IIA Part 1 - Code of Ethics, IPPF

Question 1

A large sales organization maintains a system of internal control according to the COSO model and has updated its code of conduct. This change relates to which component of the COSO framework?
You Options:
A Control activities.
B Information and communication.
C Commitment.
D Control environment.

Answer 1

d

Question 2

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

A An independent third party has assessed the organization’s system of internal controls to be adequate and effective.
B The chief audit executive reports both functionally and administratively to the CEO.
C The internal audit charter is drafted properly and approved by the appropriate parties.
D The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Answer 2

b

Question 3

Which of the following is an example of a risk avoidance strategy?

You Options:
A Hedging against exchange rate variations.
B Limiting access to an organization’s data center.
C Selling a nonstrategic business unit.
D Outsourcing a high-risk activity.

Answer 3

c

Question 4

Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?

1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The internal audit activity must assess whether the IT governance of the organization supports the organization’s strategies and objectives.
3. The internal audit activity may assess whether the IT governance of the organization supports the organization’s strategies and objectives.
4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.

You Options:
A 1 only.
B 4 only.
C 2 and 4.
D 3 and 4.

Answer 4

a

Question 5

Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?

You Options:
A Usage of IT system policy.
B Risk management framework.
C Acceptance of gifts policy.
D Personal responsibility policy.

Answer 5

c

Question 6

Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization’s control framework?

1. Appropriate levels of authority and responsibility.
2. Supervision of staff and appropriate review of work.
3. The seniority of management in the organization.
4. The ability to trace each transaction to an accountable and responsible individual.

You Options:
A 1,2, and 3.
B 1.2, and 4.
C 1.3, and 4.
D 2, 3, and 4.

Answer 6

d

Question 7

With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

You Options:
A Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization’s risk appetite.
B Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.
C Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.
D Assess whether governance activities are aligned with the organization’s risk appetite and take into consideration emerging risks.

Answer 7

d

Question 8

As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?

You Options:
A Organizational independence.
B Professional objectivity.
C Due professional care.
D Individual proficiency.

Answer 8

b

Question 9

The manager for an organization’s accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

You Options:
A An operations audit of the accounts payable department.
B A consulting engagement related to a new accounts payable optimization initiative.
C A review of the employees’ sports club finances, which are overseen by the chief audit executive.
D An assurance review for a sales program on which she previously provided consultation.

Answer 9

c

Question 10

An internal auditor needs to recommend a policy element to be included in an organization’s code of ethics. Which of the following recommendations would be most effective?

You Options:
A Ethics should vary with local customs in the organization’s foreign operations.
B Whistleblowing should be discouraged because it can cause distrust among employees.
C Ethical behavior should be incorporated into performance evaluations.
D Senior management should be granted specific exemptions to the code of ethics.

Answer 10

c

Question 11

Which of the following types of fraud includes embezzlement?

You Options:
A Fraudulent statements.
B Bribery.
C Misappropriation of assets.
D Corruption.

Answer 11

c

Question 12

According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?

You Options:
A When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.
B Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.
C Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.
D Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.

Answer 12

a

Question 13

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor’s most appropriate next step?

You Options:
A Immediately notify management of the area under review and the other internal auditors involved in the engagement.
B Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.
C Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.
D Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Answer 13

a

Question 14

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?

You Options:
A The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.
B The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.
C The assigned internal auditor must not assume management responsibilities while performing the engagement.
D The assigned internal auditor must maintain objectivity while performing the engagement.

Answer 14

a

Question 15

An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing {Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations. According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

You Options:
A Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.
B Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.
C Indicate that the internal audit activity operates in partial conformance with the Standards, as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.
D Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to all parties who received the original reports.

Answer 15

b

Question 16

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently. Which common characteristics of fraud will the practice and policy most likely reduce?

You Options:
A Pressure or incentive.
B Opportunity.
C Rationalization.
D Commitment.

Answer 16

a

Question 17

Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

You Options:
A Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.
B Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization’s operations.
C Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.
D Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

Answer 17

b

Question 18

According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?

1. Identification.
2. Mitigation.
3. Remediation.
4. Reduction.

You Options:
A 1 only. |
B 1 and 4 only.
C 1, 3, and 4 only.
D 1,2, 3, and 4.

Answer 18

b

Question 19

During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?

You Options:
A Soft skills in communication, negotiation, and collaboration.
B Technical skills in the area under review.
C Professional qualifications and certification in internal auditing.
D Confidentiality and independence.

Answer 19

a

Question 20

According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?

1. Advocating the establishment of a risk management function.
2. Identifying and evaluating significant risk exposures during audit engagements.
3. Developing a risk response for the organization if there is no chief risk officer.
4. Benchmarking risk management activities with other organizations.
5. Documenting risk mitigation strategies and techniques.

You Options:
A 4 and 5 only.
B 1.2, and 3 only.
C 1.2. 4. and 5 only.
D 2. 3. 4. and 5 only.

Answer 20

c

Question 21

If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?

You Options:
A Imposing risk management processes.
B Providing consolidated reporting on risks.
C Taking accountability for risk management.
D Making decisions on risk responses.

Answer 21

b

Question 22

A manufacturing line supervisor joins the internal audit activity for a two-year rotational job assignment and is assigned to an accounts receivable audit. With regard to this assignment, which of the following should be the primary concern of the audit manager?

You Options:
A Due professional care.
B Individual independence.
C Individual objectivity.
D Organizational independence.

Answer 22

a

Question 23

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to MA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

You Options:
A Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.
B Review the investigation and implement any improvements to the process.
C Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.
D Determine why The fraud was not detected earlier and design controls to strengthen early detection.

Answer 23

c

Question 24

Which of the following is an example of a risk management avoidance response?

You Options:
A Exiting a marketplace.
B Recalling a product.
C Obtaining product insurance.
D Outsourcing production.

Answer 24

a

Question 25

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

You Options:
A Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).
B Approve the annual budget and resource plan for the internal audit activity.
C Assist the CAE with hiring objective and competent internal audit staff.
D Encourage the CAE to communicate and coordinate with the external auditor.

Answer 25

a

Question 26

A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?

You Options:
A From sharing to reduction.
B From acceptance to reduction.
C From sharing to avoidance.
D From acceptance to avoidance.

Answer 26

a

Question 27

According to IIA guidance, which of the following should be formally documented in the internal audit charter?

You Options:
A The internal audit activity’s responsibility for imposing risk management processes.
B The internal audit activity’s responsibility for the organization’s governance framework.
C The nature of consulting services provided by the internal audit activity.
D The budgeting process for the internal audit activity.

Answer 27

c

Question 28

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

You Options:
A CAE reviews and approves the annual audit plan.
B CAE meets privately with The CEO at least annually.
C CAE meets privately with The board at least annually.
D CAE reports to the board regarding audit staff performance evaluation and compensation.

Answer 28

d

Question 29

While auditing an organization’s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor’s relative. Which course of action should the auditor take?

You Options:
A Proceed with the audit engagement, but do not include the relative’s information.
B Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.
C Disclose in the engagement final communication that the relative is a customer.
D Immediately withdraw from the audit engagement.

Answer 29

b

Question 30

According to The IIA’s Code of Ethics, which of the following statements is true?

You Options:
A When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.
B When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.
C When an internal auditor disagrees with the treatment received by workers in the organization’s foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity.
D When an internal auditor continues with an audit engagement, despite the audit client’s claims that the work performed is unnecessary and redundant he fails to demonstrate competency.

Answer 30

c

Question 31

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

You Options:
A The CAE would need to procure external services to deliver the internal audit assurance program.
B There is no expertise within the internal audit team for detecting and investigating fraud.
C There is no expertise within the internal audit team for auditing an IT engagement.
D There is no available expertise on the internal audit team to perform a consulting engagement.

Answer 31

b

Question 32

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity’s responsibility with regard to assessing an organization’s privacy framework?

You Options:
A If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.
B Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.
D The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.
D The internal audit activity should have appropriate knowledge and competence to conduct an asses …….framework.

Answer 32

d

Question 33

According to The IIA’s Code of Ethics, which of the following actions violates the principle of confidentiality?

You Options:
A Accepting a consulting request in the IT department without possessing the requisite experience.
B Providing personal tax preparation services for a fee for several employees during the lunch hour.
C Providing a friend with the marketing strategic plan, which she will use to prepare her university thesis.
D Agreeing to reword an observation to avoid the client complaining directly to the auditor’s supervisor.

Answer 33

c

Question 34

Which of the following would be considered a violation of The IIA’s mandatory guidance on independence?

You Options:
A The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.
B The board seeks senior management’s recommendation before approving the annual salary adjustment of the CAE.
C The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity.
D The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline.

Answer 34

b

Question 35

Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?

You Options:
A Manage and support a quality assurance and improvement program.
B Maintain industry-specific knowledge appropriate to the audit engagements
C Set clear performance standards for internal auditors and the internal audit activity.
D Apply problem-solving techniques for routine situations.

Answer 35

c

Question 36

Which of the following is considered a violation of The IIA’s Code of Ethics?

You Options:
A An auditor conveys public information about an organization’s financial condition.
B An auditor reports a manager’s illegal activity to senior management, rather than reporting the incident to the appropriate external authority.
C An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.
D An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Answer 36

c

Question 37

Which of the following are generally recognized as essential elements of a corporate social responsibility program?

You Options:
A Human rights and the environment.
B Organizational governance and financial reporting.
C Fair operating practices and government regulation.
D Consumer issues and return on investment.

Answer 37

a

Question 38

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

You Options:
A Workshops.
B Surveys.
C Interviews.
D Observation.

Answer 38

b

Question 39

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?

You Options:
A Residual.
B Net.
C Inherent.
D Accepted.

Answer 39

c

Question 40

According to the HA Code of Ethics, which of the following statements best describes the principle of competency?

You Options:
A Internal auditors shall perform their work with honesty, diligence, and responsibility.
B Internal auditors shall perform their work in accordance with the Standards.
C Internal auditors shall perform their work in accordance with the law and make disclosures expected by the law.
D Internal auditors shall be prudent in the use of information acquired while performing their work.

Answer 40

b

Question 41

Which of the following are components of the ISO 31000 risk management process?

1. Setting the context.
2. Risk treatment.
3. Risk avoidance.
4. Communication.

You Options:
A 1 and 2 only.
B 2 and 3.
C 3 and 4.
D 1,2, and 4.

Answer 41

a

Question 42

Which of the following control activities is the most effective to ensure users’ levels of access are appropriate for their current roles?

You Options:
A The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.
B Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.
C System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.
D Department managers are required to perform periodic user access reviews of relevant systems and applications.

Answer 42

d

Question 43

What should the internal auditor’s role be in assessing the organization’s ethical climate?

You Options:
A Perform ongoing surveys of the employees, customers, and partners of the organization to assess the organization’s ethical climate. ^Evaluate the effectiveness of the organization’s strategies and
B processes for achieving the desired level of legal and ethical compliance.
C Maintain a whistleblower hotline to identify inappropriate or illegal activity within the organization.
D Perform background checks of potential new employees before they are hired by the organization.

Answer 43

b

Question 44

What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?

You Options:
A During facilitated workshops, people more openly say things to internal auditors than during private interviews.
B Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.
C Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.
D The testimonial evidence obtained during facilitated workshops is generally considered more reliable.

Answer 44

c

Question 45

An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?

You Options:
A Ask management to determine which internal audit engagements are lower risk and could be considered for removal from the annual audit plan.
B Ask appropriate stakeholders for their opinion on the potential impacts of reducing the scope of the internal audit plan.
C Ask the chief audit executive to determine whether budgetary limitations impede the ability of the internal audit activity to execute its responsibilities.
D Ask The human resources department to determine how the annual compensation and salary of the audit staff could be adjusted to achieve savings.

Answer 45

c

Question 46

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank’s IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

You Options:
A Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.
B Not allow the audit manager to hire the contractor, as it would be a conflict of interest.
C Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.
D Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Answer 46

a

Question 47

Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity’s quality assessments?

You Options:
A The internal audit activity’s plan for resource allocation.
B The amount of the organization’s potential loss prevented by the risk-based auditing of the internal audit activity.
C The number of audits from the annual internal audit plan that were completed last year.
D The qualifications and independence of the assessment Team.

Answer 47

b

Question 48

Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?

You Options:
A Assign more experienced internal auditors to mentor the less experienced auditors.
B Send internal auditors to external trainings in advanced internal audit topics.
C Appraise internal auditors’ performance and competencies at least annually and issue constructive feedback.
D Rotate internal auditors among different engagement assignments.

Answer 48

d

Question 49

The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. If the internal audit staff lacks the expertise to conduct the investigation, how should the chief audit executive proceed?

You Options:
A Disclose the deficiency, and request that the investigation be reassigned to the first line of defense.
B Proceed with the investigation, as internal auditors are not required to have fraud expertise.
C Outsource the sensitive investigation to a third-party consultant with fraud expertise.
D Select a member of the accounting department who is not involved in the fraud to join the investigation team in a consulting capacity.

Answer 49

c

Question 50

In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member?

You Options:
A Maintaining industry-specific knowledge appropriate to the organization.
B Assessing how IT contributes to organization objectives, risks, and relevance to audit.
C Maintaining technical aspects of accounting standards and reporting processes.
D Understanding regulatory and legal framework and assessing its relevance.

Answer 50

d

Question 51

An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity’s work?

You Options:
A The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake.
B The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies.
C The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care.
D The external auditor may use the work with caution, due to the internal audit activity’s scope and responsibility restrictions.

Answer 51

d

Question 52

Which of the following situations is most likely to impair internal audit objectivity?

You Options:
A An internal auditor reports both functionally and administratively to the chief financial officer (CFO).
B An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle.
C According to policy, the internal auditor must obtain approval from the CFO prior to requesting information for internal audit purposes.
D An internal auditor performs an audit in a department that is led by the auditor’s close friend.

Answer 52

d

Question 53

Which of the following best describes the details that must be included in the quality assurance and improvement program (QAIP) report to senior management and the board?

You Options:
A The scope and frequency of internal and external assessments as well as the qualifications and independence of the assessor.
B The scope and cost of the QAIP. frequency of internal and external assessments, and conclusions of the assessor.
C The scope, findings, risks, recommendations, and agreed-upon improvement actions.
D The number and types of people involved in the assessment, costs, and duration of the QAIP

Answer 53

c

Question 54

Who is responsible for setting the risk appetite?

You Options:
A External auditors.
B Chief risk officer.
C Operations management.
D Board of directors.

Answer 54

d

Question 55

According to The IIA’s Code of Ethics, which of the following is true?

You Options:
A Confidentiality requires that auditors disclose all material facts known to them.
B Integrity requires that auditors perform internal audit services in accordance with the Standards.
C Objectivity requires that auditors perform their work with honesty, diligence, and responsibility.
D Confidentiality requires that auditors be prudent in the use and protection of client information.

Answer 55

d

Question 56

Which of the following would be the most important consideration by the internal audit activity when selecting employees to perform an internal quality assessment?

You Options:
A Their understanding of auditing standards.
B Previous experience working with the internal audit activity.
C Their reporting line within the organization.
D The nature of their regular duties and responsibilities.

Answer 56

a

Question 57

According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?

1. The standards to be used by the internal audit activity.
2. The internal audit activity’s code of ethics.
3. The CAE’s reporting line.
4. The internal audit activity’s responsibilities.

You Options:
A 4 only.
B 1 and 2 only.
C 3 and 4.
D 1,2, and 3.

Answer 57

c

Question 58

Which of the following activities should the chief audit executive perform to ensure compliance with an organization’s code of conduct?

You Options:
A Act as an adviser to the committee responsible for reviewing violations of the code.
B Review and adjudicate all violations of the code of conduct.
C Lead the committee responsible for the oversight of the code.
D Implement a system of procedures to inform all employees of the code.

Answer 58

a

Question 59

According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?

When auditing investments, the auditor identified instruments with which he was unfamiliar. He decided not to select that type of investment in his sample, as he did not have the knowledge needed to

You Options:
A perform a proper assessment.
B An auditor was reviewing inventory counts conducted by the warehouse staff. One truck containing an immaterial amount of inventory was off-site and wasn’t verified by the auditor.
C An auditor visited a plant that produces a significant portion of the organization’s inventory. The day he arrived, the plant manager was out sick, so the auditor issued the report without interviewing the manager.
D An auditor in charge needed to have testing completed by the end of the month, but was behind schedule. He identified a junior auditor to conduct the work for him on a complex area of the organization.

Answer 59

a

Question 60

A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO’s internal control framework?

You Options:
A Control environment.
B Control activities.
C Information and communication.
D Monitoring activities.

Answer 60

a

Question 61

Which of the following actions best demonstrates that an internal auditor is exercising due professional care?

You Options:
A The auditor performs thorough reviews and provides absolute assurance of regulatory compliance.
B The auditor is alert to the possibility of fraud and activities where irregularities are most likely to occur.
C The auditor recommends improvements for all of the organization’s procedures and practices.
D The auditor is cognizant of reducing travel expenses by combining a personal vacation with a business trip.

Answer 61

b

Question 62

A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company’s board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?

You Options:
A Appoint the CAE as a member of the board.
B Move the CAE’s functional reporting to an executive who is not on the board.
C Obtain full board approval of the internal audit activity’s annual audit plan.
D Move the CAE’s functional reporting to the audit committee.

Answer 62

d

Question 63

Which of the following best explains why integrity is a necessary personal quality for internal auditors at all levels?

You Options:
A Internal auditor integrity enables stakeholders to constantly question the work of the internal audit activity.
B Internal auditor integrity enables the internal auditor to avoid being challenged by any party in the organization.
C Internal auditor integrity enables the internal audit activity to be able to demonstrate independence.
D Internal auditor integrity enables users of internal auditors’ work to make important business decisions.

Answer 63

d

Question 64

A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization’s practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?

You Options:
A Communication.
B Persuasion and collaboration.
C Business acumen.
D Governance, risk, and control.

Answer 64

a

Question 65

A chief audit executive (CAE) is reviewing the internal audit activity’s performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. According to MA guidance, which of the following elements of the internal audit activity’s quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?

You Options:
A The overall effectiveness of the internal audit activity’s periodic self assessments.
B The type of audit productivity and performance statistics reported.
C The adequacy of the day-to-day supervision and review process.
D The scope and frequency of external assessments.

Answer 65

c

Question 66

Which of the following is a detective control strategy against fraud?

You Options:
A Requiring employees to attend ethics training.
B Performing background checks on employees.
C Implementing a control self-assessment.
D Performing a surprise audit.

Answer 66

d

Question 67

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

You Options:
A Leadership.
B Documentation.
C Analysis.
D Reporting.

Answer 67

c

Question 68

Which of the following statements accurately describes an internal auditor’s responsibility with regard to due professional care?

You Options:
A An internal auditor should express an opinion only when consensus with top management has been achieved.
B An internal auditor’s opinion should be based on experience and free of all bias.
C An internal auditor’s opinion should be based on factual evidence.
D An internal auditor’s opinion should be limited to the effectiveness of internal controls.

Answer 68

c

Question 69

According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?

You Options:
A Negotiation and conflict resolution.
B Project management.
C Financial accounting.
D Ethics and fraud.

Answer 69

b

Question 70

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

You Options:
A A monitoring process.
B A risk assessment process.
C A strategic objective-setting process.
D An information and communication process.

Answer 70

b

Question 71

A multinational organization has asked the internal audit activity to assist in setting up the organization’s risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

You Options:
A Coordinate and facilitate risk workshops for management to attend.
B Establish the degree of risk appetite for management to accept.
C Set risk indicators and mitigation plans for management to implement.
D Determine the number of significant risks for management to report to the board.

Answer 71

d

Question 72

According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?

You Options:
A Objective setting.
B Control activities.
C Information and communication.
D Event identification.

Answer 72

b

Question 73

Which of the following statements is true about The IIA Global Internal Audit Competency Framework?

You Options:
A The core competencies outlined in the framework are not expected of a person undertaking an entry-level position as an internal auditor.
B The framework is designed to be used primarily by chief audit executives that are developing indicators to measure the performance of the internal audit activity for which they are responsible.
C The framework lists the core competencies internal auditors should possess before attempting to attain The IIA’s Certified Internal Auditor certification.
D The framework describes competencies needed for individual internal auditors, but not those necessary at the chief audit executive level.

Answer 73

b

Question 74

An internal auditor completed an audit of a bank’s loan department and found all significant risks to be managed adequately through effective internal controls. Which of the following would be an appropriate conclusion to report to management?

You Options:
A The residual risk is lower than or equal to the risk appetite.
B The residual risk is higher than or equal to the risk appetite.
C The inherent risk is lower than or equal to the risk tolerance.
D The inherent risk is higher than or equal to the risk tolerance.

Answer 74

a

Question 75

According to IIA guidance, which of the following best describes internal auditors’ responsibility regarding fraud?

You Options:
A Internal auditors should take a leading role in investigating all fraud-related cases.
B Internal auditors must have sufficient knowledge to evaluate the risk of fraud.
C Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics.
D Internal auditors are responsible for ensuring that fraud does not occur.

Answer 75

b

Question 76

Which of the following is most likely to enhance an internal auditor’s objectivity?

You Options:
A An auditor is appropriately able to communicate results.
B An auditor performs his work free from interference.
C An auditor is unrestricted in determination of scope.
D An auditor avoids conflicts of interest.

Answer 76

d

Question 77

An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. Which of the following best describes this risk strategy?

You Options:
A Risk avoidance.
B Risk-benefit analysis.
C Risk sharing.
D Risk acceptance.

Answer 77

d

Question 78

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

You Options:
A Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.
B The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.
C Security cameras that monitor cash handling at the register are not functioning.
D The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff.

Answer 78

b

Question 79

According to IIA guidance, which of the following statements is true regarding the reporting of results from an external quality assessment of the internal audit activity?

You Options:
A The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans.
B The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly.
C The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported.
D The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation.

Answer 79

b

Question 80

An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies?

1. Proficiency in analyzing key IT risks and controls.
2. The ability to recognize significant deviations from good business practices.
3. Knowledge of key indicators of fraud in tax reporting.
4. The ability to recognize the existence of problems related to tax accounting.

You Options:
A 1 and 4 only.
B 3 and 4 only.
C 2, 3, and 4 only.
D 1,2, 3, and 4.

Answer 80

b

Question 81

What is the purpose of a secondary control?

You Options:
A It replaces primary controls that are either ineffective or cannot fully mitigate a risk.
B It partially reduces the residual risk level when a key control does not operate effectively.
C lt combines with other controls to help reduce significant risk exposures to an acceptable level.
D It helps to ensure the completeness and accuracy of automated controls in a system environment.

Answer 81

c

Question 82

Which of the following is most likely to be considered a control weakness?

You Options:
A Vendor invoice payment requests are accompanied by a purchase order and receiving report.
B Purchase orders are typed by the purchasing department using prenumbered forms.
C Buyers promptly update the official vendor listing as new supplier sources become known.
D Department managers initiate purchase requests that must be approved by the plant superintendent.

Answer 82

c

Question 83

According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity?

You Options:
A Control environment.
B Control activities.
C Risk assessment.
D Monitoring.

Answer 83

d

Question 84

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

You Options:
A Planning an engagement of the area in which fraud is suspected.
B Employing audit tests to detect fraud.
C Interrogating a suspected fraudster.
D Completing a process review to improve controls to prevent fraud.

Answer 84

b

Question 85

Which of the following is the most common way that occupational fraud is detected?

You Options:
A Internal audits.
B Whistleblower hotline.
C Key controls.
D External audits.

Answer 85

b

Question 86

What is the primary benefit to the internal audit activity for undertaking an internal quality assessment?

You Options:
A To help the internal audit activity complete its annual assurance plan.
B To identify inefficiencies within the internal audit team.
C To help improve the overall quality of the internal audit activity’s work.
D To identify key risks and areas of concern within the organization.

Answer 86

c

Question 87

Which of the following is an example

Answer 87

a

Question 88

An internal auditor is conducting an assessment of the organization’s fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?

1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 2 and 4.

Answer 88

d

Question 89

To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. According to IIA guidance, which of the following statements is true regarding these circumstances?

You Options:
A The chief audit executive (CAE) should review all work performed by the auditor during her temporary assignment to ensure no impairments.
B The CAE may conduct audits in the purchasing department during the auditor’s temporary assignment.
C The auditor should obtain the CAE’s approval as to the nature and scope of the duties she is permitted to perform during her temporary assignment.
D Any work performed by the auditor during her temporary assignment must conform to the internal audit charter.

Answer 89

c

Question 90

Which of the following types of social responsibilities is voluntary and guided purely by the organization’s desire to make social contributions?

You Options:
A The bottom of the pyramid responsibility.
B Innovative responsibility.
C Ethical responsibility.
D Discretionary responsibility.

Answer 90

c

Question 91

According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization’s corporate social responsibility program?

You Options:
A Consumers.
B Activists.
C Suppliers.
D Investors.

Answer 91

b

Question 92

An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?

You Options:
A Management sells the product division to a competitor.
B Management outsources the product division to a third party.
C Management allows the product division to remain unchanged.
D Management modifies the product division to minimize errors.

Answer 92

d

Question 93

Which of the following best demonstrates the authority of the internal audit activity?

You Options:
A Suggesting alternatives to decision makers.
B Improving the integrity of information.
C Determining the scope of internal audit services.
D Achieving engagement objectives.

Answer 93

c

Question 94

Which of the following is an example of collusion?

You Options:
A An employee includes a faked receipt in his expense claim, and the claim is signed by the employee’s manager.
B A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.
C A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.
D An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

Answer 94

b

Question 95

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization’s board?

You Options:
A Requesting a private meeting with senior management, without the presence of the chief audit executive.
B Intervening during an audit involving ethical wrongdoing.
C Discussing periodic reports of ethical breaches.
D Authorizing an investigation of an unsafe product.

Answer 95

b

Question 96

Which of the following factors have the greatest influence on the independence of the internal audit activity?

You Options:
A Quality assessments and cultural biases of the internal audit activity.
B Rotational assignments and familiarity of the internal audit activity.
C Employee incentives and self review of the internal audit activity.
D Organizational positioning and scope control of the internal audit activity.

Answer 96

d

Question 97

According to COSO, which of the following describes a principle related to the control environment?

You Options:
A The organization identifies and assesses changes that could significantly impact the system of internal control.
B The organization establishes appropriate authorities and responsibilities in the pursuit of objectives.
C The organization selects and develops control activities that contribute to the mitigation of risks.
D The organization performs evaluations to ascertain whether internal control components are present and functioning.

Answer 97

b

Question 98

A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?

You Options:
A Continuously monitor the organization’s overall risk activities in relation to its risk appetite.
B Evaluate the adequacy and effectiveness of the organization’s governance activities.
C Oversee the establishment and administration of an effective risk management program.
D Assist management in implementing recommended control improvements.

Answer 98

c

Question 99

Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?

You Options:
A The internal audit activity has to ensure team members’ objectivity is not impaired.
B Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.
C The scope and objective of the engagement is agreed upon based on the engagement client’s needs.
D The internal audit activity must ensure management actions have been implemented effectively or risk accepted.

Answer 99

b

Question 100

Which of the following is an example of a directive control?

You Options:
A Segregation of duties.
B Exception reports.
C Incentive compensation plans.
D Automated reconciliations.

Answer 100

c

Question 101

According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization’s social responsibility program is effective?

You Options:
A Senior management.
B Internal audit activity.
C All employees.
D Board of directors.

Answer 101

d

Question 102

According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization’s operations?

You Options:
A The services must be aligned with those defined in the internal audit charter.
B The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.
C The services may preclude assurance services from the consulting engagement.
D The services impose no responsibility to communicate information other than to the engagement client.

Answer 102

b

Question 103

Which of the following describes a key characteristic related to effective organizational communication?

You Options:
A Comprehensive supervisory and verification procedures.
B A well-designed system of internal controls.
C A culture of integrity and transparency.
D Unique operating environments with varying complexity.

Answer 103

b

Question 104

Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?

1. Locking doors and physically securing inventory items.
2. Independently observing the receipt of materials.
3. Conducting monthly inventory counts.
4. Requiring the use of employee ID badges at all times.

You Options:
A 1 and 3.
B 1 and 4.
C 2 and 3.
D 2 and 4.

Answer 104

b

Question 105

Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?

You Options:
A Attending annual professional conferences and seminars.
B Participating in on-the-job training in various departments of the organization.
C Pursuing as many professional certifications as possible.
D Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.

Answer 105

d

Question 106

Which of the following statements is true with regard to conducting an effective quality assurance and improvement program?

You Options:
A The IIA’s Quality Assessment Manual for the Internal Audit Activity must be used as the basis for periodic assessments.
B Members of the internal audit activity are not permitted to perform quality assessments, as they would not be independent.
C Periodic internal assessments provide the most current and independent recommendations for improvement.
D The conclusions of periodic internal assessments are intended to assist in achieving conformity to the Standards.

Answer 106

d

Question 107

Which of the following scenarios best illustrates the principle of due professional care?

You Options:
A An internal auditor evaluates the significant risks arising from a consulting engagement.
B An internal auditor declares that he would have a conflict of interest in providing planned audit support.
C An internal auditor has been given sufficient authority to access documents needed to make an appraisal of an issue.
D An internal auditor uses technology-based audit techniques to ensure that all significant risks are identified.

Answer 107

a

Question 108

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

You Options:
A Determine the organization’s overall risk appetite.
B Establish a governance committee.
C Delegate authority to members of senior management.
D Identify key stakeholders and their expectations.

Answer 108

d

Question 109

Which of the following is an example of a detective control?

You Options:
A Automatic shut-off valve.
B Auto-correct software functionality.
C Confirmation with suppliers and vendors.
D Safety instructions.

Answer 109

c

Question 110

While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Which of the following principles likely guided the CAE’s decision?

You Options:
A Objectivity.
B Proficiency.
C Independence.
D Due professional care.

Answer 110

d

Question 111

According to IIA guidance, which of the following should be included in the internal audit charter?

You Options:
A The minimum resources and competencies needed for the internal audit activity.
B Identification of the organizational units where engagements are to be performed.
C Organizational relationships and reporting lines.
D Assigned responsibilities for designing and implementing controls.

Answer 111

c

Question 112

According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?

You Options:
A Internal assessments are conducted to benchmark the internal audit activity’s performance against industry best practices.
B Internal assessments must be performed at least once every five years by a qualified assessor.
C An internal auditor may perform a peer review of a colleague’s workpapers, as long as the auditor wasn’t involved in the audit under review.
D Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.

Answer 112

c

Question 113

An internal audit activity is using the auditing-by-element approach to audit the organization’s controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

You Options:
A Working conditions.
B Employees' families.
C Marketplace competition.
D Shareholders and investors.

Answer 113

b

Question 114

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.
2. It defines and standardizes the terminology used in risk communication.
3. It establishes the risk tolerance levels to be accommodated in the strategy.
4. It facilitates the alignment of risk mitigation strategies with management priorities.

You Options:
A 1.2, and 3.
B 1,2, and 4.
C 1.3, and 4.
D 2. 3, and 4.

Answer 114

b

Question 115

According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

You Options:
A To enable Triple Bottom Line reporting capability.
B To facilitate the conduct of risk assessment.
C To achieve and maintain sustainable development.
D To fulfill regulatory and compliance requirements.

Answer 115

c

Question 116

During an audit, the client questions the internal audit activity’s authority to perform procedures over fraud allegations. According to HA guidance, which of the following would provide the most relevant support to respond to the client’s concerns?

You Options:
A Definition of Internal Auditing.
B MA Standards.
C Internal audit charter.
D The IIA's Code of Ethics.

Answer 116

c

Question 117

According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

You Options:
A Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.
B Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.
C Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.
D Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

Answer 117

c

Question 118

An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization’s financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

You Options:
A Bank statements.
B Customer confirmation letters.
C Copies of sales invoices.
D Copies of deposit slips.

Answer 118

d

Question 119

The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries.

Which of the following internal audit tools would be most effective to document the process and the key controls?

You Options:
A Internal control checklist.
B Procurement employee survey.
C Cross-functional flow chart.
D Segregation of duties matrix.

Answer 119

c

Question 120

Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?

You Options:
A Adequate signs are in place to assist in locating safety equipment.
B Servers are secured individually to their racks by locks.
C Foam fire extinguishers are operable to protect against electrical fires.
D Swipe card access is required to gain access to the server room.

Answer 120

a

Question 121

The chief audit executive (CAE) is planning to conduct an internal assessment of the internal audit activity (IAA). Part of this assessment will include benchmarking. According to IIA guidance, which of the following qualitative metrics would be appropriate for the CAE to use?

1. Average client customer satisfaction score for a given year.
2. Client survey comments on how to improve the IAA.
3. Auditor interviews once an audit has been completed.
4. Percentage of audits completed within 90 days.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 3 and 4.

Answer 121

c

Question 122

An internal auditor is performing analytical reviews as part of an audit of a supermarket’s merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?

You Options:
A Higher inventory turnover.
B Higher operating margin.
C Lower obsolete stock disposal.
D Lower sales volume.

Answer 122

d

Question 123

An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?

You Options:
A Statistical sampling only
B Nonstatistical sampling only
C A combination of both statistical and nonstatistical sampling.
D Neither approach to testing the audit theory would be cost effective.

Answer 123

b

Question 124

Which of the following is a weakness of observation as audit evidence?

You Options:
A It cannot be used to test the completeness assertion.
B It cannot be used to test the existence assertion.
C It cannot be used to test the occurrence assertion.
D It cannot be relied upon because the evidence is not persuasive.

Answer 124

a

Question 125

Which of the following would not be considered part of preliminary survey of an engagement area?

You Options:
A Interviews with individuals affected by the entity.
B Functional walk through test.
C Analytical reviews.
D Sampling scope.

Answer 125

d

Question 126

Which of the following is the most common method of fraud detection?

You Options:
A Analytical reviews of high-risk areas.
B Detective controls built into the daily processes.
C Unannounced audits or reviews of programs or departments.
D Tips received from employees or citizens.

Answer 126

d

Question 127

Which of the following is the best way to detect fraud?

You Options:
A Conduct anti-fraud training.
B Perform background investigations.
C Implement process controls.
D Activate a whistleblower hotline.

Answer 127

d

Question 128

In which of the following functions would fraud be most likely to occur?

You Options:
A Maintaining custody of inventory records.
B Collecting payments on accounts.
C Approving changes to employee records.
D Preparing customer statements.

Answer 128

b

Question 129

When developing the organization’s first risk universe, which of the following would the chief audit executive be least likely to consider?

You Options:
A The amount of risk that an organization is willing to seek or accept.
B The extent and degree of interdependency for identified key risks.
C The boundaries established to manage the amount of risk taken.
D The exposure to risks following management’s risk responses.

Answer 129

d

Question 130

According to COSO, which of the following is not considered one of the components of an organization’s internal environment?

You Options:
A Authority and responsibility to resolve issues.
B Framework to plan, execute and monitor activities.
C Integrated responses to multiple risks.
D Knowledge and skills needed to perform activities.

Answer 130

c

Question 131

Which of the following is most likely to function as a directive control?

You Options:
A Security dogs.
B Alert employees.
C Insurance claims.
D Cycle counts.

Answer 131

b

Question 132

An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

You Options:
A Preventive controls.
B Detective controls.
C Soft controls.
D Directive controls.

Answer 132

a

Question 133

According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

You Options:
A The training courses necessary to enhance the internal auditor’s knowledge, skills, and other competencies.
B The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.
C The use of innovative technology and data analysis techniques.
D The extent of work needed to achieve the engagement’s objectives.

Answer 133

d

Question 134

According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?

1. The complexity of the work required.
2. The needs and expectations of the client.
3. The potential value of the engagement compared to the effort.
4. Information regarding assumptions and procedures to be employed.

You Options:
A 1 and 4 only
B 2 and 3 only
C 1, 2, and 3 only
D 1, 2, 3, and 4

Answer 134

c

Question 135

Internal auditors must exercise due professional care by considering which of the following?

1. Cost of assurance in relation to potential benefits.
2. Adequacy and effectiveness of governance, risk management, and control processes.
3. Management’s competency level in the area being evaluated.
4. Probability of significant errors, fraud, or noncompliance.

You Options:
A 1 and 2 only
B 1, 2, and 3 only
C 1, 2, and 4 only
D 2, 3, and 4 only

Answer 135

c

Question 136

Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?

1. Professional certification, license, or other recognition of the engineer’s competence in the relevant discipline.
2. Experience of the engineer in the type of work being considered.
3. Compensation or other incentives that the engineer may receive.
4. The extent of other ongoing services that the engineer may be performing for the organization.

You Options:
A 1 and 4 only
B 2 and 3 only
C 3 and 4 only
D 1, 2, and 4 only

Answer 136

d

Question 137

According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor’s need for objectivity?

You Options:
A An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.
B An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.
C An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.
D An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

Answer 137

c

Question 138

A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director’s independence?

You Options:
A Preparing the financial statements for the company’s defined contribution plan.
B Performing a pre-implementation review of the company’s payroll application.
C Providing the COBIT framework as a possible IT management tool.
D Reviewing the company’s policy for foreign currency translation adjustments for compliance with accounting standards.

Answer 138

a

Question 139

A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization’s payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

You Options:
A She may participate, but only after she has completed one year with the IAA.
B She may participate, because she did not previously work in the Human Resources Department.
C She may participate, but she must be supervised by the auditor in charge.
D She may participate for training purposes, to build her knowledge of the IAA.

Answer 139

b

Question 140

An internal audit charter should do which of the following?

You Options:
A Outline the schedule of future audits.
B Define the scope of internal audit activities.
C Establish the size of the internal audit activity.
D Communicate the internal audit activity’s goals.

Answer 140

b

Question 141

Which of the following are core responsibilities to be included in the internal audit charter?

1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
2. Determine the adequacy and effectiveness of the organization’s systems of internal accounting and operating controls.
3. Participate in the planning and performance of audits of potential acquisitions with the organization’s outside accountants and other members of the corporate staff.
4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.

You Options:
A 1 and 2.
B 1 and 4.
C 2 and 3.
D 2 and 4.

Answer 141

a

Question 142

An assurance mapping exercise helps an organization do which of the following?

1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.
2. Fulfill best practices in the industry.
3. Identify and address any gaps in the risk management process.
4. Identify fraud.

You Options:
A 1 and 4.
B 1 and 3.
C 2 and 3.
D 3 and 4.

Answer 142

b

Question 143

According to IIA guidance, which of the following statements about working papers is false?

You Options:
A They assist in the implementation of recommendations.
B They provide support for communication to third parties.
C They demonstrate compliance with auditing standards.
D They contribute to development of the internal audit staff.

Answer 143

a

Question 144

An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor’s analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?

You Options:
A Condition section.
B Criteria section.
C Effect section.
D Cause section.

Answer 144

c

Question 145

An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result, the auditor assumes that approximately 59 of the total population of 492 entries are incorrect. To reach this assumption, the auditor has used a technique known as which of the following?

You Options:
A Variability tolerance.
B Ratio estimation.
C Stratification.
D Acceptance sampling.

Answer 145

b

Question 146

Click the Exhibit.

Internal auditors are asked to keep track of how many hours per day they spend planning the audit, conducting the engagement, and writing the audit report. The data for two days has been collected as follows:

Day 1

Day 2

Planning the audit

2 hours

3 hours

Conducting the engagement

1 hour

1 hour

Writing the audit report

2 hours

4 hours

Which of the following graphs depicts the data accurately?

You Options:
A Graph A only
B Graph B only
C Both A and B.
D Neither A nor B.

Answer 146

c

Question 147

Non-statistical sampling does not require which of the following?

You Options:
A The sample to be representative of the population.
B The sample to be selected haphazardly.
C A smaller sample size than if selected using statistical sampling.
D Projecting the results to the population.

Answer 147

c

Question 148

According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?

1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 4.
D 3 and 4.

Answer 148

a

Question 149

Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?

1. To understand better the activity and processes that will be audited.
2. To identify the audit procedures that will be used during the engagement.
3. To ensure that matters of greatest vulnerability will be addressed.
4. To use the information obtained as evidence in the current engagement.

You Options:
A 4 only
B 1 and 3 only
C 1 and 4 only
D 2, 3, and 4 only

Answer 149

b

Question 150

Which of the following is a common type of payroll fraud?

You Options:
A Unauthorized overtime.
B Fictitious employees.
C Unearned bonuses or commissions.
D Skimming.

Answer 150

b

Question 151

Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?

1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.

You Options:
A 1 and 2 only
B 3 and 4 only
C 1, 2, and 4 only
D 1, 2, 3, and 4

Answer 151

b

Question 152

Forty-five percent of an organization’s customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.

Which of the following represents the organization’s residual risk for online customer payments due?

You Options:
A $11, 250
B $25, 000
C $33, 750
D $45, 000

Answer 152

a

Question 153

According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

You Options:
A Assessing the risk factors.
B Aligning risk appetite and strategy.
C Enhancing risk response decisions.
D Reducing operational surprises and losses.

Answer 153

a

Question 154

Which of the following is not an objective of internal control?

You Options:
A Compliance.
B Accuracy.
C Efficiency.
D Validation.

Answer 154

d

Question 155

A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?

You Options:
A Require the physician to submit a signed statement attesting that the treatments had been performed.
B Send confirmations to the physicians, requesting them to verify the exact nature of the claims submitted to the insurance provider.
C Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.
D Use computer software to identify abnormal claims based on the insured’s age and medical history.

Answer 155

d

Question 156

According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?

You Options:
A The audit committee and senior management.
B The audit committee and the external auditors.
C Senior management and management of the audited area.
D Senior management and the external auditors.

Answer 156

a

Question 157

According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?

1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.
2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.
3. The application of technology-based audit and other data analysis techniques, where appropriate.
4. The relative complexity and extent of work needed to achieve the engagement’s objectives.

You Options:
A 1, 2, and 3
B 1, 2, and 4
C 1, 3, and 4
D 2, 3, and 4

Answer 157

b

Question 158

According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?

You Options:
A Management principles.
B Computerized information systems.
C Internal audit standards, procedures, and techniques.
D Fundamentals of accounting, economics, and finance.

Answer 158

c

Question 159

A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?

You Options:
A Postpone the audit until the CAE hires internal audit staff with the required knowledge.
B Ask the audit committee to decide the course of action.
C Select the most experienced auditors in the department to perform the engagement.
D Hire consultants who possess the required knowledge to perform the engagement.

Answer 159

d

Question 160

Which of the following statements describes impairment to the internal auditor’s objectivity?

You Options:
A An internal auditor reviews a purchasing agent’s contract drafts prior to their execution.
B An internal auditor reduces the scope of an audit engagement due to budget restrictions.
C An internal auditor receives a promotional gift that is available to the organization’s employees.
D An internal auditor performs an assessment of the operations for which he was recently responsible.

Answer 160

d

Question 161

Which of the following enhances the independence of the internal audit activity?

You Options:
A The chief audit executive (CAE) approves the annual internal audit plan.
B The CAE administratively reports to the board.
C The audit committee approves the CAE’s annual salary increase.
D The chief executive officer approves the internal audit charter.

Answer 161

c

Question 162

Which of the following best ensures the independence of the internal audit activity?

1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.

You Options:
A 3 only
B 1 and 2 only
C 2 and 3 only
D 1, 2, and 3

Answer 162

c

Question 163

An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict.

Which of the following is the most appropriate course of action for the CAE to take?

You Options:
A Replace the auditor with another audit staff member.
B Continue with the present auditor, as more than one year has passed.
C Withdraw the audit team and outsource the financial audit of the division.
D Work with the division’s management to resolve the situation.

Answer 163

a

Question 164

Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?

1. Reappraising risks levels.
2. Providing accurate information to management.
3. Marketing the internal audit activity.
4. Planning safeguards for assets in high-risk areas.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 3 and 4.

Answer 164

b

Question 165

Which of the following statements is true regarding assurance services provided to clients outside of the organization?

You Options:
A Assurance services for outside clients are not covered under the internal audit charter.
B Assurance services for outside clients must be approved on a case-by-case basis by the board of directors.
C The nature of assurance services for outside clients should be defined in the internal audit charter.
D The nature of assurance services for outside clients is the same as for internal clients.

Answer 165

c

Question 166

Which of the following is an activity that an internal auditor must not perform?

You Options:
A Establish and provide continuing assurance on an anti-money laundering program for new hires.
B Survey employees for their understanding of anti-money laundering practices.
C Provide assurance for the effectiveness of anti-money laundering training.
D Assess the risk of being fined for ineffective anti-money laundering practices.

Answer 166

a

Question 167

An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management.

Which of the following correctly identifies the type of evidence this information represents?

You Options:
A Competent, corroborative evidence of future working capital requirements.
B Sufficient, analytical evidence of the cash flow position at a given point of time in the future.
C Competent, documentary evidence of future cash flow changes within the organization.
D Sufficient, circumstantial evidence of the future solvency of the organization.

Answer 167

c

Question 168

According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

You Options:
A Rating each engagement record to assess its relevance and accessibility for the organization’s board.
B Controlling access to engagement records, including access by senior management.
C Developing retention requirements for engagement records that are consistent with organizational guidelines.
D Forming policies governing the custody and retention of consulting engagement records before their release to other parties.

Answer 168

a

Question 169

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

You Options:
A The CAE’s work may be reviewed by any other experienced staff member within the IAA.
B The CAE’s work should be reviewed by an individual with the appropriate background and knowledge.
C The CAE may self-review his work, provided he discloses this practice in the final report.
D The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Answer 169

b

Question 170

Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?

1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.

You Options:
A 1 and 4
B 2 and 3 only
C 1, 2, and 3
D 2, 3, and 4

Answer 170

d

Question 171

An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization’s investments. Which of the following is the most appropriate course of action regarding the auditor’s use of this functionality?

You Options:
A The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.
B The auditor should perform a manual recalculation of several results to validate and document the results.
C The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.
D The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.

Answer 171

b

Question 172

While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?

1. Ensure all tests use a random sampling technique.
2. Consider a judgmental approach for the sample size.
3. Assess testing errors through root cause analysis.
4. Ensure that the entire data set is tested.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 2 and 4.

Answer 172

c

Question 173

Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?

You Options:
A Observation of the facility during operations.
B Questioning of facility management, including the facility safety officer.
C Analysis of facility operating reports, focusing on instances when breakdowns occurred.
D Review of records involving safety violations, filed by facility production employees.

Answer 173

a

Question 174

Which of the following combinations of conditions is most likely a red flag for fraud?

You Options:
A The practice of surprise audits and the implementation of an employee support program.
B Hiring an employee with a prior fraud conviction and yearly management review.
C Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use.
D A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.

Answer 174

c

Question 175

When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?

1. Subsequent change orders increase requirements for low-bid items.
2. Material contract requirements are different on the actual contract than on the request for bids.
3. A high percentage of employees are charged to indirect accounts.
4. Losing bidders are hired as subcontractors.

You Options:
A 1 only
B 2 only
C 1 and 3.
D 2 and 4.

Answer 175

d

Question 176

Which of the following best describes the misdirection of payments on accounts receivable to an employee’s bank account?

You Options:
A Fraud open on the books.
B Fraud hidden on the books.
C Fraud off the books.
D Fraud on the balance sheet.

Answer 176

c

Question 177

An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?

You Options:
A Risk identification.
B Risk appetite.
C Risk capacity.
D Risk tolerance.

Answer 177

d

Question 178

An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

You Options:
A Management will be able to reduce inherent risk because they will have a better understanding of risk.
B Internal auditors will be able to reduce their sample sizes because controls will be more consistent.
C Stakeholders will have more assurance that the risks are assessed consistently.
D Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.

Answer 178

c

Question 179

Which segregation of duties would best reduce the risk of payroll fraud?

You Options:
A Human resources personnel add employees, and payroll personnel process hours and enter employee bank account numbers. Paychecks are automatically deposited in the employee’s bank account.
B Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees.
C Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees.
D Human resources personnel add employees and enter employee bank information. Payroll personnel process hours, and paychecks are automatically deposited in the employee’s bank account.

Answer 179

a

Question 180

A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.

Which of the following controls is correctly classified?

1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.

You Options:
A 1 and 2.
B 1 and 4.
C 2 and 3.
D 3 and 4.

Answer 180

a

Question 181

Which two of the following are preventive controls in a check disbursement process?

1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.
2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.
3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.
4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.

You Options:
A 1 and 3.
B 1 and 4.
C 2 and 3.
D 2 and 4.

Answer 181

d

Question 182

A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?

You Options:
A Logic test.
B Check digits.
C Data integrity tests.
D Balancing control activities.

Answer 182

a

Question 183

An internal audit team is performing an audit of workplace accident claims.

Which of the following actions by the audit team best demonstrates due professional care?

You Options:
A Having an occupational health officer on the engagement team.
B Determining that the claims have been classified properly.
C Placing reliance on medical reports from the injured worker’s doctor.
D Reviewing claims to ensure all accidents actually occurred in the workplace.

Answer 183

a

Question 184

Which of the following actions should an internal auditor take to exercise due professional care?

1. Consider the probability of significant noncompliance in each audit engagement.
2. Weigh the cost of assurance against the benefits.
3. Perform assurance procedures with sufficient care to ensure that all risks are identified.

You Options:
A 1 and 2 only
B 1 and 3 only
C 2 and 3 only
D 1, 2, and 3

Answer 184

a

Question 185

Which of the following is not one of the 10 core competencies identified in the IIA Competency Framework?

You Options:
A Governance, risk, and control.
B Performance management.
C Business acumen.
D Internal audit delivery.

Answer 185

b

Question 186

The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The audit committee requests an assessment of regulatory compliance. According to IIA guidance, which of the following is the CAE’s best course of action?

You Options:
A Have a proficient internal audit staff member perform the assessment and disclose the impairment in the audit report and to the board.
B Have a regulatory compliance staff member perform a self-assessment, to be reviewed by a proficient internal auditor.
C Have a proficient internal audit staff member perform the audit and report the results of the assessment directly to senior management and the board.
D Contract with a third-party entity or external auditor to complete the assessment and report the results to senior management and the board.

Answer 186

d

Question 187

A chief audit executive (CAE) learns that the brother-in-law of a senior auditor who audits the procurement process was hired as the head of the procurement department six months prior. Which of the following is the most appropriate action for the CAE to take?

You Options:
A The CAE should not interfere because there is no evidence that a conflict of interest has occurred.
B The CAE should remind the senior auditor of his obligation to be objective and impartial.
C The CAE should change the senior auditor’s assignment and take corrective action for the auditor’s failure to disclose the conflict of interest.
D The CAE should require the senior auditor to disclose the relationship in writing before continuing his responsibility for monitoring procurement.

Answer 187

c

Question 188

Which the following activities should be performed by the internal audit activity to facilitate an effective relationship with the audit committee?

1. Periodically report about the accounting standards followed by the organization.
2. Provide assurance to the audit committee that its charter, activities, and processes are appropriate.
3. Ensure that the role and activities of the internal audit activity are clearly understood and responsive to the needs of the audit committee.
4. Maintain open and effective communications with the audit committee.

You Options:
A 1 and 2 only
B 3 and 4 only
C 1, 3, and 4 only
D 2, 3, and 4 only

Answer 188

d

Question 189

An internal audit charter describes the mission and scope of the internal audit activity (IAA), responsibilities of the IAA, accountability of the chief audit executive, independence of the IAA, and standards followed by the IAA. Which of the following also should be included in the charter?

You Options:
A The purpose of the IAA.
B The IAA’s right to have unrestricted access to functions, records, personnel, and physical property.
C A detailed audit plan or program for the year.
D The job specifications and descriptions of the internal audit staff.

Answer 189

b

Question 190

Which of the following best ensures an internal audit activity has the ability to render impartial and unbiased assessments?

You Options:
A Organizational status and objectivity.
B Supervision of the chief audit executive (CAE) by senior management.
C Organizational knowledge and skills.
D CAE certification.

Answer 190

a

Question 191

Why is a code of ethics for the internal audit profession necessary?

You Options:
A It ensures that all members of the profession possess the same level of competence.
B It provides auditors with protection from lawsuits.
C It guides internal auditors in their service to others.
D It requires auditors to exhibit loyalty to their organizations.

Answer 191

c

Question 192

Which of the following statements best explains why internal auditors map processes?

1. To obtain audit evidence to support auditor’s observations.
2. To determine scope and objectives of the audit.
3. To facilitate the identification of ownership and responsibility for key risks.
4. To identify potential efficiency improvements.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 4.
D 3 and 4.

Answer 192

d

Question 193

An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?

1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.

You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 3 and 4.

Answer 193

c

Question 194

An internal auditor makes a series of observations when performing an analytical review of division operations. The auditor notes the following things: the current ratio is increasing and the quick ratio is decreasing, sales and current liabilities have remained constant, and the number of day sales in inventory is increasing. Which conclusion should the auditor draw from this data?

You Options:
A Cash or accounts receivable has decreased.
B The gross margin has decreased.
C The division produced fewer items this year than in prior years.
D The gross margin has increased.

Answer 194

a

Question 195

Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?

You Options:
A Analytical review.
B Inquiry.
C Document verification.
D Observation.

Answer 195

a

Question 196

Which of the following would provide the best evidence of errors in the quantities of items received from suppliers?

You Options:
A Suppliers’ reports of over shipments.
B Warehouse receiving logs.
C Purchase requisitions and purchase orders.
D Observation and inspection of inventory.

Answer 196

b

Question 197

According to IIA guidance, which of the following objectives of an assurance engagement for the organization’s risk management process is valid?

You Options:
A All risks have been identified and mitigated.
B Risks have been accurately analyzed and evaluated.
C All controls are both adequate and efficient.
D The board is appropriately addressing intolerable risks.

Answer 197

b

Question 198

Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?

You Options:
A They serve as a reminder of what controls should exist in a process.
B They require yes/no responses to specific questions, not open-ended responses.
C They do not capture all controls that may exist.
D They are useful in assessing risk.

Answer 198

c

Question 199

Which of the following would not be a red flag for fraud?

You Options:
A Several recent, large expenditures to a new vendor have not been documented.
B A manager has bragged about multiple extravagant vacations taken within the last year, which are excessive relative to the manager’s salary.
C A weak control environment has been accepted by management to encourage creativity.
D New employees occasionally fail to meet established project deadlines due to staffing shortages.

Answer 199

d

Question 200

Which of the following conditions is the most likely indicator of fraud?

You Options:
A Commissions are paid based on verified increases to sales.
B Departmental reports are consistently issued in an untimely manner.
C A manager regularly assumes subordinates’ duties.
D Lower earnings occur during the industry’s down cycle.

Answer 200

c

Question 201

An accounts receivable clerk receives cash payments, posts the payments to customer accounts, and prepares the daily cash deposit.

The clerk has been stealing some cash and manipulating the customer payments to hide the theft.

This fraud could be detected with which of the following controls?

You Options:
A Monthly bank reconciliations are performed by the clerk on a timely basis.
B Total cash deposits for the month are reconciled to the cash receipts journal.
C Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal.
D Total cash deposits are compared with the bank reconciliation.

Answer 201

c

Question 202

Which of the following is a second line of defense in effective risk management and control?

You Options:
A Purchasing department.
B Compliance department.
C Credit department.
D Internal audit department.

Answer 202

b

Question 203

Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?

You Options:
A Evaluating risk management processes.
B Recommending accountability for risk management.
C Providing assurance that risks are evaluated correctly.
D Supporting managers to identify ways to mitigate risks.

Answer 203

b

Question 204

Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?

You Options:
A Hire a risk consultant.
B Implement a hedging strategy.
C Maintain a large foreign currency balance.
D Insist that customers only pay in a stable currency.

Answer 204

b

Question 205

While reviewing first quarter sales transactions, an internal auditor discovered that 10 invoices for a new customer had not been posted into the accounts receivable subsidiary ledger. Those 10 invoices were listed in an error report automatically generated by the sales processing system. The system had rejected the invoices because the customer’s account number was not found in the customer master file. In this scenario, which of the following controls was lacking?

You Options:
A Corrective control.
B Preventive control.
C Detective control.
D Directive control.

Answer 205

a

Question 206

Which of the following statements describes a control failure that is not directly attributable to a customer billing application?

1. End users have raised a number of concerns regarding data integrity.
2. An untested program change is transferred from the test environment to production.
3. Purchase history does not reconcile with accounts receivable for some customers.
4. End user security is inadvertently granted to an unauthorized individual by management.

You Options:
A 1 and 3.
B 1 and 4.
C 2 and 3.
D 2 and 4.

Answer 206

d

Question 207

The last quality assessment of the internal audit activity identified three areas for improvement: the achievement of audit engagement objectives, quality of work, and staff development. According to IIA guidance, which of the following should be the chief audit executive’s primary focus to achieve these recommended improvements?

You Options:
A Demonstrated compliance with procedures.
B Due professional care.
C Engagement supervision.
D Employment of tools and techniques.

Answer 207

c

Question 208

While reviewing the workpapers of a new auditor, the auditor in charge discovered that additional audit procedures might be necessary. According to IIA guidance, which of the following would be most relevant for the auditor in charge to consider when making this decision?

You Options:
A Resource management.
B Coordination.
C Due professional care.
D Engagement supervision.

Answer 208

c

Question 209

When an internal auditor applies due professional care to perform an assurance engagement, which of the following must she consider?

1. Findings of the last audit engagement performed.
2. Probability of significant errors, irregularities, or noncompliance.
3. Extent of work needed to achieve engagement objectives.
4. Cost of the engagement versus the potential benefits.

You Options:
A 1 and 4 only
B 2 and 3 only
C 2, 3, and 4 only
D 1, 2, 3, and 4

Answer 209

c

Question 210

Management has asked the chief audit executive (CAE) to provide assurance on the organization’s automated control system related to financial data. The current audit staff does not have the expertise needed to conduct this type of engagement. Which of the following would be the best response by the CAE?

You Options:
A Accept the assignment and use control self-assessment to complete the project.
B Do not accept the assignment because the internal audit activity lacks the competency to perform the engagement with due professional care.
C Accept the assignment and use an external provider with the necessary knowledge and skills to perform the engagement.
D Accept the assignment if the engagement is included in the current audit plan, but inform senior management that the current audit staff does not have the knowledge and skills required.

Answer 210

c

Question 211

Which of the following is not an appropriate activity for internal auditors to perform?

You Options:
A Recommend management seek a consulting firm to advise on outsourcing.
B Highlight matters that require management’s attention.
C Implement solutions for specific organizational problems.
D Accumulate data, obtain varying views, and report information to senior management.

Answer 211

c

Question 212

A government agency’s policy states that board members’ travel and hospitality expenses must be audited annually. Which of following people or groups is most appropriate to perform this audit?

You Options:
A The government's independent auditor.
B The external auditors from an accounting firm.
C The internal audit activity.
D The agency's chief compliance officer.

Answer 212

a

Question 213

Which of the following does not need to be defined in the internal audit charter?

You Options:
A The audit engagements to be performed during the upcoming year.
B The internal audit activity’s position within the organization.
C The scope of internal audit activities.
D Management and the board of directors’ agreement regarding the roles and responsibilities of the internal audit activity.

Answer 213

a

Question 214

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

You Options:
A Senior management should approve the charter before it is submitted to the board.
B The charter should describe the purpose and authority of the internal audit activity, consistent with the Standards.
C The charter should define the consulting services that the internal audit activity is permitted to perform.
D The CEO periodically should assess whether the terms of the charter continue to be adequate.

Answer 214

a

Question 215

The director of purchasing, a certified internal auditor (CIA), signs a contract to procure a large order from a supplier whose products provide the best price, quality, and performance. A few days after signing the contract, the supplier presents the CIA with $1, 000 as a gift. Which statement regarding acceptance of the money is correct?

You Options:
A Accepting the money would be prohibited only if it were non-customary.
B Accepting the money would violate the IIA Code of Ethics.
C Because the CIA is not acting as an internal auditor, accepting the money would be governed only by the organization’s code of conduct.
D Because the contract was signed before the money was offered, accepting the money would not violate the IIA Code of Ethics.

Answer 215

b

Question 216

The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards. To address this concern, which of the following actions is most appropriate for the CAE to take?

You Options:
A The CAE should agree with the audit committee and implement only those standards appropriate to the size of the IAA.
B The CAE should request the audit committee to review the Standards to identify specifically which are creating the greatest concern.
C The CAE should seek sufficient funding to increase audit resources to meet the minimum requirements of the Standards.
D The CAE should explain that conformance with the Standards is essential and not dependent upon the size of the IAA.

Answer 216

d

Question 217

An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization’s mission. Which of the following pieces of evidence would be sufficient for completing this task?

You Options:
A A log from the last year that includes dates of travel, conference titles, and conference objectives, all of which correspond with employee names and costs per trip.
B A log that includes titles of conferences that all employees were invited to attend in the last year, along with the dates of those conferences and average costs per traveler.
C A log of conferences titles, dates of travel for each employee, and a detailed summary of conference objectives and how they relate to the organization’s mission needs.
D A log of employee travel requests, which include the title of each conference, the conference objectives, anticipated dates of travel, and estimated costs.

Answer 217

a

Question 218

An internal auditor would like to identify the involvement of various organizational units in handling employee travel reimbursement claims. Which of the following methods would be most effective and efficient in completing this task?

You Options:
A Process mapping.
B Interviewing.
C Monitoring.
D Distributing questionnaires.

Answer 218

a

Question 219

The internal audit supervisor is reviewing the workpapers prepared by the staff. According to the Standards, which of the following statements regarding workpaper supervision is not true?

You Options:
A Review notes of questions that arise during the review process must be retained.
B Dating and initialing each workpaper provides evidence of review.
C Workpaper review allows for staff training and development.
D Workpapers may be amended during the review process.

Answer 219

a

Question 220

Which of the following audit techniques is used to evaluate control design while also embodying auditing’s analytical process?

You Options:
A A risk and control matrix.
B A flowchart.
C A walk-through.
D A process narrative.

Answer 220

a

Question 221

According to the Standards, which of the following best describes why initial audit test results should be reported to the auditor-in-charge prior to advising management?

You Options:
A It increases the likelihood of obtaining the audit client’s agreement with the results.
B It ensures that an appropriate chain of evidence is maintained through the workpapers.
C It helps ensure that appropriate professional judgments and conclusions are made.
D It is required to demonstrate that effective engagement supervision has occurred.

Answer 221

c

Question 222

During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?

You Options:
A Report the deviations immediately to the audit committee.
B Gather additional information to determine the cause of the deviations.
C Conclude that the budget was unreasonably set and accept the deviations.
D Perform alternative forms of analytical procedures which provide no deviations.

Answer 222

b

Question 223

When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:

You Options:
A Obtain specific answers and maximize efficiency.
B Gather factual data on several different topics.
C Determine agreement or disagreement with a stated viewpoint.
D Obtain information based on the person’s own perspective.

Answer 223

d

Question 224

Which of the following techniques would best assist an internal auditor in evaluating the efficiency of a wholesale grocery distributor`s process to fill and package orders for shipping?

You Options:
A A Bedford analysis of orders filled to average delivery times.
B Decision trees rating actual performance against requirements.
C Queuing theory to assess potential bottlenecks in the process.
D A program evaluation and review technique chart.

Answer 224

c

Question 225

Which of the following would most likely be considered a red flag for fraud?

You Options:
A An organization lacks a whistleblower hotline for reporting suspicious activity.
B A senior manager has been delegating the authority to sign-off on small dollar amount purchases to a subordinate.
C An employee in charge of payroll disbursements has rotated these duties with several colleagues.
D An employee with significant personal debt is in charge of handling large wire transfers for the organization.

Answer 225

d

Question 226

Which of the following risk management activities is most appropriate for an internal auditor to undertake?

You Options:
A Impose risk management processes.
B Coordinate risk management activities.
C Implement risk responses on management's behalf.
D Review the management of key risks.

Answer 226

d

Question 227

Which of the following best describes the assessment of risks?

You Options:
A Assess the actions necessary to reduce the likelihood and/or impact of risk to tolerable levels.
B Assess the likelihood and/or impact of risk on the achievement of organizational objectives.
C Assess the amount of risk an organization can accept while pursuing its objectives.
D Assess alternative strategies to reduce or eliminate major risks.

Answer 227

b

Question 228

According to IIA guidance, which of the following statements is true?

You Options:
A Risks in IT processes are best mitigated by individual controls.
B The overall focus of the framework is on significant controls in all critical IT applications.
C IT risks and related controls are operational and best identified using a bottom-up approach.
D Control process risks are found at multiple layers of the IT environment.

Answer 228

d

Question 229

An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

You Options:
A Apply antivirus and patch management software.
B Utilize dedicated and encrypted network connections.
C Install a software inventory management application.
D Utilize secure socket layer encryption.

Answer 229

c

Question 230

Which of the following is a preventive control?

You Options:
A Creating an audit trail.
B Placing controls on physical access to inventory.
C Reconciling purchase orders with approvals.
D Reviewing expense accounts for irregularities.

Answer 230

b

Question 231

Which of the following is an example of a transaction-level control?

You Options:
A Human resource policies.
B Tone at the top.
C Reconciliations of primary accounts.
D Inventory counts.

Answer 231

c

Question 232

According to IIA guidance, which of the following best describes processes and tools typically used in ongoing internal assessments?

You Options:
A Benchmarking of the internal audit activity’s practices and performance.
B Report of internal assessment results, response plans, and outcomes.
C Analysis of performance metrics such as cycle times.
D Self-assessments and surveys of stakeholder groups.

Answer 232

c

Question 233

According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?

You Options:
A Continuing professional education can be obtained through IAA involvement in research projects.
B Employers are responsible for ensuring that the continuing professional education needs of the IAA are met.
C Completion of self-study courses fulfills IAA continuing professional education requirements.
D Specialized education that meets unique organizational needs cannot qualify as IAA professional development.

Answer 233

b

Question 234

According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?

You Options:
A The relative complexity, materiality, or significance of matters to which assurance procedures are applied.
B The extent of assurance services necessary to ensure that all risks are identified.
C The cost of providing the assurance services in relation to potential benefits.
D The probability of significant errors, irregularities or instances of noncompliance.

Answer 234

b

Question 235

Which of the following decisions made during the testing phase of a compliance audit requires the most judgment by an internal auditor?

You Options:
A Which sampling methodology to select for testing.
B Which fields to examine on each invoice.
C Whether an individual expenditure is allowable.
D What level of noncompliance is acceptable.

Answer 235

d

Question 236

A candidate has applied for an entry level internal audit position. The candidate holds a CISA (Certified Information Systems Auditor) designation, and has six months of audit experience, but limited knowledge of accounting principles and techniques. According to the IIA guidance, which of the following is the most relevant reason for the chief audit executive to consider this candidate?

You Options:
A Other internal auditors possess sufficient knowledge of accounting principles and techniques.
B The candidate’s information systems knowledge and real-world experience in internal auditing.
C Accounting skills can be learned over time with appropriate training.
D An entry level position does not require expertise in any particular area.

Answer 236

b

Question 237

This chief audit executive (CAE) engaged an internal auditor to consult on an organization’s complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline.

Which of the following would be the best course of action for the CAE to take?

You Options:
A Continue with the engagement in order to meet the regulatory deadline, but highlight areas in the final report that might need to be revised in the future.
B Ask that a senior member of the organization’s IT department with the required systems expertise join the audit team to assist in completing the engagement.
C Delay the engagement and inform the board of the situation, asking them to provide acceptable alternatives for completing the engagement.
D Remove the planned engagement from the audit plan and explain to senior management the problems with moving forward without an auditor with the necessary expertise.

Answer 237

c

Question 238

If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

You Options:
A Terminate the audit engagement in full because an operational audit will not be productive without the client’s cooperation.
B Terminate only the specific action or process with which the client disagrees and work to determine a substitute function that will not impede further IAA or the client-audit relationship.
C Refer the client to the IAA’s charter and the approved yearly audit plan, which includes the areas designated for audit in the current time period.
D Seek the approval of senior management or the board in mediation, allowing an overseer to clarify the scope of the audit engagement for the client.

Answer 238

c

Question 239

What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

You Options:
A Diversifying the risk that network access will not be available to legitimate, authorized users.
B Accepting the risk that there may be attempts at unauthorized access to the network.
C Avoiding the risk of having a direct network connection to un-trusted networks.
D Sharing the risk that either firewall could be compromised by hackers.

Answer 239

a

Question 240

An internal auditor finds during an engagement that payment for the organization’s general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.

Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?

You Options:
A Confidentiality.
B Objectivity.
C Integrity.
D Competency.

Answer 240

b

Question 241

According to the IIA guidance, who is responsible for periodically assessing the internal audit activity?

You Options:
A The board.
B The chief audit executive.
C Senior management.
D The external auditors.

Answer 241

b

Question 242

Allegations have been made that an organization’s share price has been manipulated.

Which of the following would provide an internal auditor with the most objective evidence in this case?

You Options:
A Major shareholders of the organization.
B Large customers of the organization.
C Former members of management.
D Former financial consultants.

Answer 242

d

Question 243

Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?

You Options:
A The CAE initials and dates every working paper after it has been reviewed.
B The CAE completes an engagement working paper checklist.
C The CAE prepares a memorandum discussing the results of the working paper review.
D The CAE utilizes an external third party to make an objective recommendation after each working paper review.

Answer 243

d

Question 244

During an account receivables audit, an internal auditor found a significant number of input errors resulting in a $500, 000 balance understatement.

Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?

You Options:
A Who?
B How?
C Why?
D When?

Answer 244

c

Question 245

When internal auditors are preparing workpapers for the testing stage of an engagement, which of the following guidelines should be observed?

1. Include copies of all client files that were reviewed for the audit.
2. Avoid the use of professional, industry-appropriate jargon and technical terms.
3. Indicate the original sources of all data and information used in the workpapers.
4. Leave blank space for cross-references to be completed during the post-audit process.

You Options:
A 1 and 2 only
B 1 and 4 only
C 2 and 3 only
D 3 and 4 only

Answer 245

c

Question 246

During an internal audit, the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole.

This is an example of which of the following analytical auditing procedures?

You Options:
A Reasonableness test.
B Regression analysis.
C Benchmarking.
D Trend analysis.

Answer 246

c

Question 247

Which of the following statements is true regarding the use of non-statistical sampling in auditing control tests?

You Options:
A It considers tolerable deviation rate more effectively than does statistical sampling.
B Sampling risk will be accurately quantified through non-statistical sampling.
C Non-statistical sample results must be projected to the population.
D Lesser evidence is required to support a conclusion than for statistical sampling.

Answer 247

c

Question 248

During an internal audit, an organization’s processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.

Which of the following tests would best help the internal auditor detect fraudulent activity?

You Options:
A Check inventory levels.
B Search for gaps in check numbers.
C Compare vendor summaries.
D Review raw material purchase quantities.

Answer 248

a

Question 249

An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization.

Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?

You Options:
A The periodic rotation of procurement officers’ assignments to supplier accounts.
B A pre-award financial capacity analysis of suppliers.
C An automated computer report, organized by supplier, of any invoices for the same amount.
D Periodic inventories of kiln-dried wood at the organization’s warehouse.

Answer 249

a

Question 250

Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

You Options:
A Strategic objectives.
B Operational objectives.
C Reporting objectives.
D Compliance objectives.

Answer 250

b

Question 251

According to IIA guidance, which of the following is the best example of a system application control?

You Options:
A A physical security control over a data center.
B A system development life cycle control.
C A program change management control.
D An input control over data integrity.

Answer 251

d

Question 252

Which of the following are components of the COSO enterprise risk management framework?

1. Objective setting.
2. External environment.
3. Data collection.
4. Control activities.

You Options:
A 1 and 3 only
B 1 and 4 only
C 2 and 3 only
D 2 and 4 only

Answer 252

b

Question 253

Which of the following would be considered a preventive control?

You Options:
A A library control log.
B A review of exception reports.
C A password lock on a server.
D A software scan of financial records for irregularities.

Answer 253

c

Question 254

Why are preventative controls generally preferred to detective controls?

You Options:
A Because preventive controls promote doing the right thing in the first place, and lessen the need for corrective action.
B Because preventive controls are more sensitive and identify more exceptions than detective controls.
C Because preventive controls include output procedures, which cover the full range of possible reviews, reconciliations and analysis.
D Because preventive controls identify exceptions after-the-fact, allowing them to be used after the entire review is complete and therefore finding exceptions that detective controls may have missed.

Answer 254

a

Question 255

The results of an internal audit activity’s (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?

You Options:
A ‘Completed with the advance certification of the External Assessors Association for Auditing Review.’
B ‘Conforms with the International Standards for the Professional Practice of Internal Auditing.’
C ‘Certified 100% accuracy, per the International Standards of External Assessment.’
D ‘Compliant with all domestic and international legal statutes, and certified quality assured for ten years.’

Answer 255

b

Question 256

According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?

You Options:
A A former employee knowledgeable of the IAA who resigned three years earlier from the organization.
B A competent employee of an independent external organization that provides co-sourcing services to the IAA.
C An employee in an affiliated organization who has never worked directly with the IAA.
D An employee in the parent organization who has not had any previous contact with the IAA.

Answer 256

a

Question 257

A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?

You Options:
A Require that all staff obtain a minimum of two relevant audit certifications.
B Perform a gap analysis of the IAA’s existing knowledge, skills and competencies.
C Engage a consultant to benchmark the IAA’s training program against its peers.
D Assign one experienced manager to better coordinate staff training and development activities.

Answer 257

b

Question 258

Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.

According to the Standards, which of the following principles did the CAE violate?

You Options:
A Due professional care.
B Individual objectivity.
C Proficiency.
D Organizational independence.

Answer 258

a

Question 259

The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization’s retail store operations. Store operations are included in the annual audit plan.

Which of the following strategies best fulfills the requirements of the Standards regarding these audits?

You Options:
A The scope of store operations audits should exclude compliance.
B Store operations audits can be fully executed with appropriate disclosure to the board.
C Store operations audits should be performed by an external service provider.
D A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.

Answer 259

c

Question 260

According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?

You Options:
A Three months.
B Six months.
C One year.
D Two years.

Answer 260

c

Question 261

An internal audit activity (IAA) provided assurance services for an activity it was responsible for during the preceding year.

As a result, which IIA Code of Ethics principle is presumed to be impaired?

You Options:
A Competence.
B Flexibility.
C Objectivity.
D Independence.

Answer 261

c

Question 262

A chief audit executive (CAE) of an international charity reports functionally to the audit committee of the board of directors and administratively to the charity’s chief financial officer (CFO).

Which of the following would impair the internal audit function’s independence?

You Options:
A The CFO determines the scope of internal audit work in the accounting department.
B The CFO manages the accounting of the budget for the internal audit function.
C The CFO administers the annual evaluation process for the internal auditors.
D The CFO provides feedback on the CAE’s audit reports.

Answer 262

a

Question 263

While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor’s organization.

Which of the following actions are most appropriate for the auditor to take?

You Options:
A Consult with an immediate supervisor and notify the organization’s audit committee.
B Consult with an immediate supervisor and review the organization’s ethics policy.
C Give the prize to a friend or family member and notitfy the organization’s audit committee.
D Give the prize to a friend or family member and review the organization’s ethics policy.

Answer 263

b

Question 264

Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?

You Options:
A The internal auditor reviews the physical access to merchandise during an inventory count.
B The audit manager conducts an internal quality assessment of the internal audit activity’s adherence to the Standards.
C The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.
D The board approves the annual performance evaluation of the chief audit executive.

Answer 264

a

Question 265

Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?

You Options:
A A change was implemented requiring the IAA to report administratively to the organization’s chief legal counsel rather than the board.
B Responsibility for risk management processes were removed from the IAA and placed under a newly created chief risk officer.
C The IAA was denied access to expenditure and budget requirement reports because the reports were considered to be financial administrative matters.
D An internal auditor was informed by the chief financial officer that client survey results would be unfavorable unless the auditor changed a finding in the report.

Answer 265

c

Question 266

A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.

Which of the following statements is true about the auditor’s actions?

You Options:
A They are in violation of the IIA Code of Ethics because the auditor withheld meaningful information.
B They are in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
C They are in violation of neither the IIA Code of Ethics nor the Standards.
D They are not in violation of the Standards but are in violation of the IIA Code of Ethics.

Answer 266

c

Question 267

During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee’s name that are unrelated to the basic business of the organization.

The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization.

Division management views the employee’s actions as extra incentive to retain the employee.

A decision to include the employee’s action in the engagement final communication would be:

1. A violation of the IIA Code of Ethics.
2. A violation of the reporting requirements in the Standards.
3. Justified and necessary, according to the IIA Code of Ethics and Standards.

You Options:
A 1 only
B 2 only
C 3 only
D 1 and 2 only

Answer 267

c

Question 268

Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store’s cash function?

You Options:
A The audit report included a well-supported recommendation for a reduction in staff even though such a reduction might adversely impact morale.
B The auditor tested samples of transactions to test the cash function’s process flows.
C After determining that the cash function internal controls were strong, the audit report assured senior management that fraud was not present.
D The auditor discovered an instance of potential fraud and reported it immediately to management, but did not alert authorities outside the organization.

Answer 268

c

Question 269

Why is it important for the chief audit executive to periodically review the audit charter and present the results to senior management and the board?

You Options:
A Because management requires the review to measure effectiveness of the internal audit activity.
B So that the individual objectivity of the internal audit staff can be more clearly established.
C So that there is assurance of the internal audit staff’s proficiency to complete audit activities.
D Because changes in the organization may impair the internal audit activity’s ability to meet its objectives.

Answer 269

d

Question 270

A computer system automatically locks a user’s account after three unsuccessful attempts to log on.

Which type of control does this scenario represent?

You Options:
A Corrective control.
B Preventive control.
C Detective control.
D Compensating control.

Answer 270

b

Question 271

A manufacturing organization discovers that the waste water released has failed to meet permitted limits.

Which control function will be least effective in correcting the issue?

You Options:
A Performing a chemical analysis of the water, prior to discharge, for components specified in the permit.
B Posting signs that tell employees which substances may be disposed of via sinks and floor drains within the facility.
C Diluting pollutants by flushing sinks and floor drains daily with large volumes of clean water.
D Establishing a preventive maintenance program for the pretreatment system.

Answer 271

c

Question 272

Which of the following controls is not appropriate for sales in a manufacturing organization?

You Options:
A Customers’ orders are recorded promptly.
B Goods shipped are matched with valid customer orders.
C Goods returned are inspected for damage by the receiving department for proper disposition.
D Sales department approval is required for credit sales transactions.

Answer 272

d

Question 273

Which of the following actions does not violate the IIA Code of Ethics or Standards?

You Options:
A An internal auditor performing an audit on an operation that they managed less than a year ago.
B An internal auditor performing an audit on procedures that they were responsible for creating.
C An internal auditor disclosing details of an audit report to colleagues from a different organization.
D An internal auditor disclosing confidential information in response to a lawsuit.

Answer 273

d

Question 274

An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications. Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?

You Options:
A Restrict data-table access from management and line supervisors who have the authority to determine pay rates.
B Require a supervisor in the department, who has the ability to change the table, to compare the changes to a signed management authorization.
C Ensure that adequate edit and reasonableness checks are built into the automated system.
D Require a manager, who is independent of the system and who cannot change the table, to authorize and sign-off on any employee pay changes.

Answer 274

d

Question 275

After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?

You Options:
A To determine audit priorities in the new job, the auditor uses the audit risk approach that the auditor’s previous employer used, without receiving permission to do so.
B At the new organization, the auditor is asked to develop forms to implement probability-proportional-to-size sampling. Although unsure of how to perform this type of sampling, the auditor proceeds without asking for assistance.
C In preparing for an audit at the previous organization, the auditor had conducted a great deal of research on the Internet at home to identify best practices for the management of a treasury function. The auditor has retained much of the research and uses it to conduct an audit of the new employer’s treasury function.
D In the first week at the new organization, the auditor discovers a high fraud risk surrounding the organization’s database and suggests that the information technology department implement a new password system to prevent fraudulent actions before they occur.

Answer 275

b

Question 276

Which of the following scenarios exemplifies a potential internal control weakness?

You Options:
A The same employee who receives cash from customers prepares a prelisting of cash receipts.
B The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information.
C The same employee who restrictively endorses checks received from customers prepares the bank’s check deposit slips.
D The same employee who makes deposits at the bank prepares the monthly bank reconciliation.

Answer 276

d

Question 277

Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management’s decision is least plausible?

You Options:
A Management may be concerned about its reputation in the financial markets.
B Management is following best-practice protocol, as stipulated by the Standards, which states that internal auditors must review quarterly financial statements.
C Management may be concerned about potential penalties that could occur if quarterly financial statements are misstated.
D Management may perceive that having quarterly financial information examined by the internal auditors enhances the information’s value to internal decision making.

Answer 277

b

Question 278

An organization’s chief audit executive (CAE) determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following would be the best course of action for the CAE to follow?

You Options:
A Outsource the audit engagement to a qualified external auditing firm without burdening the audit committee with the decision.
B Determine the requisite knowledge needed, and obtain the proper training for auditors, even if the training will significantly push back the project’s timeframe as outlined by the audit committee.
C Notify the audit committee of the problem, and assign the most competent auditors on staff to perform the audit engagement.
D Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.

Answer 278

d

Question 279

Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

You Options:
A A review of audit staff education and training records.
B Information about the audit staff size and composition of comparable organizations.
C Results from discussions of audit needs with executive management and the audit committee.
D The results of the audit staff’s most recent performance reviews.

Answer 279

c

Question 280

An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts. Which of the following irregularities is the most likely cause of the auditor’s suspicion?

You Options:
A A much higher bad debt expense as a percentage of sales than that of previous years.
B A much higher bad debt expense as a percentage of sales than that of other stores.
C A much higher percentage of past-due accounts receivable than that of other stores.
D A much higher percentage of past-due accounts receivable than that of previous years.

Answer 280

b

Question 281

Which of the following is a valid statement about the use of visual observations during an audit engagement?

1. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.
2. Visual observations can be used during both preliminary survey and fieldwork stages of the audit engagement.
3. Visual observations can provide unsubstantiated facts to management if the internal auditor believes the information is useful.
4. Visual observations can assist an auditor in determining if a material observation should be communicated through informal means to the organization’s senior management.

You Options:
A 1 and 2 only
B 1 and 4 only
C 2 and 3 only
D 3 and 4 only

Answer 281

a

Question 282

In which of the following scenarios would a customer service hotline receive a high volume of complaints regarding payments not being applied to customers’ accounts?

You Options:
A Invoices are not being mailed to customers.
B An employee is tampering with customer checks.
C Employees are submitting fraudulent expense reports.
D The customer service department is not forwarding complaints to the accounts receivable department.

Answer 282

b

Question 283

What is the primary purpose of a fishbone diagram?

You Options:
A To depict the areas of responsibility for departments in an organization.
B To plan and control complex projects, such as internal audits.
C To represent the frequencies of adverse conditions in a given process.
D To identify the possible causes of adverse conditions.

Answer 283

d