MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN

Solutions Manual, Chapter 21, Page 1 of 14

© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN

CONSENT OF MCGRAW HILL LLC.

CHAPTER 21

Internal, Operational and Compliance Auditing Review Questions 21-1Internal auditing may be defined as an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. AICPA and PCAOB auditing standards state that one aspect of an organization's control environment is management's control methods for monitoring and following up on performance, including internal auditing.21-2The scope of internal auditing has evolved from a primary concern with financial controls to a scope

that includes:

(4)Reviewing and evaluating all types of internal controls, (5)Evaluating the organization’s risk assessment processes, (6)Making recommendations regarding the organization’s system of governance, and (7)Performing other assurance and consulting services for the benefit of management.21-3Internal auditing has evolved to meet the needs of business, government, and nonprofit organizations.Initially, internal auditors supplemented the work of the independent auditors by helping to ensure the accuracy of the organization's financial information. However, as organizations became more complex, operational controls became more important, and the scope of the internal auditors' work expanded to include evaluating and testing financial and operational controls.The enactment of the Foreign Corrupt Practices Act also expanded the demand for internal auditing activities. The accounting provisions of the act require public companies to establish and maintain effective internal accounting controls. An internal auditing function helps to ensure that a company complies with these provisions.The Report of the National Commission on Fraudulent Financial Reporting included a recommendation that public companies establish and maintain an internal auditing function staffed with appropriately qualified personnel and fully supported by top management.Principles of Auditing & Other Assurance Services, 2024 23e By Ray Whittington (Solutions Manual All Chapters, 100% Original Verified, A+ Grade) All Chapters Solutions Manual Supplement files download link at the end of this file.All Chapters Are Arranged Reverse From 21-1 1 / 4

Solutions Manual, Chapter 21, Page 2 of 14

© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN

CONSENT OF MCGRAW HILL LLC.

Finally, the Sarbanes-Oxley Act of 2002 prohibits auditors from performing internal audit services for public-company audit clients. This has increased the demand for internal auditors.21-4In addition to knowledge and skills about accounting and auditing, modern internal auditing requires knowledge in such disciplines as economics, law, finance, statistics, computer processing, engineering, and taxation.21-5This statement is false. The scope of the work of independent auditors is generally confined to the audit of the organization's financial statements and, possibly, performing other attestation services such as examining internal controls over financial reporting. Therefore, independent auditors are primarily concerned with only those controls that affect the reliability of the organization's financial statements. The work of the internal auditors encompasses evaluation of all financial, compliance, and operating policies and procedures. Many progressive internal auditing departments also perform operational audits for the organization to evaluate the efficiency and effectiveness of various operating units, and a broad range of other assurance and consulting services for management.21-6The external auditors' objectives are to perform an audit of the organization's financial statements and to express an opinion on those statements. In auditing the financial statements, the external auditors will consider those controls that affect the reliability of the financial information included in the financial statements. For a public company, they may also be engaged to examine the management’s assertion about the reliability of internal controls over financial reporting. Internal auditors are concerned with all controls, regardless of whether they are financial, compliance, or operational.They appraise the effectiveness and efficiency of the operating segments throughout the organization.21-7The eleven general categories of the IIA's Standards for the Professional Practice of Internal

Auditing include:

(1)Purpose, Authority, and Responsibility (2)Independence and Objectivity (3)Proficiency and Due Professional Care (4)Quality Assurance and Improvement Program (5)Managing the Internal Audit Activity (6)Nature of Work (7)Engagement Planning (8)Performing the Engagement (9)Communicating Results (10)Monitoring Progress (11)Communicating the Acceptance of Risks 21-8The statement is false. Since internal auditors are employees of the organization, they cannot be independent of the organization itself. However, when the organizational status of the director of internal auditing is appropriate, and individual internal auditors are assigned to audit activities with which they have no conflicts of interest, the internal auditors can certainly be independent of the activities that they audit. 2 / 4

Solutions Manual, Chapter 21, Page 3 of 14

© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN

CONSENT OF MCGRAW HILL LLC.

21-9 When the internal auditing department has sufficient organizational status, its director reports to a level of management that would not inappropriately influence the scope of the internal auditors' work or their reported findings. In addition, the internal auditors' recommendations are more likely to be considered and implemented in such circumstances. This level of reporting is ideally the audit committee of the board of directors.

21-10 The following are the significant factors that are important to the management of an internal audit

department:

(1) Developing risk-based audit plans, consistent with organizational goals.(2) Communication of audit plans to senior management and the board for review and approval.(3) Ensuring that the internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan.(4) Establishing policies and procedures to guide the internal audit activity.(5) Sharing information and coordinating internal audit efforts with the efforts of other assurance providers and consultants.(6) Periodic reporting to the board or senior management on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan.

21-11 The requirements for becoming an Certified Internal Auditor include: (1) having a baccalaureate degree from an accredited college, (2) successful completion of a three-part examination, and (3) obtaining at least two years of work experience in internal auditing or its equivalent (one year with a master’s degree). Once internal auditors become certified, they must meet requirements for continuing professional education.

21-12 In a financial statement audit, the auditors obtain sufficient competent evidential matter to express an opinion on the organization's financial position, results of operations, and cash flows. Operational audits focus on the efficiency, effectiveness, and economy of an organization or of a segment of the organization.

21-13 The purposes of an operational audit are to provide:

(1) Top management with assurances that every component of the organization is working to attain the organization's goals, or (2) Regulators and Congress with assurances that governmental programs are meeting their objectives in an efficient and effective manner.

21-14 Yes. A discussion of findings with operating personnel ensures that the internal auditors have an accurate and complete understanding of the situation. Also, affected management may consider the findings and take immediate action on the problems disclosed.

21-15 CPAs may perform agreed upon procedures related to (1) management's assertion about compliance with specified requirements or (2) management's assertion about the effectiveness of an entity's internal control over compliance.

21-16 The statement is incorrect. The objective of such engagements is to present specific findings to assist users in evaluating management's assertion about an entity's compliance with a law or regulation.The report issued provides a summary of findings, not negative assurance.

• / 4

Solutions Manual, Chapter 21, Page 4 of 14

© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN

CONSENT OF MCGRAW HILL LLC.

21-17 A broker-dealer is a person or firm in the business of buying and selling securities. Such a firm operates as a broker when it processes orders on behalf of clients, and as a dealer when it trades for its own account.

21-18 Tests of compliance with laws and regulations are designed to determine whether assertions by management are materially misstated because of violations of laws and regulations. They are substantive tests usually accomplished by examining supporting documents.

21-19 In an audit in accordance with AICPA generally accepted auditing standards, the auditors have a responsibility to design the audit to provide reasonable assurance of detecting material misstatements resulting from violations of laws and regulations that have a direct effect on line-item amounts in the financial statements. An example of a direct-effect illegal act is the violation of an income tax law that affects the amount of the organization's income tax liability. Another example is a violation of the provisions of a government program relating to the use of funds which could result in a material liability.

21-20 A governmental organization may obtain any of the following types of audits:

(1) An audit of its financial statements in accordance with AICPA generally accepted auditing standards.(2) An audit in accordance with Government Auditing Standards.(3) An audit conducted in accordance with the Single Audit Act.

21-21 The additional documentation requirements of Government Auditing Standards include:

(1) Before the report is issued, evidence of supervisory review of the work performed that supports findings, conclusions, and recommendations contained in the audit report, and (2) Any departures from Generally Accepted Government Auditing Standards and the impact on the audit or the auditors’ conclusions.

21-22 The ethical principles set forth in Government Auditing Standards include:

(1) The public interest—Observing integrity, objectivity, and independence in performing professional services assists the auditors in serving the public interest; (2) Integrity—Public confidence in government is maintained by auditors’ performing professional services with integrity; (3) Objectivity—Objectivity includes being independent in fact and appearance when providing audit and attest services, maintaining an attitude of impartiality, being intellectually honest, and being free from conflicts of interest; (4) Proper use of government information, resources, and position—These items should be used for official purposes and not for the auditors’ personal gain or otherwise inappropriately; and (5) Professional behavior—Auditors should comply with laws and regulations and avoid any conduct that might bring discredit to the auditors’ work.

21-23 This statement is not correct. In an audit in accordance with Government Auditing Standards, the auditors are required to perform the same procedures as required for an audit in accordance with AICPA generally accepted auditing standards. The auditors must test compliance with those laws and regulations that have a direct and material effect on the amounts in the organization's financial statements. In addition, Government Auditing Standards clarify that this includes provisions of contracts and grants. An audit in accordance with Government Auditing Standards also involves some additional communication requirements and issuing additional reports on internal control and on compliance with laws and regulations.

• / 4