2013-2014 Page 1 of 3

Core Markers Comment Sheet Course Name: Internal Auditing and Controls (MU1) Assignment: 3 Modules: 1 to 6 General Comments Core Markers Comments are not full solution sets to the questions. Rather, they are intended to provide students with guidance in responding to each of the assignment questions by providing direction as to where the questions responses can be found within the readings/textbook (i.e., topic location); clarification/direction on complex readings; layout and format suggestions; and from time to time, segments of the solution sets. If you have any comments or suggestions for improvements of these markers comment sheets, please forward them to your marker or CGA-BC. Your feedback is important to us. Module 5 covered the main aspects of the examination phase of the internal audit. The module addressed how the auditor organizes and carries out the work needed to obtain sufficient, appropriate evidence to assess the quality of management systems and practices in the areas selected for audit. The module also introduced generalized audit software packages such as ACL. In this assignment, you were provided with the opportunity to assess evidence using ACL. Module 6 began by demonstrating the importance of interviewing skills in auditing and provided a seven step framework for more effective interviewing. The module also considered the importance and contents of the internal audit report and the follow-up or monitoring of managements implementation of internal audit recommendations. Question 1 (20 marks) 1. The correct answer is d. Preparing audit programs is part of the planning phase of the internal

audit engagement. 2. The correct answer is b. The auditor should interpret the general policy considering the

circumstances of the area being audited, and considering senior managements expectations. 3. The correct answer is d. Determining audit criteria is part of the planning stage of the

engagement but not part of the interview process. 4. The correct answer is c. Weak controls provide opportunity and may be evidence of a corporate

culture that condones fraud (rationalization). The three sides of the fraud triangle are opportunity, motivation, and rationalization.

5. The correct answer is d. If sales increase and cash flow from operations decrease, it could

indicate overstatement of sales. Fictitious sales do not produce a cash inflow. Sales could increase as a result of pricing incentives which reduce margins. If sales increase, we would expect both receivables and payables to increase.

2013-2014 Page 2 of 3

6. The correct answer is c. The recommendation should address the cause of the deficiency. 7. The correct answer is c. Emphasizing solutions rather than problems creates constructive audit

reports. 8. The correct answer is c. Senior management generally has the responsibility and authority to

decide the amount of risk that the organization is prepared to accept. (Only if the chief audit executive believes that the risk accepted by senior management is too high would the matter be raised with the board of directors.) .

9. The correct answer is d. A primary objective of internal audit reporting is to express an opinion

on the adequacy of risk management, governance and control within the organization. 10. The correct answer is b. The internal auditor must have sufficient knowledge of fraud to be able

to identify indicators that fraud might have occurred and take the necessary steps to conduct an investigation.

Question 2 (28 marks) This question is typical of questions which frequently appear on the course examination in which the student is presented with the output from a generalized audit software program and asked to reach preliminary conclusions, suggest further analysis and recommend improvements to controls. Students should be aware that not all points are required to get full marks for questions of this type. a) Preliminary conclusions:

The points that might have been made include noting that four credit cards were used twice during the period; one was used on two different days, one was used twice in the same day but at different times, and two were used twice within a one-minute period on the same day and at a time when only one clerk was on duty in the store. In both these cases, the second transaction was for a round sum. These two were also included in the declined transaction file.

b) Additional analysis: The additional procedures proposed may have included determining which employees processed the unusual transactions and in which stores they occurred, determining the nature of the transactions and whether they were errors, and determining whether the transaction receipts were signed by the customers.

c) Recommendations: Recommendations for additional controls or procedures might include clear procedures for addressing errors, controls to ensure all transactions are authorized, requiring identification from customers using credit cards, installing surveillance cameras, more frequent review of reports, etc.

Question 3 (25 marks) This question is based on material found in Topics 5.9 and 5-10. The definition of fraud is found in the Glossary to the IIA Standards (at the end of Reading 2-1). The responsibilities of management and the internal auditors are covered in the module notes and readings.

2013-2014 Page 3 of 3

Your answer should have included the steps in the investigation of fraud as set out in Topic 5-10 and Reading 5-9. These should, to the extent possible, be illustrated with examples from SERI. The final part of your answer required you to suggest a fraud policy for SERI. Some of the elements which you might have included are listed below. (Marks were awarded for any reasonable element suggested.)

a statement forbidding illegal activity, including fraud for the benefit of the organization a definition of responsibility (usually internal audit or internal security) for conducting

investigations a statement requiring employees who suspect wrongdoing to notify immediately their

superior or those responsible for fraud investigation a statement that suspected wrongdoing will be fully investigated a statement that suspects and wrongdoers will be treated consistently, regardless of

position or length of service The answer could have been presented in the form of a table within a properly prepared memo. Question 4 (27 marks) This question is based on material found in Topics 6.2 and 6.3. Your solution should have begun with the objectives of audit reporting set out in Topic 6.2. The guidelines for reporting are given in Practice Advisory 2410-1 (Reading 6-1) and in Topic 6.3 of your module notes. Your answer should also have addressed each of the specific concerns raised by the CEO. The concern should be identified, the related requirements referenced, and an action plan set out to improve performance in each area of concern. An example follows:

Timeliness: The guidelines (i.e., that reports should be issued as soon as possible after completion of the engagement) are clear, but students may note the need for thoroughness and also the lack of resources, which make it difficult to get the reports out quickly. One solution may be to issue draft reports, but a better one would be to commit to a new and better timeliness target. (Maybe the CEO can be persuaded to provide more administrative support.) The late release of audit reports probably contributes to the weaknesses that have already been addressed by the time the report is issued. In future, credit will be given to managers who have taken corrective action before the report is issued.

As usual, up to 3 marks were awarded for the format, clarity, logic, impact and persuasiveness of your presentation.

Core Markers Comment Sheet