Time: 4 Hours
Question 1 Select the best answer for each of the following unrelated items. Answer each of these items in your examination booklet by giving the number of your choice. For example, if the best answer for item (a) is (1), write (a)(1) in your examination booklet. If more than one answer is given for an item, that item will not be marked. Incorrect answers will be marked as zero. Marks will not be awarded for explanations. Note: 11/2 marks each
Which of the following best describes the “expectation gap”? 1) The difference between management’s estimation of materiality and the auditor’s calculation of materiality 2) The difference between the public’s perception of the goals of standard-setting accounting and assurance bodies and their actual role 3) The difference between what current professional standards require and the public’s perception of auditors’ performance 4) The difference between the public’s perception of the level of assurance offered by audits and the actual level of assurance provided
b. Which of the following actions is most likely to violate the CGA-Canada Code of Ethical Principles and Rules of Conduct? 1) Designing and implementing an information system for a public company that is not an audit client 2) Providing accounting and bookkeeping services to a private company that is an audit client 3) Providing internal audit services to a public company that is an audit client, with pre-approval from the audit committee 4) Recommending a tax shelter to a client that is a public company, with pre-approval from the audit committee c. Which of the following is a category of general computer controls? 1) 2) 3) 4) Systems privacy and security controls Maintenance, management, and privacy controls Systems acquisition, development, and maintenance Operations, security, and information systems support
EAU2M12 ©CGA-Canada, 2012 Page 1 of 10
d. Which of the following statements describes an internal audit group that would be most appropriate for assisting external auditors? 1) The internal audit group reports to the CFO, has good working knowledge of the information technology supporting the business as a whole, prepares regular documentation, and performs testing of internal controls relevant to an audit. 2) The internal audit group reports to the audit committee, has effective quality control and review processes, and provides recommendations, but does not always document controls that are built into a client’s information system. 3) Members of the independent internal audit group use relevant software to perform effective work while maintaining a good understanding of the business technology, and test and document key controls by assertion using computer-assisted techniques. 4) Members of the well-trained IT internal audit group maintain up-to-date documentation related to the key controls, test them on a regular basis, and report to the compliance director who, in turn, reports to the CEO. e. Which of the following access controls is most likely to be classified as a part of the “control environment” element of internal control, in accordance with the Committee of Sponsoring Organizations (COSO) framework? 1) Documented risk assessment identifies access control risks, potential controls to mitigate the risks, and costs associated with the controls. 2) Written information systems policy states that only authorized individuals are to have access to data and programs on a need-to-know basis. 3) Supervisors and managers provide written approval for all new employees and for changes to employees’ job functions, stating the access rights that should be assigned to those individuals. 4) Automated logging systems track access to individual user accounts and provide exception reports of unusual access activity in real-time. f. Which of the following is not likely to be considered an advantage of...