UNIVERSITY EXAMINATIONS

May/June 2022

AUI3701
The Internal Audit Process: Planning the Engagement

100 marks

Duration: 2 hours

This paper consists of 12 pages.

INSTRUCTIONS:

 Keep the Honesty Declaration in consideration throughout answering this paper

 Ensure you are connected to the internet in order to log into the Invigilator App and scan
this QR code.
 If you encounter difficulty in scanning the QR code, you can alternatively enter the Exam
Access Code below the QR code to start the invigilation.
 Unless otherwise specified by your institution, note that you can only scan this QR code
once. If your assessment has multiple online sections, tests or attempts, you should NOT
finish the invigilation until your entire assessment has been completed.
 Only scan the QR code when the assessment formally commences.
 The QR code is only scannable for a limited time and it should therefore be scanned
as soon as possible to start the invigilation.
 Once the QR code is scanned, ensure your media volume Is turned up and place your
smartphone next to you. The Invigilator App will notify you with a notification beep when you
are required to action a request, which you should then perform.
 We recommend that you keep your smartphone on charge for the duration of the
assessment.
 If you only have one device you may access your assessment in the application by pressing
the ‘Access Exam’ button in the top right corner of your app.
 Keep the Invigilator App open on your cell phone for the full duration of the
assessment. You are not allowed to minimise or leave the app.
 Ensure you are connected to the internet in order to commence the invigilation as well as
at the end of the assessment. No internet connection is required during the assessment.
[TURN OVER]
 CONFIDENTIAL
2 of 12 AUI3701
May/June 2022

 You have to adhere to the assessment time limit communicated to you by your institution
as the time displayed in the Invigilator App could differ from the time allocated to complete
your assessment.
 You can click the "Finish Assessment" button in the app if you finish your assessment early.

 If you are performing a written or Scan-and-Upload assessment:

The Invigilator App may request you to take a picture of every page of your answer sheet
at the end of the assessment. Unless otherwise specified by your institution, this does NOT
replace the normal upload of your script to your institution’s online portal

 After completing invigilation and following all app instructions, you must upload your
Invigilation App data. If however there is a delay in the upload of the app data at the end of
the assessment, you should prioritise the upload of your script to your university portal and
you can temporarily minimise the app to do so. Uploading of app data is not time sensitive
and you can come back and do it after you have successfully uploaded your script to the
exam portal.

 Should you encounter any technical difficulty, please WhatsApp The Invigilator Helpdesk
on 073 505 8273.

[TURN OVER]
 CONFIDENTIAL
3 of 12 AUI3701
May/June 2022

Additional student instructions

1. Students must upload their answer scripts in a single PDF file (answer scripts must not be
password protected or uploaded as “read only” files)
2. NO emailed scripts will be accepted. Please utilise the contingency link provided by your module
lecturer should you be unable after trying to submit on the myExams platform.
3. Students are advised to preview submissions (answer scripts) to ensure legibility and that the
correct answer script file has been uploaded.
4. Students are permitted to resubmit their answer scripts should their initial submission be
unsatisfactory.
5. Incorrect file format and uncollated answer scripts will not be considered.
6. Incorrect answer scripts and/or submissions made on unofficial examinations platforms (including
the invigilator cell phone application) will not be marked and no opportunity will be granted for
resubmission.
7. Mark awarded for incomplete submission will be the student’s final mark. No opportunity for
resubmission will be granted.
8. Mark awarded for illegible scanned submission will be the student’s final mark. No opportunity for
resubmission will be granted.
9. Only the last file uploaded and submitted will be marked.
10. Submissions will only be accepted from registered student accounts.
11. Students who have not utilised the Invigilator App will be deemed to have transgressed Unisa’s
examination rules and will have their marks withheld.
12. Students have 48 hours from the day of their examination to upload their invigilator results from
the Invigilator App. Failure to do so will result in students deemed not have utilised invigilation or
proctoring tools.
13. Students must complete the online declaration of own work when submitting. Students suspected
of dishonest conduct during the examinations will be subjected to disciplinary processes. Students
may not communicate with other students, or request assistance from other students during
examinations. Plagiarism is a violation of academic integrity, and students who do plagiarise or
copy verbatim from published work will be in violation of the Policy on Academic Integrity and the
Student Disciplinary Code and may be referred to disciplinary hearing. Unisa has a zero tolerance
for plagiarism and/or any other forms of academic dishonesty.
14. Students are provided one hour to submit their answer scripts after the official examination time.
Submissions made after the official upload examination time will be rejected as per the
examination regulations and will not be marked.
15. Non-adherence to the processes for uploading examination answers will not qualify the student
for any special concessions or future assessments.
16. Problems which are beyond Unisa’s control include the following:
a. Personal network or service provider issues
b. Load shedding/limited space on personal computer
c. Crashed computer
d. Using a work computer that blocks access to myExams site (work firewall challenges)
e. Unlicensed software (e.g., license expires during exams)

[TURN OVER]
 CONFIDENTIAL
4 of 12 AUI3701
May/June 2022

Students experiencing the above challenges are advised to apply for an aegrotat and together
with the application, submit supporting evidence within ten days of the examination session.
Students will not be able to apply for an aegrotat for a third examination opportunity.

17. Students experiencing technical challenges should contact the SCSC on 080 000 1870 or via e-
mail CASExams@unisa.ac.za or refer to the Get- Help resource for the list of additional contact
numbers. Communication received from your myLife account will be considered.

[TURN OVER]
 CONFIDENTIAL
5 of 12 AUI3701
May/June 2022

Question Main Topic Marks

1 Multiple choice questions 15

2 Enterprise Risk Management 18
3 Weaknesses and controls 30
4 Planning the engagement 25
5 Fraud 12
100
Please note:

Although the primary purpose of the examination is to test your knowledge and application of the subject
matter, your ability to organise and present such knowledge in written language of an acceptable
standard will be taken into consideration by the examiners.

[TURN OVER]
 CONFIDENTIAL
6 of 12 AUI3701
May/June 2022

QUESTION 1 15 marks

1. Accounts payable schedule verification may include the use of analytical information.
Which of the following is considered analytical information?

A Comparing confirmations received from selected creditors with the accounts payable
ledger.
B Examining suppliers’ invoices in support of selected items in the schedule.
C Comparing the schedule with the accounts payable ledger or unpaid voucher file.
D Comparing the accounts payable balance on the schedule with the balances of prior
years.

2. Which of the following risk is higher when an electronic funds transfer (EFT) system is
used?
A Improper change control procedures.
B Insufficient online edit checks.
C Inadequate backups and disaster recovery procedures.
D Unauthorised access and activity.

3. What is the chief advantage of stop-or-go sampling?

A With stop-or-go sampling, the error rate in the population can be projected to within
certain precision limits.
B Stop-or-go sampling may reduce the size of the sample that needs to be taken from
a population, thus reducing sampling costs.
C Stop-or-go sampling allows the sampler to increase the confidence limits of the
analysis without sacrificing precision.
D Stop-or-go sampling allows sampling analysis to be performed on populations that
are not homogeneous.

4. An internal auditor has set an audit objective of determining whether the planned rate of
return on investment in international operations has been achieved. Which of the
following audit procedures will best meet this audit objective?
A Observation.
B Inquiry.
C Inspection of documents.
D Analytical review.

[TURN OVER]
 CONFIDENTIAL
7 of 12 AUI3701
May/June 2022

5. Monetary-unit sampling (MUS) is most useful when the internal auditor …

A is concerned with overstatements.
B cannot cumulatively arrange the population items.
C is testing the accounts payable balance.
D expects to find several material misstatements in the sample.

6. One of the audit objectives for a manufacturing company is to verify that all the rework
done, is reviewed by the production engineer. Which of the following audit procedures
would provide the best evidence for meeting this audit objective?
A Trace a sample of rework orders to entries in the rework log.
B Trace a sample of entries in the rework log to the remedial action taken.
C Trace a sample of rework orders to entries in the review log.
D Trace a sample of entries in the review log to the rework orders.

7. Internal auditors have a responsibility to assist in deterring fraud. Which of the following
best describes how this responsibility is usually met?
A Coordinating with security personnel and law enforcement agencies in the
investigation of possible frauds.
B Assisting in the design of control systems to prevent fraud.
C Evaluating the adequacy and effectiveness of controls in light of the potential
exposure or risk.
D Testing for fraud in every audit and following up, where appropriate.

8. In most programmes, how large is the internal audit activity’s investment in the
organisation’s control risk self-assessment (CRSA) efforts?
i. The internal audit activity sponsors, designs, implements and in effect owns the
process, conducts the training, supplies the facilitators, scribes and reporters; and
orchestrates the participation of management and work teams.
ii. The internal audit activity serves as an interested party and consultant to the
whole process and as ultimate verifier of evaluations produced by the teams.

A i only.
B ii only.
C Never more than ii, and sometimes less.
D Usually somewhere between i and ii.

[TURN OVER]
 CONFIDENTIAL
8 of 12 AUI3701
May/June 2022

9. Which of the following statements about control risk self-assessment (CRSA) is false?
A In its purest form, CRSA integrates business objectives and risks with control
processes.
B CRSA is usually an informal process.
C CRSA is also known as control self-assessment.
D Most implemented CRSA programs share some key features and goals.

10. In preparing a sampling plan for an inventory pricing test, which of the following describes
an advantage of statistical sampling over non-statistical sampling?

A Requires non-quantitative expression of sample results.

B Minimises non-sampling risk.
C Reduces the level of tolerable error.
D Provides a quantitative measure of sampling risk.

QUESTION 2 18 marks
PART A
Internal auditors must be able to identify risk by understanding the risk’s origin/source (internal
or external). According to the IIA Research Foundation, there are various categories of risks
(process risk, management of people/intellectual capital risk, fraud risk, information technology
risk, poor management risk, natural disaster risks, environmental risks and geo-political risks).

REQUIRED MARKS

2.1 Classify the following risks based on its origin and type. (10)

a) Outdated safety gear are used by workers in a chemical plant.

b) The company that has a manufacturing plant in Durban, was badly
affected by the recent floods in KZN.
c) A lack of technical expertise was found during the recent human
resources audit.
d) Unauthorised access from within the organisation to databases
hosting sensitive and confidential big data.
e) Increase in import taxes due to the war in Ukraine.

Your answer should be given in the following table format:

Number Type of Origin (internal or

risk external)
a)

[TURN OVER]
 CONFIDENTIAL
9 of 12 AUI3701
May/June 2022

PART B

You are the chief audit executive (CAE) at Connect Ltd, a telecommunications company. The
chief executive officer (CEO) has requested you to include in the quarterly report for the
upcoming quarterly audit committee meeting, the roles of internal audit in Enterprise Risk
Management (ERM).
The roles in ERM are as follows:
a) Coaching management in responding to risks.
b) Deciding on risk responses.
c) Giving assurance that risks are correctly evaluated.
d) Reviewing the management of key risks.
e) Developing risk management strategy for board approval.
f) Setting the risk appetite.
g) Management assurance on risks.
h) Coordinating ERM activities.

REQUIRED MARKS

2.2 For each of the above roles (a-h), classify whether it is a (8)
 Role that internal audit should not undertake.
 Legitimate internal audit role with safeguards; or
 Core internal audit role regarding ERM.

QUESTION 3 30 marks

You are the internal auditor of Statement Clothing Ltd, an organisation that manufactures
clothing for the fashion industry. A production manager heads the production department and
manages the activities of 20 supervisors and 500 workers. Wages are paid every Friday, based
on hours worked during the previous calendar week.

New workers are appointed by the supervisors. On Monday mornings the supervisors hand out
blank clock cards to their workers. The workers write their names and personnel numbers on
the clock card and keep the cards to record their hours worked for the week. The clock machine
is situated at the entrance of the factory and the workers clock in and out at the entrance to the
factory by placing their cards into the clock machine.

On Monday mornings, the workers hand in their previous week’s clock cards to the supervisor
after receiving a new blank card for the week ahead. The supervisor signs all the previous
week’s clock cards and submits them to a wages clerk. The clock cards are sorted
alphabetically (according to the employee’s surname) and distributed between four wage
clerks. Each wage clerk always receives the clock cards of employees from the same part of
the alphabet for which he/she is responsible to capture the hours worked.

[TURN OVER]
 CONFIDENTIAL
10 of 12 AUI3701
May/June 2022

Each wage clerk then performs the following actions:

1. Calculates the total number of hours worked per clock card and writes it down on the
clock card.
2. Captures the hours worked in the electronic wages system per personnel number.

The electronic wages system then calculates each worker’s gross wages, deductions and net
wages by using the wage ratios and deductions contained in the personnel files on the
database. The system generates a weekly wage report which is then filed by the wage clerk at
the wages department.

One of the wages clerks verbally tells the accountant the amount of cash required for the week’s
wages. The accountant prepares a cash cheque for that amount and the wages clerk goes to
the bank to draw the money (cash the cheque).

The electronic wages system prepares wage envelopes for those workers who must be paid by
printing the worker’s name and personnel number on the envelope. Each wage clerk then fills
the wage envelopes with the amount as per the wage report, for the workers allocated to them
(based on the portion of the alphabet for which they are responsible for).

The wages envelopes are then sealed and handed over to the supervisors on Friday afternoons
for wage pay-outs. Each supervisor pays wages to the workers reporting to him/her. Unclaimed
wages are returned to the wage clerks.
(Adapted from Performing Internal Audit Engagements)

REQUIRED MARKS

Identify ten (10) weaknesses in the above wages system and propose controls (30)
to address each weakness.
Structure your answer as follows:

Weakness (1½ marks each) Recommended control (1½

marks each)

Please note: You must use the proper wording of a weakness in explaining
your weakness. Half marks per weakness will be deducted if proper wording is
not used.

QUESTION 4 25 marks

Thabang Sello is an audit manager working at Connect Ltd and has been assigned to the
assurance engagement of the human resources department. The audit team is currently busy
with the planning stage of the engagement, with the following activities/procedures having been
performed:
[TURN OVER]
 CONFIDENTIAL
11 of 12 AUI3701
May/June 2022

a) The auditor identified “termination of employees” as an area of high risk that needs
specific attention.
b) Requested the assistance of an external consultant (Labour Lawyer) as part of the
internal audit team for reviewing the employment contracts.
c) Obtained background information to become familiar with the functions/duties, risks and
controls relating to the human resources department.
d) An entrance conference was held with the human resources manager, where the
timelines of the audit and the proposed audit scope were discussed.
e) The auditor performed a walk-through test of an employee starting from when the
vacancy was advertised up to when the new employee was added to the payroll.
f) Compiled the audit procedures to be performed for the audit engagement.
g) Determined the number of auditors’’ laptops that need to be installed with the CAATTs
audit software for statistical sampling purposes.
h) The auditor obtained details of the tasks that are performed in the human resources
department and the extent of each task.

REQUIRED MARKS

4.1 List the steps in the planning phase of an assurance engagement and (17)
provide the IIA Standard relating to that planning step.

Your answer should be in the following table format:

Step in planning phase IIA Standard

(Only the IIA Standard number and

heading is required, e.g. 2000 –
Managing the Internal Audit Activity)
1 mark each 1 mark each

4.2 For each of the activities above (a-h), identify the step within the planning (8)
stage that was performed.

[TURN OVER]
 CONFIDENTIAL
12 of 12 AUI3701
May/June 2022

QUESTION 5 12 marks

Each of the items (1-8) listed under column A contains the first parts of eight sentences. Each
of the items (A-H) listed under column B contains the second part of a sentence. When the part
under column A is correctly combined with the part in column B, a complete and correct
sentence is formed.

Column A Column B
1. Alterations on supporting documents is A. management fraud.
an example of …
2. A powerful tool to disrupt computer B. intention of the (perpetrator)
services and gain unauthorised access
to IT systems and networks, is an
example of which IT fraud.
3. Embezzlement of cash sales by a C. true
cashier would be classified as …
4. Corruption differs from fraud in that it D. management override.
usually …
5. The element or defining feature which E. fraud indicators.
distinguishes fraud from error, is …
6. Intentionally using an inappropriate F. false
policy for revenue recognition to inflate
profits is an example of …
7. To state that the internal auditor has a G. hacking
responsibility to prevent fraud is ….
8. Authorising a journal entry designed to H. misappropriation of assets and
manipulate an account balance is a form employee fraud.
of …
I. viruses
J. does not leave any evidence or audit
trail in the accounting records of the
organisation.
(Some were adapted from Graded Questions on Auditing 2019)

REQUIRED MARKS

Match the terms in column A with their corresponding parts in column B. Your (12)
answer should be in the following format, for example - 1. B

©
Unisa 2022