Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
* 1. Ensure encryption keys meet ISO standards.
* 2. Determine whether an independent review of the service provider's operation has been conducted.
* 3. Verify that the service provider's contracts include necessary clauses.
* 4. Verify that only public-switched data networks are used by the service provider
Correct Answer:
C
When conducting a review of an electronic data interchange (EDI) application provided by a third-party service, the internal auditor should ensure several key aspects to maintain security and compliance:
✑ Independent Review of Service Provider: Determine whether an independent
review of the service provider's operations has been conducted. This review helps ensure that the service provider meets necessary standards and maintains adequate controls.
✑ Contractual Clauses: Verify that the service provider's contracts include necessary
clauses. These clauses should cover aspects like data security, confidentiality, compliance with standards, and performance metrics.
Ensuring encryption keys meet ISO standards and verifying the use of public-switched data networks are important but are more specific technical controls that might be part of broader reviews. The focus here should be on independent verification and robust contractual agreements
Which of the following statements is true regarding the reporting of tangible and intangible assets?
Correct Answer:
A
Plant Assets Cost: For plant assets, which are tangible fixed assets such as buildings and machinery, the cost includes all expenditures necessary to acquire the asset and prepare it for its intended use. This includes the purchase price and additional costs such as design and construction.
: This aligns with standard accounting practices where costs related to bringing an asset to
its operational state are capitalized as part of the asset's cost.
Intangible Assets Cost: The cost of intangible assets, such as patents and trademarks, typically includes the purchase price and development costs. However, option B refers to this, but the correct focus for plant assets is emphasized in option A.
Amortization of Intangible Assets: Intangible assets with finite useful lives are subject to amortization, contradicting option C. Those with indefinite lives are not amortized but tested annually for impairment.
Expense of Developing Plant Assets: Development costs for plant assets are capitalized, not expensed immediately, making option D incorrect.
Which of the following internal audit activity staffing models has the disadvantage that auditors arealways new and in training?
Correct Answer:
C
Understanding Staffing Models: Internal audit activity staffing models vary in structure and approach, each with its advantages and disadvantages. The rotational model involves assigning employees from various departments to the internal audit activity for a fixed period before they rotate back to their original or new roles within the organization. Rotational Model Disadvantages:
✑ Continuous Training: A key disadvantage of the rotational model is that auditors
are often new and in training. This model means that there is a constant influx of new staff who may lack extensive audit experience, requiring continuous training and development efforts.
✑ Consistency and Expertise: This can impact the consistency and depth of audit
expertise within the internal audit activity, as the auditors are frequently changing.
Comparison with Other Models:
✑ Career Model: Auditors build long-term careers within the internal audit activity, leading to high levels of expertise and consistency.
✑ Center of Competence Model: This model involves a centralized team of audit professionals who provide specialized audit services across the organization, ensuring high levels of competence.
✑ Hybrid Model: Combines elements of multiple models to balance the benefits and mitigate the drawbacks of each approach.
References:
✑ The rotational model's major drawback of auditors always being new and in training highlights the challenges in maintaining a stable and highly skilled audit team. Continuous training efforts are required to ensure the effectiveness of this staffing model.
Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?
Correct Answer:
B
Assigning a junior auditor to complete a complex part of an audit engagement can be a strategic decision aimed at providing the junior auditor with valuable experience. This exposure to complex tasks helps in their professional development, building their skills and knowledge for future responsibilities. Although tight deadlines or the unavailability of senior auditors might be factors, the primary reason is often to enhance the junior auditor's competence and career growth.
Which of the following is most likely to be considered a control weakness?
Correct Answer:
C
A control weakness occurs when there is a deficiency in internal controls that could allow errors or fraud to occur. While the act of buyers promptly updating the vendor listing might seem efficient, it could bypass necessary oversight and approval processes. This could lead to unauthorized or inappropriate vendors being added, increasing the risk of fraud or favoritism. Effective internal control requires that such updates be reviewed and approved by an independent party to ensure accuracy and appropriateness.
: Best practices in internal control recommend segregation of duties and independent
review processes to prevent unauthorized changes and ensure control integrity.
