Which of the following is most likely to be an element of an effective regulatory compliance program?
Answer (C) is correct. The organization should take reasonable steps to achieve compliance with its standards, e.g., by using monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents and by having in place and publicizing a reporting system whereby employees and other agents could report criminal conduct by others within the organization without fear of retribution (PA 2100-5).
Which of the following is not a true statement about the relationship between internal auditors and external auditors?
Answer (A) is correct. Oversight of the work of the independent outside auditor, including coordination with the internal audit activity, is generally the responsibility of the board. Actual coordination should be the responsibility of the CAE. However, the board in the exercise of its oversight role may request that the CAE assess the performance of the external auditors. Ordinarily, this assessment is made in the context of the CAE’s function of coordinating internal and external auditing activities (PA 2050-1).
In recent years, which two factors have changed the relationship between internal auditors and external auditors so that internal auditors are partners rather than subordinates?
Answer (B) is correct. An external auditor may decide that the internal auditors’ work will have an effect on audit procedures if (1) that work is relevant, (2) it is efficient to consider how the work may affect the audit, and (3) the external auditor determines that the internal auditors are sufficiently competent and objective. Hence, internal auditors may be viewed as partners in the audit because of their increasing professionalism. Moreover, the evolving economics of external auditing creates an imperative to control audit fees by eliminating duplication of effort and monitoring more closely the hours worked by external auditors.
To improve their efficiency, internal auditors may rely upon the work of external auditors if it is
Answer (C) is correct. In coordinating the work of internal auditors with the work of external auditors, the CAE should ensure that work to be performed by internal auditors does not duplicate the work of external auditors that can be relied upon for purposes of internal auditing coverage. To the extent that professional and organizational reporting responsibilities allow, internal auditors should perform services in a manner that allows for maximum coordination and efficiency (PA 2050-1).
Internal auditors may provide consulting services that add value and improve an organization’s operations. The performance of these services
Answer (C) is correct. According to Standard 1000.C1, the nature of consulting services should be defined in the charter. Internal auditors have traditionally performed many types of consulting services, including the analysis of controls built into developing systems, analysis of security products, serving on task forces to analyze operations and make recommendations, and so forth. The board (or audit committee) should empower the internal audit activity to perform additional services if they do not represent a conflict of interest or detract from its obligations to the committee. That empowerment should be reflected in the internal audit charter (PA 1000.C1-1).
Which of the following statements is true?
Answer (D) is correct. The true statement is given in the seventh principle of PA 1000.C1-1. This principle is titledInternal Audit Foundation for Consulting Services. The principle further states that the internal audit activity is uniquely positioned to perform this type of consulting work based on (1) its adherence to the highest standards of objectivity and (2) its breadth of knowledge about organizational processes, risk, and strategies.
Which type of engagement focuses on operations and how effectively and efficiently the organizational units affected will cooperate?
Answer (B) is correct. Process (functional) engagements follow a process that crosses organizational lines, service units, and geographical locations. They focus on operations and how effectively and efficiently the organizational units affected will cooperate. These engagements tend to be challenging because of their scope and the need to deal with subunits that may have conflicting objectives.
Which type of engagement attempts to measure the accomplishment and relative success of the undertaking?
Answer (A) is correct. A program-results engagement is intended to obtain information about the costs, outputs, benefits, and effects of a program. It attempts to measure the accomplishment and relative success of the undertaking. Because benefits often cannot be quantified in financial terms, a special concern is the ability to measure effectiveness. Thus, clear definitions of objectives and standards should be provided at the outpost of the program. A program is a funded activity not part of the normal, continuing operations of the organization, such as an expansion or a new information system.
Which of the following issues need not be addressed by internal auditors when performing a privacy engagement?
Answer (D) is correct. Six issues should be addressed by the internal auditor when performing a privacy engagement: (1) compliance with governmental mandates, (2) protection of personal information from both unauthorized intrusion and misuse by those who have authorized access, (3) balancing of privacy with the need to allow appropriate and prompt availability of personal information to legitimate users, (4) documentation of compliance with privacy and other legal requirements, (5) whether the benefits of security arrangements exceed the costs, and (6) the ethical imperative for the internal auditors to maintain the confidentiality of private information. Privacy engagements address the security of personal information, not its accuracy.
Which method of evaluating internal controls during the preliminary review provides the auditor with the best visual grasp of a system and a means for analyzing complex operations?
Answer (A) is correct. Flowcharts are graphical representations of the step-by-step progression of transactions, including document (information) preparation, authorization, flow, storage, etc. Flow charting allows the internal auditor to analyze a system and to identify the strengths and weaknesses of the purported internal controls and the appropriate areas of audit emphasis