Internal Auditing and Control

Questions and Answers

Who has the responsibility of establishing a proper ethical culture within an organization?

• Senior management
• Auditing team
• Board of directors (correct)
• Operational management

Which of the following is a primary goal of IT governance?

• To balance risk versus return over IT and its processes (correct)
• To adopt and implement the COBIT framework
• To avoid external events beyond the organization's control
• To ensure IT independence from strategic goals

Who is responsible for evaluating the adequacy and effectiveness of internal controls?

• Senior management
• Board of directors
• External auditors
• Operational management (correct)

What is an inherent limitation of internal controls?

All of the above (D)

What is a potential risk in the process of submitting expense reports for reimbursement?

Collusion between employees (A)

Who is responsible for designing and implementing an effective system of internal control?

Senior management (B)

What is the most likely inherent limitation of the company's internal controls in the cash receipts process?

Collusion (A)

Which of the following is NOT a primary goal of IT governance?

To ensure IT independence from strategic goals (D)

What is one of the primary responsibilities of internal auditors?

Evaluating the adequacy and effectiveness of controls (C)

Which of the following is a key aspect of internal control?

Assessing risk exposures (A)

What are the three lines of defense for effective management of risk and control?

Operational management, Compliance, Internal auditors (D)

Which of the following statements is correct about the COSO Internal Control – Integrated Framework?

The framework requires judgment in designing and conducting internal control (A)

Which of the following entities belongs to the second line of defense for effective management of risk and control?

Risk management (A)

What is a component of internal control defined by the COSO Internal Control – Integrated Framework?

Internal environment (D)

Which of the following is a challenge of implementing internal control?

Designing effective controls (B)

What is one of the responsibilities of operational management in the three lines of defense for effective management of risk and control?

Operating a control system (A)

What is the primary responsibility of removing pressures to meet unrealistic targets, particularly for short-term results?

To remove pressures to meet unrealistic targets (C)

What is the primary concern of a senior executive who wishes to demonstrate the importance of the security of company information?

Visibly participating in a global information security campaign (C)

What is the primary reason why internal controls are likely to fail?

They are not designed and implemented properly at the outset (A)

Who is primarily responsible for establishing and maintaining internal control?

Management (B)

What is the purpose of the three lines of defense?

To enhance communications on risk management and control by clarifying how specific duties should be assigned and coordinated within the organization (B)

What can be a challenge in implementing internal controls?

They are not designed and implemented properly at the outset (B)

What is the primary responsibility of the external auditor?

Conducting external audit services (D)

What is the primary benefit of specifying the competence levels for every job in an organization?

To translate those levels to requisite knowledge and skills (C)