Internal Auditing and Control

Questions and Answers

Who has the responsibility of establishing a proper ethical culture within an organization?

Senior management

Auditing team

Board of directors (correct)

Operational management

Which of the following is a primary goal of IT governance?

To balance risk versus return over IT and its processes (correct)

To adopt and implement the COBIT framework

To avoid external events beyond the organization's control

To ensure IT independence from strategic goals

Who is responsible for evaluating the adequacy and effectiveness of internal controls?

Senior management

Board of directors

External auditors

Operational management (correct)

What is an inherent limitation of internal controls?

All of the above

What is a potential risk in the process of submitting expense reports for reimbursement?

Collusion between employees

Who is responsible for designing and implementing an effective system of internal control?

Senior management

What is the most likely inherent limitation of the company's internal controls in the cash receipts process?

Collusion

Which of the following is NOT a primary goal of IT governance?

To ensure IT independence from strategic goals

What is one of the primary responsibilities of internal auditors?

Evaluating the adequacy and effectiveness of controls

Which of the following is a key aspect of internal control?

Assessing risk exposures

What are the three lines of defense for effective management of risk and control?

Operational management, Compliance, Internal auditors

Which of the following statements is correct about the COSO Internal Control – Integrated Framework?

The framework requires judgment in designing and conducting internal control

Which of the following entities belongs to the second line of defense for effective management of risk and control?

Risk management

What is a component of internal control defined by the COSO Internal Control – Integrated Framework?

Internal environment

Which of the following is a challenge of implementing internal control?

Designing effective controls

What is one of the responsibilities of operational management in the three lines of defense for effective management of risk and control?

Operating a control system

What is the primary responsibility of removing pressures to meet unrealistic targets, particularly for short-term results?

To remove pressures to meet unrealistic targets

What is the primary concern of a senior executive who wishes to demonstrate the importance of the security of company information?

Visibly participating in a global information security campaign

What is the primary reason why internal controls are likely to fail?

They are not designed and implemented properly at the outset

Who is primarily responsible for establishing and maintaining internal control?

Management

What is the purpose of the three lines of defense?

To enhance communications on risk management and control by clarifying how specific duties should be assigned and coordinated within the organization

What can be a challenge in implementing internal controls?

They are not designed and implemented properly at the outset

What is the primary responsibility of the external auditor?

Conducting external audit services

What is the primary benefit of specifying the competence levels for every job in an organization?

To translate those levels to requisite knowledge and skills