Internal Audit Knowledge Elements

Internal Audit Knowledge Elements global internal audit common body of knowledge
Dr.MattWood Profile Pic
Dr.MattWood,United States,Teacher
Published Date:25-07-2017
Your Website URL(Optional)
Comment
Gleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 1 Gleim : 1.1.1 Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for A. Establishing and maintaining an organizational culture. B. Reviewing the reliability and integrity of financial and operational information. C. Ensuring that external and internal auditors oversee the administration of the system of risk management and control processes. D. Implementing and monitoring controls designed by the board of directors. Answer (A) is correct. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that goals and objectives will be achieved. Management periodically reviews its objectives and goals and modifies its processes to accommodate changes in internal and external conditions. Management also establishes and maintains an organizational culture, including an ethical climate that fosters control. Answer (B) is incorrect. Internal auditors are responsible for evaluating the adequacy and effectiveness of controls, including those relating to the reliability and integrity of financial and operational information. Answer (C) is incorrect. Senior management’s role is to oversee the establishment, administration, and assessment of the system of risk management and control processes. Answer (D) is incorrect. The board has oversight responsibilities but ordinarily does not become involved in the details of operations. 2 Gleim : 1.1.2 Which of the following statements regarding corporate governance is not correct? A. Corporate control mechanisms include internal and external mechanisms. B. The compensation scheme for management is part of the corporate control mechanisms. C. The dilution of shareholders’ wealth resulting from employee stock options or employee stock bonuses is an accounting issue rather than a corporate governance issue. D. The internal auditor of a company has more responsibility than the board for the company’s corporate governance. Answer (A) is incorrect. Corporate control mechanisms include both internal (e.g., internal auditing) and external (e.g., external auditing) mechanisms. Answer (B) is incorrect. Management’s compensation scheme is part of the control environment, specifically, the human resource element. Answer (C) is incorrect. The dilution of shareholders’ wealth resulting from employee stock options or employee stock bonuses is an accounting issue. Governance is “the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives” (The IIA Glossary). Answer (D) is correct. Governance is the responsibility of the board. Internal audit’s responsibility is to assess governance processes and make appropriate recommendations for improvement. Copyright 2013 Gleim Publications Inc. Page 1 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 3 Gleim : 1.1.3 Ensuring effective organizational performance management and accountability is most directly the proper function of A. Control. B. Governance. C. Risk management. D. A quality assurance program. Answer (A) is incorrect. Governance (not control) is directly responsible for ensuring effective organizational performance management and accountability. Answer (B) is correct. The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization Ensuring effective organizational performance management and accountability Communicating risk and control information to appropriate areas of the organization Coordinating the activities of and communicating information among the board, external and internal auditors and management (Perf. Std. 2110) Answer (C) is incorrect. Governance (not risk management) is directly responsible for ensuring effective organizational performance management and accountability. Answer (D) is incorrect. A quality assurance program normally is implemented for an organizational unit, e.g., the internal audit activity. 4 Gleim : 1.1.4 Which of the following is not a role of the internal audit activity in best practice governance activities? A. Support the board in enterprise-wide risk assessment. B. Ensure the timely implementation of audit recommendations. C. Monitor compliance with the corporate code of conduct. D. Discuss areas of significant risks. Answer (A) is incorrect. One internal audit activity role is to support the board in enterprise-wide risk assessment. The board and management are responsible for the identification of an appropriate risk model and methodology. Answer (B) is correct. Management has the responsibility of ensuring the timely implementation of the audit recommendations. The internal audit activity is responsible for the development of a timely procedure to monitor the disposition of the audit recommendations. It works with senior management and the board to ensure that audit recommendations receive appropriate attention. Answer (C) is incorrect. The internal audit activity should monitor compliance with the corporate code of conduct set by the board and management. Answer (D) is incorrect. The internal audit activity is responsible for discussing significant financial, technical, and operational risks and exposures as well as the plans to minimize such risks. Copyright 2013 Gleim Publications Inc. Page 2 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 5 Gleim : 1.1.5 The internal audit activity has a role in an organization’s governance process. The internal audit activity most directly contributes to this process by A. Identifying significant exposures to risk. B. Evaluating the effectiveness of the risk-management system. C. Promoting continuous improvement of controls. D. Evaluating the design of ethics-related activities. Answer (A) is incorrect. Identifying significant exposures to risk most directly relates to risk management, rather than to governance. Answer (B) is incorrect. Evaluating the effectiveness of the risk-management system most directly relates to risk management, rather than to governance. Answer (C) is incorrect. Promoting continuous improvement of controls relates to controls, rather than to governance. Answer (D) is correct. Perf. Std. 2110 states, “The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization; Ensuring effective organizational performance management and accountability; Communicating risk and control information to appropriate areas of the organization; and Coordinating the activities of and communicating information among the board, external and internal auditors and management.” Thus, in an assurance engagement, “The internal audit activity must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities” (Impl. Std. 2110.A1). 6 Gleim : 1.1.6 The role of the internal audit activity in the ethical culture of an organization is to A. Avoid active support of the ethical culture because of possible loss of independence. B. Evaluate the effectiveness of the organization’s formal code of conduct. C. Assume accountability for the effectiveness of the governance process. D. Become the chief ethics officer. Answer (A) is incorrect. Internal auditors must be active ethics advocates. However, assuming the role of, for example, chief ethics officer may, in some circumstances, impair individual objectivity and the internal audit activity’s independence. Answer (B) is correct. The internal audit activity periodically assesses the elements of the ethical climate of the organization and its effectiveness in achieving legal and ethical compliance. Internal auditors therefore evaluate the effectiveness of, among other things, a formal code of conduct and related statements and policies. Answer (C) is incorrect. The organization’s board and its senior management are responsible for the effectiveness of the governance process. Answer (D) is incorrect. The internal auditor’s basic role is to be the assessor of the ethical culture. However, an internal auditor may become chief ethics officer or a member of an ethics council, although the first role may, in some circumstances, impair individual objectivity and the internal audit activity’s Copyright 2013 Gleim Publications Inc. Page 3 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 7 Gleim : 1.1.7 A code of conduct was developed several years ago and distributed by a large financial institution to all its officers and employees. What is the internal auditor’s best approach to providing the board with the highest level of comfort about the code of conduct? A. Fully evaluate the comprehensiveness of the code and the institution’s compliance with it, and report the results to the board. B. Fully evaluate organizational practices for compliance with the code, and report to the board. C. Review employee activities for compliance with provisions of the code, and report to the board. D. Perform tests on various employee transactions to detect potential violations of the code of conduct. Answer (A) is correct. When evaluating a code of conduct, it is important to consider two items: comprehensiveness and compliance. The code should address the ethical issues that the employees are expected to encounter and provide suitable guidance. The internal auditor also must consider the extent to which employees are complying with the standards established. Answer (B) is incorrect. Evaluating practices and reporting to the board is not the best approach. Answer (C) is incorrect. Reviewing employee activities does not provide as much comfort about the code of conduct as evaluation of comprehensiveness. Answer (D) is incorrect. Performing tests on employee transactions is not the best approach. 8 Gleim : 1.1.8 What are the major components of governance? I. Strategic direction II. Oversight III. Regulations IV. Ethics A. I and II only. B. I, II, and IV only. C. III and IV only. D. II and IV only. Answer (A) is correct. Strategic direction determines (1) the business model, (2) overall objectives, (3) the risk appetite, and (4) the limits of organizational conduct. The elements of oversight are (1) the board’s responsibilities to stakeholders, (2) the risk management activities of senior management and the board, and (3) internal and external assurance activities. Answer (B) is incorrect. Ethics is not a major component of governance. Answer (C) is incorrect. Regulations and ethics are not major components of governance. Answer (D) is incorrect. Ethics is not, and strategic direction is, a major component of governance. Copyright 2013 Gleim Publications Inc. Page 4 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 9 Gleim : 1.1.9 Which of the following correctly classifies the corporate governance functions as internal or external? Internal External A. Corporate charter Bylaws B. Laws Board of directors C. Internal audit function Corporate charter D. Bylaws Government regulation Answer (A) is incorrect. Bylaws are an example of internal corporate governance. Answer (B) is incorrect. Laws provide external corporate governance, and a board of directors provides internal corporate governance. Answer (C) is incorrect. A corporate charter is an example of internal corporate governance. Answer (D) is correct. Bylaws are an example of internal corporate governance, and laws, regulations, and the government regulators who enforce them are examples of external governance. 10 Gleim : 1.1.10 Which of the following is not a goal of corporate governance? A. Complying with society’s legal and regulatory rules. B. Providing an overall benefit to society. C. Reporting fully and truthfully to stakeholders. D. Earning a profit. Answer (A) is incorrect. Ensuring compliance with society’s legal and regulatory rules is a goal of corporate governance. Answer (B) is incorrect. Proving an overall benefit to society is a goal of corporate governance. Answer (C) is incorrect. Reporting fully and truthfully to stakeholders is a goal of corporate governance. Answer (D) is correct. Governance practices may use various legal forms, structures, strategies, and procedures. They ensure that the organization (1) complies with society’s legal and regulatory rules; (2) satisfies the generally accepted business norms, ethical principles, and social expectations of society; (3) provides overall benefit to society and enhances the interests of the specific stakeholders in both the long- and short-term; and (4) reports fully and truthfully to its stakeholders, including the public, to ensure accountability for its decisions, actions, and performances. But earning a profit is not a goal of corporate governance. Copyright 2013 Gleim Publications Inc. Page 5 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 11 Gleim : 1.1.11 A corporation’s results met the expectations of the market, but many people in the organization noticed that they were overly optimistic. Moreover, no one suggested that the results be changed. Who, whether officially or informally, should have been an ethics advocate regarding the results? I. Senior management II. Internal auditors III. Employees in the accounting department A. I only. B. I and II only. C. I and III only. D. I, II, and III. Answer (A) is incorrect. The internal auditors and employees in the accounting department also should have been ethics advocates. Answer (B) is incorrect. The employees in the accounting department also should have suggested that the results might not be accurate. Answer (C) is incorrect. The internal auditors also should have suggested that the results might not be accurate. Answer (D) is correct. Because decision making in most organizations is complex and dispersed, each individual should be an ethics advocate, whether officially or informally. Thus, it is the responsibility of senior management, the internal auditors, and the employees in the accounting department to be ethics advocates and suggest that the results might not be accurate. 12 Gleim : 1.1.12 Organizations take corporate governance seriously due to its influence on I. Internal stakeholders II. External stakeholders III. The public IV. Regulatory agencies A. I only. B. II only. C. I, II, and III only. D. I, II, and IV only. Copyright 2013 Gleim Publications Inc. Page 6 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) Answer (A) is incorrect. Corporate governance influences more than internal stakeholders. Answer (B) is incorrect. Corporate governance influences more than external stakeholders. Answer (C) is correct. Governance is the combination of people, policies, procedures, and processes (including internal control) that help ensure that an entity effectively and efficiently directs its activities toward meeting the objectives of its stakeholders. Stakeholders are persons or entities who are affected by the activities of the entity. Among others, these include shareholders, employees, suppliers, customers, neighbors of the entity’s facilities, and government regulators. Answer (D) is incorrect. Regulatory agencies are external stakeholders that influence the organization. 13 Gleim : 1.1.13 Which of the following is a false statement about the role of internal auditors in an organization’s ethical culture? A. Roles may include chief ethics officer. B. The role of chief ethics officer sometimes conflicts with the independence of the internal audit activity. C. In a more mature system, the internal audit activity emphasizes compliance. D. In a more mature governance system, the internal audit activity’s emphasis is on optimizing structure and practices. Answer (A) is incorrect. Internal auditors’ roles may include chief ethics officer. Answer (B) is incorrect. In some circumstances, the role of chief ethics officer may conflict with the independence attribute of the internal audit activity. Answer (C) is correct. The role of the internal audit activity depends on the maturity of the governance system. In a less mature system, the internal audit activity emphasizes compliance with policies, procedures, laws, etc. It also addresses the basic risks to the organization. Answer (D) is incorrect. In a more mature governance system, the internal audit activity’s emphasis is on optimizing structure and practices. 14 Gleim : 1.1.14 Which of the following is most likely an internal audit role in a less structured governance process? A. Designing specific governance processes. B. Playing a consulting role in optimizing governance practices and structure. C. Providing advice about basic risks to the organization. D. Evaluating the effectiveness of specific governance processes. Copyright 2013 Gleim Publications Inc. Page 7 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) Answer (A) is incorrect. Internal auditors impair their objectivity by designing processes. However, evaluating the design and effectiveness of specific processes is a typical internal audit role. Answer (B) is incorrect. Playing a consulting role in optimizing governance practices and structure is typical of a more structured internal auditing governance maturity model. The emphasis shifts to considering best practices and adapting them to the specific organization. Answer (C) is correct. A less mature governance system will emphasize the requirements for compliance with policies, procedures, plans, laws, regulations, and contracts. It will also address the basic risks to the organization. Thus, the internal audit activity will provide advice about such matters. As the governance process becomes more structured, the internal audit activity’s emphasis will shift to optimizing the governance structure and practices. Answer (D) is incorrect. Evaluating the effectiveness of specific governance processes is typical of a more structured internal auditing governance maturity model. 15 Gleim : 1.1.15 Which of the following is a situation in which an internal auditor’s role of chief ethics officer conflicts with the independence attribute of the internal audit activity? A. The chief ethics officer requests that the internal auditors assess whether the organization as a whole is not complying with the organization’s code of conduct. B. The chief ethics officer informs the board of recommendations made by the internal audit activity regarding the organization’s compliance with the code of conduct. C. The chief ethics officer proposes and implements a new whistleblower program for the organization. D. The internal audit activity informs the chief ethics officer that the organization is in compliance with all laws and regulations. Answer (A) is incorrect. Independence is not impaired when the chief ethics officer requests that the internal auditors assess whether the organization as a whole is not complying with the organization’s code of conduct. Answer (B) is incorrect. Independence is not impaired when the chief ethics officer informs the board of recommendations made by the internal audit activity regarding the organization’s compliance with the code of conduct. Answer (C) is correct. Proposing and implementing a new whistleblower program conflicts with the independence attribute of the internal audit activity. Implementation is a management function and is therefore inconsistent with the organizational independence of the internal audit activity. Answer (D) is incorrect. Independence is not impaired when the internal audit activity informs the chief ethics officer that the organization is in compliance with all laws and regulations. Copyright 2013 Gleim Publications Inc. Page 8 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 16 Gleim : 1.1.16 Careful Corp. always has its internal auditors review transactions between Careful Corp. and its subsidiary, Risky Corp., to ensure that the transactions are carried out in a fair and transparent manner. This practice is most closely related to which of the following governance principles? A. Oversight of related party transactions and conflicts of interest. B. Effective interaction among the board, management, and assurance providers. C. An organizational structure that supports accomplishing strategic objectives. D. An organizational structure used to measure organizational and individual performance. Answer (A) is correct. Since Careful Corp. and Risky Corp. are related (a parent and its subsidiary), having the internal auditors review transactions between Careful and Risky is most closely related to the governance principle of oversight of related party transactions and conflicts of interest. Answer (B) is incorrect. Although this practice would involve effective interaction among the board, management, and assurance providers, this practice is most closely related to another governance principle. Answer (C) is incorrect. This practice will not necessarily support the organization in accomplishing strategic objectives. Answer (D) is incorrect. This practice will not help measure organizational and individual performance. 17 Gleim : 1.1.17 Which of the following statements regarding oversight as a component of governance is false? A. Risk management activities are performed by senior management and risk owners. B. Oversight includes internal and external assurance activities. C. Oversight is the governance component with which internal auditing is most concerned. D. Oversight determines the overall objectives. Answer (A) is incorrect. The performance of risk management activities by senior management and risk owners is an element of oversight. Answer (B) is incorrect. Internal and external assurance activities are elements of oversight. Answer (C) is incorrect. Oversight is the governance component with which internal auditing is most concerned. It is also the component to which risk management and control activities are most likely to be applied. Answer (D) is correct. Strategic direction, not oversight, determines overall objectives. Copyright 2013 Gleim Publications Inc. Page 9 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 18 Gleim : 1.1.18 Which of the following are duties of risk committees? I. Identifying key risks II. Connecting risks to risk management processes III. Delegating risks to risk owners IV. Considering whether tolerance levels delegated to risk owners are consistent with the organization’s risk appetite. A. I and II only. B. I only. C. II, III, and IV only. D. I, II, III, and IV. Answer (A) is incorrect. Risk committees also delegate risks to risk owners and consider whether tolerance levels delegated to risk owners are consistent with the organization’s risk appetite. Answer (B) is incorrect. Risk committees also connect risks to risk management processes, delegate risks to risk owners, and consider whether tolerance levels delegated to risk owners are consistent with the organization’s risk appetite. Answer (C) is incorrect. Risk committees also identify key risks. Answer (D) is correct. A risk committee may be created that Identifies keys risks, Connects them to risk management processes, Delegates them to risk owners, and Considers whether tolerance levels delegated to risk owners are consistent with the organization’s risk appetite. 19 Gleim : 1.1.19 Which of the following statements about organizational culture is false? A. The organizational culture sets the values, objectives, and strategies of the organization. B. Governance does not largely depend on organizational culture for effectiveness. C. Organizational culture defines roles and behaviors. D. The culture determines the degree of sensitivity to social responsibility. Answer (A) is incorrect. The organizational culture does set the values, objectives, and strategies of the organization. Answer (B) is correct. Governance practices reflect the organization’s unique culture and largely depend on it for effectiveness. Answer (C) is incorrect. The organizational culture does define roles and behaviors. Answer (D) is incorrect. Since the organizational culture sets values, objectives, and strategies; defines roles and behaviors; measures performance; and specifies accountability; the culture therefore determines the degree of sensitivity to social responsibility. Copyright 2013 Gleim Publications Inc. Page 10 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 20 Gleim : 1.1.20 Which of the following should be stated in an organization’s code of conduct? I. The organization’s values and objectives II. The behavior expected III. The strategies for maintaining a culture inconsistent with legal, ethical, and societal responsibilities A. I and II only. B. I and III only. C. II and III only. D. I, II, and III. Answer (A) is correct. Codes of conduct and vision statements are issued to state The organization’s values and objectives; The behavior expected; and The strategies for maintaining a culture consistent with legal, ethical, and societal responsibilities. Answer (B) is incorrect. The code of conduct and vision statements should state the strategies for maintaining a culture consistent, not inconsistent, with legal, ethical, and societal responsibilities. Additionally, the behavior expected should be stated. Answer (C) is incorrect. The code of conduct and vision statements should state the strategies for maintaining a culture consistent, not inconsistent, with legal, ethical, and societal responsibilities. Additionally, the organization’s values and objectives should be stated. Answer (D) is incorrect. The code of conduct and vision statements should state the strategies for maintaining a culture consistent, not inconsistent, with legal, ethical, and societal responsibilities. 21 Gleim : 1.1.21 Which of the following is considered a potential stakeholder of an entity? A. Shareholders. B. Employees. C. Suppliers. D. All of the answers are correct. Answer (A) is incorrect. Employees and suppliers are also stakeholders. Answer (B) is incorrect. Shareholders and suppliers are also stakeholders. Answer (C) is incorrect. Shareholders and employees are also stakeholders. Answer (D) is correct. Stakeholders are persons or entities who are affected by the activities of the entity. Among others, these include shareholders, employees, suppliers, customers, neighbors of the entity’s facilities, and government regulators. Copyright 2013 Gleim Publications Inc. Page 11 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 22 Gleim : 1.1.22 Attentive, Inc., has three managers: Albert, Bradley, and Chris. Albert is in charge of the accounting department. His duties involve the daily audit and producing the year-end financial statements. Bradley is in charge of production. His duties involve ensuring that production stays on schedule and that waste is minimized. Chris is in charge of support staff. His duties include ensuring that the workplace remains clean. This practice is most closely related to which of the following governance principles? A. Clear, enforced lines of responsibility and accountability. B. An independent and objective board with sufficient expertise, experience, authority, and resources to conduct independent inquiries. C. Reinforcement of an ethical culture, including employee feedback without fear of retaliation. D. Clear definition and implementation of risk management policies and processes. Answer (A) is correct. Since Albert, Bradley, and Chris are each responsible for different departments, this practice is most closely related to the governance principle of clear, enforced lines of responsibility. Answer (B) is incorrect. This practice does not demonstrate that there is an independent and objective board with sufficient expertise, experience, authority, and resources to conduct independent inquiries. Answer (C) is incorrect. This practice does not reinforce an ethical culture, including employee feedback without fear of retaliation. Answer (D) is incorrect. This practice does not facilitate a clear definition and implementation of risk management policies and processes. 23 Gleim : 1.1.23 List A applies to all organizational activities. Thus, its processes provide overall direction for List B activities. List C activities are in turn a key element of risk management. List A List B List C A. Governance Risk management Internal control B. Risk management Governance Internal control C. Internal control Risk management Governance D. Risk management Internal control Governance Answer (A) is correct. Governance applies to all organizational activities. Thus, its processes provide overall direction for risk management activities. Internal control activities are in turn a key element of risk management. They implement the organization’s risk management strategies. Answer (B) is incorrect. Governance, not risk management, applies to all organizational activities. Answer (C) is incorrect. Governance, not internal control, applies to all organizational activities. Answer (D) is incorrect. Governance, not risk management, applies to all organizational activities. Additionally, internal control activities, not governance activities, are a key element of risk management. Copyright 2013 Gleim Publications Inc. Page 12 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 24 Gleim : 1.1.24 Governance practices may use various legal forms, structures, strategies, and procedures. They ensure that the organization does all of the following except A. Comply with society’s legal and regulatory rules. B. Satisfy the generally accepted business norms, ethical principles, and expectations of society. C. Provide an overall benefit to society and enhance the interests of the specific stakeholders in both the long- and short-term. D. Earn a profit so that the organization’s stakeholders can earn an adequate return on their investment. Answer (A) is incorrect. Governance practices do ensure that the organization complies with society’s legal and regulatory rules. Answer (B) is incorrect. Governance practices do ensure that the organization satisfies the generally accepted business norms, ethical principles, and expectations of society. Answer (C) is incorrect. Governance practices do ensure that the organization provides an overall benefit to society and enhances the interests of the specific stakeholders in both the long- and short-term. Answer (D) is correct. Although governance practices ensure that the organization reports fully and truthfully to its stakeholders, including the public (to ensure accountability for its decisions, actions, and performances), they do not ensure that the organization will earn a profit. 25 Gleim : 1.1.25 The internal audit activity periodically assesses the elements of the ethical climate of the organization and its effectiveness in achieving legal and ethical compliance. Internal auditors therefore evaluate the effectiveness of which of the following? I. Regular reviews of the processes that undermine the ethical culture II. Confidential reporting of alleged misconduct III. Personnel practices that encourage contributions by employees A. I and II only. B. II and III only. C. I and III only. D. I, II, and III. Answer (A) is incorrect. The internal audit staff also evaluates the effectiveness of personnel practices that encourage contributions by employees. Answer (B) is incorrect. The internal auditors also evaluate the effectiveness of regular reviews of the processes that undermine the ethical culture. Answer (C) is incorrect. The internal auditors also evaluate the effectiveness of confidential reporting of alleged misconduct. Answer (D) is correct. The internal audit activity periodically assesses the elements of the ethical climate of the organization and its effectiveness in achieving legal and ethical compliance. Internal auditors therefore evaluate the effectiveness of regular reviews of the processes that undermine the ethical culture, confidential reporting of alleged misconduct, and personnel practices that encourage contributions by employees. Copyright 2013 Gleim Publications Inc. Page 13 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 26 Gleim : 1.2.26 Which of the following should be defined in the internal audit plan for an assessment of governance? I. The nature of the work II. The governance process III. The nature of the assessments A. I and II only. B. II and III only. C. I and III only. D. I, II, and III. Answer (A) is incorrect. The nature of the assessments also should be defined in the audit plan. Answer (B) is incorrect. The nature of the work also should be defined in the audit plan. Answer (C) is incorrect. The governance process also should be defined in the audit plan. Answer (D) is correct. The audit plan should include higher-risk governance processes. It should define (1) the nature of the work; (2) the governance processes; and (3) the nature of the assessments, e.g., consideration of specific risks, processes, or activities. 27 Gleim : 1.2.27 The internal audit activity should contribute to the organization’s governance process by evaluating the processes through which I. Ethics and values are promoted. II. Effective organizational performance management and accountability are ensured. III. Risk and control information is communicated. IV. Activities of the external and internal auditors and management are coordinated. A. I only. B. IV only. C. II and III only. D. I, II, III, and IV. Copyright 2013 Gleim Publications Inc. Page 14 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) Answer (A) is incorrect. The internal audit activity also evaluates the processes through which effective organizational performance management and accountability are ensured, risk and control information is communicated, and activities of the external and internal auditors and management are coordinated. Answer (B) is incorrect. The internal audit activity also evaluates the processes through which ethics and values are promoted, effective organizational performance management and accountability are ensured, and risk and control information is communicated. Answer (C) is incorrect. The internal audit activity also evaluates the processes through which ethics and values are promoted and activities of the external and internal auditors and management are coordinated. Answer (D) is correct. The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Promoting appropriate ethics and values within the organization. Ensuring effective organizational performance management and accountability. Communicating risk and control information to appropriate areas of the organization. Coordinating the activities of and communicating information among the board, external and internal auditors, and management. (Perf. Std. 2110). 28 Gleim : 1.2.28 A basic principle of governance is A. Assessment of the governance process by an independent internal audit activity. B. Holding the board, senior management, and the internal audit activity accountable for its effectiveness. C. Exclusive use of external auditors to provide assurance about the governance process. D. Separation of the governance process from promoting an ethical culture in the organization. Answer (A) is correct. The internal audit activity must assess and make appropriate recommendations for improving the governance process (Perf. Std. 2110). Answer (B) is incorrect. The internal audit activity is an assessor of the governance process. It is not accountable for that process. Answer (C) is incorrect. External parties and internal auditors may provide assurance about the governance process. Answer (D) is incorrect. The internal audit activity must assess and make appropriate recommendations for improving the governance process in its promotion of appropriate ethics and values within the organization. 29 Gleim : 1.2.29 Which aspect of corporate governance requires checks and balances? A. Trusteeship. B. Empowerment and control. C. Good corporate citizenship. D. Transparency of public disclosures. Copyright 2013 Gleim Publications Inc. Page 15 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) Answer (A) is incorrect. Trusteeship means that the board and senior management act as custodians of corporate assets in the pursuit of positive outcomes for stakeholders. Answer (B) is correct. Empowerment and control mean that decision making should occur at appropriate levels of the organization, and freedom of management should be exercised within a framework of checks and balances. Answer (C) is incorrect. Good corporate citizenship means that integrity and ethical values should be reflected by the tone at the top. Answer (D) is incorrect. Transparency of public disclosures means that pursuit of transparency may involve accepting a higher cost of capital. 30 Gleim : 1.2.30 The design and practice of effective governance vary with I. The size, complexity, and life-cycle maturity of the organization II. The organization’s stakeholder structure III. Legal and cultural requirements A. I and II only. B. II and III only. C. I and III only. D. I, II, and III. Answer (A) is incorrect. The design and practice of effective governance also vary with legal and cultural requirements. Answer (B) is incorrect. The design and practice of effective governance also vary with the size, complexity, and life-cycle maturity of the organization. Answer (C) is incorrect. The design and practice of effective governance also vary with its stakeholder structure. Answer (D) is correct. The design and practice of effective governance vary with The size, complexity, and life-cycle maturity of the organization; The organization’s stakeholder structure; and Legal and cultural requirements. 31 Gleim : 1.2.31 Craig is the chief audit executive (CAE) of Marlin, Inc., and is in the process of planning an assessment of governance at Marlin. Which of the following should Craig consider in planning the assessment of governance? A. Whether all major decisions have been authorized by senior management. B. Whether he can rely on the assessment of internal control performed by external auditors. C. Whether employees at all levels of the organization adhere to the code of ethics. D. All of the answers are correct. Copyright 2013 Gleim Publications Inc. Page 16 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) Answer (A) is incorrect. Craig should also determine whether he can rely on the assessment of internal control performed by external auditors and whether employees at all levels of the organization adhere to the code of ethics. Answer (B) is incorrect. Craig should also verify that all major decisions have been authorized by senior management and determine whether employees at all levels of the organization adhere to the code of ethics. Answer (C) is incorrect. Craig should also verify that all major decisions have been authorized by senior management and determine whether he can rely on the assessment of internal control performed by external auditors. Answer (D) is correct. The CAE should consider the following in planning assessments of governance: An audit should address controls in governance processes that are designed to prevent or detect events that could have a negative effect on the organization; Controls within governance processes are often significant in managing multiple risks; and, If other audits assess controls in governance processes, the auditor should consider relying on their results. Hence, Craig should consider all of the answer choices when planning the assessment of governance. 32 Gleim : 1.2.32 Which of the following should an internal auditor consider when assessing governance? I. Audits of specific processes II. Governance issues arising from audits not focused on governance III. The results of other assurance providers’ work IV. Information such as adverse incidents indicating an opportunity to improve governance A. I and III only. B. II and IV only. C. I, II, and III only. D. I, II, III, and IV. Answer (A) is incorrect. Internal auditors should also consider governance issues arising from audits not focused on governance and other information such as adverse incidents indicating an opportunity to improve governance. Answer (B) is incorrect. Internal auditors should also consider audits of specific processes and the results of other assurance providers’ work. Answer (C) is incorrect. Internal auditors should also consider other information such as adverse incidents indicating an opportunity to improve governance. Answer (D) is correct. Assessments of governance are likely to be based on numerous audits. The internal auditor should consider Audits of specific processes, Governance issues arising from audits not focused on governance, The results of other assurance providers’ work, and Other information such as adverse incidents indicating an opportunity to improve governance. Copyright 2013 Gleim Publications Inc. Page 17 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 33 Gleim : 1.2.33 Which of the following are roles of the internal audit activity in best practice governance activities? I. Report significant audit issues II. Support the board in enterprise-wide risk assessment III. Conduct follow-up and report on management’s response to external audit IV. Act as custodian of corporate assets in the pursuit of positive outcomes for stakeholders A. I and III only. B. II and IV only. C. I, II, and III only. D. I, II, III, and IV. Answer (A) is incorrect. The internal audit activity also supports the board in enterprise-wide risk assessment. Answer (B) is incorrect. The internal audit activity also reports significant audit issues and conducts follow-up and reports on management’s response to external audits but does not act as custodian of corporate assets in pursuit of positive outcomes for stakeholders. Answer (C) is correct. The internal audit activity reports significant audit issues, supports the board in enterprise-wide risk assessment, and conducts follow-up and reports on management’s response to external audits as part of its best practice governance activities. Answer (D) is incorrect. The board and senior management, not the internal audit activity, act as custodians of corporate assets in the pursuit of positive outcomes for stakeholders. 34 Gleim : 1.2.34 Which of the aspects of corporate governance requires accepting a higher cost of capital? A. Trusteeship. B. Empowerment and control. C. Good corporate citizenship. D. Transparency of disclosures. Answer (A) is incorrect. Trusteeship implies that the board and senior management act as custodians of corporate assets in the the pursuit of positive outcomes for stakeholders. Answer (B) is incorrect. Empowerment and control implies that decision making should occur at appropriate levels of the organization, and freedom of management should be exercised within a framework of checks and balances. Answer (C) is incorrect. Good corporate citizenship implies that integrity and ethical values should be reflected by the tone at the top. Answer (D) is correct. Transparency of disclosures may involve accepting a higher cost of capital. Copyright 2013 Gleim Publications Inc. Page 18 Printed for Sanja Knezevic fb.com/ciaaofficialGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) 35 Gleim : 1.2.35 The design and implementation of governance processes are the responsibility of The board Management A. Yes No B. Yes No C. No Yes D. No Yes Answer (A) is correct. Governance is one of the three basic processes identified in the Definition of Internal Auditing. The design and implementation of governance processes are the responsibility of the board and management. Answer (B) is incorrect. Management is also responsible for the design and implementation of governance processes. Answer (C) is incorrect. The board is also responsible for the design and implementation of governance processes. Answer (D) is incorrect. Both management and the board are responsible for the design and implementation of governance processes. 36 Gleim : 1.2.36 Which of the following statements regarding governance is false? A. Governance has a range of definitions depending on the circumstances. B. Governance models generally treat governance as a process or a system that is static. C. Governance requirements vary by entity type and regulatory jurisdiction. D. Governance does not exist as distinct processes and control structures. Answer (A) is incorrect. Governance does have a range of definitions depending on the circumstances. The chief audit executive may use a different definition when the organization uses a different model. Answer (B) is correct. Governance models generally treat governance as a process or a system that is not static. The approach in the Standards emphasizes the board and its governance activities. Answer (C) is incorrect. Governance requirements do vary by entity type and regulatory jurisdiction. Examples include publicly traded companies, not-for- profits, governments, private companies, and stock exchanges. Answer (D) is incorrect. Governance does not exist as distinct processes and control structures but instead as relationships with risk management and control. 37 Gleim : 1.2.37 Which of the following correctly depicts a typical U.S. corporate governance structure from top to bottom? A. Board of directors, common shareholders, chief executive officer, employees. B. Common shareholders, chief executive officer, board of directors, employees. C. Common shareholders, board of directors, chief executive officer, employees. D. Chief executive officer, common shareholders, board of directors, employees. Copyright 2013 Gleim Publications Inc. Page 19 Printed for Sanja KnezevicGleim CIA Test Prep: Part 3 - Internal Audit Knowledge Elements (1898 questions) Answer (A) is incorrect. The common shareholders elect the board of directors; therefore, the shareholders are “above” the board in the corporate governance structure. Answer (B) is incorrect. The board of directors appoints the chief executive officer; therefore, the board is “above” the CEO in the corporate governance structure. Answer (C) is correct. The common shareholders elect the board of directors, who appoint the chief executive officer, who hires the employees. Answer (D) is incorrect. The common shareholders elect the board of directors, who appoint the chief executive officer; therefore, the correct order is common shareholders, board of directors, and then chief executive officer. 38 Gleim : 1.3.38 Which of the following is most likely to result from an organization’s voluntary disclosure of a violation of laws to a regulatory body? A. Harsher penalties due to the intentional nature of the violation. B. Harsher penalties due to the reduced cost incurred by the regulatory body. C. Lesser penalties due to incentives for voluntary compliance and disclosure. D. No difference in penalties because an infraction of the law requires penalties. Answer (A) is incorrect. Voluntary disclosure of information regarding the infraction does not imply that the violation was intentional. Instead, it is likely that the regulatory body would believe the infraction was unintentional if the entity consistently discloses its status on such matters. Answer (B) is incorrect. Reducing the cost of the regulatory agency to monitor companies would likely reduce the penalties associated with infractions, not increase them. Answer (C) is correct. Many regulatory bodies have systems that allow voluntary disclosure of infractions, often reducing or eliminating the associated penalties. Answer (D) is incorrect. Laws often provide flexibility in their enforcement to encourage voluntary disclosure and compliance in exchange for reduced costs if infractions occur. 39 Gleim : 1.3.39 Which of the following is not a benefit of implementing ISO 14000? A. Increased cost of waste management. B. Savings in consumption of energy. C. Lower distribution costs. D. Improved corporate image. Copyright 2013 Gleim Publications Inc. Page 20 Printed for Sanja Knezevic fb.com/ciaaofficial

Advise: Why You Wasting Money in Costly SEO Tools, Use World's Best Free SEO Tool Ubersuggest.