A high-volume retailer of consumer goods has used point-of-sale data to record sales and update inventory records for several years. When price changes are scheduled, corporate headquarters downloads a price change file to a computer server system at each store. Each store's assistant manager is responsible for checking the server for downloads and running the program that updates the store's price file at the authorized price update time. In comparison with having headquarters initiate the price update centrally, this approach to price updating will most likely:
Correct Answer: D
When price changes are managed by each store's assistant manager rather than being centrally updated by headquarters, the risk that item prices will sometimes be inaccurate increases. This is due to the potential for human error in checking for downloads, running the program correctly, and ensuring the update occurs at the authorized time. Centralized updates minimize such risks by automating the process and reducing the reliance on multiple individuals to perform the task correctly.
An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:
Correct Answer: B
The best control to ensure the table of pay rates is updated correctly for only valid pay changes would be to require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization. This leverages the principle of segregation of duties, ensuring that the person verifying the updates cannot make unauthorized changes themselves. This approach provides a robust control by combining a manual supervisory check with proper authorization, reducing the risk of errors or fraud.
According to the International Professional Practices Framework, internal auditors should possess which of the following competencies?
I. Proficiency in applying internal auditing standards, procedures, and techniques.
II. Proficiency in accounting principles and techniques.
III. An understanding of management principles.
IV. An understanding of the fundamentals of economics, commercial law, taxation, finance, and quantitative methods.
Correct Answer: D
Internal auditors, according to the International Professional Practices Framework, should possess proficiency in applying internal auditing standards, procedures, and techniques (I). They should also have an understanding of management principles (III) and an understanding of the fundamentals of economics, commercial law, taxation, finance, and quantitative methods (IV). While proficiency in accounting principles and techniques (II) is more specifically required for accountants, internal auditors should have a broader understanding across various domains. Therefore, the correct competencies align with options I, III, and IV.
Which of the following is not an appropriate role for internal auditors after a disaster occurs?
Correct Answer: B
Internal auditors should not correct deficiencies of the entity's business continuity plan after a disaster. This task is a management responsibility, as it involves making operational decisions and implementing changes to processes. Internal auditors are responsible for monitoring the effectiveness of recovery efforts, recommending future improvements, and assisting in identifying lessons learned, but they should not directly correct deficiencies.
Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I. Write detailed audit procedures.
II. Identify client objectives, goals, and standards.
III. Identify risks and controls intended to prevent associated losses.
IV. Determine relevant engagement objectives.
Correct Answer: B
First, it is essential to identify client objectives, goals, and standards to understand the overall purpose and direction of the client's operations. Next, identifying risks and controls intended to prevent associated losses naturally follows, as it builds on the understanding of the client's objectives to determine what might prevent achieving these objectives. Following this, determining relevant engagement objectives is logical; it aligns the audit's goals with the client's objectives and identified risks. Lastly, writing detailed audit procedures comes after setting the engagement objectives to ensure the procedures are designed to meet these objectives and address the key risks identified.