Principles of Auditing & Other Assurance Services, 2024 23e
By Ray Whittington (Solutions Manual All Chapters, 100%
Original Verified, A+ Grade) All Chapters Solutions Manual
Supplement files download link at the end of this file.
All Chapters Are Arranged Reverse From 21-1
CHAPTER 21
Internal, Operational and
Compliance Auditing
Review Questions
21-1 Internal auditing may be defined as an independent, objective assurance and consulting activity
designed to add value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes. AICPA
and PCAOB auditing standards state that one aspect of an organization's control environment is
management's control methods for monitoring and following up on performance, including internal
auditing.
21-2 The scope of internal auditing has evolved from a primary concern with financial controls to a scope
that includes:
(4) Reviewing and evaluating all types of internal controls,
(5) Evaluating the organization’s risk assessment processes,
(6) Making recommendations regarding the organization’s system of governance, and
(7) Performing other assurance and consulting services for the benefit of management.
21-3 Internal auditing has evolved to meet the needs of business, government, and nonprofit organizations.
Initially, internal auditors supplemented the work of the independent auditors by helping to ensure the
accuracy of the organization's financial information. However, as organizations became more
complex, operational controls became more important, and the scope of the internal auditors' work
expanded to include evaluating and testing financial and operational controls.
The enactment of the Foreign Corrupt Practices Act also expanded the demand for internal
auditing activities. The accounting provisions of the act require public companies to establish and
maintain effective internal accounting controls. An internal auditing function helps to ensure that a
company complies with these provisions.
The Report of the National Commission on Fraudulent Financial Reporting included a
recommendation that public companies establish and maintain an internal auditing function staffed
with appropriately qualified personnel and fully supported by top management.
Solutions Manual, Chapter 21, Page 1 of 14
© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN
CONSENT OF MCGRAW HILL LLC.
, Finally, the Sarbanes-Oxley Act of 2002 prohibits auditors from performing internal audit
services for public-company audit clients. This has increased the demand for internal auditors.
21-4 In addition to knowledge and skills about accounting and auditing, modern internal auditing requires
knowledge in such disciplines as economics, law, finance, statistics, computer processing,
engineering, and taxation.
21-5 This statement is false. The scope of the work of independent auditors is generally confined to the
audit of the organization's financial statements and, possibly, performing other attestation services
such as examining internal controls over financial reporting. Therefore, independent auditors are
primarily concerned with only those controls that affect the reliability of the organization's financial
statements. The work of the internal auditors encompasses evaluation of all financial, compliance,
and operating policies and procedures. Many progressive internal auditing departments also perform
operational audits for the organization to evaluate the efficiency and effectiveness of various
operating units, and a broad range of other assurance and consulting services for management.
21-6 The external auditors' objectives are to perform an audit of the organization's financial statements and
to express an opinion on those statements. In auditing the financial statements, the external auditors
will consider those controls that affect the reliability of the financial information included in the
financial statements. For a public company, they may also be engaged to examine the management’s
assertion about the reliability of internal controls over financial reporting. Internal auditors are
concerned with all controls, regardless of whether they are financial, compliance, or operational.
They appraise the effectiveness and efficiency of the operating segments throughout the organization.
21-7 The eleven general categories of the IIA's Standards for the Professional Practice of Internal
Auditing include:
(1) Purpose, Authority, and Responsibility
(2) Independence and Objectivity
(3) Proficiency and Due Professional Care
(4) Quality Assurance and Improvement Program
(5) Managing the Internal Audit Activity
(6) Nature of Work
(7) Engagement Planning
(8) Performing the Engagement
(9) Communicating Results
(10) Monitoring Progress
(11) Communicating the Acceptance of Risks
21-8 The statement is false. Since internal auditors are employees of the organization, they cannot be
independent of the organization itself. However, when the organizational status of the director of
internal auditing is appropriate, and individual internal auditors are assigned to audit activities with
which they have no conflicts of interest, the internal auditors can certainly be independent of the
activities that they audit.
Solutions Manual, Chapter 21, Page 2 of 14
© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN
CONSENT OF MCGRAW HILL LLC.
,21-9 When the internal auditing department has sufficient organizational status, its director reports to a
level of management that would not inappropriately influence the scope of the internal auditors' work
or their reported findings. In addition, the internal auditors' recommendations are more likely to be
considered and implemented in such circumstances. This level of reporting is ideally the audit
committee of the board of directors.
21-10 The following are the significant factors that are important to the management of an internal audit
department:
(1) Developing risk-based audit plans, consistent with organizational goals.
(2) Communication of audit plans to senior management and the board for review and approval.
(3) Ensuring that the internal audit resources are appropriate, sufficient, and effectively deployed
to achieve the approved plan.
(4) Establishing policies and procedures to guide the internal audit activity.
(5) Sharing information and coordinating internal audit efforts with the efforts of other assurance
providers and consultants.
(6) Periodic reporting to the board or senior management on the internal audit activity’s purpose,
authority, responsibility, and performance relative to its plan.
21-11 The requirements for becoming an Certified Internal Auditor include: (1) having a baccalaureate
degree from an accredited college, (2) successful completion of a three-part examination, and (3)
obtaining at least two years of work experience in internal auditing or its equivalent (one year with a
master’s degree). Once internal auditors become certified, they must meet requirements for
continuing professional education.
21-12 In a financial statement audit, the auditors obtain sufficient competent evidential matter to express an
opinion on the organization's financial position, results of operations, and cash flows. Operational
audits focus on the efficiency, effectiveness, and economy of an organization or of a segment of the
organization.
21-13 The purposes of an operational audit are to provide:
(1) Top management with assurances that every component of the organization is working to
attain the organization's goals, or
(2) Regulators and Congress with assurances that governmental programs are meeting their
objectives in an efficient and effective manner.
21-14 Yes. A discussion of findings with operating personnel ensures that the internal auditors have an
accurate and complete understanding of the situation. Also, affected management may consider the
findings and take immediate action on the problems disclosed.
21-15 CPAs may perform agreed upon procedures related to (1) management's assertion about compliance
with specified requirements or (2) management's assertion about the effectiveness of an entity's
internal control over compliance.
21-16 The statement is incorrect. The objective of such engagements is to present specific findings to assist
users in evaluating management's assertion about an entity's compliance with a law or regulation.
The report issued provides a summary of findings, not negative assurance.
Solutions Manual, Chapter 21, Page 3 of 14
© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN
CONSENT OF MCGRAW HILL LLC.
, 21-17 A broker-dealer is a person or firm in the business of buying and selling securities. Such a firm
operates as a broker when it processes orders on behalf of clients, and as a dealer when it trades for its
own account.
21-18 Tests of compliance with laws and regulations are designed to determine whether assertions by
management are materially misstated because of violations of laws and regulations. They are
substantive tests usually accomplished by examining supporting documents.
21-19 In an audit in accordance with AICPA generally accepted auditing standards, the auditors have a
responsibility to design the audit to provide reasonable assurance of detecting material misstatements
resulting from violations of laws and regulations that have a direct effect on line-item amounts in the
financial statements. An example of a direct-effect illegal act is the violation of an income tax law
that affects the amount of the organization's income tax liability. Another example is a violation of
the provisions of a government program relating to the use of funds which could result in a material
liability.
21-20 A governmental organization may obtain any of the following types of audits:
(1) An audit of its financial statements in accordance with AICPA generally accepted auditing
standards.
(2) An audit in accordance with Government Auditing Standards.
(3) An audit conducted in accordance with the Single Audit Act.
21-21 The additional documentation requirements of Government Auditing Standards include:
(1) Before the report is issued, evidence of supervisory review of the work performed that
supports findings, conclusions, and recommendations contained in the audit report, and
(2) Any departures from Generally Accepted Government Auditing Standards and the impact on
the audit or the auditors’ conclusions.
21-22 The ethical principles set forth in Government Auditing Standards include:
(1) The public interest—Observing integrity, objectivity, and independence in performing
professional services assists the auditors in serving the public interest;
(2) Integrity—Public confidence in government is maintained by auditors’ performing
professional services with integrity;
(3) Objectivity—Objectivity includes being independent in fact and appearance when providing
audit and attest services, maintaining an attitude of impartiality, being intellectually honest,
and being free from conflicts of interest;
(4) Proper use of government information, resources, and position—These items should be used
for official purposes and not for the auditors’ personal gain or otherwise inappropriately; and
(5) Professional behavior—Auditors should comply with laws and regulations and avoid any
conduct that might bring discredit to the auditors’ work.
21-23 This statement is not correct. In an audit in accordance with Government Auditing Standards, the
auditors are required to perform the same procedures as required for an audit in accordance with
AICPA generally accepted auditing standards. The auditors must test compliance with those laws and
regulations that have a direct and material effect on the amounts in the organization's financial
statements. In addition, Government Auditing Standards clarify that this includes provisions of
contracts and grants. An audit in accordance with Government Auditing Standards also involves some
additional communication requirements and issuing additional reports on internal control and on
compliance with laws and regulations.
Solutions Manual, Chapter 21, Page 4 of 14
© MCGRAW HILL LLC. ALL RIGHTS RESERVED. NO REPRODUCTION OR DISTRIBUTION WITHOUT THE PRIOR WRITTEN
CONSENT OF MCGRAW HILL LLC.
