Operations Auditing

A significant deficiency should be classified as a significant misstatement if, by itself or in combination with other control deficiencies, it results in more than a remote likelihood that a material misstatement in the company's annual or interim financial statements will not be prevented or detected.

• True
• False

It is the control exercised within the business by management and overseen by the board.

• Internal control

An individual risk may be plotted graphically using a graph, sometimes known as a

• Risk map

Fraud may be classified as management, employee, outsider and collusive fraud.

• True
• False

Internal auditors have now added further "three Es" to their portfolio of audit interest - equity, environment and __.

• ethics

SEC stands for

• Securities and Exchange Commission

Operational auditors are auditing for the "three Es". Enumerate the three Es.

COSO stands for

• Committee of Sponsoring Organizations

Accidents at work per 1,000 personnel is a workload/demand performance measure.

• True
• False

The risk register approach is widely used to create and maintain a record of threats and their management at all levels and in all parts of the organization.

• True
• False

Value is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing exposure through both assurance and consulting services.

• True
• False

Workload/demand performance measures indicate the volume of output, whether services, products or others, and when linked to measures of input of resources, give useful information on quality or quantity matters.

• True
• False

The __ sets the tone of an organization influencing the control consciousness of its people.

• Control environment

One of the control objectives for the Sarbanes-Oxley Section 302 and Section 404 Compliance Process is to achieve ongoing compliance with Section 302 and Section 404 and associated sections of the Act.

• True
• False

The audit universe of potential review projects is divided into 12 main areas. Which is not one of the main areas?

• financial and accounting
• none of the choices
• personnel
• management and administration

One of the control objectives for risk management processes is that organizational objectives support and align organization's __.

• Mission

The practical method of documenting all the elements of an operational audit review in a form which resembles the traditional internal control questionnaire is called Standard Audit Programme Guides.

• True
• False

It is the reward for taking risk.

• Profit

Since the introduction of Section 404, the external audit has been described as "the triple audit".

• True
• False

Significant risks are identified but not assessed.

• True
• False

Benchmarking is a comparison of one's performance in a specific area with that applied by others in compatible circumstances.

• True
• False

Audit staff advancement is an output performance measure.

• True
• False

It is a term used to describe the overall process or method where you identify hazards and risk factors that have the potential to cause harm (hazard identification) and analyze and evaluate the risk associated with that hazard (risk analysis, and risk evaluation).

• Risk assessment

It is a process, effected by the entity's board of directors, management and other personnel, desgned to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.

• operational auditing
• test of control
• external audit
• internal control

Internal auditing helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of __, control, and governance processes.

• risk management

It is the level of risk that the organization is exposed to if it takes no further mitigating actions.

• Gross risk

It can be defined as a deliberate fraud committed by a firm or company's management that injures investors and creditors through materially misleading financial statements, or intentional or egregious conduct whether by act or omission that leads to a material misstatement of financial statements.

• Management fraud

__ is theft by a person in a position of trust.

• Defalcation

Insourcing occurs when services previously provided by in-house personnel are supplied by an outside contractor.

• True
• False

CSA stands for

• Control Self-Assessment

Legal and regulatory issues are under research and development area of the audit universe of potential review projects.

• True
• False

__ means taking decisions and being able to see the results which follow from those decisions.

• Autonomy

One of the control objectives for internal governance processes is to promote appropriate __ and values within the organization.

• Ethics

In their 2004 Enterprise Risk Management study, COSO labelled "the control environment" as "the internal environment".

• True
• False

Maslow's view of satisfaction was bipolar.

• True
• False

It is the ratio of actual outputs to planned outputs.

• effectiveness

An error represents an unintentional misstatement of the financial statements.

• True
• False

These performance measures draw attention to unfairness or potential social irresponsibility in terms of corporate policy and practice.

• Equity Performance Measures

One of the control objectives for a review of the control environment is to ensure that management conveys the message that __, ethical values and commitment to competence cannot be compromised, and that employees receive and understand that message.

• integrity

External assessments comprise of ongoing monitoring of the performance of the internal audit activity.

• True
• False

The IT auditor is responsible for all internal audit engagements, whether performed by or for the internal audit activity, and all significant professional judgments made throughout the engagement.

• True
• False

__ is an intentional, deceitful act for gain with concealment.

• Fraud

__ means removing one or more levels of management from the enterprise or from a part or parts of it.

• Delayering

The internal auditor's use of risk assessment can operate at different levels of audit planning and activity. At the operational level, the auditor may choose to apply risk assessment techniques to the potential universe of possible audit projects as a means of setting relative priorities.

• True
• False

Rate of completion of audits on schedule is an output performance measure.

• True
• False

The suggested form of SAPG is divided into three distinct sections: title page, the risk/control issues and __.

• System interfaces

__ is the Father of Management Theory.

• Fayol

COSO (2014) takes a more cautious view: no entity operates in a risk-free management and enterprise risk management does not seek to move towards such an environment.

• True
• False

Efficiency performance measures include breakdown per production day.

• True
• False

The Treadway Commission, a private sector initiative, was formed in year __ to inspect, analyze and make recommendations on fraudulent corporate financial reports.

• 1985

CIPFA stands for

• Chartered Institute of Public Finance and Accountancy

__ are systems which set out to demonstrate to customers that a business is committed to quality and able to supply its customers' quality needs.

Operational auditors are auditing for the three Es - effectiveness, efficiency and __.

• Economy

In relation to risk, this term could be defined as an unwanted event or outcome that management would wish to avoid.

• exposure

Internal auditing is a dependent, objective assurance and consulting activity designed to add value and improve an organization's operations.

• True
• False

There are various objectives for CSA workshops and each determines how workshop time will be expended. Hubbard calls this

• workshop formats

Anonymous voting hardware and software are often termed

BPR stands for

• business process reengineering

Internal communication is the means by which information is disseminated throughout the organization, flowing up, down, and across the entity.

• True
• False

Which is not a scope of marketing and sales area of the audit universe of potential review projects?

• order processing
• product development
• spare parts and supply
• pricing and discount policies

Tests of controls to be conducted should be designed and the nature of these tests should be documented. The documentation of the tests to be performed is sometimes termed "test script".

• True
• False

It is usually defined as the possibility that an event will occur and adversely affect the achievement of objectives.

• Risk

__ is the art of enabling others to achieve better results for themselves.

It is the ratio between planned inputs and actual inputs in terms of unit costs of given quality.

• Economy

In the control matrix, three elements of inherent or (size) risk are accounted for.

• True
• False

Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives.

• True
• False

It is a management philosophy embracing all the activities through which the needs and expectations of the customers, the community and the objectives of the organization are satisfied in the most efficient and cost effective way by maximizing the potential of all employees in a continuing drive for improvement.

• Total Quality Management

Departmental grant per member of staff is an equity performance measure.

• True
• False

The financial accounting process is not based on the basic processing of transactions relating reflecting economic events.

• True
• False

MIS stands for

• Management Information System

An alternative term for the probability dimension would be the control risk or the __.

• System risk

Internal Control: Guidance for Directors on the Combined Code (1999) also known as the __ was a report drawn up with the London Stock Exchange for listed companies.

• Turnbull report

Fraud and error are intentional.

• True
• False

Rotation of audit staff is an output performance measure.

• True
• False

Generally, one of the control objectives for the internal audit activity is to add value to the organization.

• True
• False

CICA stands for

• Canadian Institute of Chartered Accountants

AICPA stands for

• American Institute of Certified Public Accountants

It means the achievement of objectives.

• effectiveness
• reliability
• performance
• efficiency

One of the control objectives for the Sarbanes-Oxley Sections 302 and 404 Compliance Process is to control the __ of Section 302 and Section 404 compliance.

• Costs

They are the policies, procedures, techniques, and mechanisms that help ensure that management's response to reduce risks identified during the risk assessment process is carried out.

• Control activities

The corporate framework process incorporates those activities concerned with ensuring effective and appropriate governance processes and external accountability.

• True
• False

Legal department is under the management and administration area of the audit universe of potential review projects.

• True
• False

It is the level of risk that the organization would be exposed to if there were no mitigating measures in place.

• Inherent risk

Which is not under the stock and materials handling?

• warehousing and storage
• stock control
• distribution, transport and logistics
• purchasing

All of the following are within the scope of information technology area except

• contingency planning
• processing operations
• facilities management
• tendering procedures

Administrative control comprises the plan of the organization and the procedures and records that are concerned with the safeguard of assets and the reliability of financial records.

• True
• False

This process is related to activities that exchange the organization's products and services for cash.

• Revenue Process

The risk matrix and the risk register are the two useful tools to be applied in risk management.

• True
• False

He/she is the most senior person with overall responsibility for overseeing the mitigation of the threat.

• Risk Sponsor

The main part of the SAPG is the risk/control issues.

• True
• False

Section 302 of the Sarbanes-Oxley Act relates to Corporate Responsibility for Financial Statements.

• True
• False

CIPFA suggested that there are four fundamental questions to be asked for internal auditing, without which performance measures for internal audit have little meaning.

• True
• False

The first main part of the Quality Assurance and Improvement Program is divided into internal assessments and external assessments.

• True
• False

Drucker (1977) said that the main goal of management science must be to enable business to take the right risk.

• True
• False

Section 302 of the Sarbanes-Oxley Act of 2002 relates to Management Assessment of Internal Controls.

• True
• False

The Sarbanes-Oxley Act requires that another firm of public accountants must undertake the Section 404 audit work.

• True
• False

The revenue process relates to those activities/systems that acquires goods, services, labor and property.

• True
• False

Electronic data interface (EDI) between business partners may be used to reduce physical paperwork and speed up the flow of relevant data.

• True
• False

In 1982, Schonberger listed the 14 concepts associated with a streamlined and focused approach to production.

• True
• False

Economy performance measures may highlight waste in the provision of resources indicating that the same resources may be provided more cheaply or that more enterprise may be conducted at the same cost.

• True
• False

Business cycle approach focuses on a number of related economic events that occur within an organization that in turn may generate transactions and interactions with systems.

• True
• False

A __ is a deficiency or a combination of deficiencies in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the company's

• material weakness
• annual or interim financial statements will not be prevented or detected on a timely basis.

The PCAOB is a nonprofit corporation established by Congress to oversee the audits of public companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports. PCAOB stands for

• Public company accounting oversight board

A __ is a deficiency or a combination of deficiencies in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by

• Significant deficiency
• those responsible for oversight of the company's financial reporting.

It is the ratio of actual inputs to actual outputs.

• Efficiency

Quality costs may apply on the cost of correcting defective products or services prior to delivery to the customer (i.e., external failures).

• True
• False

__ is sometimes termed "contracting out".

• Outsourcing

The risk and control issues are divided into two groups, namely key issues and detailed issues.

• True
• False

A material weakness in internal control over financial reporting may exist even when financial statements are not materially misstated.

• True
• False

This page of the SAPG is intended to alert auditors to the likely interfaces between the system or activity being addressed in the SAPG and others.

• System interfaces

It is sometimes used in a different context to refer to a style of operational auditing which makes extensive use of key performance indicators to explore the cost of achieving standards of efficiency and effectiveness and whether these costs represent good value.

• Value for money auditing

__ are costs associated with maintaining a quality environment.

• Quality costs

Ratio of customer complaints to sales is an example of efficiency performance measures.

• True
• False

The SAPG Title Page has three separate areas.

• True
• False

Pension scheme is under the management and administration area of the audit universe of potential review projects.

• True
• False

COSO states that enterprise risk management framework is geared to achieving an entity's objectives, set forth in three categories.

• True
• False

It is a process, effected by the entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.

• operational auditing
• test of control
• external audit
• internal control

An alternative term for the size dimension would be

• inherent risk

This process is fundamentally concerned with those activities relating to the organization's capital funds.

• Treasury Process

CIA stands for

• Certified Internal Auditor

Cleaning cost per hour worked is a workload/demand performance measure.

• True
• False

This term relates to the utilization and management of various resources in the process of creating the goods and services to be marketed by the organization.

• conversion

He/she is the member of staff to whom day-to-day management of the risk has been assigned.

• Risk owner

Control Self Assessment was developed during the 1990s as an alternative to or more generally an adjunct to conventional internal auditing.

• True
• False

One of the control objectives for internal governance processes is to ensure effective organizational performance management and __.

• accountability

Significant misstatement is a misstatement that is less than material.

• True
• False