CIA Exam - Help & Tips

INTERNAL CONTROLS

ANSWERING INTERNAL CONTROL QUESTIONS

ELEMENTS


SEGREGATION OF DUTIES A-A-A CAN'T MIX
(Access, Accountability, Authority)

PROPER AUTHORIZATION (in the Job Description)

PRE-NUMBERED DOCUMENTS (test for completeness)

PERIODIC RECONCILIATION

SAFEGUARDING ASSETS

ACCOUNTABILITY (accounting for something when it comes in)

TRANSACTIONS RECORDED

MANAGEMENT (P-O-S-D-C)

QUESTIONS


1.Which of the following represents appropriate internal audit action in response to the risk assessment process?
I. The low risk areas may be delegated to the external auditor, but the high risk areas should be performed by the internal auditing function.
II. The high risk areas should be integrated into an audit plan along with the high priority requests of management and the audit committee.
Ill. The risk analysis should be used in determining an annual audit work plan, therefore the risk analysis should be performed only on an annual basis.

a. I only.
b. II only
c. III only.
d. I and III only.

2. The internal auditor is considering performing risk analysis as a basis for determining which areas of the organization ought to be examined. Which one of the following statements is correct regarding risk analysis?
a. The extent to which management judgments are required. in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
b. The highest risk assessment should always be assigned to the area with the largest potential loss.
c. The highest risk assessment should always be assigned to the area with highest probability of occurrence.
d. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.

3. A restaurant food chain has over 680 restaurants. All food orders for each restaurant are required to be input into an electronic device which records all food orders by food servers and transmits the order to the kitchen for preparation. All food servers are responsible for collecting cash for all their orders and must turn in cash at the end of their shift equal to the sales value of food ordered for their I.D. number. The manager then reconciles the cash received for the day with the computerized record of food orders generated. All differences are investigated immediately by the restaurant. Corporate headquarters has established monitoring controls to determine when an individual restaurant might not be recording all its revenue and transmitting the applicable cash to the corporate headquarters. Which one of the following would be the best example of a monitoring control?
a. The restaurant manager reconciles the cash received with the food orders recorded on the computer.
b. All food orders must be entered on the computer, and there is segregation of duties between the food servers and the cooks.
c. Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin.
d. Cash is transmitted to corporate headquarters on a daily basis.

4.The director of internal auditing set up a computerized spreadsheet to facilitate the risk assessment process involving a number of different divisions in the organization. The spreadsheet included the following factors:
· pressure on divisional management to meet profit goals,
· complexity of operations,
· competence of divisional personnel,
· the dollar amount of subjectively influenced accounts in the division, such as accounts where management's judgement can affect the expense. Example: post-retirement benefits. The director used a group meeting of audit managers to reach a consensus on the competence of divisional pers6nnel. Other factors were assessed as high, medium, or low by either the director or an audit manager who had audited the division. The director assigned a weight ranging from 0.5 to 1.0 to each factor, and then computed a composite risk score. Which of the following statements is correct regarding the risk assessment process?
a. The risk analysis would not be appropriate because it mixes both quantitative and qualitative factors, thereby making expected values calculation impossible.
b. Assessing factors at discrete levels such as high, medium, and low is inappropriate for the risk assessment process because the ratings are not quantifiable.
c. The weighing is subjective and should have been determined through a process such as multiple regression analysis.
d. Using a subjective group consensus to assess personnel competence is appropriate.

5. Monitoring is an important component of internal control. Which of the following items would not be an example of monitoring?
a. Management regularly compares divisional performance with budgets for the division.
b. Data processing management regularly generates exception reports for unusual transactions or volumes of transactions and follows up with investigation as to causes.
c. Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted.
d. Management has asked internal auditing to perform regular audits of the control structure over cash processing.

6. Auditors regularly evaluate controls and control procedures. Which of the following best describes the concept of control as recognized by internal auditors?
a. Management regularly discharges personnel who do not perform up to expectations.
b. Management takes action to enhance the likelihood that established goals and objectives will be achieved.
c. Control represents specific procedures that accountants and auditors design to ensure the correctness of processing;
d. Control procedures should be designed from the "bottom up" to ensure attention to detail.

7. Auditors are operating in organizations in which management is in the process of 'reengineering" operations with strong emphasis on total quality management techniques. In their quest to gain efficiency in processing, many of the traditional control procedures are being deleted from the organization's control structure. As pan of this change, management is:
a. Placing more emphasis on monitoring control activities.
b. Making different assumptions about human performance and the nature of human motivation than was done under traditional control techniques.
c. Placing more emphasis on selfd. All of the above.

8. One criticism of the banking industry is that loan committees. were not properly carrying out their function of examining proposed loans, determining that proper collateral exists, and assessing the associated risk before approving the loan. In gathering evidence to determine if the loan committee is operating effectively, the auditor should:
a. Interview loan officers to see if their individual loan recommendations were followed.
b. Reconcile the total amount of loans made plus those rejected with the total amount of loans submitted to the committee for approval.
c. Examine individual loans for signatures of the committee members and determine the amount of loans made during each meeting and an approximation of time spent in approving the loans.
d. All of the above.

9. Auditors need to determine it management has established criteria to determine if goals and objectives have been accomplished. If the auditor determines such criteria are inadequate or non-existent, which of the following actions would be appropriate?
I. Report the inadequacies to the appropriate level of management and recommend appropriate courses of action,
II. Recommend alternative sources of criteria to management such as acceptable industry standards.
III. Formulate criteria the auditor believes to be adequate and perform the audit and report in relationship to the alternative criteria.

a. I only.
b. I and II only.
c. I, II, and III.
d. II only.

Answers: 1. b 2. a 3. c 4. d 5. c 6. b 7. d 8. c 9. c

Contact Us /Home/ About Us/ Services/ Newsletter/ Links
IT Audit/ Training/ Construction/ Risk/ CIA /Peer Review
Audit Services Tel:615-790-9858 Fax: 209-797-7983 PO Box 681387, Franklin, TN 37068