The personnel department receives an edit listing of payroll changes processed at every payroll cycle. If it does not verify the changes processed, the result could be
Answer (A) is correct. The personnel department is responsible for authorization and execution of payroll transactions, e.g., hiring of new employees and determining their pay rates. Hence, this department’s verification of the payroll changes listing used in data processing is an important control over payroll processing.
An internal auditor would trace copies of sales invoices to shipping documents in order to determine that
Answer (B) is correct. If the invoices in the sample can be correctly matched with shipping documents, some assurance is given that items billed are also shipped.
After noting some red flags, an internal auditor has an increased awareness that fraud may be present. Which of the following best describes the internal auditor’s responsibility?
Answer (A) is correct. An internal auditor’s responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended (PA 1210.A2-1).
An internal auditor discovered an error in a receivable due from a major stockholder. The receivable’s balance accounts for less than 1% of the company’s total receivables. Would the auditor be likely to consider the error to be material?
Answer (C) is correct. The transaction increases audit risk because a related party is involved, even though the error is small in dollar amount. Related party transactions have a higher inherent risk than ordinary transactions. Given the inverse relationship between audit risk and materiality, the error may be considered material because of qualitative rather than quantitative considerations.
In the performance of an internal audit, audit risk is best defined as the risk that an auditor
Answer (C) is correct. SAS 47 (AU 312), Audit Risk and Materiality in Conducting an Audit, defines audit risk as the risk that the external auditor may unknowingly fail to modify his or her opinion on financial statements that are materially misstated. Its elements are control risk, inherent risk, and detection risk. For internal auditing, the overall audit risk extends not only to financial statements but also to unwitting failure to uncover material errors or weaknesses in the operations audited. There may be several different reasons for the failure, and these may be in risk categories such as sampling risk, detection risk, or control risk.
Which of the following statements is(are) correct regarding the deterrence of fraud? I. The primary means of deterring fraud is through an effective control system initiated by senior management. II. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy of the internal control system. III. Internal auditors should determine whether communication channels provide management with adequate and reliable information regarding the effectiveness of the control system and the occurrence of unusual transactions.
Answer (D) is correct. Deterrence of fraud consists of those actions taken to discourage the perpetration of fraud and limit the exposure if fraud does occur. The principal mechanism for deterring fraud is control. Primary responsibility for establishing and maintaining control rests with management. Furthermore, internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of internal control, commensurate with the extent of the potential exposure/risk in the various segments of the organization’s operations. Internal auditors should determine whether the organization fosters control consciousness, realistic goals and objectives are set, written policies describe prohibited acts and their consequences, transaction-authorization policies are maintained, mechanisms exist to monitor activities and safeguard assets, communication channels provide management with adequate and reliable information, and cost-effective controls need to be established to deter fraud (PA 1210.A2-1).
An internal auditor who suspects fraud should
Answer (D) is correct. When an internal auditor suspects wrongdoing, the appropriate authorities within the organization should be informed. The internal auditor may recommend whatever investigation is considered necessary in the circumstances. Thereafter, the auditor should follow up to see that the internal audit activity’s responsibilities have been met (PA 1210.A2-1).
During an engagement to review payments under a construction contract with a local firm, the internal auditor found a recurring monthly reimbursement for rent at a local apartment complex. Each reimbursement was authorized by the same project engineer. The internal contract. Discussion with the project engineer could not resolve the matter. The internal auditor should
Answer (A) is correct. When fraud is suspected, the internal auditor should inform the appropriate authorities within the organization. The CAE should then determine the course of action to take. The CAE is responsible for reporting immediately any incident of significant fraud to senior management or the board (PA 1210.A2-1).
The chief audit executive uncovers a significant fraudulent activity that appears to involve the executive vice president to whom the CAE reports. Which of the following best describes how the CAE should proceed?
Answer (D) is correct. The internal auditor should inform the appropriate authorities within the organization when wrongdoing is suspected, recommend any necessary investigation, and follow up to see that internal audit activity’s responsibilities have been met (PA 1210.A2-1). When the CAE’s superior is suspected of involvement in fraudulent activities, the appropriate authority within the organization is a level of management higher than the level of fraudulent activity, i.e., the chief executive officer and the audit committee.
When conducting fraud investigations, internal auditors should
Answer (D) is correct. When conducting fraud investigations, internal auditors should assess the probable level of, and the extent of complicity in, the fraud within the organization. This can be critical to ensuring that the internal auditor avoids providing information to, or obtaining misleading information from, persons who may be involved (PA 1210.A2-1).