UJIAN TENGAH SEMESTER

Mata Kuliah : Internal Auditing

Hari/Tanggal : Selasa / 20 Oktober 2020
Waktu : 60 Menit (10.30 sd 11.30 wib)
Dosen : Tim Dosen
Sifat Ujian : Open Book

Petunjuk Pengerjaan :
Kerjakan semua soal dengan teliti. Pastikan sebelum Anda klik “Submit” semua jawaban sudah
benar-benar diperiksa dengan seksama guna menghndari pertanyaan yang terlewat. Pastikan juga
setelah submit, anda klik “mark as done” untuk menandai bahwa ujian telah selesai.

Chapter 1 ( Introduction to Internal Audit – 18% )

1. While planning an internal audit, the internal auditor obtains knowledge about the auditee to,
among other things:
a. Develop an understanding of the auditee's objectives and risks.
b. Evaluate whether misstatements in the auditee's performance reports should be
communicated to senior management and the audit committee
c. Make constructive suggestions to management concerning internal control improvements.
d. Develop an attitude of professional skepticism about management's assertions.

2. The scope of internal auditing work encompasses a systematic, disciplined approach to

evaluating and improving the adequacy and effectiveness of all of the following processes
except
a. Risk management.
b. Control.
c. Financial statements.
d. Governance

3. Internal audit activities may involve which of the following?

a. Assurance services.
b. Neither assurance nor consulting services
c. Consulting services.
d. Both assurance and consulting services.

4. Assurance, Insight, and Objectivity comprise:

a. The three lines of defense model.
b. The objectives of internal auditing.
c. The value proposition
d. The mission of internal auditing.
5. Which of the following is mandatory guidance within the IPPF? mandatory guidance:
a. Implementation guidance. 1. core principles
b. The value proposition. 2. definition of internal auditing
c. The core principles. 3. international standards
d. Supplemental guidance. 4. code of ethics

6. Internal auditors must have competent interpersonal skills. Which of the following does not
represent an attribute of interpersonal skills?
a. Leadership.
Internal auditing is an independent,
b. Team capabilities objective assurance and consulting activity
c. Project management. designed to add value and improve an
organization's operations (Definition of
d. Communication. Internal Auditing).

7. Which of the following best describes the purpose of the internal audit activity?
a. To add value and improve an organization’s operations.
b. To monitor the organization’s internal control system for the external auditors
c. To examine and evaluate an organization’s accounting system as a service to management.
d. To assist management with the design and implementation of risk management and control
systems.

8. Which of the following are components of the definition of internal auditing?

a. Independence and objectivity. - independence and objectivity
b. Helping the organization accomplish its objectives. - systematic and disciplined approach
- helping organization accomplish its objectives
c. A systematic and disciplined approach.
d. All of the above.

9. Independent outside auditors provide financial reporting assurance services primarily for:
a. Management.
b. Board of directors.
c. The benefit of third parties.
d. The CEO.

Chapter 2 ( The International Professional Practice Framework – 16% )

1. According to the Standards, which of the following must the internal audit manager think about
when considering appropriate due care while planning an assurance engagement?
a. The potential to deliver consulting services to the auditee
b. The cost of assurance in relationship to potential benefits.
c. Job openings in the area that may be of interest to internal auditors assigned to the
engagement.
d. The opportunity to cross-train internal audit staff.
 2. Which of the following are "mandatory guidance" in The IAAs IPPF :
(I) Implementation Guides
(II) The Code of Ethics
(III) The Definition of Internal Auditing
(IV) The Standards.
a. I, II, III, and IV.
b. I, II, and IV.
c. II, III, and IV.
d. II and IV.

3. According to the Standards, how is the independence of the internal audit function achieved?
a. Human relations and communications.
b. Staffing and supervision.
c. Quality assurance and internal review
d. Organizational status and objectivity.

4. If impairments to independence or objectivity exist prior to commencement of the consulting

engagement or develop during the engagement, what action should be taken?
a. Disclosure should be made immediately to management.
the purposes of
the
b. Disclosure should be made immediately to the audit committee.
Standards are to c. The internal auditor should withdraw from the engagement.
1. State basic
principles that
d. Disclosure should be made immediately to the board.
represent the
practice of internal
auditing as it
5. Which of the following is a Core Principle for the Professional Practice of Internal Auditing?
should be. a. Maintain confidentiality.
2. Provide a
framework for
b. Develop consistency in internal audit practices.
performing and c. Is appropriately positioned and adequately resourced
promoting a broad
range of value-
d. Promote an ethical culture in the internal audit profession.
added internal
audit activities.
3. Establish the
6. The purposes of the Standards include all of the following except
basis for the a. Fostering improved organizational processes and operations.
measurement of
internal audit
b. Establishing the basis for the measurement of internal audit performance.
performance. c. Guiding the ethical conduct of internal auditors.
4. Foster improved
organizational
d. Stating basic principles that represent the practice of internal auditing as it should be.
processes and
operations.
7. An internal auditor most likely will have a conflict of interest by providing an assurance service
with regard to a
a. Purchasing activity if a major supplier is owned by the internal auditor’s brother-in-law.
b. Computer system for which the internal auditor had been the internal audit activity’s
representative on the design team
c. Data processing center for which the internal auditor had performed the service three times
previously.
d. Financial activity in which the internal auditor had been a key employee 5 years previously.
8. Which of the following is not true with regard to the internal audit charter?
a. It specifies the minimum resources needed for the internal audit activity.
b. It defines the authorities and responsibilities for the internal audit activity.
c. It provides a basis for evaluating the internal audit activity.
d. It should be approved by senior management and the board.

Chapter 3 ( Governance – 18% )

1. The administrative reporting line of the CAE (Chief Audit Executive) should be to
a. Line management.
b. CEO or equivalent.
c. Board of directors.
d. The audit committee.

2. The internal audit function should not:

a. Assess the organization's governance and risk management processes.
b. Oversee the organization's governance and risk management processes.
c. Coordinate its governance and risk management-related activities with those of the
independent outside auditor.
d. Provide advice about how to improve the organization's governance and risk management
processes.

3. Which of the following is not a role of the internal audit activity in best practice governance
activities?
a. Support the board in enterprise-wide risk assessment.
b. Monitor compliance with the corporate code of conduct.
c. Ensure the timely implementation of audit recommendations.
d. Discuss areas of significant risks

4. Which of the following is not an appropriate governance role for an organization's board of
directors?
a. Establishing broad boundaries of conduct, outside of which the organization should not
b. Providing assurance directly to third parties that the organization's governance processes
are effective.
c. Evaluating and approving strategic objectives.
d. Influencing the organization's risk-taking philosophy.

5. Who is ultimately responsible for identifying new or emerging key risk areas that should be
covered by the organization's governance process?
a. The internal audit function
b. Senior management.
c. Risk owners.
 d. The board of directors.

6. Which of the following is not a role of the internal audit function in best practice governance
activities?
a. Discuss areas of significant risks
b. Monitor compliance with the corporate code of conduct.
c. Support the board in enterprisewide risk assessment.
d. Ensure the timely implementation of audit recommendations.

7. The internal audit activity has a role in an organization’s governance process. The internal
audit activity most directly contributes to this process by:
a. Identifying significant exposures to risk
b. Evaluating the effectiveness of the risk management system
c. Evaluating the design of ethics-related activities
d. Promoting continuous improvement of controls

8. Companies in industries that are heavily regulated may be subject to audits by the regulator's
auditors. While not specifically covered in the Three Lines of Defense model, such auditors
would most likely be considered:
a. Part of the third line of defense.
b. Not a line of defense.
c. Part of the first line of defense.
d. Part of the second line of defense.

9. Which of the following best describes the internal audit activity’s purpose in evaluating the
adequacy of risk management, control, and governance processes?
a. To determine whether the risk management, control, and governance processes ensure that
the accounting records are correct and that financial statements are fairly stated.
b. To determine whether the risk management, control, and governance processes provide
reasonable assurance that the organization’s objectives and goals are achieved efficiently
and economically.
c. To ensure that material weaknesses in internal control are corrected.
d. To help determine the nature, timing, and extent of tests necessary to achieve engagement
objectives.

Chapter 4 ( Risk Management – 18%)

1. Which of the following is not an example of a risk-sharing strategy?
a. Hedging against interest rate fluctuations.
b. Buying an insurance policy to protect against adverse weather.
c. Selling a nonstrategic business unit.
d. Outsourcing a noncore, high-risk area
2. Who is responsible for implementing ERM?
a. Management throughout the organization
b. The chief audit executive.
c. The chief financial officer.
d. The chief compliance officer.

3. When internal auditors perform a consulting engagement, what is the best statement of their
responsibility regarding risk?
a. Be alert to the existence of significant risks.
b. Address risk consistent with engagement objectives and be alert to certain other risks. tugas manajer
c. Consider only the risk consistent with engagement objectives.
d. None of the answers are correct

4. Enterprise risk management:

a. Requires establishment of risk and control activities by internal auditors.
b. Involves the identification of events with negative impacts on business objectives.
c. Guarantees achievement of business objectives.
d. Includes selection of best risk response for the organization.

5. The purpose of the internal audit activity’s evaluation of the effectiveness of existing risk
management processes is to determine that
a. The organization’s objectives and goals will be achieved in an accurate and timely manner
and with minimal use of resources
b. The organization’s objectives and goals will be achieved efficiently and economically.
c. Management directs processes so as to provide reasonable assurance of achieving
objectives and goals.
d. Management has planned and designed so as to provide reasonable assurance of achieving
objectives and goals.

6. Which of the following is not a potential value driver for implementing ERM?
a. Financial results will improve in the short run. long run bukan short run
b. There will be better information available to make risk decisions.
c. An organization's risk appetite can be aligned with strategic planning
d. There will be fewer surprises from year to year.

7. When assessing the risk associated with an activity, an internal auditor should:
a. Determine how the risk should best be managed.
b. Provide assurance on the management of the risk.
c. Update the risk management process based on risk exposures.
d. Design controls to mitigate the identified risks.

8. The term “risk” is best defined as the possibility that

 a. Management will, either knowingly or unknowingly, make decisions that increase the
potential liability of the organization
b. An event could occur affecting the achievement of objectives
c. Financial statements or internal records will contain material misstatements
d. An internal auditor will fail to detect a material misstatement that causes financial
statements or internal reports tobe misstated or misleading

9. Risk management is
a. Unrelated to internal control.
b. Synonymous with governance
c. An element of the control environment.
d. A fundamental element of the definition of internal auditing.

Chapter 5 ( Business Process – 10% )

1. Internal auditors often prepare process maps and reference portions of these maps to narrative
descriptions of certain activities. This is an appropriate procedure to:
a. Determine whether the process meets established management objectives
b. Determine the ability of the activities to produce reliable information.
c. Obtain the understanding necessary to test the process.
d. Document that the process meets internal audit standards.

2. What is a business process?

a. A group of interacting, interrelated, or interdependent elements forming a complex whole.
b. How management plans to achieve the organization's objectives.
c. The set of connected activities linked with each other for the purpose of achieving an
objective or goal.
d. A finite endeavor (having specific start and completion dates) undertaken to create a unique
product or service that brings about beneficial change or added value

3. In assessing organizational risk in a manufacturing organization, which of the following would

have the greatest long-range impact on the organization?
a. Advertising budget.
b. Production scheduling.
c. Product quality
d. Inventory policy.

4. How does a control manage a specific risk?

a. It reduces the likelihood of the event giving rise to the risk
b. It reduces either likelihood or impact or both.
c. It reduces the impact of the event giving rise to the risk.
d. It prevents the occurrence of the event
5. All of the following are primary objectives of the overall management process except
a. Identification of risk exposures and use of effective strategies to control them.
b. Improving the effectiveness of risk management, control, and governance processes.
c. Safeguarding of the organization’s assets
d. Compliance with laws, regulations, ethical and business norms, and contracts.

Chapter 6 ( Internal Control – 20% )

1. Who has primary responsibility for the monitoring component of internal control?
a. The organization's independent outside auditor.
b. The organization's board of directors
c. The organization's internal audit function.
d. The organization's management.

2. Which of the following best describes an internal auditor's purpose in reviewing the
organization's existing governance, risk management, and control processes?
a. To ensure that weaknesses in the internal control system are corrected.
b. To determine whether the processes ensure that the accounting records are correct and that
financial statements are fairly stated
c. To help determine the nature, timing, and extent of tests necessary to achieve engagement
objectives.
d. To provide reasonable assurance that the processes will enable the organization's objectives
and goals to be met efficiently and economically.

3. Controls should be designed to provide reasonable assurance that

a. Organizational objectives and goals will be achieved economically and efficiently.
b. The internal audit activity’s guidance and oversight of management’s performance is
accomplished economically and efficiently.
c. Management’s planning, organizing, and directing processes are properly evaluated
d. Management’s plans have not been circumvented by worker collusion.

4. Which of the following best exemplifies a control activity referred to as independent

verification?
a. Separating the physical custody of inventory from inventory accounting
b. Reconciliation of bank accounts by someone who does not handle cash or record cash
transactions.
c. Accounting records and documents that provide a trail of sales and cash receipt
transactions.
d. Identification badges and security codes used to restrict entry to the production facility

5. The requirement that purchases be made from suppliers on an approved vendor list is an
example of a:
 compensating : monitoring :
designed to designed to
supplement key ensure the
controls that are quality of the
(sebelum)
either ineffective or control
a. Detective control. after Preventive controls are actions taken prior cannot fully system's
to the occurrence of transactions with the performance
b. Monitoring control. intent of stopping errors from occurring.
mitigate risks by
themselves to over time.
c. Compensating control. Use of an approved vendor list is a control acceptable levels.
to prevent the use of unacceptable
d. Preventive control. suppliers.

6. Directors, management, external auditors, and internal auditors all play important roles in
creating proper control processes. Senior management is primarily responsible for
a. Establishing and maintaining an organizational culture.
b. Implementing and monitoring controls designed by the board of directors
c. Ensuring that external and internal auditors oversee the administration of the system of risk
management and control processes.
d. Reviewing the reliability and integrity of financial and operational information.

7. An adequate and effective system of internal control provides reasonable assurance that
objectives and goals will be achieved. Controls may be preventive, detective, or directive.
Which of the following is a detective control for the procurement function?
a. The procurement function is organizationally separate from receiving, disbursing, and
accounting.
b. Goods received are counted and compared with quantities on purchase order and receiving
reports.
c. Review and approval of each procurement action is required prior to the final issuance of
a purchase order.
d. Prenumbered standard purchase order forms include all relevant terms required to be used
in all applicable instances

8. What is residual risk?

a. Risk that is under control. c. Impact of risk.
b. Underlying risk in the environment. d. Risk that is not managed.

9. The risk assessment component of internal control involves the:

a. Organization's identification and analysis of the risks that threaten the achievement of its
objectives.
b. Internal audit function's assessment of control deficiencies.
c. Organization's monitoring of financial information for potential material misstatements
d. Independent outside auditor's assessment of residual risk

10. Reasonable assurance, as it pertains to internal control, means that:

a. A well-designed system of internal controls will prevent or detect all errors and fraud.
b. Inherent limitations of internal control preclude a system of internal control from providing
absolute assurance that objectives will be achieved
c. The objectives of internal control vary depending on the method of data processing used.
d. Management cannot override controls, and employees cannot circumvent controls through
collusion.