CONFIDENTIAL TEST1/AUD679/DEC2020

FAKULTI PERAKAUNAN
UNIVERSITI TEKNOLOGI MARA
TEST

COURSE : INTERNAL AUDITING

COURSE CODE : AUD 679
DATE : DECEMBER 2020
TIME : 2 HOURS

INSTRUCTIONS TO CANDIDATES

1. This question paper consists of 3 questions.

2. Answer ALL questions.

3. Please write your name in every page of your papers.

4. You are required to turn in your answer in the Google Classroom within the stipulated time.

5. You are not allowed to discuss and also not allowed to refer to any notes or books during the
examination.

DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO

This examination paper consists of 2 printed pages

1
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
 CONFIDENTIAL TEST1/AUD679/DEC2020

SUGGESTED SOLUTIONS

Question 1:

At times, Internal Auditors may be perceived as redundant in comparisons to External Auditors. However,
their functions are actually different in several aspects.

a) Explain briefly FIVE (5) differences between Internal Auditors and External Auditors. (page 6) (10
marks)

Internal Auditor External Auditor

Reporting Reports to the board of Reports to the shareholders

Responsibility directors or audit of the company. (✓)
committee. (✓)

Responsibility Is directly involved with Is incidentally concerned

towards fraud the prevention and with the prevention and
detection of fraud in any detection of fraud in general,
form or extent in any but is directly concerned
activity reviewed.(✓) when financial statements
may be materially
affected.(✓)

Independent Is independent of the Is independent of

status activities audited, but is management and the board
ready to respond to the of directors both in fact and
needs and desires of all mental attitude.(✓)
elements of
management.(✓)

Timing and Reviews activities Reviews records supporting

frequency of continually by focusing on financial statements
audit future events. (✓) periodically (usually once a
year) and focuses on the
accuracy and
understandability of historical
events as expressed in
financial statements.(✓)

2
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
 CONFIDENTIAL TEST1/AUD679/DEC2020
Professional Not necessary, but may Compulsory to be a member
qualification acquire Certified Internal of Malaysian Institute of
Auditor (CIA).(✓) Accountants and be granted
audit license by the Ministry
of Finance before can be
recognized as Chartered
Accountant.(✓)

b) Identify the roles and responsibilities of an Internal Auditor to ensure the effectiveness of control and
governance processes in an organization. (page 5) (4 marks)

Control (Any 2 answers)

- Assess the effectiveness of the organization’s control internal control system, including the
adequacy of control model or design. (✓)
- Monitor management’s compliance with the organization’s code of conduct and ethical policies.
- Review corporate policies relating compliance with laws and regulations, conflict of interests. (✓)
- Analyze the controls for critical accounting and management functions.
- Provide feedback and reporting on control deficiencies.
Governance (Any 2 answers)
- Advise on the adequacy and appropriateness of the composition of the board of directors. (✓)

- Assess the effectiveness of the board of directors in discharging their duties. (✓)
- Ensure that internal audit charter, role and activities are clearly understood and responsive to the
needs of the audit committee and the boar of directors.
- Help keep the board informed on any matters related to the company’s interest.

c) Explain briefly the types of the following audits: (page 8)

i) Operational Audit
- Assessment of methods of operations and evaluation(✓) on how to improve performance of an
area, department or functional operation. This process assesses the adequacy, efficiency and
effectiveness of control procedures to meet the objectives of organizations. (✓)

ii) Compliance Audit

- Assessment of an organization’s adherence to applicable rules and laws (✓) that may originate
internally or externally. The audit process may assess the extent of compliance with internal
policies, regulatory rules an requirements and applicable laws. (✓)

3
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
 CONFIDENTIAL TEST1/AUD679/DEC2020
iii) Forensic Audit
- An in-depth investigation into any irregularities such as reported fraud or allegations. (✓) Its scope
is in the area specified to determine modus operandi and collection of evidence to support the
case that would eventually lead to legal consequences. (✓)
(6 marks)
Question 2:

a) List FOUR (4) roles of an Audit Committee in Corporate Governance. (page 37) (4 marks)
- Reviewing corporate policies relating to compliance with laws and regulations, ethics, conflict of
interest and the investigation of misconduct and fraud. (✓)
- Reviewing current/pending litigation or regulatory proceedings bearing on corporate governance
in which the corporation is a party. (✓)

- Reviewing significant cases of employee conflict of interest, misconduct or fraud. (✓)

- Requiring the internal auditor to report in writing annually the scope of the reviews of corporate
governance and any significant findings. (✓)

b) Discuss briefly FIVE (5) roles of Internal Auditor in assisting the Board in Corporate Governance.
(10 marks)
- An objective evaluation of the existing risk and internal control framework. (✓)

- Systematic analysis of business processes and associated controls. (✓)

- Reviews of the existence and value of the assets. (✓)

- A source of information on major frauds and irregularities. (✓)

- Reviews of the compliance framework and specific compliance issues. (✓)

c) Explain briefly THREE (3) roles played by the Board in corporate governance. (Page 36) (6 marks)
- Assessing the scope and effectiveness of the systems established by management to identify,
assess, manage and monitor the various risks arising from the organization’s activities. (✓)
- Ensuring senior management establishes and maintains adequate and effective internal controls.
(✓)
- Satisfying itself that appropriate controls are in place for monitoring compliance with laws,
regulations, supervisory requirements and relevant internal policies. (✓)
- Monitoring and reviewing the effectiveness of the internal audit function.
- Approving the appointment or dismissal of the head of internal audit.
Question 3:

a) Describe the elements of Risk Management Process. (page 45) (8 marks)

 Communicate and Consult(✓)

4
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
 CONFIDENTIAL TEST1/AUD679/DEC2020
• To have common understanding between the management and stakeholders (both internal

and external) on the basis to which decisions and actions are made. (✓)

 Establish the Context (✓)

• To determine the parameters against which risks will be managed.

• The context includes the purpose of the risk management and the internal and external
environment affecting the organization. (✓)

 Identify Risks(✓)

• To identify the events that could prevent or delay the achievement of objectives. (✓)

 Analyze Risks(✓)

• To evaluate the likelihood and impact of the identified risks. (✓)

• To determine the effectiveness of existing control and the range of potential effect for any
deficiency.

 Evaluate Risks(✓)

• To compare estimated level of risk against the pre-established criteria. (✓)

• To balance between potential benefits and adverse outcomes. (✓)

• Enable decisions to be made about the extent and nature of responses required and the
priorities to be placed on each response.

 Treat Risk(✓)

• To develop and implement specific cost-effective strategies. (✓)

• To develop and implement action plans to increase potential benefits and reduce potential
losses.

 Monitor and Review(✓)

• Important for continuous improvement. (✓)

• The organization should critically review and assess existing risk management process
before developing any plan. The review should take into consideration:

-The conditions of existing business culture and systems. (✓)

-The integration and consistency of risk management across different types of risks.
5
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
 CONFIDENTIAL TEST1/AUD679/DEC2020
-The possible modification or extension of current practices and policies.

-The legislative or compliance requirements.

-The resource constraints

b) List FOUR (4) roles of Internal Auditor in Risk Management. (page 47)

-Giving assurance on risk management process. (✓)

-Giving assurance that risks are correctly evaluated. (✓)

-Evaluating the reporting of key risks. (✓)

-Reviewing the management of key risks. (✓) (4 marks)

c) Explain briefly the responsibilities of FOUR (4) parties involved within the organization to ensure the
effectiveness of Enterprise Risk Management (ERM). (8 marks)
 Board of Directors (✓)
- Knowing the extent to which management has established effective ERM in an organization.
- Being aware of the organization’s risk appetite. (✓)

 Management(✓)
• Chief Executive Officer and Senior Managers
− To ensure that a positive internal environment exists, by setting the tone at the top. (✓)
− To influence the composition and conduct of the board.
− To provide leadership and direction to senior managers.
− To monitor the overall risk activities in relation to risk appetite.

 Internal Auditors(✓)

- Recommend improvements on ERM based on their evaluations, (✓) that includes evaluating the
reliability of reporting, effectiveness and efficiency of operations, and compliance with laws and
regulations.
 Risk officers(✓)

- Establishing risk management policies(✓)

- Framing authority and accountability
- Promoting competency in risk

(TOTAL: 60 MARKS)

END OF QUESTION PAPER

6
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL