PROF ELEC 3

OPERATIONS AUDITING
OPERATIONS AUDITING
Topic 1. Operations Auditing

Learning Objectives

After successful completion of this module, the learner should be able to:
1. Define the operations auditing.
2. Understand the characteristics of operations auditing.
3. Know the objectives and phases of operations auditing.

OVERVIEW
Operational auditing is a type of audit service in which the focus is primarily on important
processes, procedures, systems, and internal controls, with the primary goal of increasing
productivity, efficiency, and effectiveness of the operation. This form of audit differs significantly
from an internal audit, which examines the adequacy of controls and assesses the fairness of the
financial statement presentation. Operational auditing can employ financial data, but the major
sources of proof are operational policies and accomplishments related to the organization's goals.

Discussions
I. Definition and Characteristics
Operational auditing is defined as “A future-oriented, systematic, and independent
evaluation of organizational activities. Financial data may be used, but the primary sources of
evidence are the operational policies and achievements related to organizational objectives.
Internal controls and efficiencies may be evaluated during this type of review.”
Operational audits are usually conducted by the internal audit staff, though specialists can
be hired to conduct reviews in their areas of expertise. The primary users of the audit
recommendations are the management team, and especially the managers of those areas that have
been reviewed.
An operational audit is a means of analyzing how a company runs its operations. It
necessitates an examination of the company's processes, procedures, and systems. This sort of
audit evaluates the organization's management procedures in addition to its financial situation. An
operational audit seeks to identify areas where the organization's operations might be made more
efficient, productive, and effective.
 Operational audits are a forward looking process, and are part of many organizations’ ongoing
business improvement process toolkit. The findings of operational audits are intended to diagnose
which areas need attention and to safeguard assets by averting potential future risks. The
Operational Auditing Handbook borrows The Institute of Internal Auditors’ (IIA) definition of an
operational audit: “A systematic process of evaluating an organization's effectiveness, efficiency
and economy of operations under management's control and reporting to appropriate persons the
results of the evaluation along with recommendations for improvement.” While an audit is
usually associated with financial matters, operational audits are more comprehensive and go
beyond financial data (although that type of reporting is often included). The primary information
sources are policies and achievements related to the objectives of the organization.
Operational audits are a ‘deep dive’ into every facet of management. As a result, start-to-finish
time frames can vary from a few weeks to many months, depending on scope, complexity, and
size of the organization, and whether the audit is for the entire entity or a particular business unit.
Unlike financial audits, which are conducted by external entities, operational audits are often
carried out by an internal auditor.

II. Objectives of Operations Auditing

The objectives of the review will depend on several factors. First of all, we must determine whose
objectives the engagement is intending to address. Internal audit should be careful not to define
the objectives unilaterally. While this may be necessary in certain occasions, this should not be the
prevailing practice, but rather, internal auditors should get management involvement as much as
possible to make sure that the review will meet their needs.
The objectives for the review could be driven by
1. New rules. Rules can be established internally (e.g., policies and procedures) or externally
(e.g., new or updated laws and regulations), or a combination (e.g., a contract signed by
the organization and one or more external parties)
2. Poor performance. Inefficiencies, waste, rework, or complaints from customers and
vendors may trigger management involvement, resulting in their request to have the matter
reviewed by internal audit.
3. Compliance issues. These can be the result of internal quality control initiatives that
identify anomalies. In the case of regulators and inspector reviews that identify instances
of noncompliance at other organizations, the internal audit department may investigate
conditions at their organization to determine if a similar problem exists at home, help to
monitor the situation, and verify that follow-through on corrective actions take place in
anticipation of future additional compliance reviews by external parties, such as regulators.
4. Anomalous revenues or expenses. While increases in sales is always welcome news, if
these figures appear dubious, internal audit may review the related transactions to verify

they are all legitimate, they have been recorded in the correct amount, and posted during
the correct period. Similarly, unusually high or low, or otherwise questionable expenses,
are likely to result in the request for a thorough review.
 Auditing Principles

• Integrity: Withstand pressures that may be exerted and take care to comply with any legal
requirements.
• Fair Presentation: Present all results fairly and report significant concerns.
• Due Professional Care: Use diligence, due care, and reasoned judgments in every
situation.
• Confidentiality: Keep information secure, and protect confidential or sensitive
information.
• Independence: Maintain impartiality and keep actions and reporting bias-free.
• Evidence-Based: Depend on a fact-based approach to reach reliable conclusions.

III. Different Types of Operational Audit

▪ Financial Audits or Review: Financial audits focus on financial controls as they relate to
reporting to internal and external governing bodies. Financial statement auditing is the
bailiwick of external auditors. Internal audits complement the work of operational audits,
which includes some form of budget, or a financial review.
▪ Operational Audits: As noted, operational audits focus on the review and assessment of
single or multiple business processes.
▪ Department Reviews: Different departments or divisions may run a periodic analysis to
assess the adequacy of controls, how well assets are safeguarded, how resources are used,
and if there is compliance with applicable laws.
▪ Information System (IT) Audits: Information systems audits investigate overall
infrastructure and networks, technical operations, data center operation, project
management, and review security status and procedures.
▪ Investigative Audits: When a company suspects a risk of security breach, or when one
 has occurred on the part of an individual or department, there is often an investigative audit
to understand causes and additional background information and research.
▪ Compliance Audits: Compliance audits review the level of compliance with external
regulatory requirements or internal policies.
▪ Marketing Audits: A marketing audit is a broad, precise, and autonomous probe into the
marketing of a company or a business. An audit holds both an external situation analysis
and a thorough review of internal marketing goals, strategies, capabilities, processes, and
systems. The result is actionable recommendations to improve progress toward stated
goals.
▪ Follow-Up Audits: After an operational audit report has been issued, it is standard practice
to follow up to evaluate corrective actions, usually within a six month period.
 IV. Audit Phases
There are five phases of our audit process:
1. Selection Phase. Internal Audit conducts a University-wide risk assessment near the end
of each calendar year. We develop the audit plan for the subsequent year based on the
results of this assessment and the department’s available resources. The Chancellor and the
Fiscal Affairs and Audit Committee of the Kansas Board of Regents review the audit plan
before it is executed.
2. Planning Phase. During the planning phase of each project, the Internal Audit staff gather
relevant background information and initiate contact with the client. Auditors meet with
University leadership and clients to identify risks and determine the objectives and scope
of the audit as well as the timing of fieldwork and the report distribution.
3. Execution Phase. Once the audit is planned, fieldwork is executed by the Internal Audit
staff. Clients are kept informed of the audit process through regular status meetings. We
discuss audit observations, potential findings, and recommendations with the client as they
are identified.
4. Reporting Phase. A summary of the audit findings, conclusions, and specific
recommendations are officially communicated to the client through a draft report. Clients
have the opportunity to respond to the report and submit an action plan and time frame.
These responses become part of the final report which is distributed to the appropriate level
of administration.
5. Follow-Up. Internal Audit follows up on all audit findings within one year of when the report was
issued.
 ASSESMENTS

1. The type of audit that looks beyond the organization's financial circumstances and
examines its management practices.
a. investigative Audits
b. Operational Audit
c. Compliance audit
d. Financial audit

2. Inefficiencies, waste, rework, or complaints from customers and vendors may trigger
management involvement, resulting in their request to have the matter reviewed by internal
audit.
a. Poor performance
b. Anomalous revenues or expenses
c. New rules
d. Compliance issues

3. An auditing principle which maintain impartiality and keep actions and reporting bias-free.
a. Due professional care
b. Evidence-based
c. Integrity
d. Independence

4. Once the audit is planned, fieldwork is executed by the Internal Audit staff. Clients are kept
informed of the audit process through regular status meetings. We discuss audit
observations, potential findings, and recommendations with the client as they are identified.
a. Reporting Phase
b. Selection Phase
c. Execution Phase
d. Follow-up

5. The primary information sources of operational auditing.

a. Financial statements
b. Original source documents
 c. Physical observations
d. Policies and achievements related to the objectives of the organization

6. These can be the result of internal quality control initiatives that identify anomalies.
a. Efficiency
b. Compliance issues
c. Effectiveness
d. New rules

7. A type of operational audit which is focus in investigating overall infrastructure and

networks, technical operations, data center operation, project management, and review
security status and procedures.
a. Department reviews
b. Marketing audit
c. Investigative audit
d. Information system audit

8. A phase of audit process where the Internal Audit staff gather relevant background
information and initiate contact with the client.
a. Selection Phase
b. Execution Phase
c. Reporting Phase
d. Planning Phase

9. Different departments or divisions may run a periodic analysis to assess the adequacy of
controls, how well assets are safeguarded, how resources are used, and if there is
compliance with applicable laws.
a. Department reviews
b. Follow-up
c. Financial reviews
d. Marketing reviews

10. A systematic process of evaluating an organization's effectiveness, efficiency and economy

of operations under management's control and reporting to appropriate persons the results
of the evaluation along with recommendations for improvement.
a. Financial auditing
b. Operational auditing
c. Compliance auditing
d. Information system audit
OPERATIONS AUDITING
Topic 2. Audit Process

Learning Objectives

After successful completion of this module, the learner should be able to:
1. To have a clear understanding of the Audit Process
2. To know the definition of different Auditing terms.
3. To have an idea of the objectives of an Audit

OVERVIEW
An audit is defined as an official inspection of an organization’s accounts, typically by an
independent body. Many companies in the Philippines are likely to require an audit but are unsure
what an audit is and when is it needed. Thus, the Audit Process is divided into four phases, namely:
audit engagement planning, audit execution, audit reporting, and audit follow-up.
This flow of processes is to verify that all company are aligned with their strategic vision
and that they deliver the value that internal customers need, and external ones want. It also
evaluates the operational efficiency of processes and verify that the process chain provides
protection for company assets.
This audit process is applicable for both management and operations audit. For each phase,
there are specific criterial to ensure a successful audit engagement.
I. Definition
According to Salosagcol et al., the audit process is the sequence of different activities
involve in an audit. It is a set of actions and procedures to control an organization as it aim to test
and prove that processes are being conducted effectively and followed due to control mechanisms.
Moreover, it also aim to detect opportunities for improvement in the audit process. Salosagcol also
stated in his book of Auditing Theory that the emphasis and order of certain activities may vary
depending upon a particular audit, but these processes would basically include activities such as:
• Accepting an Engagement
• Audit Planning
• Considering the Internal Control
• Performing Substantive Test
• Completing the Audit
• Issuing a Report

II. Objectives of Audit Process

Every auditor following the Audit Process has a strategic objective to achieve. They need
to make sure that they provide an Audit that best describes the organization they are in. As stated
in the previous page that one of the objectives of the audit process is to verify that all company
processes are aligned with their strategic vision (Veyrat, n.d.), it is significant to list other
objectives that will help the organization achieve their goals. The list of objectives are as follows:
• Evaluate the operational efficiency of processes
• Verify that the process chain provides protection for company assets
• Find out if your company information and data is secure and reliable
• Evaluate processes to determine if they’re reliable
• Check for incorrect procedures during processes
• Report detected failures and non-conformities
• Provide recommendations for appropriate corrections

III. The Audit Process

Source: (Internal Controls Manual)

1. Audit Engagement Planning

Audit Engagement planning is the most important part of the audit. It entails familiarization
with the objectives, processes, risks and controls of the auditee and activity to be audited and
develop a strategy and approach in conducting the audit. It also involves the listing down of audit
activities per audit engagement based on the AWP.
Purposes:
a) Understanding the control environment and the organization.
b) Outlining the scope and objectives of the audit.
c) Establishing the basis for budgeting (time, cost, personnel).
d) Identifying the evidence required to develop the audit findings.
e) Assisting in choosing/determining the audit procedures (nature, extent and timing).
f) Establishing the basis for coordinating the staff.

Steps:

2. Audit Execution

Steps:

a. Entry conference – it sets the tone for the audit. Entry Conference is done to discuss the focus,
requirements, and timelines of the audit, as well as to obtain the audited entity’s views and
expectations for the overall framework for the conduct of the audit. Matters arising from the
entry conference must be recorded (as entry conference notes) and should be considered during
the conduct of the engagement planning
 b. Conduct compliance audit – It is the evaluation of the extent or degree of compliance with
laws, regulations, managerial policies, and operating processes in the agency, including
compliance with accountability measures, ethical standards, and contractual obligations.

c. Conduct system / process audit – This process audit involves the following:
o documentation of the process or system under audit
o identification of the control procedures
o verification and validation on whether such control procedures are complied with and
are working effectively

d. Exit conference - The purpose of exit conference is to discuss the highlights of the audit
findings with the auditee and/or the responsible official who has sufficient knowledge about
the audit area. It provides an opportunity to get the auditee’s comments or management
comments and insights about the significant audit issues as a way of validating the findings

3. Audit Reporting

Audit reporting represents the culmination of the audit execution and the associated analysis
and considerations made during the audit. The audit report sets out the findings in appropriate
format and provides the pieces of evidence gathered to arrive at the audit findings and the
recommendations.

Steps:

a. Develop audit findings – Audit findings can be developed by analyzing the pieces of evidence
gathered for each of the audit elements. They should align with the audit objectives and be rational
and based on specific standards and criteria. Also, compare the conditions with the audit criteria,
and determine the causes
Note: Audit findings on probable cause of illegality of a transaction
constitute a violation of law while irregularity constitutes a violation of regulations.
b. Develop audit recommendations –
o Management / Legal remedies to avoid occurrence
 o Provide courses of action as the basis for improving internal controls
o Should:
✓ Be clear
✓ Be based on science of facts, conditions, and evidence
✓ Consist of practicable, incontestable, and workable solutions that can stand
alone and address the issue(s) at hand

c. Prepare draft audit report - Prepared by laying out and analyzing the pieces of evidence gathered
to arrive at preliminary audit findings and recommendations.

d. Update the GM - The GM should be updated on the results of the audit engagement

e. Prepare the final audit report - The draft report may then be finalized integrating the following as
parts of the final report:

i. Table of Contents
ii. Executive Summary
iii. Detailed Audit Findings
iv. Management Comments and Team’s Rejoinder
v. Monitoring and Feedback on Prior Year’s Recommendations
vi. Recommendations
vii. Appendices.
Note: The final audit report should be presented to the GM who decides on the
distribution of the audit report based on the recommendation of the ICS

4. Audit Follow-up
A monitoring and feedback activity undertaken to ensure the extent and adequacy of preventive
/ corrective actions taken by the Management to address the inadequacies identified during the
audit. It aims to increase the probability that recommendations will be implemented.

Purposes:
Steps:

a. Monitor implementation of approved audit findings and recommendations - It is a

sound practice to monitor the implementation of approved recommendations
(management/legal remedies) to avoid the occurrence (preventive measures) and
recurrence (corrective measures) of control weaknesses/incidences after a
reasonable period from the report submission date.

b. Resolve non-implementation / inadequate implementation of audit

recommendations - In the event of non-implementation of recommendation /
inadequate action, the ICS recommends appropriate legal and/or management
remedies for non-implementation of recommendation and inadequate preventive /
corrective actions.

c. Prepare audit follow-up report - Results of the audit follow-up should be recorded
and reported to apprise the GM of the status of actions on the approved
recommendations. - The reasons for the lack of action or non-completion of action
on any recommendation should be documented and further action considered on
significant recommendations that have not been acted upon.
 Assessments

1. It is the most important part of the audit. It entails familiarization with the objectives,
processes, risks and controls of the auditee and activity to be audited and develop a strategy
and approach in conducting the audit.
a. Audit Follow up
b. Audit Reporting
c. Audit Document
d. Audit Engagement Planning

2. The purpose of this is to discuss the highlights of the audit findings with the auditee and/or
the responsible official who has sufficient knowledge about the audit area.
a. Exit Conference
b. Opening Remarks
c. Entry Conference
d. Audit Reporting

3. True or False: The final audit report should be presented to the GM who decides on the
distribution of the audit report based on the recommendation of the CIS
a. True
b. False

4. A monitoring and feedback activity undertaken to ensure the extent and adequacy of
preventive / corrective actions taken by the Management to address the inadequacies identified
during the audit.
a. Entry Conference
b. Audit Reporting
c. Audit Follow up
d. Audit Consideration

5. All are part of an Audit Process; except,

a. Audit Planning
b. Audit Reporting
c. Audit Follow up
d. Audit Performance

6. It is the sequence of different activities involve in an audit.

a. Audit Activities
b. Audit Process
c. Audit Sequence
d. Audit Execution

7. One is not an objective of Audit Process

a. Evaluate the operational efficiency of processes
b. Verify that the process chain provides protection for company liabilities
c. Find out if your company information and data is secure and reliable
d. Evaluate processes to determine if they’re reliable

8. It represents the culmination of the audit execution and the associated analysis and
considerations made during the audit.
a. Audit Reporting
b. Audit Process
c. Audit Follow up
d. Audit System

9. All are steps in the Audit Execution; except,

a. Entry Conference
b. Conduct Operations Audit
c. Conduct system/process audit
d. Exit Conference

10. True or False: Audit findings on possible cause of illegality of a transaction constitute a
violation of law while irregularity constitutes a violation of regulations.
a. True
b. False
OPERATIONS AUDITING
Topic 3. Project Management

Learning Objectives

The learner is expected to be able to:

1. Define the project management
2. Application of project management plan in operations auditing.
3. Appreciate the advantages of project management in performing audit.

OVERVIEW
The goal of project management is to create an end result that will bring about change for
the benefit of the company that initiated the project. It is the beginning, planning, and execution
of a variety of tasks necessary to deliver this final result. Projects that require formal management
are those that:
• produce something new or altered, tangible or intangible;
• have a finite timeframe: a definite start and end;
• are likely to be complex in terms of work or groups engaged;
• require the management of change;
• require the management of risks.
The benefits of investing in competent project management include:
• increasing the possibility of obtaining the desired result;
• guaranteeing efficient and best value resource use; and
• meeting the diverse needs of the project's stakeholders.
A project management audit is a bit different than the general definition of audit. The audit
process is intended to determine the status of work completed on a project in order to ensure that
it corresponds with the statement of work, which includes the project's scope, time, and budget, as
well as the maturity of the project management process.
 I. Definition
The Project Management Institute define project management as “the application of
knowledge, tools, skills and techniques to project activities to meet the project requirements.”
Project management is the discipline of planning, organizing, and controlling resources to
achieve specific goals. A project is a temporary endeavor with a defined beginning and end
(usually time-constrained, and often constrained by funding or deliverables), undertaken to meet
unique goals and objectives.
The goal of project management is to help you keep track of your audit. However, our
audits' original scope and details frequently change. We lose control if our project management
plan does not alter at the same time.
Auditors need to be effective (by complying with professional standards), but we also need
to be efficient (if we want to make money). And project management creates efficiency. Managing
resources, identifying impediments to audit processes, responding to scope creep–these are just a
few of the issues that we encounter. And these problems have the potential to boost engagement
time while lowering revenues. Worse, that promise of rapid completion may not be kept.
So, what are the keys to using project management in audits?
• Audit team members
• Project management software
• Create a project management plan.
• Be aware.
• Be vigilant.

II. Project Management Plan

What is a project management plan? It’s deciding what, when, and who. These three factors
are dependent upon the deliverables, such in the deliverable of the audit report.

• Who
First, let’s start with who will perform the actions.
An audit team usually consists of a partner, an in-charge, and one or two staff members. Your
initial decision, regardless of team size, is "who will work on the engagement?" As previously
said, this is the most important aspect of completing your audit. However, keep in mind that an
audit involves not only your team members, but also clients. You can't audit unless they provide
you information, answer your queries, and let you look at their records. You might also consult
with experts or lawyers. Members of your audit team, client workers, and anyone who have access
to your project management software.
• What
Second, determine what needs to be done. It is the development of our audit plan.
The audit plan is our response to risk assessment which is performed early in the engagement.
Once we perform walkthroughs, make inquiries, inspect documents, and make observations, we
become aware of risks. And in response, we create an audit plan to address those risks. Now we
know what needs to be done. The audit plan feeds the project management plan.
Notice the risk assessment process and audit plan informs the project management plan. Notice
also that the project management plan is not the same as the audit plan; they are distinctly different.
One addresses risk and the other addresses the how, when, and who of getting things done.
Some audit tasks are performed in every audit, regardless of the audit risks, such as obtaining
a signed representation letter. These tasks can be set up in a project management template which
can be used to create your initial project management plan. Then you can add the client-specific
tasks as needed.
• When
Thirdly, we need to specify a date for each action.
Project management software allows you to specify when an action is to occur. You may
wonder, “How do I know when each action will occur?” You may not know precisely, but you
have an idea. So, go ahead and specify a date. If later you need to change that date, you can. There
is no sin in amending the plan.
Now that I have a project management plan, I need to be aware and vigilant to keep the plan
on track.

III. The Project Management Audit Process

▪ Plan the Audit: You shouldn’t start anything without a plan. Let everyone involved in the
audit and the project know about the audit, and stress that this is not anything scary. It’s a
method to make things work better, not lay blame.
▪ Conduct the Audit: Now do the audit and work through a thorough process to get all the
data and proof. This includes interviewing project sponsor, manager and team, either in
person, a group meeting or through a detailed questionnaire.
▪ Summarize the Audit: At this point, you’ll have lots of data; so take these findings about
improvements and faults, and put them in an executive summary to give a clear and broad
overview. Be sure to point out and praise those who have done well.
 ▪ Present the Results: Next, you want to present that summary of results to all parties that
need to know about the audit, from your team to your stakeholders. At this point, you’ll
want to identify opportunities that have been realized and implemented, as well as a list of
all the problems that have and have not been resolved. Also, share recommendations.
▪ Determine the Action Plan: With all this data, you can now develop a plan of action that
will help improve efficiencies. Get people involved and set that course with assignments
and due dates. Use all the records collected during the interviews, meetings or via
questionnaire and define the solution. This will be submitted to senior management.
▪ Schedule Follow-Up: Don’t let this action plan go unattended. Go back to it and make
sure that the plan is progressing on schedule.
▪ Repeat: This is a list that should really be designed in a circle, because you can never sit
back and become complacent. The more audits you do, the more efficiencies you’ll create.

IV. Project Management Metrics

If you are just beginning to measure performance, get started with these 10 project management
metrics to propel success:

1. Productivity
This metric looks at overall capabilities of a company—how well it uses its resources. Productivity
shows the relationship between inputs and outputs. How much are you getting out after all that
you put into a project? The ideal productivity outcome is creating more for less.

Productivity = Units of Input/Units of Output

2. Gross Profit Margin

Numbers speak louder than words. Metrics directly tied to the bottom line communicate success
or failure more quickly than other metrics.

The higher the margin, the better the business is doing. Any program or work performed should
contribute to the financial profit of a business. Margin is the percentage of each dollar earned after
costs have been subtracted.

Gross Profit Margin = (Total Profit-Total Costs)/100

3. Return on Investment (ROI)

Return on investment specifically looks at the dollar amount earned for the amount invested in a
project. Like gross margin, this is a financial equation. Instead of looking at overall profit, it looks
at the specific benefit from the project divided by the costs.
To use this metric, a dollar amount needs to be assigned to each unit of data to determine the net
benefits—benefits may include contribution to profit, cost savings, increased output, and
improvements. Costs may include resources, labor, training, and overhead.

ROI = (Net Benefits/Costs) x 100

4. Earned Value
Earned value provides strategic guidance by showing how much value you have earned from the
money spent to date on a project. It compares the value of the work completed by a specific date
in relation to the approved budget for the project.

Earned value is also called Budgeted Cost of Work Performed (BCWP). This metric provides a
reality check during the process of a project.

Earned Value (EV) = % of Completed Work / Budget at Completion (BAC)

5. Customer Satisfaction
A customer satisfaction score provides a measure of quality for your service or product. Customer
survey data results guide this metric. The Center for Business Practices outlines this as a score on
a scale from one to 100. The product or service should do what it was meant to do and satisfy real
customer needs.

Each company can develop a score unique to its business by weighing each variable based on its
importance. Variables may include customer survey results, revenue generated from clients, repeat
or lost clients, and complaints.

The Customer Satisfaction Index (CSI) is the most widely used system for measuring customer
satisfaction. The Net Promoter Score (NPS) is another method to capture customer satisfaction.
NPS reveals customer loyalty by probing the likelihood of a customer recommending the product
or service.

Customer Satisfaction Score = (Total Survey Point Score / Total Questions) x 100

6. Employee Satisfaction Score

Similar to customer satisfaction, survey data determines the employee satisfaction score. Why look
at employees in measuring project management? Employee morale is directly correlated to project
success—here are four tips to measure morale.

A satisfied employee creates better work more efficiently. The high costs of employee turnover—
totaling 50% to 200% of an employee’s salary—should be motive enough to pay attention to the
people closest to the project.
The Gallup Q12 Employee Engagement Survey is a popular tool to collect employee data. An
Employee Satisfaction Index (ESI) processes results into an index score.

Employee Satisfaction Score = (Total Survey Point Score / Total Questions) x 100

7. Actual Cost
The Actual Cost is a simple number that shows how much money is spent on a project—not an
estimate. This cost is determined by adding up all the expenses for a specific project over
the timeline.

Actual Cost (AC) = Total Costs per Time Period x Time Period

8. Cost Variance
Cost variance shows the difference between the planned budget and actual costs within a specific
timeframe. Is the estimate above or below the actual costs? A project is over budget if the cost
variance is negative. A positive cost variance shows a project is under budget.

Cost Variance (CV) = Budgeted Cost of Work – Actual Cost of Work

9. Schedule Variance
Schedule variance looks at budgeted and scheduled work. Is the project running ahead or behind
of the planned budget?

The schedule variance is the budgeted cost of work performed minus the budgeted cost of work
scheduled—the difference between work scheduled and completed. A negative schedule variance
means the project is behind schedule.

Schedule Variance (SV) = Budgeted Cost of Work Performed – Budgeted Cost of Work
Scheduled

10. Cost Performance

Cost performance is a cost efficiency metric. Divide the value of the work actually performed
(earned value) by the actual costs it took to accomplish the earned value. Forecasting cost
performance allows for accurate budget estimations.

Cost Performance Index (CPI) = Earned Value / Actual Costs

 Assessments

1. Our response to risk assessment which is performed early in the engagement.

a. Audit Plan
b. Physical observation
c. Data Gathering
d. Conduct the audit

2. The audit process is designed to determine the status of work performed on a project to
ensure it complies with the statement of work, such as the scope, time and budget of the
project, along with the maturity of the project management process.
a. Project Management plan
b. Project Management audit
c. Project Management
d. Financial Audit

3. At this point, you’ll have lots of data; so take these findings about improvements and faults,
and put them in an executive summary to give a clear and broad overview.
a. Present the results
b. Plan the audit
c. Summarize the audit
d. Conduct the audit

4. Provides strategic guidance by showing how much value you have earned from the money
spent to date on a project. It compares the value of the work completed by a specific date
in relation to the approved budget for the project.
a. Schedule variance
b. Cost performance
c. Earned value
d. Employee satisfaction score

5. Specifically looks at the dollar amount earned for the amount invested in a project.
a. Productivity
b. Gross profit margin
c. Cost value
d. Return on investment
6. Another method to capture customer satisfaction. This reveals customer loyalty by probing
the likelihood of a customer recommending the product or service.
a. Customer satisfaction index
b. Net promoter score
c. Employee engagement survey
d. Cost performance index

7. This cost is determined by adding up all the expenses for a specific project over
the timeline.
a. Cost Variance
b. Schedule Variance
c. Productivity
d. Actual cost

8. Used for project planning, scheduling, resource allocation and change management. It
allows project managers (PMs), stakeholders and users to control costs and manage
budgeting, quality management and documentation and also may be used as an
administration system.
a. Project management plan
b. Project management software
c. Project management audit
d. Audit plan

9. The budgeted cost of work performed minus the budgeted cost of work scheduled—the
difference between works scheduled and completed.
a. Schedule Variance
b. Cost Variance
c. Cost Performance
d. Actual cost

10. This shows the relationship between inputs and outputs. How much are you getting out
after all that you put into a project?
a. Productivity
b. Effectiveness
c. Efficiency
d. Performance
 ANSWER KEY

Operations Auditing

1. B
2. A
3. D
4. C
5. D
6. B
7. D
8. D
9. A
10. B

Audit Process
1. D
2. A
3. B
4. C
5. D
6. B
7. B
8. A
9. B
10. B
 Project Management

1. A
2. B
3. C
4. C
5. D
6. B
7. D
8. B
9. A
10. A
 QUESTION AND ANSWER
1

#1
1. Operational audits are primarily concerned with whether an organization follows
appropriate lawsand regulations. Answer: FALSE
2. Auditing is the process of attesting to assertions about economic actions and events.
Answer: TRUE
3. An effective tool of managerial control is the internal audit, or, as it is now coming
to be called, theoperational audit. Answer: TRUE
4. Internal auditing is an independent, objective assurance and consulting activity
designed to add valueand improve an organization’s operations. Answer: TRUE
5. Operational auditors are auditing for the “three Es”—effectiveness, efficiency and
economy.
Answer: TRUE
6. When approaching the review of operational areas of the organization, it is important
that the auditorhas an inaccurate appreciation of the related key issues.
ANSWER:FALSE

7. Audit objectives are synonymous with "management's objectives" as the audit

objectives specify theparticular focus that the auditors will have during the audit
engagement.
ANSWER:FALSE

8. Which of the following is under the financial

institution sectorA.)Branch Security
B.)Staff Accounts
C.)Management D.)All of the Above
ANSWER: D. All of the Above

9. Any parts of the business refer to where the audit objective is to review the
effectiveness, efficiencyand economy with which management is achieving its own
objectives.
ANSWER: TRUE

10. Which of the following is under the

HEALTH sector.A.)Insurance
Products
B.)Ch
aritable Funds C.)None of the
Above
D.)Bo
th A & B
ANSWER: D. Both A & B

11. Effectiveness is the ratio of actual outputs to planned Outputs. (TRUE)

12. Operational auditors are auditing for the “three E’s” - effectiveness, efficiency and
economy.
(TRUE)
13. Business Objectives are achieved through successful processes within the
operational areas of thebusiness. (TRUE)
14. Auditing can be defined simply as a comparison of the one’s own performance in a
 specific area withthat applied by others in compatible circumstances. (FALSE -
BENCHMARKING)
15. Benchmarking is an end in itself. (FALSE - NOT AN END)

#2
1. The financial accounting process focuses on internal reporting to manage costs and
revenues.
Answer: FALSE
2. Planning and control process are a course of action, executing that action,
measuring the results,comparing actual performance with planned performance
and deciding upon corrective action. Answer: TRUE

3. SAPGs is an acronym for Standard Audit Programme Guides. Answer: TRUE

4. The most common organizational structure within modern organizations is the
functional structure.
Answer: TRUE
5. Conversion process is fundamentally concerned with those activities relating to the
organization’scapital funds. Answer: FALSE
6. The way in which defined functions are mapped and interconnected across an
organization will notobviously differ considerably between organizations, and may
be influenced by best practice. Specific and the requirement of legislation and
regulation.
ANSWER: FALSE

7. The ubiquitous process which is related to those activities that exchange the
organization productsand services for cash.
A.)The Expenditure Process
B.)Accounting Process
C.)The Production/Conversion Process
D.)The Treasury Process
E.)None of The Above
ANSWER: E. None of the Above

8. The financial reporting process is based on the basic processing of transactions

reflecting economicevents, but concentrate upon the crucial consolidation and
reporting of results to various interested parties.
A.)False B.)Maybe C.)True D.)None
ANSWER: A. False

9. Control is likely to be weaker between sections than within sections for behavioral
reasons as well.
 ANSWER: TRUE

10. The internal audit activity addresses the same issues as part a process audit and
also as part of afunctional part.
ANSWER: TRUE
11. Lawrence and Lorsch showed that linking pins who share the norms of the
interfacing groups are likely to be more effective than those who are more closely
aligned to just one of the groups beinglinked. (TRUE)
12. Credit granting, processing orders and delivery and shipping are elements of the
revenue process.
(TRUE)
13. Conversion relates to the utilization and management of various resources in the
process of creatingthe goods and services to be marketed by the organization.
(TRUE)
14. Financial reporting process is based on the basic processing of transactions
reflecting economic events. (FALSE - IS NOT BASED)
15. Cash process is the gathering of data and its conversion into
information. (FALSE -INFORMATION PROCESS)

#3
1. The risk and control issues are further divided into two groups, namely key
issues and detailedissues. Answer: TRUE
2. Current Control/Measure column is used by the auditor to record a brief description
of any controlsor measures that are in place to address the issues raised in the
Risk/Control Issue column. Answer: TRUE
3. The term “exposure” in relation to risk could be defined as “an unwanted event
or outcome thatmanagement would wish to avoid”. Answer: TRUE

4. The internal auditor’s use of risk assessment can operate at three different levels of
audit planningand activity. Answer: FALSE
5. The critical contents of each SAPG are a number of risk or control issues
relevant to the specificsystem. Answer: TRUE
6. Compliance Testing Column cannot be used to record the test applied and a summary
outcome.
ANSWER: FALSE

7. Inherent Risk is also called Size Direction

ANSWER: FALSE

8. Practical Level is the auditor may choose to apply risk assessment techniques to
the potential universe of the possible audit projects as a means of setting relative
priorities, and thus determinethose higher risk audit projects for inclusion into the
annual audit plan.
 ANSWER: FALSE

9. The suggested form of the SAPG is divided into

distinct sections,
A.)Title Page, System Interfaces, The
risk/Control Issues
B.)Error System C.)External Control D.) Internal Control
ANSWER: A. Title Page, System Interfaces, The Risk/Control Issues

10. Practical refers to the level of audit planning and activity, the auditor may choose to
apply risk assessment techniques to the potential universe of possible audit projects
as means of setting relative priorities, and thus determine those higher risk audit
projects for inclusion into annual audit plan. ANSWER: FALSE
11. The principal activities of an operating unit or overseas subsidiary can also be
flexibly related to anumber of individual activity or system-based SAPGs.
(TRUE)
12. The risk and control issues are further divided into two groups, namely key
issues and detailedissues. (TRUE)
13. The Current Control/Measure column is used by the auditor to record a brief
description of any controls or measures that are in place to address the issues raised
in the Risk/Control Issue column.(TRUE)
14. The Effective Yes/No column can be used to record the test applied and a summary
outcome.
(FALSE - COMPLIANCE TESTING)
15. At a operational level the auditor may choose to apply risk assessment techniques to
the potential universe of possible audit projects as a means of setting relative
priorities, and thus determine those higher risk audit projects for inclusion into the
annual audit plan.
(FALSE - TACTICAL LEVEL)

#4
1. Internal control is an integral part of enterprise risk management. Answer: TRUE
2. The board sets the direction of the organization and oversees that management
implements thedirection set. Answer: TRUE
3. Shareholders and other stakeholders exercise control from inside (internal control).
Answer: FALSE
4. In risk management the internal audit activity must assist the organization in
maintaining effective controls by evaluating their effectiveness and efficiency and by
promoting continuous improvement.Answer: FALSE
5. Corporate governance is internal and external processes, with the board between.
Answer: TRUE
 6. Insurance is the outer layer of relationship between governance processes, risk
management andcontrol.
ANSWER: FALSE

7. Boards is not setting the direction of the organization and oversees that management
implements thedirection set.
ANSWER: FALSE

8. External Control is not the integral part of enterprise risk management.

ANSWER: FALSE

9. If it is sound to conceptualize that internal control is part of a risk management

which, in turn is part of the governance processes of the organization, then the
objectives of internal control must either bethe same as the objective of the risk
management or must be incorporated into broader objectives for risk management that
are consistent with those of internal control through broader.
ANSWER: TRUE

10. The internal audit activity must assess and make appropriate recommendations
for improving thegovernance process in its accomplishments of the following
A.)Ensuring effectiveness organizational performance management and accountability
B.)Coordinating the activities of and communicating information among the board,
external and internalauditors and management
C.)Communicating risk and control information to appropriate areas of the
organizationD.) None of the above
F.) Both A B and C
ANSWER: F. Both A, B and C

11. Internal control is an integral part of enterprise risk management. (TRUE)

12. The internal audit activity must evaluate and contribute to the improvement of
governance, riskmanagement, and control processes using a systematic and
disciplined approach. (TRUE)
13. The board has an accountability obligation to the shareholders and other
stakeholders of theorganization. (TRUE)
14. The board is clearly not an important governance process. (FALSE - IMPORTANT)
15. The internal governance sets the direction of the organization and oversees that
managementimplements the direction set. (FALSE - BOARD)

#5
1. The internal audit activity must evaluate the effectiveness and contribute to the
improvement of riskmanagement processes. Answer: TRUE
2. The internal audit activity must evaluate risk exposures relating to the
organization’s governance,operations, and information systems. Answer: TRUE
 3. Enterprise risk management framework is geared to achieving an entity’s
objectives, set forth inthree categories. Answer: FALSE
4. The inherent risk is the risk that the organization is exposed to after taking account
of the active andpassive controls that, fortuitously or by design, are in place.
Answer: FALSE
5. The graphical approach is an excellent tool to use when brainstorming in workshops
about the threatsto the organization or to parts of it. Answer: TRUE
6. Strategic is the high-level goals aligned with and supporting its mission.
ANSWER: TRUE
7. Operations is an effective and efficient use of its resources.
ANSWER: TRUE

8. Major risks that organizations are exposed to may not be on top management’s radar
screen.
ANSWER: TRUE

9. The internal audit activity must not evaluate the effectiveness and contribute to the
improvement ofrisk management processes.
ANSWER: FALSE

10. Major risk that organizations are exposed may be on top management's radar screen.
ANSWER: FALSE
11. Risk is measured in terms of the degree of likelihood that the event might occur,
coupled with theprobable impact should the event occur. (TRUE)
12. Major risks in effect may be buried in the woodwork of the organization, like a
woodworm invisiblyweakening the organization. (TRUE)
13. Threats may or may not be independent of each other. (TRUE)
14. The gross risk is how much damage would probably be done to the organization
if the cash werecarelessly left lying around in full view and completely
accessible to strangers. (FALSE - INHERENT RISK)
15. The inherent risk is the risk that the organization is exposed to after taking account
of the active andpassive controls that, fortuitously or by design, are in place.
(FALSE - GROSS RISK)

#6
1. Business processes don’t need to be well controlled. Answer: FALSE
2. Internal control is the control exercised within the business by management and
overseen by theboard. Answer: TRUE
3. Fayol is the “father of management theory” and was the first to describe “control”
as a function ofmanagement along with other functions. Answer: TRUE
 4. Planning—for instance, structuring the business into subdivisions and
determining reportingarrangements. Answer: FALSE
5. In order to function efficiently and successfully, an organization requires that
irrelevant informationis provided to the right people at the right time. Answer:
FALSE
6. Internal control exercised within the business by management and overseen by the
board.
ANSWER: TRUE
7. Accounting control means it comprises the plan of the organization and the
procedures and recordsthat are concerned with the safeguards of assets and the
reliability of financial records. ANSWER: TRUE

8. Under internal control, EXCEPT

A.)Reliability of Financial Reporting B.)Effectiveness and
Efficiency of OperationsC.)Compliance with Applicable Laws and
Regulations D.)None of the Above
ANSWER: D. None of the Above

9. Planning, Organizing and Staffing are a justifiable for CASO to define internal
control broadly.Control depends on each of the other functions of management.
ANSWER: TRUE
10. Coordinating is the art of ensuring that happening occurs in harmony with each other
without whichthings will be out of control.
ANSWER: TRUE
11. Fayol is the “father of management theory”. (TRUE)
12. The control environment includes the values, ethics, culture and commitment of the
organisation andits members. (TRUE)
13. The control environment provides the discipline and structure for the achievement
of the primaryobjectives of the system of internal control. (TRUE)
14. Business and society are static entities, they are subject to all manner of changes
initiated from bothwithin and outside an entity. (FALSE - NOT STATIC)
15. Internal communication requirements will cater for both inward and outward
flows. (FALSE -EXTERNAL)

#7
1. Operational auditors are auditing for the “three Es” equity, environment and ethics.
(FALSE)
2.”Audit objectives” are synonymous with “management objectives” (FALSE)
3. Internal auditors must possess the knowledge, skills, and other competencies needed
to perform theirindividual responsibilities. (TRUE)
 4. The focus of a benchmarking exercise can be varied in relation to the fundamental
justification andobjectives of the process. (TRUE)
5. Value for money auditing takes account of the three Es. (TRUE)

#8
1. There are six principal processes commonly found within organizations. (TRUE)

2. The area under review is clearly bounded and reporting lines to responsible
management are clear-cutare the two advantages of using departmental and functional
basis for defining audit reviews. (TRUE)

3. Reviewing business processes using the control self-assessment (CSA) approach

cannot be a workable alternative to the traditional internal audit approach though
CSA provides a lesser level of objective assurance. (FALSE)

4. The main benefit of this approach is that it should encompass

all the relevant issues and aim to provide reassurance to
management on the effectiveness of theinternal control measures
in place across the whole process. (TRUE)

5. The Corporate Framework Process is the process that incorporates those activities
concerned withensuring effective and appropriate governance processes and external
accountability. (TRUE)

#9
1. The main benefit of this approach is that it should encompass all the relevant issues and aim
to provide reassurance to management on the effectiveness of the internal control measures in
place across the whole process. (TRUE)

2. (SAPGs) stands for Standard Audit Programme Guides. (TRUE)

3. In the proposed SAPG format, the critical contents of each SAPG are a number of risk or
control issues relevant to the specific system. (TRUE)

4. The risk and control issues are further divided into two groups, namely key issues and
detailed issues.
(TRUE)

5. Risk is likely to remain a potent determinant in directing audit work. (TRUE)

6. Internal control is an integral part of enterprise risk management. (TRUE)

7. The internal audit activity doesn’t evaluate the effectiveness and contribute to the
improvement of riskmanagement processes. (FALSE)

8. Shareholders and other stakeholders exercise control from inside (internal control). (FALSE)

9. The costs of the internal audit activity would be regarded as one of the costs of running
the board.
(TRUE)

10. One of the Control Objectives for External Governance Processes is to ensure that the
organization ismindful of the interests of its owners and other stakeholders. (TRUE)

#10
1. It helps an organization accomplish its objectives by bringing a systematic,
disciplined approach toevaluate and improve the effectiveness of risk management, control,
and governance processes. (TRUE)
2. Two useful tools to apply in risk management- first, the risk matrix and secondly, the
risk register.
(TRUE)
3. An individual risk may be plotted graphically using a graph, sometimes known as a risk
map or matrix.
(TRUE)
4. The “Control Environment” component under the 2002 internal control framework is
now termed the“Internal Environment”. (TRUE)
5. This enterprise risk management framework is geared to achieving an entity’s objectives,
set forth in fourcategories: strategic, operations, reporting and compliance. (TRUE)
6. Internal control” is the control exercised outside the business by management and overseen by
the board.
(FALSE)
7. There is no control without: planning, organizing, directing and leading, staffing and co-
ordinating.
(TRUE)
8. COSO defines internal control as being all aspects of all processes that give reasonable
assurance of theachievement of all, not just some, of the organizational objectives. (TRUE)
9. Internal control is achieved by means of five essential components of internal control that
must be inplace and must be functioning well. (TRUE)
10. In any organization of people, the essence of control is purpose, commitment, capability,
and monitoringand learning. (TRUE)
#11
TRUE 1. Auditors of operations should keep firmly in their mind the objectives of
management for theoperations being audited.
TRUE 2. Equity is the avoidance of discrimination and unfairness; acceptance and
promotion of diversity.
TRUE 3. Ethics is the legal and moral conduct by management and staff.
FALSE 4. Ethics is the acting in an environmentally responsible way. Answer: environment
FALSE 5. Value for money (VFM) can be defined simply as a comparison of one’s own
performance in a specific area with that applied by others in compatible circumstances.
-----------

TRUE 1. The Revenue Process is one of the six ubiquitous processes.

TRUE 2. Revenue Process is the transaction flows relating to revenue generating and
collection functionsand related controls over such activities as sales orders, shipping, and
cash collection.
TRUE 3. SAPGs stands for Standard Audit Programme Guides.
FALSE 4. The Time Process is part of the hallmarks of a sound business process.
FALSE 5. The Financial Reporting Process incorporates those activities concerned with
ensuring effectiveand appropriate governance processes and external accountability. Answer:
Corporate Framework Process

--------------------

TRUE 1. SAPGs are intended for use during management and audit reviews of
activities within anorganization.
TRUE 2. The critical contents of each SAPG are a number of risk or control issues
relevant to the specificsystem.
TRUE 3. The risk and control issues are further divided into two groups, namely key
issues and detailedissues.
FALSE 4. The term “risk” could be defined as “an unwanted event or outcome that
management wouldwish to avoid.” Answer: Exposure
FALSE 5. WP Ref. column is used by the auditor to record a brief description of any controls or
measuresthat are in place to address the issues raised in the Risk/Control Issue column.
Answer: Current

-------------------------
TRUE 1. The internal audit activity must assess and make appropriate recommendations
for improving thegovernance process in its accomplishment by promoting appropriate ethics
and values within the organization.
TRUE 2. The external auditors belong to the external aspects of corporate
governance since externalauditors’ report to the external shareholders.
TRUE 3. One of the Control Objectives for Internal Governance Processes is to promote
appropriate ethicsand values within the organisation.
TRUE 4. One of Control Objectives for External Governance Processes is to ensure that the
organisation’saccountability to its stakeholders is transparent.
FALSE 5. The board is clearly not an important governance process.

---------------------------
FALSE 1. This enterprise risk management framework is geared to achieving an entity’s
objectives, setforth in four categories: Strategic, Operations, Reporting, and Complaint.
Answer: Complaint -> Compliance.
FALSE 2. Operations is the high-level goals, aligned with and supporting its mission.
Answer: Strategic.
TRUE 3. Operations is the effective and efficient use of its resources.
TRUE 4. The two useful tools to apply in risk management are: risk matrix and
risk register. TRUE 5. Risk is usually defined as the possibility that an event
will occur and adversely affect theachievement of objectives.
--------------------------
TRUE 1. Fayol was the first to describe “control” as a function of management along with
other functionswhich he set out as being planning, organising, commanding, coordinating,
controlling.
TRUE 2. Accounting control comprises the plan of the organisation and the procedures
and records thatare concerned with the safeguards of assets and the reliability of financial
records.
FALSE 3. Risk response is an essential component of internal control as we need to assess
where the risksare greatest in order to focus our scarce resources in those areas. Answer:
Risk Assessment
FALSE 4. Internal communication requirements will cater for both inward and outward flows.
Answer:External communication
FALSE 5. The term “external” is used to refer to what happens within a system, and
“internal” if the variable enters from outside the system boundary, or exits to beyond the
system boundary. Answer: Internal,external

--------------------------------

#12
1. Broadly defined, the subject matter of any audit consists of
a. Financial statements
b. Economic data
c. Assertions
d. Operating data

2. An audit of financial statements is conducted to determine if the

a. Organization is operating efficiency and effectively
b. Auditee is following specific procedures or rules set down by some higher
authority
c. Overall financial statement statements are stated in accordance with the
applicable financial reporting framework
d. Client’s internal control is functioning as intended

3. Most of the independent auditor’s work in formulating an opinion on financial

statement consist of
a. Studying and evaluating internal control
b. Obtaining and examining evidential matter
c. Examining cash transaction
d. Comparing recorded accountability with assets
 4. In financial statement audits, the audit process should be conducted in
accordance with
a. The audit program
b. Philippine standard on auditing
c. Philippine accounting standards
d. Philippine Financial Reporting Standards

5. Which of the following best describe the operational audit?

a. It requires the constant review by internal auditors of the administrative controls
as they relate to operations of the company.
b. It concentrates on implementing financial and accounting control in a
newly organized company.
c. In attempts and is designed to verify the fair presentation of a company’s results of
operations.
d. It concentrates on seeking out aspects of operations in which waste would
be reduced by the introduction of controls.

6. The auditor communicates the results of his or her work through the medium if the
a. Engagement letter
b. Audit report
c. Management letter
d. Financial statement

7. Which of the following types of auditing is performed most commonly by CPA’s on a

contractual basis?
a. Internal Auditing
 b. Income tax auditing
c. Government auditing
d. External auditing

8. Independent auditing can best be describe as a

a. Professional activity that measures and communicates financial
accounting data
b. subset accounting
c. Professional activity that attest to the fair presentation of financial statement
d. Regulatory activity that prevents the issuance of improper financial
information

9. Which of the following statements is not a distinction between independent auditors

and internal auditors?
a. Independent auditors represent third party users external to the auditee
entity, whereas internal auditors report directly to management.
b. Although independent auditors strive for both validity and relevance of evidence,
internal auditors are concerned almost exclusively with validity.
c. Internal auditors are employees of the auditee, whereas independent
auditors are independent contractors.
d. The internal auditor’s span of coverage goes beyond financial auditing to
encompass operational and performance auditing.

10. Which of the following has the primary responsibility for the fairness of the
representations made in the financial statements?
a. Client’s management
b. Audit Committee
c. Independent auditor
d. Board of Accountancy

11. An audit of the financial statements of KIA Corporation is being conducted by an external
auditor. The external auditor is expected to
a. express an opinion as to the fairness of KIA’s financial statements.
b. express an opinion as to the attractiveness of KIA for investment
purposes.
c. certify the correctness of KIA’s Financial Statements.
d. examine all evidence supporting KIA’s financial statements.

12. Which of the following statements about independent financial statements audit is correct?
a. The audit of financial statements relieves management of its
responsibilities for the financial statement
b. An audit is designed to provide limited assurance that the financial
statements taken as a whole are free from material misstatement
c. The procedures required to conduct an audit in accordance with PSAs
should be determined by the client who engaged the services of the auditor.

d. The auditor’s opinion is not an assurance as to the future viability of the entity as
well as the effectiveness and efficiency with which management has conducted the
affairs of the entity.
 13. The reason an independent auditor gathers evidence is to
a. Form an opinion on the financial statements
b. Detect fraud
c. Evaluate management
d. Evaluate internal controls

14. An attitude that includes a questioning mind and critical assessment of audit evidence
is referred to as
a. Due professional care
b. Professional skepticism
c. Reasonable assurance
d. Supervision

15. Jack has been retained as auditor of EVC Company. The function of Jack’s opinion on
financial statements of EVC Company is to
a. Improve financial decisions of company management
b. Lend Credibility to management’s representation
c. Detect fraud and abuse in management operations
d. Serve requirements of BIR, SEC, or Central Bank

16. Which of the following is not one of the limitations of an audit?

a. The use of testing
b. Limitations imposed by client
c. Human error
d. Nature of evidence that the auditor obtains

17. Which of the following statements does not properly describe a limitation of an audit?
a. Many audit conclusions are made on the basis of examining a sample of
evidence.
b. Some evidence supporting peso representation in the financial statement must be
obtained by oral or written representation of management.
c. Fatigue can cause auditors to overlook pertinent evidence.
d. Many financial statement assertions cannot be audited.

18. Which of the following is not one of the general principles governing the audit of financial
statements?
a. The auditor should plan and perform the audit with an attitude of
professional skepticism.
b. The auditor should obtain sufficient appropriate evidence primarily through
inquiry and analytical procedure to be able to draw reasonable conclusions.
c. The auditor should conduct the audit in accordance with PSA.
d. The auditor should comply with the Philippine Code of Professional Ethics.

19. Which of the following statements does not describe a condition that creates a demand
for auditing?
a. Conflict between an information preparer and a user can result in biased
 information.
b. Information can have substantial economic consequence for a decision- maker.
c. Expertise is often required for information preparation and verification.
d. Users can directly assess the quality of information.

20. Which of the following statements does not properly describe an element of
theoretical framework of auditing?
a. The data to be audited can be verified.
b. Short-term conflicts may exist between mangers who prepare the data and
auditors who examine the data.
c. Auditors act on behalf of the management.
d. An audit benefits the public

-------------------------------

1. An intentional act by one more individuals among management, employees, or third

parties which results in misrepresentation of financial statement refers to
a. Error
b. Noncompliance
c. Fraud
d. Illegal acts

2. The responsibility for the detection and prevention of errors, fraud and
 noncompliance with laws and regulations rests with
a. Auditor
b. Client’s legal counsel
c. Fraud
d. Illegal acts

3. The auditor’s best defense when material misstatements in the financial

statements are not uncovered in the audit is that
a. The audit was conducted in accordance with generally accepted
accounting principles
b. Client is guilty of contributory negligence
c. The audit was conducted in accordance with PSAs
d. Issuing a representation letter to the auditor

4. The following statements relate to the auditor’s responsibility for the detection of errors and
fraud. Identify the correct statements.
I. Due to the inherent limitation of the audit, there is a possibility
that material misstatements in the financial statements may not
be detected.
II. The subsequent discovery of material misstatement of the
financial information resulting from fraud or error does not, in
itself, indicate that the auditor failed to follow the basic principles
and essential procedures of an audit.
a. I only
b. Both Statements are true
c. II only
d. Both statements are false

5. What primarily differentiates fraud from an error

a. Materiality
b. Effect on misstatements
c. Intent
d. Frequency of occurrence

6. The term “error” refers to unintentional misrepresentation of financial

information. Examples of errors are when
I. Assets have been misappropriated
II. Transactions without substance have been recorded
III. Records and documents have been manipulated and falsified
IV. The effects of the transaction have been omitted from the records
a. all of the above statements are true
b. only statements I and III are true
c. all of the above statements are false
d. only statement II and IV are true
 7. Which of the following best identifies the two types of fraud?
a. Theft of assets and employee fraud.
b. Misappropriation of asset and defalcation.
c. Management fraud and employee fraud.
d. Fraudulent financial reporting and management fraud.

8. Which of the following statements best describe an auditor’s responsibility to detect errors
and fraud?
a. An auditor should assess the risk that errors and fraud may cause
the financial statements to contain material misstatements and should
 design the audit to provide reasonable assurance of detecting errors and
fraud that are material to the financial statements.
b. An auditor is responsible to detect material errors, but has no
responsibility to detect material fraud that are concealed through employee
collusion or management override of the internal control structure.
c. An auditor has no responsibility to detect errors and fraud unless
analytical procedures or tests of transactions identify conditions causing a
reasonably prudent auditor to suspect that the financial statements were
materially misstated.
d. An auditor has no responsibility to detect errors and fraud because
an auditor is not an insurer and an audit does not constitute a guarantee.
9. “The auditor would ordinarily expect to find evidence to support management
representations and not assume that they necessarily correct”.
This is an example of
a. Unprofessional behavior
b. An attitude of professional skepticism
c. Due diligence
d. A rule in code of professional conduct.
10. Which of the following statement is true?
a. It is usually easier for the auditor to uncover fraud than errors.
b. It is usually easier for the auditor to uncover errors than fraud.
c. It is usually equally difficult for the auditor to uncover errors or fraud.
d. Usually, the auditor does not design procedures to uncover fraud or

11. The most difficult type of misstatement to detect is fraud based on

a. The over recording of transaction
b. The non-recording of transactions
c. Recorded transactions in subsidiaries
d. Related party receivable
12. If an auditor was engaged to discover errors or fraud and the auditor performed
extensive detail work, which of the following could the auditor be expected to
detect?
a. Misposting if recorded transactions
b. Unrecorded transaction
c. Counterfeit signatures on paid checks
d. Collusive fraud
13. Which of the following statements is incorrect?
a. The responsibility for the prevention and detection of fraud and error
rests with management.
b. The auditor is not and cannot be held responsible for the detection
of fraud or error.
c. In planning an audit, the auditor should assess the risk that fraud or error
may cause the financial statements to contain material misstatement.
d. The risk of not detecting material fraud is higher than the risk of not
detecting a material misstatement arising from error.
14. Which of the following statement about fraud or error is incorrect?
a. The auditor is not and cannot be held responsible for the prevention of
fraud and error.
b. The responsibility for the prevention and detection of fraud and
error rests with management.
c. The auditor should plan and perform the audit with an attitude of
professional skepticism, recognizing that conditions or events may be
found that fraud or error may exist.
d. The likelihood of detecting fraud is ordinarily higher than that of
detecting error.
15. Which of the following is not an assurance that the auditors give to the parties
who rely on the financial statements?
a. Auditors know how the amounts and disclosures in the financial
statements were produced.
b. Auditor’s give assurance that the financial statements are accurate.
c. Auditors gathered enough evidence to provide a reasonable basis for
forming an opinion.
d. If the evidence allows the auditors to do so, auditors give assurance
in the form of opinion, as to whether the financial statements as a
whole are fairly presented in conformity with GAAP.
16. Which of the following is most likely to be presumed to represent fraud risk
on an audit?
 a. Capitalization of repairs and maintenance into the property, plant and
equipment asset account.
b. Improper revenue recognition
c. Improper interest expense accrual
d. Introduction of significant new products
17. Which of the following conditions or events would least likely increase risk of
fraud or error?
a. Questions with respect to competence or integrity of management
b. Unusual pressures within the entity
c. Unusual transactions
d. Lack of transaction trail

18. Which of the following would be least likely to suggest to an auditor that the
client’s financial statement are materially misstated?
a. There are numerous delays in preparing timely internal financial
reports.
b. Management does not correct internal control structure weaknesses
that it knows about.
c. Differences are reflected in the customer’s confirmation replies.
d. There have nee two new controllers this year.
19. Which of the following circumstances would least likely cause auditor to
consider whether a material misstatement exists?
a. The turnover of senior accounting personnel exceptionally low.
b. Management places substantial emphasis on meeting, earning
projections.
c. There are significant unusual transactions near year-end.
d. Operating and financing decisions are dominated by one person.
20. Which of the following conditions would not normally cause the auditor to
question whether material errors or possible fraud exists?
a. The accounting department is overstaffed.
b. Differences exist between control accounts and supporting
subsidiary records.
c. Transactions are not supported by proper documentation.
d. There are frequent changes of auditor’s lawyers.

----------------------------------
1. The primary responsibility for establishing and maintaining an internal control rests
with
a. The external auditors
b. The internal auditors
c. Management and those charged with governance
d. The controller or the treasurer

2. The fundamental purpose of an internal control is to

a. Safeguard the resources of the organization
b. Provide reasonable assurance that the objectives of the organization are
achieved
c. Encourage compliance with organization objectives
d. Ensure the accuracy, reliability and timeliness of information

3. Which of the following is not one of the three primary objectives of effective internal
control?
a. Reliability of financial reporting
b. Efficiency and effectiveness of operations
c. Compliance with laws and regulations
d. Assurance of elimination of business risk.

4. Which of the following internal control objectives would be most relevant to the audit?
a. Operational objective
b. Compliance objective
c. Financial reporting objective
d. Administrative control objective

5. An act of two or more employee to steal assets and cover their theft by
misstating the accounting records would be referred to as:
a. Collusion
b. A material weakness
c. A control deficiency
d. A significant deficiency

6. Which of the following is not one of the components of an entity’s internal control?
a. Control risk
b. Control activities
c. Information and communication
d. The control environment

7. The overall attitude and awareness of an entity’s board of director concerning the
importance of the internal control usually is reflected in its
a. Computer-based controls
b. System of segregation of duties
c. Control environment
d. Safeguard over access of assets
8. In evaluating the design of the entity’s internal control environment, the auditor considers
the certain subcomponents of control environment and how they have been incorporated
into the entity’s processes. Subcomponents of control environment would include
a. Integrity and ethical values
b. Commitment to competence
c. Organizational structure
d. Information and communications systems

9. Which of the following components of an entity’s internal control structure

includes the development of employee promotion and training policies?
a. Control activities
b. Control environment
c. Information and communication
d. Quality control system

10. Which of the following subcomponents of the control environment define the existing
lines of responsibility and authority?
a. Organizational structure
b. Management philosophy and operating style
c. Human resource policies and practices
d. Management integrity and ethical values

11. Which of the following is not one of the subcomponents of the control
environment?
a. Management philosophy and operating style
b. Organizational structure
c. Adequate separation of duties
d. Commitment to competence

12. Which of the following deal with ongoing or periodic assessment of quality of
internal control by management?
a. Quality control activities
b. Monitoring activities
c. Oversight activities
d. Management activities

13. The policies and procedures that help ensure that management directives are carried
out are referred to as the:
a. Control environment
b. Control activities
c. Monitoring of controls
d. Information systems

14. Which of the following is not one of the specific control activities that are
relevant to financial statement audit?
a. Performance reviews
b. Physical controls
 c. Segregation of duties
d. Monitoring

15. Proper segregation of functional responsibilities in an effective structure of internal

control calls for separation of functions of
a. Authorization, execution, and payment
b. Authorization, recording, and custody
c. Custody, execution, and reporting
d. Authorization, payment, and recording

16. Which of the following best describes the purpose of the control activities?
a. The actions, policies and procedures that reflect the overall attitudes of the
management
b. The identification and analysis of risks and relevant to the preparation of
the financial statements
c. The policies and procedures that help ensure that necessary actions are taken
in order to achieve the entity’s objectives
d. Activities that deal with the ongoing assessment of the quality of internal
control by management

17. When the auditor attempts to understand the operation of the accounting system by
tracing a few transactions through the accounting system, the auditor is said to be:
a. Tracing
b. Vouching
c. Performing a walk through
d. Testing controls

18. Which of the following is not a medium that can normally be used by an auditor to record
information concerning a client’s internal control policies and procedures?
a. Narrative memorandum
b. Flowchart
c. Procedures manual
d. Questionnaire

19. An auditor uses the knowledge provided by the understanding of internal control and the
final assessed level of control risk primarily to determine the nature, timing and extent of
the
a. Attribute tests
b. Tests of controls
c. Compliance tests
d. Substantive tests
20. Based on the requirement of PSA 3330, how frequently must an auditor test operating
effectiveness of controls that appear to functions as they have in past years and on which
the auditor wishes to rely in the current year?
a. Monthly
b. Each audit
c. At least every second audit
d. At least every third audit

---------------------------
1. These are acts of omission or commission by the entity being audited, either intentional or
unintentional, which are contrary to the prevailing laws and regulations.
a. Fraud
b. Misappropriation
c. Noncompliance
d. Defalcation

2. In order to achieve the objectives of the accountancy profession, professional accountants

have to observe a number of prerequisites or fundamental principles. The fundamental
principles include the following except
a. Objectivity
b. Professional competence and due care
c. Technical standards
d. Confidence

3. The principle of professional competence and due care imposes certain obligations on
professional accountants. Which of the following is not one of those obligations required
by this principle?
a. To act diligently in accordance with applicable technical and professional standards
b. To be fair, intellectually honest and free of conflict of interest
c. To become aware and understand relevant technical, professional and business
developments
d. To obtain professional knowledge and experience to enable them to fulfil their
responsibilities

4. The phase of professional competence that requires a professional accountant to adopt a

program designed to ensure quality control in the performance of professional services
consistent with technical and professional standards is:
a. Attainment of professional competence
b. Maintenance of professional competence
c. Application of professional competence
d. Review of professional competence

5. The essence of the due care principle is that the auditor should not be guilty of:
a. Bias
b. Errors in judgement
c. Fraud
d. Negligence

6. The principle of confidentiality applies to:

a. Professional accountants in public practice
b. Professional accountants in commerce and industry
c. Professional accountants in government
d. All professional accountants

7. The principle of confidentiality imposes an obligation on professional accountants to

refrain from:
a. Disclosing confidential information to another party even if client authorizes the
disclosure
b. Using confidential information acquired as a result of professional and business
relationships to their personal advantage or the advantage of the third parties
c. Disclosing information to defend themselves in case of litigation
 d. Responding to an inquiry or investigation conducted by the Professional Regulatory
Board of Accountancy

8. A CPA should not disclose confidential information obtained during an audit

engagement in which one of the following situations?
a. When the security of the state requires
b. With the consent of the client
c. In defense of himself when sued by his client
d. To a successor auditor without the client’s permission

9. Which of the following is considered a violation of rules on confidentiality?

a. The CPA discloses information to protect his own interest in the course of legal
proceedings
b. The CPA discloses information to a successor auditor after obtaining the
client’s permission
c. The CPA discloses information to another CPA in compliance with a quality
control review conducted by the BOA
d. The CPA divulges information disclosed to him by a prospective client.

10. In which of the following circumstances would a CPA be bound by the ethics to refrain
from disclosing any confidential information obtained during course of a professional
engagement?
a. The CPA is issued summon enforceable by the court order which orders the
CPA to present confidential information
b. A major stockholder of a client company seeks accounting information from CPA
after the management declined to disclose the requested information
c. Confidential client information is made available with the client’s permission
d. An inquiry by the PRC and the CPA needs the disclosure to defend himself

11. The principle of professional behaviour requires a professional accountant to

a. Be straightforward and honest in performing professional services
b. Be fair and should not allow prejudice or bias, conflict of interest or
influence of others to override objectivity
c. Perform professional services with due care, competence and diligence
d. Act in a manner consistent with the good reputation of the profession and refrain
from any conduct which might bring discredit to profession

12. Which of the following most accurately states how objectivity has been defined by the
Code of Ethics?
a. Being honest and straight forward in all professional and business
relationships.
b. A state of mind that permits the provision of an opinion without being
affected by influences that compromise professional judgement
c. A combination of impartiality, intellectual honesty and a freedom from conflict
of interest
d. Avoiding facts and circumstances that could reduce the public confidence in the
professional accountant’s report

13. Which fundamental principle is seriously threatened by an engagement that is compensated

based on the net proceeds on loans received by the client from a commercials bank?
 a. Integrity
b. Objectivity
c. Confidentiality
d. Professional behaviour

14. Independence is required whenever a professional accountant performs:

a. Professional services
b. Assurance services
c. Non-assurance services
d. Tax consultancy services

15. It refers to the avoidance of facts and circumstances that are so significant that a
reasonable and informed third party, having knowledge of all relevant information,
including safeguards applied, would reasonably conclude a firm’s or a member of the
assurance team’s integrity, objectivity or professional scepticism had been compromised.
a. Independence in fact
b. Independence in appearance
c. Independence in mind
d. Inherent independence

16. This occurs as a result of the financial or other interests of a professional

accountant or of an immediate or close family member.
a. Self-interest threat
b. Self-review threat
c. Advocacy threat
d. Familiarity threat

17. Acting for an audit client in the resolution of a dispute or litigation would most likely
create
a. Self-interest threat
b. Intimidation threat
c. Advocacy threat
d. Familiarity threat

18. The preparation of accounting records of financial statements for an audit client will most
likely create
a. Self-interest threat
b. Self-review threat
c. Intimidation threat
d. Familiarity threat

19. Accepting gift or undue hospitality from an assurance client would create most likely
create
a. Familiarity threat
b. Self-review threat
c. Advocacy threat
d. Intimidation threat

20. Using the same senior personnel on an assurance engagement over a long period
of time would most likely create
a. Intimidation threat
b. Advocacy threat
 c. Familiarity threat
d. Self-interest threat

----------------------------------

1. This consists of checking the mathematical accuracy of documents of records.

a. Reperformance
b. Confirmation
c. Recalculation
d. Inspection

2. Which of the following assertions does not relate to balances at period end?
a. Existence
b. Occurrence
c. Valuation or allocation
d. Rights and obligations

3. Which of the following assertions does not relate to classes of transactions and events
for the period?
a. Completeness
b. Valuation
c. Cut-off
d. Accuracy

4. An assertion that transactions are recorded in the proper accounting period is:
a. Classification
b. Occurrence
c. Accuracy
d. Cut-off

5. Which of the following is not normally performed in the preplanning or pre-

engagement phase?
a. Deciding whether to accept or reject an audit engagement
b. Inquiring from predecessor auditor
c. Preparing an engagement letter
d. Making a preliminary estimate of materiality

6. Before accepting an engagement to audit a new client, a CPA is required to obtain

a. A preliminary understanding of the prospective client’s industry and
business
b. The prospective client’s signature to the engagement letter
c. An understanding of the prospective client’s control environment
d. A representation letter from the prospective client

7. Preliminary knowledge about the client’s business and industry must be obtained prior to
the acceptance of the engagement primarily to
a. Determine the degree of knowledge and expertise required by the
engagement
b. Determine the integrity of management
c. Determine whether the firm is independent with the client
 d. Gather evidence about the fairness of the financial statements

8. In an audit, communication between the predecessor and incoming auditor should

be
a. Authorized in an engagement letter
b. Acknowledged in a representation letter
c. Either written or oral
d. Written and included in the working papers

9. Arnel, CPA, is succeeding Von, CPA, on the audit engagement of Almar Corporation.
Arnel plans to consult Von and to review Von’s prior year working papers. Arnel may
do so if
a. Von and Almar consent
b. Almar consents
c. Von consents
d. Von and Arnel consent

10. An incoming auditor should request the new client to authorize the predecessor auditor
to allow a review of the predecessor’s
Engagement letter Working Paper
a. Yes Yes
b. Yes No
c. No Yes
d. No No

11. Engagement letter that documents and confirms the auditor’s acceptance of the
engagement would normally be sent to the client
a. Before the audit report is issued
b. After the audit report is issued
c. At the end of fieldwork
d. Before the commencement of the engagement

12. Which of the following is not one of the principal contents of an engagement letter?
a. Objective of the financial statements
b. Unrestricted access to records and documents
c. Limitations of the engagement
d. Management’s responsibility for the financial statements

13. Arrangements concerning which of the following are least likely to be included in
engagement letter?
a. Auditor’s responsibilities
b. Fees and billing
c. CPA investment in client securities
d. Other forms of reports to be issued in addition to the audit report

14. The audit engagement letter should generally include a reference to each of the following
except
a. The expectation of receiving a written management representation letter
 b. A request for the client to confirm the terms of engagement
c. A description of the auditor’s method of sample selection
d. The risk that material misstatements may remain undiscovered

15. Which of the following would be least likely to be included in the auditor’s
engagement letter
a. Forms of the report
b. Extent of his responsibilities
c. Objectives and scope of the audit
d. Type of opinion to be issued

16. According to PSA 210, the auditor and the client should agree on the terms of
engagement. The agreed terms would need to be recorded in a(n)
a. Memorandum to be placed in the permanent section of the auditing
working papers
b. Engagement letter
c. Client representation letter
d. Comfort letter

17. Which of the following factors most likely would influence an auditor’s
determination of the auditability of the entity’s financial statements
a. The complexity of the accounting systems
b. The existence of related party transactions
c. The adequacy of the accounting records
d. The operating effectiveness of control procedures

18. Which of the following factors most likely would cause an auditor not to accept a new
audit engagement?
a. An inadequate understanding of the entity’s interval control structure
b. The close proximity to the end of the entity’s fiscal year
c. Concluding that the entity’s management probably lacks integrity
d. An inability to perform preliminary analytical procedures before assessing
control risk

19. Which of the following should an auditor obtain from the predecessor auditor prior to
accepting an audit engagement
a. Analysis of balance short accounts
b. Analysis of income statements accounts
c. All matters of continuing accounting significance
d. Facts that might bear on the integrity of management

20. An incoming auditor most likely would make specific inquiries of the predecessor auditor
regarding
a. Specialized accounting principles of the client’s industry
b. The competency of the client’s internal audit staff
c. The uncertainty inherent in applying sampling procedures
d. Disagreements with management as to auditing procedures

----------------------
1. Which of the following statements is most correct regarding the primary purpose of audit
procedures?
a. To detect all errors or fraudulent activities as well as illegal activities
b. To comply with the SEC
c. To gather corroborative audit evidence about management’s assertions
regarding the client’s financial statements
d. To determine the amount of errors in the balance sheet accounts in order
to adjust the accounts to actual

2. A procedure designed to test for monetary misstatements directly affecting the validity
of the financial statement balances is a:
a. Test of controls
b. Substantive test
c. Test of attributes
d. Monetary-unit sampling test

3. You are auditing the company’s purchasing process for goods and services. You are
primarily concerned with the company not recording all purchase transactions. Which
audit procedure below would be the most effective audit procedure in this case?
a. Vouching from the accounts payable account to the vendor invoices.
b. Tracing vendor invoices to recorded amounts in the accounts payable
account.
c. Confirmation of accounts payable recorded amounts.
d. Reconciling the accounts payable subsidiary ledger to the accounts
payable account.

4. The information obtained by the auditor in arriving at the conclusions on which the
audit opinion is based is called:
a. Audit working papers
b. Audit assertions
c. Audit evidence
d. Audit standards

5. The major reason an independent auditor gathers evidence is to

a. form an opinion on the financial statements.
b. detect fraud.
c. evaluate management.
d. evaluate internal control.

6. Which of the following is the best example of a corroborating evidence?

a. General journal
b. Worksheet cost allocation
c. Vendor’s invoice
d. Cash receipts journal

7. Which of the following statements about audit evidence is correct?

a. Appropriateness is the measure of the quantity of audit evidence.
b. Sufficiency is the measure of the quality of audit evidence and its
relevance to a particular assertion and its reliability.
c. Audit evidence is more persuasive when items of evidence from different
sources or of different nature are consistent.
 d. There should be a one-to-one relationship between audit objective and audit
procedure.

8. Evidence is generally considered appropriate when:

a. it has been obtained by random selection.
b. there is enough of it to afford a reasonable basis for an opinion on
financial statements.
c. it has the qualities of being relevant, objective, and free from known bias.
d. it consists of written statements made by managers of the enterprise under
audit.

9. Evidence are generally considered sufficient when:

a. it is appropriate.
b. there is enough of it to afford a reasonable basis for an opinion on
financial statements.
c. it has the qualities of being relevant, objective and free from unknown
bias.
d. it has been obtained by random selection.

10. Appropriateness of evidence is a measure of the:

a. quantity of evidence.
b. quality of evidence.
c. sufficiency of evidence.
d. meaning of evidence.

11. The sufficiency and appropriateness of evidential matter ultimately is based on the
a. availability of corroborating data.
b. Philippine Standard on Auditing.
c. pertinence of the evidence.
d. judgment of the auditor.

12. An example of an external document that provides reliable information for the auditor
is:
a. employees time reports.
b. bank statements.
c. purchase order for company purchases.
d. carbon copies of checks.

13. An example of a document that the auditor receives from the client, but which was
prepared by someone outside the client’s organization, is a:
a. confirmation.
b. sales invoice.
c. vendor invoice.
d. bank reconciliation.
14. To be considered reliable evidence, confirmations must be controlled by:
a. a client employee responsible for accounts receivable.
b. a financial statement auditor.
c. a client’s internal audit department.
d. a client’s controller or CFO.

15. Given the economic and time constraints in which auditors can collect evidence about
 management assertions about the financial statements, the auditor normally gathers
evidence that is:
a. irrefutable.
b. conclusive.
c. persuasive.
d. completely convincing.

16. It refers to the material (working papers) prepared by and for, or obtained and retained
by the auditor in connection with the performance of the audit.
a. Documentation
b. Audit report
c. Accounting data
d. Corroborative evidence

17. Which of the following best describes one of the primary objectives of audit
documentation?
a. Defend against claims of a deficient audit.
b. Provide a principal support for the income taxation return.
c. Provide documentation that the audit was conducted in accordance with
auditing standards.
d. Provide additional support or recorded amounts to the client.

18. Which of the following is not an expert upon whose work an auditor may relay?
a. Actuary
b. Internal auditor
c. Appraiser
d. Engineer

19. An expert whose expertise is used by the entity in preparing financial statements is called
a(n):
a. Financial expert
b. Management expert
c. Auditor’s expert
d. Specialist

20. External auditors must obtain evidence regarding what attributes of an internal audit
department if the external auditors intend to rely on internal auditor’s work?
a. Integrity
b. Objectivity
c. Competence
d. All of the above

----------------------
1. This involves developing an overall strategy for the expected conduct and scope of the
examination; the nature, extent, and timing of which vary with the size and complexity,
and experience with and knowledge of the entity.
a. Audit planning
b. Audit procedure
c. Audit program
d. Audit working papers

2. Initial planning involves four matters. Which of the following is not one of these?
a. Develop an overall audit strategy
b. Request that bank balances be confirmed
c. Schedule engagement staff and audit specialists
d. Identify the client’s reason for the audit

3. A CPA is conducting the first examination of a client’s financial statements. The CPA
hopes to reduce the audit work by consulting with the predecessor auditor and reviewing
the predecessor’s working papers. This procedure is
a. Acceptable if the client and the predecessor auditor agree to it.
b. Acceptable if the CPA refers in the audit report to reliance upon the
predecessor auditor’s work.
c. Required if the CPA is to render an unmodified opinion.
d. Unacceptable because the CPA should bring an independent viewpoint to a
new engagement.

4. The preliminary judgment about materiality and the amount of audit evidence
accumulated are related.
a. directly
b. indirectly
c. not
d. inversely

5. According to PSA 320, materiality should be considered by the auditor when:

Determining the nature, timing Evaluating the effects
and extent of audit procedures. of misstatements
a. YES YES
b. YES NO
c. NO NO
d. NO YES

6. Which of the following statements is not correct about materiality?

a. The concept of materiality recognizes that some matters are important for fair
presentation of financial statements in conformity with the applicable financial
reporting framework, while other matters are not important.
b. An auditor considers materiality for planning purposes in terms of the
largest aggregate level of misstatements that could be material to any one
of the financial statements.
c. Materiality judgments are made in light of surrounding circumstances
and necessarily involve both quantitative and qualitative judgments
d. An auditor’s consideration of materiality is influenced by the auditor’s
perception of the needs of a reasonable person who will rely on the financial
 statements.

7. “Performance materiality” is the term used to indicate materiality at the:

a. balance sheet level
b. account balance level
c. income statement level
d. company-wide level

8. When comparing level of materiality used for planning purposes and the level of
materiality used for evaluating evidence, one would most likely expect
a. The level of materiality to be always similar.
b. The level of materiality for planning purposes to be similar.
c. The level of materiality for planning purposes to be higher.
d. The level of materiality for planning purposes to be based on total assets
while the level of materiality for evaluating purposes to be based on net
income.

9. Qualitative factors can affect an auditor’s assessment of materiality. Which of the

following qualitative factors could influence the assessment of materiality?
I. Misstatements that are otherwise immaterial may be material if affect
earnings trends.
II. Minor misstatements resulting from the consequences of contractual
obligations.
a. I only
b. II only
c. I and II
d. neither I or II

10. Auditors frequently refer to the terms audit assurance, overall assurance, ad level of
assurance to refer to .
a. detection risk
b. audit report risk
c. acceptable audit risk
d. inherent risk

11. The risk that financial statements are likely to be misstated materially without regard
to the effectiveness of internal control is the;
a. Inherent risk
b. Audit risk
c. Client risk
d. Control risk

12. When planning a financial statement audit, the auditor should assess inherent risk at
the
Financial statement level Account balance or transaction class level
a. YES YES
b. YES NO
c. NO NO
d. NO YES
13. Which of the following is an incorrect statement?
a. Detection risk cannot be changed at the auditor’s discretion.
b. If individual audit risk remains the same, detection risk bears an
inverse relationship to inherent and control risk.
c. The greater the inherent and control risk the auditor believes exist, the less
detection risk that can be accepted.
d. The auditor might make separate or combines assessments of inherent
risk and control risk.

14. Relationship between control risk and detection risk is ordinarily

a. Parallel
b. Direct
c. Inverse
d. Equal

15. Which of the following is not correct regarding an auditor’s decision that a lower
acceptable audit risk is appropriate?
a. More evidence is accumulated
b. Less evidence is accumulated
c. Special care is required in assigning experienced staff
d. Review of audit documentation is performed by personnel not assigned to the
engagement

16. These consist of the analysis of significant ratios and trends including the resulting
investigation of fluctuations and relationship that are inconsistent with other relevant
information or deviate from predictable amount.
a. Financial statement analysis
b. Variance analysis
c. Analytical procedures
d. Regression analysis

17. Which of the following statements about analytical procedures is incorrect?

a. Analytical procedures are required to be performed in the planning phase
of the audit.
b. Analytical procedures are required to be done during the testing phase
of the audit.
c. Analytical procedures are required to be done during the completion phase
of the audit.
d. Analytical procedures may be performed in the planning, testing and
completion phases of the audit.

18. In developing the overall audit plan and audit program, the auditor should assess
inherent risk at the:
Audit plan Audit program
a. Financial statement level Accounting balance level
b. Account balance level Financial statement level
c. Account balance level Account balance level
d. Financial statement level Financial statement level
 19. An auditor should design the written audit program so that
a. All material transactions will be selected for substantive testing
b. Substantive tests prior to the balance sheet date will be minimized.
c. The audit procedures selected will achieve specific audit objectives.
d. Each account balance will be tested under either tests of controls or tests of
transactions.

20. Which of the following matters would least likely appear in the audit program?
a. Specific procedures that will be performed.
b. Specific audit objectives.
c. Estimated time that will be spent in performing certain procedures.
d. Documentation of the accounting and internal control systems being
reviewed.
------------------------------
1. This involves the application of the procedures to less than 100% of the items within an
account balance or class of transactions. This enables the auditor to obtain and evaluate
audit evidence about some characteristics of the selected items in order to form an opinion
about the characteristics of all items supporting an account balance or transaction class.
a. Audit techniques
b. Selective testing
c. Audit sampling
d. Specific identification

2. Audit sampling for substantive tests is appropriate when

a. Analytical procedures are used
b. The auditor wants to eliminate sampling risks
c. A population contains small number of large value items
d. Tests of details are performed

3. Audit sampling for test of control is generally appropriate when

a. Control leaves evidence of performance
b. Control leaves no evidence of performance
c. 100% of the transactions is tested
d. Examining specific high value items in the population

4. In a sampling application, the group of items about which the auditor wants to
estimate some characteristic is called the
a. Population c. Attribute of interest
b. Sample d. Sampling unit

5. Non-sampling error occur when the audit tests do not uncover existing
exceptions in the
a. Population
b. Planning stage
c. Sample
d. Financial statement

6. PSA 530 identifies two general approaches to audit sampling. They are
a. Random & nonrandom
b. Statistical & nonstatistical
c. Precision & reliability
d. Risk and nonrisk

7. The relationship between sample size and the allowable sampling risks is
a. Direct
b. Inverse
c. Sample deviation rate
d. Expected deviation rate

8. Principal methods of sampling selection include all of the following except

a. Haphazard
b. Random number
c. Systematic
d. Statistical
9. A sample in which every possible combination of items in the population has a
chance of constituting the sample is a
a. Representative sample
b. Random sample
c. Statistical sample
d. Judgment sample

10. The process which requires the calculation of an interval and them selects the items
based on the size of the interval is
a. Statistical sampling
b. Systematic selection
c. Random selection
d. Computerized selection

11. A method of sampling in which all the items in the population are divided into two or
more sub-population is
a. Variable sampling
b. Stratified sampling
c. Attribute sampling

12. If the auditor is concerned that a population may contain exceptions, the determination of a
sample size sufficient to include at least one such exception is a characteristic of
a. Discovery sampling
b. Random sampling
c. Variables sampling
d. Peso-unit sampling

13. Which of the following statistical sampling plans does not use a fixed sample size for tests
of controls?
a. PPS sampling
b. Value-weighted sampling
c. Sequential sampling
d. Variables sampling

14. Value weighted sampling is most appropriate when the auditor

a. Anticipates understatement errors
b. Expects no errors
c. Anticipate overstatement errors
d. Has assessed control risk at high level

15. The maximum amount of error in a population that the auditor is willing to accept is
referred to as the
a. Acceptable risk
b. Tolerable error
c. Expected error
d. Tolerable materiality

16. The deviation rate the auditor expects to find in the population, before testing begins, is
called the
a. Tolerable deviation rate
b. Computer upper deviation rate
 c. Sample deviation rate
d. Expected deviation rate

17. Which of the following sampling methods would be most appropriate in

performing tests of controls over authorization of cash disbursements
a. Attributes
b. Variables
c. Ratio
d. Stratified

18. In assessing sample risk, alpha risk relate to the

a. Efficiency of the audit
b. Selection of the sample
c. Effectiveness of the audit
d. Audit quality controls

19. Which of the following sampling plans would be designed to estimate a

numerical measurement of a population such as peso value?
a. Numerical sampling
b. Sampling attributes
c. Discovery sampling
d. Sampling for variables

20. Statistical samples do not allow

a. A. more efficient samples
b. Measurement of sample reliability
c. Replacement of the auditor’s professional judgment
d. Measurement of sample risk

-------------

1. Pacioli is the father of management theory. False

2. Accounting control comprises the plan of the organisation and the procedures and
records that areconcerned with the safeguards of assets and the reliability of financial
records. True

3. AICPA means American Institute of CPAs. True

4. Directing and leading is the art of ensuring that happenings occur in harmony with
each other—withoutwhich things will be out of control. False

5. It is desirable to make control as watertight as is practical. True

-----
 1. Operations—effective and efficient use of its resources. True

2. The inherent risk is the risk that the organisation is exposed to after taking account
of the active andpassive controls that, fortuitously or by design, are in place. False

3. The gross risk is how much damage would probably be done to the organisation
if the cash werecarelessly left lying around in full view and completely accessible to
strangers. False

4. There could be differences of perception as to the units (whether monetary or other)

which calibrate thevertical impact axis, and the units (whether time or other) that calibrate
the horizontal axis. True

5. The risk register allows a more detailed description of the approaches being taken to
manage risks. True

-------

1. Internal auditing helps an organization accomplish its objectives by bringing a systematic,

disciplined approach to evaluate and improve the effectiveness of risk management, control,
and governance processes. True

2. In Control, the internal audit activity must evaluate the effectiveness and contribute to the
improvement ofrisk management processes. False
3.In Governance, the internal audit activity must assess and make appropriate
recommendations forimproving the governance process. True
4. In Risk Management, the internal audit activity must assist the organization in maintaining
effective controls by evaluating their effectiveness and efficiency and by promoting
continuous improvement. False

5. The COA sets the direction of the organization and oversees that management implements
the direction set. False

------------
 1. Fayol, the “father of management theory” was the rst to describe
“control” as a function ofmanagement along with other functions which he
set out as being planning, organizing, commanding, coordinating,
controlling.
Answer: TRUE

2. Later (1958), COSO distinguished between accounting and administrative

control, largely for pragmatic reasons as they needed to provide a focus on the
controls most relevant to their membersengaged as external auditors.
Answer: FALSE- AICPA
3. According to the COSO internal control framework, internal control is achieved
by means of eightessential components of internal control that must be in place
and must be functioning well.
Answer: FALSE- FIVE ESSENTIAL COMPONENTS
4. In a business context, risk can be an inherent feature of the operations of an
organization, especiallywhere there is notable change taking place.

Answer: TRUE
5. Control activities/procedures will need to be accurately de ned and effectively
communicated to those involved. It is always preferable to establish written
procedures which remove the possibilityof misinterpretation so often associated
with verbal instructions.
Answer: TRUE

---------
1. Statement 1: 2120—Risk Management The internal audit activity must evaluate the
effectiveness andcontribute to the improvement of risk management processes.
Statement 2: 2120.A1—the internal audit activity must evaluate risk
exposures relating to the organization’s governance, operations, and
information systems regarding the organizational objectives support and
align with the organization’s mission.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
 b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers

2. Statement 1: The COSO objectives of risk management are the same as the COSO
objectives of internal control with the exception of the addition of the strategic
objective which, arguably, should have been one of COSO’s internal control
objectives since strategies should be developed in a well-controlled way.
Statement 2: COSO is right to add the strategic objective to their enterprise risk
managementframework: strategic options need to be weighed up having regard to
risk.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
3. Statement 1: The “Control Environment” component under the 2020 internal
control framework isnow termed the “Internal Environment”, though its meaning
is unchanged.
Statement 2: Not being a framework on internal control, the title “Control
Environment” was notthought to be ideal, but choosing to label it “Internal
Environment” has resulted
in
an ugly oxymoron.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
 4. Statement 1: Two useful tools to apply in risk management— rst, the risk matrix
and secondly, therisk register.
Statement 2: Using tools such as this enables all participants to focus more
closely on the sameissues, enables subjectivity to be exercised methodically,
simpli es and makes attractive.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
d. Statement 1 and 2 are incorrect answers
5. Statement 1: The risk register allows a more detailed description of the
approaches being taken tomanage risks.
Statement 2: The risk register approach is less visual in its representation, but
is widely used tocreate and maintain a record of threats and their management
at all levels and in all parts of the organization.
What is/are the correct answer/s?
a. Statement 1 is the correct answer only
b. Statement 2 is the correct answer only
c. Statement 1 and 2 are correct answers
Statement 1 and 2 are incorrect answers
QUESTION AND ANSWER
2