Prof Elec 3 OPERATIONS AUDITING FULL
Prof Elec 3 OPERATIONS AUDITING FULL
Prof Elec 3 OPERATIONS AUDITING FULL
OPERATIONS AUDITING
OPERATIONS AUDITING
Topic 1. Operations Auditing
Learning Objectives
After successful completion of this module, the learner should be able to:
1. Define the operations auditing.
2. Understand the characteristics of operations auditing.
3. Know the objectives and phases of operations auditing.
OVERVIEW
Operational auditing is a type of audit service in which the focus is primarily on important
processes, procedures, systems, and internal controls, with the primary goal of increasing
productivity, efficiency, and effectiveness of the operation. This form of audit differs significantly
from an internal audit, which examines the adequacy of controls and assesses the fairness of the
financial statement presentation. Operational auditing can employ financial data, but the major
sources of proof are operational policies and accomplishments related to the organization's goals.
Discussions
I. Definition and Characteristics
Operational auditing is defined as “A future-oriented, systematic, and independent
evaluation of organizational activities. Financial data may be used, but the primary sources of
evidence are the operational policies and achievements related to organizational objectives.
Internal controls and efficiencies may be evaluated during this type of review.”
Operational audits are usually conducted by the internal audit staff, though specialists can
be hired to conduct reviews in their areas of expertise. The primary users of the audit
recommendations are the management team, and especially the managers of those areas that have
been reviewed.
An operational audit is a means of analyzing how a company runs its operations. It
necessitates an examination of the company's processes, procedures, and systems. This sort of
audit evaluates the organization's management procedures in addition to its financial situation. An
operational audit seeks to identify areas where the organization's operations might be made more
efficient, productive, and effective.
Operational audits are a forward looking process, and are part of many organizations’ ongoing
business improvement process toolkit. The findings of operational audits are intended to diagnose
which areas need attention and to safeguard assets by averting potential future risks. The
Operational Auditing Handbook borrows The Institute of Internal Auditors’ (IIA) definition of an
operational audit: “A systematic process of evaluating an organization's effectiveness, efficiency
and economy of operations under management's control and reporting to appropriate persons the
results of the evaluation along with recommendations for improvement.” While an audit is
usually associated with financial matters, operational audits are more comprehensive and go
beyond financial data (although that type of reporting is often included). The primary information
sources are policies and achievements related to the objectives of the organization.
Operational audits are a ‘deep dive’ into every facet of management. As a result, start-to-finish
time frames can vary from a few weeks to many months, depending on scope, complexity, and
size of the organization, and whether the audit is for the entire entity or a particular business unit.
Unlike financial audits, which are conducted by external entities, operational audits are often
carried out by an internal auditor.
they are all legitimate, they have been recorded in the correct amount, and posted during
the correct period. Similarly, unusually high or low, or otherwise questionable expenses,
are likely to result in the request for a thorough review.
Auditing Principles
• Integrity: Withstand pressures that may be exerted and take care to comply with any legal
requirements.
• Fair Presentation: Present all results fairly and report significant concerns.
• Due Professional Care: Use diligence, due care, and reasoned judgments in every
situation.
• Confidentiality: Keep information secure, and protect confidential or sensitive
information.
• Independence: Maintain impartiality and keep actions and reporting bias-free.
• Evidence-Based: Depend on a fact-based approach to reach reliable conclusions.
1. The type of audit that looks beyond the organization's financial circumstances and
examines its management practices.
a. investigative Audits
b. Operational Audit
c. Compliance audit
d. Financial audit
2. Inefficiencies, waste, rework, or complaints from customers and vendors may trigger
management involvement, resulting in their request to have the matter reviewed by internal
audit.
a. Poor performance
b. Anomalous revenues or expenses
c. New rules
d. Compliance issues
3. An auditing principle which maintain impartiality and keep actions and reporting bias-free.
a. Due professional care
b. Evidence-based
c. Integrity
d. Independence
4. Once the audit is planned, fieldwork is executed by the Internal Audit staff. Clients are kept
informed of the audit process through regular status meetings. We discuss audit
observations, potential findings, and recommendations with the client as they are identified.
a. Reporting Phase
b. Selection Phase
c. Execution Phase
d. Follow-up
6. These can be the result of internal quality control initiatives that identify anomalies.
a. Efficiency
b. Compliance issues
c. Effectiveness
d. New rules
8. A phase of audit process where the Internal Audit staff gather relevant background
information and initiate contact with the client.
a. Selection Phase
b. Execution Phase
c. Reporting Phase
d. Planning Phase
9. Different departments or divisions may run a periodic analysis to assess the adequacy of
controls, how well assets are safeguarded, how resources are used, and if there is
compliance with applicable laws.
a. Department reviews
b. Follow-up
c. Financial reviews
d. Marketing reviews
Learning Objectives
After successful completion of this module, the learner should be able to:
1. To have a clear understanding of the Audit Process
2. To know the definition of different Auditing terms.
3. To have an idea of the objectives of an Audit
OVERVIEW
An audit is defined as an official inspection of an organization’s accounts, typically by an
independent body. Many companies in the Philippines are likely to require an audit but are unsure
what an audit is and when is it needed. Thus, the Audit Process is divided into four phases, namely:
audit engagement planning, audit execution, audit reporting, and audit follow-up.
This flow of processes is to verify that all company are aligned with their strategic vision
and that they deliver the value that internal customers need, and external ones want. It also
evaluates the operational efficiency of processes and verify that the process chain provides
protection for company assets.
This audit process is applicable for both management and operations audit. For each phase,
there are specific criterial to ensure a successful audit engagement.
I. Definition
According to Salosagcol et al., the audit process is the sequence of different activities
involve in an audit. It is a set of actions and procedures to control an organization as it aim to test
and prove that processes are being conducted effectively and followed due to control mechanisms.
Moreover, it also aim to detect opportunities for improvement in the audit process. Salosagcol also
stated in his book of Auditing Theory that the emphasis and order of certain activities may vary
depending upon a particular audit, but these processes would basically include activities such as:
• Accepting an Engagement
• Audit Planning
• Considering the Internal Control
• Performing Substantive Test
• Completing the Audit
• Issuing a Report
Steps:
2. Audit Execution
Steps:
a. Entry conference – it sets the tone for the audit. Entry Conference is done to discuss the focus,
requirements, and timelines of the audit, as well as to obtain the audited entity’s views and
expectations for the overall framework for the conduct of the audit. Matters arising from the
entry conference must be recorded (as entry conference notes) and should be considered during
the conduct of the engagement planning
b. Conduct compliance audit – It is the evaluation of the extent or degree of compliance with
laws, regulations, managerial policies, and operating processes in the agency, including
compliance with accountability measures, ethical standards, and contractual obligations.
c. Conduct system / process audit – This process audit involves the following:
o documentation of the process or system under audit
o identification of the control procedures
o verification and validation on whether such control procedures are complied with and
are working effectively
d. Exit conference - The purpose of exit conference is to discuss the highlights of the audit
findings with the auditee and/or the responsible official who has sufficient knowledge about
the audit area. It provides an opportunity to get the auditee’s comments or management
comments and insights about the significant audit issues as a way of validating the findings
3. Audit Reporting
Audit reporting represents the culmination of the audit execution and the associated analysis
and considerations made during the audit. The audit report sets out the findings in appropriate
format and provides the pieces of evidence gathered to arrive at the audit findings and the
recommendations.
Steps:
a. Develop audit findings – Audit findings can be developed by analyzing the pieces of evidence
gathered for each of the audit elements. They should align with the audit objectives and be rational
and based on specific standards and criteria. Also, compare the conditions with the audit criteria,
and determine the causes
Note: Audit findings on probable cause of illegality of a transaction
constitute a violation of law while irregularity constitutes a violation of regulations.
b. Develop audit recommendations –
o Management / Legal remedies to avoid occurrence
o Provide courses of action as the basis for improving internal controls
o Should:
✓ Be clear
✓ Be based on science of facts, conditions, and evidence
✓ Consist of practicable, incontestable, and workable solutions that can stand
alone and address the issue(s) at hand
c. Prepare draft audit report - Prepared by laying out and analyzing the pieces of evidence gathered
to arrive at preliminary audit findings and recommendations.
d. Update the GM - The GM should be updated on the results of the audit engagement
e. Prepare the final audit report - The draft report may then be finalized integrating the following as
parts of the final report:
i. Table of Contents
ii. Executive Summary
iii. Detailed Audit Findings
iv. Management Comments and Team’s Rejoinder
v. Monitoring and Feedback on Prior Year’s Recommendations
vi. Recommendations
vii. Appendices.
Note: The final audit report should be presented to the GM who decides on the
distribution of the audit report based on the recommendation of the ICS
4. Audit Follow-up
A monitoring and feedback activity undertaken to ensure the extent and adequacy of preventive
/ corrective actions taken by the Management to address the inadequacies identified during the
audit. It aims to increase the probability that recommendations will be implemented.
Purposes:
Steps:
c. Prepare audit follow-up report - Results of the audit follow-up should be recorded
and reported to apprise the GM of the status of actions on the approved
recommendations. - The reasons for the lack of action or non-completion of action
on any recommendation should be documented and further action considered on
significant recommendations that have not been acted upon.
Assessments
1. It is the most important part of the audit. It entails familiarization with the objectives,
processes, risks and controls of the auditee and activity to be audited and develop a strategy
and approach in conducting the audit.
a. Audit Follow up
b. Audit Reporting
c. Audit Document
d. Audit Engagement Planning
2. The purpose of this is to discuss the highlights of the audit findings with the auditee and/or
the responsible official who has sufficient knowledge about the audit area.
a. Exit Conference
b. Opening Remarks
c. Entry Conference
d. Audit Reporting
3. True or False: The final audit report should be presented to the GM who decides on the
distribution of the audit report based on the recommendation of the CIS
a. True
b. False
4. A monitoring and feedback activity undertaken to ensure the extent and adequacy of
preventive / corrective actions taken by the Management to address the inadequacies identified
during the audit.
a. Entry Conference
b. Audit Reporting
c. Audit Follow up
d. Audit Consideration
8. It represents the culmination of the audit execution and the associated analysis and
considerations made during the audit.
a. Audit Reporting
b. Audit Process
c. Audit Follow up
d. Audit System
10. True or False: Audit findings on possible cause of illegality of a transaction constitute a
violation of law while irregularity constitutes a violation of regulations.
a. True
b. False
OPERATIONS AUDITING
Topic 3. Project Management
Learning Objectives
OVERVIEW
The goal of project management is to create an end result that will bring about change for
the benefit of the company that initiated the project. It is the beginning, planning, and execution
of a variety of tasks necessary to deliver this final result. Projects that require formal management
are those that:
• produce something new or altered, tangible or intangible;
• have a finite timeframe: a definite start and end;
• are likely to be complex in terms of work or groups engaged;
• require the management of change;
• require the management of risks.
The benefits of investing in competent project management include:
• increasing the possibility of obtaining the desired result;
• guaranteeing efficient and best value resource use; and
• meeting the diverse needs of the project's stakeholders.
A project management audit is a bit different than the general definition of audit. The audit
process is intended to determine the status of work completed on a project in order to ensure that
it corresponds with the statement of work, which includes the project's scope, time, and budget, as
well as the maturity of the project management process.
I. Definition
The Project Management Institute define project management as “the application of
knowledge, tools, skills and techniques to project activities to meet the project requirements.”
Project management is the discipline of planning, organizing, and controlling resources to
achieve specific goals. A project is a temporary endeavor with a defined beginning and end
(usually time-constrained, and often constrained by funding or deliverables), undertaken to meet
unique goals and objectives.
The goal of project management is to help you keep track of your audit. However, our
audits' original scope and details frequently change. We lose control if our project management
plan does not alter at the same time.
Auditors need to be effective (by complying with professional standards), but we also need
to be efficient (if we want to make money). And project management creates efficiency. Managing
resources, identifying impediments to audit processes, responding to scope creep–these are just a
few of the issues that we encounter. And these problems have the potential to boost engagement
time while lowering revenues. Worse, that promise of rapid completion may not be kept.
So, what are the keys to using project management in audits?
• Audit team members
• Project management software
• Create a project management plan.
• Be aware.
• Be vigilant.
• Who
First, let’s start with who will perform the actions.
An audit team usually consists of a partner, an in-charge, and one or two staff members. Your
initial decision, regardless of team size, is "who will work on the engagement?" As previously
said, this is the most important aspect of completing your audit. However, keep in mind that an
audit involves not only your team members, but also clients. You can't audit unless they provide
you information, answer your queries, and let you look at their records. You might also consult
with experts or lawyers. Members of your audit team, client workers, and anyone who have access
to your project management software.
• What
Second, determine what needs to be done. It is the development of our audit plan.
The audit plan is our response to risk assessment which is performed early in the engagement.
Once we perform walkthroughs, make inquiries, inspect documents, and make observations, we
become aware of risks. And in response, we create an audit plan to address those risks. Now we
know what needs to be done. The audit plan feeds the project management plan.
Notice the risk assessment process and audit plan informs the project management plan. Notice
also that the project management plan is not the same as the audit plan; they are distinctly different.
One addresses risk and the other addresses the how, when, and who of getting things done.
Some audit tasks are performed in every audit, regardless of the audit risks, such as obtaining
a signed representation letter. These tasks can be set up in a project management template which
can be used to create your initial project management plan. Then you can add the client-specific
tasks as needed.
• When
Thirdly, we need to specify a date for each action.
Project management software allows you to specify when an action is to occur. You may
wonder, “How do I know when each action will occur?” You may not know precisely, but you
have an idea. So, go ahead and specify a date. If later you need to change that date, you can. There
is no sin in amending the plan.
Now that I have a project management plan, I need to be aware and vigilant to keep the plan
on track.
1. Productivity
This metric looks at overall capabilities of a company—how well it uses its resources. Productivity
shows the relationship between inputs and outputs. How much are you getting out after all that
you put into a project? The ideal productivity outcome is creating more for less.
The higher the margin, the better the business is doing. Any program or work performed should
contribute to the financial profit of a business. Margin is the percentage of each dollar earned after
costs have been subtracted.
4. Earned Value
Earned value provides strategic guidance by showing how much value you have earned from the
money spent to date on a project. It compares the value of the work completed by a specific date
in relation to the approved budget for the project.
Earned value is also called Budgeted Cost of Work Performed (BCWP). This metric provides a
reality check during the process of a project.
5. Customer Satisfaction
A customer satisfaction score provides a measure of quality for your service or product. Customer
survey data results guide this metric. The Center for Business Practices outlines this as a score on
a scale from one to 100. The product or service should do what it was meant to do and satisfy real
customer needs.
Each company can develop a score unique to its business by weighing each variable based on its
importance. Variables may include customer survey results, revenue generated from clients, repeat
or lost clients, and complaints.
The Customer Satisfaction Index (CSI) is the most widely used system for measuring customer
satisfaction. The Net Promoter Score (NPS) is another method to capture customer satisfaction.
NPS reveals customer loyalty by probing the likelihood of a customer recommending the product
or service.
Customer Satisfaction Score = (Total Survey Point Score / Total Questions) x 100
A satisfied employee creates better work more efficiently. The high costs of employee turnover—
totaling 50% to 200% of an employee’s salary—should be motive enough to pay attention to the
people closest to the project.
The Gallup Q12 Employee Engagement Survey is a popular tool to collect employee data. An
Employee Satisfaction Index (ESI) processes results into an index score.
Employee Satisfaction Score = (Total Survey Point Score / Total Questions) x 100
7. Actual Cost
The Actual Cost is a simple number that shows how much money is spent on a project—not an
estimate. This cost is determined by adding up all the expenses for a specific project over
the timeline.
Actual Cost (AC) = Total Costs per Time Period x Time Period
8. Cost Variance
Cost variance shows the difference between the planned budget and actual costs within a specific
timeframe. Is the estimate above or below the actual costs? A project is over budget if the cost
variance is negative. A positive cost variance shows a project is under budget.
9. Schedule Variance
Schedule variance looks at budgeted and scheduled work. Is the project running ahead or behind
of the planned budget?
The schedule variance is the budgeted cost of work performed minus the budgeted cost of work
scheduled—the difference between work scheduled and completed. A negative schedule variance
means the project is behind schedule.
Schedule Variance (SV) = Budgeted Cost of Work Performed – Budgeted Cost of Work
Scheduled
2. The audit process is designed to determine the status of work performed on a project to
ensure it complies with the statement of work, such as the scope, time and budget of the
project, along with the maturity of the project management process.
a. Project Management plan
b. Project Management audit
c. Project Management
d. Financial Audit
3. At this point, you’ll have lots of data; so take these findings about improvements and faults,
and put them in an executive summary to give a clear and broad overview.
a. Present the results
b. Plan the audit
c. Summarize the audit
d. Conduct the audit
4. Provides strategic guidance by showing how much value you have earned from the money
spent to date on a project. It compares the value of the work completed by a specific date
in relation to the approved budget for the project.
a. Schedule variance
b. Cost performance
c. Earned value
d. Employee satisfaction score
5. Specifically looks at the dollar amount earned for the amount invested in a project.
a. Productivity
b. Gross profit margin
c. Cost value
d. Return on investment
6. Another method to capture customer satisfaction. This reveals customer loyalty by probing
the likelihood of a customer recommending the product or service.
a. Customer satisfaction index
b. Net promoter score
c. Employee engagement survey
d. Cost performance index
7. This cost is determined by adding up all the expenses for a specific project over
the timeline.
a. Cost Variance
b. Schedule Variance
c. Productivity
d. Actual cost
8. Used for project planning, scheduling, resource allocation and change management. It
allows project managers (PMs), stakeholders and users to control costs and manage
budgeting, quality management and documentation and also may be used as an
administration system.
a. Project management plan
b. Project management software
c. Project management audit
d. Audit plan
9. The budgeted cost of work performed minus the budgeted cost of work scheduled—the
difference between works scheduled and completed.
a. Schedule Variance
b. Cost Variance
c. Cost Performance
d. Actual cost
10. This shows the relationship between inputs and outputs. How much are you getting out
after all that you put into a project?
a. Productivity
b. Effectiveness
c. Efficiency
d. Performance
ANSWER KEY
Operations Auditing
1. B
2. A
3. D
4. C
5. D
6. B
7. D
8. D
9. A
10. B
Audit Process
1. D
2. A
3. B
4. C
5. D
6. B
7. B
8. A
9. B
10. B
Project Management
1. A
2. B
3. C
4. C
5. D
6. B
7. D
8. B
9. A
10. A
QUESTION AND ANSWER
1
#1
1. Operational audits are primarily concerned with whether an organization follows
appropriate lawsand regulations. Answer: FALSE
2. Auditing is the process of attesting to assertions about economic actions and events.
Answer: TRUE
3. An effective tool of managerial control is the internal audit, or, as it is now coming
to be called, theoperational audit. Answer: TRUE
4. Internal auditing is an independent, objective assurance and consulting activity
designed to add valueand improve an organization’s operations. Answer: TRUE
5. Operational auditors are auditing for the “three Es”—effectiveness, efficiency and
economy.
Answer: TRUE
6. When approaching the review of operational areas of the organization, it is important
that the auditorhas an inaccurate appreciation of the related key issues.
ANSWER:FALSE
9. Any parts of the business refer to where the audit objective is to review the
effectiveness, efficiencyand economy with which management is achieving its own
objectives.
ANSWER: TRUE
#2
1. The financial accounting process focuses on internal reporting to manage costs and
revenues.
Answer: FALSE
2. Planning and control process are a course of action, executing that action,
measuring the results,comparing actual performance with planned performance
and deciding upon corrective action. Answer: TRUE
7. The ubiquitous process which is related to those activities that exchange the
organization productsand services for cash.
A.)The Expenditure Process
B.)Accounting Process
C.)The Production/Conversion Process
D.)The Treasury Process
E.)None of The Above
ANSWER: E. None of the Above
9. Control is likely to be weaker between sections than within sections for behavioral
reasons as well.
ANSWER: TRUE
10. The internal audit activity addresses the same issues as part a process audit and
also as part of afunctional part.
ANSWER: TRUE
11. Lawrence and Lorsch showed that linking pins who share the norms of the
interfacing groups are likely to be more effective than those who are more closely
aligned to just one of the groups beinglinked. (TRUE)
12. Credit granting, processing orders and delivery and shipping are elements of the
revenue process.
(TRUE)
13. Conversion relates to the utilization and management of various resources in the
process of creatingthe goods and services to be marketed by the organization.
(TRUE)
14. Financial reporting process is based on the basic processing of transactions
reflecting economic events. (FALSE - IS NOT BASED)
15. Cash process is the gathering of data and its conversion into
information. (FALSE -INFORMATION PROCESS)
#3
1. The risk and control issues are further divided into two groups, namely key
issues and detailedissues. Answer: TRUE
2. Current Control/Measure column is used by the auditor to record a brief description
of any controlsor measures that are in place to address the issues raised in the
Risk/Control Issue column. Answer: TRUE
3. The term “exposure” in relation to risk could be defined as “an unwanted event
or outcome thatmanagement would wish to avoid”. Answer: TRUE
4. The internal auditor’s use of risk assessment can operate at three different levels of
audit planningand activity. Answer: FALSE
5. The critical contents of each SAPG are a number of risk or control issues
relevant to the specificsystem. Answer: TRUE
6. Compliance Testing Column cannot be used to record the test applied and a summary
outcome.
ANSWER: FALSE
8. Practical Level is the auditor may choose to apply risk assessment techniques to
the potential universe of the possible audit projects as a means of setting relative
priorities, and thus determinethose higher risk audit projects for inclusion into the
annual audit plan.
ANSWER: FALSE
10. Practical refers to the level of audit planning and activity, the auditor may choose to
apply risk assessment techniques to the potential universe of possible audit projects
as means of setting relative priorities, and thus determine those higher risk audit
projects for inclusion into annual audit plan. ANSWER: FALSE
11. The principal activities of an operating unit or overseas subsidiary can also be
flexibly related to anumber of individual activity or system-based SAPGs.
(TRUE)
12. The risk and control issues are further divided into two groups, namely key
issues and detailedissues. (TRUE)
13. The Current Control/Measure column is used by the auditor to record a brief
description of any controls or measures that are in place to address the issues raised
in the Risk/Control Issue column.(TRUE)
14. The Effective Yes/No column can be used to record the test applied and a summary
outcome.
(FALSE - COMPLIANCE TESTING)
15. At a operational level the auditor may choose to apply risk assessment techniques to
the potential universe of possible audit projects as a means of setting relative
priorities, and thus determine those higher risk audit projects for inclusion into the
annual audit plan.
(FALSE - TACTICAL LEVEL)
#4
1. Internal control is an integral part of enterprise risk management. Answer: TRUE
2. The board sets the direction of the organization and oversees that management
implements thedirection set. Answer: TRUE
3. Shareholders and other stakeholders exercise control from inside (internal control).
Answer: FALSE
4. In risk management the internal audit activity must assist the organization in
maintaining effective controls by evaluating their effectiveness and efficiency and by
promoting continuous improvement.Answer: FALSE
5. Corporate governance is internal and external processes, with the board between.
Answer: TRUE
6. Insurance is the outer layer of relationship between governance processes, risk
management andcontrol.
ANSWER: FALSE
7. Boards is not setting the direction of the organization and oversees that management
implements thedirection set.
ANSWER: FALSE
10. The internal audit activity must assess and make appropriate recommendations
for improving thegovernance process in its accomplishments of the following
A.)Ensuring effectiveness organizational performance management and accountability
B.)Coordinating the activities of and communicating information among the board,
external and internalauditors and management
C.)Communicating risk and control information to appropriate areas of the
organizationD.) None of the above
F.) Both A B and C
ANSWER: F. Both A, B and C
#5
1. The internal audit activity must evaluate the effectiveness and contribute to the
improvement of riskmanagement processes. Answer: TRUE
2. The internal audit activity must evaluate risk exposures relating to the
organization’s governance,operations, and information systems. Answer: TRUE
3. Enterprise risk management framework is geared to achieving an entity’s
objectives, set forth inthree categories. Answer: FALSE
4. The inherent risk is the risk that the organization is exposed to after taking account
of the active andpassive controls that, fortuitously or by design, are in place.
Answer: FALSE
5. The graphical approach is an excellent tool to use when brainstorming in workshops
about the threatsto the organization or to parts of it. Answer: TRUE
6. Strategic is the high-level goals aligned with and supporting its mission.
ANSWER: TRUE
7. Operations is an effective and efficient use of its resources.
ANSWER: TRUE
8. Major risks that organizations are exposed to may not be on top management’s radar
screen.
ANSWER: TRUE
9. The internal audit activity must not evaluate the effectiveness and contribute to the
improvement ofrisk management processes.
ANSWER: FALSE
10. Major risk that organizations are exposed may be on top management's radar screen.
ANSWER: FALSE
11. Risk is measured in terms of the degree of likelihood that the event might occur,
coupled with theprobable impact should the event occur. (TRUE)
12. Major risks in effect may be buried in the woodwork of the organization, like a
woodworm invisiblyweakening the organization. (TRUE)
13. Threats may or may not be independent of each other. (TRUE)
14. The gross risk is how much damage would probably be done to the organization
if the cash werecarelessly left lying around in full view and completely
accessible to strangers. (FALSE - INHERENT RISK)
15. The inherent risk is the risk that the organization is exposed to after taking account
of the active andpassive controls that, fortuitously or by design, are in place.
(FALSE - GROSS RISK)
#6
1. Business processes don’t need to be well controlled. Answer: FALSE
2. Internal control is the control exercised within the business by management and
overseen by theboard. Answer: TRUE
3. Fayol is the “father of management theory” and was the first to describe “control”
as a function ofmanagement along with other functions. Answer: TRUE
4. Planning—for instance, structuring the business into subdivisions and
determining reportingarrangements. Answer: FALSE
5. In order to function efficiently and successfully, an organization requires that
irrelevant informationis provided to the right people at the right time. Answer:
FALSE
6. Internal control exercised within the business by management and overseen by the
board.
ANSWER: TRUE
7. Accounting control means it comprises the plan of the organization and the
procedures and recordsthat are concerned with the safeguards of assets and the
reliability of financial records. ANSWER: TRUE
9. Planning, Organizing and Staffing are a justifiable for CASO to define internal
control broadly.Control depends on each of the other functions of management.
ANSWER: TRUE
10. Coordinating is the art of ensuring that happening occurs in harmony with each other
without whichthings will be out of control.
ANSWER: TRUE
11. Fayol is the “father of management theory”. (TRUE)
12. The control environment includes the values, ethics, culture and commitment of the
organisation andits members. (TRUE)
13. The control environment provides the discipline and structure for the achievement
of the primaryobjectives of the system of internal control. (TRUE)
14. Business and society are static entities, they are subject to all manner of changes
initiated from bothwithin and outside an entity. (FALSE - NOT STATIC)
15. Internal communication requirements will cater for both inward and outward
flows. (FALSE -EXTERNAL)
#7
1. Operational auditors are auditing for the “three Es” equity, environment and ethics.
(FALSE)
2.”Audit objectives” are synonymous with “management objectives” (FALSE)
3. Internal auditors must possess the knowledge, skills, and other competencies needed
to perform theirindividual responsibilities. (TRUE)
4. The focus of a benchmarking exercise can be varied in relation to the fundamental
justification andobjectives of the process. (TRUE)
5. Value for money auditing takes account of the three Es. (TRUE)
#8
1. There are six principal processes commonly found within organizations. (TRUE)
2. The area under review is clearly bounded and reporting lines to responsible
management are clear-cutare the two advantages of using departmental and functional
basis for defining audit reviews. (TRUE)
5. The Corporate Framework Process is the process that incorporates those activities
concerned withensuring effective and appropriate governance processes and external
accountability. (TRUE)
#9
1. The main benefit of this approach is that it should encompass all the relevant issues and aim
to provide reassurance to management on the effectiveness of the internal control measures in
place across the whole process. (TRUE)
3. In the proposed SAPG format, the critical contents of each SAPG are a number of risk or
control issues relevant to the specific system. (TRUE)
4. The risk and control issues are further divided into two groups, namely key issues and
detailed issues.
(TRUE)
8. Shareholders and other stakeholders exercise control from inside (internal control). (FALSE)
9. The costs of the internal audit activity would be regarded as one of the costs of running
the board.
(TRUE)
10. One of the Control Objectives for External Governance Processes is to ensure that the
organization ismindful of the interests of its owners and other stakeholders. (TRUE)
#10
1. It helps an organization accomplish its objectives by bringing a systematic,
disciplined approach toevaluate and improve the effectiveness of risk management, control,
and governance processes. (TRUE)
2. Two useful tools to apply in risk management- first, the risk matrix and secondly, the
risk register.
(TRUE)
3. An individual risk may be plotted graphically using a graph, sometimes known as a risk
map or matrix.
(TRUE)
4. The “Control Environment” component under the 2002 internal control framework is
now termed the“Internal Environment”. (TRUE)
5. This enterprise risk management framework is geared to achieving an entity’s objectives,
set forth in fourcategories: strategic, operations, reporting and compliance. (TRUE)
6. Internal control” is the control exercised outside the business by management and overseen by
the board.
(FALSE)
7. There is no control without: planning, organizing, directing and leading, staffing and co-
ordinating.
(TRUE)
8. COSO defines internal control as being all aspects of all processes that give reasonable
assurance of theachievement of all, not just some, of the organizational objectives. (TRUE)
9. Internal control is achieved by means of five essential components of internal control that
must be inplace and must be functioning well. (TRUE)
10. In any organization of people, the essence of control is purpose, commitment, capability,
and monitoringand learning. (TRUE)
#11
TRUE 1. Auditors of operations should keep firmly in their mind the objectives of
management for theoperations being audited.
TRUE 2. Equity is the avoidance of discrimination and unfairness; acceptance and
promotion of diversity.
TRUE 3. Ethics is the legal and moral conduct by management and staff.
FALSE 4. Ethics is the acting in an environmentally responsible way. Answer: environment
FALSE 5. Value for money (VFM) can be defined simply as a comparison of one’s own
performance in a specific area with that applied by others in compatible circumstances.
-----------
--------------------
TRUE 1. SAPGs are intended for use during management and audit reviews of
activities within anorganization.
TRUE 2. The critical contents of each SAPG are a number of risk or control issues
relevant to the specificsystem.
TRUE 3. The risk and control issues are further divided into two groups, namely key
issues and detailedissues.
FALSE 4. The term “risk” could be defined as “an unwanted event or outcome that
management wouldwish to avoid.” Answer: Exposure
FALSE 5. WP Ref. column is used by the auditor to record a brief description of any controls or
measuresthat are in place to address the issues raised in the Risk/Control Issue column.
Answer: Current
-------------------------
TRUE 1. The internal audit activity must assess and make appropriate recommendations
for improving thegovernance process in its accomplishment by promoting appropriate ethics
and values within the organization.
TRUE 2. The external auditors belong to the external aspects of corporate
governance since externalauditors’ report to the external shareholders.
TRUE 3. One of the Control Objectives for Internal Governance Processes is to promote
appropriate ethicsand values within the organisation.
TRUE 4. One of Control Objectives for External Governance Processes is to ensure that the
organisation’saccountability to its stakeholders is transparent.
FALSE 5. The board is clearly not an important governance process.
---------------------------
FALSE 1. This enterprise risk management framework is geared to achieving an entity’s
objectives, setforth in four categories: Strategic, Operations, Reporting, and Complaint.
Answer: Complaint -> Compliance.
FALSE 2. Operations is the high-level goals, aligned with and supporting its mission.
Answer: Strategic.
TRUE 3. Operations is the effective and efficient use of its resources.
TRUE 4. The two useful tools to apply in risk management are: risk matrix and
risk register. TRUE 5. Risk is usually defined as the possibility that an event
will occur and adversely affect theachievement of objectives.
--------------------------
TRUE 1. Fayol was the first to describe “control” as a function of management along with
other functionswhich he set out as being planning, organising, commanding, coordinating,
controlling.
TRUE 2. Accounting control comprises the plan of the organisation and the procedures
and records thatare concerned with the safeguards of assets and the reliability of financial
records.
FALSE 3. Risk response is an essential component of internal control as we need to assess
where the risksare greatest in order to focus our scarce resources in those areas. Answer:
Risk Assessment
FALSE 4. Internal communication requirements will cater for both inward and outward flows.
Answer:External communication
FALSE 5. The term “external” is used to refer to what happens within a system, and
“internal” if the variable enters from outside the system boundary, or exits to beyond the
system boundary. Answer: Internal,external
--------------------------------
#12
1. Broadly defined, the subject matter of any audit consists of
a. Financial statements
b. Economic data
c. Assertions
d. Operating data
6. The auditor communicates the results of his or her work through the medium if the
a. Engagement letter
b. Audit report
c. Management letter
d. Financial statement
10. Which of the following has the primary responsibility for the fairness of the
representations made in the financial statements?
a. Client’s management
b. Audit Committee
c. Independent auditor
d. Board of Accountancy
11. An audit of the financial statements of KIA Corporation is being conducted by an external
auditor. The external auditor is expected to
a. express an opinion as to the fairness of KIA’s financial statements.
b. express an opinion as to the attractiveness of KIA for investment
purposes.
c. certify the correctness of KIA’s Financial Statements.
d. examine all evidence supporting KIA’s financial statements.
12. Which of the following statements about independent financial statements audit is correct?
a. The audit of financial statements relieves management of its
responsibilities for the financial statement
b. An audit is designed to provide limited assurance that the financial
statements taken as a whole are free from material misstatement
c. The procedures required to conduct an audit in accordance with PSAs
should be determined by the client who engaged the services of the auditor.
d. The auditor’s opinion is not an assurance as to the future viability of the entity as
well as the effectiveness and efficiency with which management has conducted the
affairs of the entity.
13. The reason an independent auditor gathers evidence is to
a. Form an opinion on the financial statements
b. Detect fraud
c. Evaluate management
d. Evaluate internal controls
14. An attitude that includes a questioning mind and critical assessment of audit evidence
is referred to as
a. Due professional care
b. Professional skepticism
c. Reasonable assurance
d. Supervision
15. Jack has been retained as auditor of EVC Company. The function of Jack’s opinion on
financial statements of EVC Company is to
a. Improve financial decisions of company management
b. Lend Credibility to management’s representation
c. Detect fraud and abuse in management operations
d. Serve requirements of BIR, SEC, or Central Bank
17. Which of the following statements does not properly describe a limitation of an audit?
a. Many audit conclusions are made on the basis of examining a sample of
evidence.
b. Some evidence supporting peso representation in the financial statement must be
obtained by oral or written representation of management.
c. Fatigue can cause auditors to overlook pertinent evidence.
d. Many financial statement assertions cannot be audited.
18. Which of the following is not one of the general principles governing the audit of financial
statements?
a. The auditor should plan and perform the audit with an attitude of
professional skepticism.
b. The auditor should obtain sufficient appropriate evidence primarily through
inquiry and analytical procedure to be able to draw reasonable conclusions.
c. The auditor should conduct the audit in accordance with PSA.
d. The auditor should comply with the Philippine Code of Professional Ethics.
19. Which of the following statements does not describe a condition that creates a demand
for auditing?
a. Conflict between an information preparer and a user can result in biased
information.
b. Information can have substantial economic consequence for a decision- maker.
c. Expertise is often required for information preparation and verification.
d. Users can directly assess the quality of information.
20. Which of the following statements does not properly describe an element of
theoretical framework of auditing?
a. The data to be audited can be verified.
b. Short-term conflicts may exist between mangers who prepare the data and
auditors who examine the data.
c. Auditors act on behalf of the management.
d. An audit benefits the public
-------------------------------
2. The responsibility for the detection and prevention of errors, fraud and
noncompliance with laws and regulations rests with
a. Auditor
b. Client’s legal counsel
c. Fraud
d. Illegal acts
4. The following statements relate to the auditor’s responsibility for the detection of errors and
fraud. Identify the correct statements.
I. Due to the inherent limitation of the audit, there is a possibility
that material misstatements in the financial statements may not
be detected.
II. The subsequent discovery of material misstatement of the
financial information resulting from fraud or error does not, in
itself, indicate that the auditor failed to follow the basic principles
and essential procedures of an audit.
a. I only
b. Both Statements are true
c. II only
d. Both statements are false
8. Which of the following statements best describe an auditor’s responsibility to detect errors
and fraud?
a. An auditor should assess the risk that errors and fraud may cause
the financial statements to contain material misstatements and should
design the audit to provide reasonable assurance of detecting errors and
fraud that are material to the financial statements.
b. An auditor is responsible to detect material errors, but has no
responsibility to detect material fraud that are concealed through employee
collusion or management override of the internal control structure.
c. An auditor has no responsibility to detect errors and fraud unless
analytical procedures or tests of transactions identify conditions causing a
reasonably prudent auditor to suspect that the financial statements were
materially misstated.
d. An auditor has no responsibility to detect errors and fraud because
an auditor is not an insurer and an audit does not constitute a guarantee.
9. “The auditor would ordinarily expect to find evidence to support management
representations and not assume that they necessarily correct”.
This is an example of
a. Unprofessional behavior
b. An attitude of professional skepticism
c. Due diligence
d. A rule in code of professional conduct.
10. Which of the following statement is true?
a. It is usually easier for the auditor to uncover fraud than errors.
b. It is usually easier for the auditor to uncover errors than fraud.
c. It is usually equally difficult for the auditor to uncover errors or fraud.
d. Usually, the auditor does not design procedures to uncover fraud or
18. Which of the following would be least likely to suggest to an auditor that the
client’s financial statement are materially misstated?
a. There are numerous delays in preparing timely internal financial
reports.
b. Management does not correct internal control structure weaknesses
that it knows about.
c. Differences are reflected in the customer’s confirmation replies.
d. There have nee two new controllers this year.
19. Which of the following circumstances would least likely cause auditor to
consider whether a material misstatement exists?
a. The turnover of senior accounting personnel exceptionally low.
b. Management places substantial emphasis on meeting, earning
projections.
c. There are significant unusual transactions near year-end.
d. Operating and financing decisions are dominated by one person.
20. Which of the following conditions would not normally cause the auditor to
question whether material errors or possible fraud exists?
a. The accounting department is overstaffed.
b. Differences exist between control accounts and supporting
subsidiary records.
c. Transactions are not supported by proper documentation.
d. There are frequent changes of auditor’s lawyers.
----------------------------------
1. The primary responsibility for establishing and maintaining an internal control rests
with
a. The external auditors
b. The internal auditors
c. Management and those charged with governance
d. The controller or the treasurer
3. Which of the following is not one of the three primary objectives of effective internal
control?
a. Reliability of financial reporting
b. Efficiency and effectiveness of operations
c. Compliance with laws and regulations
d. Assurance of elimination of business risk.
4. Which of the following internal control objectives would be most relevant to the audit?
a. Operational objective
b. Compliance objective
c. Financial reporting objective
d. Administrative control objective
5. An act of two or more employee to steal assets and cover their theft by
misstating the accounting records would be referred to as:
a. Collusion
b. A material weakness
c. A control deficiency
d. A significant deficiency
6. Which of the following is not one of the components of an entity’s internal control?
a. Control risk
b. Control activities
c. Information and communication
d. The control environment
7. The overall attitude and awareness of an entity’s board of director concerning the
importance of the internal control usually is reflected in its
a. Computer-based controls
b. System of segregation of duties
c. Control environment
d. Safeguard over access of assets
8. In evaluating the design of the entity’s internal control environment, the auditor considers
the certain subcomponents of control environment and how they have been incorporated
into the entity’s processes. Subcomponents of control environment would include
a. Integrity and ethical values
b. Commitment to competence
c. Organizational structure
d. Information and communications systems
10. Which of the following subcomponents of the control environment define the existing
lines of responsibility and authority?
a. Organizational structure
b. Management philosophy and operating style
c. Human resource policies and practices
d. Management integrity and ethical values
11. Which of the following is not one of the subcomponents of the control
environment?
a. Management philosophy and operating style
b. Organizational structure
c. Adequate separation of duties
d. Commitment to competence
12. Which of the following deal with ongoing or periodic assessment of quality of
internal control by management?
a. Quality control activities
b. Monitoring activities
c. Oversight activities
d. Management activities
13. The policies and procedures that help ensure that management directives are carried
out are referred to as the:
a. Control environment
b. Control activities
c. Monitoring of controls
d. Information systems
14. Which of the following is not one of the specific control activities that are
relevant to financial statement audit?
a. Performance reviews
b. Physical controls
c. Segregation of duties
d. Monitoring
16. Which of the following best describes the purpose of the control activities?
a. The actions, policies and procedures that reflect the overall attitudes of the
management
b. The identification and analysis of risks and relevant to the preparation of
the financial statements
c. The policies and procedures that help ensure that necessary actions are taken
in order to achieve the entity’s objectives
d. Activities that deal with the ongoing assessment of the quality of internal
control by management
17. When the auditor attempts to understand the operation of the accounting system by
tracing a few transactions through the accounting system, the auditor is said to be:
a. Tracing
b. Vouching
c. Performing a walk through
d. Testing controls
18. Which of the following is not a medium that can normally be used by an auditor to record
information concerning a client’s internal control policies and procedures?
a. Narrative memorandum
b. Flowchart
c. Procedures manual
d. Questionnaire
19. An auditor uses the knowledge provided by the understanding of internal control and the
final assessed level of control risk primarily to determine the nature, timing and extent of
the
a. Attribute tests
b. Tests of controls
c. Compliance tests
d. Substantive tests
20. Based on the requirement of PSA 3330, how frequently must an auditor test operating
effectiveness of controls that appear to functions as they have in past years and on which
the auditor wishes to rely in the current year?
a. Monthly
b. Each audit
c. At least every second audit
d. At least every third audit
---------------------------
1. These are acts of omission or commission by the entity being audited, either intentional or
unintentional, which are contrary to the prevailing laws and regulations.
a. Fraud
b. Misappropriation
c. Noncompliance
d. Defalcation
3. The principle of professional competence and due care imposes certain obligations on
professional accountants. Which of the following is not one of those obligations required
by this principle?
a. To act diligently in accordance with applicable technical and professional standards
b. To be fair, intellectually honest and free of conflict of interest
c. To become aware and understand relevant technical, professional and business
developments
d. To obtain professional knowledge and experience to enable them to fulfil their
responsibilities
5. The essence of the due care principle is that the auditor should not be guilty of:
a. Bias
b. Errors in judgement
c. Fraud
d. Negligence
10. In which of the following circumstances would a CPA be bound by the ethics to refrain
from disclosing any confidential information obtained during course of a professional
engagement?
a. The CPA is issued summon enforceable by the court order which orders the
CPA to present confidential information
b. A major stockholder of a client company seeks accounting information from CPA
after the management declined to disclose the requested information
c. Confidential client information is made available with the client’s permission
d. An inquiry by the PRC and the CPA needs the disclosure to defend himself
12. Which of the following most accurately states how objectivity has been defined by the
Code of Ethics?
a. Being honest and straight forward in all professional and business
relationships.
b. A state of mind that permits the provision of an opinion without being
affected by influences that compromise professional judgement
c. A combination of impartiality, intellectual honesty and a freedom from conflict
of interest
d. Avoiding facts and circumstances that could reduce the public confidence in the
professional accountant’s report
15. It refers to the avoidance of facts and circumstances that are so significant that a
reasonable and informed third party, having knowledge of all relevant information,
including safeguards applied, would reasonably conclude a firm’s or a member of the
assurance team’s integrity, objectivity or professional scepticism had been compromised.
a. Independence in fact
b. Independence in appearance
c. Independence in mind
d. Inherent independence
17. Acting for an audit client in the resolution of a dispute or litigation would most likely
create
a. Self-interest threat
b. Intimidation threat
c. Advocacy threat
d. Familiarity threat
18. The preparation of accounting records of financial statements for an audit client will most
likely create
a. Self-interest threat
b. Self-review threat
c. Intimidation threat
d. Familiarity threat
19. Accepting gift or undue hospitality from an assurance client would create most likely
create
a. Familiarity threat
b. Self-review threat
c. Advocacy threat
d. Intimidation threat
20. Using the same senior personnel on an assurance engagement over a long period
of time would most likely create
a. Intimidation threat
b. Advocacy threat
c. Familiarity threat
d. Self-interest threat
----------------------------------
2. Which of the following assertions does not relate to balances at period end?
a. Existence
b. Occurrence
c. Valuation or allocation
d. Rights and obligations
3. Which of the following assertions does not relate to classes of transactions and events
for the period?
a. Completeness
b. Valuation
c. Cut-off
d. Accuracy
4. An assertion that transactions are recorded in the proper accounting period is:
a. Classification
b. Occurrence
c. Accuracy
d. Cut-off
7. Preliminary knowledge about the client’s business and industry must be obtained prior to
the acceptance of the engagement primarily to
a. Determine the degree of knowledge and expertise required by the
engagement
b. Determine the integrity of management
c. Determine whether the firm is independent with the client
d. Gather evidence about the fairness of the financial statements
9. Arnel, CPA, is succeeding Von, CPA, on the audit engagement of Almar Corporation.
Arnel plans to consult Von and to review Von’s prior year working papers. Arnel may
do so if
a. Von and Almar consent
b. Almar consents
c. Von consents
d. Von and Arnel consent
10. An incoming auditor should request the new client to authorize the predecessor auditor
to allow a review of the predecessor’s
Engagement letter Working Paper
a. Yes Yes
b. Yes No
c. No Yes
d. No No
11. Engagement letter that documents and confirms the auditor’s acceptance of the
engagement would normally be sent to the client
a. Before the audit report is issued
b. After the audit report is issued
c. At the end of fieldwork
d. Before the commencement of the engagement
12. Which of the following is not one of the principal contents of an engagement letter?
a. Objective of the financial statements
b. Unrestricted access to records and documents
c. Limitations of the engagement
d. Management’s responsibility for the financial statements
13. Arrangements concerning which of the following are least likely to be included in
engagement letter?
a. Auditor’s responsibilities
b. Fees and billing
c. CPA investment in client securities
d. Other forms of reports to be issued in addition to the audit report
14. The audit engagement letter should generally include a reference to each of the following
except
a. The expectation of receiving a written management representation letter
b. A request for the client to confirm the terms of engagement
c. A description of the auditor’s method of sample selection
d. The risk that material misstatements may remain undiscovered
15. Which of the following would be least likely to be included in the auditor’s
engagement letter
a. Forms of the report
b. Extent of his responsibilities
c. Objectives and scope of the audit
d. Type of opinion to be issued
16. According to PSA 210, the auditor and the client should agree on the terms of
engagement. The agreed terms would need to be recorded in a(n)
a. Memorandum to be placed in the permanent section of the auditing
working papers
b. Engagement letter
c. Client representation letter
d. Comfort letter
17. Which of the following factors most likely would influence an auditor’s
determination of the auditability of the entity’s financial statements
a. The complexity of the accounting systems
b. The existence of related party transactions
c. The adequacy of the accounting records
d. The operating effectiveness of control procedures
18. Which of the following factors most likely would cause an auditor not to accept a new
audit engagement?
a. An inadequate understanding of the entity’s interval control structure
b. The close proximity to the end of the entity’s fiscal year
c. Concluding that the entity’s management probably lacks integrity
d. An inability to perform preliminary analytical procedures before assessing
control risk
19. Which of the following should an auditor obtain from the predecessor auditor prior to
accepting an audit engagement
a. Analysis of balance short accounts
b. Analysis of income statements accounts
c. All matters of continuing accounting significance
d. Facts that might bear on the integrity of management
20. An incoming auditor most likely would make specific inquiries of the predecessor auditor
regarding
a. Specialized accounting principles of the client’s industry
b. The competency of the client’s internal audit staff
c. The uncertainty inherent in applying sampling procedures
d. Disagreements with management as to auditing procedures
----------------------
1. Which of the following statements is most correct regarding the primary purpose of audit
procedures?
a. To detect all errors or fraudulent activities as well as illegal activities
b. To comply with the SEC
c. To gather corroborative audit evidence about management’s assertions
regarding the client’s financial statements
d. To determine the amount of errors in the balance sheet accounts in order
to adjust the accounts to actual
2. A procedure designed to test for monetary misstatements directly affecting the validity
of the financial statement balances is a:
a. Test of controls
b. Substantive test
c. Test of attributes
d. Monetary-unit sampling test
3. You are auditing the company’s purchasing process for goods and services. You are
primarily concerned with the company not recording all purchase transactions. Which
audit procedure below would be the most effective audit procedure in this case?
a. Vouching from the accounts payable account to the vendor invoices.
b. Tracing vendor invoices to recorded amounts in the accounts payable
account.
c. Confirmation of accounts payable recorded amounts.
d. Reconciling the accounts payable subsidiary ledger to the accounts
payable account.
4. The information obtained by the auditor in arriving at the conclusions on which the
audit opinion is based is called:
a. Audit working papers
b. Audit assertions
c. Audit evidence
d. Audit standards
11. The sufficiency and appropriateness of evidential matter ultimately is based on the
a. availability of corroborating data.
b. Philippine Standard on Auditing.
c. pertinence of the evidence.
d. judgment of the auditor.
12. An example of an external document that provides reliable information for the auditor
is:
a. employees time reports.
b. bank statements.
c. purchase order for company purchases.
d. carbon copies of checks.
13. An example of a document that the auditor receives from the client, but which was
prepared by someone outside the client’s organization, is a:
a. confirmation.
b. sales invoice.
c. vendor invoice.
d. bank reconciliation.
14. To be considered reliable evidence, confirmations must be controlled by:
a. a client employee responsible for accounts receivable.
b. a financial statement auditor.
c. a client’s internal audit department.
d. a client’s controller or CFO.
15. Given the economic and time constraints in which auditors can collect evidence about
management assertions about the financial statements, the auditor normally gathers
evidence that is:
a. irrefutable.
b. conclusive.
c. persuasive.
d. completely convincing.
16. It refers to the material (working papers) prepared by and for, or obtained and retained
by the auditor in connection with the performance of the audit.
a. Documentation
b. Audit report
c. Accounting data
d. Corroborative evidence
17. Which of the following best describes one of the primary objectives of audit
documentation?
a. Defend against claims of a deficient audit.
b. Provide a principal support for the income taxation return.
c. Provide documentation that the audit was conducted in accordance with
auditing standards.
d. Provide additional support or recorded amounts to the client.
18. Which of the following is not an expert upon whose work an auditor may relay?
a. Actuary
b. Internal auditor
c. Appraiser
d. Engineer
19. An expert whose expertise is used by the entity in preparing financial statements is called
a(n):
a. Financial expert
b. Management expert
c. Auditor’s expert
d. Specialist
20. External auditors must obtain evidence regarding what attributes of an internal audit
department if the external auditors intend to rely on internal auditor’s work?
a. Integrity
b. Objectivity
c. Competence
d. All of the above
----------------------
1. This involves developing an overall strategy for the expected conduct and scope of the
examination; the nature, extent, and timing of which vary with the size and complexity,
and experience with and knowledge of the entity.
a. Audit planning
b. Audit procedure
c. Audit program
d. Audit working papers
2. Initial planning involves four matters. Which of the following is not one of these?
a. Develop an overall audit strategy
b. Request that bank balances be confirmed
c. Schedule engagement staff and audit specialists
d. Identify the client’s reason for the audit
3. A CPA is conducting the first examination of a client’s financial statements. The CPA
hopes to reduce the audit work by consulting with the predecessor auditor and reviewing
the predecessor’s working papers. This procedure is
a. Acceptable if the client and the predecessor auditor agree to it.
b. Acceptable if the CPA refers in the audit report to reliance upon the
predecessor auditor’s work.
c. Required if the CPA is to render an unmodified opinion.
d. Unacceptable because the CPA should bring an independent viewpoint to a
new engagement.
4. The preliminary judgment about materiality and the amount of audit evidence
accumulated are related.
a. directly
b. indirectly
c. not
d. inversely
8. When comparing level of materiality used for planning purposes and the level of
materiality used for evaluating evidence, one would most likely expect
a. The level of materiality to be always similar.
b. The level of materiality for planning purposes to be similar.
c. The level of materiality for planning purposes to be higher.
d. The level of materiality for planning purposes to be based on total assets
while the level of materiality for evaluating purposes to be based on net
income.
10. Auditors frequently refer to the terms audit assurance, overall assurance, ad level of
assurance to refer to .
a. detection risk
b. audit report risk
c. acceptable audit risk
d. inherent risk
11. The risk that financial statements are likely to be misstated materially without regard
to the effectiveness of internal control is the;
a. Inherent risk
b. Audit risk
c. Client risk
d. Control risk
12. When planning a financial statement audit, the auditor should assess inherent risk at
the
Financial statement level Account balance or transaction class level
a. YES YES
b. YES NO
c. NO NO
d. NO YES
13. Which of the following is an incorrect statement?
a. Detection risk cannot be changed at the auditor’s discretion.
b. If individual audit risk remains the same, detection risk bears an
inverse relationship to inherent and control risk.
c. The greater the inherent and control risk the auditor believes exist, the less
detection risk that can be accepted.
d. The auditor might make separate or combines assessments of inherent
risk and control risk.
15. Which of the following is not correct regarding an auditor’s decision that a lower
acceptable audit risk is appropriate?
a. More evidence is accumulated
b. Less evidence is accumulated
c. Special care is required in assigning experienced staff
d. Review of audit documentation is performed by personnel not assigned to the
engagement
16. These consist of the analysis of significant ratios and trends including the resulting
investigation of fluctuations and relationship that are inconsistent with other relevant
information or deviate from predictable amount.
a. Financial statement analysis
b. Variance analysis
c. Analytical procedures
d. Regression analysis
18. In developing the overall audit plan and audit program, the auditor should assess
inherent risk at the:
Audit plan Audit program
a. Financial statement level Accounting balance level
b. Account balance level Financial statement level
c. Account balance level Account balance level
d. Financial statement level Financial statement level
19. An auditor should design the written audit program so that
a. All material transactions will be selected for substantive testing
b. Substantive tests prior to the balance sheet date will be minimized.
c. The audit procedures selected will achieve specific audit objectives.
d. Each account balance will be tested under either tests of controls or tests of
transactions.
20. Which of the following matters would least likely appear in the audit program?
a. Specific procedures that will be performed.
b. Specific audit objectives.
c. Estimated time that will be spent in performing certain procedures.
d. Documentation of the accounting and internal control systems being
reviewed.
------------------------------
1. This involves the application of the procedures to less than 100% of the items within an
account balance or class of transactions. This enables the auditor to obtain and evaluate
audit evidence about some characteristics of the selected items in order to form an opinion
about the characteristics of all items supporting an account balance or transaction class.
a. Audit techniques
b. Selective testing
c. Audit sampling
d. Specific identification
4. In a sampling application, the group of items about which the auditor wants to
estimate some characteristic is called the
a. Population c. Attribute of interest
b. Sample d. Sampling unit
5. Non-sampling error occur when the audit tests do not uncover existing
exceptions in the
a. Population
b. Planning stage
c. Sample
d. Financial statement
6. PSA 530 identifies two general approaches to audit sampling. They are
a. Random & nonrandom
b. Statistical & nonstatistical
c. Precision & reliability
d. Risk and nonrisk
7. The relationship between sample size and the allowable sampling risks is
a. Direct
b. Inverse
c. Sample deviation rate
d. Expected deviation rate
10. The process which requires the calculation of an interval and them selects the items
based on the size of the interval is
a. Statistical sampling
b. Systematic selection
c. Random selection
d. Computerized selection
11. A method of sampling in which all the items in the population are divided into two or
more sub-population is
a. Variable sampling
b. Stratified sampling
c. Attribute sampling
12. If the auditor is concerned that a population may contain exceptions, the determination of a
sample size sufficient to include at least one such exception is a characteristic of
a. Discovery sampling
b. Random sampling
c. Variables sampling
d. Peso-unit sampling
13. Which of the following statistical sampling plans does not use a fixed sample size for tests
of controls?
a. PPS sampling
b. Value-weighted sampling
c. Sequential sampling
d. Variables sampling
15. The maximum amount of error in a population that the auditor is willing to accept is
referred to as the
a. Acceptable risk
b. Tolerable error
c. Expected error
d. Tolerable materiality
16. The deviation rate the auditor expects to find in the population, before testing begins, is
called the
a. Tolerable deviation rate
b. Computer upper deviation rate
c. Sample deviation rate
d. Expected deviation rate
-------------
2. Accounting control comprises the plan of the organisation and the procedures and
records that areconcerned with the safeguards of assets and the reliability of financial
records. True
4. Directing and leading is the art of ensuring that happenings occur in harmony with
each other—withoutwhich things will be out of control. False
2. The inherent risk is the risk that the organisation is exposed to after taking account
of the active andpassive controls that, fortuitously or by design, are in place. False
3. The gross risk is how much damage would probably be done to the organisation
if the cash werecarelessly left lying around in full view and completely accessible to
strangers. False
5. The risk register allows a more detailed description of the approaches being taken to
manage risks. True
-------
2. In Control, the internal audit activity must evaluate the effectiveness and contribute to the
improvement ofrisk management processes. False
3.In Governance, the internal audit activity must assess and make appropriate
recommendations forimproving the governance process. True
4. In Risk Management, the internal audit activity must assist the organization in maintaining
effective controls by evaluating their effectiveness and efficiency and by promoting
continuous improvement. False
5. The COA sets the direction of the organization and oversees that management implements
the direction set. False
------------
1. Fayol, the “father of management theory” was the rst to describe
“control” as a function ofmanagement along with other functions which he
set out as being planning, organizing, commanding, coordinating,
controlling.
Answer: TRUE
Answer: TRUE
5. Control activities/procedures will need to be accurately de ned and effectively
communicated to those involved. It is always preferable to establish written
procedures which remove the possibilityof misinterpretation so often associated
with verbal instructions.
Answer: TRUE
---------
1. Statement 1: 2120—Risk Management The internal audit activity must evaluate the
effectiveness andcontribute to the improvement of risk management processes.
Statement 2: 2120.A1—the internal audit activity must evaluate risk
exposures relating to the organization’s governance, operations, and
information systems regarding the organizational objectives support and
align with the organization’s mission.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
2. Statement 1: The COSO objectives of risk management are the same as the COSO
objectives of internal control with the exception of the addition of the strategic
objective which, arguably, should have been one of COSO’s internal control
objectives since strategies should be developed in a well-controlled way.
Statement 2: COSO is right to add the strategic objective to their enterprise risk
managementframework: strategic options need to be weighed up having regard to
risk.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
3. Statement 1: The “Control Environment” component under the 2020 internal
control framework isnow termed the “Internal Environment”, though its meaning
is unchanged.
Statement 2: Not being a framework on internal control, the title “Control
Environment” was notthought to be ideal, but choosing to label it “Internal
Environment” has resulted
in
an ugly oxymoron.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
4. Statement 1: Two useful tools to apply in risk management— rst, the risk matrix
and secondly, therisk register.
Statement 2: Using tools such as this enables all participants to focus more
closely on the sameissues, enables subjectivity to be exercised methodically,
simpli es and makes attractive.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
5. Statement 1: The risk register allows a more detailed description of the
approaches being taken tomanage risks.
Statement 2: The risk register approach is less visual in its representation, but
is widely used tocreate and maintain a record of threats and their management
at all levels and in all parts of the organization.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
Statement 1 and 2 are incorrect answers
QUESTION AND ANSWER
2