What are the typical elements of a risk and control matrix used in the engagement planning process?
Answer : C
Comprehensive and Detailed Step-by-Step Explanation:
Risk and Control Matrix: A risk and control matrix links business objectives, the risks threatening those objectives, and the likelihood and impact of the risks. It is used to prioritize areas for review and identify necessary controls.
Other Options:
Option A: While relevant factors for assessment, these do not represent the structure of a typical risk and control matrix.
Option B: Inherent process risks are part of the matrix but need to be contextualized with objectives and controls.
Thus, the correct answer is C. Business objectives, risks to the objectives, and impact and likelihood of the risk occurring.
In a standard process mapping document, a diamond shape typically represents which of the following?
Answer : B
Comprehensive and Detailed Step-by-Step Explanation:
Diamond Shape: In process mapping, a diamond typically represents a decision point where a choice must be made based on conditions or criteria (e.g., 'Yes' or 'No').
Example: 'Is the invoice valid?' If yes, the process continues to payment; if no, it is rejected.
Other Options:
Option A: A process or operation is typically represented by a rectangle.
Option C: A flow line (arrow) indicates the direction of process flow, not a decision.
Thus, the correct answer is B. Decision.
Which of the following would best support the overall risk assessment?
Answer : B
Comprehensive and Detailed Step-by-Step Explanation:
Process Narratives and Maps: These provide a comprehensive view of the process, including descriptions of risks and controls, making them the most relevant for supporting risk assessments. They help identify gaps or weaknesses in the control environment.
Other Options:
Option A: Policies and procedures provide general guidance but lack the specificity needed for risk assessments.
Option C: Organizational charts are helpful for understanding roles but do not directly address risks and controls.
Thus, the correct answer is B.
During an accounts payable audit engagement, the internal auditor identified a risk that vendor invoices may be paid multiple times. Which of the following would be appropriate preventive controls to mitigate this risk?
Answer : B
Comprehensive and Detailed Step-by-Step Explanation:
Preventive System Controls: Identifying duplicate invoice numbers and dates is a robust preventive control, as it helps flag duplicate invoices before payment is processed.
Other Options:
Option A: Identical invoice amounts alone may not always indicate duplicates, as different invoices can share the same amount.
Option C: Manual reconciliations are detective controls, not preventive ones.
Thus, the correct answer is B.
Which of the following tools would assist with the coordination of efforts between the internal audit team and operational management?
Answer : C
Comprehensive and Detailed Step-by-Step Explanation:
Control Self-Assessment (CSA): This tool involves management and staff in evaluating controls and risks, fostering collaboration between operational teams and internal audit. CSA supports shared responsibility for risk management and control improvement.
Other Options:
Option A: Automated workpapers improve audit documentation but do not directly coordinate efforts with management.
Option B: Continuous auditing focuses on ongoing monitoring rather than collaborative efforts with management.
Thus, the correct answer is C.
During a procurement process consulting engagement, the internal auditors reviewed contracts for the hospital's supply of medicine. Which of the following would the internal auditors most likely recommend to improve the effectiveness of the procurement process?
Answer : A
Comprehensive and Detailed Step-by-Step Explanation:
Reference to Best Practices in Procurement:
Clearly specifying needs at the outset ensures that procurement decisions align with organizational objectives and operational requirements.
Reasoning:
Option A is correct because specifying needs at the beginning helps avoid over-purchasing, under-purchasing, or acquiring unsuitable items, thus improving the overall effectiveness of the procurement process.
Option B (comprehensive documentation) is important for transparency and compliance but does not directly improve the effectiveness of procurement outcomes.
Option C (qualified professionals) ensures competence but is secondary to having clear, specified needs driving the process.
Impact of Clear Needs Specification:
It ensures the procurement process delivers value, meets quality requirements, and aligns with operational demands.
An internal auditor wants to use computerized audit tools and techniques. Which of the following is a common obstacle that the auditor is likely to face?
Answer : A
Comprehensive and Detailed Step-by-Step Explanation:
Challenges with Computer-Assisted Audit Tools (CAATs):
One of the most common issues auditors face is obtaining access to the data needed for analysis, especially when data is stored in secure or restricted systems.
Access issues may arise due to technical restrictions, security policies, or inadequate documentation of data sources.
Reasoning:
Option A is correct because gaining access to relevant, complete, and reliable data is a frequent challenge when using computerized audit tools.
Option B is less common, as CAATs are often designed for use by auditors without requiring advanced IT skills.
Option C refers to reliance on IT personnel, which is less relevant for independent auditors using their own tools.
Mitigating Access Challenges:
Establishing clear communication with IT and obtaining necessary approvals in advance can help overcome data access issues.