Nonsampling risk refers to the risk that the auditor reaches an incorrect conclusion due to errors not related to the sample itself but to other factors such as misinterpretation of data, incorrect application of procedures, or human error. * IIA Practice Advisory 2320-3: * This advisory explains that nonsampling risk occurs when an auditor misinterprets results or applies the wrong audit procedure. It differs from sampling risk, which is the risk that a sample is not representative of the population. * Misinterpretation of Sampling Results: * In this case, the senior IT auditor misinterprets the sampling results during the audit of inventory valuation. This is a classic example of nonsampling risk, where the error is due to the auditor's misunderstanding or misapplication of the data, rather than an issue with the sampling process itself. * IIA Standard 2320 - Analysis and Evaluation: * This standard requires that auditors apply sufficient care and skill in analyzing and interpreting audit evidence. Nonsampling risk can occur if this standard is not met, resulting in incorrect conclusions. * Option A (Sampling risk): This refers to the risk that the sample does not accurately represent the population, which is not the issue here. * Option B (Control risk): This refers to the risk that a control will fail to prevent or detect errors or fraud, unrelated to this situation. * Option D (Residual risk): This refers to the risk that remains after controls are implemented, also unrelated to this scenario. Detailed Explanation:Why Not Other Options?Conclusion: Option C is correct as it accurately describes the situation where the auditor misinterprets the sampling results, which is a form of nonsampling risk, according to IIA guidance.
Question 262
下列哪一項最可能促使首席審計執行官向同一管理層發出特別通知?
Correct Answer: B
A material impact on the accuracy of the prior year's financial statements due to the inaccurate operation of controls is a significant issue that would likely prompt special notification from the chief audit executive (CAE) to senior management. This is because such an issue can have substantial implications for the organization's financial reporting, stakeholder trust, and compliance with regulatory requirements. Immediate notification ensures that senior management can take timely corrective action to address and remediate the issue. References: * The Institute of Internal Auditors (IIA) Standards * Internal Audit Guidelines on Material Misstatements and Communication
Question 263
下列哪一項敘述最能解釋為何內部稽核師應該關注組織的留存收益?
Correct Answer: C
Comprehensive and Detailed Explanation From Exact Extract: Retained earnings represent the cumulative profits reinvested in the organization rather than distributed as dividends. They reflect the organization's ability to generate resources internally, supporting working capital, expansion, and long-term sustainability. * Option A is incorrect: retained earnings are not the same as dividends. * Option B is incorrect: retained earnings are not equal to excess cash. * Option D is incorrect: rating agencies use broader financial measures, not retained earnings alone. Thus, the best explanation is Option C: retained earnings show that the organization has been able to generate and reinvest resources from its own operations.
A quality assurance and improvement program (QAIP) established by the chief audit executive (CAE) should ensure that the internal audit activity (IAA) adheres to the International Standards for the Professional Practice of Internal Auditing (Standards) and the IIA Code of Ethics. It should also aim to add value and improve the organization's operations. This comprehensive approach ensures that the internal audit function is not only compliant but also effective in enhancing the overall governance, risk management, and control processes within the organization. : IIA Standard 1300: Quality Assurance and Improvement Program. IIA Standard 1320: Reporting on the Quality Assurance and Improvement Program.
Outsourcing the whistleblowing process is acceptable if proper controls are established to maintain confidentiality and effectiveness. IIA Standard 2600 requires auditors to monitor the implementation of recommendations and assess changes. Reviewing the third-party agreement ensures compliance with the original recommendation's intent. Insisting on an internal process (Option A) or escalating the issue (Option C) may not be necessary if outsourcing meets objectives. Taking no action (Option D) overlooks the auditor's responsibility for follow-up.
