ACC 590 – Anderson Internal Audit Sample Exam

| November 28, 2016

ACC 590 – Anderson

Internal Audit

Sample Exam

125 points

I. (42 points – 3 points each)

This part of the exam consists of 14 multiple-choice questions. Place the letter of the response that you consider the best answer in the space indicated at the end of each question. These questions will be graded based only on the letter response. You will not receive any partial credit on this section of the test.

1. The status of the internal audit function should be free from the impact of irresponsible policy changes by management. The most effective way to make sure of that freedom is to:

a. Develop written policies and procedures to serve as standards of performance of the internal audit function.

b. Have the internal audit charter approved by both management and the board of directors.

c. Adopt the policy that the audit function follows the Standards for the Professional Practice of Internal Auditing.

d. Require that the external auditor approve any policy change by management regarding internal audit.

e. Establish an audit committee within the board of directors.

Answer ____________

2. A chief audit executive (CAE) has been requested by the audit committee to conduct an engagement at one of the company’s chemical factories as soon as possible. The engagement will include reviews of health, safety, and environmental management and processes. The CAE knows that the internal audit department does not have the necessary technical knowledge to conduct such an engagement. What should the CAE do?

a. Ask the audit committee for additional resources to obtain appropriate support from a health, safety and environmental professional for the engagement.

b. Suggest to the audit committee that the factory’s own health, safety and environmental staff conduct the engagement.

c. Begin the engagement and incorporate the necessary technical training into next year’s training program so as to be prepared for a follow-up engagement.

d. Defer the engagement and tell the audit committee that it will take six months to train internal audit staff for such an engagement.

e. Conduct the engagement but limit its scope to cover only those areas where the internal audit staff has the necessary skills.


3.In the case of an efficient system of internal control, in which quadrant would you expect to find the lowest investment in controls?


a. I

b. II

c. III

d. IV

e. The investment woudl be equal in each of the four quadrants.


4.During an audit, an employee with whom you have developed a good working relationship informs you that she has some information about top management which would be damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions would be considered inconsistent with the IIA Code of Ethics and Standards?

a. Suggest the person consider talking to legal counsel.

b. Inform the employee of other methods of communicating this type of information.

c. Inform the individual that you will attempt to keep the source of the information confidential and will look into the matter further.

d. Assure the employee that you can maintain her anonymity and listen to the information.

e. Suggest that she talk with the organization’s compliance officer.


5. Which of the following is an element of sampling risk?

a. Selecting and audit procedure that is inconsistent with the audit objective.

b. Failing to perform audit procedures that are required by the sampling plan.

c. Forgetting to apply the finite correction factor in deterring sample size.

d. Failing to detect an error on a document that has been inspected by an auditor.

e. Concluding that internal controls are not effective when in fact they are effective based on a sample that had multiple cases of control failure.


6. Which of the following would typically be part of the agenda for an opening meeting?

I. Discussion of business objectives, risks and key processes

II. Review of the audit process and timeline

III. Review of audit objectives and scope

IV. Presentation by auditee of how they have addressed findings from the last audit.

a. I and III only.

b. II and IV only.

c. II and III only

d. I, II, and III only

e. I, II, III, and IV.


7. According to the COSO control framework, a precondition to risk assessment is:

a. Establishing control procedures or activities.

b. Establishing a monitoring mechanism.

c. Establishing an internal audit function.

d. Establishing objectives or goals.

e. Establishing performance measures.


Use the following information to answer questions 8 and 9.

An internal auditing department plans to begin an audit of manufacturing operations in the Automotive Products Division. The audit objectives are to: (1) evaluate the quality of performance in carrying out assigned responsibilities, (2) determine whether all legal and regulatory requirements concerning employee safety are being properly implemented, and (3) determine whether fixed assets employed in manufacturing are properly reflected in the accounting records.

8. In meeting objective (2), which of the following audit approaches is likely to be most effective?

a. Interviewing members of the executive management team to determine their commitment to employee safety.

b. Reviewing accident reports.

c. Examining documentation concerning the design of the relevant systems and observing operations for compliance.

d. Requesting an inspection by government regulators.

e. Interview a sample of assembly line workers from each shift regarding their concerns.


9. In meeting objective (3), which of the following audit approaches is likely to be most effective?

a. Inspecting fixed assets used in the manufacturing process and tracing to the asset subsidiary ledger.

b. Selecting items from asset subsidiary ledger and recalculating depreciation.

c. Interviewing members of the accounting department.

d. Examining documentation concerning the cost of fixed assets used in the manufacturing process.

e. Scanning the asset subsidiary ledger for credit entries.


10. The possibility of a maliciously virus overwhelming an information system and denying services legitimate users is an example of:

a. Availability risk.

b. Access risk.

c. Confidentiality risk.

d. Deployment risk


11. Which of the following actions taken by the CAE of a large company would not be considered to violatethe IIA’s Code of Ethics?

a. The CAE decides to delay the audit of a branch so that his daughter-in-law, the branch manager, will have time to “clean things up.”

b. In order to save company resources, the CAE cancels all staff training for the next two years on the basis that all staff are too new to benefit from training.

c. The CAE buys a significant amount of stock in a public company that is a competitor.

d. In order to save company resources, the CAE limits the audit of foreign branches to confirmations from branch managers that no major personnel changes have occurred.

e. The CAE provides information about company operations to his father who is a stockholder.


12. Audit report content and format may vary; but according to The International Standards of Professional Practice of Internal Auditing which of the following is a necessary element?

a. Status of findings from prior reports.

b. The auditee’s views about the engagement’s conclusions.

c. Statement of what was cover in the engagement.

d. Documentation of previous oral communications with area management.

e. Related activities not examined in the engagement.


13. The COO has requested the internal audit group advise her regarding the new incentive plan being developed for sales representatives. Which of the following tasks should the CAE decline with respect to providing advice to the COO?

a. Determining how to best document the support for amounts paid to provide a sufficient audit trail.

b. Researching and benchmarking incentive plans provided by other companies in the industry.

c. Identify what new risks the incentive plan introduces to the organization.

d. Recommending monitoring procedures so that appropriate amounts are paid out under the plan.

e. Determining the appropriate bonus formula for inclusion in the plan.


14. Which of the following is one of the seven elements that need to be present for an organization to have an effective compliance program?

a. The organization has an enterprise risk management system in place.

b. The organization has an audit committee.

c. The CEO and CFO must sign the organization’s Code of Ethical Conduct.

d. Standards are consistently enforced through appropriate discipline, including discipline of individuals responsible for failure to detect offense.

e. The organization has a person appointed as General Counsel for the organization.


II. (10 points)

A company comprises a chain of 94 restaurants. All food orders for each restaurant are required to be entered into an electronic device which records each food order by food server and transmits the order to the kitchen for preparation. Food servers are responsible for collecting payment for all their orders and must turn in the proceeds collected (cash, checks, and credit card receipts) at the end of their shift, which should equal the total sales value of food ordered for their ID number. The manager then reconciles the payments received for the day with the computerized record of food orders generated. All differences are investigated immediately by the restaurant manager or assistant manager. At the end of each day the cash and checks, less a standard amount of cash kept for use the next day, are deposited in a corporate bank account. Credit card receipts are directly credited to the corporate bank account by the credit card provider.

Corporate headquarters wants to establish a monitoring activity to determine if each individual restaurant is recording all its revenues and transmitting the applicable funds to corporate headquarters.

(A) What are monitoring activities?

(B) Design a monitoring activity that would achieve this assurance objective.

III. (26 points)

Your CPA firm has been contracted by the State to serve as the internal audit function for The State Board for Educator Certification. The certification board is organized into four broad areas: educator preparation, assessment and accountability, certification, and professional discipline which includes investigations and enforcement.

Educator preparation. In the area of educator preparation, the certification board works primarily with entities preparing educators for state certification. The work includes guidance in program development, approval, and implementation. The board currently serves 70 universities, 16 community colleges, and 30 alternative teacher certification programs. The board also advises entities interested in initiating educator preparation programs. The certification board is involved in reviewing program approval procedures to streamline the process while maintaining the integrity of program review.

Assessment and accountability. State law requires that individuals pass examinations in the areas in which they seek certification. The certification board manages the development and administration of the Examination for the Certification of Educators (ExCE), State Examinations for Master Teachers (SEMaT), State Examinations of Educator Standards (SEES), State Oral Proficiency Test (SOPT), and State Assessment of Sign Communication (SASC) and (SASC-ASL) testing programs. Individuals typically take the SEES Pedagogy & Professional Responsibilities test and additional tests in the academic disciplines in which they seek certification after completing a program of preparation for the specific certificate(s). These tests assess the prospective educator’s knowledge of academic content and teaching, including understanding of learners. Test development and review of current tests is ongoing. Passing standards are reviewed periodically and recommendations from these reviews are presented to the Board. The Board sets the minimum score required to pass each certification test. Assessment professionals work with school district and educator preparation program staff to identify committee members for these activities.

The certification board monitors the quality of educator preparation at university and alternative certification programs through the Accountability System for Educator Preparation (ASEP). The certification board uses assessment data (SEES, ExCE, SEMaT, SOPT, SASC, and SASC-ASL) and the subsequent performance of beginning teachers to determine program quality and issue annual accreditation reports according to minimum acceptable performance levels established by the Board.

Certification. The certification board is responsible for ensuring that educators are qualified to serve in the State public school system through the following:

§ Issuing educator credentials to applicants who have completed the appropriate degree and have a standard credential from another state or another country,

§ Issuing educator credentials to applicants who have completed requirements for certification at a State educator preparation program,

§ Certifying applicants adding certification based on completion of the appropriate examination(s).

§ Issuing educator credentials to educational aides,

§ Issuing emergency and nonrenewable permits to school districts and reviewing and approving hardship permits,

§ Analyzing and disseminating data on certificate and permit activity.

§ Coordinating applicant criminal investigations, and

§ Advising school district staff on assignment criteria for hiring appropriately certified individuals.

Professional discipline. The certification board ensures that State educators meet the highest standards of professionalism and ethical behavior. Through its enforcement of disciplinary rules and the Educators’ Code of Ethics, the board investigates allegations of educator misconduct to guarantee the safety and well-being of the State school children and fellow educators. When determining whether sanctions against a certificate are warranted, the board conducts a thorough investigation and provides the educator an opportunity to be heard. Cases which are not resolved informally through agreed orders may result in informal hearings before the State Office of Administrative Hearings (SOAH).

Your firm uses a business process approach to internal auditing.

A. Identify five functions/processes involved in achieving the mission of The State Board for Educator Certification.







B. Prepare a Process Priority Map (importance versus inherent risk) and position each of the five functions/processes on the map.

.0/msohtmlclip1/01/clip_image004.gif” alt=”Description: process prioirty map”>

C. Identify which of the functions/processes you consider most critical. Explain your reasoning.

D. Identify three risks to the function/process identified as most critical in C above. Rank the three risks (1 = highest). For each risk, identify a key control activity that could be implemented to mitigate the risk.

Risk Statement

Risk Rank

Potential Key Control Activity

IV. (10 points)

(a) What is internal audits role in the organization’s ethics and compliance program?

(b) What is the board’s role in the organization’s ethics and compliance program?

V. (12 points)

AFR Company’s internal audit function recently completed an audit of the Company’s various employee benefit plans. The internal auditors’ working papers contain the following audit observation:

Savings Plan Contributions Made to Ineligible Employees’ Accounts

AFR Company has an employee savings plan that provides a matching contribution to participating employees’ savings accounts. When an employee stops participating in the plan, the Company suspends matching contributions. During the internal audit function’s examination of the plan, we found that the Company was still making contributions to the accounts of a number of employees who had ceased to participate. No one in the human resources department or in payroll has the specific responsibility of updating the contribution matching database when an employee leaves the Company or drops out of the program or for periodically checking to see that appropriate levels of matching contributions have been made. More than $85,000 had been contributed to such accounts. Management now is trying to recover erroneous company contributions.

A.Complete the following observation development form base on the information presented above.





B. Given this information, develop a recommendation to address the observation.

VI. (10 points)

A. Define inherent risk and residual risk.

Inherent risk –

Residual risk –

B. Which of the two types of risk would have a greater impact on the annual internal audit plan?

VII (15 points)

You are conducting an audit of the effectiveness of MittRyan Corporation’s control of manually approving all purchases over $25,000. During the year MittRyan has made 1,300,000 purchases, of which 3,000 were over $25,000. You consider this a key control in terms of financial reporting so you assess tolerable deviation rate as low. You also consider the expect error rate to be very low, but given this is a manual process there is likely to be some errors so you set the rate at 1%. Payment for purchases requires a complete voucher packet consisting of the purchase order, receiving report, approved vendor number, and invoice. Voucher packets are stored electronically and filed by purchase order number. The file contains the purchase order number, electronic approval if under $25,000, receiving report number, invoice number and dollar amount of purchase. Manually approved purchases are included in the file with the purchase order number. Hardcopy of the manually approved purchase orders with the signature authorizing purchase are stored by purchase order number in a file cabinet in the purchasing department.

(a) To test this control, identify the population from which you should select a sample to test this control.

(b) For a given sample unit in this population, what would be an “error”?

(c) You set the confidence level at 95% and a tolerable deviation rate at 3%. What is the initial sample size you would use for this test? (Tables on following pages).

(d) Assume your sample size was 60, briefly describe how you would select a random sample for testing this control.

(e) Assume you took a sample of 150 and found 3 errors. State your conclusion in proper form.



Get a 30 % discount on an order above $ 100
Use the following coupon code:
Order your essay today and save 30% with the discount code: RESEARCHOrder Now
Positive SSL