to the board. Examples of functional downsizing and process
reporting to the board reengineering. Its board of directors has redefined the business
involve the board goals and established
Approving the internal audit charter initiatives using in-house developed technology to meet these goals.
Approving the risk-based internal audit plan As a result, a
Receiving communications from the CAE on the internal audit more decentralized approach has been adopted to run the business
activity’s functions by
performance empowering the business branch managers to make decisions and
Approving decisions regarding the appointment and removal of the perform functions
CAE traditionally done at a higher level. The internal auditing staff is made
Making appropriate inquiries of management and the CAE to up of the chief
determine whether audit executive, two managers, and five staff auditors, all with
there are inappropriate scope or resource limitations (Inter. Attr. Std. financial background.
1110) In the past, the primary focus of successful internal audit activities
[118] Gleim #: 2.1.17 has been the service
The IIA has indicated that to achieve necessary independence, the branches and the six regional division headquarters that support the
CAE should report branches. These
functionally to whom? division headquarters are the primary targets for possible elimination.
A. Senior management. The support
B. Shareholders. functions such as human resources, accounting, and purchasing will
C. Chief executive officer. be brought into
D. The board. the national headquarters, and technology will be enhanced to
Answer (A) is incorrect. Organizational independence is facilitated enable and augment
when the these operations. Up to this point, the internal audit activity has
CAE reports functionally to the board and administratively to the reported to the chief
CEO. operating officer. Due to the significant changes, there has been
Answer (B) is incorrect. The CAE should report to the audit some discussion as to
committee (i.e., the changing this reporting relationship. What would be the best
board). reporting relationship?
Administratively and functionally A. to the president. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Administratively to the president and functionally to the board. (720 questions)
C. Administratively to the chief financial officer and functionally to the Copyright 2013 Gleim Publications Inc. Page 64
president. Printed for Sanja Knezevic
D. Administratively and functionally to the chief operating officer. fb.com/ciaaofficial
Answer (A) is incorrect. Organizational independence is effectively Answer (A) is correct. The CAE, reporting functionally to the board
achieved and
when the CAE reports functionally to the board. administratively to the organization’s CEO, facilitates organizational
Answer (B) is correct. The chief audit executive must report to a independence
level within the (PA 1110-1, para. 2). The CAE must communicate and interact
organization that allows the internal audit activity to fulfill its directly with the board
responsibilities (Attr. Std. 1111).
(Attr. Std. 1110). The chief audit executive (CAE), reporting Answer (B) is incorrect. Placing the CAE in a governance position
functionally to the impairs his/her
board and administratively to the organization’s chief executive objectivity.
officer, facilitates Answer (C) is incorrect. Serving as a staff officer and reporting to
organizational independence (PA 1110-1, para. 2). the CFO limit the
Answer (C) is incorrect. The CAE, reporting functionally to the board influence and independence of the internal audit activity.
and Answer (D) is incorrect. Reporting to an administrative vice
administratively to the organization’s chief executive officer, president limits the
facilitates influence and independence of the internal audit activity.
organizational independence. [121] Gleim #: 2.1.20
Answer (D) is incorrect. The best reporting relationship is According to the International Professional Practices Framework, the
administratively to the independence of
president, functionally to the board. the internal audit activity is achieved through
[120] Gleim #: 2.1.19 Staffing A. and supervision.
A charter is being drafted for a newly formed internal audit activity. B. Continuing professional development and due professional care.
Which of the C. Human relations and communications.
following best describes an appropriate organizational position to be D. Organizational status and objectivity.
incorporated into Answer (A) is incorrect. Staffing and supervision relate to
the charter? proficiency rather than
The chief audit executive reports to the chief executive officer but independence.
has access to Answer (B) is incorrect. Continuing professional development and
the board. due
A. professional care relate to proficiency rather than independence.
B. The chief audit executive is a member of the board. Answer (C) is incorrect. Human relations and communications relate
C. The chief audit executive is a staff officer reporting to the chief to to
financial officer. proficiency rather than independence.
D. The chief audit executive reports to an administrative vice Answer (D) is correct. The organizational status most conducive to
president. this degree of
independence is a dual-reporting relationship. Objectivity is an management attitude will most probably have an adverse effect on
individual attribute the internal audit
of each internal auditor. Objectivity requires that internal auditors do activity’s
not Operating A. budget variance.
subordinate their judgment on audit matters to others (Inter. Attr. Std. B. Effectiveness.
1100, para. C. Performance appraisals.
2). D. Policies and procedures.
[122] Gleim #: 2.1.21 Answer (A) is incorrect. An operating budget variance report is a
Freedom from conditions that threaten internal auditors’ ability to do control device
unbiased work is used to monitor actual performance. Lack of management
A. Control. cooperation could cause
B. Compliance. unfavorable variances, but favorable variances also could occur if
C. Independence. many
D. Avoidance of conflicts of interest. engagements were subject to scope impairments.
Answer (A) is incorrect. Control is “any action taken by Answer (B) is correct. In this situation, management is highly averse
management, the board, to analysis
or other parties to manage risk and increase the likelihood that or possible criticism of its actions. Consequently, the internal audit
established activity will
objectives and goals will be achieved” (The IIA Glossary). most likely not report to an organizational level that will allow it to
Answer (B) is incorrect. Compliance is “adherence to policies, plans, fulfill its
procedures, responsibilities (Attr. Std. 1110). Furthermore, engagement
laws, regulations, contracts, or other requirements” (The IIA communications are
Glossary). unlikely to receive adequate consideration, and appropriate action is
Answer (C) is correct. Independence is “the freedom from conditions unlikely to be
that taken on engagement recommendations (PA 1110-1, para. 2).
threaten the ability of the internal audit activity to carry out internal Answer (C) is incorrect. Evaluation of the internal auditing staff
audit should not be
responsibilities in an unbiased manner” (The IIA Glossary). affected by lack of cooperation on the part of noninternal auditing
Answer (D) is incorrect. Conditions other than conflicts of interest management.
may create Answer (D) is incorrect. Policies and procedures of the internal audit
bias or the appearance of bias. activity are
Gleim CIA Test Prep: Part 1 - Internal Audit Basics developed by the internal audit activity. They should not be affected
(720 questions) by
Copyright 2013 Gleim Publications Inc. Page 65 noninternal auditing management.
Printed for Sanja Knezevic [124] Gleim #: 2.2.23
[123] Gleim #: 2.1.22 During the performance of an engagement to evaluate a division’s
In some cultures and organizations, managers insist that an internal controls over
audit activity is not purchasing, the chief purchasing agent asked why the internal
needed to provide a critical assessment of the organization’s auditor had requested
operations. This kind of
documents pertaining to transactions with a particular supplier. The irregularities may dictate a less open environment than would
internal auditor’s normally contribute to a
proper response is to cooperative engagement. However, that is a judgment that should be
A. Treat the inquiry as a scope limitation. made by the chief
Explain the reasons for the information request to promote audit executive in light of the specific circumstances. Moreover, the
cooperation with the internal audit
engagement client. activity must be free from interference in determining the scope of
B. internal auditing,
Refuse to explain the information request to preserve the integrity of performing work, and communicating results (Impl. Std. 1110.A1).
the [125] Gleim #: 2.2.24
engagement process. An appropriate internal auditing role in a feasibility study is to
C. Serve on the task force for the A. preliminary survey.
Consider the specific circumstances before deciding whether to B. Ascertain if the feasibility study addresses cost-benefit
disclose the relationships.
reasons for the information request. C. Determine the requirements for preparing a manual of
D. specifications.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Participate in the drafting of recommendations for the computer
(720 questions) acquisition and
Copyright 2013 Gleim Publications Inc. Page 66 implementation.
Printed for Sanja Knezevic D.
fb.com/ciaaofficial Answer (A) is incorrect. Serving on the task force for the preliminary
Answer (A) is incorrect. A scope limitation is a restriction placed survey is
upon the internal appropriate for users and functional management.
audit activity that precludes it from accomplishing its objectives and Answer (B) is correct. Assessing the adequacy of a feasibility study
plans. is properly
Answer (B) is incorrect. The CAE should consider the specific within the scope of work of internal audit. The other three choices
circumstances before involve internal
deciding whether to disclose the reasons for the information request. audit participation in decisions that are properly those of
Answer (C) is incorrect. It is not always necessary or desirable to management.
refuse to explain an Answer (C) is incorrect. Determining the requirements for preparing
information request. a manual of
Answer (D) is correct. At times, an internal auditor may be asked by specifications is appropriate for users and functional management.
the engagement Answer (D) is incorrect. Computer experts should participate in the
client or other parties to explain why a document that has been drafting of
requested is relevant to recommendations for the computer acquisition and implementation.
an engagement. Disclosure or nondisclosure during the engagement [126] Gleim #: 2.2.25
of the reasons Internal auditors must be objective in performing their work. Assume
documents are needed should be determined based on the that the chief
circumstances. Significant audit executive received an annual bonus as part of that individual’s
compensation
package. The bonus may impair the CAE’s objectivity if account balances.
The bonus is administered by the board of directors or its salary [127] Gleim #: 2.2.26
administration Objectivity is most likely impaired by an internal auditor’s
committee. Continuation on an engagement at a division for which (s)he will
A. soon be
The bonus is based on monetary amounts recovered or responsible as the result of a promotion.
recommended future A.
savings as a result of engagements. Reduction of the scope of an engagement due to budget B.
B. restrictions.
C. The scope of internal auditing is evaluating control rather than Participation on a task force that recommends standards for control
account balances. of a new
D. All of the answers are correct. distribution system.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics C.
(720 questions) D. Review of a purchasing agent’s contract drafts prior to their
Copyright 2013 Gleim Publications Inc. Page 67 execution.
Printed for Sanja Knezevic Answer (A) is correct. Internal auditors must have an impartial,
Answer (A) is incorrect. The board of directors needs to determine unbiased attitude
the CAE’s and avoid any conflict of interest (Attr. Std. 1120). Conflict of interest
compensation. is a
Answer (B) is correct. Internal auditors must have an impartial, situation in which an internal auditor, who is in a position of trust, has
unbiased attitude and a
avoid any conflict of interest (Attr. Std. 1120). Conflict of interest is a competing professional or personal interest (Inter. Std. 1120). The
situation in internal
which an internal auditor, who is in a position of trust, has a auditor’s promotion may create a bias.
competing professional or Answer (B) is incorrect. Budget restrictions do not constitute an
personal interest (Inter. Std. 1120). In this case, the CAE’s objectivity impairment of
could be independence or objectivity.
impaired if the bonus, a competing personal interest, is based on Answer (C) is incorrect. An internal auditor may recommend, but not
monetary amounts implement,
recovered or recommended future savings as a result of standards of control and still maintain objectivity.
engagements. Answer (D) is incorrect. An internal auditor may review contracts
Answer (C) is incorrect. The internal audit activity’s scope of work prior to their
includes execution.
evaluating and contributing to the improvement of risk management, [128] Gleim #: 2.2.27
control, and In which of the following scenarios does the auditor most likely have
governance processes. organizational
Answer (D) is incorrect. Objectivity is not impaired if the board independence but lack objectivity?
determines the Reports to the audit client but does not report fully about the reason
director’s compensation or if the scope of work is evaluating control for corrective
rather than action taken.
A. B.
B. Reports to the board and reports fully about corrective action Data processing center for which the internal auditor had performed
taken. the service
C. Reports to the audit client and reports fully about corrective action three times previously.
taken. C.
Reports to the board but does not report fully about the reason for Computer system for which the internal auditor had been the internal
corrective audit
action taken. activity’s representative on the design team.
D. D.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Objectivity is presumed to be impaired if an
(720 questions) internal
Copyright 2013 Gleim Publications Inc. Page 68 auditor provides assurance services for an activity for which the
Printed for Sanja Knezevic internal auditor
fb.com/ciaaofficial had responsibility within the previous year. Thus, 5 years is a
Answer (A) is incorrect. Reporting to the audit client does not allow reasonable lapse of
the internal audit time to safeguard the employee from a charge of conflict of interest.
activity to fulfill its responsibilities. Answer (B) is correct. The CAE makes staff assignments so that
Answer (B) is incorrect. When the auditor reports to the board and potential and
reports fully about actual conflicts of interest and bias are avoided (PA 1120-1, para. 2).
the corrective action taken, no apparent independence or objectivity A close
issue arises. relative’s involvement with a supplier of an engagement client is an
Answer (C) is incorrect. Reporting to the client indicates a lack of apparent
independence. conflict of interest.
Answer (D) is correct. Organizational independence is effectively Answer (C) is incorrect. Although rotation of assignments is
achieved when the preferable, no
CAE reports functionally to the board (Inter. Attr. Std. 1110). Failing to conflict of interest is involved in performing an assurance service for
report fully the same
about the reason for corrective action may imply bias (a loss of activity repeatedly.
objectivity) with regard Answer (D) is incorrect. Objectivity is not impaired if the internal
to the audit client. auditor’s
[129] Gleim #: 2.2.28 responsibility was limited to recommending standards of control for
An internal auditor most likely will have a conflict of interest by systems or
providing an reviewing procedures before implementation.
assurance service with regard to a [130] Gleim #: 2.2.29
Financial activity in which the internal auditor had been a key Management has requested the internal audit activity to perform an
employee 5 years engagement to
previously. recommend procedures and policies for improving management
A. control over the
Purchasing activity if a major supplier is owned by the internal telephone marketing operations of a major division. The chief audit
auditor’s sister-inlaw. executive should
Not accept the engagement because recommending controls would Recommendations prior to implementation will affect independence,
impair future and the
objectivity regarding this operation. internal auditors will not be able to perform an objective evaluation
A. after the
Not accept the engagement because internal audit activities are system is implemented.
presumed to have A.
expertise regarding accounting controls, not marketing controls. Participation will delay implementation B. of the project.
B. Participation will cause the internal auditors to be labeled as partial
Accept the engagement, but indicate to management that, because owners of the
recommending application, and they will then have to share the blame for any
controls impairs independence, future engagements in the area will problems that
be impaired. remain in the system.
C. C.
Accept the engagement because objectivity will D. not be impaired. D. None of the answers are correct.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. Internal audit activity independence is not
(720 questions) affected by
Copyright 2013 Gleim Publications Inc. Page 69 recommending control standards or reviewing procedures before
Printed for Sanja Knezevic implementation.
Answer (A) is incorrect. The CAE should accept the engagement. Answer (B) is incorrect. Internal audit activity participation will not
Recommending delay the
controls is not considered to impair independence or objectivity. project unless needed controls were absent.
Answer (B) is incorrect. The engagement should be accepted. The Answer (C) is incorrect. The internal auditors may participate in
internal audit systems
activity must have or obtain the knowledge, skills, and competencies development but must not draft procedures or design, install, or
to evaluate and operate the
improve all of the organization’s risk management, control, and system.
governance processes. Answer (D) is correct. Objectivity is not adversely affected when the
Answer (C) is incorrect. Independence is not impaired by making internal
control auditors recommend standards of control for systems or review
recommendations. procedures before
Answer (D) is correct. The CAE should accept the engagement. they are implemented. Designing, installing, drafting procedures for,
Recommending or operating
standards of control for systems or reviewing procedures prior to systems is presumed to impair objectivity (PA 1120-1, para. 4).
implementation does [132] Gleim #: 2.2.31
not impair objectivity (PA 1120-1, para. 4). Assessing individual objectivity of internal auditors is the
[131] Gleim #: 2.2.30 responsibility of
Which of the following statements is an appropriate reason for the A. The chief executive officer.
internal audit B. The board.
activity not to participate in the systems development process? C. The audit committee.
D. The chief audit executive.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Recommending standards of control is
(720 questions) presumed not to
Copyright 2013 Gleim Publications Inc. Page 70 impair objectivity.
Printed for Sanja Knezevic Answer (D) is correct. The internal auditor’s objectivity is not
fb.com/ciaaofficial adversely affected
Answer (A) is incorrect. Assessing individual objectivity of internal when the auditor recommends standards of control for systems or
auditors is the reviews
responsibility of the chief audit executive. procedures before they are implemented. Designing, installing, or
Answer (B) is incorrect. Assessing individual objectivity of internal drafting
auditors is the procedures for operating systems is presumed to impair objectivity
responsibility of the chief audit executive. (PA 1120-1,
Answer (C) is incorrect. Assessing individual objectivity of internal para. 4).
auditors is the [134] Gleim #: 2.2.33
responsibility of the chief audit executive. Reengineering is the thorough analysis, fundamental rethinking, and
Answer (D) is correct. The CAE must establish policies and complete
procedures to assess the redesign of essential business processes. The intended result is a
objectivity of individual internal auditors. dramatic
[133] Gleim #: 2.2.32 improvement in service, quality, speed, and cost. An internal auditor’s
Which of the following activities is not presumed to impair the involvement in
objectivity of an reengineering should include all of the following except
internal auditor? A. Determining whether the process has senior management’s
Recommending standards of control for a new information I. system support.
application B. Recommending areas for consideration.
Drafting procedures for running a new computer application to C. Developing audit plans for the new system.
ensure that proper D. Directing the implementation of the redesigned process.
controls are installed Gleim CIA Test Prep: Part 1 - Internal Audit Basics
II. (720 questions)
Performing reviews of procedures for a new computer application Copyright 2013 Gleim Publications Inc. Page 71
before it is Printed for Sanja Knezevic
installed Answer (A) is incorrect. Internal auditors may perform the function
III. of determining
A. I only. whether the process has senior management’s support.
B. II only. Answer (B) is incorrect. Internal auditors may perform the function
C. III only. of recommending
D. I and III. areas for consideration.
Answer (A) is incorrect. Performing reviews of procedures is Answer (C) is incorrect. Internal auditors may perform the function
presumed not to of developing
impair objectivity. audit plans for the new system.
Answer (B) is incorrect. Drafting procedures is presumed to impair Answer (D) is correct. Designing, installing, or drafting procedures
objectivity. for operating
systems is presumed to impair objectivity (PA 1120-1, para. 4). D.
[135] Gleim #: 2.2.34 Gleim CIA Test Prep: Part 1 - Internal Audit Basics
An activity appropriately performed by the internal audit activity is (720 questions)
Designing A. systems of control. Copyright 2013 Gleim Publications Inc. Page 72
B. Drafting procedures for systems of control. Printed for Sanja Knezevic
C. Reviewing systems of control before implementation. fb.com/ciaaofficial
D. Installing systems of control. Answer (A) is correct. Confidence in the internal audit activity
Answer (A) is incorrect. Designing systems is presumed to impair derives from
objectivity. independence (an attribute of the internal audit activity as a whole),
Answer (B) is incorrect. Drafting procedures for systems is and objectivity (an
presumed to impair attribute of individual internal auditors). Because designing, installing,
objectivity. drafting
Answer (C) is correct. The internal auditor’s objectivity is not procedures for, or operating systems impairs the objectivity of
adversely affected internal auditors (PA
when the auditor recommends standards of control for systems or 1120-1, para. 4), such services may create a conflict of interest, a
reviews situation in which
procedures before they are implemented (PA 1120-1, para. 4). internal auditors have a competing professional or personal interest.
Answer (D) is incorrect. Installing systems of control is presumed to This may create an
impair appearance of impropriety that undermines confidence in the internal
objectivity. audit activity
[136] Gleim #: 2.2.35 (Inter. Attr. Std. 1120).
Which of the following most seriously compromises confidence in the Answer (B) is incorrect. Dual reporting to the CEO and the board of
internal audit directors is ideal.
activity? Answer (C) is incorrect. The CAE should share information and
Internal auditors frequently draft revised procedures for departments coordinate activities
whose with other internal and external providers to ensure proper coverage
procedures have been criticized in an engagement communication. and minimize
A. duplication of efforts.
The chief audit executive has dual reporting responsibility to the Answer (D) is incorrect. Including the internal audit activity in the
organization’s review cycle of the
chief executive officer and the board of directors. organization’s contracts is appropriate.
B. [137] Gleim #: 2.2.36
The internal audit activity and the organization’s external auditors An organization is planning to develop and implement a new
engage in joint computerized purchase
planning of total engagement coverage to avoid duplicating each order system in one of its manufacturing subsidiaries. The vice
other’s work. president of
C. manufacturing has requested that internal auditors participate on a
The internal audit activity is included in the review cycle of the team consisting of
organization’s representatives from finance, manufacturing, purchasing, and
contracts with other organizations before the contracts are executed. marketing. This team
will be responsible for the implementation effort. Eager to take on this development is for the internal auditor to
high profile Gain familiarity with systems for use in A. subsequent reviews.
project, the chief audit executive assigns a senior internal auditor to B. Help assure that systems have adequate control procedures.
the project to C. Help minimize the cost and development time for new systems.
assist “as needed.” Assuming the senior internal auditor performed D. Propose enhancements for subsequent development and
all of the implementation.
following activities, which one will impair objectivity if the internal Answer (A) is incorrect. Gaining familiarity with systems for use in
auditor is asked to subsequent
review the purchase order system on a post-engagement basis? reviews is not the major reason for the internal auditor’s involvement
Helping to identify and define A. control objectives. in
B. Testing for compliance with system development standards. information systems development.
C. Evaluate risk exposures of systems and programming standards. Answer (B) is correct. The internal audit activity evaluates and
D. Drafting operating procedures for the new system. improves risk
Answer (A) is incorrect. Helping to identify and define control management, control, and governance processes. The internal
objectives is an auditor’s objectivity
appropriate internal audit function. is not adversely affected when the auditor recommends standards of
Answer (B) is incorrect. Internal auditors should evaluate risk control for
exposures and the systems or reviews procedures before they are implemented. The
controls relating to compliance with laws, regulations, and contracts. auditor’s
Answer (C) is incorrect. Internal auditors evaluate risk exposures of objectivity is considered to be impaired if the auditor designs, installs,
information drafts
systems. They may also recommend standards of control or review procedures for, or operates such systems (PA 1120-1, para. 4).
procedures Answer (C) is incorrect. Minimizing the cost and development time
before implementation without adversely affecting their objectivity. for new
Answer (D) is correct. An internal auditor’s objectivity is not systems is not the major reason for the internal auditor’s involvement
adversely affected in
when the auditor recommends standards of control for systems or information systems development.
reviews Answer (D) is incorrect. Proposing enhancements for subsequent
procedures before they are implemented. Designing, installing, development
drafting and implementation is a managerial, not an internal auditing,
procedures for, or operating systems, however, are presumed to function.
impair the internal [139] Gleim #: 2.2.38
auditor’s objectivity (PA 1120-1, para. 4). Assuming that the internal auditing staff possesses the necessary
Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience and
(720 questions) training, which of the following services is most appropriate for a staff
Copyright 2013 Gleim Publications Inc. Page 73 internal auditor
Printed for Sanja Knezevic to undertake?
[138] Gleim #: 2.2.37 A. Substitute for the accounts payable supervisor while (s)he is on
The major reason for the internal auditor’s involvement in information sick leave.
systems
Determine the profitability of alternative investment acquisitions and C. Is freedom from threats to the ability to perform audit work without
select the bias.
best alternative. Prohibits internal auditors from providing consulting services relating
B. to
As part of an evaluation team, review vendor accounting software operations for which they had previous responsibility.
internal D.
controls and rank according to exposures. Answer (A) is correct. Objectivity is “an unbiased mental attitude that
C. allows
Participate in an internal audit of the accounting department shortly internal auditors to perform engagements in such a manner that they
after believe in
transferring from the accounting department. their work product and that no quality compromises are made.
D. Objectivity requires
Answer (A) is incorrect. An internal auditor’s objectivity is presumed that internal auditors do not subordinate their judgment on audit
to be matters to others”
impaired for at least 1 year with respect to activities (s)he previously (The IIA Glossary).
performed. Answer (B) is incorrect. Objectivity also is required in a consulting
Answer (B) is incorrect. Investment decisions are management’s engagement.
responsibility. Answer (C) is incorrect. Independence is freedom from threats to
Answer (C) is correct. An internal auditor’s objectivity is not impaired the ability to
when the perform audit work without bias.
auditor recommends standards of control for systems or reviews Answer (D) is incorrect. Internal auditors may provide consulting
procedures before services
they are implemented (PA 1120-1, para. 4). relating to operations for which they had previous responsibility.
Answer (D) is incorrect. An internal auditor should not be assigned [141] Gleim #: 2.2.40
to The CAE bears the responsibility to do which of the following?
engagements concerning activities (s)he previously performed until A. Assess the level of independence of the board.
at least 1 year Assess the level of knowledge, skills, and competencies of the chief
has elapsed. financial
Gleim CIA Test Prep: Part 1 - Internal Audit Basics officer.
(720 questions) B.
Copyright 2013 Gleim Publications Inc. Page 74 C. Foster collective objectivity.
Printed for Sanja Knezevic D. Foster individual objectivity.
fb.com/ciaaofficial Answer (A) is incorrect. Independence is a quality of the internal
[140] Gleim #: 2.2.39 audit activity,
Internal auditors should be objective. Objectivity not the board.
Requires internal auditors not to subordinate their judgment on audit Answer (B) is incorrect. The concept of knowledge, skills, and
matters to competencies
that of others. applies to individual internal auditors.
A. Answer (C) is incorrect. Objectivity is an individual, not a collective,
Is required only in assurance B. engagements. quality.
Answer (D) is correct. The CAE must establish policies and Answer (A) is incorrect. The CAE’s responsibility with regard to the
procedures to assess objectivity
the objectivity of individual internal auditors. of internal auditors is to assess and maintain.
[142] Gleim #: 2.2.41 Answer (B) is incorrect. The CAE’s responsibility with regard to the
Which of the following is a true statement regarding the timing of objectivity
assessments of of internal auditors is to assess and maintain.
individual objectivity on the part of internal auditors? Answer (C) is incorrect. The CAE’s responsibility with regard to the
A. It must be performed annually. objectivity
B. It must be performed in conjunction with the audit risk of internal auditors is to assess and maintain.
assessment. Answer (D) is correct. The CAE must establish policies and
C. It is performed at the discretion of the board. procedures to assess
D. It is performed at the discretion of the CAE. the objectivity of individual internal auditors.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [144] Gleim #: 2.2.43
(720 questions) The CAE bears the responsibility to do which of the following?
Copyright 2013 Gleim Publications Inc. Page 75 A. Encourage the objectivity of the board.
Printed for Sanja Knezevic B. Encourage the objectivity of the CEO.
Answer (A) is incorrect. The CAE determines the appropriate time C. Foster an attitude of professional skepticism among members of
frame for the board.
assessing the objectivity of internal audit staff. D. Maintain individual objectivity.
Answer (B) is incorrect. The CAE determines the appropriate time Answer (A) is incorrect. Objectivity is a quality of individual internal
frame for assessing auditors,
the objectivity of internal audit staff. not the board.
Answer (C) is incorrect. The CAE determines the appropriate time Answer (B) is incorrect. Objectivity is a quality of individual internal
frame for assessing auditors,
the objectivity of internal audit staff. not the CEO.
Answer (D) is correct. The CAE must establish policies and Answer (C) is incorrect. The CAE must establish policies and
procedures to assess the procedures to
objectivity of individual internal auditors. These can take the form of assess the objectivity of individual internal auditors.
periodic reviews Answer (D) is correct. The CAE must establish policies and
of conflicts of interest or as-needed assessments during the staffing procedures to assess
requirements phase the objectivity of individual internal auditors.
of each engagement. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[143] Gleim #: 2.2.42 (720 questions)
Which of the following actions is required of the CAE in regard to the Copyright 2013 Gleim Publications Inc. Page 76
objectivity of Printed for Sanja Knezevic
internal auditors? fb.com/ciaaofficial
A. Maximize. [145] Gleim #: 2.2.44
B. Prioritize. Maintaining individual objectivity of internal auditors is the
C. Manage. responsibility of
D. Assess. The chairperson of the A. board of directors.
B. The chairperson of the audit committee. [147] Gleim #: 2.2.46
C. The external assessment team. Which of the following actions is required of the CAE and internal
D. The chief audit executive. auditors
Answer (A) is incorrect. The responsibility rests with the CAE and themselves in regard to the objectivity of internal auditors?
with internal A. Maintain.
auditors themselves to maintain a sense of objectivity. B. Delegate.
Answer (B) is incorrect. The responsibility rests with the CAE and C. Enhance.
with internal D. Promote.
auditors themselves to maintain a sense of objectivity. The factor Gleim CIA Test Prep: Part 1 - Internal Audit Basics
most important (720 questions)
to the maintenance of individual objectivity. Copyright 2013 Gleim Publications Inc. Page 77
Answer (C) is incorrect. The responsibility rests with the CAE and Printed for Sanja Knezevic
with internal Answer (A) is correct. The responsibility rests with the CAE and with
auditors themselves to maintain a sense of objectivity. internal
Answer (D) is correct. The responsibility rests with the CAE and with auditors themselves to maintain a sense of objectivity.
internal Answer (B) is incorrect. The responsibility rests with the CAE and
auditors themselves to maintain a sense of objectivity. with internal
[146] Gleim #: 2.2.45 auditors themselves to maintain a sense of objectivity.
Maintaining individual objectivity is most dependent on Answer (C) is incorrect. The responsibility rests with the CAE and
Clearly informing auditee departments and functions of The IIA with internal
definition of auditors themselves to maintain a sense of objectivity.
conflict of interest. Answer (D) is incorrect. The responsibility rests with the CAE and
A. with internal
B. An annual evaluation by the board. auditors themselves to maintain a sense of objectivity.
C. An annual evaluation by an external assessment team. [148] Gleim #: 2.3.47
D. Internal auditors avoiding conflicts of interest. When faced with an imposed scope limitation, the chief audit
Answer (A) is incorrect. The responsibility rests with the CAE and executive needs to
with internal Refuse to perform the engagement until the scope limitation A. is
auditors themselves to maintain a sense of objectivity. removed.
Answer (B) is incorrect. The responsibility rests with the CAE and B. Communicate the potential effects of the scope limitation to the
with internal board.
auditors themselves to maintain a sense of objectivity. C. Increase the frequency of engagements concerning the activity in
Answer (C) is incorrect. The responsibility rests with the CAE and question.
with internal D. Assign more experienced personnel to the engagement.
auditors themselves to maintain a sense of objectivity. Answer (A) is incorrect. The engagement may be conducted under
Answer (D) is correct. Internal auditors should be aware of the a scope
possibility of new limitation.
conflicts of interest that may arise owing to changes in personal Answer (B) is correct. A scope limitation, along with its potential
circumstances or effect, needs to
the particular auditees to which an auditor may be assigned.
be communicated, preferably in writing, to the board (PA 1130-1, they are implemented.
para. 3). Answer (B) is correct. Persons transferred to or temporarily engaged
Answer (C) is incorrect. A scope limitation does not necessarily by the internal
require more audit activity should not be assigned to audit those activities they
frequent engagements. previously performed
Answer (D) is incorrect. A scope limitation does not necessarily until at least 1 year has elapsed. Such assignments are presumed to
require more impair objectivity
experienced personnel. (PA 1130.A1-1, para. 1).
[149] Gleim #: 2.3.48 Answer (C) is incorrect. Objectivity is not adversely affected when
In which of the following situations does an internal auditor potentially the internal auditor
lack recommends standards of control for systems or reviews procedures
objectivity? before they are
An internal auditor reviews the procedures for a new electronic data implemented.
interchange Answer (D) is incorrect. Use of staff from other areas to assist the
(EDI) connection to a major customer before it is implemented. internal auditor
A. does not impair objectivity, especially when the staff is from outside
A former purchasing assistant performs a review of internal controls of the area where
over the engagement is being performed.
purchasing 4 months after being transferred to the internal auditing [150] Gleim #: 2.3.49
department. The internal auditors must be able to distinguish carefully between a
B. scope limitation
An internal auditor recommends standards of control and and other limitations. Which of the following is not considered a
performance measures scope limitation?
for a contract with a service organization for the processing of payroll The divisional management of an engagement client has indicated
and that the
employee benefits. division is in the process of converting a major computer system and
C. has indicated
A payroll accounting employee assists an internal auditor in verifying that the information systems portion of the planned engagement will
the physical have to be
inventory of small motors. postponed until next year.
D. A.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics The board reviews the engagement work schedule for the year and
(720 questions) deletes an
Copyright 2013 Gleim Publications Inc. Page 78 engagement that the chief audit executive thought was important to
Printed for Sanja Knezevic conduct.
fb.com/ciaaofficial B.
Answer (A) is incorrect. Objectivity is not adversely affected when The engagement client has indicated that certain customers cannot
the internal be contacted
auditor recommends standards of control for systems or reviews because the organization is in the process of negotiating a long-term
procedures before contract with
the customers and they do not want to upset the customers. account classification dealing with research and development
C. expense. We are aware
None of the answers D. are correct. of the issue. You are directed to discontinue any further investigation
Answer (A) is incorrect. Postponing the portion of an engagement of this matter
concerning a until informed by me to proceed. Under the confidentiality standard of
major computer system is a scope limitation. This delay restricts the your
performance profession, I also direct you not to communicate with the outside
of engagement procedures. auditors regarding
Answer (B) is correct. The board’s decision to delete an this issue.”
engagement from the Which of the following is an appropriate action for the CAE to take
annual engagement work schedule is not a scope limitation. The regarding the
board’s approval questionable item?
of the internal audit plan is part of the functional reporting relationship Immediately report the communication to The IIA and ask for an
of the ethical
internal audit activity to the board (PA 1110-1, para. 3). interpretation and guidance.
Answer (C) is incorrect. Prohibiting contact with certain customers is A.
a scope Inform the president that this scope limitation will need to be reported
limitation. This prohibition restricts the performance of specific to the
procedures. board.
Answer (D) is incorrect. Other answer choices state scope B.
limitations. Continue to investigate the area until all the facts are determined and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics document all
(720 questions) the relevant facts in the engagement records.
Copyright 2013 Gleim Publications Inc. Page 79 C.
Printed for Sanja Knezevic Immediately notify the external auditors of the problem to avoid
[151] Gleim #: 2.3.50 aiding and
During the course of an engagement, an internal auditor makes a abetting a potential crime by the organization.
preliminary D.
determination that a major division has been inappropriately Answer (A) is incorrect. The IIA has no authority in this matter.
capitalizing research and Answer (B) is correct. A scope limitation along with its potential
development expense. The engagement is not yet completed, and effect need to
the internal auditor be communicated, preferably in writing, to the board (PA 1130-1,
has not documented the problem or determined that it really is a para. 3).
problem. However, Answer (C) is incorrect. The CAE needs first to consult the board.
the internal auditor is informed that the chief audit executive has The CAE adds
received the value by serving the organization, and the board may, in fact, be fully
following communication from the president of the organization: aware of the
“The controller of Division B informs me that you have discovered a problem and may not want to incur additional costs.
questionable Answer (D) is incorrect. The engagement work is preliminary, and
the internal
auditor has not yet formed a basis for an opinion. Thus, contacting properties relevant to the performance of engagements (PA 1130-1,
the external para. 2). A scope
auditors is premature. However, if an inquiry is made by the external limitation and its potential effect need to be communicated,
auditors, the preferably in writing, to the board
internal auditors should share the work done to date. (PA 1130-1, para. 3).
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Merely delaying the engagement to permit
(720 questions) closing the books is not
Copyright 2013 Gleim Publications Inc. Page 80 usually considered a scope limitation.
Printed for Sanja Knezevic Answer (D) is incorrect. Reporting is necessary.
fb.com/ciaaofficial [153] Gleim #: 2.3.52
[152] Gleim #: 2.3.51 An internal auditor who had been supervisor of the accounts payable
Which of the following combinations best illustrates a scope limitation section should
and the appropriate not perform an assurance review of that section
response by the CAE? Because a reasonable period of time in which to establish
Nature of Internal independence cannot be
Limitation Audit Action determined.
A. Engagement client limits scope based upon A.
proprietary information Until at least B. 1 year has elapsed.
Report only to the controller C. Until after the next annual review by the external auditors.
B. Engagement client will not provide access to records D. Until it is clear that the new supervisor has assumed the
needed for approved work schedule responsibilities.
Report to the board Answer (A) is incorrect. The issues are whether (1) objectivity (not
C. Engagement client requests that the engagement be independence) has been restored and (2) at least 1 year has
delayed for 2 weeks to allow it to close its books elapsed.
Report directly to the CEO and controller Answer (B) is correct. Persons transferred to, or temporarily
D. Engagement client will not allow internal auditor to engaged by, the
contact major customers as part of an engagement to internal audit activity should not be assigned to audit activities they
evaluate the efficiency of operations previously
No reporting needed because the performed until at least 1 year has elapsed. Such assignments are
operational engagement concerns presumed to
operational efficiency impair objectivity (PA 1130.A1-1, para. 1).
Answer (A) is incorrect. A scope limitation needs to be reported to Answer (C) is incorrect. The external review does not bear any
the board. relation to
Answer (B) is correct. A scope limitation is a restriction placed on the restoring the internal auditor’s objectivity.
internal audit activity Answer (D) is incorrect. The new supervisor presumably would have
that precludes it from accomplishing its objectives and plans. Among assumed
other things, a scope his/her responsibilities immediately. Hence, 1 year could not have
limitation may restrict the internal audit activity’s access to records, elapsed.
personnel, and physical Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 81 has elapsed. Such assignments are presumed to impair objectivity,
Printed for Sanja Knezevic and additional
[154] Gleim #: 2.3.53 consideration should be exercised when supervising the engagement
A treasury department employee transferred to the internal audit work and
activity of the same communicating engagement results (PA 1130.A1-1, para. 1).
organization last month. The chief financial officer of the organization Answer (D) is incorrect. The preparation of the engagement work
has suggested program offers
that, because of the employee’s significant knowledge in this area, it significant opportunities for bias.
would be a good [155] Gleim #: 2.3.54
idea for the employee to immediately begin an engagement to The internal audit activity encounters a scope limitation from senior
evaluate the treasury management that
department. In this circumstance, the employee should will affect the activity’s ability to meet its goals and objectives for a
Accept the engagement and begin A. work immediately. potential
Discuss the need for such an engagement with the employee’s engagement client. The nature of the scope limitation needs to be
former superior, the Noted in the engagement working papers, but the engagement
treasurer. should be carried
B. out as scheduled and the scope limitation worked around, if possible.
Suggest that the engagement be performed by another member of A.
the internal Communicated to the external auditors, so they can investigate the
audit staff. area in more
C. detail.
Offer to prepare an engagement work program but suggest that B.
interviews with the C. Communicated, preferably in writing, to the board.
employee’s former co-workers be conducted by other members of Communicated to management stating that the limitation will not be
the internal accepted
audit staff. because it would impair the internal audit activity’s independence.
D. D.
Answer (A) is incorrect. The proposed engagement is presumed to Answer (A) is incorrect. The limitation needs to be communicated
impair first to the
objectivity. board.
Answer (B) is incorrect. Internal auditors are not to subordinate their Answer (B) is incorrect. No requirement or need to communicate the
judgment limitation to
on engagement matters to that of others. the external auditor exists.
Answer (C) is correct. Another internal auditor should be assigned. Answer (C) is correct. A scope limitation, along with its potential
Persons effect, needs to
transferred to or temporarily engaged by the internal audit activity be communicated, preferably in writing, to the board (PA 1130-1,
should not be para. 3).
assigned to audit those activities they previously performed until at Answer (D) is incorrect. The internal audit activity exists to help the
least 1 year organization
achieve its objectives. Thus, the internal auditors must communicate were occupied. This scope limitation, along with its potential effect,
with the must be
board about conflicts with management. communicated to which one of the following?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics The organization’s A. board of directors.
(720 questions) B. The board of directors of the VAN.
Copyright 2013 Gleim Publications Inc. Page 82 C. The board of directors of both the organization and the VAN.
Printed for Sanja Knezevic D. The limitation does not need to be communicated at the board of
fb.com/ciaaofficial directors level.
[156] Gleim #: 2.3.55 Answer (A) is correct. The scope limitation and its potential effect
A multinational organization has an agreement with a value-added should be
network (VAN) communicated, preferably in writing, to the board. However, the chief
that provides the encoding and communications transfer for the audit
organization’s executive needs to consider whether it is appropriate to inform the
electronic data interchange (EDI) and electronic funds transfer (EFT) board
transactions. regarding scope limitations that were previously communicated to
Before transfer of data to the VAN, the organization performs online and accepted
preprocessing of by the board (PA 1130-1, para. 3).
the transactions. The internal auditor is responsible for assessing Answer (B) is incorrect. The internal auditor should not
preprocessing communicate directly
controls. In addition, the agreement between the organization and with the board of the VAN.
the VAN states that Answer (C) is incorrect. The internal auditor should not
the internal auditor is allowed to examine and report on the controls communicate directly
in place at the with the board of the VAN.
VAN on an annual basis. The contract specifies that access to the Answer (D) is incorrect. A scope limitation must be communicated to
VAN can occur on a the board.
surprise basis during the second or third quarter of the fiscal year. [157] Gleim #: 2.3.56
This period was An internal auditor assigned to audit a vendor’s compliance with
chosen so it would not interfere with processing during the VAN’s product quality
peak transaction standards is the brother of the vendor’s controller. The auditor should
periods. This provision was not reviewed with internal auditing. The A. Accept the assignment but avoid contact with the controller during
annual fieldwork.
engagement work schedule approved by the board of directors Accept the assignment but disclose the relationship in the
specifies that a full engagement final
review would be done during the current year. communication.
When the internal auditor called to arrange the annual control review B.
during the third C. Notify the vendor of the potential conflict of interest.
quarter, the VAN stated that it could not accommodate the internal D. Notify the chief audit executive of the potential conflict of interest.
auditor because the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
peak processing period started earlier than normal this year and all (720 questions)
VAN personnel Copyright 2013 Gleim Publications Inc. Page 83
Printed for Sanja Knezevic may be responsible for it.
Answer (A) is incorrect. Given a family connection with the auditee, Answer (C) is incorrect. The external auditor should not be notified
even if the unless the
auditor avoids contact with the controller, the appearance of a conflict board believes it is necessary.
of interest Answer (D) is correct. A scope limitation, along with its potential
exists. effect needs to
Answer (B) is incorrect. Situations of potential conflict of interest or be communicated, preferably in writing, to the board (PA 1130-1,
bias should be para. 3).
avoided, not merely disclosed. [159] Gleim #: 2.3.58
Answer (C) is incorrect. Conflicts of interest are to be reported to the Independence is freedom from conditions that threaten the ability of
chief audit the internal audit
executive, not the vendor or engagement client. activity to carry out internal audit responsibilities in an unbiased
Answer (D) is correct. Internal auditors are to report to the chief manner. Which
audit executive policy best promotes independence?
(CAE) any situations in which an actual or potential impairment to Requiring internal auditors to report to the chief audit executive any
independence or conflicts of
objectivity may reasonably be inferred, or if they have questions interest or bias.
about whether a A.
situation constitutes an impairment to objectivity or independence Preventing the internal audit activity from recommending standards
(PA 1130-1, of control for
para. 1). systems that it evaluates.
[158] Gleim #: 2.3.57 B.
The internal audit activity should be free to audit and report on any C. Allowing engagements concerning sensitive operations to be
activity that also outsourced.
reports to its administrative head if it considers such coverage to be Preventing personnel transfers from operating activities to the
appropriate for its internal audit
audit plan. Any limitation in scope or reporting of results of these activity.
activities needs to be D.
brought to the attention of the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Chief A. executive officer. (720 questions)
B. Chief financial officer. Copyright 2013 Gleim Publications Inc. Page 84
C. External auditor. Printed for Sanja Knezevic
D. Board. fb.com/ciaaofficial
Answer (A) is incorrect. The CEO may be the administrative head of Answer (A) is correct. Internal auditors are to report to the chief
the internal audit executive
audit activity. (CAE) any situation in which (1) an actual or potential impairment of
Answer (B) is incorrect. The CFO is also responsible for the independence or
organization’s objectivity may reasonably be inferred or (2) they have questions
accounting functions. Thus, when a scope or reporting limitation about whether the
exists, the CFO
situation constitutes an impairment of objectivity or independence. If time, a future engagement may result in the appearance of
the CAE impairment of
determines that impairment exists or may be inferred, (s)he needs to objectivity. Thus, no consideration should be given to the
reassign the engagement status as
auditor(s) (PA 1130-1, para. 1). justification for receiving fees or gifts. The receipt of promotional
Answer (B) is incorrect. Internal auditing may recommend standards items (such as
of control for pens, calendars, or samples) that are available to the general public
systems that it evaluates. and have
Answer (C) is incorrect. Outsourcing certain engagements does not minimal value do not hinder internal auditors’ professional judgments
promote the (PA 1130-
independence of the internal audit activity. 1, para. 4). Impairment of independence or objectivity, in fact or
Answer (D) is incorrect. Transfers from operating activities to the appearance, must
internal audit be disclosed to appropriate parties (Attr. Std. 1130).
activity usually are permitted. However, transferees should not be Answer (B) is incorrect. The value of a weekend vacation is not
assigned to immaterial.
engagements concerning activities they previously performed until at Answer (C) is incorrect. The status of engagements is not a
least 1 year has justification for
elapsed. receiving fees or gifts.
[160] Gleim #: 2.3.59 Answer (D) is incorrect. A supervisor may not approve unethical
An internal auditor has recently received an offer from the manager behavior.
of the marketing Gleim CIA Test Prep: Part 1 - Internal Audit Basics
department of a weekend’s free use of his beachfront condominium. (720 questions)
No engagement is Copyright 2013 Gleim Publications Inc. Page 85
currently being conducted in the marketing department, and none is Printed for Sanja Knezevic
scheduled. The [161] Gleim #: 2.3.60
internal auditor As part of a company-sponsored award program, an internal auditor
Should reject the offer and report it to the appropriate A. supervisor. was offered an
B. May accept the offer because its value is immaterial. award of significant monetary value by a division in recognition of the
C. May accept the offer because no engagement is being conducted cost savings
or planned. that resulted from the auditor’s recommendations. According to the
D. May accept the offer if approved by the appropriate supervisor. International
Answer (A) is correct. An internal auditor is not to accept fees, gifts, Professional Practices Framework, what is the most appropriate
or action for the auditor
entertainment from an employee, client, customer, supplier, or to take?
business associate. Accept the gift because the engagement is already concluded and
Accepting a fee or gift may imply that the auditor’s objectivity has the report
been impaired. issued.
Even though an engagement is not being conducted in the applicable A.
area at that Accept the award under the condition that any proceeds B. go to
charity.
C. Inform audit management and ask for direction on whether to of the internal auditors?
accept the gift. One internal auditor told the review team that, during an engagement
D. Decline the gift and advise the division manager’s superior. to review the
Answer (A) is incorrect. The auditor should not accept the gift, payroll function, the payroll manager approached the auditor. The
despite the manager
previous completion of the engagement and issuance of the report. indicated the need for an accountant to prepare financial statements
Answer (B) is incorrect. The auditor should not accept the award for the
without first manager’s part-time business. The internal auditor agreed to perform
informing and consulting audit management. this work for
Answer (C) is correct. Internal auditors are not to accept fees, gifts, a reduced fee during non-work hours.
or A.
entertainment from an employee, client, customer, supplier, or During an engagement to review the construction of a building
business associate addition to the
that may create the appearance that the auditor’s objectivity has organization’s headquarters, the vice president of facilities
been impaired. management gave the
The status of engagements is not to be considered as justification for internal auditor a commemorative mug with the organization’s logo.
receiving These mugs
fees, gifts, or entertainment. Internal auditors are to report were distributed to all employees present at the ground-breaking
immediately the offer ceremony.
of all material fees or gifts to their supervisors. (PA 1130-1, para. 4). B.
Answer (D) is incorrect. Declining the gift and advising the division After reviewing the installation of a data processing system, the
manager’s internal auditor
superior could erode the audit function’s relationship with the division made recommendations on standards of control. Three months after
in completion of
question. The auditor should inform and consult audit management the engagement, the engagement client requested the internal
for guidance. auditor’s review of
Gleim CIA Test Prep: Part 1 - Internal Audit Basics certain procedures for adequacy. The internal auditor agreed and
(720 questions) performed this
Copyright 2013 Gleim Publications Inc. Page 86 review.
Printed for Sanja Knezevic C.
fb.com/ciaaofficial An internal auditor’s participation was requested on a task force to
[162] Gleim #: 2.3.61 reduce the
An internal audit activity is currently undergoing its first external organization’s inventory losses from theft and shrinkage. This is the
quality assurance first
review since its formation 3 years ago. From interviews, the review consulting assignment undertaken by the internal audit activity. The
team is informed internal
of certain internal auditor activities over the past year. Which of the auditor’s role is to advise the task force on appropriate control
following procedures.
activities could affect the quality assurance review team’s evaluation D.
of the objectivity
Answer (A) is correct. An internal auditor is not to accept a fee, gift, provides assurance services for an activity for which the internal
or auditor had
entertainment from an employee, client, customer, supplier, or responsibility within the previous year (PA 1130.A1-1, para. 1). Thus,
business associate if George
that may create the appearance that the auditor’s objectivity has provides assurance services for payroll, his objectivity is presumed to
been impaired be impaired.
(PA 1130-1, para. 4). However, internal auditors may provide consulting services relating
Answer (B) is incorrect. The receipt of promotional items with to operations for
minimal value which they had previous responsibilities (Impl. Std. 1130.C1).
does not impair objectivity. Answer (C) is incorrect. Providing assurance services regarding
Answer (C) is incorrect. Recommending standards of control before payroll will impair
implementation does not impair the internal auditor’s objectivity as the independence or objectivity of George.
long as (s)he Answer (D) is incorrect. Providing consulting services regarding
does not assume operating responsibilities. payroll will not
Answer (D) is incorrect. Reviewing procedures before impair the objectivity of George.
implementation does not [164] Gleim #: 2.4.63
impair the internal auditor’s objectivity as long as (s)he does not An organization has two manufacturing facilities. Each facility has
assume operating two manufacturing
responsibilities. processes and a separate packaging process. The processes are
[163] Gleim #: 2.3.62 similar at both
George is the new internal auditor for XYZ Corporation. George was facilities. Raw materials used include aluminum, materials to make
in charge of plastic, various
payroll for XYZ just 10 months ago. Performing what services in chemicals, and solvents. Pollution occurs at several operational
regard to payroll is stages, including raw
considered an impairment of independence or objectivity if performed materials handling and storage, process chemical use, finished
by George? goods handling, and
A. Consulting services. disposal. Waste products produced during the manufacturing
B. Assurance services. processes include several
C. Assurance or consulting services. that are considered hazardous. The nonhazardous waste is
D. Neither assurance nor consulting services. transported to the local
Gleim CIA Test Prep: Part 1 - Internal Audit Basics landfill. An outside waste vendor is used for the treatment, storage,
(720 questions) and disposal of all
Copyright 2013 Gleim Publications Inc. Page 87 hazardous waste.
Printed for Sanja Knezevic Management is aware of the need for compliance with environmental
Answer (A) is incorrect. Providing assurance services but not laws. The
consulting services organization recently developed an environmental policy including a
regarding payroll will impair the independence or objectivity of statement that
George. each employee is responsible for compliance with environmental
Answer (B) is correct. Objectivity is presumed to be impaired if an laws.
internal auditor
If the internal audit activity is assigned the responsibility of Grade point average on college A. accounting courses.
conducting an B. Ability to fit well socially into a group.
environmental audit, which of the following actions should be C. Ability to organize and express thoughts well.
performed first? D. Level of detailed knowledge of the organization.
Conduct risk assessments A. for each site. Answer (A) is incorrect. Although accounting educational
B. Review organizational policies and procedures and verify performance is
compliance. undoubtedly one criterion that must be examined, performance in
C. Provide the assigned staff with technical training. one subject area
D. Review the environmental management system. is much too limited a basis for predicting an applicant’s success
Answer (A) is incorrect. The internal auditors should conduct risk given the broad
assessments scope of internal auditing work.
for each site only after qualified people have been assigned to the Answer (B) is incorrect. Social skills are a benefit to any internal
project. auditor but
Answer (B) is incorrect. Audit procedures to verify compliance with cannot be considered the most important characteristic of a good
company candidate.
policies and procedures are performed only after an audit staff with Answer (C) is correct. Internal auditors must have skills in oral and
the needed written
knowledge, skills, and other competencies is assigned to the audit. communications to clearly and effectively convey such matters as
Answer (C) is correct. The internal audit activity collectively must engagement
possess or objectives, evaluations, conclusions, and recommendations (PA
obtain the necessary knowledge, skills, and other competencies 1210-1, para. 1).
needed to conduct Answer (D) is incorrect. Entry-level internal auditors typically have
the audit properly (Attr. Std. 1210). Thus, providing the assigned staff relatively
with little knowledge of the organization. Applicants should demonstrate a
adequate training or employing qualified external service providers is general
a first step knowledge of the organization, but this factor is not the most reliable
in an environmental audit. predictor of
Answer (D) is incorrect. Internal auditors should review the successful performance as an internal auditor.
environmental [166] Gleim #: 2.4.65
management system only after qualified people have been assigned A chief audit executive (CAE) for a very small internal audit
to the project. department has just
Gleim CIA Test Prep: Part 1 - Internal Audit Basics received a request from management to perform an audit of an
(720 questions) extremely complex area
Copyright 2013 Gleim Publications Inc. Page 88 in which the CAE and the department have no expertise. The nature
Printed for Sanja Knezevic of the audit
fb.com/ciaaofficial engagement is within the scope of internal audit activities.
[165] Gleim #: 2.4.64 Management has expressed
When hiring entry-level internal auditing staff, which of the following a desire to have the engagement conducted in the very near future
will most likely because of the high
predict the applicant’s success as an internal auditor?
level of risk involved. Which of the following responses by the CAE skills is a violation of this standard.
would be in Answer (D) is incorrect. Determining whether time is sufficient to
violation of the Standards? develop necessary
Discuss with management the possibility of outsourcing the audit of expertise is an appropriate response. Internal auditors should be
this complex committed to life-long
area. learning. Thus, it is not unreasonable to require them to expand their
A. knowledge, skills,
Add an outside consultant to the audit staff to assist in the and other competencies.
performance of the [167] Gleim #: 2.4.66
audit engagement. Your organization has selected you to develop an internal audit
B. activity. Your
C. Accept the audit engagement and begin immediately, since it is a approach will most likely be to hire
high-risk area. Internal auditors, each of whom possesses all the skills required to
Discuss the timeline of the audit engagement with management to handle all
determine if engagements.
sufficient time exists in which to develop appropriate expertise. A.
D. Inexperienced personnel and train them the way the organization
Gleim CIA Test Prep: Part 1 - Internal Audit Basics wants them
(720 questions) trained.
Copyright 2013 Gleim Publications Inc. Page 89 B.
Printed for Sanja Knezevic Degreed accountants because most internal audit work is C.
Answer (A) is incorrect. Outsourcing (delegating the engagement to accounting related.
an outside service Internal auditors who collectively have the knowledge and skills
provider) is an appropriate response when auditors do not possess needed to
the needed perform the responsibilities of the internal audit activity.
background or skills and cannot develop such skills in a timely D.
fashion. Answer (A) is incorrect. The scope of internal auditing is so broad
Answer (B) is incorrect. Adding a consultant (cosourcing) is an that one
appropriate response individual cannot have the requisite expertise in all areas.
when auditors do not possess the needed background or skills and Answer (B) is incorrect. The internal audit activity should have
cannot develop such personnel with
skills in a timely fashion. various skill levels to permit appropriate matching of internal auditors
Answer (C) is correct. The internal audit activity collectively must with
possess or obtain varying engagement complexities. Furthermore, experienced internal
the knowledge, skills, and other competencies needed to perform its auditors
responsibilities should be available to train and supervise less experienced staff
(Attr. Std. 1210). The auditors in this situation do not have such members.
expertise. Thus, Answer (C) is incorrect. Many skills are needed in internal auditing.
planning and executing the audit engagement without the For example,
appropriate background and
computer skills are needed in engagements involving information [169] Gleim #: 2.4.68
technology. The internal audit activity collectively must possess or obtain certain
Answer (D) is correct. The internal audit activity collectively must competencies,
possess or including an understanding of
obtain the knowledge, skills, and other competencies needed to Internal audit procedures A. and techniques.
perform its B. Accounting principles and techniques.
responsibilities (Attr. Std. 1210). C. Management principles.
[168] Gleim #: 2.4.67 D. Marketing techniques.
The internal audit activity collectively must possess or obtain certain Answer (A) is incorrect. The required competencies include
competencies, proficiency in, not an
including proficiency in understanding of, internal audit standards, procedures, and
A. Internal audit procedures and techniques. techniques.
B. Accounting principles and techniques. Answer (B) is incorrect. The internal audit activity collectively must
C. Management principles. have
D. Marketing techniques. proficiency in, not merely an understanding of, accounting principles
Gleim CIA Test Prep: Part 1 - Internal Audit Basics and
(720 questions) techniques.
Copyright 2013 Gleim Publications Inc. Page 90 Answer (C) is correct. An understanding means the ability to apply
Printed for Sanja Knezevic broad
fb.com/ciaaofficial knowledge to situations likely to be encountered, to recognize
Answer (A) is correct. Proficiency means the ability to apply significant
knowledge to situations deviations, and to be able to carry out the research necessary to
likely to be encountered and to deal with them without extensive arrive at
recourse to technical reasonable solutions. The required competencies include an
research and assistance. Internal auditors must be proficient in understanding of
applying internal audit management principles to recognize and evaluate the materiality and
standards, procedures, and techniques in performing engagements significance
(PA 1210-1, of deviations from good business practice (PA 1210-1, para. 1).
para. 1). Answer (D) is incorrect. Internal auditors ordinarily need not be
Answer (B) is incorrect. Only if internal auditors work extensively proficient in, or
with financial have an understanding or appreciation of, marketing techniques.
records and reports must they have proficiency in accounting [170] Gleim #: 2.4.69
principles and Internal auditing is unique in that its scope often encompasses all
techniques. areas of an
Answer (C) is incorrect. The required competencies include an organization. Thus, it is not possible for each internal auditor to
understanding of, not possess detailed
proficiency in, management principles. competence in all areas that might be the subject of engagements.
Answer (D) is incorrect. Internal auditors ordinarily need not be Which of the
proficient in following competencies must the internal audit activity possess
marketing techniques. collectively?
A. Understanding of taxation and law as it applies to operation of the Answer (B) is correct. An appreciation means the ability to recognize
organization. the
B. Proficiency in accounting principles. existence of problems or potential problems and to identify the
C. Understanding of management principles. additional research
D. Proficiency in information technology. to be undertaken or the assistance to be obtained. Internal auditors
Gleim CIA Test Prep: Part 1 - Internal Audit Basics must have an
(720 questions) appreciation of the fundamentals of business subjects, such as
Copyright 2013 Gleim Publications Inc. Page 91 accounting,
Printed for Sanja Knezevic economics, commercial law, taxation, finance, quantitative methods,
Answer (A) is incorrect. Internal auditors are required to have only information
an appreciation of technology, risk management, and fraud (PA 1210-1, para. 1).
taxation and law. Answer (C) is incorrect. The required competencies include an
Answer (B) is incorrect. Only if internal auditors work extensively understanding,
with financial not an appreciation, of management principles.
records and reports must they have proficiency in accounting Answer (D) is incorrect. Internal auditors ordinarily need not be
principles. proficient in, or
Answer (C) is correct. An understanding is the ability to apply broad have an understanding or appreciation of, marketing techniques.
knowledge to [172] Gleim #: 2.4.71
situations likely to be encountered, to recognize significant The internal audit activity collectively must possess or obtain certain
deviations, and to be able competencies,
to carry out the research necessary to arrive at reasonable solutions. excluding
The required A. Proficiency in applying internal audit standards.
competencies include an understanding of management principles to B. An understanding of management principles.
recognize and C. The ability to maintain good interpersonal relations.
evaluate the materiality and significance of deviations from good D. The ability to conduct training sessions in quantitative methods.
business practice. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Only a knowledge of key IT risks and (720 questions)
controls and available Copyright 2013 Gleim Publications Inc. Page 92
technology-based audit techniques is required of internal auditors. Printed for Sanja Knezevic
[171] Gleim #: 2.4.70 fb.com/ciaaofficial
The internal audit activity collectively must possess or obtain certain Answer (A) is incorrect. Proficiency in applying internal audit
competencies, standards, procedures,
including an appreciation of and techniques is among the required competencies.
Internal audit procedures A. and techniques. Answer (B) is incorrect. An understanding of management principles
B. Accounting principles and techniques. sufficient to
C. Management principles. recognize and evaluate the materiality and significance of deviations
D. Marketing techniques. from good
Answer (A) is incorrect. The required competencies include business practices is among the required competencies.
proficiency in Answer (C) is incorrect. Skills in dealing with people, understanding
applying internal audit standards, procedures, and techniques. human relations,
and maintaining satisfactory relationships with engagement clients economics, commercial law, taxation, finance, quantitative methods,
are among the information
required competencies. technology, risk management, and fraud.
Answer (D) is correct. The ability to conduct training sessions in Gleim CIA Test Prep: Part 1 - Internal Audit Basics
specific areas is not (720 questions)
among the required competencies. Copyright 2013 Gleim Publications Inc. Page 93
[173] Gleim #: 2.4.72 Printed for Sanja Knezevic
Internal auditors must possess the knowledge, skills, and other [174] Gleim #: 2.4.73
competencies essential The Standards require that internal auditors possess which of the
to the performance of their individual responsibilities. Consequently, following skills?
all internal Internal auditors should understand human relations and be skilled in
auditors should be proficient in applying dealing with
Internal A. auditing standards. people.
B. Quantitative methods. I.
C. Management principles. Internal auditors should be able to recognize and evaluate the
D. Structured systems analysis. materiality and
Answer (A) is correct. All internal auditors should be proficient in significance of deviations from good business practices.
applying II.
internal auditing standards, procedures, and techniques required in Internal auditors should be experts on subjects such as economics,
performing commercial
engagements. Proficiency means the ability to apply knowledge to law, taxation, finance, and information technology.
situations likely III.
to be encountered and to deal with them without extensive recourse Internal auditors should be skilled in oral and written IV.
to technical communication.
research and assistance (PA 1210-1, para. 1). A. II only.
Answer (B) is incorrect. Internal auditors must have an appreciation B. I and III only.
of, not C. III and IV only.
proficiency in, the fundamentals of business subjects such as D. I, II, and IV only.
quantitative Answer (A) is incorrect. Internal auditors also should understand
methods. human relations
Answer (C) is incorrect. Internal auditors must have an and be skilled in dealing with people and in oral and written
understanding of, not communication.
proficiency in, management principles to recognize and evaluate the Answer (B) is incorrect. Internal auditors are expected to have an
materiality appreciation of
and significance of deviations from good business practices. (not be experts in) fields related to their audit responsibilities.
Answer (D) is incorrect. Internal auditors must have an appreciation Moreover, internal
of, not auditors should be able to recognize and evaluate the materiality and
proficiency in, the fundamentals of business subjects such as significance
accounting, of deviations from good business practices.
Answer (C) is incorrect. Internal auditors must have an appreciation D.
of, not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
expertise in, the fundamentals of fields related to their audit (720 questions)
responsibilities. They Copyright 2013 Gleim Publications Inc. Page 94
also should understand human relations and be skilled in dealing Printed for Sanja Knezevic
with people. fb.com/ciaaofficial
Furthermore, they should be able to recognize and evaluate the Answer (A) is incorrect. The internal auditors should be able to
materiality and convey effectively
significance of deviations from good business practices. engagement objectives.
Answer (D) is correct. Skills required by the Standards for internal Answer (B) is incorrect. The internal auditors should be able to
auditors convey effectively
include engagement evaluations.
Skills in dealing with people, understanding human relations, and Answer (C) is correct. Internal auditors must be skilled in oral and
maintaining written
satisfactory relationships with engagement clients. communications so that they can clearly and effectively convey such
Skills in oral and written communications to clearly and effectively matters as
convey engagement objectives, evaluations, conclusions, and
such matters as engagement objectives, evaluations, conclusions, recommendations (PA 1210-1,
and para. 1). The risk assessment used in selecting the area for
recommendations. investigation is not
An understanding of management principles to recognize and necessarily a matter that must be communicated to an engagement
evaluate the client.
materiality and significance of deviations from good business Answer (D) is incorrect. The internal auditors should be able to
practices. convey effectively
An appreciation of (not expertise in) of the fundamentals of business engagement recommendations.
subjects [176] Gleim #: 2.4.75
such as accounting, economics, commercial law, taxation, finance, Internal auditors must have the knowledge, skills, and other
quantitative methods, information technology, risk management, and competencies needed to
fraud perform their individual responsibilities. Which of the following
(PA 1210-1, para. 1). properly describes
[175] Gleim #: 2.4.74 the level of knowledge, skill, or other competency required? Internal
Communication skills are important to internal auditors. They should auditors must
be able to have
convey effectively all of the following to engagement clients except Proficiency in applying internal auditing standards and procedures
A. The objectives designed for a specific engagement. without
B. The engagement evaluations based on a survey. extensive recourse to technical research and assistance.
C. The risk assessment used in selecting the area for investigation. A.
Recommendations that are generated in relationship to a specific Proficiency in applying knowledge of accounting and information
engagement technology to
client. specific or potential problems.
B. What is the most appropriate preventive measure for staff
An understanding of broad techniques used in supporting and communication problems
developing with engagement clients?
engagement observations and the ability to research the proper Provide staff with sufficient training to enhance communication A.
procedures to be skills.
used in any engagement situation. B. Avoid unnecessary communication with engagement clients.
C. C. Discuss communication problems with staff auditors.
A broad appreciation of accounting principles and techniques during D. Meet with engagement clients to resolve communication
engagements problems.
involving the financial records and reports of the organization. Answer (A) is correct. Internal auditors must be skilled in oral and
D. written
Answer (A) is correct. Proficiency means the ability to apply communications so that they can clearly and effectively convey such
knowledge to matters as
situations likely to be encountered and to deal with them without engagement objectives, evaluations, conclusions, and
extensive recommendations (PA
recourse to technical research and assistance. An internal auditor 1210-1, para. 1).
must be Answer (B) is incorrect. The issue is the quality rather than the
proficient in applying internal auditing standards, procedures, and quantity of
techniques in communication.
performing engagements (PA 1210-1, para. 1). Answer (C) is incorrect. Communication problems should be
Answer (B) is incorrect. An appreciation of the fundamentals of, not resolved through
proficiency effective training.
in, information technology is required. Proficiency in accounting Answer (D) is incorrect. Meeting with engagement clients will not
principles and resolve
techniques is required only if the internal auditor works extensively problems caused by poor staff communication skills.
with financial [178] Gleim #: 2.5.77
records and reports. As part of the process to improve internal auditor-engagement client
Answer (C) is incorrect. Proficiency in, not an understanding of, relations, it is
internal auditing very important to deal with how the internal audit activity is
standards, procedures, and techniques is required. perceived. Certain types
Answer (D) is incorrect. Proficiency in, not an appreciation of, of attitudes in the work performed will help create these perceptions.
accounting From a
principles and techniques is required when the internal auditor works management perspective, which attitude is likely to be the most
extensively conducive to a
with financial records and reports. positive perception?
Gleim CIA Test Prep: Part 1 - Internal Audit Basics A. Objective.
(720 questions) B. Investigative.
Copyright 2013 Gleim Publications Inc. Page 95 C. Interrogatory.
Printed for Sanja Knezevic D. Consultative.
[177] Gleim #: 2.4.76
Answer (A) is incorrect. Objectivity is desirable but, by itself, will not Answer (D) is incorrect. Internal auditors are not independent if they
lead to a implement
more positive relationship. policies and procedures.
Answer (B) is incorrect. An investigative attitude is not likely to [180] Gleim #: 2.5.79
enhance the Which one of the following is responsible for determining the
relationship. appropriate levels of
Answer (C) is incorrect. An interrogatory attitude is not likely to education and experience needed for the internal audit staff?
enhance the Human A. resource manager.
relationship. B. Chief audit executive.
Answer (D) is correct. A consultative attitude leads to two-way C. Chief executive officer.
communication. D. Treasurer.
Consultation considers the client’s viewpoint, helps to dispel fear and Answer (A) is incorrect. Hiring practices are an essential part of
mistrust, understanding
and demonstrates the value of internal auditing to the client. the internal audit staff’s background, but the human resource
[179] Gleim #: 2.5.78 manager is not
The consultative approach to internal auditing emphasizes responsible for determining the appropriate levels of education and
A. Imposition of corrective measures. experience
B. Participation with engagement clients to improve methods. needed for the internal audit staff.
C. Fraud investigation. Answer (B) is correct. The CAE must ensure that the internal audit
D. Implementation of policies and procedures. activity is
Gleim CIA Test Prep: Part 1 - Internal Audit Basics able to fulfill its responsibilities. The CAE must determine the
(720 questions) appropriate levels
Copyright 2013 Gleim Publications Inc. Page 96 of education and experience needed for the internal audit staff to
Printed for Sanja Knezevic fulfill that
fb.com/ciaaofficial responsibility.
Answer (A) is incorrect. Imposition of changes implies an Answer (C) is incorrect. The chief executive officer is not directly
adversarial relationship. responsible for
Answer (B) is correct. Consultation with the engagement client not determining the appropriate levels of education and experience
only facilitates the needed for the
planning and performance of the engagement but is a courtesy that internal audit staff.
enhances the Answer (D) is incorrect. The treasurer is not responsible for
internal auditor-client relationship. Developing a positive relationship determining the
produces a more appropriate levels of education and experience needed for the
favorable environment for the engagement effort. Moreover, involving internal audit staff.
the client in the [181] Gleim #: 2.5.80
engagement process is likely to increase acceptance of All of the following will help the CAE identify the available knowledge,
recommended changes. skills, and
Answer (C) is incorrect. Consultation is less likely when the client is competencies of the internal audit staff except
suspected of A. Hiring practices.
fraud. B. Periodic skills assessment.
C. External service provider. Answer (A) is incorrect. Use of external service providers with
D. Staff performance appraisals. expertise in
Gleim CIA Test Prep: Part 1 - Internal Audit Basics healthcare benefits is also appropriate when comparing healthcare
(720 questions) costs with those
Copyright 2013 Gleim Publications Inc. Page 97 of other programs and training staff to conduct healthcare audits.
Printed for Sanja Knezevic Answer (B) is incorrect. Use of external service providers with
Answer (A) is incorrect. Hiring practices are an essential part of expertise in
understanding the healthcare benefits is also appropriate when evaluating the
background of the internal audit staff. estimated liability for
Answer (B) is incorrect. The CAE should conduct periodic skills postretirement benefits and training staff to conduct healthcare
assessments to audits.
determine the specific resources available. Answer (C) is incorrect. Use of external service providers with
Answer (C) is correct. External service providers are used when the expertise in
internal audit staff healthcare benefits is also appropriate when comparing healthcare
does not have the necessary knowledge, skills, and competencies to costs with those
fulfill the of other programs and evaluating the estimated liability for
responsibilities of the internal audit activity. postretirement
Answer (D) is incorrect. Staff performance appraisals are completed benefits.
at the end of any Answer (D) is correct. If the internal auditors lack the necessary
major internal audit engagement. These appraisals help the CAE expertise,
assess future training external service providers should be employed who can provide the
needs and current staff abilities. requisite
[182] Gleim #: 2.5.81 knowledge, skills, and other competencies. Thus, external service
Use of external service providers with expertise in healthcare providers may
benefits is appropriate provide assistance in (1) estimating the liability for postretirement
when the internal audit activity is benefits,
Evaluating the organization’s estimate of its liability for postretirement (2) developing a comparative analysis of healthcare costs, and (3)
benefits, training the staff
which include healthcare benefits. to audit healthcare costs.
A. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Comparing the cost of the organization’s healthcare program with (720 questions)
other programs Copyright 2013 Gleim Publications Inc. Page 98
offered in the industry. Printed for Sanja Knezevic
B. fb.com/ciaaofficial
Training its staff to conduct an audit of healthcare costs in a major [183] Gleim #: 2.5.82
division of the A chief audit executive has reviewed credentials, checked
organization. references, and interviewed
C. a candidate for a staff position. The CAE concludes that the
All of the answers D. are correct. candidate has a thorough
understanding of internal audit techniques, accounting, and finance. A. Delete the engagement from the schedule.
However, the B. Perform the entire engagement using current staff.
candidate has limited knowledge of economics and information C. Engage an engineering consultant to perform the comparison.
technology. Which D. Accept the contractor’s written representations.
action is most appropriate? Answer (A) is incorrect. The engagement is within the scope of the
Reject the candidate because of the lack of knowledge required A. by internal audit
the Standards. activity.
B. Offer the candidate a position despite lack of knowledge in certain Answer (B) is incorrect. Performing the engagement using the
essential areas. current
Encourage the candidate to obtain additional training in economics (unqualified) staff is inappropriate.
and Answer (C) is correct. If the internal auditors lack the necessary
information technology and then reapply. expertise,
C. external service providers should be employed who can provide the
Offer the candidate a position if other staff members possess requisite
sufficient knowledge knowledge, skills, and other competencies.
in economics and information technology. Answer (D) is incorrect. Accepting the contractor’s representations
D. without
Answer (A) is incorrect. The Standards do not require each internal adequate testing is inappropriate.
auditor to Gleim CIA Test Prep: Part 1 - Internal Audit Basics
possess a knowledge of all relevant subjects. (720 questions)
Answer (B) is incorrect. The internal audit activity’s needs may be Copyright 2013 Gleim Publications Inc. Page 99
for additional Printed for Sanja Knezevic
expertise in economics or information technology. [185] Gleim #: 2.5.84
Answer (C) is incorrect. Encouraging the candidate to obtain If the internal audit activity of a nonpublic company does not have the
additional training skills to
does not adequately address the internal audit activity’s current perform a particular task, an external service provider (ESP) could be
needs. brought in from
Answer (D) is correct. Each member of the internal audit activity The organization’s I. external audit firm
need not be II. An external consulting firm
qualified in all disciplines (PA 1210.A1-1, para. 1). III. The engagement client
[184] Gleim #: 2.5.83 IV. A college or university
An internal audit activity has scheduled an engagement relating to a A. I and II only.
construction B. II and IV only.
contract. One portion of this engagement will include comparing C. I, II, and III only.
materials purchased D. I, II, and IV only.
with those specified in the engineering drawings. The internal audit Answer (A) is incorrect. An ESP from a college or university is also
activity does not acceptable.
have anyone on staff with sufficient expertise to complete this Answer (B) is incorrect. An ESP from a nonpublic organization’s
procedure. The chief external audit
audit executive should firm is also acceptable.
Answer (C) is incorrect. An ESP from the engagement client is not professionalism.
independent. Answer (C) is incorrect. This requirement does not affect use of
Answer (D) is correct. Qualified ESPs may be recruited from many external service
sources. providers.
However, an ESP associated with the engagement client is Answer (D) is correct. Each member of the internal audit activity
unacceptable because need not be
the person would not be independent or objective. qualified in all disciplines (PA 1210.A1-1, para. 1). The internal audit
[186] Gleim #: 2.5.85 activity
A chief audit executive for a large manufacturer is considering should have an appropriate balance of experience, training, and
revising the internal skills to permit the
audit activity’s charter with respect to the minimum educational and performance of a wide range of services. Requiring certain
experience professional
qualifications required. The CAE wants to require all staff auditors to certifications could limit the range of services offered by the internal
possess audit
specialized training in accounting and a professional auditing activity.
certification such as the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Certified Internal Auditor or the Chartered Accountant. One of the (720 questions)
disadvantages of Copyright 2013 Gleim Publications Inc. Page 100
imposing this requirement is that the policy Printed for Sanja Knezevic
Might negatively affect the internal audit activity’s ability to perform fb.com/ciaaofficial
quality [187] Gleim #: 2.5.86
engagements relating to the organization’s financial and accounting A professional engineer applied for a position in the internal audit
systems. activity of a high
A. technology firm. The engineer became interested in the position after
B. Does not promote the professionalism of the internal audit activity. observing
Would prevent the internal audit activity from using external service several internal auditors while they were performing an engagement
providers in the engineering
when it did not have the knowledge, skills, and other competencies department. The chief audit executive
required in Should not hire the engineer because of the lack of knowledge of
certain engagements. internal audit
C. standards.
Could limit the range of services that could be performed due to the A.
internal audit May hire the engineer despite the lack of knowledge of internal B.
activity’s narrow expertise and backgrounds. audit standards.
D. Should not hire the engineer because of the lack of knowledge of
Answer (A) is incorrect. The policy might result in better accounting and
engagements relating to taxes.
financial and accounting systems. C.
Answer (B) is incorrect. Setting minimum professional standards May hire the engineer because of the knowledge of internal auditing
promotes gained in the
previous position. Answer (C) is incorrect. Checking an applicant’s references is an
D. appropriate
Answer (A) is incorrect. Each new employee of an internal audit procedure to determine a prospective auditor’s qualifications.
activity is not Answer (D) is incorrect. Determining previous job experience is
required to have knowledge of internal audit standards. However, the appropriate
internal during the hiring process.
audit activity collectively must have this knowledge. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (B) is correct. Each member of the internal audit activity (720 questions)
need not be Copyright 2013 Gleim Publications Inc. Page 101
qualified in all disciplines (PA 1210.A1-1, para. 1). Printed for Sanja Knezevic
Answer (C) is incorrect. Each individual internal auditor is not [189] Gleim #: 2.5.88
required to have A chief audit executive (CAE) has been requested by the audit
knowledge of accounting or taxes. committee to conduct
Answer (D) is incorrect. The knowledge acquired by observation is an engagement at a chemical factory as soon as possible. The
irrelevant to engagement will include
the skills necessary for internal auditing. reviews of health, safety, and environmental (HSE) management and
[188] Gleim #: 2.5.87 processes. The
Reasonable assurance should be obtained as to each prospective CAE knows that the internal audit activity does not possess the HSE
internal auditor’s knowledge
qualifications and proficiency. Which of the following is the least necessary to conduct such an engagement. The CAE must
useful application Begin the engagement and incorporate HSE training into next year’s
of this principle? planning to
A. Determining that all applicants have an accounting degree. prepare for a follow-up engagement.
B. Obtaining college transcripts. A.
C. Checking an applicant’s references. Suggest to the audit committee that the factory’s own HSE staff
D. Determining previous job experience. conduct the
Answer (A) is correct. Internal auditors must possess the engagement.
knowledge, skills, and B.
other competencies needed to perform their individual Seek permission from the audit committee to obtain appropriate
responsibilities. The support from an
internal audit activity collectively must possess or obtain the HSE professional.
knowledge, skills, C.
and other competencies needed to perform its responsibilities (Attr. Defer the engagement and tell the audit committee that it will take
Std. 1210). several months
Each member of the internal audit activity, however, need not be to train internal audit staff for such an engagement.
qualified in all D.
disciplines (PA 1210.A1-1, para. 1). Answer (A) is incorrect. The CAE should not begin the audit without
Answer (B) is incorrect. Obtaining college transcripts is an notifying
appropriate procedure the audit committee of the knowledge issue and attempting to
to determine a prospective auditor’s qualifications. resolve it.
Answer (B) is incorrect. A review by the factory’s HSE staff will not Copyright 2013 Gleim Publications Inc. Page 102
provide the Printed for Sanja Knezevic
audit committee with an independent review. fb.com/ciaaofficial
Answer (C) is correct. The chief audit executive must obtain Answer (A) is incorrect. Assessing self-insurance controls is outside
competent advice the normal scope
and assistance if the internal auditors lack the knowledge, skills, or of the internal audit activity. The internal auditor may need to engage
other an actuary.
competencies needed to perform all or part of the engagement Answer (B) is incorrect. Assessing self-insurance risks is outside the
(Impl. Std. 1210.A1). normal scope of
Answer (D) is incorrect. Delaying the engagement may have serious the internal audit activity. The internal auditor may need to engage an
consequences given the nature of the HSE issues involved. actuary.
[190] Gleim #: 2.5.89 Answer (C) is incorrect. An internal auditor might be able to
When the engagement was assigned, management asked the determine whether the
internal auditor to healthcare costs are reasonable.
evaluate the appropriateness of using self-insurance to minimize risk Answer (D) is correct. The internal audit activity may use external
to the service providers
organization. Given the scope of the engagement requested by or internal sources that are qualified in disciplines such as
management, should accounting, auditing,
the internal auditor engage an actuarial consultant to assist in the economics, finance, statistics, information technology, engineering,
engagement if these taxation, law,
skills do not exist on staff? environmental affairs, and other areas as needed to meet the internal
No. The internal audit activity is skilled in assessing controls, and the audit activity’s
insurance responsibilities (PA 1210.A1-1, para. 1). Thus, unless the internal
control concepts are not distinctly different from other control audit activity has an
concepts. employee with actuarial skills, an actuarial consultant should be hired
A. to assess selfinsurance
No. It is a normal internal auditor function to assess risk; this risks.
engagement is [191] Gleim #: 2.5.90
therefore not unique. The internal audit activity is considering hiring a person who has a
B. thorough
Yes. An actuary is essential to determine whether the healthcare understanding of internal auditing techniques, accounting, and
costs are principles of
reasonable. management but has nonspecialized knowledge of economics and
C. information
Yes. The actuary has skills not usually found among internal auditors technology. Hiring the person is most appropriate if
to identify A professional development program is agreed to in advance A. of
and quantify self-insurance risks. actual hiring.
D. A mentor is assigned to ensure completion of an individually
Gleim CIA Test Prep: Part 1 - Internal Audit Basics designed
(720 questions) professional development program.
B. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Other internal auditors possess sufficient knowledge of economics (720 questions)
and Copyright 2013 Gleim Publications Inc. Page 103
information technology. Printed for Sanja Knezevic
C. Answer (A) is correct. The CAE should conduct periodic skills
The prospective employee could reasonably be expected to gain assessments to
sufficient determine the specific resources available. Assessments should be
knowledge of these competencies in the long run. performed at least
D. annually.
Answer (A) is incorrect. Regardless of their backgrounds, all internal Answer (B) is incorrect. Periodic skills assessments should be
auditors performed more
must enhance their knowledge, skills, and other competencies frequently than every 5 years.
through continuing Answer (C) is incorrect. Periodic skills assessments do not need to
professional development. be performed
Answer (B) is incorrect. The use of a mentor is encouraged quarterly.
regardless of the new Answer (D) is incorrect. Periodic skills assessments do not need to
internal auditor’s background. be performed
Answer (C) is correct. Internal auditors must possess the semiannually.
knowledge, skills, and [193] Gleim #: 2.5.92
other competencies needed to perform their individual An internal auditor’s objectivity could be compromised in all of the
responsibilities. The following
internal audit activity collectively must possess or obtain the situations except
knowledge, skills, A conflict A. of interest.
and other competencies needed to perform its responsibilities (Attr. An engagement client’s familiarity with the internal auditor due to lack
Std. 1210). of rotation
However, each member of the internal audit activity need not be in assignments.
qualified in all B.
disciplines (PA 1210.A1-1, para. 1). C. The internal auditor’s assumption of operational duties on a
Answer (D) is incorrect. Unless other internal auditors possess temporary basis.
sufficient D. Reliance on an outside service provider when appropriate.
knowledge of these competencies, hiring this person would Answer (A) is incorrect. By definition, a conflict of interest can
accentuate staffing compromise an
deficiencies. internal auditor’s objectivity.
[192] Gleim #: 2.5.91 Answer (B) is incorrect. The CAE can prevent potential and actual
At a minimum, how often should the skills of the internal audit staff conflicts of
be assessed? interest by, when practicable, rotating internal audit staff assignments
A. Annually. periodically.
B. Every 5 years. Answer (C) is incorrect. Persons transferred to, or temporarily
C. Quarterly. engaged by, the
D. Semi-annually.
internal audit activity should not be assigned to audit those activities independent sources. Previous customers or clients who are familiar
they with the ESP’s
previously performed until at least 1 year has elapsed. work can provide feedback based on their direct experience. The
Answer (D) is correct. The CAE must obtain competent advice and consensus of these
assistance if opinions is likely to be reliable.
the internal auditors lack the knowledge, skills, or other Answer (D) is incorrect. Determining the financial interest the ESP
competencies needed to may have in the
perform all or part of the engagement (Impl. Std. 1210.A1). organization relates to assessing independence and objectivity.
Consulting an outside [195] Gleim #: 2.5.94
service provider is therefore appropriate in these circumstances. In some organizations, internal audit functions are outsourced.
[194] Gleim #: 2.5.93 Management in a large
The CAE determines that an external service provider (ESP) organization should recognize that the external auditor may have an
possesses the necessary advantage,
knowledge, skills, and other competencies to perform the compared with the internal auditor, because of the external auditor’s
engagement. The most Familiarity with the organization. Its annual audits provide an in-
effective procedure to evaluate the ESP is depth knowledge
A. Considering the current compensation of the potential ESP. of the organization.
Verifying that no financial, organizational, or personal relationships A.
will prevent Size. It can hire experienced, knowledgeable, and B. certified staff.
the ESP from rendering impartial and unbiased judgments. Size. It is able to offer continuous availability of staff unaffected by
B. other
C. Contacting others familiar with the ESP’s work. priorities.
D. Determining the financial interest the ESP may have in the C.
organization. Structure. It may more easily accommodate engagement
Gleim CIA Test Prep: Part 1 - Internal Audit Basics requirements in distant
(720 questions) locations.
Copyright 2013 Gleim Publications Inc. Page 104 D.
Printed for Sanja Knezevic Answer (A) is incorrect. The internal auditors are likely to be more
fb.com/ciaaofficial familiar with
Answer (A) is incorrect. Considering the current compensation of the organization than the external auditors, given the continuous
the potential ESP nature of their
relates to assessing independence and objectivity. responsibilities.
Answer (B) is incorrect. Verifying that no financial, organizational, or Answer (B) is incorrect. The internal auditor also can hire
personal experienced,
relationships will prevent the ESP from rendering impartial and knowledgeable, and certified staff.
unbiased judgments Answer (C) is incorrect. The internal auditor is more likely to be
relates to assessing independence and objectivity. continuously
Answer (C) is correct. To evaluate the ESP’s reputation, the CAE available. The external auditor has responsibilities to many other
should interview clients.
Answer (D) is correct. Large organizations that are geographically auditors cannot give absolute assurance that noncompliance or
dispersed may irregularities do not
find outsourcing internal audit functions to external auditors to be exist (PA 1220-1, para. 2).
effective. A Answer (D) is incorrect. An internal auditor must recommend
major public accounting firm ordinarily has operations that are improvements to
national or promote conformance with acceptable procedures and practices.
worldwide in scope. [197] Gleim #: 2.6.96
[196] Gleim #: 2.6.95 An internal auditor observes that a receivables clerk has physical
Which of the following statements is true with respect to due access to and control
professional care? of cash receipts. The auditor worked with the clerk several years
An internal auditor should perform detailed tests of all transactions before and has a high
before level of trust in the individual. Accordingly, the auditor notes in the
communicating results. engagement
A. working papers that controls over receipts are adequate. Has the
An item should not be mentioned in an engagement communication auditor exercised due
unless the professional care?
internal auditor is absolutely certain of the item. Yes, reasonable care A. has been taken.
B. B. No, irregularities were not noted.
An engagement communication should never be viewed as providing C. No, alertness to conditions most likely indicative of irregularities
an infallible was not shown.
truth about a subject. D. Yes, the engagement working papers were annotated.
C. Answer (A) is incorrect. The auditor’s engagement observation is
D. An internal auditor has no responsibility to recommend inappropriate
improvements. given the lack of segregation of functions.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (B) is incorrect. No indication is given that irregularities have
(720 questions) occurred.
Copyright 2013 Gleim Publications Inc. Page 105 Answer (C) is correct. Internal auditors must be alert to those
Printed for Sanja Knezevic conditions and
Answer (A) is incorrect. An internal auditor must conduct reasonable activities where irregularities are most likely to occur and must
examinations identify
and verifications, but detailed tests of all transactions are not inadequate controls (PA 1220-1, para. 1). Thus, the internal auditor
required. did not
Answer (B) is incorrect. Absolute assurance need not, and cannot, exercise due professional care. Cash has a high degree of inherent
be given. risk and should
Answer (C) is correct. Due professional care implies reasonable therefore be subject to strict controls. Access to cash and the
care and competence, recordkeeping
not infallibility or extraordinary performance. Thus, it requires the functions should be separated regardless of the personal qualities of
internal auditor to the
conduct examinations and verifications to a reasonable extent. individuals involved. That the internal auditor trusts the clerk is
Accordingly, internal irrelevant.
Management still needs to be aware that internal control over engagement. However, the assurance engagement may still include
receivables is the item if it is
inadequate. subsequently determined that
Answer (D) is incorrect. Annotating the working papers does not Sufficient A. staff is available.
indicate that the B. Adverse effects related to the item are likely to occur.
auditor exercised due professional care. Cash has a high inherent C. Related information is reliable.
risk of D. Miscellaneous income is affected.
irregularities, and professional judgment and alertness are Answer (A) is incorrect. In the absence of other considerations,
necessary. devoting
[198] Gleim #: 2.6.97 additional engagement effort to an immaterial item is inefficient.
Due professional care implies reasonable care and competence, not Answer (B) is correct. Internal auditors must exercise due
infallibility or professional care by
extraordinary performance. Thus, which of the following is considering the relative complexity, materiality, or significance of
unnecessary? matters to
A. The conduct of examinations and verifications to a reasonable which assurance procedures are applied (Impl. Std. 1220.A1).
extent. Materiality
B. The conduct of extensive examinations. judgments are made in the light of all the circumstances and involve
C. The reasonable assurance that compliance does exist. qualitative as
D. The consideration of the possibility of material irregularities. well as quantitative considerations. Moreover, internal auditors also
Gleim CIA Test Prep: Part 1 - Internal Audit Basics must consider
(720 questions) the interplay of risk with materiality. Consequently, engagement effort
Copyright 2013 Gleim Publications Inc. Page 106 may be
Printed for Sanja Knezevic required for a quantitatively immaterial item if adverse effects are
fb.com/ciaaofficial likely to occur,
Answer (A) is incorrect. Examination and verification need only be for example, a material contingent liability arising from an illegal
undertaken to a payment that is
reasonable extent. otherwise immaterial.
Answer (B) is correct. Due professional care implies reasonable Answer (C) is incorrect. Additional engagement procedures might
care and competence, not be needed
not infallibility or extraordinary performance. It requires the internal if related information is reliable.
auditor to conduct Answer (D) is incorrect. The item is more likely to be included if it
examinations and verifications to a reasonable extent (PA 1220-1, affects
para. 2). recurring income items rather than miscellaneous income.
Answer (C) is incorrect. An internal auditor cannot give absolute [200] Gleim #: 2.6.99
assurance. With regard to the exercise of due professional care, an internal
Answer (D) is incorrect. The possibility of material irregularities must auditor should
be considered. Consider the relative materiality or significance of matters to which
[199] Gleim #: 2.6.98 assurance
An internal auditor judged an item to be immaterial when planning an procedures are applied.
assurance A.
B. Emphasize the potential benefits of an engagement without regard significant fraud by being assigned all but which one of the following
to the cost. tasks?
Consider whether criteria have been established to determine Review large, abnormal, or unexplained A. expenditures.
whether goals are Review sensitive expenses, such as legal fees, consultant fees, and
achieved, not whether those criteria are adequate. foreign sales
C. commissions.
Select procedures that are likely to provide absolute assurance that B.
irregularities C. Review every control feature pertaining to petty cash receipts.
do not exist. D. Review contributions by the organization that appear to be
D. unusual.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. To prevent or detect significant fraud, the
(720 questions) internal
Copyright 2013 Gleim Publications Inc. Page 107 auditor should review large, abnormal, or unexplained expenditures.
Printed for Sanja Knezevic Answer (B) is incorrect. To prevent or detect significant fraud, the
Answer (A) is correct. Exercising due professional care means internal
applying the care and auditor should review sensitive expenses.
skill expected of a reasonably prudent and competent internal auditor Answer (C) is correct. The internal auditor must exercise due
(Attr. Std. 1220). professional care by
Internal auditors must exercise due professional care by considering, considering the relative complexity, materiality, or significance of
among other matters to
things, the relative complexity, materiality, or significance of matters which assurance procedures are applied. The cost of assurance in
to which relation to its
assurance procedures are applied (Impl. Std. 1220.A1). benefits also should be considered (Impl. Std. 1220.A1). Hence, an
Answer (B) is incorrect. The internal auditor should consider the exhaustive
cost in relation to the review of petty cash is not an efficient and effective use of limited
potential benefits before beginning an engagement. internal audit
Answer (C) is incorrect. Adequate criteria are needed to evaluate resources because it will not prevent or detect significant fraud. The
controls. If amount of
determined to be adequate, internal auditors must use such criteria any theft of petty cash will not be substantial.
in their evaluation. Answer (D) is incorrect. To prevent or detect significant fraud, the
If inadequate, internal auditors must work with management to internal
develop appropriate auditor should review unusual contributions.
evaluation criteria. [202] Gleim #: 2.6.101
Answer (D) is incorrect. Internal auditors cannot give absolute To ensure that due professional care has been taken at all times
assurance that during an engagement,
noncompliance or irregularities do not exist. the internal auditor should always
[201] Gleim #: 2.6.100 Ensure that all financial information related to the audit is included in
The internal audit activity can perform an important role in preventing the audit
and detecting plan and examined for nonconformance or irregularities.
A.
B. Ensure that all audit tests are fully documented. assignment.
Consider the possibility of nonconformance or irregularities at all Answer (D) is incorrect. Due professional care does not require that
times during an immaterial
engagement. instances of noncompliance or irregularity be reported to the audit
C. committee.
Communicate any noncompliance or irregularity discovered during Gleim CIA Test Prep: Part 1 - Internal Audit Basics
an (720 questions)
engagement promptly to the audit committee. Copyright 2013 Gleim Publications Inc. Page 109
D. Printed for Sanja Knezevic
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [203] Gleim #: 2.6.102
(720 questions) A staff internal auditor performed a portion of an engagement to
Copyright 2013 Gleim Publications Inc. Page 108 review an
Printed for Sanja Knezevic organization’s marketing function. In particular, the internal auditor
fb.com/ciaaofficial evaluated the
Answer (A) is incorrect. The automatic inclusion of relevant financial function’s effective and efficient use of resources to identify
information in I. Underused facilities
an audit plan does not guarantee that due professional care has II. Overstaffing or understaffing
been exercised over the III. Nonproductive work
audit as a whole. IV. Procedures that were not cost justified
Answer (B) is incorrect. Keeping detailed working papers does not To test for underused facilities, the internal auditor performed a
ensure that due complete walkthrough
professional care has been exercised during the tests. of all spaces assigned to the marketing function and evaluated the
Answer (C) is correct. Due professional care implies reasonable use of both
care and competence, space and capital equipment. The internal auditor analyzed reports
not infallibility or extraordinary performance. Thus, due professional on space usage for
care requires the the last year and concluded that facilities were neither underused nor
internal auditor to conduct examinations and verifications to a used at maximum
reasonable extent. capacity.
Accordingly, internal auditors cannot give absolute assurance that To test for overstaffing or understaffing, the internal auditor compared
noncompliance or current staffing
irregularities do not exist. Nevertheless, the possibility of material levels with a staffing analysis recently completed by an independent
irregularities or contractor.
noncompliance needs to be considered whenever the internal auditor Because the staffing analysis used work standards and service
undertakes an demands to provide
internal auditing assignment (PA 1220-1, para. 2). Thus, considering factual and reliable information on staffing requirements, the internal
the possibility of auditor was able
nonconformance or material irregularities at all times during an to conclude that staffing levels were optimal.
engagement is the only To test for nonproductive work, the internal auditor interviewed an
way of demonstrating that due professional care has been taken in employee from
an internal audit
each level and, based upon their responses, concluded that no noncompliance needs to be considered whenever the internal auditor
significant amount of undertakes an
nonproductive work was being performed. Thus, the internal auditor internal audit assignment (PA 1220-1, para. 2). Accordingly, the work
concluded that performed with
additional engagement work to search for procedures that were not regard to facilities usage and staffing was adequate and would
cost-justified withstand normal
would not be necessary. scrutiny.
In reference to requirements I and II, due professional care Answer (B) is incorrect. The work performed in both areas was
Was exercised because the internal auditor applied reasonable care adequate and would
and withstand normal scrutiny.
competence in both areas. Answer (C) is incorrect. The work performed in both areas was
A. adequate and would
Was not exercised because the internal auditor failed to apply withstand normal scrutiny.
reasonable care Answer (D) is incorrect. The work performed in both areas was
regarding requirement II. adequate and would
B. withstand normal scrutiny.
Was not exercised because the internal auditor failed to apply Gleim CIA Test Prep: Part 1 - Internal Audit Basics
reasonable care (720 questions)
regarding requirements I and II. Copyright 2013 Gleim Publications Inc. Page 111
C. Printed for Sanja Knezevic
Was not exercised because the internal auditor failed to apply [204] Gleim #: 2.6.103
reasonable care A staff internal auditor performed a portion of an engagement to
regarding requirement I. review an
D. organization’s marketing function. In particular, the internal auditor
Gleim CIA Test Prep: Part 1 - Internal Audit Basics evaluated the
(720 questions) function’s effective and efficient use of resources to identify
Copyright 2013 Gleim Publications Inc. Page 110 I. Underused facilities
Printed for Sanja Knezevic II. Overstaffing or understaffing
fb.com/ciaaofficial III. Nonproductive work
Answer (A) is correct. Due professional care implies reasonable IV. Procedures that were not cost justified
care and competence, To test for underused facilities, the internal auditor performed a
not infallibility or extraordinary performance. Thus, due professional complete walkthrough
care requires the of all spaces assigned to the marketing function and evaluated the
internal auditor to conduct examinations and verifications to a use of both
reasonable extent. space and capital equipment. The internal auditor analyzed reports
Accordingly, internal auditors cannot give absolute assurance that on space usage for
noncompliance or the last year and concluded that facilities were neither underused nor
irregularities do not exist. Nevertheless, the possibility of material used at maximum
irregularities or capacity.
To test for overstaffing or understaffing, the internal auditor compared requirements III and IV.
current staffing Answer (C) is correct. The procedures performed as a basis for
levels with a staffing analysis recently completed by an independent concluding that
contractor. no nonproductive work was accomplished resulted in a failure to
Because the staffing analysis used work standards and service identify
demands to provide sufficient, reliable, relevant, and useful information to achieve the
factual and reliable information on staffing requirements, the internal engagement’s
auditor was able objectives (Perf. Std. 2310). The opinions of individuals whose work
to conclude that staffing levels were optimal. was in
To test for nonproductive work, the internal auditor interviewed an question lacks reliability. Given that the information regarding area IV
employee from was based
each level and, based upon their responses, concluded that no on that for area III, it also is suspect.
significant amount of Answer (D) is incorrect. Due professional care was not exercised in
nonproductive work was being performed. Thus, the internal auditor regard to
concluded that requirements III and IV.
additional engagement work to search for procedures that were not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
cost-justified (720 questions)
would not be necessary. Copyright 2013 Gleim Publications Inc. Page 112
In reference to requirements III and IV, due professional care Printed for Sanja Knezevic
Was exercised because the internal auditor applied reasonable care fb.com/ciaaofficial
and [205] Gleim #: 2.6.104
competence in both areas. Due professional care calls for
A. Detailed reviews of all transactions related to a particular A. function.
Was not exercised because the internal auditor failed to apply Infallibility and extraordinary performance when the system of
reasonable care and internal control is
competence regarding requirement III. known to be weak.
B. B.
Was not exercised because the internal auditor failed to apply Consideration of the possibility of material irregularities during every
reasonable care and engagement.
competence regarding both requirements III and IV. C.
C. Testing in sufficient detail to give absolute assurance that
Was not exercised because the internal auditor failed to apply noncompliance does not
reasonable care and exist.
competence regarding requirement IV. D.
D. Answer (A) is incorrect. Detailed reviews of all transactions are not
Answer (A) is incorrect. Due professional care was not exercised in required.
regard to Answer (B) is incorrect. Reasonable care and skill, not infallibility or
requirements III and IV. extraordinary performance, are necessary.
Answer (B) is incorrect. Due professional care was not exercised in Answer (C) is correct. Due care implies reasonable care and
regard to competence, not
infallibility or extraordinary performance. Due care requires the D.
internal auditor to Answer (A) is incorrect. This review is a standard procedure.
conduct examinations and verifications to a reasonable extent, but Answer (B) is incorrect. Sampling is permissible. Detailed reviews of
does not all
require detailed reviews of all transactions. Accordingly, internal transactions are often not required or feasible.
auditors cannot Answer (C) is incorrect. In exercising due professional care, internal
give absolute assurance that noncompliance or irregularities do not auditors
exist. should be alert to inefficiency.
Nevertheless, the possibility of material irregularities or Answer (D) is correct. Internal auditors cannot give absolute
noncompliance should be assurance that
considered whenever an internal auditor undertakes an internal noncompliance or irregularities do not exist (PA 1220-1, para. 2).
auditing Gleim CIA Test Prep: Part 1 - Internal Audit Basics
assignment (PA 1220-1, para. 2). (720 questions)
Answer (D) is incorrect. Only reasonable, not absolute, assurance Copyright 2013 Gleim Publications Inc. Page 113
can be given. Printed for Sanja Knezevic
[206] Gleim #: 2.6.105 [207] Gleim #: 2.6.106
A certified internal auditor performed an assurance engagement to In exercising due professional care, internal auditors must consider
review a which of the
department store’s cash function. Which of the following actions will following?
be deemed The relative complexity, materiality, or significance of matters to
lacking in due professional care? which assurance
Organizational records were reviewed to determine whether all procedures are applied
employees who I.
handle cash receipts and disbursements were bonded. The extent of assurance procedures necessary to ensure that all
A. significant risks
A flowchart of the entire cash function was developed, but only a will be identified
sample of II.
transactions was tested. The probability of significant errors, irregularities, III. or
B. noncompliance
The final engagement communication included a well-supported A. I and II only.
recommendation B. II and III only.
for the reduction in staff, although it was known that such a reduction C. I and III only.
would D. I, II, and III.
adversely affect morale. Answer (A) is incorrect. The internal auditors need not consider the
C. extent of
Because of a highly developed system of internal control over the assurance procedures necessary to ensure that all significant risks
cash function, will be
the final engagement communication assured senior management identified when exercising due professional care. But the internal
that no auditors must
irregularities existed.
consider the probability of significant errors, irregularities, or care. Accordingly, the Standards require internal auditors to
noncompliance. Consider the probability of significant I. noncompliance
Answer (B) is incorrect. The internal auditors need not consider the Perform assurance procedures with due professional care so that all
extent of significant
assurance procedures necessary to ensure that all significant risks risks are identified
will be II.
identified when exercising due professional care. But the internal III. Weigh the cost of assurance against the benefits
auditors must A. I and II only.
consider the relative complexity, materiality, or significance of matters B. I and III only.
to which C. II and III only.
assurance procedures are applied. D. I, II, and III.
Answer (C) is correct. Internal auditors must exercise due Answer (A) is incorrect. Assurance procedures alone, even when
professional care by performed with
considering the due professional care, do not guarantee that all significant risks will
Extent of work needed to achieve the engagement’s objectives be identified.
Relative complexity, materiality, or significance of matters to which Moreover, internal auditors must weigh the cost of assurance against
assurance procedures are applied the benefits.
Adequacy and effectiveness of governance, risk management, and Answer (B) is correct. Internal auditors must exercise due
control professional care by
processes considering the
Probability of significant errors, fraud, or noncompliance Extent of work needed to achieve the engagement’s objectives
Cost of assurance in relation to potential benefits (Impl. Std. Relative complexity, materiality, or significance of matters to which
1220.A1) assurance procedures are applied
Assurance procedures alone, even when performed with due Adequacy and effectiveness of governance, risk management, and
professional care, do control
not guarantee that all significant risks will be identified (Impl. Std. processes
1220.A3). Probability of significant errors, fraud, or noncompliance
Answer (D) is incorrect. The internal auditors need not consider the Cost of assurance in relation to potential benefits (Impl. Std.
extent of 1220.A1)
assurance procedures necessary to ensure that all significant risks Assurance procedures alone, even when performed with due
will be professional care, do
identified when exercising due professional care. not guarantee that all significant risks will be identified (Impl. Std.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics 1220.A3).
(720 questions) Answer (C) is incorrect. Assurance procedures alone, even when
Copyright 2013 Gleim Publications Inc. Page 114 performed with
Printed for Sanja Knezevic due professional care, do not guarantee that all significant risks will
fb.com/ciaaofficial be identified.
[208] Gleim #: 2.6.107 Furthermore, internal auditors must consider the probability of
Assurance engagements must be performed with proficiency and significant
due professional noncompliance.
Answer (D) is incorrect. Assurance procedures alone, even when professional development and report to the Certification Department
performed with of The IIA.
due professional care, do not guarantee that all significant risks will Answer (C) is incorrect. Continuing education may be obtained by
be identified. participation in
[209] Gleim #: 2.6.108 professional organizations.
Internal auditors are responsible for continuing their education to Answer (D) is incorrect. Prior approval by The IIA is not necessary
maintain their for CPE courses.
proficiency. Which of the following is true regarding the continuing [210] Gleim #: 2.6.109
education During a consulting engagement, an internal auditor should exercise
requirements of the practicing internal auditor? due professional
Internal auditors are required to obtain 40 hours of continuing care by considering which of the following?
professional Needs and expectations of I. engagement clients
education each year and a minimum of 120 hours over a 3-year II. Relative complexity and extent of work needed
period. III. Cost of the consulting engagement
A. A. I and II.
B. CIAs have formal requirements that must be met in order to B. II and III.
continue as CIAs. C. I and III.
Attendance, as an officer or committee member, at formal IIA D. I, II, and III.
meetings does not Answer (A) is incorrect. The internal auditor also must consider the
meet the criteria of continuing professional development. cost of the
C. consulting engagement in relation to the potential benefits when
In-house programs meet continuing professional education exercising due
requirements only if professional care on a consulting engagement.
they have been preapproved by The IIA. Answer (B) is incorrect. The internal auditor also must consider the
D. needs and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics expectations of engagement clients, including the nature, timing, and
(720 questions) communication of engagement results, when exercising due
Copyright 2013 Gleim Publications Inc. Page 115 professional care on a
Printed for Sanja Knezevic consulting engagement.
Answer (A) is incorrect. The Standards do not state formal hour Answer (C) is incorrect. The internal auditor also must consider the
requirements for relative
internal auditors. The intent of the Standards is to provide flexibility in complexity and extent of work needed to achieve the engagement’s
meeting the objectives
requirements. when exercising due professional care on a consulting engagement.
Answer (B) is correct. Internal auditors must enhance their Answer (D) is correct. The internal auditor must exercise due
knowledge, skills, and professional care
other competencies through continuing professional development during a consulting engagement by considering the
(Attr. Std. 1230). To Needs and expectations of engagement clients, including the nature,
maintain the CIA designation, the CIA must commit to a formal timing,
program of continuing and communication of engagement results.
Relative complexity and extent of work needed to achieve the adequate operating standards is a governance process.
engagement’s Answer (C) is incorrect. Internal auditors cannot provide absolute
objectives. assurance
Cost of the consulting engagement in relation to potential benefits regarding irregularities.
(Impl. Std. Answer (D) is incorrect. Establishing suitable criteria of education
1220.C1). and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics experience for filling internal auditing positions pertains to
(720 questions) proficiency, not due
Copyright 2013 Gleim Publications Inc. Page 116 professional care.
Printed for Sanja Knezevic [212] Gleim #: 2.6.111
fb.com/ciaaofficial An internal auditor has some suspicion of, but no information about,
[211] Gleim #: 2.6.110 potential
An internal auditor must exercise due professional care in performing misstatement of financial statements. The internal auditor fails to
engagements. exercise due
Due professional care includes professional care by
Establishing direct communication between the chief audit executive Identifying potential ways in which a misstatement could occur and
and the ranking the
board. items for investigation.
A. A.
Evaluating established operating standards and determining whether Informing the engagement manager of the suspicions and asking for
those advice on
standards are adequate. how to proceed.
B. B.
Accumulating sufficient information so that the internal auditor can Not testing for possible misstatement because the engagement work
give absolute program had
assurance that irregularities do not exist. already been approved by engagement management.
C. C.
Establishing suitable criteria of education and experience for filling Expanding the engagement work program, without the engagement
internal client’s
auditing positions. approval, to address the highest ranked ways in which a
D. misstatement may have
Answer (A) is incorrect. Direct communication between the CAE occurred.
and the board D.
relates to independence rather than to due professional care. Answer (A) is incorrect. Ranking the ways in which a misstatement
Answer (B) is correct. In the exercise of due professional care, an could occur
internal auditor is consistent with the standard of due professional care.
must, among other things, consider the adequacy and effectiveness Answer (B) is incorrect. Seeking advice is consistent with exercising
of governance, the standard
risk management, and control processes (Impl. Std. 1220.A1). of due professional care.
Establishing
Answer (C) is correct. Internal auditors must apply the care and skill to provide reasonable assurance to the various stakeholders of the
expected of internal audit
a reasonably prudent and competent internal auditor (Attr. Std. activity that it (1) performs in accordance with its charter, (2) operates
1220). effectively
Engagement work programs are expected to be modified to reflect and efficiently, and (3) is perceived by the stakeholders as adding
changing value and
circumstances. Thus, the internal auditor fails to exercise due improving operations. These processes include appropriate
professional care by supervision, periodic
not investigating a suspected misstatement solely because the work internal assessments and ongoing monitoring of quality assurance,
program had and periodic
already been approved. external assessments (PA 1300-1, para. 2).
Answer (D) is incorrect. The internal auditor does not need the Answer (D) is incorrect. Proper training is a feedforward, not a
engagement feedback, control.
client’s approval to expand the engagement work program. [214] Gleim #: 2.7.113
Gleim CIA Test Prep: Part 1 - Internal Audit Basics An individual became head of the internal audit activity of an
(720 questions) organization 1 week
Copyright 2013 Gleim Publications Inc. Page 117 ago. An engagement client has come to the person complaining
Printed for Sanja Knezevic vigorously that one of
[213] Gleim #: 2.7.112 the internal auditors is taking up an excessive amount of client time
A quality assurance and improvement program of an internal audit on an engagement
activity provides that seems to be lacking a clear purpose. In handling this conflict
reasonable assurance that internal auditing work is performed in with a client, the
accordance with its person should consider
charter. Which of the following are designed to provide feedback on A. Discounting what is said, but documenting the complaint.
the effectiveness Whether existing procedures within the internal audit activity provide
of an internal audit activity? for proper
I. Proper supervision planning and quality assurance.
II. Proper training B.
III. Internal reviews Presenting an immediate defense of the internal auditor based upon
IV. External reviews currently
A. I, II, and III only. known facts.
B. II, III, and IV only. C.
C. I, III, and IV only. D. Promising the client that the internal auditor will finish the work
D. I, II, III, and IV. within 1 week.
Answer (A) is incorrect. Proper training is a feedforward, not a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
feedback, control. (720 questions)
Answer (B) is incorrect. Proper training is a feedforward, not a Copyright 2013 Gleim Publications Inc. Page 118
feedback, control. Printed for Sanja Knezevic
Answer (C) is correct. A quality assurance and improvement fb.com/ciaaofficial
program is designed
Answer (A) is incorrect. The CAE has responsibilities for planning Answer (B) is incorrect. Internal assessment is an element of a
engagement work quality program.
schedules and maintaining a quality assurance and improvement Answer (C) is incorrect. Supervision is an element of a quality
program and cannot program. Ongoing
afford to ignore a potentially valid complaint. reviews are internal assessments that include engagement
Answer (B) is correct. The CAE should examine departmental supervision.
procedures and the Answer (D) is incorrect. External assessment is an element of a
conduct of the specific engagement mentioned to ascertain that quality program.
proper planning and [216] Gleim #: 2.7.115
quality assurance procedures are in place and are being followed. Assessment of a quality assurance and improvement program
Answer (C) is incorrect. Taking a defensive position with the client should include
stifles evaluation of all of the following except
communication, hampers future engagement involvements, and A. Adequacy of the oversight of the work of external auditors.
ignores basic B. Conformance with the Standards and Code of Ethics.
responsibilities for managing the internal audit activity. C. Adequacy of the internal audit activity’s charter.
Answer (D) is incorrect. Making a promise to end the work within a D. Contribution to the organization’s governance processes.
specified time Gleim CIA Test Prep: Part 1 - Internal Audit Basics
without knowledge of the work schedule jeopardizes the authority of (720 questions)
the CAE and the Copyright 2013 Gleim Publications Inc. Page 119
internal audit activity in the current and future engagements. The Printed for Sanja Knezevic
CAE has an Answer (A) is correct. Oversight of the work of external auditors,
obligation to assure that adequate time is allowed for achieving including
engagement objectives. coordination with the internal audit activity, is the responsibility of the
[215] Gleim #: 2.7.114 board (PA
The chief audit executive should develop and maintain a quality 2050-1, para. 1). It is not within the scope of the process for
assurance and monitoring and assessing
improvement program that covers all aspects of the internal audit the quality program.
activity and Answer (B) is incorrect. Conformance with the Definition of Internal
continuously monitors its effectiveness. All of the following are Auditing,
included in a quality Standards, and Code of Ethics, including timely corrective actions to
program except remedy any
Annual appraisals of individual internal auditors’ A. performance. significant instances of nonconformance, is an element of the
B. Periodic internal assessment. assessment of a quality
C. Supervision. program.
D. Periodic external assessments. Answer (C) is incorrect. Adequacy of the internal audit activity’s
Answer (A) is correct. Appraising each internal auditor’s work at charter, goals,
least annually is objectives, policies, and procedures is an element of the assessment
properly a function of the human resources program of the internal of a quality
audit activity. program.
Answer (D) is incorrect. Contribution to the organization’s Printed for Sanja Knezevic
governance, risk fb.com/ciaaofficial
management, and control processes is an element of the Answer (A) is incorrect. Senior management is not responsible for
assessment of a quality the quality
program. assurance and improvement program for the internal audit activity.
[217] Gleim #: 2.7.116 Answer (B) is correct. The chief audit executive must develop and
The internal audit activity’s quality assurance and improvement maintain a quality
program is the assurance and improvement program that covers all aspects of the
responsibility of internal audit
A. External auditors. activity (Attr. Std.1300).
B. The chief audit executive. Answer (C) is incorrect. The directors are not responsible for the
C. The board. quality assurance
D. The audit committee. and improvement program for the internal audit activity.
Answer (A) is incorrect. External auditors may perform an external Answer (D) is incorrect. The audit committee is not responsible for
assessment, the quality
but the CAE is responsible for it. assurance and improvement program for the internal audit activity.
Answer (B) is correct. The chief audit executive must develop and [219] Gleim #: 2.8.118
maintain a At what minimal required frequency does the chief audit executive
quality assurance and improvement program that covers all aspects report the results of
of the internal internal assessments in the form of ongoing monitoring to senior
audit activity (Attr. Std. 1300). management and the
Answer (C) is incorrect. The CAE may report results to the board, board?
but the A. Monthly.
program is the CAE’s responsibility. B. Quarterly.
Answer (D) is incorrect. The CAE may report results to the audit C. Annually.
committee, but D. Biennially.
the program is the CAE’s responsibility. Answer (A) is incorrect. The CAE may report on a monthly basis,
[218] Gleim #: 2.7.117 but the
Which of the following is responsible for developing and maintaining minimal requirement for reporting is annually.
a quality Answer (B) is incorrect. The CAE may report on a quarterly basis,
assurance and improvement program that covers all aspects of the but the
internal audit minimal requirement for reporting is annually.
activity and continuously monitors its effectiveness? Answer (C) is correct. To demonstrate conformance with the
A. Senior management. mandatory IIA
B. Chief audit executive. guidance, the results of external and periodic internal assessments
C. The board of directors. are
D. Audit committee. communicated upon completion of such assessments and the results
Gleim CIA Test Prep: Part 1 - Internal Audit Basics of ongoing
(720 questions) monitoring are communicated at least annually (Inter. Std. 1320).
Copyright 2013 Gleim Publications Inc. Page 120
Answer (D) is incorrect. The CAE is required to report more When is initial use of the conformance phrase by internal auditors
frequently than appropriate?
every 2 years. After an internal review completed within A. the past 5 years.
[220] Gleim #: 2.8.119 B. After an external review completed within the past 10 years.
Internal auditors may report that their activities conform with the C. After an internal review completed within the past 10 years.
Standards. They may D. After an external review completed within the past 5 years.
use this statement only if Answer (A) is incorrect. An internal audit activity must have an
A. It is supported by the results of the quality program. external
An independent external assessment of the internal audit activity is assessment every 5 years.
conducted Answer (B) is incorrect. Initial use of the conformance phrase
annually. requires the
B. completion of an external assessment within the past 5 years.
Senior management or the board is accountable for implementing a Answer (C) is incorrect. Initial use of the conformance phrase
quality requires the
program. completion of an external assessment within the past 5 years.
C. Answer (D) is correct. The chief audit executive may state that the
D. External assessments of the internal audit activity are made by internal audit
external auditors. activity conforms with the International Standards for the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Professional Practice
(720 questions) of Internal Auditing only if the results of the quality assurance and
Copyright 2013 Gleim Publications Inc. Page 121 improvement
Printed for Sanja Knezevic program support this statement (Attr. Std. 1321). To use the phrase,
Answer (A) is correct. The chief audit executive may state that the the chief audit
internal audit executive of an internal audit activity in existence for at least 5 years
activity conforms with the International Standards for the must have
Professional Practice of the results of an external assessment within that period.
Internal Auditing only if the results of the quality assurance and [222] Gleim #: 2.8.121
improvement program Following an external assessment of the internal audit activity, who is
support this statement (Attr. Std. 1321). (are)
Answer (B) is incorrect. An independent external assessment of the responsible for communicating the results to the board?
internal audit A. Internal auditors.
activity must be conducted at least once every 5 years. B. Audit committee.
Answer (C) is incorrect. The CAE must develop and maintain a C. Chief audit executive.
QAIP that covers all D. External auditors.
aspects of the internal audit activity. Answer (A) is incorrect. The chief audit executive (not internal
Answer (D) is incorrect. Assessments also may be made by others auditors) is
who are (1) responsible for communicating the results of external assessments to
independent, (2) qualified, and (3) from outside the organization. the board.
[221] Gleim #: 2.8.120 Answer (B) is incorrect. The chief audit executive (not the audit
committee) is
responsible for communicating the results of external assessments to Internal Auditing and the Standards, and application of the Code of
the board. Ethics, the
Answer (C) is correct. The chief audit executive must communicate results of external and periodic internal assessments are
the results of communicated upon
the QAIP to senior management and the board (Attr. Std. 1320). completion of such assessments and the results of ongoing
Answer (D) is incorrect. The chief audit executive (not external monitoring are
auditors) is communicated at least annually. The results include the assessor’s
responsible for communicating the results of external assessments to or assessment
the board. team’s evaluation with respect to the degree of conformance” (Inter.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Std. 1320).
(720 questions) Answer (C) is incorrect. The results of periodic internal assessments
Copyright 2013 Gleim Publications Inc. Page 122 are
Printed for Sanja Knezevic communicated upon their completion.
fb.com/ciaaofficial Answer (D) is incorrect. The results of ongoing monitoring are
[223] Gleim #: 2.8.122 communicated at
To demonstrate conformance of the internal audit activity with the least annually.
mandatory [224] Gleim #: 2.9.123
guidance of The IIA, Which of the following is part of an internal audit activity’s quality
The chief audit executive determines the form and content of the assurance
results program, rather than being included as part of other responsibilities
communicated. of the chief audit
A. executive (CAE)?
The results of external assessments are communicated upon B. their The CAE provides information about and access to internal audit
completion. working papers
C. The results of periodic internal assessments are communicated at to the external auditors to enable them to understand and determine
least annually. the degree to
D. The results of ongoing monitoring are communicated upon their which they may rely on the internal auditors’ work.
completion. A.
Answer (A) is incorrect. The form, content, and frequency of Management approves a formal charter establishing the purpose,
communicating the authority, and
results of the quality assurance and improvement program is responsibility of the internal audit activity.
established through B.
discussions with senior management and the board and considers C. Each individual internal auditor’s performance is appraised at
the least annually.
responsibilities of the internal audit activity and chief audit executive Supervision of an internal auditor’s work is performed throughout
as contained each audit
in the internal audit charter. engagement.
Answer (B) is correct. “To demonstrate conformance with the D.
Definition of Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions)
Copyright 2013 Gleim Publications Inc. Page 123 reviews report to the CAE while performing the reviews and
Printed for Sanja Knezevic communicate results
Answer (A) is incorrect. Providing working papers to the external directly to the CAE (PA 1311-1, para. 7).
auditors relates to Answer (C) is incorrect. The CAE shares information about internal
the responsibility of the CAE to coordinate with external auditors. assessments
Answer (B) is incorrect. A CAE’s responsibility to seek approval of a with appropriate persons outside the internal audit activity, such as
charter to senior
establish the authority, purpose, and responsibility of the internal management.
audit activity is not Answer (D) is incorrect. Results ordinarily are communicated
part of a quality assurance program. directly to the
Answer (C) is incorrect. Individual performance appraisals are part CAE. Given a self-assessment, reporting to the internal audit staff
of a CAE’s essentially
responsibility for personnel management and development. involves having the staff report to itself.
Answer (D) is correct. The CAE develops and maintains a quality [226] Gleim #: 2.9.125
assurance and As a part of a quality program, internal assessment teams most likely
improvement program (Attr. Std. 1300) that includes ongoing and will examine
periodic which of the following to evaluate the quality of engagement planning
assessments (PA 1300-1, para. 2). Ongoing monitoring is and
incorporated into the routine documentation for individual engagements?
policies and practices used to manage the internal audit activity. A. Written engagement work programs.
Engagement B. Project assignment documentation.
supervision is among the processes and tools used in ongoing C. Weekly status reports.
internal assessments (PA D. The long-range engagement work schedule.
1311-1, para. 1). Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[225] Gleim #: 2.9.124 (720 questions)
Ordinarily, those conducting internal quality program assessments Copyright 2013 Gleim Publications Inc. Page 124
report to Printed for Sanja Knezevic
A. The board. fb.com/ciaaofficial
B. The chief audit executive. Answer (A) is correct. Internal assessments must include ongoing
C. Senior management. monitoring of the
D. The internal audit staff. performance of the internal audit activity and periodic self-
Answer (A) is incorrect. At least annually, the CAE reports the assessments or assessments
results of internal by other persons within the organization with sufficient knowledge of
assessments to the board. internal auditing
Answer (B) is correct. The CAE establishes a structure for reporting practices (Attr. Std. 1311). The processes and tools used in ongoing
results of internal
internal assessments that maintains appropriate credibility and assessments include, among other things, selective peer reviews of
objectivity. working papers by
Generally, those assigned responsibility for conducting ongoing and staff not involved in the respective audits (PA 1311-1, para. 1).
periodic
Answer (B) is incorrect. Project assignment documentation contains Copyright 2013 Gleim Publications Inc. Page 125
less relevant Printed for Sanja Knezevic
information for assessment purposes than work programs. Answer (A) is incorrect. An internal assessment will identify tasks
Answer (C) is incorrect. Status reports do not bear directly on that can be
planning. performed better.
Answer (D) is incorrect. The long-range engagement work schedule Answer (B) is incorrect. An internal assessment will determine
does not relate to whether internal audit
planning and documentation for individual engagements. services meet professional standards.
[227] Gleim #: 2.9.126 Answer (C) is incorrect. An internal assessment will set forth
Periodic internal assessments of the internal audit activity primarily recommendations for
serve the needs of improvement.
The A. board of directors. Answer (D) is correct. External assessments must be conducted at
B. The internal audit activity’s staff. least once every 5
C. The chief audit executive (CAE). years by a qualified, independent reviewer or review team from
D. Senior management. outside the
Answer (A) is incorrect. The directors are secondary users of a organization (Attr. Std. 1312). Individuals who perform the external
periodic internal assessment are
assessment. free of any obligation to, or interest in, the organization whose
Answer (B) is incorrect. The internal audit activity staff are internal audit activity is
secondary users of a assessed (PA 1312-1, para. 5).
periodic internal assessment. [229] Gleim #: 2.9.128
Answer (C) is correct. Those conducting internal assessments External assessment of an internal audit activity is not likely to
generally should evaluate
report to the CAE while performing the reviews and communicate Adherence to the internal audit A. activity’s charter.
directly to the B. Conformance with the Standards.
CAE (PA 1311-1, para. 7). C. Detailed cost-benefit analysis of the internal audit activity.
Answer (D) is incorrect. Senior management is a secondary user of D. The tools and techniques employed by the internal audit activity.
a periodic Answer (A) is incorrect. Adherence to the internal audit activity’s
internal assessment. charter is
[228] Gleim #: 2.9.127 within the broad scope of coverage of the external assessment.
Quality program assessments may be performed internally or Answer (B) is incorrect. Conformance with the Standards is within
externally. A the broad
distinguishing feature of an external assessment is its objective to scope of coverage of the external assessment.
A. Identify tasks that can be performed better. Answer (C) is correct. The external assessment has a broad scope
B. Determine whether internal audit services meet professional of coverage
standards. that includes, among other things, conformance with The IIA’s
C. Set forth the recommendations for improvement. mandatory
D. Provide independent assurance. guidance and the internal audit activity’s charter, plans, policies,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics procedures,
(720 questions)
practices, and applicable legislative and regulatory requirements; performed (or that should have been performed under its charter),
and the including (but not
expectations of the internal audit activity expressed by the board, limited to) conformance with the Definition of Internal Auditing, the
senior Code of Ethics,
management, and operational managers (PA 1312-1, para. 10). and the Standards. An external assessment also includes, as
However, the costs appropriate,
and benefits of internal auditing are neither easily quantifiable nor the recommendations for improvement (PA 1312-1, para. 2).
subject of [231] Gleim #: 2.9.130
an external assessment. The interpretation related to quality assurance given by the
Answer (D) is incorrect. The tools and techniques of the internal Standards is that
audit activity are External assessments can provide senior management and the
within the broad scope of coverage of the external assessment. board with
[230] Gleim #: 2.9.129 independent assurance about the quality of the internal audit activity.
An external assessment of an internal audit activity contains an A.
expressed opinion. The Appropriate follow-up to an external assessment is the responsibility
opinion applies of the chief
A. Only to the internal audit activity’s conformance with the audit executive’s immediate supervisor.
Standards. B.
B. Only to the effectiveness of the internal auditing coverage. The internal audit activity is primarily measured against The IIA’s C.
C. Only to the adequacy of internal control. Code of Ethics.
D. To the entire spectrum of assurance and consulting work. Supervision is limited to the planning, examination, evaluation,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics communication,
(720 questions) and follow-up process.
Copyright 2013 Gleim Publications Inc. Page 126 D.
Printed for Sanja Knezevic Answer (A) is correct. External assessments provide an
fb.com/ciaaofficial independent and
Answer (A) is incorrect. An opinion is expressed on all assurance objective evaluation of the internal audit activity’s compliance with
and consulting the Standards
work performed (or that should have been performed under its and Code of Ethics.
charter). Answer (B) is incorrect. The communication of final results of an
Answer (B) is incorrect. The scope of an external assessment external
extends to more than the assessment should include the CAE’s responses. These include an
effectiveness of the internal auditing coverage. action plan and
Answer (C) is incorrect. An external assessment addresses the implementation dates. Moreover, the results are communicated to
internal audit activity, the stakeholders
not the adequacy of the organization’s controls. of the internal audit activity, such as senior management, the board,
Answer (D) is correct. External assessments of an internal audit and the
activity contain an external auditors.
expressed opinion as to the entire spectrum of assurance and Answer (C) is incorrect. The external assessment considers the
consulting work internal audit
activity’s conformance with the Definition of Internal Auditing, the actions are undertaken.
Standards, A.
and the Code of Ethics. Are communicated to employees in writing and are updated by
Answer (D) is incorrect. Supervision begins with planning and operating
continues personnel as conditions change.
throughout the engagement. B.
[232] Gleim #: 3.1.1 Policies and procedures for activities are set out in manuals for use
Which of the following is not implied by the definition of control? by properly
A. Measurement of progress toward goals. trained personnel.
B. Uncovering of deviations from plans. C.
C. Assignment of responsibility for deviations. Internal reviews as to the propriety and effectiveness of the
D. Indication of the need for corrective action. objectives are
Gleim CIA Test Prep: Part 1 - Internal Audit Basics undertaken on a periodic basis by the internal audit activity.
(720 questions) D.
Copyright 2013 Gleim Publications Inc. Page 127 Answer (A) is correct. The elements of control include (1)
Printed for Sanja Knezevic establishing standards
Answer (A) is incorrect. Measurement of progress toward goals is for the operation to be controlled, (2) measuring performance against
implied by the the
definition of control. standards, (3) examining and analyzing deviations, (4) taking
Answer (B) is incorrect. Uncovering of deviations from plans is corrective action,
implied by the and (5) reappraising the standards based on experience. These
definition of control. elements of control
Answer (C) is correct. The elements of control include (1) provide reasonable assurance to management that established
establishing standards for objectives and goals
the operation to be controlled, (2) measuring performance against will be achieved.
the standards, (3) Answer (B) is incorrect. More than simply the establishment and
examining and analyzing deviations, (4) taking corrective action, and communication
(5) reappraising of objectives is required for effective control.
the standards based on experience. Thus, assigning responsibility Answer (C) is incorrect. The essential elements of adoption of
for deviations found standards,
is not a part of the controlling function. comparison, and corrective action are also needed.
Answer (D) is incorrect. Indication of the need for corrective action Answer (D) is incorrect. The essential elements of adoption of
is implied by the standards,
definition of control. comparison, and corrective action are also needed.
[233] Gleim #: 3.1.2 Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Controls provide assurance to management that desired actions will (720 questions)
be accomplished Copyright 2013 Gleim Publications Inc. Page 128
when objectives are established in writing and Printed for Sanja Knezevic
Standards are adopted, results are compared with the standards, fb.com/ciaaofficial
and corrective [234] Gleim #: 3.1.3
An internal auditor is examining inventory control in a merchandising A. Planning looks to the future; controlling is concerned with the past.
division with B. Planning and controlling are completely independent of each
annual sales of US $3,000,000 and a 40% gross profit rate. Tests other.
show that 2% of the Planning prevents problems; controlling is initiated by problems that
monetary amount of purchases do not reach inventory because of have
breakage and occurred.
employee theft. Adding certain controls costing US $35,000 annually C.
could reduce D. Controlling cannot operate effectively without the tools provided
these losses to .5% of purchases. Should the controls be by planning.
recommended? Answer (A) is incorrect. A control system looks to the future when it
Yes, because the projected saving exceeds the cost of A. the added provides for
controls. corrective action and review and revision of standards.
B. No, because the cost of the added controls exceeds the projected Answer (B) is incorrect. Planning and controlling overlap.
savings. Answer (C) is incorrect. Comprehensive planning includes creation
C. Yes, because the ideal system of internal control is the most of controls.
extensive one. Answer (D) is correct. Control is the process of making certain that
Yes, regardless of cost-benefit considerations, because the situation plans are
involves achieving the desired objectives. The elements of control include (1)
employee theft. establishing
D. standards for the operation to be controlled, (2) measuring
Answer (A) is incorrect. The cost exceeds the benefit. performance against
Answer (B) is correct. Controls must be subject to the cost-benefit the standards, (3) examining and analyzing deviations, (4) taking
criterion. The corrective
annual cost of these inventory controls is US $35,000, but the cost action, and (5) reappraising the standards based on experience.
savings is only Planning provides
US $27,000 {(2.0% – 0.5%) × [$3,000,000 sales × (1.0 – 0.4 gross needed tools for the control process by establishing standards, i.e.,
profit rate)]}. the first step.
Hence, the cost exceeds the benefit, and the controls should not be Gleim CIA Test Prep: Part 1 - Internal Audit Basics
recommended. (720 questions)
Answer (C) is incorrect. The ideal system is subject to the cost- Copyright 2013 Gleim Publications Inc. Page 129
benefit criterion. Printed for Sanja Knezevic
The most extensive system of internal controls may not be cost [236] Gleim #: 3.1.5
effective. Which of the following best defines control?
Answer (D) is incorrect. Cost-benefit considerations apply even to Control is the result of proper planning, organizing, and directing A.
employee by management.
theft. B. Controls are statements of what the organization chooses to
[235] Gleim #: 3.1.4 accomplish.
Which of the following statements best describes the relationship Control is provided when cost-effective measures are taken to
between planning restrict deviations
and controlling? to a tolerable level.
C. Control procedures should be designed from the “bottom up” to
Control accomplishes objectives and goals in an accurate, timely, ensure attention
and economical to detail.
fashion. D.
D. Answer (A) is incorrect. Termination of employees who perform
Answer (A) is correct. A control is “any action taken by management, unsatisfactorily
the board, is not a comprehensive definition of control.
and other parties to manage risk and increase the likelihood that Answer (B) is correct. A control is any action taken by management,
established the board,
objectives and goals will be achieved” (The IIA Glossary). Thus, and other parties to manage risk and increase the likelihood that
control is the established
result of proper planning, organizing, and directing by management. objectives and goals will be achieved (IIA Glossary).
Answer (B) is incorrect. Established objectives and goals are what Answer (C) is incorrect. Control is not limited to processing.
the Moreover, it should
organization chooses to accomplish. be designed by management, the board, and others, not by internal
Answer (C) is incorrect. The internal audit activity evaluates the auditors. The
efficiency of internal auditor’s objectivity is impaired by designing such systems.
controls, but the definition of control addresses effectiveness in Answer (D) is incorrect. Some control procedures may be designed
achieving from the
objectives and goals. bottom up, but the concept of control flows from management and
Answer (D) is incorrect. Efficient performance accomplishes the board down
objectives and goals through the organization.
in an accurate, timely, and economical fashion. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[237] Gleim #: 3.1.6 (720 questions)
Internal auditors regularly evaluate controls. Which of the following Copyright 2013 Gleim Publications Inc. Page 130
best describes the Printed for Sanja Knezevic
concept of control as recognized by internal auditors? fb.com/ciaaofficial
Management regularly discharges personnel who do not perform up [238] Gleim #: 3.1.7
to Specific airline ticket information, including fare, class, purchase
expectations. date, and lowest
A. available fare options, as prescribed in the organization’s travel
Management takes action to enhance the likelihood that established policy, is obtained and
goals and reported to department management when employees purchase
objectives will be achieved. airline tickets from the
B. organization’s authorized travel agency. Such a report provides
Control represents specific procedures that accountants and internal information for
auditors Quality of performance in relation to the organization’s A. travel
design to ensure the correctness of processing. policy.
C. B. Identifying costs necessary to process employee business
expense report data.
C. Departmental budget-to-actual comparisons. According to The IIA Glossary appended to the Standards, which of
D. Supporting employer’s business expense deductions. the following are
Answer (A) is correct. Comparison of actual performance against a most directly designed to ensure that risks are contained?
standard A. Risk management processes.
provides information for assessing quality of performance. B. Internal audit activities.
Answer (B) is incorrect. This ticket information is preliminary; C. Control processes.
employees may D. Governance processes.
change tickets and routings prior to their trip. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (C) is incorrect. Departmental budget-to-actual comparisons (720 questions)
do not Copyright 2013 Gleim Publications Inc. Page 131
necessarily reflect the actual costs ultimately incurred. Printed for Sanja Knezevic
Answer (D) is incorrect. Supporting expense deductions may not Answer (A) is incorrect. Risk management is a process to identify,
necessarily assess, manage,
reflect actual costs. and control potential events or situations to provide reasonable
[239] Gleim #: 3.1.8 assurance regarding the
The actions taken to manage risk and increase the likelihood that achievement of the organization’s objectives.
established Answer (B) is incorrect. An internal audit activity is a department,
objectives and goals will be achieved are best described as division, team of
A. Supervision. consultants, or other practitioner(s) that provides independent,
B. Quality assurance. objective assurance and
C. Control. consulting services designed to add value and improve an
D. Compliance. organization’s operations.
Answer (A) is incorrect. Supervision is just one means of achieving Answer (C) is correct. Control processes are the policies,
control. procedures, and activities
Answer (B) is incorrect. Quality assurance relates to just one set of that are part of a control framework, designed to ensure that risks are
objectives and contained within
goals. It does not pertain to achievement of all established the risk tolerances established by the risk management process.
organizational Answer (D) is incorrect. Governance is the combination of
objectives and goals. processes and structures
Answer (C) is correct. Control is “any action taken by management, implemented by the board to inform, direct, manage, and monitor the
the board, activities of the
and other parties to manage risk and increase the likelihood that organization toward the achievement of its objectives.
established [241] Gleim #: 3.2.10
objectives and goals will be achieved” (The IIA Glossary). The requirement that purchases be made from suppliers on an
Answer (D) is incorrect. Compliance is “adherence to policies, approved vendor list is
plans, procedures, an example of a
laws, regulations, contracts, or other requirements” (The IIA A. Preventive control.
Glossary). B. Detective control.
[240] Gleim #: 3.1.9 C. Corrective control.
D. Monitoring control.
Answer (A) is correct. Preventive controls are actions taken prior to Copyright 2013 Gleim Publications Inc. Page 132
the Printed for Sanja Knezevic
occurrence of transactions with the intent of stopping events that will fb.com/ciaaofficial
have [243] Gleim #: 3.2.12
negative effects from occurring. Use of an approved vendor list is a The procedure requiring preparation of a prelisting of incoming cash
control to receipts, with
prevent the use of unacceptable suppliers. copies of the prelist going to the cashier and to accounting, is an
Answer (B) is incorrect. A detective control identifies errors after example of which
they have type of control?
occurred. A. Preventive.
Answer (C) is incorrect. Corrective controls correct the problems B. Corrective.
identified by C. Detective.
detective controls. D. Directive.
Answer (D) is incorrect. Monitoring controls are designed to ensure Answer (A) is correct. A prelisting of cash receipts in the form of
the quality of checks is a
the control system’s performance over time. preventive control. It is intended to deter undesirable events from
[242] Gleim #: 3.2.11 occurring.
Controls that are designed to provide management with assurance of Because irregularities involving cash most likely take place before
the realization of receipts are
specified minimum gross margins on sales are recorded, either remittance advices or a prelisting of checks should
A. Directive controls. be prepared in
B. Preventive controls. the mailroom so as to establish recorded accountability for cash as
C. Detective controls. soon as
D. Output controls. possible. A cash register tape is a form of prelisting for cash received
Answer (A) is correct. The objective of directive controls is to cause over the
or encourage counter. One copy of a prelisting will go to accounting for posting to
desirable events to occur, e.g., providing management with the cash
assurance of the receipts journal, and another is sent to the cashier for reconciliation
realization of specified minimum gross margins on sales. with checks
Answer (B) is incorrect. Preventive controls deter undesirable and currency received.
events from Answer (B) is incorrect. A corrective control remedies an error or
occurring. irregularity.
Answer (C) is incorrect. Detective controls uncover and correct Answer (C) is incorrect. A detective control uncovers an error or
undesirable irregularity that
events that have occurred. has already occurred.
Answer (D) is incorrect. Output controls relate to the accuracy and Answer (D) is incorrect. A directive control causes or encourages a
reasonableness of information processed by a system, not to desirable
operating controls. event.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [244] Gleim #: 3.2.13
(720 questions)
Controls may be classified according to the function they are D. Application control.
intended to perform, for Answer (A) is correct. Feedforward controls anticipate and prevent
example, as detective, preventive, or directive. Which of the following problems.
is a directive Policies and procedures serve as feedforward controls because they
control? provide
A. Monthly bank statement reconciliations. guidance on how an activity should be performed to best ensure that
B. Dual signatures on all disbursements over a specific amount. an objective
C. Recording every transaction on the day it occurs. is achieved.
D. Requiring all members of the internal audit activity to be CIAs. Answer (B) is incorrect. Implementation controls are applied during
Answer (A) is incorrect. Monthly bank statement reconciliation is a systems
detective development.
control. The events audited have already occurred. Answer (C) is incorrect. Policies and procedures provide primary
Answer (B) is incorrect. Requiring dual signatures on all guidance before
disbursements over a and during the performance of some task rather than give feedback
specific amount is a preventive control. The control is designed to on its
deter an accomplishment.
undesirable event. Answer (D) is incorrect. Application controls apply to specific
Answer (C) is incorrect. Recording every transaction on the day it applications, e.g.,
occurs is a payroll or accounts payable.
preventive control. The control is designed to deter an undesirable [246] Gleim #: 3.2.15
event. Managerial control can be divided into feedforward, concurrent, and
Answer (D) is correct. Requiring all members of the internal audit feedback
activity to be controls. Which of the following is an example of a feedback control?
CIAs is a directive control. The control is designed to cause or A. Quality control training.
encourage a B. Budgeting.
desirable event to occur. The requirement enhances the C. Forecasting inventory needs.
professionalism and level D. Variance analysis.
of expertise of the internal audit activity. Answer (A) is incorrect. Quality control training is a feedforward, or
Gleim CIA Test Prep: Part 1 - Internal Audit Basics futuredirected,
(720 questions) control.
Copyright 2013 Gleim Publications Inc. Page 133 Answer (B) is incorrect. Budgeting is a feedforward, or future-
Printed for Sanja Knezevic directed, control.
[245] Gleim #: 3.2.14 Answer (C) is incorrect. Forecasting inventory needs is a
An organization’s policies and procedures are part of its overall feedforward, or futuredirected,
system of internal control.
controls. The control function performed by policies and procedures Answer (D) is correct. A feedback control measures actual
is performance, i.e.,
A. Feedforward control. something that has already occurred, to ensure that a desired future
B. Implementation control. state is
C. Feedback control.
attained. It is used to evaluate past activity to improve future [248] Gleim #: 3.2.17
performance. A As part of a total quality control program, a firm not only inspects
variance is a deviation from a standard. Hence, variance analysis is finished goods but
a feedback also monitors product returns and customer complaints. Which type
control. of control best
[247] Gleim #: 3.2.16 describes these efforts?
The operations manager of a company notified the treasurer of that A. Feedback control.
organization 60 B. Feedforward control.
days in advance that a new, expensive piece of machinery was going C. Production control.
to be purchased. D. Inventory control.
This notification allowed the treasurer to make an orderly liquidation Answer (A) is correct. A feedback control measures actual
of some of the performance,
company’s investment portfolio on favorable terms. What type of something that has already occurred, to ensure that a desired future
control was state is
involved? attained. It is used to evaluate the past to improve future
A. Feedback. performance. Inspecting
B. Strategic. finished goods, monitoring product returns, and evaluating
C. Concurrent. complaints are postaction
D. Feedforward. controls intended to eliminate deviations in future cycles of the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics process
(720 questions) under control.
Copyright 2013 Gleim Publications Inc. Page 134 Answer (B) is incorrect. Feedforward controls anticipate problems
Printed for Sanja Knezevic before they
fb.com/ciaaofficial occur.
Answer (A) is incorrect. Feedback controls apply to decision making Answer (C) is incorrect. Customer complaints are not part of
based on production control.
evaluations of past performance. Answer (D) is incorrect. The three types of control are feedforward,
Answer (B) is incorrect. Strategic controls are broad-based and concurrent,
affect an organization and feedback.
over a long period. They apply to such long-term variables as quality [249] Gleim #: 3.2.18
and R&D. The use of financial statement analysis, quality control procedures,
Answer (C) is incorrect. Concurrent controls adjust ongoing and employee
processes. performance evaluations are all examples of
Answer (D) is correct. Feedforward controls provide for the active A. Preliminary controls.
anticipation of B. Concurrent controls.
problems so that they can be avoided or resolved in a timely manner. C. Feedback controls.
Another example D. Feedforward controls.
is the quality control inspection of raw materials and work-in-process Answer (A) is incorrect. Feedforward (preliminary) controls
to avoid anticipate and avoid
defective finished goods. future performance problems, e.g., budgeting.
Answer (B) is incorrect. Concurrent controls are applied midstream, [251] Gleim #: 3.2.20
e.g., Of the following, the controls that are often difficult for internal
inspection on an assembly line. auditors to evaluate
Answer (C) is correct. A feedback control operates to provide because of the lack of criteria or standards are
information about A. Preventive controls.
processes that have already occurred. B. Financial controls.
Answer (D) is incorrect. Feedforward (preliminary) controls C. Corrective controls.
anticipate and avoid D. Operating controls.
future performance problems, e.g., budgeting. Answer (A) is incorrect. Preventive controls keep loss exposures
Gleim CIA Test Prep: Part 1 - Internal Audit Basics from occurring.
(720 questions) They include not only operating controls but also those for which
Copyright 2013 Gleim Publications Inc. Page 135 quantifiable
Printed for Sanja Knezevic standards are readily determined.
[250] Gleim #: 3.2.19 Answer (B) is incorrect. Financial controls, e.g., a budget, are
The internal audit activity of an organization is an integral part of the subject to
organization’s quantifiable standards that are relatively easy to measure.
risk management, control, and governance processes because it Answer (C) is incorrect. Corrective controls are post-detection or
evaluates and remedial
contributes to the improvement of those processes. Select the type controls. They may include controls for which standards are easily
of control provided defined, such
when the internal audit activity conducts a systems development as financial controls.
analysis. Answer (D) is correct. Operating controls are those used in the
A. Feedback control. management
B. Strategic plans. processes of directing and controlling and are based on comparison
C. Policies and procedures. of results with
D. Feedforward control. standards. As an activity becomes less mechanical, however,
Answer (A) is incorrect. A feedback control provides information on standards become
the results more difficult to determine. Control standards for security, for
of a completed activity. example, are less
Answer (B) is incorrect. Strategic plans are developed by senior easily developed than for the output per hour of a machine because
management to the degree of
provide long-range guidance for the organization. security achieved is not readily measurable.
Answer (C) is incorrect. Policies and procedures are developed by Gleim CIA Test Prep: Part 1 - Internal Audit Basics
management. (720 questions)
They are the most basic control subsystem of an organization. Copyright 2013 Gleim Publications Inc. Page 136
Answer (D) is correct. A feedforward control provides information on Printed for Sanja Knezevic
potential fb.com/ciaaofficial
problems so that corrective action can be taken in anticipation, rather [252] Gleim #: 3.2.21
than as a Which of the following operating controls relate to the organizing
result, of a problem. function?
Formal procedures for selecting potential A. suppliers. entity’s objectives and goals. Of the controls listed, only the timely
Procedures providing for clear levels of purchase order approvals sharing of
based on the scheduling information with purchasing personnel fits this
value of the requisition. description.
B. Answer (B) is incorrect. Providing timely feedback relates to the
C. Written objectives and goals for the department. control function,
D. Timely materials reporting to buyers. not the directing function.
Answer (A) is incorrect. Establishing procedures is a function of Answer (C) is incorrect. Prescribing formal procedures for selecting
planning, which potential
is the determination of how an individual activity is to be done. suppliers is a part of the planning function, not the directing function.
Answer (B) is correct. Organizing is the intentional design and Answer (D) is incorrect. Establishing measurable goals for the
structuring of department is a
tasks and roles to accomplish organizational goals. An arrangement part of the planning function, not the directing function.
that requires [254] Gleim #: 3.2.23
purchases of greater value to be authorized at higher management Which of the following is not a type of control?
levels is an A. Preventive.
example of an organizational control. B. Reactive.
Answer (C) is incorrect. Establishing objectives and goals is also a C. Detective.
planning D. Directive.
function. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Answer (D) is incorrect. Provision of timely information is a control (720 questions)
function. Copyright 2013 Gleim Publications Inc. Page 137
[253] Gleim #: 3.2.22 Printed for Sanja Knezevic
Which of the following is an operating control relating to Answer (A) is incorrect. Controls may be preventive.
management’s directing Answer (B) is correct. Controls may be preventive (to deter
function? undesirable events from
Informing purchasing personnel of the future need for long-lead-time occurring), detective (to detect and correct undesirable events which
products in have occurred), or
ample time. directive (to cause or encourage a desirable event to occur).
A. “Reactive” is not a
Supplying buyers with timely, accurate, and useful reports on specified type of control. However, controls may be reactive in the
products received, sense that they
accepted, or rejected. detect an undesirable event and react to it or correct it.
B. Answer (C) is incorrect. Controls may be detective.
C. Prescribing formal procedures for selecting potential suppliers. Answer (D) is incorrect. Controls may be directive.
D. Establishing measurable goals for the department. [255] Gleim #: 3.2.24
Answer (A) is correct. Directing is the process of motivating people An adequate and effective system of internal control provides
in an reasonable assurance
organization to contribute effectively and efficiently to the that objectives will be achieved. Controls may be preventive,
achievement of the detective, or directive.
Which of the following is a detective control for the procurement B. Passive, mitigating control.
function? C. Active, detective control.
Goods received are counted and compared with quantities on D. Detective, preventive control.
purchase order and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
receiving reports. (720 questions)
A. Copyright 2013 Gleim Publications Inc. Page 138
The procurement function is organizationally separate from receiving, Printed for Sanja Knezevic
disbursing, fb.com/ciaaofficial
and accounting. Answer (A) is incorrect. The control is detective, but it is not
B. directive. A directive
Review and approval of each procurement action is required prior to control causes or encourages a desirable event to occur.
the final Answer (B) is incorrect. The control is neither passive nor mitigating.
issuance of a purchase order. It is detected by
C. the clerk in a conscious effort to maintain proper documentation.
Prenumbered standard purchase order forms include all relevant Moreover, a
terms required to mitigating (compensating) control is used when other controls are not
be used in all applicable instances. feasible, for
D. example, supervisory review when segregation of duties is absent.
Answer (A) is correct. Detective controls are designed to detect and Answer (C) is correct. When shipping documents are not received in
correct the shipping
undesirable events that have occurred. Accounting for all goods department (such as copies of the sales invoice, customer order
received and form, and bill of
comparing quantities on purchase orders and receiving reports is an lading), the clerk should attempt to obtain the proper documentation
example. from the
Answer (B) is incorrect. Segregation of duties is a preventive originating organization. This type of control is detective because it
control. Preventive detects and
controls deter undesirable events from occurring. attempts to correct an undesirable event that has occurred. It is also
Answer (C) is incorrect. Review and approval of each procurement active because it
action is a takes a conscious intervention by the clerk to ensure the
preventive control. documentation is received.
Answer (D) is incorrect. Using prenumbered standard purchase Answer (D) is incorrect. The control is not preventive. It does not
order forms is a deter an undesirable
preventive control. event.
[256] Gleim #: 3.2.25 [257] Gleim #: 3.2.26
When a copy of the sale invoice is not received by an organization’s Which of the following is a feedback control?
shipping Preventive A. maintenance.
department, an employee requests the document from the proper B. Inspection of completed goods.
authority. This C. Close supervision of production-line workers.
process is a(n) D. Measuring performance against a standard.
Directive, A. detective control.
Answer (A) is incorrect. Preventive maintenance is a feedforward circumvent controls. For example, comparison of recorded
control. It accountability for assets
attempts to anticipate and prevent problems. with the assets known to be held may fail to detect fraud if persons
Answer (B) is correct. Feedback controls obtain information about having custody of
completed assets collude with recordkeepers.
activities. They permit improvement in future performance by Answer (C) is incorrect. Management can override controls.
learning from past Answer (D) is incorrect. Even a single manager may be able to
mistakes. Thus, corrective action occurs after the fact. Inspection of override controls.
completed [259] Gleim #: 3.3.28
goods is an example of a feedback control. An organization has grown rapidly and has just automated its human
Answer (C) is incorrect. The close supervision of production-line resource system.
workers is a The organization has developed a large database that tracks
concurrent control. It adjusts an ongoing process. employees, employee
Answer (D) is incorrect. Measuring performance against a standard benefits, payroll deductions, job classifications, ethnic code, age,
is a general insurance, medical
aspect of control. protection, and other similar information. Management has asked the
[258] Gleim #: 3.3.27 internal audit
An adequate system of internal controls is most likely to detect a activity to review the new system. The automated system contains a
fraud perpetrated by table of pay rates
a matched with the employee job classifications. The best control to
A. Group of employees in collusion. ensure that the table
B. Single employee. is updated correctly for only valid pay changes is to
C. Group of managers in collusion. Limit access to the data table to management and line supervisors
D. Single manager. who have the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics authority to determine pay rates.
(720 questions) A.
Copyright 2013 Gleim Publications Inc. Page 139 Require a supervisor in the department, who does not have the
Printed for Sanja Knezevic ability to change
Answer (A) is incorrect. A group has a better chance of successfully the table of pay rates, to compare the changes with a signed
perpetrating a management
fraud than does an individual employee. authorization.
Answer (B) is correct. Segregation of duties and other control B.
processes serve to Ensure that adequate edit and reasonableness checks are built into
prevent or detect a fraud committed by an employee acting alone. the automated
One employee may system.
not have the ability to engage in wrongdoing or may be subject to C.
detection by other Require that all pay changes be signed by the employee to verify that
employees in the course of performing their assigned duties. the change
However, collusion may goes to a bona fide employee.
D.
Answer (A) is incorrect. Access to the database should be severely payroll department. Also, a report showing all employees and hours
restricted to worked
personnel within the human resources or payroll departments. should be sent to the supervisor’s department for review.
Answer (B) is correct. To maintain a proper segregation of duties, A.
changes in pay All new employees and their hours worked be entered by the human
rates should be authorized by someone outside the human resources
resources department. department.
Furthermore, authorization should be independently verified by an B.
individual who All changes to employee records be approved by supervisors outside
does not have a recording function. of both
Answer (C) is incorrect. Edit checks will not detect unauthorized human resources and payroll.
changes. C.
Answer (D) is incorrect. The control must ensure that changes in the The payroll department physically delivers paychecks to employees
table of pay rather than
rates are properly authorized and entered into the system. mailing them.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D.
(720 questions) Answer (A) is correct. The payroll department has a recording
Copyright 2013 Gleim Publications Inc. Page 140 function. It should
Printed for Sanja Knezevic not authorize pay rate changes or the addition or deletion of
fb.com/ciaaofficial employees from the
[260] Gleim #: 3.3.29 payroll. Accordingly, authorization of such changes should be made
An organization has grown rapidly and has just automated its human by an
resource system. individual outside the department. Verification of payroll data should
The organization has developed a large database that tracks also be
employees, employee made outside the department. Proper segregation of duties is critical
benefits, payroll deductions, job classifications, ethnic code, age, in the
insurance, medical prevention of payroll fraud.
protection, and other similar information. Management has asked the Answer (B) is incorrect. The entry of new employees and their hours
internal audit should be
activity to review the new system. An employee in the payroll segregated. The human resources department should not be
department is responsible for both
contemplating a fraud involving the addition of a fictitious employee activities.
and the entry of Answer (C) is incorrect. Approving changes in existing employee
fictitious hours worked. The paycheck would then be sent to the records does
payroll employee’s not prevent the fraud of entering a fictitious employee.
home address. The most effective control procedure to prevent this Answer (D) is incorrect. Physical delivery of paychecks does not
type of fraud is to prevent the
require that payroll employee from withholding the fictitious employee’s check.
A report of all new employees added be approved by someone Moreover, a
outside of the
department with a recording function should not have an asset Answer (A) is incorrect. The human resources department should
custody function. not add
Gleim CIA Test Prep: Part 1 - Internal Audit Basics employees and deliver paychecks. These two duties should be
(720 questions) segregated.
Copyright 2013 Gleim Publications Inc. Page 141 Answer (B) is incorrect. The functions are all performed by human
Printed for Sanja Knezevic resources.
[261] Gleim #: 3.3.30 There is no segregation of duties.
An organization has grown rapidly and has just automated its human Answer (C) is correct. The functions of transaction authorization and
resource system. recording
The organization has developed a large database that tracks should be segregated to minimize opportunities for fraud.
employees, employee Furthermore, automatic
benefits, payroll deductions, job classifications, ethnic code, age, check deposit reduces asset custody risk.
insurance, medical Answer (D) is incorrect. Payroll is adding employees and processing
protection, and other similar information. Management has asked the hours.
internal audit These two duties should be performed by different departments.
activity to review the new system. Human resources and payroll are [262] Gleim #: 3.3.31
separate Internal control should follow certain basic principles to achieve its
departments. Which of the following combinations provides the best objectives. One of
segregation of these principles is the segregation of functions. Which one of the
duties? following examples
Human resources adds employees, payroll processes hours, and does not violate the principle of segregation of functions?
human resources The treasurer has the authority to sign checks but gives the signature
delivers the paychecks to employees. block to the
A. assistant treasurer to run the check-signing machine.
Human resources adds employees, reviews and submits payroll A.
hours to payroll The warehouse clerk, who has the custodial responsibility over
for processing, and delivers paychecks to employees. inventory in the
B. warehouse, may authorize disposal of damaged goods.
Human resources adds employees, and payroll processes hours and B.
enters The sales manager has the responsibility to approve credit and the
employee bank account numbers. Paychecks are automatically authority to
deposited in the write off accounts.
employee’s bank account. C.
C. The department time clerk is given the undistributed payroll checks
Payroll adds employees and enters employees’ bank account to mail to
numbers but absent employees.
processes hours only as approved by human resources. Paychecks D.
are Gleim CIA Test Prep: Part 1 - Internal Audit Basics
automatically deposited in the employee’s bank account. (720 questions)
D. Copyright 2013 Gleim Publications Inc. Page 142
Printed for Sanja Knezevic Answer (B) is incorrect. Matching quantity received with the packing
fb.com/ciaaofficial slip does
Answer (A) is correct. The treasurer’s department should have not ensure receipt of the quantity ordered.
custody of assets but Answer (C) is correct. Use of the master price list ensures that the
should not authorize or record transactions. Because the assistant correct retail
treasurer reports to price is marked.
the treasurer, the treasurer is merely delegating an assigned duty Answer (D) is incorrect. Goods may or may not be needed in retail
related to asset sales.
custody. [264] Gleim #: 3.3.33
Answer (B) is incorrect. Authorization to dispose of damaged goods The manager of a production line has the authority to order and
could be used to receive replacement
cover thefts of inventory for which the warehouse clerk has custodial parts for all machinery that requires periodic maintenance. The
responsibility. internal auditor
Transaction authorization is inconsistent with asset custody. received an anonymous tip that the manager ordered substantially
Answer (C) is incorrect. The sales manager could approve credit to more parts than
a controlled were necessary from a family member in the parts supply business.
organization and then write off the account as a bad debt. The sales The unneeded
manager’s parts were never delivered. Instead, the manager processed
authorization of credit is inconsistent with his/her indirect access to receiving documents and
assets. charged the parts to machinery maintenance accounts. The
Answer (D) is incorrect. The time clerk could conceal the payments for the
termination of an employee undelivered parts were sent to the supplier, and the money was
and retain that employee’s paycheck. Recordkeeping is inconsistent divided between the
with asset custody. manager and the family member. Which of the following internal
[263] Gleim #: 3.3.32 controls would have
Upon receipt of purchased goods, receiving department personnel most likely prevented this fraud from occurring?
match the quantity Establishing predefined spending levels for all vendors during the
received with the packing slip quantity and mark the retail price on bidding
the goods based on process.
a master price list. The annotated packing slip is then forwarded to A.
inventory control B. Segregating the receiving function from the authorization of parts
and goods are automatically moved to the retail sales area. The most purchases.
significant C. Comparing the bill of lading for replacement parts to the approved
control strength of this activity is purchase order.
Immediately pricing goods A. for retail sale. Using the company’s inventory system to match quantities requested
B. Matching quantity received with the packing slip. with
C. Using a master price list for marking the sale price. quantities received.
D. Automatically moving goods to the retail sales area. D.
Answer (A) is incorrect. Timing is not as important as the accuracy Gleim CIA Test Prep: Part 1 - Internal Audit Basics
of prices. (720 questions)
Copyright 2013 Gleim Publications Inc. Page 143 An accounts receivable clerk, who approves sales returns and
Printed for Sanja Knezevic allowances, receives
Answer (A) is incorrect. Predefined spending levels would probably customer remittances and deposits them in the bank. Limited
already include supervision is
the fraudulent amounts and would only limit the size of the fraud. maintained over the employee.
Answer (B) is correct. Segregating the parts authorization and C.
receiving functions A clerk in the invoice processing department fails to match a
would have improved internal control. If the parts in question had vendor’s invoice
been sent to the with its related receiving report. Checks are not signed unless all
company and a receiving report had been prepared by an employee appropriate
other than the one documents are attached to a voucher.
ordering the goods, the fraud could not have occurred. Moreover, the D.
receiving Answer (A) is incorrect. The requirement for documentation will
department should not accept goods unless it has a blind copy of a reveal a theft
properly approved when the fund is reimbursed unless the documents can be falsified.
purchase order for the items. Answer (B) is incorrect. The amount involved is probably not
Answer (C) is incorrect. The bill of lading would agree with the material.
purchase order. The Answer (C) is correct. Segregation of duties among key functions is
quantity received (verified by a third party) should be compared to an important
both the bill of control procedure. An accounts receivable clerk who is permitted to
lading and the purchase order. approve sales
Answer (D) is incorrect. The computer matching would only verify returns and allowances and also receive customer remittances could
the fraudulent misappropriate funds received and cover the shortage by debiting
paperwork. sales returns and
[265] Gleim #: 3.3.34 allowances. Limited supervision is insufficient to compensate for lack
Which one of the following is most likely to be considered an internal of
control segregation of duties.
weakness? Answer (D) is incorrect. The requirement for documentation will
The petty cash custodian has the ability to steal petty cash. uncover the
Documentation for all oversight.
disbursements from the fund must be submitted with the request for Gleim CIA Test Prep: Part 1 - Internal Audit Basics
replenishment (720 questions)
of the fund. Copyright 2013 Gleim Publications Inc. Page 144
A. Printed for Sanja Knezevic
An inventory control clerk at a manufacturing plant has the ability to fb.com/ciaaofficial
steal one [266] Gleim #: 3.3.35
completed television set from inventory a year. The theft probably will One characteristic of an effective internal control structure is the
never be proper segregation of
detected. duties. The combination of responsibilities that would not be
B. considered a violation of
segregation of functional responsibilities is or sooner if a bankruptcy or other unusual circumstances are
Signing of paychecks and custody of blank A. payroll checks. involved. Credit
B. Preparation of paychecks and check distribution. memoranda are prenumbered and must correlate with receiving
C. Approval of time cards and preparation of paychecks. reports. Which of the
D. Timekeeping and preparation of payroll journal entries. following areas could be viewed as an internal control weakness of
Answer (A) is incorrect. Persons with recordkeeping but not custody the above
of assets organization?
responsibilities should have access to blank checks, while the duty of A. Write-offs of delinquent accounts.
signing B. Credit approvals.
checks (custodianship) should be assigned to persons (e.g., the C. Monthly aging of receivables.
treasurer) with no D. Handling of credit memos.
recordkeeping function. Answer (A) is correct. The accounts receivable manager has the
Answer (B) is incorrect. Payroll preparation and payment to ability to
employees should be perpetrate irregularities because (s)he performs incompatible
segregated since they are incompatible recordkeeping and functions.
custodianship functions. Authorization and recording of transactions should be separate.
Answer (C) is incorrect. Approval of time cards is an authorization Thus, someone
function that outside the accounts receivable department should authorize write-
is incompatible with the recordkeeping function of preparation of offs.
paychecks. Answer (B) is incorrect. Credit approval is an authorization function
Answer (D) is correct. Combining the timekeeping function and the that is
preparation properly segregated from the recordkeeping function.
of the payroll journal entries would not be improper because the Answer (C) is incorrect. Monthly aging is appropriate.
employee has no Answer (D) is incorrect. The procedures regarding credit
access to assets or to employee records in the human resources memoranda are
department. Only standard controls.
through collusion could an embezzlement be perpetrated. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Accordingly, the (720 questions)
functions of authorization, recordkeeping, and custodianship remain Copyright 2013 Gleim Publications Inc. Page 145
separate. Printed for Sanja Knezevic
[267] Gleim #: 3.3.36 [268] Gleim #: 3.3.37
An internal auditor noted that the accounts receivable department is Which of the following controls would prevent the ordering of
separate from quantities in excess of
other accounting activities. Credit is approved by a separate credit an organization’s needs?
department. Control Review of all purchase requisitions by a supervisor in the user
accounts and subsidiary ledgers are balanced monthly. Similarly, department prior to
accounts are aged submitting them to the purchasing department.
monthly. The accounts receivable manager writes off delinquent A.
accounts after 1 year, Automatic reorder by the purchasing department when low inventory
level is
indicated by the system. C. Use predetermined totals (hash totals) of cash receipts to control
B. posting routines.
A policy requiring review of the purchase order before receiving C. a The employee who receives customer mail receipts prepares the
new shipment. daily bank
A policy requiring agreement of the receiving report and packing slip deposit, which is then deposited by another employee.
before D.
storage of new receipts. Answer (A) is incorrect. The bank reconciliation is a detective, not a
D. preventive,
Answer (A) is correct. Supervisory review at the originating control.
department level is Answer (B) is correct. Sequentially numbered receipts should be
one means of control over the number of items ordered. This control issued to
is an maintain accountability for cash collected. Such accountability should
example of the segregation of duties. Authorization should be be
separate from established as soon as possible because cash has a high inherent
recordkeeping and asset custody. risk. Daily cash
Answer (B) is incorrect. Automatic reordering does not consider receipts should be deposited intact so that receipts and bank
future plans, deposits can be
which could lead to purchases of excess material. reconciled. The reconciliation should be performed by someone
Answer (C) is incorrect. Review of the purchase order before independent of
receiving a new the cash custody function.
shipment is a control for the risk of accepting unordered goods. Answer (C) is incorrect. Use of hash totals is a control over the
Answer (D) is incorrect. A policy requiring agreement of the completeness of
receiving report and posting routines, not cash receipts.
packing slip before storage of new receipts is a control over the risk Answer (D) is incorrect. A cash remittance list should be prepared
of receiving before a
an amount other than that ordered. separate employee prepares the bank deposit. The list and deposit
[269] Gleim #: 3.3.38 represent
Which of the following describes the most effective preventive control separate records based on independent counts made by different
to ensure employees.
proper handling of cash receipt transactions? Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Have bank reconciliations prepared by an employee not involved (720 questions)
with cash Copyright 2013 Gleim Publications Inc. Page 146
collections and then have them reviewed by a supervisor. Printed for Sanja Knezevic
A. fb.com/ciaaofficial
One employee issues a prenumbered receipt for all cash collections; [270] Gleim #: 3.3.39
another Checks from customers are received in the organization’s mail room
employee reconciles the daily total of prenumbered receipts to the each day. What
bank deposits. controls should be in place to safeguard them?
B. Establishing a separate post office box for A. customer payments.
B. Forwarding all checks to the cashier upon receipt.
C. Requiring a specific mail clerk to list and restrictively endorse Answer (C) is incorrect. The payroll register should be approved by
each check. an officer of
D. Providing bonding protection for mail clerks. the organization. This control is a strength.
Answer (A) is incorrect. Requiring a specific mail clerk to list and Answer (D) is incorrect. Paychecks should be drawn on a separate
restrictively payroll
endorse each check provides more protection than establishing a checking account. This control is a strength.
separate post [272] Gleim #: 3.3.41
office box for customer payments. The internal auditor recognizes that certain limitations are inherent in
Answer (B) is incorrect. The same person should not both receive any system of
and deposit internal controls. Which one of the following scenarios is the result of
checks. an inherent
Answer (C) is correct. An employee who does not have access to limitation of internal control?
other records A. The comptroller both makes and records cash deposits.
should open the mail and prepare a list of checks received. The A security guard allows one of the warehouse employees to remove
check listing will assets from
later be reconciled with the daily bank deposit and entries to the premises without authorization.
accounts receivable. B.
A restrictive endorsement (“for deposit only”) will put transferees on C. The organization sells to customers on account, without credit
notice to act approval.
accordingly (that is, deposit the check in the organization’s account). An employee who is unable to read is assigned custody of the
Answer (D) is incorrect. Bonding insures against, but does not organization’s
directly prevent, computer tape library and run manuals that are used during the third
losses. shift.
[271] Gleim #: 3.3.40 D.
Which of the following activities performed by a payroll clerk is a Gleim CIA Test Prep: Part 1 - Internal Audit Basics
control weakness (720 questions)
rather than a control strength? Copyright 2013 Gleim Publications Inc. Page 147
A. Has custody of the check signature stamp machine. Printed for Sanja Knezevic
B. Prepares the payroll register. Answer (A) is incorrect. Segregating the functions of recording and
C. Forwards the payroll register to the chief accountant for approval. asset custody is
D. Draws the paychecks on a separate payroll checking account. customary. That the comptroller both makes and records cash
Answer (A) is correct. Payroll checks should be signed by the deposits is an avoidable
treasurer, i.e., by control weakness.
someone who is not involved in timekeeping, recordkeeping, or Answer (B) is correct. Inherent limitations in internal control arise
payroll from mistakes in
preparation. The payroll clerk performs a recordkeeping function. judgment, misunderstandings of instructions, personnel
Answer (B) is incorrect. Preparing the payroll register is one of the carelessness, distraction,
recordkeeping fatigue, collusion, perpetrations by management, changing
tasks of the payroll clerk. conditions, and
deterioration of degrees of compliance. Thus, a control (use of department store’s disbursement cycle reflects a control strength?
security guards) based Individual department managers use prenumbered forms to order
on segregation of functions may be overcome by collusion among merchandise
two or more from vendors.
employees. A.
Answer (C) is incorrect. Transactions can and should be authorized The receiving department is given a copy of the purchase order
before execution. complete with a
The security guard’s failure to obtain authorization for removal of description of goods, quantity ordered, and extended price for all
assets is an merchandise
avoidable control weakness. ordered.
Answer (D) is incorrect. Assignment of an unqualified employee is B.
an avoidable The treasurer’s office prepares checks for suppliers based on
control weakness. vouchers prepared by
[273] Gleim #: 3.3.42 the accounts payable department.
One payroll engagement objective is to determine whether C.
segregation of duties is Individual department managers are responsible for the movement of
proper. Which of the following activities is incompatible? merchandise
Hiring employees and authorizing changes A. in pay rates. from the receiving dock to storage or sales areas as appropriate.
B. Preparing the payroll and filing payroll tax forms. D.
C. Signing and distributing payroll checks. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
D. Preparing attendance data and preparing the payroll. (720 questions)
Answer (A) is incorrect. Hiring employees and authorizing changes Copyright 2013 Gleim Publications Inc. Page 148
in pay rates Printed for Sanja Knezevic
are both personnel functions. fb.com/ciaaofficial
Answer (B) is incorrect. Preparing the payroll and filing payroll tax Answer (A) is incorrect. The managers should submit purchase
forms are requisitions to the
both functions of the payroll department. purchasing department. The purchasing function should be separate
Answer (C) is incorrect. Proper treasury functions include signing from operations.
and Answer (B) is incorrect. To encourage a fair count, the receiving
distributing payroll checks. department should
Answer (D) is correct. Attendance data are accumulated by the receive a copy of the purchase order from which the quantity has
timekeeping been omitted.
function. Preparing the payroll is a payroll department function. For Answer (C) is correct. Accounting for payables is a recording
control function. The matching
purposes, these two functions should be separated to avoid the of the supplier’s invoice, the purchase order, and the receiving report
perpetration and (and usually the
concealment of irregularities. purchase requisition) should be the responsibility of the accounting
[274] Gleim #: 3.3.43 department. These
Which of the following observations made during the preliminary are the primary supporting documents for the payment voucher
survey of a local prepared by the
accounts payable section that will be relied upon by the treasurer in quantities of the materials ordered. A possible error that this system
making payment. could allow is
Answer (D) is incorrect. The receiving department should transfer A. Payment to unauthorized vendors.
goods directly to B. Payment for unauthorized purchases.
the storeroom to maintain security. A copy of the receiving report C. Overpayment for partial deliveries.
should be sent to the D. Delay in recording purchases.
storeroom so that the amount stored can be compared with the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
amount in the report. (720 questions)
[275] Gleim #: 3.3.44 Copyright 2013 Gleim Publications Inc. Page 149
Which of the following controls would help prevent overpaying a Printed for Sanja Knezevic
vendor? Answer (A) is incorrect. Comparing receipts with purchase orders
Reviewing and canceling supporting documents when A. a check is will help detect
issued. unauthorized vendors.
B. Requiring the check signer to mail the check directly to the vendor. Answer (B) is incorrect. Comparing receipts with purchase orders
C. Reviewing the accounting distribution for the expenditure. will help detect
D. Approving the purchase before ordering from the vendor. unauthorized purchases.
Answer (A) is correct. Reviewing and canceling the supporting Answer (C) is correct. To ensure a fair count, the copy of the
documents purchase order sent to
prevents paying a vendor twice for the same purchase. If the person the receiving clerk should not include quantities. The receiving clerk
who signs the should count the
check cancels the required documents, they cannot be recycled in items in the shipment and prepare a receiving report. Copies are
support of a sent to inventory
duplicate payment voucher. Securing the paid voucher file from control and accounts payable.
access by the Answer (D) is incorrect. Using purchase orders to identify receipts
accounts payable clerk is another effective control. will not cause a
Answer (B) is incorrect. Requiring the check signer to mail the delay in recording purchases.
check directly to [277] Gleim #: 3.3.46
the vendor would prevent the check from being misappropriated. Which of the following situations will cause an internal auditor to
Answer (C) is incorrect. Reviewing the accounting distribution for question the
the adequacy of controls over a purchasing function?
expenditure would ensure that the expenditure is debited to the The original and one copy of the purchase order are mailed to the
proper account(s). vendor. The
Answer (D) is incorrect. Approving the purchase before ordering copy on which the vendor acknowledges acceptance is returned to
from the vendor the purchasing
would ensure that only authorized purchases are made. department.
[276] Gleim #: 3.3.45 A.
A receiving department receives copies of purchase orders for use in Receiving reports are forwarded to purchasing where they are
identifying and matched with
recording inventory receipts. The purchase orders list the name of purchase orders and sent to accounts payable.
the vendor and the B.
The accounts payable section prepares documentation C. for Gleim CIA Test Prep: Part 1 - Internal Audit Basics
payments. (720 questions)
Unpaid voucher files and perpetual inventory records are Copyright 2013 Gleim Publications Inc. Page 150
independently Printed for Sanja Knezevic
maintained. fb.com/ciaaofficial
D. Answer (A) is correct. Shipping documents are prepared at the time
Answer (A) is incorrect. This practice ensures accurate of shipment. They
communication. are prenumbered to facilitate detection of unrecorded shipments. A
Answer (B) is correct. Purchasing and receiving should be gap in the sequence
organizationally of documents may indicate an irregularity. An employee outside the
independent. Moreover, comparing the purchase order and the shipping
receiving report department should account for these documents. Sales invoices are
should be the responsibility of a third person. Fraud perpetrated by a generated by the
purchasing organization’s computer system at the same time as the shipping
department employee could be concealed if (s)he is the first to obtain documents and
the should have the same numbers. Thus, every shipping document
receiving report. should be matched
Answer (C) is incorrect. Accounts payable may prepare with a sales invoice to ensure proper billing.
documentation but Answer (B) is incorrect. Accounting for sales invoices alone does
should not sign checks. not prevent or
Answer (D) is incorrect. Separately maintaining unpaid vouchers detect unbilled shipments.
and perpetual Answer (C) is incorrect. Segregating the duties for recording sales
inventory records is acceptable. transactions and
[278] Gleim #: 3.3.47 maintaining customer accounts does not ensure that all shipments
Which of the following ensures that all inventory shipments are billed are invoiced.
to customers? Answer (D) is incorrect. Customers who are not billed may not notify
Shipping documents are prenumbered and are independently the
accounted for and organization.
matched with sales invoices. [279] Gleim #: 3.3.48
A. If internal control is well designed, two tasks that should be
Sales invoices are prenumbered and are independently accounted performed by different
for and traced to persons are
the sales journal. Approval of bad debt write-offs, and reconciliation of the accounts
B. payable
Duties for recording sales transactions and maintaining customer subsidiary ledger and controlling account.
account balances A.
are separated. Distribution of payroll checks and approval of sales B. returns for
C. credit.
D. Customer billing complaints are investigated by the controller’s Posting of amounts from both the cash receipts journal and cash
office. payments journal
to the general ledger. [280] Gleim #: 3.3.49
C. Which one of the following situations represents an internal control
D. Recording of cash receipts and preparation of bank weakness in the
reconciliations. payroll department?
Answer (A) is incorrect. There is no conflict between writing off bad Payroll department personnel are rotated A. in their duties.
debts B. Paychecks are distributed by the employees’ immediate
(accounts receivable) and reconciling accounts payable, which are supervisor.
liabilities. C. Payroll records are reconciled with quarterly tax reports.
Answer (B) is incorrect. Distribution of payroll checks and approval D. The timekeeping function is independent of the payroll
of sales department.
returns are independent functions. People who perform such Answer (A) is incorrect. Periodic rotation of payroll personnel
disparate tasks are inhibits the
unlikely to be able to perpetrate and conceal a fraud. In fact, some perpetration and concealment of fraud.
organizations Answer (B) is correct. Paychecks should not be distributed by
use personnel from an independent function to distribute payroll supervisors
checks. because an unscrupulous person could terminate an employee and
Answer (C) is incorrect. Posting both ledgers would cause no fail to report the
conflict as long as termination. The supervisor could then clock in and out for the
the individual involved did not have access to the actual cash. If a employee and keep
person has the paycheck. A person unrelated to either payroll recordkeeping or
access to records but not the assets, no danger exists of the operating
embezzlement without department should distribute checks.
collusion. Answer (C) is incorrect. This analytical procedure may detect a
Answer (D) is correct. Recording of cash establishes accountability discrepancy.
for assets. Answer (D) is incorrect. Timekeeping should be independent of
The bank reconciliation compares that recorded accountability with asset custody
actual assets. and employee records.
The recording of cash receipts and preparation of bank [281] Gleim #: 3.3.50
reconciliations should Which of the following activities represents both an appropriate
therefore be performed by different individuals because the preparer human resources
of a department function and a deterrent to payroll fraud?
reconciliation could conceal a cash shortage. For example, if a A. Distribution of paychecks.
cashier both B. Authorization of overtime.
prepares the bank deposit and performs the reconciliation, (s)he C. Authorization of additions and deletions from the payroll.
could embezzle D. Collection and retention of unclaimed paychecks.
cash and conceal the theft by falsifying the reconciliation. Answer (A) is incorrect. The treasurer should perform the asset
Gleim CIA Test Prep: Part 1 - Internal Audit Basics custody function
(720 questions) regarding payroll.
Copyright 2013 Gleim Publications Inc. Page 151 Answer (B) is incorrect. Authorizing overtime is a responsibility of
Printed for Sanja Knezevic operating
management. subsequent receipts to conceal the theft. The effect is to overstate
Answer (C) is correct. The payroll department is responsible for receivables, but
assembling no difference between the control total and the total of subsidiary
payroll information (recordkeeping). The human resources amounts would
department is arise.
responsible for authorizing employee transactions, such as hiring, Answer (C) is incorrect. Aging does not involve accounting entries.
firing, and Answer (D) is incorrect. Interception of customer statements might
changes in pay rates and deductions. Segregating the recording and indicate
authorization fraudulent receivables but would not cause the subsidiary ledger
functions helps prevent fraud. discrepancy.
Answer (D) is incorrect. Unclaimed checks should be in the custody [283] Gleim #: 3.3.52
of the An internal auditor noted that several shipments were not billed. To
treasurer until they can be deposited in a special bank account. prevent recurrence
Gleim CIA Test Prep: Part 1 - Internal Audit Basics of such nonbilling, the organization should
(720 questions) Numerically sequence and independently account for all controlling
Copyright 2013 Gleim Publications Inc. Page 152 documents
Printed for Sanja Knezevic (such as packing slips and shipping orders) when sales journal
fb.com/ciaaofficial entries are
[282] Gleim #: 3.3.51 recorded.
An organization has computerized sales and cash receipts journals. A.
The computer B. Undertake a validity check with customers as to orders placed.
programs for these journals have been properly debugged. The Release product for shipment only on the basis of credit approval by
internal auditor the credit
discovered that the total of the accounts receivable subsidiary manager or other authorized person.
accounts differs C.
materially from the accounts receivable control account. This Undertake periodic tests of gross margin rates by product line and
discrepancy could obtain
indicate explanations of significant departures from planned rates.
Credit memoranda being improperly A. recorded. D.
B. Receivables being lapped. Answer (A) is correct. The sequential numbering of documents
C. Receivables not being properly aged. provides a
D. Statements being intercepted prior to mailing. standard control over transactions. The numerical sequence should
Answer (A) is correct. Sales returns and allowances require the be accounted
crediting of for by an independent party. A major objective is to detect
accounts receivable. Thus, the recording of unauthorized credit unrecorded and
memoranda is one unauthorized transactions.
explanation for the discrepancy if sales and cash receipts are Answer (B) is incorrect. This check would not prevent or detect
properly recorded. unrecorded and
Answer (B) is incorrect. Lapping entails the theft of cash receipts unauthorized transactions.
and the use of Answer (C) is incorrect. Credit approval does not ensure billing.
Answer (D) is incorrect. Testing gross margin rates is an analytical employees have a conflict of interest. The result may be excessive
procedure, not prices or
a preventive control. amounts, or poor quality of goods and services acquired.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Accordingly, additions to
(720 questions) the vendor file should be authorized at an appropriate level and not
Copyright 2013 Gleim Publications Inc. Page 153 by the buyers.
Printed for Sanja Knezevic Similarly, bidders’ lists should be approved by supervisory personnel.
[284] Gleim #: 3.3.53 Answer (B) is incorrect. The requirement of a written purchase order
A preliminary survey of the purchasing function indicates that approved by
Department managers initiate purchase requests that must be the plant superintendent is a satisfactory control to prevent
approved by the unnecessary purchases.
plant superintendent, Answer (C) is incorrect. Payment is not made without a receiving
Purchase orders are typed by the purchasing department using report.
prenumbered and Answer (D) is incorrect. Payment requests must be supported by an
controlled forms, approved
Buyers regularly update the official vendor listing as new sources of purchase order.
supply [285] Gleim #: 3.3.54
become known, Management is concerned with the potential for unauthorized
Rush orders can be placed with a vendor by telephone but must be changes in the payroll.
followed by a Which of the following is the proper organizational structure to
written purchase order before delivery can be accepted, and prevent such
Vendor invoice payment requests must be accompanied by a unauthorized changes?
purchase order and The payroll department maintains and authorizes all changes in the
receiving report. personnel
One possible fault of this system is that records.
Purchases could be made from a vendor controlled by a buyer at A.
prices higher than The payroll department is supervised by the management of the
normal. human resources
A. division.
Unnecessary supplies can be purchased by department B. B.
managers. The payroll department’s functions are limited to maintaining the
C. Payment can be made for supplies not received. payroll records,
Payment can be made for supplies received but not ordered by the distributing paychecks, and posting the payroll entries to the general
purchasing ledger.
department. C.
D. D. The personnel department authorizes the hiring and pay levels of
Answer (A) is correct. A risk exposure typical of the purchasing all employees.
function is that Gleim CIA Test Prep: Part 1 - Internal Audit Basics
purchases may be made from vendors with respect to whom buyers (720 questions)
or other Copyright 2013 Gleim Publications Inc. Page 154
Printed for Sanja Knezevic Answer (C) is incorrect. It is a part of the custodial function, which is
fb.com/ciaaofficial the primary
Answer (A) is incorrect. The personnel department should be responsibility of a cashier.
responsible for these Answer (D) is correct. The cashier is an assistant to the treasurer
functions. and thus
Answer (B) is incorrect. The payroll and personnel departments performs an asset custody function. Individuals with custodial
should be functions should
independent. not have access to the accounting records. If the cashier were
Answer (C) is incorrect. The payroll department should not post the allowed to post the
payroll entries to receipts to the accounts receivable subsidiary ledger, an opportunity
the general ledger or distribute the paychecks. These functions are for
the responsibility of embezzlement would arise that could be concealed by falsifying the
the accounting department and the treasurer’s office, respectively. books.
Answer (D) is correct. The payroll department is responsible for [287] Gleim #: 3.3.56
assembling payroll Which one of the following situations represents an internal control
information (recordkeeping). The personnel department is weakness in
responsible for authorizing accounts receivable?
and executing employee transactions such as hiring, firing, and A. Internal auditors confirm customer accounts periodically.
changes in pay rates B. Delinquent accounts are reviewed only by the sales manager.
and deductions. Segregating these functions helps prevent fraud. C. The cashier is denied access to customers’ records and monthly
Thus, the payroll for statements.
each period should be compared with the active employment files of D. Customers’ statements are mailed monthly by the accounts
the personnel receivable department.
department. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
[286] Gleim #: 3.3.55 (720 questions)
In a well-designed internal control structure in which the cashier Copyright 2013 Gleim Publications Inc. Page 155
receives remittances Printed for Sanja Knezevic
from the mail room, the cashier should not Answer (A) is incorrect. Periodic confirmation of accounts receivable
A. Endorse the checks. is an internal
B. Prepare the bank deposit slip. control strength.
C. Deposit remittances daily at a local bank. Answer (B) is correct. Internal control over accounts receivable
D. Post the receipts to the accounts receivable subsidiary ledger begins with a proper
cards. segregation of duties. Hence, the cashier, who performs an asset
Answer (A) is incorrect. It is a part of the custodial function, which is custody function,
the primary should not be involved in recordkeeping. Accounts should be
responsibility of a cashier. periodically confirmed
Answer (B) is incorrect. It is a part of the custodial function, which is by an auditor, and delinquent accounts should be reviewed by the
the primary head of accounts
responsibility of a cashier. receivable and the credit manager. Customer statements should be
mailed monthly by
the accounts receivable department without allowing access to the vendor’s invoice has been matched against the corresponding
statements by purchase order and
employees of the cashier’s department. The sales manager should receiving report. This procedure provides assurance that a valid
not be the only transaction has
person to review delinquent accounts because (s)he may have an occurred and that the parties have agreed on the terms, such as
interest in not price and quantity.
declaring an account uncollectible. [289] Gleim #: 3.3.58
Answer (C) is incorrect. An employee with asset-custody To control purchasing and accounts payable, an information system
responsibilities should not must include
have access to records for that asset. certain source documents. For a manufacturing organization, these
Answer (D) is incorrect. Monthly account statements give customers documents should
an opportunity to include
complain about incorrect billings or missing payments. A. Purchase orders, receiving reports, and vendor invoices.
[288] Gleim #: 3.3.57 B. Receiving reports and vendor invoices.
Which one of the following situations represents a strength of internal C. Purchase requisitions, purchase orders, receiving reports, and
control for vendor invoices.
purchasing and accounts payable? Purchase requisitions, purchase orders, inventory reports of goods
Prenumbered receiving reports are A. issued randomly. needed, and
B. Invoices are approved for payment by the purchasing department. vendor invoices.
C. Unmatched receiving reports are reviewed on an annual basis. D.
Vendors’ invoices are matched against purchase orders and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
receiving reports (720 questions)
before a liability is recorded. Copyright 2013 Gleim Publications Inc. Page 156
D. Printed for Sanja Knezevic
Answer (A) is incorrect. Prenumbered receiving reports should be fb.com/ciaaofficial
issued Answer (A) is incorrect. A purchase requisition is also needed.
sequentially. A gap in the sequence may indicate an erroneous or Answer (B) is incorrect. A purchase order and requisition are also
fraudulent necessary.
transaction. Answer (C) is correct. Before ordering an item, the purchasing
Answer (B) is incorrect. Invoices should not be approved by department should
purchasing. That is have on hand a purchase requisition reflecting an authorized request
the job of the accounts payable department. by a user
Answer (C) is incorrect. Annual review of unmatched receiving department. Before a voucher is prepared for paying an invoice, the
reports is too accounts payable
infrequent. More frequent attention is necessary to remedy department should have the purchase requisition, a purchase order
deficiencies in internal (to be certain the
control. items were indeed ordered), the vendor’s invoice, and a receiving
Answer (D) is correct. A voucher should not be prepared for report (to be certain
payment until the the items were received).
Answer (D) is incorrect. A receiving report is needed.
[290] Gleim #: 3.3.59 Answer (D) is incorrect. Consideration of the qualifications of
Auditors document their understanding of internal control with accounting
questionnaires, personnel is not a test of controls over the completeness of any
flowcharts, and narrative descriptions. A questionnaire consists of a cycle. This
series of questions procedure is appropriate during the consideration of the control
concerning controls that auditors consider necessary to prevent or environment.
detect errors and [291] Gleim #: 3.3.60
fraud. The most appropriate question designed to contribute to the The initiation of the purchase of materials and supplies would be the
auditors’ responsibility of
understanding of the completeness of the expenditure (purchases- the
payables) cycle A. Purchasing department.
concerns the B. Stores control department.
Internal verification of quantities, prices, and mathematical accuracy C. Inventory control department.
of sales D. Production department.
invoices. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
A. (720 questions)
Use and accountability of B. prenumbered checks. Copyright 2013 Gleim Publications Inc. Page 157
C. Disposition of cash receipts. Printed for Sanja Knezevic
D. Qualifications of accounting personnel. Answer (A) is incorrect. The purchasing department places orders
Answer (A) is incorrect. Determination of proper amounts of sales that have been
invoices initiated and authorized by others.
concerns the valuation assertion. Also, sales invoices are part of the Answer (B) is incorrect. The stores control department has custody
salesreceivables of materials; it
(revenue) cycle. does not maintain inventory records.
Answer (B) is correct. A completeness assertion concerns whether Answer (C) is correct. The inventory control department would be
all responsible for
transactions and accounts that should be presented in the financial initiating a purchase. It has access to the inventory records and
statements are would therefore know
so presented. The exclusive use of sequentially numbered when stocks were getting low.
documents facilitates Answer (D) is incorrect. The production department manufactures
control over expenditures. An unexplained gap in the sequence alerts goods and obtains
the auditor materials from stores control.
to the possibility that not all transactions have been recorded. A [292] Gleim #: 3.3.61
failure to use Multiple copies of the purchase order are prepared for recordkeeping
prenumbered checks would therefore suggest a higher assessment and distribution
of control risk. with a copy of the purchase order sent to the vendor and one
If a company uses prenumbered checks, it should be easy to retained by the
determine exactly purchasing department. In addition, for proper informational flow and
which checks were used during a period. internal control
Answer (C) is incorrect. Cash receipts are part of the revenue cycle. purposes, a version of the purchase order would be distributed to the
Accounts payable, receiving, and stores control A. departments. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Accounts payable, receiving, and inventory control departments. (720 questions)
C. Accounts payable, accounts receivable, and receiving Copyright 2013 Gleim Publications Inc. Page 158
departments. Printed for Sanja Knezevic
D. Accounts payable, receiving, and production planning fb.com/ciaaofficial
departments. Answer (A) is incorrect. Segregating timekeeping and payroll
Answer (A) is incorrect. The stores control department does not preparation is an
need to know effective control. It prevents one person from claiming that an
that a purchase has been initiated. employee worked
Answer (B) is correct. The accounts payable department should certain hours and then writing a check to that employee. Payment to
receive a copy of an absent or
the purchase order for internal control purposes to ensure that all fictitious employee would therefore require collusion between two
invoices paid are employees.
for properly authorized items. The receiving department should Answer (B) is incorrect. Personnel should be separate from payroll.
receive a copy The former
(with the quantity omitted to encourage an honest count) so that its authorizes the calculation of the payroll by the latter.
employees will Answer (C) is incorrect. Segregating paycheck preparation from
know that incoming shipments were authorized and should be distribution makes it
accepted. In more difficult for checks to be made out to fictitious employees.
addition, the department issuing the purchasing requisition (the Answer (D) is correct. Most companies have their payrolls prepared
inventory control by the same
department) should receive a copy as a notification that the order individuals who maintain the year-to-date records. There is no need
has been placed. for this
Answer (C) is incorrect. The accounts receivable department does segregation of functions because both duties involve recordkeeping.
not need a [294] Gleim #: 3.3.63
copy. If employee paychecks are distributed by hand to employees, which
Answer (D) is incorrect. The production planning department does one of the
not need a following departments should be responsible for the safekeeping of
copy. unclaimed
[293] Gleim #: 3.3.62 paychecks?
Organizational independence in the processing of payroll is achieved A. Payroll department.
by segregation of B. Timekeeping department.
functions that are built into the system. Which one of the following C. Production department in which the employee works or worked.
functional D. Cashier department.
segregations is not required for internal control purposes? Answer (A) is incorrect. The payroll department was responsible for
A. Segregation of timekeeping from payroll preparation. causing the
B. Segregation of personnel function from payroll preparation. check to be written.
C. Segregation of payroll preparation and paycheck distribution. Answer (B) is incorrect. The timekeeping department authorized
D. Segregation of payroll preparation and maintenance of year-to- payment based
date records. on a certain number of hours worked.
Answer (C) is incorrect. A production supervisor or fellow worker Answer (A) is incorrect. Ensuring that a sales order is for a
has an legitimate, creditworthy
opportunity to intercept the check of a fictitious or terminated customer is a function of the credit department.
employee. Answer (B) is incorrect. To maintain proper segregation of functions,
Answer (D) is correct. The responsibility for unclaimed paychecks goods should be
should be pulled by the storeroom department and shipped by the shipping
given to a department that has no opportunity to authorize or write department.
those checks. Answer (C) is incorrect. Invoice preparation and account updating
Because the treasury function serves only an asset custody function should be
and thus has performed by two different departments.
had no input into the paycheck process, it is the logical repository of Answer (D) is correct. Allowing a sales department employee to
unclaimed approve a credit
checks. memo without a receiving report would be unacceptably risky. Sales
[295] Gleim #: 3.3.64 personnel could
Organizational independence is required in the processing of overstate sales in one period and then reverse them in subsequent
customers’ orders in periods. Thus, a copy
order to maintain an internal control structure. Which one of the of the receiving report for returned goods should be sent to billing for
following situations is preparation of a
not a proper segregation of duties in the processing of orders from credit memo after approval by a responsible supervisor who is
customers? independent of sales.
A. Approval by credit department of a sales order prepared by the [296] Gleim #: 3.4.65
sales department. An organization’s directors, management, external auditors, and
Shipping of goods by the shipping department that have been internal auditors all
retrieved from stock play important roles in creating a proper control environment. Senior
by the finished goods storeroom department. management is
B. primarily responsible for
Invoice preparation by the billing department and posting to Establishing a proper organizational culture and specifying a system
customers’ accounts of internal
by the accounts receivable department. control.
C. A.
Approval of a sales credit memo because of a product return by the Designing and operating a control system that provides reasonable
sales assurance that
department with subsequent posting to the customer’s account by established objectives and goals will be achieved.
the accounts B.
receivable department. Ensuring that external and internal auditors adequately monitor the
D. control
Gleim CIA Test Prep: Part 1 - Internal Audit Basics environment.
(720 questions) C.
Copyright 2013 Gleim Publications Inc. Page 159 Implementing and monitoring controls designed by the D. board of
Printed for Sanja Knezevic directors.
Answer (A) is correct. Senior management is primarily responsible space for the next season’s products. Which of the following is a
for control deficiency in
establishing a proper organizational culture and specifying a system this situation?
of internal The store manager can require items to be removed, thus affecting
control. the potential
Answer (B) is incorrect. Senior management is not likely to be performance evaluation of individual product managers.
involved in the A.
detailed design and day-to-day operation of a control system. The product manager negotiates the purchase price and sets B. the
Answer (C) is incorrect. Management administers risk and control selling price.
processes. It Evaluating product managers by total gross profit generated by
cannot delegate this responsibility to the external auditors or to the product line will
internal audit lead to dysfunctional behavior.
activity. C.
Answer (D) is incorrect. The board has oversight governance D. There is no receiving function located at individual stores.
responsibilities but Answer (A) is incorrect. Goods are seasonal, and store space is
ordinarily does not become involved in the details of operations. limited. This is a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics constraint that is consistent with maximizing revenue and profitability
(720 questions) for the
Copyright 2013 Gleim Publications Inc. Page 160 organization.
Printed for Sanja Knezevic Answer (B) is incorrect. The product manager is evaluated based on
fb.com/ciaaofficial sales and
[297] Gleim #: 3.4.66 gross profit; thus, performing both of these duties is not a conflict.
The marketing department for a major retailer assigns separate Answer (C) is incorrect. Evaluating the product managers on gross
product managers for profit and
each product line. Product managers are responsible for ordering budgeted sales holds them accountable for profitability. This
products and approach is
determining retail pricing. Each product manager’s purchasing consistent with their authority over ordering and pricing.
budget is set by the Answer (D) is correct. The receiving function verifies that the goods
marketing manager. Products are delivered to a central distribution received are
center where goods those actually sent by the shipper. Without this function being
are segregated for distribution to the company’s 52 department performed at the
stores. Because store, goods could be lost, pilfered, or simply sent to the wrong store
receipts are recorded at the distribution center, the company does without it
not maintain a being discovered.
receiving function at each store. Product managers are evaluated on Gleim CIA Test Prep: Part 1 - Internal Audit Basics
a combination of (720 questions)
sales and gross profit generated from their product lines. Many Copyright 2013 Gleim Publications Inc. Page 161
products are seasonal Printed for Sanja Knezevic
and individual store managers can require that seasonal products be [298] Gleim #: 3.4.67
removed to make
The marketing department for a major retailer assigns separate would almost certainly result in misallocation. Thus, Item I is a valid
product managers for choice.
each product line. Product managers are responsible for ordering Item II is not a valid choice because the marketing manager asserts
products and his/her
determining retail pricing. Each product manager’s purchasing authority before an unwanted event has taken place. Item III is not a
budget is set by the valid choice
marketing manager. Products are delivered to a central distribution because product managers may be tempted to commit the company
center where goods to buy more
are segregated for distribution to the company’s 52 department product than it can finance. The marketing manager is in a position to
stores. Because coordinate
receipts are recorded at the distribution center, the company does these requests and reconcile them with the budget.
not maintain a Answer (B) is incorrect. The gross profit evaluation is effective in
receiving function at each store. Product managers are evaluated on evaluating
a combination of product managers, but it does not necessarily restrain excess
sales and gross profit generated from their product lines. Many spending.
products are seasonal Answer (C) is incorrect. Approval by the marketing manager is a
and individual store managers can require that seasonal products be preventive
removed to make control, which deters undesirable events from occurring. A detective
space for the next season’s products. Requests for purchases control
beyond those initially detects and corrects undesirable events that have occurred. Also, the
budgeted must be approved by the marketing manager. This gross profit
procedure evaluation is effective only in evaluating the manager.
Should provide for the most efficient allocation of scarce Answer (D) is incorrect. Approval by the marketing manager is a
organizational I. resources. preventive
II. Is a detective control procedure. control, which deters undesirable events from occurring. A detective
III. Is unnecessary because each product manager is evaluated on control
profit generated. detects and corrects undesirable events that have occurred. Also, the
A. I only. gross profit
B. III only. evaluation is effective only in evaluating the manager.
C. II and III only. [299] Gleim #: 3.4.68
D. I, II, and III. Which of the following would minimize defects in finished goods
Answer (A) is correct. The organization has two scarce resources to caused by poor
allocate: its quality raw materials?
purchasing budget and the space available in its retail stores. The A. Documented procedures for the proper handling of work-in-
marketing process inventory.
manager is high enough in the organization to coordinate this B. Required material specifications for all purchases.
allocation. Allowing C. Timely follow-up on all unfavorable usage variances.
individual product managers to approve their own requests to exceed D. Determination of the amount of spoilage at the end of the
budget manufacturing process.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
(720 questions) superintendent and implement the use of a special requisition to
Copyright 2013 Gleim Publications Inc. Page 162 issue small tools.
Printed for Sanja Knezevic A.
fb.com/ciaaofficial Initiate a full physical inventory of small tools B. on a monthly basis.
Answer (A) is incorrect. Documented procedures for handling work- Place supply of small tools in a secured area, install a key-access
in-process card system for
inventory do not ensure that materials are of sufficient quality. all employees, and record each key-access transaction on a report
Answer (B) is correct. A preventive control is required in this for the
situation, i.e., one that production superintendent.
ensures an unwanted event does not take place. The most cost- C.
effective way of Close the exit to the employee parking lot and require all plant
achieving the goal is to keep poor quality raw materials from entering employees to use a
the warehouse to doorway by the receiving dock that also provides access to the plant
begin with. Of the controls listed, only required specifications will employees’
accomplish this. parking area.
Answer (C) is incorrect. Follow-up on unfavorable usage variances D.
may lead to Answer (A) is correct. Minimizing the loss of assets requires a
detection and correction of use of substandard materials but does preventive
not prevent or control. Giving responsibility for custody of small tools to one
minimize defects in products already processed. individual
Answer (D) is incorrect. Determination of spoilage after raw establishes accountability. Requiring that requisitions be submitted
materials have been used ensures that
in production is not a preventive control. their use is properly authorized.
[300] Gleim #: 3.4.69 Answer (B) is incorrect. A full physical inventory of small tools on a
An internal auditor notes year-to-year increases for small tool monthly
expense at a basis is a periodic, detective control that is effective only in
manufacturing facility that has produced the same amount of determining the
identical product for the amount of losses.
last 3 years. Production inventory is kept in a controlled staging area Answer (C) is incorrect. Placing small tools in a secured area,
adjacent to the installing a keyaccess
receiving dock, but the supply of small tools is kept in an system, and recording access transactions are preventive and
unsupervised area near the detective
exit to the plant employees’ parking lot. After determining that all of controls but do not record the amount of tools removed from the
the following inventory.
alternatives are equal in cost and are also feasible for local Answer (D) is incorrect. Closing the exit to the employee parking lot
management, the internal does not
auditor would best address the security issue by recommending that limit access to the small tools inventory.
plant management Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Move the small tools inventory to the custody of the production (720 questions)
inventory staging Copyright 2013 Gleim Publications Inc. Page 163
Printed for Sanja Knezevic All research and development costs are charged to expense in
[301] Gleim #: 3.4.70 accordance with the
Which of the following control procedures does an internal auditor applicable accounting principles.
expect to find C.
during an engagement to evaluate risk management and insurance? The research and development budget is properly allocated between
Periodic internal review of the in-force list to evaluate the adequacy new products,
of insurance product maintenance, and cost reduction programs.
coverage. D.
A. Answer (A) is incorrect. Only the human resources department
Required approval of all new insurance policies by the B. should be
organization’s CEO. responsible for hiring. A department responsible for recordkeeping
C. Policy of repetitive standard journal entries to record insurance (e.g., payroll)
expense. should not authorize transactions.
D. Cutoff procedures with regard to insurance expense reporting. Answer (B) is incorrect. Reviewing monetary amounts is a financial
Answer (A) is correct. Obtaining insurance and periodically control.
reviewing its Answer (C) is incorrect. Expensing R&D costs is an accounting
adequacy are among management’s responses to the findings of a treatment rather
risk assessment. than a control.
Insurance coverage should be sufficient to ensure that the relevant Answer (D) is correct. Operating controls are those applicable to
assessed risks production and
are managed in accordance with the organization’s risk appetite. support activities. Because they may lack established criteria or
Answer (B) is incorrect. CEO approval is an operational decision standards, they
ordinarily should be based on management principles and methods. The
delegated to a lower level manager. appropriate
Answer (C) is incorrect. A policy concerning standard journal entries allocation of R&D costs to new products, product maintenance, and
is an cost reduction
accounting control, not a risk management and insurance control. programs is an example. This is in contrast to the expensing of R&D
Answer (D) is incorrect. Cutoff procedures with regard to insurance costs, which
expense is required by the rules of external financial reporting.
reporting are an accounting control, not a risk management and Gleim CIA Test Prep: Part 1 - Internal Audit Basics
insurance control. (720 questions)
[302] Gleim #: 3.4.71 Copyright 2013 Gleim Publications Inc. Page 164
Which of the following is an operating control for a research and Printed for Sanja Knezevic
development fb.com/ciaaofficial
department? [303] Gleim #: 3.4.72
A. Research and development personnel are hired by the payroll Obsolete or scrap materials are charged to a predefined project
department. number. The materials
B. Research and development expenditures are reviewed by an are segregated into specified bin locations and eventually
independent person. transported to a public
auction for sale. To reduce the risks associated with this process, an are sold. It also may be less effective than an auction for obtaining
organization the best price.
should employ which of the following procedures? Specifying that a commission be paid to the auction firm creates an
Require managerial approval for materials to be declared I. scrap or incentive to
obsolete. maximize the organization’s return.
II. Permit employees to purchase obsolete or scrap materials prior to Gleim CIA Test Prep: Part 1 - Internal Audit Basics
auction. (720 questions)
III. Limit obsolete or scrap materials sales to a pre-approved buyer. Copyright 2013 Gleim Publications Inc. Page 165
IV. Specify that a fixed fee, rather than a commission, be paid to the Printed for Sanja Knezevic
auction firm. [304] Gleim #: 3.4.73
A. II and III. While performing analytical procedures related to an engagement
B. I only. involving a social
C. II and IV. services agency of a government entity, the internal auditor noted an
D. I, III, and IV. unusually large
Answer (A) is incorrect. Permitting employees to purchase obsolete increase in payments to individual recipients who are under the
or scrap direction of a
materials prior to auction provides even more incentive for particular social worker in the agency. The internal auditor is
misappropriation. considering making a
Limiting obsolete or scrap materials sales to a pre-approved buyer recommendation about appropriate controls to address a potential
does not problem of fictitious
mitigate the risk of misappropriation before the materials are sold. recipients. The internal auditor has identified the following control
Moreover, procedures as
these procedures may be less effective than an auction for obtaining potential items to include in the recommendation.
the best price. Require that all additions to the recipient file be independently
Answer (B) is correct. A preventive control is needed. Management investigated and
approval for approved by a supervisor of the social workers.
materials to be declared scrap or obsolete reduces the risk of I.
misappropriation. Require the use of self-checking digits on the account numbers of all
Otherwise, materials may be more easily misclassified. recipients so
Answer (C) is incorrect. Permitting employees to purchase obsolete that any duplicates will be immediately noted by the system.
or scrap II.
materials prior to auction provides even more incentive for Incorporate a code into the computer program to search for duplicate
misappropriation. names and
Specifying that a commission be paid to the auction firm creates an addresses. Develop an exception report that will go to the section
incentive to supervisor
maximize the organization’s return. whenever duplicates are noted.
Answer (D) is incorrect. Limiting obsolete or scrap materials sales to III.
a preapproved Require that social workers be rotated IV. among recipients.
buyer does not mitigate the risk of misappropriation before the Which of the following control combinations would effectively address
materials the internal
auditor’s concerns and improve control over valid recipients? account numbers are not the risk in this situation. The appropriate
A. I, II, III, and IV. controls prevent
B. I, II, and III. or detect payments to nonexistent recipients that are sent to actual
C. I and IV. addresses under
D. I, III, and IV. the social worker’s control.
Answer (A) is incorrect. Duplicate recipient account numbers are not Gleim CIA Test Prep: Part 1 - Internal Audit Basics
the risk in (720 questions)
this situation. The appropriate controls prevent or detect payments to Copyright 2013 Gleim Publications Inc. Page 166
nonexistent Printed for Sanja Knezevic
recipients that are sent to actual addresses under the social worker’s fb.com/ciaaofficial
control. [305] Gleim #: 3.4.74
Answer (B) is incorrect. Duplicate recipient account numbers are not The most appropriate method to prevent fraud or theft during the
the risk in frequent movement
this situation. The appropriate controls prevent or detect payments to of trailers loaded with valuable metal scrap from the manufacturing
nonexistent plant to the
recipients that are sent to actual addresses under the social worker’s organization’s scrap yard about 10 miles away would be to
control. Perform complete physical inventory of the scrap trailers before
However, rotating social workers among recipients may prevent or leaving the plant
detect fraud. and upon arrival at the scrap yard.
Answer (C) is incorrect. A programmed control that searches for and A.
reports Require existing security guards to log the time of plant departure
exceptions (e.g., duplicate names and addresses) detects payments and scrap yard
to multiple arrival. The elapsed time should be reviewed by a supervisor for
recipients at a single or a few addresses. fraud.
Answer (D) is correct. A supervisory review of all additions to the B.
recipient file is Use armed guards to escort the movement of the trailers from the
a detective control that alerts management to nonexistent recipients. plant to the
Once it scrap yard.
becomes widely understood that this review will always be C.
performed, it becomes Contract with an independent hauler for the D. removal of scrap.
a preventive control. A programmed control that searches for and Answer (A) is incorrect. Performing a complete physical inventory of
reports the scrap at
exceptions (e.g., duplicate names and addresses) detects payments both locations would not be economically feasible.
to multiple Answer (B) is correct. Having the security guards record the times of
recipients at a single or a few addresses. Rotating social workers departure
among recipients and arrival is a cost-effective detective control because it entails no
may prevent or detect fraud. The probability of detection is greater additional
when the expenditures. Comparing the time elapsed with the standard time
wrongdoer’s opportunity to conceal fraud is reduced. However, allowed and
duplicate recipient
investigating material variances may detect a diversion of part of the vehicles at a secure location and restricting access establishes
scrap. accountability by
Answer (C) is incorrect. Hiring armed guards to escort the scrap the custodian and allows for proper authorization of their use.
trailers is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
unlikely to be cost-effective unless the scrap is extremely valuable. (720 questions)
Logging Copyright 2013 Gleim Publications Inc. Page 167
departures and arrivals will be sufficient in most cases. Printed for Sanja Knezevic
Answer (D) is incorrect. Using an independent hauler would provide [307] Gleim #: 3.4.76
no Which of the following controls could be used to detect bank deposits
additional assurance of prevention or detection of wrongdoing. that are
[306] Gleim #: 3.4.75 recorded but never made?
A utility with a large investment in repair vehicles would most likely Establishing accountability for receipts at the earliest A. possible
implement which time.
internal control to reduce the risk of vehicle theft or loss? Linking receipts to other internal accountabilities, for example,
A. Review insurance coverage for adequacy. collections to
B. Systematically account for all repair work orders. either accounts receivable or sales.
Physically inventory vehicles and reconcile the results with the B.
accounting C. Consolidating cash receiving points.
records. D. Having bank reconciliations performed by a third party.
C. Answer (A) is incorrect. Early establishment of accountability will not
Maintain vehicles in a secured location with release and return help
subject to approval detect bank deposits recorded on the books but not deposited in the
by a custodian. bank.
D. Answer (B) is incorrect. The issue is not accountability for receipts
Answer (A) is incorrect. Insurance provides for indemnification if but detection
loss or theft of failure to make deposits.
occurs. It thus reduces financial exposure but does not prevent the Answer (C) is incorrect. The number of receiving points does not
actual loss or impact the
theft. failure to make recorded deposits.
Answer (B) is incorrect. An internal control designed to ensure Answer (D) is correct. Having an independent third party prepare the
control over bank
repair work performed has no bearing on the risk of loss. reconciliations would reveal any discrepancies between recorded
Answer (C) is incorrect. Taking an inventory is a detective, not a deposits and the
preventive, bank statements. A bank reconciliation compares the bank statement
control. with
Answer (D) is correct. Physical safeguarding of assets is enacted organization records and resolves differences caused by deposits in
through the use transit,
of preventive controls that reduce the likelihood of theft or other loss. outstanding checks, NSF checks, bank charges, errors, etc.
Keeping the [308] Gleim #: 3.4.77
To minimize the risk that agents in the purchasing department will Management can best strengthen internal control over the custody of
use their positions inventory stored
for personal gain, the organization should in an off-site warehouse by implementing
A. Rotate purchasing agent assignments periodically. Reconciliations of transfer slips to/from the warehouse with A.
B. Request internal auditors to confirm selected purchases and inventory records.
accounts payable. B. Increases in insurance coverage.
C. Specify that all items purchased must pass value-per-unit-of-cost C. Regular reconciliation of physical inventories to accounting
reviews. records.
Direct the purchasing department to maintain records on purchase D. Regular confirmation of the amount on hand with the custodian of
prices paid, the warehouse.
with review of such being required each 6 months. Answer (A) is incorrect. A control over the movement of inventory to
D. and from
Answer (A) is correct. The risk of favoritism is increased when the warehouse provides no assurance over the custody of the
buyers have longterm inventory while in
relationships with specific vendors. Periodic rotation of buyer the warehouse.
assignments Answer (B) is incorrect. Increasing insurance coverage helps
will limit the opportunity to show favoritism. This risk is also reduced protect the
if buyers organization against losses but does not strengthen internal control
are required to take vacations. over the
Answer (B) is incorrect. Confirmation does not enable internal custody of inventory.
auditors to detect Answer (C) is correct. A detective control that will reveal, on a
inappropriate benefits received by purchasing agents or deter long- regular basis, any
term discrepancies between the inventory records and the actual
relationships. inventory on hand is
Answer (C) is incorrect. Value-per-unit-of-cost reviews could be needed. Periodic comparison of the recorded accountability for
helpful in inventory with the
ensuring a certain level of value received for price paid but do not actual physical inventory will accomplish this.
directly focus Answer (D) is incorrect. Confirming with the custodian the amount of
on receipt of inappropriate benefits by purchasing agents. inventory
Answer (D) is incorrect. Review of records every 6 months does not on hand does not verify that the inventory is actually at the
enable the warehouse.
organization to detect receipt of inappropriate benefits by an agent or [310] Gleim #: 3.4.79
deter When a supplier of office products is unable to fill an order
relationships that could lead to such activity. completely, it marks the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics out-of-stock items as back ordered on the customer’s order and
(720 questions) enters these items in a
Copyright 2013 Gleim Publications Inc. Page 168 back order file that management can view or print. Customers are
Printed for Sanja Knezevic becoming
fb.com/ciaaofficial disgruntled with the supplier because it seems unable to keep track
[309] Gleim #: 3.4.78 of and ship out-ofstock
items as soon as they are available. The best approach for ensuring [311] Gleim #: 3.4.80
prompt Which of the following observations by an auditor is most likely to
delivery of out-of-stock items is to indicate the
A. Match the back order file to goods received daily. existence of control weaknesses over safeguarding of assets?
Increase inventory levels to minimize the number of times that out-of- A service department’s location is not well suited to allow adequate
stock service to
conditions occur. other units.
B. I.
Implement electronic data interchange with supply vendors to Employees hired for sensitive positions are not subjected to II.
decrease the time to background checks.
replenish inventory. Managers do not have access to reports that profile overall
C. performance in relation
Reconcile the sum of filled and back orders with the total of all orders to other benchmarked organizations.
placed III.
daily. Management has not taken corrective action to resolve past
D. engagement
Answer (A) is correct. A directive control is appropriate, i.e., one observations related to inventory controls.
designed to IV.
cause or encourage the occurrence of a desirable event. Matching A. I and II only.
the back order B. I and IV only.
file with goods received daily is the surest way of facilitating prompt C. II and III only.
delivery of D. II and IV only.
out-of-stock items. Answer (A) is incorrect. A service department’s location concerns
Answer (B) is incorrect. An increase in inventory minimizes out-of- achieving
stock organizational objectives, not safeguarding of assets.
conditions but has no effect on tracking and shipping goods as soon Answer (B) is incorrect. A service department’s location concerns
as they are achieving
available. organizational objectives, not safeguarding of assets. But failure to
Answer (C) is incorrect. More efficient replenishment of its own do background
inventory has no checks is a control weakness related to asset security.
effect on tracking and shipping goods as soon as they are available. Answer (C) is incorrect. Managers not having access to reports
Answer (D) is incorrect. Reconciling the sum of filled and back profiling overall
orders with the performance concerns achieving organizational objectives.
total of all orders placed daily ensures that orders were either filled or Answer (D) is correct. Internal auditors evaluate risk exposures and
back the adequacy
ordered but will not affect delivery of the items that are out of stock. and effectiveness of controls relating to, among other things,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics safeguarding of
(720 questions) assets (Perf. Std. 2130.A1). Lack of background checks for
Copyright 2013 Gleim Publications Inc. Page 169 employees hired for
Printed for Sanja Knezevic
sensitive positions and failure to take corrective action on past Answer (C) is correct. The risk of favoritism is increased when
engagement buyers have long-term
observations relating to safeguarding of assets are red flags relationships with specific vendors. Periodic rotation of buyer
signifying control assignments will limit
weaknesses. Regular reference and background checks, integrity the opportunity for any buyer to show favoritism to a particular
tests, and drug supplier.
screening are hiring procedures that may be part of an effective Answer (D) is incorrect. The number of orders placed is not relevant
ethical culture. to preventing
Furthermore, internal auditors follow up on engagement results to favoritism.
determine what [313] Gleim #: 3.4.82
corrective actions have been taken or whether management or the Appropriate internal control for a multinational corporation’s branch
board has office that has a
assumed the risk of not taking action. If the CAE believes the risk monetary transfer unit requires that
assumed may The individual who initiates wire transfers not reconcile A. the bank
be unacceptable to the organization, (s)he must discuss the matter statement.
with senior B. The branch manager receive all wire transfers.
management and the board (Perf. Stds. 2500.A1 and 2600). C. Foreign currency rates be computed separately by two different
[312] Gleim #: 3.4.81 employees.
A control likely to prevent purchasing agents from favoring specific D. Corporate management approve the hiring of monetary transfer
suppliers is unit employees.
Requiring management’s review of a monthly report of the totals Answer (A) is correct. A control is any action taken by management
spent by each to enhance
buyer. the likelihood that established goals and objectives will be achieved.
A. Controls
B. Requiring buyers to adhere to detailed material specifications. include segregation of duties to reduce the risk that any person may
C. Rotating buyer assignments periodically. be able to
D. Monitoring the number of orders placed by each buyer. perpetrate and conceal errors or fraud in the normal course of his/her
Gleim CIA Test Prep: Part 1 - Internal Audit Basics duties.
(720 questions) Different persons should authorize transactions, record transactions,
Copyright 2013 Gleim Publications Inc. Page 170 and maintain
Printed for Sanja Knezevic custody of the assets associated with the transaction. Independent
fb.com/ciaaofficial reconciliation of
Answer (A) is incorrect. Requiring review of a monthly report of the bank accounts is necessary for good internal control.
totals spent by Answer (B) is incorrect. Having the branch manager receive all wire
each buyer does not enable the organization to detect receipt of transfers is
inappropriate benefits not an important internal control consideration.
by an agent or deter relationships that could lead to such activity. Answer (C) is incorrect. Foreign currency translation rates are
Answer (B) is incorrect. Detailed material specifications will not verified, not
prevent buyer computed. Having two employees in the same department perform
favoritism in placing orders. the same task
will not significantly enhance internal control. Require all submitted claims to be accompanied by a signed
Answer (D) is incorrect. Corporate management approval of hiring statement by the
monetary dentist testifying that the claimed procedures were performed.
transfer unit employees is not an important internal control B.
consideration. Send confirmations to the dentists requesting them to confirm the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics exact nature of
(720 questions) the claims submitted to the healthcare processor.
Copyright 2013 Gleim Publications Inc. Page 171 C.
Printed for Sanja Knezevic Develop an integrated test facility and submit false claims to verify
[314] Gleim #: 3.4.83 that the system
An internal auditor is assigned to perform an engagement to evaluate is detecting such claims on a consistent basis.
the D.
organization’s insurance program, including the appropriateness of Answer (A) is correct. Under this detective control, unusual claims
the approach to could be
minimizing risks. The organization self-insures against large casualty identified and followed up to determine if they are legitimate. This
losses and health control is a
benefits provided for all its employees. The organization is a large type of IT input control known as a reasonableness test.
national firm with Answer (B) is incorrect. Requiring a signed statement does not
over 15,000 employees located in various parts of the country. It prevent the
uses an outside dentist from filing a false claim.
claims processor to administer its healthcare program. The Answer (C) is incorrect. Sending confirmations to the dentists does
organization’s medical not prevent
costs have been rising by approximately 8% per year for the past 5 the filing of false claims or a false response to the confirmation.
years, and Answer (D) is incorrect. An integrated test facility would only provide
management is concerned with controlling these costs. The information about the correctness of the processing of the claim or a
healthcare processor false
wishes to implement controls that would help prevent fraud by response to the confirmation, not on the propriety of the claim.
dentists who are [315] Gleim #: 3.4.84
submitting billings for services not provided. Assume further that all An internal auditor is reviewing the organization’s policy regarding
the claims are investing in
submitted electronically to the healthcare processor. Which of the financial derivatives. The internal auditor normally expects to find all
following control of the following
procedures would be the most effective? in the policy except
Develop a program that identifies procedures performed on an A statement indicating whether derivatives are to be used for hedging
individual in or
excess of expectations based on the age of the employee, whether a speculative purposes.
similar A.
procedure was performed recently, or the average cost per claim. A specific authorization limit for the amount and types of derivatives
A. that can be
used by the organization.
B. D.
A specific limit on the amount authorized for C. any single trader. Answer (A) is correct. A lockbox system expedites receipt of funds
A statement requiring board review of each transaction because of and provides
the risk effective control over cash receipts. Donors send their payments to
involved in such transactions. mailboxes,
D. often in numerous locations, that are checked by a bank several
Gleim CIA Test Prep: Part 1 - Internal Audit Basics times a day.
(720 questions) Hence, payments are deposited before being processed by the
Copyright 2013 Gleim Publications Inc. Page 172 organization’s
Printed for Sanja Knezevic accounting system.
fb.com/ciaaofficial Answer (B) is incorrect. The flaw in this procedure is that it focuses
Answer (A) is incorrect. A policy specifying whether derivatives are only on
to be used for deposits that were made. The concern is with cash receipts that were
hedging or speculating is a crucial directive control. not
Answer (B) is incorrect. A policy specifying the authorization limits deposited.
for derivatives is Answer (C) is incorrect. An individual may deposit a check to a
an appropriate directive control. similarly named
Answer (C) is incorrect. A policy specifying the authorization limits organization.
for derivatives is Answer (D) is incorrect. The same person should not be responsible
an appropriate directive control. for the cash
Answer (D) is correct. A policy requiring board review of every receipts and the confirmations. The person could confirm receipts
derivatives even if they
transaction is cost ineffective. Management is responsible for daily were diverted.
operations and is [317] Gleim #: 3.4.86
expected to conform to the policies of the board. A rental car agency’s fleet maintenance division uses a different code
[316] Gleim #: 3.4.85 for each type of
Which of the following control procedures provides the greatest inventory transaction. A daily summary report lists activity by part
assurance that all number and
donations to a not-for-profit organization are immediately deposited transaction code. The report is reconciled by the parts room
to the supervisor to the day’s
organization’s account? material request forms and is then forwarded to the fleet manager for
Use a lockbox to receive A. all donations. approval. The
Perform periodic reviews of the organization’s cash receipts by reconciliation of the summary report to the day’s material request
tracing deposits to forms by the parts
the original posting in the cash receipts records. room supervisor
B. A. Verifies that all material request forms were approved.
C. Require that all donations be made by check. Provides documentation as to what material was available for a
Require issuance of a confirmation receipt to all donors, with the specific
receipt issued by transaction.
the person who opens and deposits the cash receipts. B.
C. Confirms that all material request forms are entered for all parts Answer (B) is incorrect. The dirt removed would not have been
issued. received by the
D. Ensures the accuracy and completeness of data input. organization. Hence, no receiving reports would have existed.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. This comparison would not have detected
(720 questions) the specific
Copyright 2013 Gleim Publications Inc. Page 173 reason for a variance.
Printed for Sanja Knezevic Answer (D) is incorrect. The problem was not a mathematical error
Answer (A) is incorrect. This reconciliation would not necessarily but an
include a review of erroneous basis for payment.
authorizations. [319] Gleim #: 3.4.88
Answer (B) is incorrect. The material available for a specific During an engagement involving a purchasing department, an
transaction is not part of internal auditor
the reconciliation. discovered that many purchases were made (at normal prices) from
Answer (C) is incorrect. Not all request forms may have been an office supplier
submitted. whose owner was the brother of the director of purchasing. Controls
Answer (D) is correct. This reconciliation is an input control to verify were in place to
that data entry restrict such purchases and no fraud appears to have been
is accurate and complete. The parts requested should be consistent committed. In this case, the
with the parts used internal auditor should recommend
in the maintenance activities. Unexplained variances should be The development of an approved-vendor file initiated by the buyer
investigated. and approved
[318] Gleim #: 3.4.87 by the director of purchasing.
During an engagement involving a construction contract, the internal A.
auditor B. Establishment of a price policy (range) for all goods.
discovered that the contractor was being paid for each ton of dirt C. The initiation of a conflict-of-interest policy.
removed. The D. The inspection of all receipts by receiving inspectors.
contract called for payment based on cubic yards removed. Which Gleim CIA Test Prep: Part 1 - Internal Audit Basics
internal control (720 questions)
might have prevented this error? Copyright 2013 Gleim Publications Inc. Page 174
Comparison of invoices with purchase orders A. or contracts. Printed for Sanja Knezevic
B. Comparison of invoices with receiving reports. fb.com/ciaaofficial
C. Comparison of actual costs with budgeted costs. Answer (A) is incorrect. An approved-vendor file approved by the
D. Extension checks of invoice amounts. director would not
Answer (A) is correct. This detective control would have revealed prevent a conflict of interest.
that the Answer (B) is incorrect. Price is not a factor when dealing with
contractor’s invoice used a unit of measure different from that in the conflicts of interest.
contract. Answer (C) is correct. A policy is one means of achieving control. It
Thus, the basis of payment was not what was called for in this unit- is a general guide
price contract. to and limit on action that should be clearly stated in writing and
systematically
communicated to appropriate parties. A conflict-of-interest policy by the affected operational unit of the organization of any basis for a
should contain claim.
directives that restrict business dealings with relatives unless Prompt reporting is required to permit the insurer to take whatever
otherwise disclosed to steps it may
and approved by senior management. deem necessary to reduce the ultimate compensable loss. The
Answer (D) is incorrect. The inspection of all receipts by receiving insurance function
inspectors is an then cooperates with the operational unit to document and formally
appropriate receiving control that does not pertain to this situation. submit the
[320] Gleim #: 3.4.89 claim to the carrier. Subsequently, the insurance function will be
Which of the following policies and procedures is consistent with involved in any
effective required review of the claim and negotiation of a settlement.
administration of the insurance function? Answer (D) is incorrect. Prudence dictates that other factors, e.g.,
Billings for insurance coverage are received and payments disbursed the financial
by the resources of the carrier and the fairness and efficiency of claims
insurance manager. handling, be
A. considered in addition to rates.
Policy coverages are adjusted each year by applying a price index to Gleim CIA Test Prep: Part 1 - Internal Audit Basics
previous year (720 questions)
coverages. Copyright 2013 Gleim Publications Inc. Page 175
B. Printed for Sanja Knezevic
Final settlements are negotiated after claims are developed C. and [321] Gleim #: 3.4.90
submitted. A recent inventory shortage at XYZ Corp., an unaffiliated supplier,
Policies are always placed with the carrier that offers the lowest rate contributed to
for a production failures at OPS Corp. in the current period. To avoid
specified level of coverage. future production
D. failures because of supplier inventory shortages, the most
Answer (A) is incorrect. The manager has too many responsibilities; appropriate method is for
there is no OPS to
separation of duties. The receipt of billings and the disbursement of Establish an inventory control A. framework at XYZ.
payments B. Increase the size of orders.
should be done by different people. C. Produce the inventory items instead of purchasing from suppliers.
Answer (B) is incorrect. While policy coverages should be D. Inform XYZ about its risk appetite regarding supply failures.
systematically Answer (A) is incorrect. OPS has no authority to establish an
evaluated each year to assure appropriate coverage, mere inventory control
adjustment for inflation framework at XYZ.
is not adequate to determine the degree of risk that should be Answer (B) is incorrect. Increasing order size does not address the
insured. cause of
Answer (C) is correct. The claims handling process begins with supplier failures.
prompt reporting Answer (C) is incorrect. Although in-house production will eliminate
the external
parties, it may not be the most cost-effective method. The external Answer (D) is incorrect. Use of sales department vehicles by only
party may have sales personnel
cost advantages the organization does not. is appropriate.
Answer (D) is correct. The risk appetite is the level of risk that an Gleim CIA Test Prep: Part 1 - Internal Audit Basics
organization is (720 questions)
willing to accept (The IIA Glossary). Thus, communicating about the Copyright 2013 Gleim Publications Inc. Page 176
risk appetite Printed for Sanja Knezevic
with external parties is an important aspect of risk management. It fb.com/ciaaofficial
allows the [323] Gleim #: 3.4.92
organization to develop strategies to work with suppliers who may An employee should not be able to visit the organization’s safe
have different deposit box containing
objectives. investment securities without being accompanied by another
[322] Gleim #: 3.4.91 employee. What would
A system of internal control includes physical controls over access to be a possible consequence of an employee’s being able to visit the
and use of assets safe deposit box
and records. A departure from the purpose of such procedures is that unaccompanied?
A. Access to the safe-deposit box requires two officers. The employee could pledge organizational investments as security
Only storeroom personnel and line supervisors have access to the for a short-term
raw materials personal bank loan.
storeroom. A.
B. The employee could steal securities and the theft would never B. be
C. The mailroom compiles a list of the checks received in the discovered.
incoming mail. C. It would be impossible to obtain a fidelity bond on the employee.
D. Only salespersons and sales supervisors use sales department There would be no record of when organizational personnel visited
vehicles. the safe
Answer (A) is incorrect. It is appropriate for two officers to be deposit box.
required to open D.
the safe-deposit box. One supervises the other. Answer (A) is correct. The bank should maintain a record, which can
Answer (B) is correct. Storeroom personnel have custody of assets, be
and inspected by organizational personnel, of all safe deposit box visits.
supervisors are in charge of execution functions. To give supervisors Access should
access to the be limited to authorized officers. Organizations typically require the
raw materials storeroom is a violation of the essential internal control presence of
principle of two authorized persons for access to the box. This precaution
segregation of functions. provides
Answer (C) is incorrect. The mailroom typically compiles a prelisting supervisory control over, for example, the temporary removal of the
of cash. securities to
The list is sent to the accountant as a control for actual cash sent to serve as a pledge for a loan (hypothecation of securities).
the cashier. Answer (B) is incorrect. An engagement involving investment
securities would
eventually uncover an outright theft assuming no alteration of the be posted. It should then be compared with the total of items posted
asset records. to the
Answer (C) is incorrect. Obtaining a fidelity bond is contingent upon individual accounts.
the Answer (D) is incorrect. These controls will not detect an initial
character of the employee, not the presence of a specific control. misposting. The
Answer (D) is incorrect. The bank maintains a record of visits. statements and the reconciliation are based on the misposted
[324] Gleim #: 3.4.93 records.
One of two office clerks in a small organization prepares a sales Gleim CIA Test Prep: Part 1 - Internal Audit Basics
invoice; however, the (720 questions)
invoice is incorrectly entered by the bookkeeper in the general ledger Copyright 2013 Gleim Publications Inc. Page 177
and the accounts Printed for Sanja Knezevic
receivable subsidiary ledger for a smaller amount resulting from a [325] Gleim #: 3.4.94
transposition of Which of the following aspects of the administration of a
digits. The customer subsequently remits the amount on the monthly compensation program is the
statement. most important control in the long run?
Assuming only three employees are in the department, the most An informal wage and salary policy to be competitive with the A.
effective control to industry average.
prevent this type of error is B. A plan of job classifications based on predefined evaluation
Assigning the second office clerk to make an independent check of criteria.
prices, C. A wage and salary review plan for individual employee
discounts, extensions, footings, and invoice serial numbers. compensation.
A. D. A level of general compensation that is reasonably competitive.
Requiring that monthly statements be prepared by the bookkeeper Answer (A) is incorrect. A vague policy would contribute little if
and verified by anything to the
one of the other office clerks prior to mailing. fair administration of compensation programs.
B. Answer (B) is correct. Job classifications and grades are established
C. Using predetermined totals to control posting routines. during the
Requiring the bookkeeper to perform periodic reconciliations of the job analysis phase and the general level of compensation in the
accounts community and in
receivable subsidiary ledger and the general ledger. the industry must be determined. Compensation is then fixed based
D. on the plan of
Answer (A) is incorrect. The misposting was an error that occurred job classifications, usually within a range for each grade. A range is
subsequent to necessary to
this step. allow for flexibility. Compensation should be low enough to avoid
Answer (B) is incorrect. These controls will not detect an initial excess cost
misposting. The and to permit competitive pricing but high enough to attract needed
statements and the reconciliation are based on the misposted personnel.
records. Answer (C) is incorrect. A plan for reviewing individual
Answer (C) is correct. A control total should be generated for the compensation
transactions to presupposes a classification plan.
Answer (D) is incorrect. Reasonably competitive compensation is One control objective of the financing/treasury cycle is the proper
predicated on a authorization of
classification plan. transactions involving debt and equity instruments. Which of the
[326] Gleim #: 3.4.95 following controls
To minimize potential financial losses associated with physical would best meet this objective?
assets, the assets Segregation of responsibility for custody of funds from recording of
should be insured in an amount that is the
A. Supported by periodic appraisals. transaction.
B. Determined by the board of directors. A.
Automatically adjusted by an economic indicator such as the Written policies requiring review of major funding/repayment
consumer price proposals by the
index. board.
C. B.
D. Equal to the book value of the individual assets. Use of an underwriter in all cases of new issue of debt or C. equity
Answer (A) is correct. Based on the results of the risk assessment, instruments.
the internal D. Requiring two signatures on all checks of a material amount.
audit activity should evaluate the adequacy and effectiveness of Answer (A) is incorrect. Segregation of responsibility for custody of
controls funds from
encompassing the organization’s governance, operations, and recording of the transaction concerns the objective of safeguarding of
information assets, not
systems. This should include, among other things, safeguarding of authorization.
assets (Impl. Answer (B) is correct. The control objective of authorization
Std. 2120.A1). Safeguarding assets includes insuring them. The concerns the proper
types and execution of transactions in accordance with management’s wishes.
amounts of insurance should be supported by periodic appraisals. One means of
Answer (B) is incorrect. The determination of insurance coverage is achieving this control objective is the establishment of policies as
not a guides to
function of the board of directors. action. When a decision affects the capitalization of the entity, a
Answer (C) is incorrect. The consumer price index generally does policy should be
not provide an in force requiring review at the highest level.
appropriate adjustment factor for fixed assets. Answer (C) is incorrect. Use of an underwriter in all cases of new
Answer (D) is incorrect. Book values may not reflect the issue of debt or
replacement or real equity instruments does not state a control but rather a specific
value of an asset. means of issuing
Gleim CIA Test Prep: Part 1 - Internal Audit Basics securities.
(720 questions) Answer (D) is incorrect. Requiring two signatures on all checks of a
Copyright 2013 Gleim Publications Inc. Page 178 material
Printed for Sanja Knezevic amount concerns the objective of safeguarding of assets, not
fb.com/ciaaofficial authorization.
[327] Gleim #: 3.4.96 [328] Gleim #: 3.4.97
Which of the following describes a control weakness? [329] Gleim #: 3.4.98
Purchasing procedures are well designed and are followed unless A manufacturer uses large quantities of small, inexpensive items,
otherwise such as nuts, bolts,
directed by the purchasing supervisor. washers, and gloves, in the production process. As these goods are
A. purchased, they are
B. Prenumbered blank purchase orders are secured within the recorded in inventory in bulk amounts. Bins are located on the shop
purchasing department. floor to provide
Normal operational purchases fall in the range from US $500 to US timely access to these items. When necessary, the bins are refilled
$1,000 with from inventory, and
two signatures required for purchases over US $1,000. the cost of the items is charged to a consumable supplies account,
C. which is part of
The purchasing agent invests in a publicly traded mutual fund that shop overhead. Which of the following would be an appropriate
lists the stock improvement of
of one of the organization’s suppliers in its portfolio. controls in this environment?
D. Relocate bins to the inventory A. warehouse.
Answer (A) is correct. Well-designed procedures that are set aside Require management review of reports on the cost of consumable
at items used in
management’s discretion are not adequate controls. Control relation to budget.
procedures must be B.
followed consistently to be effective. However, the possibility of C. Lock the bins during normal working hours.
management D. None of these controls are needed for items of minor cost and
override is an inherent limitation of internal control. size.
Answer (B) is incorrect. Use of prenumbered blank purchase orders Answer (A) is incorrect. The bins should be on the shop floor where
secured the nuts,
within the purchasing department is a common control. bolts, etc., are needed.
Answer (C) is incorrect. Requiring a more stringent authorization Answer (B) is correct. In accordance with the cost-benefit criterion,
procedure for control
larger purchases is an appropriate control as long as documentation expenditures for manufacturing supplies (nuts, bolts, etc.) should be
supports the minimal.
purchases. Nevertheless, some controls should be implemented. For example,
Answer (D) is incorrect. The purchasing agent’s mutual fund usage should
investment should be estimated and compared with stock balances and also with the
not be a conflict of interest. The relationship between the return on number of using
the investment personnel. Moreover, variances should be calculated for the
and any possible action by the agent to favor the supplier is very difference between
weak. costs incurred and budgeted amounts.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. Locking the bins would limit the efficiency
(720 questions) and
Copyright 2013 Gleim Publications Inc. Page 179 effectiveness of shop personnel.
Printed for Sanja Knezevic
Answer (D) is incorrect. Controls are needed even for items of minor Answer (A) is incorrect. Organizational structure and assignment of
cost and authority and
size. responsibility are also part of the control environment.
[330] Gleim #: 4.1.1 Answer (B) is incorrect. Integrity and ethical values and assignment
The COSO framework treats internal control as a process designed of authority
to provide and responsibility are also part of the control environment.
reasonable assurance regarding the achievement of objectives Answer (C) is incorrect. Integrity and ethical values and
related to organizational structure
A. Reliability of financial reporting. are also part of the control environment.
B. Effectiveness and efficiency of operations. Answer (D) is correct. The COSO internal control framework lists the
C. Compliance with applicable laws and regulations. following
D. All of the answers are correct. seven elements of the control environment:
Answer (A) is incorrect. The effectiveness and efficiency of Integrity and ethical values
operations and Commitment to competence
compliance with applicable laws and regulations are also correct. Board of directors or audit committee
Answer (B) is incorrect. The reliability of financial reporting and Management’s philosophy and operating style
compliance Organizational structure
with applicable laws and regulations are also correct. Assignment of authority and responsibility
Answer (C) is incorrect. Reliability of financial reporting and Human resource policies and practices
effectiveness and [332] Gleim #: 4.1.3
efficiency of operations are also correct. Which of the following is not a component of the CoCo model?
Answer (D) is correct. The COSO framework treats internal control A. Commitment.
as a process B. Capability.
designed to provide reasonable assurance regarding the C. Control environment.
achievement of objectives D. Monitoring and learning.
related to reliability of financial reporting, effectiveness and efficiency Answer (A) is incorrect. Commitment is a component of the CoCo
of model.
operations, and compliance with applicable laws and regulations. Answer (B) is incorrect. Capability is a component of the CoCo
Gleim CIA Test Prep: Part 1 - Internal Audit Basics model.
(720 questions) Answer (C) is correct. The control environment is not one of the four
Copyright 2013 Gleim Publications Inc. Page 180 components
Printed for Sanja Knezevic of the CoCo model. The four components are commitment,
fb.com/ciaaofficial capability, monitoring
[331] Gleim #: 4.1.2 and learning, and purpose.
Which of the following are elements of the control environment? Answer (D) is incorrect. Monitoring and learning is a component of
Integrity A. and ethical values. the CoCo
B. Organizational structure. model.
C. Assignment of authority and responsibility. [333] Gleim #: 4.1.4
D. All of the answers are correct. In regard to The IIA’s Electronic Systems Assurance and Control
study, which of the
following is not a business assurance objective? Answer (A) is correct. The control environment includes, among
A. Recordability. other things, the
B. Capability. element of human resource policies and practices. Thus, hiring,
C. Protectability. orientation,
D. Functionality. training, evaluation, counseling, promotion, compensation, and
Gleim CIA Test Prep: Part 1 - Internal Audit Basics remedial actions
(720 questions) must be considered by management.
Copyright 2013 Gleim Publications Inc. Page 181 Answer (B) is incorrect. Compensation systems are part of the
Printed for Sanja Knezevic organization’s
Answer (A) is correct. Recordability is not a business assurance control systems.
objective. Answer (C) is incorrect. Audits of the compensation systems can be
Answer (B) is incorrect. Capability is one of the five business combined
assurance objectives. with an audit of other functions that affect corporate bonuses.
Answer (C) is incorrect. Protectability is one of the five business Answer (D) is incorrect. Compensation systems are part of the
assurance objectives. organization’s
Answer (D) is incorrect. Functionality is one of the five business control systems, and they may be audited in combination with other
assurance objectives. functions that
[334] Gleim #: 4.1.5 affect corporate bonuses.
Which of the following statements is correct regarding corporate [335] Gleim #: 4.1.6
compensation The policies and procedures helping to ensure that management
systems and related bonuses? directives are
A bonus system should be considered part of the control executed and actions are taken to address risks to achievement of
environment of an objectives describes
organization and should be considered in formulating a report on A. Risk assessments.
internal control. B. Control environments.
I. C. Control activities.
Compensation systems are not part of an organization’s control D. Monitoring.
system and should Gleim CIA Test Prep: Part 1 - Internal Audit Basics
not be reported as such. (720 questions)
II. Copyright 2013 Gleim Publications Inc. Page 182
An audit of an organization’s compensation system should be Printed for Sanja Knezevic
performed fb.com/ciaaofficial
independently of an audit of the control system over other functions Answer (A) is incorrect. Risk assessment identifies and analyzes
that impact external or internal
corporate bonuses. risks to achievement of the objectives at the activity level as well as
III. the entity level.
A. I only. Answer (B) is incorrect. Control environments reflect the attitude
B. II only. and actions of the
C. III only. board and management regarding the significance of control within
D. II and III only. the organization.
Answer (C) is correct. Control activities are the policies and activity.
procedures helping to Answer (D) is incorrect. The board has oversight governance
ensure that management directives are executed and actions are responsibilities but
taken to address risks ordinarily does not become involved in the details of operations.
to achievement of objectives. [337] Gleim #: 4.1.8
Answer (D) is incorrect. Monitoring is a process that assesses the Which term best reflects the attitude and actions of the board and
quality of the management
system’s performance over time. regarding the significance of control within the organization?
[336] Gleim #: 4.1.7 A. Risk assessment.
An organization’s directors, management, external auditors, and B. Control activities.
internal auditors all C. Control environment.
play important roles in creating a proper control environment. Senior D. Monitoring.
management is Gleim CIA Test Prep: Part 1 - Internal Audit Basics
primarily responsible for (720 questions)
Establishing a proper organizational culture and specifying a system Copyright 2013 Gleim Publications Inc. Page 183
of internal Printed for Sanja Knezevic
control. Answer (A) is incorrect. Risk assessment identifies and analyzes
A. external or internal
Designing and operating a control system that provides reasonable risks to achievement of the objectives at the activity level as well as
assurance that the entity level.
established objectives and goals will be achieved. Answer (B) is incorrect. Control activities are the policies and
B. procedures helping to
Ensuring that external and internal auditors adequately monitor the ensure that management directives are executed and actions are
control taken to address risks
environment. to achievement of objectives.
C. Answer (C) is correct. A control environment reflects the attitude and
Implementing and monitoring controls designed by the D. board of actions of the
directors. board and management regarding the significance of control within
Answer (A) is correct. Senior management is primarily responsible the organization.
for Answer (D) is incorrect. Monitoring is a process that assesses the
establishing a proper organizational culture and specifying a system quality of the
of internal system’s performance over time.
control. [338] Gleim #: 4.1.9
Answer (B) is incorrect. Senior management is not likely to be Internal control can provide only reasonable assurance that the
involved in the organization’s
detailed design and day-to-day operation of a control system. objectives will be met efficiently and effectively. One factor limiting
Answer (C) is incorrect. Management administers risk and control the likelihood of
processes. It achieving those objectives is that
cannot delegate this responsibility to the external auditors or to the The internal auditor’s primary responsibility is the A. detection of
internal audit fraud.
B. The board is active and independent. (720 questions)
C. The cost of internal control should not exceed its benefits. Copyright 2013 Gleim Publications Inc. Page 184
D. Management monitors performance. Printed for Sanja Knezevic
Answer (A) is incorrect. The internal audit activity’s responsibility fb.com/ciaaofficial
regarding Answer (A) is incorrect. The COSO and CoCo models emphasize
controls is to evaluate effectiveness and efficiency and to promote soft controls.
continuous Answer (B) is incorrect. The communication of ethical values and
improvement. the fostering of
Answer (B) is incorrect. An effective governance function mutual trust are soft controls in the CoCo model.
strengthens the control Answer (C) is incorrect. Soft controls have become more necessary
environment. as technology
Answer (C) is correct. A limiting factor is that the cost of internal advances have empowered employees.
control should Answer (D) is correct. One approach to auditing soft controls is
not exceed its expected benefits. Thus, the potential loss associated control selfassessment,
with any which is the involvement of management and staff in the assessment
exposure or risk is weighed against the cost to control it. Although of
the cost-benefit internal controls within their work group.
relationship is a primary criterion that should be considered in [340] Gleim #: 4.1.11
designing and Which of the following broad control objectives listed in The IIA’s
implementing internal control, the precise measurement of costs and Electronic Systems
benefits Assurance and Control differs from the objectives found in the COSO
usually is not possible. internal control
Answer (D) is incorrect. Senior management’s role is to oversee the framework?
establishment, administration, and assessment of the system of risk Effectiveness A. and efficiency.
management B. Financial reporting.
and control processes. C. Compliance.
[339] Gleim #: 4.1.10 D. Safeguarding of assets.
Which of the following statements is not accurate with regard to soft Answer (A) is incorrect. Effectiveness and efficiency of operations is
controls? addressed
A. The COSO and CoCo models emphasize soft controls. in both models.
The communication of ethical values and the fostering of mutual trust Answer (B) is incorrect. Financial reporting is addressed in both
are soft models.
controls in the CoCo model. Answer (C) is incorrect. Compliance with laws and regulations is
B. addressed in
Soft controls have become more necessary as technology advances both models.
have Answer (D) is correct. Safeguarding of assets is not among the
empowered employees. objectives of
C. control found in the COSO internal control framework.
D. Control self-assessment is not an approach to audit soft controls. [341] Gleim #: 4.1.12
Gleim CIA Test Prep: Part 1 - Internal Audit Basics
Which of the following is the common name for Internal Control: then reconciles the cash received for the day with the computerized
Guidance for record of food
Directors on the Combined Code? orders generated. All differences are investigated immediately by the
A. COSO. restaurant.
B. COBIT. Organizational headquarters has established monitoring controls to
C. The Turnbull Report. determine when an
D. CoCo. individual restaurant might not be recording all its revenue and
Answer (A) is incorrect. The COSO (Committee of Sponsoring transmitting the
Organizations of applicable cash to the corporate headquarters. Which one of the
the Treadway Commission) issued Internal Control – Integrated following is the best
Framework. example of a monitoring control?
Answer (B) is incorrect. COBIT is the integrated framework for The restaurant manager reconciles the cash received with the food
information orders recorded
technology controls issued by the IT Governance Institute. on the computer.
Answer (C) is correct. One of the three most recognized internal A.
control All food orders must be entered on the computer, and segregation of
frameworks is Internal Control: Guidance for Directors on the duties is
Combined Code. maintained between the food servers and the cooks.
It is commonly known as the Turnbull Report and was issued by the B.
Institute of Management prepares a detailed analysis of gross margin per store
Chartered Accountants in England and Wales. and
Answer (D) is incorrect. CoCo refers to Guidance on Control investigates any store that shows a significantly lower gross margin.
(original title: C.
Criteria of Control) issued by the Canadian Institute of Chartered Cash is transmitted to corporate headquarters D. on a daily basis.
Accountants. Answer (A) is incorrect. The manager’s activity is an example of a
Gleim CIA Test Prep: Part 1 - Internal Audit Basics reconciliation
(720 questions) control applied at the store level. Monitoring is an overall control that
Copyright 2013 Gleim Publications Inc. Page 185 determines
Printed for Sanja Knezevic whether other controls are operating effectively.
[342] Gleim #: 4.1.13 Answer (B) is incorrect. The division of duties is an operational
A restaurant chain has over 680 restaurants. All food orders for each control.
restaurant are Answer (C) is correct. Monitoring is a process that assesses the
required to be entered into an electronic device that records all food quality of internal
orders by food control over time. It involves assessment by appropriate personnel of
servers and transmits the order to the kitchen for preparation. All the design
food servers are and operation of controls and the taking of corrective action.
responsible for collecting cash for all their orders and must turn in Monitoring can be
cash at the end of done through ongoing activities or separate evaluations. Ongoing
their shift equal to the sales value of food ordered for their I.D. monitoring
number. The manager
procedures are built into the normal recurring activities of an entity The manager of the program should be independent of the
and include operations assessed.
regular management and supervisory activities. Thus, analysis of Answer (D) is incorrect. An internal audit activity should be
gross margin independent of the
data and investigation of significant deviations is a monitoring operations reviewed and is not a managerial function.
process. [344] Gleim #: 4.1.15
Answer (D) is incorrect. Daily transmission of cash is an operational Which of the following are elements included in the control
control. environment described in
[343] Gleim #: 4.1.14 the COSO internal control framework?
Management has a role in the maintenance of control. In fact, Organizational structure, management philosophy, A. and planning.
management sometimes B. Integrity and ethical values, assignment of authority, and human
is a control. Which of the following most likely involves managerial resource policies.
functions as a C. Competence of personnel, backup facilities, laws, and regulations.
control? D. Risk assessment, assignment of responsibility, and human
A. Monitoring performance. resource practices.
B. Board approval of the charter of the internal audit activity. Answer (A) is incorrect. Planning is not an element of the control
C. Maintenance of a quality assurance program. environment.
D. Establishment of an internal audit activity. Answer (B) is correct. The COSO internal control framework lists the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics following
(720 questions) seven elements of the control environment:
Copyright 2013 Gleim Publications Inc. Page 186 Integrity and ethical values
Printed for Sanja Knezevic Commitment to competence
fb.com/ciaaofficial Board of directors or audit committee
Answer (A) is correct. Monitoring is a component of the control Management’s philosophy and operating style
environment. It is a Organizational structure
process that assesses the quality of the system’s performance over Assignment of authority and responsibility
time. It consists of Human resource policies and practices
ongoing activities built into normal operations to ensure that they Answer (C) is incorrect. Backup facilities, laws, and regulations are
continue to be not elements
performed effectively. Supervision and other ordinary management of the control environment.
functions, Answer (D) is incorrect. Risk assessment is part of planning the
consideration of communications with external parties, and the internal audit
actions of internal and activity and specific engagements.
external auditors are examples. [345] Gleim #: 4.2.16
Answer (B) is incorrect. The board is the entity’s governing body, not The function of the chief risk officer (CRO) is most effective when the
its CRO
management. A. Manages risk as a member of senior management.
Answer (C) is incorrect. A quality assurance program is a form of B. Shares the management of risk with line management.
internal assessment. C. Shares the management of risk with the chief audit executive.
D. Monitors risk as part of the enterprise risk management team.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics effected by an entity’s board of directors, management, and other
(720 questions) personnel,
Copyright 2013 Gleim Publications Inc. Page 187 applied in strategy setting and across the enterprise, designed to
Printed for Sanja Knezevic identify potential
Answer (A) is incorrect. Senior management has an oversight role events that may affect the entity and manage risk to be within its risk
in risk appetite, to
management. provide reasonable assurance regarding the achievement of entity
Answer (B) is incorrect. The risk knowledge at the line level is objectives.”
specific only to that The emphasis is on (1) the objectives of a specific entity and (2)
area of the organization. establishing a
Answer (C) is incorrect. The CAE should not be accountable for a means for evaluating the effectiveness of ERM.
management Answer (D) is incorrect. Enterprise risk management is concerned
function. with selecting
Answer (D) is correct. A CRO is a member of management assigned not the best risk response but the risk response that falls within the
primary enterprise’s
responsibility for enterprise risk management processes. The CRO is risk tolerances and appetite.
most effective [347] Gleim #: 4.2.18
when supported by a specific team with the necessary expertise and Many organizations use electronic funds transfer to pay their
experience related suppliers instead of
to organization-wide risk. issuing checks. Regarding the risks associated with issuing checks,
[346] Gleim #: 4.2.17 which of the
Enterprise risk management following risk management techniques does this represent?
Guarantees achievement of organizational A. objectives. A. Controlling.
B. Requires establishment of risk and control activities by internal B. Accepting.
auditors. C. Transferring.
Involves the identification of events with negative impacts on D. Avoiding.
organizational Gleim CIA Test Prep: Part 1 - Internal Audit Basics
objectives. (720 questions)
C. Copyright 2013 Gleim Publications Inc. Page 188
D. Includes selection of the best risk response for the organization. Printed for Sanja Knezevic
Answer (A) is incorrect. Risk management processes cannot fb.com/ciaaofficial
guarantee Answer (A) is incorrect. Eliminating checks does not represent an
achievement of objectives. ongoing control.
Answer (B) is incorrect. Involvement of internal auditors in Answer (B) is incorrect. Eliminating checks avoids instead of
establishing control accepts the associated
activities impairs their independence and objectivity. risk.
Answer (C) is correct. The COSO document, Enterprise Risk Answer (C) is incorrect. Eliminating checks does not transfer risk to
Management – anyone else.
Integrated Framework, defines enterprise risk management (ERM) Risk is eliminated.
as “a process,
Answer (D) is correct. Risk responses may include avoidance, Printed for Sanja Knezevic
acceptance, sharing, [350] Gleim #: 4.2.21
and reduction. By eliminating checks, the organization avoids all risk Components of enterprise risk management (ERM) are integrated
associated with with the
them. management process. Which of the following correctly states four of
[348] Gleim #: 4.2.19 the eight
Which of the following is a factor affecting risk? components of ERM according to the COSO’s framework?
A. New personnel. Event identification, risk assessment, control activities, and A.
B. New or revamped information systems. objective setting.
C. Rapid growth. B. Internal environment, risk responses, monitoring, and risk
D. All of the answers are correct. minimization.
Answer (A) is incorrect. New or revamped information systems and External environment, information and communication, monitoring,
rapid growth and event
are also factors affecting risk. identification.
Answer (B) is incorrect. New personnel and rapid growth are also C.
factors Objective setting, response to opportunities, risk assessment, and
affecting risk. control
Answer (C) is incorrect. New personnel and new or revamped activities.
information D.
systems are also factors affecting risk. Answer (A) is correct. ERM ensures that (1) a process is established
Answer (D) is correct. New personnel, new or revamped information and (2)
systems, objectives align with the mission and the risk appetite. Event
and rapid growth are all factors that affect risk. identification, risk
[349] Gleim #: 4.2.20 assessment, control activities, and objective setting are components
What is residual risk? of ERM.
A. Impact of risk. Event identification relates to internal and external events affecting
B. Risk that is under control. the
C. Risk that is not managed. organization. Risk assessment considers likelihood and impact (see
D. Underlying risk in the environment. the definitions
Answer (A) is incorrect. The impact of risk is its consequence. of risk in The IIA Glossary) as a basis for risk management. Control
Answer (B) is incorrect. Risk that is under control is managed risk. activities are
Answer (C) is correct. Residual risk is the risk remaining after policies and procedures to ensure the effectiveness of risk
management takes responses. Objective
action to reduce the impact and likelihood of an adverse event. Such setting precedes event identification.
action Answer (B) is incorrect. Risk assessment, not minimization, is a
includes control activities in responding to a risk. component of
Answer (D) is incorrect. The underlying risk is the inherent risk. ERM.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (C) is incorrect. The internal, not external, environment is a
(720 questions) component
Copyright 2013 Gleim Publications Inc. Page 189 of ERM.
Answer (D) is incorrect. Response to opportunities is a capability of Answer (B) is incorrect. Limitations of ERM can also arise from
ERM. faulty human
[351] Gleim #: 4.2.22 judgment and collusion.
Which of the following control models is fully incorporated into the Answer (C) is incorrect. Limitations of ERM can also arise from
broader integrated faulty human
framework of enterprise risk management (ERM)? judgment and cost-benefit considerations.
A. CoCo. Answer (D) is correct. The limitations of ERM are the same as those
B. COSO. for control in
C. Electronic Systems Assurance and Control. general. They arise from the possibility of (1) faulty human judgment,
D. COBIT. (2) cost-benefit
Answer (A) is incorrect. ERM extends the COSO, not the CoCo, considerations, (3) simple errors or mistakes, (4) collusion, and (5)
model. management
Answer (B) is correct. The Committee of Sponsoring Organizations override.
of the [353] Gleim #: 4.2.24
Treadway Commission published Enterprise Risk Management – Management considers risk appetite for all of the following reasons
Integrated except
Framework. This document describes a model that incorporates the Evaluating A. strategic options.
earlier COSO B. Setting objectives.
internal control framework while extending it to the broader area of C. Developing risk management techniques.
enterprise risk D. Increasing the net present value of investments.
management. Answer (A) is incorrect. Management considers risk appetite when
Answer (C) is incorrect. ERM extends the COSO, not the eSAC, evaluating
model. strategic options.
Answer (D) is incorrect. ERM extends the COSO, not the COBIT, Answer (B) is incorrect. Management considers risk appetite when
model. setting
[352] Gleim #: 4.2.23 objectives.
Limitations of enterprise risk management (ERM) may arise from Answer (C) is incorrect. Management considers risk appetite when
A. Faulty human judgment. developing
B. Cost-benefit considerations. risk management techniques.
C. Collusion. Answer (D) is correct. Risk appetite should be considered in
D. All of the answers are correct. 1. Evaluating strategies,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics 2. Setting related objectives, and
(720 questions) 3. Developing risk management methods.
Copyright 2013 Gleim Publications Inc. Page 190 Increasing the net present value of investments is an operational
Printed for Sanja Knezevic objective. It
fb.com/ciaaofficial would be determined after consideration of the entity’s risk appetite
Answer (A) is incorrect. Limitations of ERM can also arise from cost- and other
benefit strategic factors.
considerations and collusion. [354] Gleim #: 4.2.25
Inherent risk is
A. A potential event that will adversely affect the organization. Answer (A) is correct. An impact factor is a potential result of an
B. Risk response risk. event. These
The risk after management takes action to reduce the impact or events are usually identified through the risk assessment process.
likelihood of an For example, the
adverse event. consequences of fraud may include direct financial loss and harm to
C. its reputation,
The risk when management has not taken action to reduce the which in turn may lead to inability to attract skilled employees or
impact or likelihood customers.
of an adverse event. Answer (B) is incorrect. Inadequacy of internal controls is a risk that
D. normally is
Gleim CIA Test Prep: Part 1 - Internal Audit Basics identified during risk assessment.
(720 questions) Answer (C) is incorrect. The existence of complex or unusual
Copyright 2013 Gleim Publications Inc. Page 191 transactions is a
Printed for Sanja Knezevic risk that normally is identified during risk assessment.
Answer (A) is incorrect. A risk event is a potential event that will Answer (D) is incorrect. Potential override of internal controls is a
affect the entity risk that
adversely. normally is identified during risk assessment.
Answer (B) is incorrect. A risk response is an action taken to reduce [356] Gleim #: 4.2.27
the impact or Which risk response reflects a change from acceptance to sharing?
likelihood of an adverse event, including a control activity. “Risk A. An insurance policy on a manufacturing plant was not renewed.
response risk” is a B. Management purchased insurance on previously uninsured
nonsense term. property.
Answer (C) is incorrect. The risk after management takes action to C. Management sold a manufacturing plant.
reduce the impact After employees stole numerous inventory items, management
or likelihood of an adverse event in responding to a risk is residual implemented
risk. mandatory background checks on all employees.
Answer (D) is correct. Inherent risk is the risk when management D.
has not taken action Gleim CIA Test Prep: Part 1 - Internal Audit Basics
to reduce the impact or likelihood of an adverse event. Thus, it is risk (720 questions)
in the absence of Copyright 2013 Gleim Publications Inc. Page 192
a risk response. Printed for Sanja Knezevic
[355] Gleim #: 4.2.26 fb.com/ciaaofficial
The internal auditors are assessing the risk of fraud involving senior Answer (A) is incorrect. Not renewing insurance represents a
management. An change from risk
impact factor is sharing to risk acceptance.
Nonretention A. of customers. Answer (B) is correct. The categories of risk responses under the
B. Inadequacy of internal controls. COSO ERM model
C. Unusual transactions. are avoidance, retention (acceptance), reduction, sharing, and
D. Potential override of internal controls. exploitation. If
management does not insure a building, the response is acceptance. A. Rapid response to opportunities.
Ordinarily, B. Organization-level view of risk.
acceptance is based on a judgment that the cost of another response C. Emphasis on specific functions.
is excessive. D. Achieving financial goals.
However, once management purchases insurance, the risk is shared Gleim CIA Test Prep: Part 1 - Internal Audit Basics
with an outside (720 questions)
party. Copyright 2013 Gleim Publications Inc. Page 193
Answer (C) is incorrect. Selling property avoids all the risks of Printed for Sanja Knezevic
ownership. Answer (A) is incorrect. Rapid response to opportunities is a
Answer (D) is incorrect. Management originally accepted the risk of characteristic of ERM,
employee theft which tries to offset potential risks with opportunities.
by not implementing pre-hire investigation. Conducting background Answer (B) is incorrect. ERM tries to view risk as it affects every
checks on all level of an
employees reduces the risk of theft. organization.
[357] Gleim #: 4.2.28 Answer (C) is correct. The enterprise risk management approach
Under the COSO’s ERM framework, which of the following most set forth by the
accurately describes committee of Sponsoring Organizations of the Treadway
risk management responsibilities? Commission (COSO)
In practice, management has primary A. responsibility. attempts to approach an organization as a whole instead of focusing
B. The internal audit activity has an oversight role. on any specific
C. The board provides assurance about the effectiveness of ERM. area or risk.
D. The chief audit executive should serve as chief risk officer. Answer (D) is incorrect. Financial goals are an example of the
Answer (A) is correct. The board has overall responsibility. However, methods ERM uses to
in practice, achieve objectives in one or more separate but overlapping
the board delegates responsibility for ERM to senior management, categories.
which should [359] Gleim #: 4.2.30
ensure that sound processes are in place and functioning. Which of the following members of an organization has ultimate
Answer (B) is incorrect. The internal audit activity provides objective ownership
assurance responsibility of the enterprise risk management, provides leadership
that (1) ERM processes are effective and (2) key risks are managed and direction to
at an senior managers, and monitors the entity’s overall risk activities in
acceptable level. relation to its risk
Answer (C) is incorrect. The board has overall responsibility. appetite?
Answer (D) is incorrect. The CAE must not be the CRO because A. Chief risk officer.
managing risk is B. Chief executive officer.
a responsibility of management, not internal audit. C. Internal auditors.
[358] Gleim #: 4.2.29 D. Chief financial officer.
Which of the following is closely related to traditional risk Answer (A) is incorrect. The risk officer works in assigned areas of
management instead of responsibility
enterprise risk management (ERM)?
in a staff function. The work of a risk officer often extends beyond Answer (B) is correct. The internal audit activity must evaluate and
one specific contribute to the
area because the officer will have the necessary resources to work improvement of governance, risk management, and control
across many processes using a
segments or divisions. systematic and disciplined approach (Perf. Std. 2100). Assurance
Answer (B) is correct. The chief executive officer (CEO) sets the services involve the
tone at the top internal auditor’s objective assessment of management’s risk
of the organization and has ultimate responsibility for ownership of management activities
the ERM. The and the degree to which they are effective.
CEO will influence the composition and conduct of the board, provide Answer (C) is incorrect. Designing and updating the risk
leadership management process is a
and direction to senior managers, and monitor the entity’s overall risk role of management.
activities in Answer (D) is incorrect. The design and implementation of controls
relation to its risk appetite. If any problems arise with the is the
organization’s risk responsibility of management, not internal audit.
appetite, the CEO will also take any measures to adjust the [361] Gleim #: 4.3.32
alignment to better suit The primary reason that a bank would maintain a separate
the organization. compliance function is to
Answer (C) is incorrect. The internal auditors evaluate the ERM and Better manage perceived A. high risks.
may provide B. Strengthen controls over the bank’s investments.
recommendations. C. Ensure the independence of line and senior management.
Answer (D) is incorrect. The CFO is subordinate to the CEO, who D. Better respond to shareholder expectations.
has ultimate Answer (A) is correct. The risk management process identifies,
responsibility for ERM. assesses,
[360] Gleim #: 4.3.31 manages, and controls potential risk exposures. Organizations such
When assessing the risk associated with an activity, an internal as brokers,
auditor should banks, and insurance companies may view risks as sufficiently
A. Determine how the risk should best be managed. critical to warrant
B. Provide assurance on the management of the risk. continuous oversight and monitoring.
C. Update the risk management process based on risk exposures. Answer (B) is incorrect. A separate compliance function may help
D. Design controls to mitigate the identified risks. strengthen
Gleim CIA Test Prep: Part 1 - Internal Audit Basics controls, but this is not its primary purpose.
(720 questions) Answer (C) is incorrect. Risk management is the direct responsibility
Copyright 2013 Gleim Publications Inc. Page 194 of
Printed for Sanja Knezevic management.
fb.com/ciaaofficial Answer (D) is incorrect. A separate compliance function will help
Answer (A) is incorrect. Risk management is a key responsibility of respond to
senior shareholder needs, but this is not its primary purpose.
management and the board, not the internal auditor. [362] Gleim #: 4.3.33
Which of the following goals sets risk management strategies at the and advisory role. The board has an oversight role.
optimum level? Answer (B) is incorrect. Management performs the implementation
A. Minimize costs. role in risk
B. Maximize market share. management, and the board has an oversight role. Internal auditors
C. Minimize losses. are generally
D. Maximize shareholder value. involved in the assurance and advisory role.
Answer (A) is incorrect. Minimizing costs is not a comprehensive Answer (C) is correct. Risk management is a key responsibility of
approach. senior
Answer (B) is incorrect. Maximizing market share is not a management and the board. To achieve its business objectives,
comprehensive management
approach. ensures that sound risk management processes are in place and
Answer (C) is incorrect. Minimizing losses is not a comprehensive functioning.
approach. Boards have an oversight role to determine that appropriate risk
Answer (D) is correct. The risk management processes chosen management
depend on the processes are in place and that these processes are adequate and
organization’s culture, management style, and business objectives. effective. In this
These choices role, they may direct the internal audit activity to assist them by
should optimize stakeholder (for example, shareholder) value by examining,
coping evaluating, reporting, and/or recommending improvements to the
effectively with uncertainty, risks, and opportunities. Thus, adequacy and
maximizing effectiveness of risk management processes (PA 2120-1, para. 1).
shareholder value is a comprehensive approach that relates to risk Management
management and the board are responsible for their organization’s risk
strategies across the organization. management and control
Gleim CIA Test Prep: Part 1 - Internal Audit Basics processes. However, internal auditors acting in a consulting role can
(720 questions) assist the
Copyright 2013 Gleim Publications Inc. Page 195 organization in identifying, evaluating, and implementing risk
Printed for Sanja Knezevic management
[363] Gleim #: 4.3.34 methodologies and controls to address those risks (PA 2120-1, para.
Which of the following represents the best statement of 2).
responsibilities for risk Answer (D) is incorrect. Management is responsible for risk
management? management, not the
Internal oversight role performed by the board.
Management Auditing Board [364] Gleim #: 4.3.35
A. Responsibility for risk Oversight role Advisory role An internal auditor plans to conduct an audit of the adequacy of
B. Oversight role Responsibility for risk Advisory role controls over
C. Responsibility for risk Advisory role Oversight role investments in new financial instruments. Which of the following
D. Oversight role Advisory role Responsibility for risk would not be
Answer (A) is incorrect. Internal auditors are generally involved in required as part of such an engagement?
the assurance
Determine if policies exist which describe the risks the treasurer may determination does not test the adequacy of the controls.
take and the Answer (D) is incorrect. A fundamental control concept over cash-
types of instruments in which the treasurer may make investments. like assets is the
A. treasurer’s establishment of a mechanism to monitor the risks.
Determine the extent of management oversight over investments in [365] Gleim #: 4.3.36
sophisticated When the executive management of an organization decided to form
instruments. a team to
B. investigate the adoption of an activity-based costing (ABC) system,
Determine whether the treasurer is getting higher or lower rates of an internal auditor
return on was assigned to the team. The best reason for including an internal
investments than are treasurers in comparable organizations. auditor is the
C. internal auditor’s knowledge of
Determine the nature of controls established by the treasurer to Activities A. and cost drivers.
monitor the risks B. Information processing procedures.
in the investments. C. Current product cost structures.
D. D. Risk management processes.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (A) is incorrect. An engineer has more knowledge than an
(720 questions) internal
Copyright 2013 Gleim Publications Inc. Page 196 auditor about activities and cost drivers.
Printed for Sanja Knezevic Answer (B) is incorrect. An information systems expert has more
fb.com/ciaaofficial knowledge than
Answer (A) is incorrect. The first step of such an engagement an internal auditor about information needs and information
should be to determine processing
the nature of policies established to manage the risks associated procedures.
with the investments. Answer (C) is incorrect. A management accountant has more
New financial instruments are very risky. knowledge than an
Answer (B) is incorrect. Sophisticated financial instruments are internal auditor about a company’s current product cost.
complex by their Answer (D) is correct. The internal audit activity’s scope of work
nature and can carry a high level of risk. Thus, the auditor should extends to
determine the nature evaluating the organization’s risk management processes. The
of the risk management process established to monitor and authorize internal audit
such investments. activity should assist the organization by identifying and evaluating
Answer (C) is correct. For this particular engagement, the auditor significant
does not need to exposures to risk and contributing to the improvement of risk
develop a comparison of investment returns with those of other management and
organizations. In fact, control systems.
some financial investment scandals show that such comparisons can [366] Gleim #: 4.3.37
be highly Internal auditors should review the means of physically safeguarding
misleading because high returns were due to taking on a high level assets from
of risk. Also, this losses arising from
A. Misapplication of accounting principles. Answer (A) is incorrect. Internal auditors must evaluate risk
B. Procedures that are not cost justified. exposures relating
C. Exposure to the elements. to, among other things, the organization’s compliance with laws,
D. Underusage of physical facilities. regulations,
Gleim CIA Test Prep: Part 1 - Internal Audit Basics policies, procedures, and contracts.
(720 questions) Answer (B) is correct. Safeguarding assets is an operational activity
Copyright 2013 Gleim Publications Inc. Page 197 and is
Printed for Sanja Knezevic therefore beyond the scope of the internal audit activity.
Answer (A) is incorrect. Misapplication of accounting principles Answer (C) is incorrect. The internal audit activity must evaluate risk
relates to the exposures
reliability of information and not physical safeguards. relating to, among other things, the organization’s compliance with
Answer (B) is incorrect. Procedures that are not cost justified relate laws,
to efficiency, not regulations, policies, procedures, and contracts.
effectiveness, of operations. Answer (D) is incorrect. Ascertaining the extent to which
Answer (C) is correct. The internal audit activity must evaluate risk management has
exposures relating established adequate criteria to determine whether objectives and
to governance, operations, and information systems regarding the goals have been
safeguarding of accomplished is within the scope of internal auditing.
assets (Impl. Std. 2120.A1). For example, internal auditors evaluate [368] Gleim #: 4.3.39
risk arising from In the risk management process, management’s view of the internal
the possibilities of theft, fire, improper or illegal activities, and audit activity’s
exposure to the role is likely to be determined by all of the following factors except
elements. A. Organizational culture.
Answer (D) is incorrect. Underusage of facilities relates to efficiency B. Preferences of the independent auditor.
of operations. C. Ability of the internal audit staff.
[367] Gleim #: 4.3.38 D. Local conditions and customs of the country.
Which of the following activities is outside the scope of internal Gleim CIA Test Prep: Part 1 - Internal Audit Basics
auditing? (720 questions)
Evaluating risk exposures regarding compliance with policies, Copyright 2013 Gleim Publications Inc. Page 198
procedures, and Printed for Sanja Knezevic
contracts. fb.com/ciaaofficial
A. Answer (A) is incorrect. Organizational culture is a factor that
Safeguarding B. of assets. influences
C. Evaluating risk exposures regarding compliance with laws and management’s view of the role of internal auditing.
regulations. Answer (B) is correct. Ultimately, the role of internal auditing in the
Ascertaining the extent to which management has established risk management
criteria to determine process is determined by senior management and the board. Their
whether objectives have been accomplished. view on internal
D. auditing’s role is likely to be determined by factors such as the
culture of the
organization, ability of the internal audit staff, and local conditions effectiveness of the risk management process?
and customs (PA I. Significant risks
2120-1, para. 5). II. Ongoing monitoring activities
Answer (C) is incorrect. The ability of the internal audit staff is a Previous risk evaluation reports by management, internal auditors,
factor that external
influences management’s view of the role of internal auditing. auditors, and any other sources
Answer (D) is incorrect. Local conditions and customs of the country III.
influence A. I and II only.
management’s view of the role of internal auditing. B. I and III only.
[369] Gleim #: 4.3.40 C. II and III only.
Which of the following threatens the independence of an internal D. I, II, and III.
auditor who had Gleim CIA Test Prep: Part 1 - Internal Audit Basics
participated in the initial establishment of a risk management (720 questions)
process? Copyright 2013 Gleim Publications Inc. Page 199
Developing assessments and reports on the risk A. management Printed for Sanja Knezevic
process. Answer (A) is correct. Significant risks and ongoing management
B. Managing the identified risks. activities are
C. Evaluating the adequacy and effectiveness of management’s risk assessed by the internal audit activity as part of the risk management
processes. process (Inter.
D. Recommending controls to address the risks identified. Std. 2120). But review of previous risk evaluation reports is a means
Answer (A) is incorrect. Developing assessments and reports on the of obtaining
organization’s risk management processes is not only an internal evidence for an assessment.
audit role but Answer (B) is incorrect. Review of previous risk evaluation reports
normally also a high audit priority. by management,
Answer (B) is correct. Assuming management’s responsibility for the internal auditors, external auditors, and any other sources is an audit
risk procedure, a
management process is a potential threat to the internal audit means of obtaining evidence for an assessment. Moreover, internal
activity’s auditors assess
independence. It requires a full discussion and board approval (PA ongoing monitoring activities.
2120-1, Answer (C) is incorrect. Review of previous risk evaluation reports
para. 5). by management,
Answer (C) is incorrect. Internal auditors assist both management internal auditors, external auditors, and any other sources is an audit
and the board procedure, a
by examining, evaluating, reporting, and recommending means of obtaining evidence for an assessment. Moreover, internal
improvements on the auditors assess
adequacy and effectiveness of risk management processes. significant risks.
Answer (D) is incorrect. Internal auditors may recommend controls. Answer (D) is incorrect. Review of previous risk evaluation reports
[370] Gleim #: 4.3.41 by management,
Which of the following may be assessed by the internal auditor to internal auditors, external auditors, and any other sources is an audit
determine the procedure.
[371] Gleim #: 4.3.42 fb.com/ciaaofficial
The board’s expectations of the internal audit activity regarding the Answer (A) is incorrect. The internal audit activity assists in risk
risk management management; it is
process is not the same thing as risk management.
Noted in the work programs for formal consulting A. engagements. Answer (B) is incorrect. Control processes are “the policies,
B. Included in the business continuity plan. procedures, and activities
C. Codified in the charters of the internal audit activity and the board. that are part of a control framework designed to ensure that risks are
D. Reviewed by the internal auditors immediately following a contained within
disaster. the risk tolerances established by the risk management process”
Answer (A) is incorrect. A work program is a listing of specific (The IIA Glossary).
procedures. Answer (C) is correct. Risk management is “a process to identify,
Answer (B) is incorrect. Business continuity planning is just one assess, manage, and
element of risk control potential events or situations to provide reasonable
management. assurance regarding the
Answer (C) is correct. The chief audit executive (CAE) is to obtain achievement of the organization’s objectives” (The IIA Glossary).
an Answer (D) is incorrect. Consulting services are “advisory and
understanding of senior management’s and the board’s expectations related client service
of the internal activities, the nature and scope of which are agreed with the client”
audit activity in the organization’s risk management process. This (The IIA
understanding Glossary).
is then codified in the charters of the internal audit activity and the [373] Gleim #: 4.3.44
board (PA Risk management is the responsibility of management. The role of
2120-1, para. 4). the internal audit
Answer (D) is incorrect. The internal audit activity’s role needs to be activity in the risk management process may include which of the
understood following?
before a crisis. Monitoring I. activities.
[372] Gleim #: 4.3.43 II. Evaluating the risk management process as part of the
Which of the following is the most accurate term for a process to engagement plan.
identify, assess, Participating on oversight committees, monitoring of activities, and
manage, and control potential events or situations to provide status
reasonable assurance reporting.
regarding the achievement of the organization’s objectives? III.
A. The internal audit activity. IV. Managing and coordinating the process.
B. Control process. A. I only.
C. Risk management. B. II only.
D. Consulting service. C. I, II, and III only.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics D. I, II, III, and IV.
(720 questions) Answer (A) is incorrect. The internal audit activity’s role in the risk
Copyright 2013 Gleim Publications Inc. Page 200 management
Printed for Sanja Knezevic
process may extend on a continuum from no role to managing and C. Determine the level of risks acceptable to the organization.
coordinating Treat the evaluation of risk management processes in the same
the process. manner as the risk
Answer (B) is incorrect. The internal audit activity’s role in the risk analysis used to plan engagements.
management D.
process also may extend to monitoring activities; participating on Answer (A) is incorrect. Risk management processes vary with the
oversight size and
committees, monitoring of activities, and status reporting; and complexity of an organization’s business activities.
managing and Answer (B) is correct. Internal auditors need to obtain sufficient and
coordinating the process. appropriate
Answer (C) is incorrect. The internal audit activity’s role in the risk evidence to determine that key objectives of the risk management
management processes are
process also may extend to managing and coordinating the process. being met to form an opinion on the adequacy of risk management
Answer (D) is correct. The internal audit activity’s role in the risk processes
management (PA 2120-1, para. 8).
process of an organization can change over time and may include Answer (C) is incorrect. Management and the board determine the
responsibilities level of
along a continuum that extends from (1) no role; (2) auditing the risk acceptable organizational risks.
management Answer (D) is incorrect. Evaluating management’s risk processes
process as part of the internal audit plan; (3) active, continuous differs from the
support and internal auditors’ risk assessment used to plan an engagement, but
involvement in the risk management process, such as participation information
on oversight from a comprehensive risk management process is useful in such
committees, monitoring activities, and status reporting; and (4) planning.
managing and [375] Gleim #: 4.3.46
coordinating the process (PA 2120-1, para. 4). If an organization has no formal risk management processes, the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics chief audit executive
(720 questions) should
Copyright 2013 Gleim Publications Inc. Page 201 A. Establish risk management processes based on industry norms.
Printed for Sanja Knezevic Formulate hypothetical results of possible consequences resulting
[374] Gleim #: 4.3.45 from risks not
The internal audit activity must evaluate the effectiveness and being managed.
contribute to the B.
improvement of risk management processes. With respect to C. Inform regulators that the organization is guilty of an infraction.
evaluating the adequacy Formally discuss with the directors their obligations for risk
of risk management processes, internal auditors most likely should management
Recognize that organizations should use similar techniques A. for processes.
managing risk. D.
B. Determine that the key objectives of risk management processes Answer (A) is incorrect. Internal auditors have no authority to
are being met. establish risk
management processes. They must seek direction from subject to soft controls and soft risk management approaches.
management and the board Answer (B) is incorrect. A risk matrix links identified risks to, for
as to their role in the process. example,
Answer (B) is incorrect. Internal auditors are not required to perform controls or business processes.
a risk Answer (C) is correct. The organization designs risk management
analysis of the possible consequences of not establishing a risk processes
management based on its culture, management style, and business objectives. For
process. However, such a request might be made by management. example, the
Answer (C) is incorrect. In the absence of a specific legal use of derivatives or other sophisticated capital market products by
requirement, internal the
auditors are not required to report to outside parties. organization could require the use of quantitative risk management
Answer (D) is correct. In situations where the organization does not tools. But the
have formal internal auditor determines that the methodology chosen is
risk management processes, the chief audit executive formally sufficiently
discusses with comprehensive and appropriate for the nature of the organization (PA
management and the board their obligations to understand, manage, 2120-1,
and monitor para. 7).
risks within the organization and the need to satisfy themselves that Answer (D) is incorrect. An ERM framework contains broad
there are statements of
processes operating within the organization, even if informal, that classes of risks. They are not stated in the detail (quantitative or not)
provide the required by a
appropriate level of visibility into the key risks and how they are being specific organization.
managed [377] Gleim #: 4.3.48
and monitored (PA 2120-1, para. 3). Which of the following is not a responsibility of the chief audit
Gleim CIA Test Prep: Part 1 - Internal Audit Basics executive?
(720 questions) To communicate the internal audit activity’s plans and resource
Copyright 2013 Gleim Publications Inc. Page 202 requirements to
Printed for Sanja Knezevic senior management and the board for review and approval.
fb.com/ciaaofficial A.
[376] Gleim #: 4.3.47 To coordinate with other internal and external providers of audit and
Quantitative risk management methods are most appropriate for consulting
Assessing A. personnel risks. services to ensure proper coverage and minimize duplication.
B. Developing a risk matrix. B.
C. The use of derivatives by the organization. To oversee the establishment, administration, and assessment of the
D. Identifying risks from the COSO’s enterprise risk management organization’s system of risk management processes.
framework. C.
Answer (A) is incorrect. Matters addressed in the control To follow up on whether appropriate management actions have been
environment, e.g., taken on
integrity and ethical values, human resources, and organizational significant reported risks.
structure are D.
Answer (A) is incorrect. The CAE should communicate the internal White-collar crime is usually perpetrated by outsiders to the
audit detriment of an
activity’s plans and resource requirements, including significant organization, but fraud is perpetrated by insiders to benefit the
interim changes, organization.
to senior management and to the board for review and approval. The D.
CAE also Answer (A) is correct. Fraud is defined in The IIA Glossary as “any
should communicate the impact of resource limitations. illegal act
Answer (B) is incorrect. The CAE should share information and characterized by deceit, concealment, or violation of trust. These
coordinate acts are not
activities with other internal and external providers of relevant dependent upon the threat of violence or physical force.”
assurance and Answer (B) is incorrect. Fraud may be perpetrated internally.
consulting services to ensure proper coverage and minimize Answer (C) is incorrect. Fraud may be perpetrated for the
duplication of efforts. organization’s benefit
Answer (C) is correct. Overseeing the establishment, administration, or for otherwise unselfish reasons.
and Answer (D) is incorrect. Fraud may be perpetrated by insiders and
assessment of the organization’s system of risk management outsiders, and
processes is the role it may be either beneficial or detrimental to an organization.
of senior management, not the CAE (PA 2120-1, para. 2). [379] Gleim #: 4.4.50
Answer (D) is incorrect. The CAE should establish and maintain a Which of the following wrongful acts committed by an employee
system to constitutes fraud?
monitor the disposition of results communicated to management. A. Libel.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics B. Embezzlement.
(720 questions) C. Assault.
Copyright 2013 Gleim Publications Inc. Page 203 D. Harassment.
Printed for Sanja Knezevic Answer (A) is incorrect. Defamation is the unjustifiable
[378] Gleim #: 4.4.49 communication
In the course of their work, internal auditors must be alert for fraud (publication) to a third party of a false statement that injures the
and other forms of plaintiff’s
white-collar crime. The important characteristic that distinguishes reputation and holds him/her up to hatred, contempt, or ridicule. Oral
fraud from other defamation
varieties of white-collar crime is that is slander. Defamation published in more permanent form
Fraud is characterized by deceit, concealment, or A. violation of trust. (newspaper, letter, film)
Unlike other white-collar crimes, fraud is always perpetrated against is libel.
an outside Answer (B) is correct. Fraud is defined in The IIA Glossary as “any
party. illegal act
B. characterized by deceit, concealment, or violation of trust. These
White-collar crime is usually perpetrated for the benefit of an acts are not
organization, but dependent upon the threat of violence or physical force. Frauds are
fraud benefits an individual. perpetrated by
C.
parties and organizations to obtain money, property, or services; to auditors must ascertain the extent to which management has
avoid payment established adequate
or loss of services; or to secure personal or business advantage.” criteria to determine whether objectives and goals have been
Embezzlement is accomplished. If
the intentional appropriation of property entrusted to one’s care. The adequate, internal auditors must use such criteria in their evaluation.
embezzler If inadequate,
converts property to his/her own use and conceals the theft. internal auditors must work with management to develop appropriate
Answer (C) is incorrect. The tort of assault entails placing another in evaluation
reasonable criteria” (Impl. Std. 2210.A3).
fear of a harmful or offensive bodily contact. Answer (D) is incorrect. The internal auditors also may take the
Answer (D) is incorrect. Harassment is the act of persistently actions described
annoying another. in statements I and III.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics [381] Gleim #: 4.4.52
(720 questions) A key feature that distinguishes fraud from other types of crime or
Copyright 2013 Gleim Publications Inc. Page 204 impropriety is that
Printed for Sanja Knezevic fraud always involves the
fb.com/ciaaofficial A. Violent or forceful taking of property.
[380] Gleim #: 4.4.51 B. Deceitful wrongdoing of management-level personnel.
Internal auditors need to ascertain the extent to which management C. Unlawful conversion of property that is lawfully in the custody of
has established the perpetrator.
adequate control criteria. For this purpose, which of the following D. False representation or concealment of a material fact.
actions may be Answer (A) is incorrect. Fraud usually does not involve force or
appropriate? violence.
Determining whether objectives have I. been accomplished Answer (B) is incorrect. Employees at any level in an organization
II. Using the criteria in their evaluation can commit
III. Working with management to develop appropriate control fraud.
evaluation criteria Answer (C) is incorrect. Embezzlement is the unlawful conversion of
A. I only. property
B. I and II only. that is lawfully in the custody of the perpetrator.
C. I, II, and III. Answer (D) is correct. Fraud is defined in The IIA Glossary as “any
D. II only. illegal act
Answer (A) is incorrect. The internal auditors also may take the characterized by deceit, concealment, or violation of trust. These
actions described acts are not
in statements II and III. dependent upon the threat of violence or physical force.”
Answer (B) is incorrect. The internal auditors also may take the Gleim CIA Test Prep: Part 1 - Internal Audit Basics
action described (720 questions)
in statement III. Copyright 2013 Gleim Publications Inc. Page 205
Answer (C) is correct. “Adequate criteria are needed to evaluate Printed for Sanja Knezevic
controls. Internal [382] Gleim #: 4.4.53
One factor that distinguishes fraud from other employee crimes is Answer (C) is incorrect. Planning fraud prevention activities is a
that fraud involves responsibility of
Intentional A. deception. management.
B. Personal gain for the perpetrator. Answer (D) is incorrect. Controlling fraud prevention activities is a
C. Collusion with a party outside the organization. responsibility
D. Malicious motives. of management.
Answer (A) is correct. Fraud is defined in The IIA Glossary as “any Gleim CIA Test Prep: Part 1 - Internal Audit Basics
illegal act (720 questions)
characterized by deceit, concealment, or violation of trust. These Copyright 2013 Gleim Publications Inc. Page 206
acts are not Printed for Sanja Knezevic
dependent upon the threat of violence or physical force.” fb.com/ciaaofficial
Answer (B) is incorrect. Fraud may be perpetrated for the [384] Gleim #: 4.4.55
organization’s benefit Which of the following statements is(are) true regarding the
or for otherwise unselfish reasons. prevention of fraud?
Answer (C) is incorrect. An employee may act alone. The primary means of preventing fraud is through internal control
Answer (D) is incorrect. Fraud may be perpetrated for the established and
organization’s benefit maintained by management.
or for otherwise unselfish reasons. I.
[383] Gleim #: 4.4.54 Internal auditors are responsible for assisting in the prevention of
In an organization with a separate division that is primarily fraud by
responsible for the examining and evaluating the adequacy of the internal control
prevention of fraud, the internal audit activity is responsible for system.
Examining and evaluating the adequacy and effectiveness of that II.
division’s Internal auditors should assess the operating effectiveness of fraud-
actions taken to prevent fraud. related
A. communication systems.
B. Establishing and maintaining that division’s system of internal III.
control. A. I only.
C. Planning that division’s fraud prevention activities. B. I and II only.
D. Controlling that division’s fraud prevention activities. C. II only.
Answer (A) is correct. Control is the principal means of preventing D. I, II, and III.
fraud. Answer (A) is incorrect. Internal auditors are responsible for
Management is primarily responsible for the establishment and assisting in the
maintenance of prevention of fraud by examining and evaluating the adequacy of the
control. Internal auditors are primarily responsible for preventing internal
fraud by control system, and internal auditors should assess the operating
examining and evaluating the adequacy and effectiveness of control. effectiveness of
Answer (B) is incorrect. Establishing and maintaining control is a fraud-related communication systems.
responsibility Answer (B) is incorrect. Internal auditors should assess the
of management. operating
effectiveness of fraud-related communication systems. fide signatures and cleverly forged ones on authorization forms.
Answer (C) is incorrect. The primary means of preventing fraud is D.
through Gleim CIA Test Prep: Part 1 - Internal Audit Basics
internal control established and maintained by management, and (720 questions)
internal auditors Copyright 2013 Gleim Publications Inc. Page 207
should assess the operating effectiveness of fraud-related Printed for Sanja Knezevic
communication systems. Answer (A) is incorrect. For cost-benefit reasons, controls should be
Answer (D) is correct. Control is the principal means of preventing more extensive
fraud. in high-risk areas.
Management, in turn, is primarily responsible for the establishment Answer (B) is incorrect. Even the best system of control can often
and be circumvented by
maintenance of control. Internal auditors are primarily responsible for collusion.
preventing Answer (C) is correct. Management is responsible for establishing
fraud by examining and evaluating the adequacy and effectiveness and maintaining
of control. internal control. Thus, management also is responsible for the fraud
Internal auditors also should assess the operating effectiveness of prevention
fraud-related program. The control environment element of this program includes a
communication systems and practices, and they should support code of conduct,
fraud-related ethics policy, or fraud policy to set the appropriate tone at the top.
training. Moreover,
[385] Gleim #: 4.4.56 organizations should establish effective fraud-related information and
A significant employee fraud took place shortly after an internal communication
auditing engagement. practices, for example, documentation and dissemination of policies,
The internal auditor may not have properly fulfilled the responsibility guidelines, and
for the results.
prevention of fraud by failing to note and report that Answer (D) is incorrect. Forgery, like collusion, can circumvent even
Policies, practices, and procedures to monitor activities and an effective
safeguard assets were control.
less extensive in low-risk areas than in high-risk areas. [386] Gleim #: 4.4.57
A. Internal auditors have a responsibility for helping to deter fraud.
A system of control that depended upon separation of duties could Which of the
be following best describes how this responsibility is usually met?
circumvented by collusion among three employees. By coordinating with security personnel and law enforcement
B. agencies in the
There were no written policies describing prohibited activities and the investigation of possible frauds.
action A.
required whenever violations are discovered. By testing for fraud in every engagement and following B. up as
C. appropriate.
Divisional employees had not been properly trained to distinguish C. By assisting in the design of control systems to prevent fraud.
between bona
By evaluating the adequacy and effectiveness of controls in light of responsibility of management.
the potential Answer (D) is correct. Internal auditors are responsible for assisting
exposure or risk. in the deterrence
D. of fraud by examining and evaluating the adequacy and the
Answer (A) is incorrect. Investigating possible frauds involves effectiveness of controls.
detection, not [388] Gleim #: 4.4.59
deterrence. Internal auditing is responsible for assisting in the prevention of fraud
Answer (B) is incorrect. Testing for fraud in every engagement is not by
required. Informing the appropriate authorities within the organization and
Answer (C) is incorrect. Designing control systems impairs an recommending
internal auditor’s whatever investigation is considered necessary in the circumstances
objectivity. when
Answer (D) is correct. Control is the principal means of preventing wrongdoing is suspected.
fraud. A.
Management is primarily responsible for the establishment and Establishing the organization’s governance, operations, and
maintenance of information systems
control. Internal auditors are primarily responsible for preventing concerning compliance with laws, regulations, and contracts.
fraud by B.
examining and evaluating the adequacy and effectiveness of control. Examining and evaluating the adequacy and the effectiveness of
[387] Gleim #: 4.4.58 control,
Which of the following describes one of the responsibilities of the commensurate with the extent of the potential exposure or risk in the
internal auditor for various
the deterrence of fraud in an organization? segments of the organization’s operations.
A. Implementation of systems to discourage fraud. C.
B. Prosecuting perpetrators of fraud. Determining whether operating standards are acceptable D. and are
C. Reporting suspected fraud to law enforcement personnel. being met.
D. Evaluating the adequacy of controls to prevent fraud. Answer (A) is incorrect. Informing appropriate authorities in the
Gleim CIA Test Prep: Part 1 - Internal Audit Basics organization
(720 questions) when the internal auditor suspects wrongdoing concerns the internal
Copyright 2013 Gleim Publications Inc. Page 208 auditor’s
Printed for Sanja Knezevic obligation for detecting, not preventing, fraud.
fb.com/ciaaofficial Answer (B) is incorrect. Management is responsible for establishing
Answer (A) is incorrect. Implementing systems is an operating these
function for which systems.
management is responsible. Answer (C) is correct. Internal auditors are responsible for assisting
Answer (B) is incorrect. Prosecuting perpetrators of fraud is a in the
responsibility of prevention of fraud by examining and evaluating the adequacy and
management. the
Answer (C) is incorrect. Reporting suspected fraud to law effectiveness of controls.
enforcement personnel is a
Answer (D) is incorrect. These standards are criteria to determine Answer (A) is incorrect. Establishing internal control is
whether management’s
operational objectives and goals have been accomplished. They do responsibility.
not concern Answer (B) is incorrect. Maintaining internal control is
prevention of fraud. management’s
[389] Gleim #: 4.4.60 responsibility.
The internal auditors’ responsibility regarding fraud includes all of the Answer (C) is correct. Control is the principal means of preventing
following fraud.
except Management, in turn, is primarily responsible for the establishment
A. Determining whether the control environment sets the appropriate and
tone at top. maintenance of control. Internal auditors are primarily responsible for
B. Ensuring that fraud will not occur. preventing
C. Being aware of activities in which fraud is likely to occur. fraud by examining and evaluating the adequacy and effectiveness
D. Evaluating the effectiveness of control activities. of control.
Gleim CIA Test Prep: Part 1 - Internal Audit Basics Answer (D) is incorrect. Operating authority is a management
(720 questions) function.
Copyright 2013 Gleim Publications Inc. Page 209 [391] Gleim #: 4.4.62
Printed for Sanja Knezevic An internal auditor who suspects fraud should
Answer (A) is incorrect. Internal auditing is responsible for A. Determine that a loss has been incurred.
evaluating the B. Interview those who have been involved in the control of assets.
organization’s control environment. C. Identify the employees who could be implicated in the case.
Answer (B) is correct. Control is the principal means of preventing D. Recommend an investigation if appropriate.
fraud, and Answer (A) is incorrect. Determining the loss could alert the
management is responsible for establishing and maintaining internal perpetrator of the
control. Thus, fraud. The perpetrator could then destroy or compromise evidence.
internal auditors cannot give absolute assurance that noncompliance Answer (B) is incorrect. Interviewing those who have been involved
or fraud does not in the
exist. control of assets is part of the fraud investigation.
Answer (C) is incorrect. The internal auditor should have sufficient Answer (C) is incorrect. Identifying the employees who could be
knowledge of implicated in
fraud indicators and be alert to opportunities that could allow fraud. the case is part of the fraud investigation.
Answer (D) is incorrect. Assessing the design and operating Answer (D) is correct. An internal auditor’s responsibilities for
effectiveness of fraudrelated detecting fraud
controls is the responsibility of internal auditing. include evaluating fraud indicators and deciding whether any
[390] Gleim #: 4.4.61 additional action is
The internal audit activity’s responsibility for preventing fraud is to necessary or whether an investigation should be recommended.
Establish A. internal control. Gleim CIA Test Prep: Part 1 - Internal Audit Basics
B. Maintain internal control. (720 questions)
C. Evaluate the system of internal control. Copyright 2013 Gleim Publications Inc. Page 210
D. Exercise operating authority over fraud prevention activities. Printed for Sanja Knezevic
fb.com/ciaaofficial Answer (A) is incorrect. Administrative expense is 2% (US $10 ÷
[392] Gleim #: 4.4.63 $500) of
An international nonprofit organization finances medical research. current revenue.
The majority of its Answer (B) is incorrect. Purchases of supplies from fictitious
revenue and support comes from fundraising activities, investments, vendors involve
and specific risk exposures that are far smaller than those arising from
grants from an initial sponsoring corporation. The organization has inappropriate grants.
been in operation Answer (C) is correct. Grants represent 83.6% (US $418 ÷ $500) of
over 15 years and has a small internal audit department. The current
organization has just revenue. Consequently, fraudulent grants constitute a much greater
finished a major fundraising drive that raised US $500 million for the risk exposure
current fiscal than any of the other items listed.
period. Answer (D) is incorrect. The payroll clerk’s addition of ghost
The following are selected data from recent financial statements (US employees involves
dollar figures in risk exposures that are far smaller than those arising from
millions): inappropriate grants.
Current Past [393] Gleim #: 4.4.64
Year Year Internal auditors are more likely to detect fraud by
Revenue US $500 US $425 developing/strengthening their
Investments (average balances) 210 185 ability to
Medical research grants made 418 325 A. Recognize and question changes that occur in organizations.
Investment income 16 20 B. Interrogate fraud perpetrators to discover why the fraud was
Administrative expense 10 6 committed.
Auditors must always be alert for the possibility of fraud. Assume the C. Develop internal controls to prevent the occurrence of fraud.
controls over D. Document computerized operating system programs.
each risk listed below are marginal. Which of the following possible Gleim CIA Test Prep: Part 1 - Internal Audit Basics
frauds or misuses (720 questions)
of organization assets should be considered the area of greatest Copyright 2013 Gleim Publications Inc. Page 211
risk? Printed for Sanja Knezevic
The president is using company travel and entertainment funds for Answer (A) is correct. An internal auditor’s responsibilities for
activities that detecting fraud
might be considered questionable. include evaluating fraud indicators and deciding whether any
A. additional action is
Purchases of supplies are made from B. fictitious vendors. necessary or whether an investigation should be recommended.
Grants are made to organizations that might be associated with the Answer (B) is incorrect. Interrogation of fraud perpetrators occurs
president or are after detection. The
not for purposes dictated in the organization’s charter. danger signals of fraud often involve negative organizational
C. changes.
D. The payroll clerk has added ghost employees. Answer (C) is incorrect. The controls mentioned are preventive, not
detective.
Answer (D) is incorrect. Documentation of operating systems is not advisory capacity.
within the scope Answer (D) is incorrect. The internal auditor should report the matter
of internal auditing and would do little to enhance fraud detection and request
skills. funding for outside service providers only if (s)he has determined that
[394] Gleim #: 4.4.65 the
After noting some red flags, an internal auditor has an increased indicators of fraud are sufficient to recommend an investigation.
awareness that fraud [395] Gleim #: 4.4.66
may be present. Which of the following best describes the internal When an internal auditor identifies multiple factors that have been
auditor’s linked with
responsibility? possible fraudulent conditions and suspects that fraud has taken
Expand activities to determine whether an investigation A. is place, the auditor
warranted. should
Report the possibility of fraud to senior management and the board A. Immediately report to senior management and the board.
and ask them B. Immediately report to the board.
how they would like to proceed. C. Recommend an investigation.
B. D. Extend tests to determine the extent of the fraud.
Consult with external legal counsel to determine the course of action Gleim CIA Test Prep: Part 1 - Internal Audit Basics
to be taken, (720 questions)
including the approval of the proposed engagement work program to Copyright 2013 Gleim Publications Inc. Page 212
make sure it Printed for Sanja Knezevic
is acceptable on legal grounds. fb.com/ciaaofficial
C. Answer (A) is incorrect. Immediate reporting by the CAE to senior
Report the matter to the audit committee and request funding for management and
outside service the board is required only after a sufficient investigation has been
providers to help investigate the possible fraud. made to establish
D. reasonable certainty that a significant fraud has occurred. Thus,
Answer (A) is correct. An internal auditor’s responsibilities for reasonable certainty is
detecting fraud necessary before any fraud reporting is made.
include evaluating fraud indicators and deciding whether any Answer (B) is incorrect. Immediate reporting by