Internal Auditing, it's a multiple question exam. Please, I will appreciate a quick response.

ACCT 436 SECTION 6380 INTERNAL AUDITING EXAM 1 INSTRUCTOR: MR. STEVEN ULMER INSTRUCTIONS This is an open book exam. You are allowed to use any of the week 1-3 materials (readings, lectures, discussion postings). MULTIPLE CHOICE (2 points each) Pick the best answer 1) Which of the following is not a category of objectives of internal control per the COSO Internal Control Framework? A) Reliability of financial reporting B) Achievement of strategic objectives C) Effectiveness and efficiency of operations D) Compliance with laws and regulations E) All of the above are categories of objectives of internal control 2) The internal audit activity's role in the risk management process of an organization may not encompass: A) No role B) Auditing the risk management process as part of the internal audit plan. C) Facilitating identification of risks D) Accountability for risk management E) Participation on oversight committees, monitoring activities, and status reporting. 3) The IIA Code of Ethics specifically prohibits a CAE from receiving stock options. A) True B) False 4) Which of the following is true? A) An auditor who lacks business knowledge cannot produce good audit findings B) Auditors cannot build relationships with the business because it would violate the principle of objectivity C) Auditors who lack business knowledge will have a more difficult time establishing credibility D) Internal auditing typically knows more about the function being audited than the audit client E) All of the above are true ACCT 436 SECTION 6380 INTERNAL AUDITING EXAM 1 INSTRUCTOR: MR. STEVEN ULMER 5) Which of the following best describes internal auditing's primary purpose in reviewing the organization's existing governance, risk management and controls processes? A) To develop the audit plan B) To ensure all weaknesses in the internal control system are corrected C) To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met D) To offer an opinion as to whether the financial statements are fairly stated E) To comply with the IPPF Code of Ethics 6) Which of the following is true about internal vs. external auditing? A) Internal auditing reports to the external auditors B) Internal auditing is more focused on financial reporting than external auditing C) Many of the tool and techniques in auditing are common to both internal and external auditing D) External auditors cannot rely on any of the work done by internal auditing E) Both have the same definition of the term \"independence.\" 7) Which of the following is not part of the definition of internal auditing? A) B) C) D) E) Risk management Governance Consulting Add value Implement internal controls 8) Which of the following is true about ERM? A) The COSO ERM Framework is the only approved ERM framework in the U.S. B) 90% of all corporations have implemented the entire COSO ERM Framework C) The COSO ERM Framework is part of the COSO Internal Controls Framework D) An effective ERM process will guarantee the enterprise will achieve its business objectives E) None of the above is true 9) In which situation does the internal auditor lack objectivity? A) The internal auditor recommends standards of performance for an outsourcing contract B) The internal auditor discusses the status of a system implementation over lunch at a vendor conference C) The internal auditor performs a review of internal controls over the treasury function eight months after being transferred from that department to internal auditing D) The internal auditor reviews audit findings with the CAE prior to issuing the final audit report E) All of the above ACCT 436 SECTION 6380 INTERNAL AUDITING EXAM 1 INSTRUCTOR: MR. STEVEN ULMER 10) In the three lines of defense model, the primary responsibility for maintaining effective internal controls belongs to: A) B) C) D) E) The audit committee The CEO Internal auditing The risk management function Operational management 11) Which of the following is not true about a risk assessment process? A) All risks require continual monitoring B) It is about measuring and prioritizing risks C) It requires analysis of interaction among risks D) Risk assessment should be done before developing risk responses E) All of the above are true 12) Which of the following is a change to the updated COSO Internal Control Framework from the 1992 version? A) The definition of internal controls B) The 17 principles C) The three categories of control objectives D) The five integrated components E) The importance of management judgment 13) According to the IPPF, an internal auditor assigned to an audit engagement: A) B) C) D) E) Must be an expert in the area being audited Must be proficient and exercise due professional care Cannot have a relative working anywhere in the company Must be a Certified Internal Auditor Is responsible for detecting fraud 14) Which of the following is the most significant risk associated with all outsourcing arrangements? A) B) C) D) E) Hidden costs Quality Protection of intellectual property Compliance with laws and regulations The most significant risk depends on what is being outsourced ACCT 436 SECTION 6380 INTERNAL AUDITING EXAM 1 INSTRUCTOR: MR. STEVEN ULMER 15) Which of the following about how internal auditing adds value is not true? A) Different levels in the organization have different opinions as to how internal auditing can best add value B) What is considered value add in one organization may not be considered value add in another organization C) For any organization consulting is considered to be higher value add than assurance services D) How internal auditing can best add value changes over time E) Internal auditing is limited by resources, staff size and expertise in where and how they can add value 16) The manager of data processing requested your assistance on a new computerized accounts payable system being developed. He has two requests: a) Internal auditing makes suggestions during the development of the system. b) Internal auditing assists in the installation of the system and approves the system after making a final review. Which of the following statements is correct? A) The auditors can provide assistance in both areas without violating the Code of Ethics. B) The auditors can assist in a) but not b) without violating the Code of Ethics C) The auditors can assist in b) but not a) without violating the Code of Ethics D) The auditors would violate the Code of Ethics by providing any of the requested assistance E) The Code of Ethics is not applicable to the requests from the manager of data processing 17) In reviewing the governance process which of the following is not applicable to the role of top management? A) Organizational structure B) Board oversight C) Corporate culture D) Management control systems E) All of the above 18) Which of the following is true about risk-based auditing? A) It requires less people and business skills B) It requires less management involvement in audits C) There is a consensus within the profession as to how to implement D) All internal auditing departments can effectively use this approach E) None of the above are true 19) Which of the following is not within the scope of an internal auditing review of IT governance? A) IT organizational structure B) Alignment between the business and IT in meeting the needs of the business C) Adequacy and reporting of IT metrics D) Management of third-party relationships E) All of the above would be covered in a review of IT governance ACCT 436 SECTION 6380 INTERNAL AUDITING EXAM 1 INSTRUCTOR: MR. STEVEN ULMER 20) Risk-based internal auditing deals is not about auditing management of risks but about auditing the risks themselves? A) True B) False 21) Which of the following is not a legitimate role for internal auditing in cloud computing? A) Reviewing personnel transition and end-user training plans B) Providing assurance on IT general controls C) Reviewing service level agreements D) Ongoing monitoring of vendor performance E) Implementing the cloud computing strategy 22) Which of the following is not cited in week 3 as a limitation of a system of internal controls? A) Cost/benefits trade-offs in establishing controls B) Average age of senior management C) Management overrides D) Collusion E) Lack of training in control procedures 23) Which of the following is true about the IPPF? A) B) C) D) E) By law in the U.S. internal auditing departments must comply with all the IIA Standards. Interpretations are not considered to be mandatory guidance The Code of Ethics is part of the Standards Independence as defined in the IPPF is a concept dealing with an unbiased mental attitude All of the above are not true 24) Which of the following would be considered a bad risk management practice? A) B) C) D) E) Driven from the top down Tailored to the organization Primarily focused on hard controls Integrated in the system of management None of the above 25) Which area can risk management and internal auditing not collaborate? A) B) C) D) E) Sharing available resources Being jointly accountable for risk management Assessing and monitoring risks Sharing work products Cross-leveraging expertise ACCT 436 SECTION 6380 INTERNAL AUDITING EXAM 1 INSTRUCTOR: MR. STEVEN ULMER 26) Which are the following is not considered to be a difference between ERM and traditional approaches to risk management? A) B) C) D) E) ERM encompasses all areas of organizational exposure to risk ERM manages risks holistically as an interrelated portfolio across the organization ERM is still evolving but traditional risk management is fully defined and established ERM views risk management as a source of competitive advantage All of the above are differences 27) Without effective general computing controls, reliance on IT systems may not be possible? A) True B) False 28) Which of the following about outsourcing is not true? A) According to COSO ERM the risk can be assumed by the service provider B) The level of risk increases when key business operations are outsourced C) The organization should consider the risk of performing the function internally and compare it to the risk of outsourcing D) Managing the relationship is more difficult because the service provider may limit the client's ability to observe and assess controls E) All of the above are true 29) Which of following is true about GRC? A) B) C) D) E) It should be implemented as a technology solution Internal auditing has primary responsibility for ensuring the organization has implemented GRC Each component of GRC has to be at the same level of maturity Integrating GRC is a gradual process All of the above are true 30) Based on the IPPF Standards which of the following does internal auditing not have responsibility for in the area of governance? A) Assessing how will the organization promotes ethical values B) Assessing information technology governance C) Being a key sponsor of GRC D) Making recommendations to ensure effective organizational performance management E) All of the above are responsibilities of internal auditing Reading list: Internal Auditing 1. https:/a.theiia.org/about-us/about-ia/Pages/frequently-asked-questions.aspx 2. The Core Principles for the Professional Practice of Internal Auditing, Definition of Internal Auditing, Code of Ethics, and the Attribute Standards. https:/a.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx 3. Joint report \"Intersecting Roles\" by the Center for Audit Quality (CAQ) and the Institute of Internal Auditors (IIA) to consider the relationship between the internal audit function and key stakeholders including the audit committee and the external auditors https:/a.theiia.org/special-promotion/PublicDocuments/CAQ-Intersecting-Roles-Report.pdf 4. \"Ethical Dilemmas and Internal Auditing\" http://auditnet.tv/Video/IA8EthicalDilemmas.pdf 5. What Would You Do? An Ethical Dilemma https://www.theiia.org/sites/auditchannel/Pages/video.aspx?v=NvMWZiMzE6y-_mOnYaHTN_5Yke_OlZg&utm_source=AuditChannel&utm_medium=social&utm_campaign=AC_WWYD_linkedin_5.5.16& adbsc=ACTVFeature60796826&adbid=UPDATE-c22580-6134154598996287488&adbpl=li&adbpr=22580 Week 2 Reading List 1) IIA Standards Sections 2100-2130 https:/a.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf 2) Webinar: Integrating Governance, Risk Management and Compliance (minute 3 to minute 22 on the audio) https://www.youtube.com/watch?v=rwJk9cNnGvU 3) April 2014 Strategic Finance Magazine Article on risk and internal controls http://www.imanet.org/docs/default-source/sf/04_2014_mcnally-pdf.pdf?sfvrsn=0 4) Access this article to consider how risk managers and internal auditing can work together. https:/a.theiia.org/standards-guidance/Public%20Documents/RIMS%20and%20The%20IIA%20Executive%20Report %20Forging%20a%20Collaborative%20Alliance.pdf 5) \"Auditing the Corporate Governance Effort in an Organization\" http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/AuditingtheCorporateGovernanceEffortina nOrganization/$FILE/Auditing%20the%20Corporate%20Governance%20Effort%20in%20an%20Organization.pdf 6) \"Risk-based Internal Auditing\" -pages 1-15 and appendices https://global.theiia.org/standards-guidance/topics/Documents/201501GuidetoRBIA.pdf 7) Risks Assessment in Practice- focus on pages 1-11. Scan pages 12-18 to gain familiarity with some tools. http://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/dttl-grcriskassessmentinpractice.pdf Weekly Readings 1) \" The Three Lines of Defense in Effective Risk Management and Control\" -https:/a.theiia.org/standardsguidance/Public%20Documents/PP%20The%20Three%20Lines%20of%20Defense%20in%20Effective%20Risk %20Management%20and%20Control.pdf 2) Blair Cook on COSO and Internal Audit. COSO Integrated Internal Control Framework video http://www.youtube.com/watch?v=0urvctTcCCw 3) The Updated COSO Internal Control Framework: Frequently Asked Questions (3rd Edition) -Pages 113 http://www.protiviti.com/en-US/Pages/The-Updated-COSO-Internal-Control-Framework-FAQ.aspx 4) \"The Outsourcing Relationship\" Internal Auditor magazine June 2011 (in UMUC Library and eReserves) 5) \"Information Technology Auditing for Non-IT Specialist\"- slides 5-33 https://www.theiia.org/chapters/pubdocs/11/ITAuditingforNon_ITSpecialistsPittsburghIIAChapter2010_10_04.pdf 6) \"Internal Audit's Role in Cloud Computing\" pages 1-6 http://www.protiviti.com/en-UK/Documents/Whitepapers/PRO_0412_WP_108119-CloudComputing_GRB_ENG_SEC.pdf