Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

IIA-ACCA Questions and Answers

Question # 6

Which of the following is an example of collusion?

A.

An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.

B.

A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.

C.

A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.

D.

An employee works with the IT manager to develop a program for identifying duplicate invoice payments.

Full Access
Question # 7

According to The IIA's Code of Ethics, which of the following is true?

A.

Confidentiality requires that auditors disclose all material facts known to them.

B.

Integrity requires that auditors perform internal audit services in accordance with the Standards.

C.

Objectivity requires that auditors perform their work with honesty, diligence, and responsibility.

D.

Confidentiality requires that auditors be prudent in the use and protection of client information.

Full Access
Question # 8

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

A.

1 and 2

B.

1 and 3

C.

2 and 3

D.

2 and 4

Full Access
Question # 9

Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?

1. Locking doors and physically securing inventory items.

2. Independently observing the receipt of materials.

3. Conducting monthly inventory counts.

4. Requiring the use of employee ID badges at all times.

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 10

During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?

A.

Soft skills in communication, negotiation, and collaboration.

B.

Technical skills in the area under review.

C.

Professional qualifications and certification in internal auditing.

D.

Confidentiality and independence.

Full Access
Question # 11

According to The IIA's Code of Ethics, which of the following actions violates the principle of confidentiality?

A.

Accepting a consulting request in the IT department without possessing the requisite experience.

B.

Providing personal tax preparation services for a fee for several employees during the lunch hour.

C.

Providing a friend with the marketing strategic plan, which she will use to prepare her university thesis.

D.

Agreeing to reword an observation to avoid the client complaining directly to the auditor's supervisor.

Full Access
Question # 12

Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?

A.

If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.

B.

Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.

C.

The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.

D.

The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.

Full Access
Question # 13

Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?

A.

Manage and support a quality assurance and improvement program.

B.

Maintain industry-specific knowledge appropriate to the audit engagements

C.

Set clear performance standards for internal auditors and the internal audit activity.

D.

Apply problem-solving techniques for routine situations.

Full Access
Question # 14

Which of the following is considered a violation of The IIA's Code of Ethics?

A.

An auditor conveys public information about an organization's financial condition.

B.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

C.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

D.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Full Access
Question # 15

Which of the following situations is most likely to impair internal audit objectivity?

A.

An internal auditor reports both functionally and administratively to the chief financial officer (CFO).

B.

An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle.

C.

According to policy, the internal auditor must obtain approval from the CFO prior to requesting information for internal audit purposes.

D.

An internal auditor performs an audit in a department that is led by the auditor's close friend.

Full Access
Question # 16

When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?

A.

The amount of risk that an organization is willing to seek or accept.

B.

The extent and degree of interdependency for identified key risks.

C.

The boundaries established to manage the amount of risk taken.

D.

The exposure to risks following management's risk responses.

Full Access
Question # 17

According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?

A.

The services must be aligned with those defined in the internal audit charter.

B.

The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.

C.

The services may preclude assurance services from the consulting engagement.

D.

The services impose no responsibility to communicate information other than to the engagement client.

Full Access
Question # 18

Which of the following is an activity that an internal auditor must not perform?

A.

Establish and provide continuing assurance on an anti-money laundering program for new hires.

B.

Survey employees for their understanding of anti-money laundering practices.

C.

Provide assurance for the effectiveness of anti-money laundering training.

D.

Assess the risk of being fined for ineffective anti-money laundering practices.

Full Access
Question # 19

Which of the following is not an objective of internal control?

A.

Compliance.

B.

Accuracy.

C.

Efficiency.

D.

Validation.

Full Access
Question # 20

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster.

D.

Completing a process review to improve controls to prevent fraud.

Full Access
Question # 21

What is the primary benefit to the internal audit activity for undertaking an internal quality assessment?

A.

To help the internal audit activity complete its annual assurance plan.

B.

To identify inefficiencies within the internal audit team.

C.

To help improve the overall quality of the internal audit activity's work.

D.

To identify key risks and areas of concern within the organization.

Full Access
Question # 22

Which of the following actions best demonstrates that an internal auditor is exercising due professional care?

A.

The auditor performs thorough reviews and provides absolute assurance of regulatory compliance.

B.

The auditor is alert to the possibility of fraud and activities where irregularities are most likely to occur.

C.

The auditor recommends improvements for all of the organization's procedures and practices.

D.

The auditor is cognizant of reducing travel expenses by combining a personal vacation with a business trip.

Full Access
Question # 23

Which of the following is most likely to function as a directive control?

A.

Security dogs.

B.

Alert employees.

C.

Insurance claims.

D.

Cycle counts.

Full Access
Question # 24

A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.

Which of the following controls is correctly classified?

1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.

2. Defensive driver training is an example of a directive control.

3. The installation of tracking devices in delivery vehicles is an example of a corrective control.

4. Providing a vehicle driver handbook is an example of a detective control.

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Full Access
Question # 25

An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?

1. The organization uses an automated authority approval matrix to control payments.

2. The organization has a whistleblower hotline that is available to employees.

3. Annually, every manager completes a comprehensive fraud assessment of his or her department.

4. Annually, the organization reviews and communicates the code of expected behavior.

A.

1 and 2.

B.

1 and 3.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 26

Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?

1. Acceptance of CAATs findings by entity management.

2. Computer knowledge and expertise of the auditor.

3. Time constraints.

4. Level of audit risk.

A.

1 and 4

B.

2 and 3 only

C.

1, 2, and 3

D.

2, 3, and 4

Full Access
Question # 27

Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity's quality assessments?

A.

The internal audit activity's plan for resource allocation.

B.

The amount of the organization's potential loss prevented by the risk-based auditing of the internal audit activity.

C.

The number of audits from the annual internal audit plan that were completed last year.

D.

The qualifications and independence of the assessment Team.

Full Access
Question # 28

Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?

A.

Assign more experienced internal auditors to mentor the less experienced auditors.

B.

Send internal auditors to external trainings in advanced internal audit topics.

C.

Appraise internal auditors' performance and competencies at least annually and issue constructive feedback.

D.

Rotate internal auditors among different engagement assignments.

Full Access
Question # 29

Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

A.

The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.

B.

Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.

C.

System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.

D.

Department managers are required to perform periodic user access reviews of relevant systems and applications.

Full Access
Question # 30

A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?

A.

Control environment.

B.

Control activities.

C.

Information and communication.

D.

Monitoring activities.

Full Access
Question # 31

A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization's practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?

A.

Communication.

B.

Persuasion and collaboration.

C.

Business acumen.

D.

Governance, risk, and control.

Full Access
Question # 32

Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization's cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?

A.

Electronic funds transfer.

B.

Knowledge-based systems.

C.

Biometrics.

D.

Standardized graphical user interface.

Full Access
Question # 33

Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

A.

There is a greater need Kr organizations to rely on users to comply with policies and procedures.

B.

With fewer devices owned by the organization, there is reduced need to maintain documented policies and procedures.

C.

Incident response times are less critical in the BYOD environment. compared to a traditional environment

D.

There is greater sharing of operational risk in a BYOD environment.

Full Access
Question # 34

When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?

1. Management’s tolerance for specific risks.

2. The cost versus benefit of implementing a control.

3. Whether a control can mitigate multiple risks.

4. The ability to test the effectiveness of the control.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 35

In which of the following plans is an employee most likely to find guidance on action and performance standards?

A.

Operational plans.

B.

Tactical plans.

C.

Strategic plans.

D.

Mission plans.

Full Access
Question # 36

The following transactions and events occurred during the year:

- $300,000 of raw materials were purchased, of which $20,000 were returned because of defects

- $600,000 of direct labor costs were incurred.

- S750.000 of manufacturing overhead costs were incurred.

What is the organization's cost of goods sold for the year?

A.

$1.480.000

B.

$1 500 000

C.

$1,610.000

D.

$1650 000

Full Access
Question # 37

Which of the following are the most common characteristics of big data?

A.

Visibility, validity, vulnerability

B.

Velocity, variety volume.

C.

Complexity completeness constancy

D.

Continuity, control convenience

Full Access
Question # 38

Which of the following descriptions of the internal control system are indicators that risks are managed effectively?

1. Existing controls promote compliance with applicable laws and regulations.

2. The control environment is designed to address all identified risks to the organization.

3. Key controls for significant risks to the organization remain consistent over time.

4. Monitoring systems are in place to alert management to unexpected events.

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 39

What is the most significant potential problem introduced by just-in-time inventory systems?

A.

They require significant computer resources.

B.

They are susceptible to supply-chain disruptions.

C.

They require complicated materials-supply contracts.

D.

They prevent manufacturers from scaling up or down to meet changing demands.

Full Access
Question # 40

The cost to enter a foreign market would be highest in which of the following methods of global expansion?

A.

Joint ventures.

B.

Licensing.

C.

Exporting.

D.

Overseas production.

Full Access
Question # 41

Refer to the exhibit.

A company's financial balance sheet is presented below:

The company has net working capital of:

A.

$160

B.

$210

C.

$350

D.

$490

Full Access
Question # 42

Which of the following strategies would most likely prevent an organization from adjusting to evolving industry market conditions?

A.

Specializing in proven manufacturing techniques that have made the organization profitable in the past.

B.

Substituting its own production technology with advanced techniques used by its competitors.

C.

Forgoing profits over a period of time to gain market share from its competitors.

D.

Using the same branding to sell its products through new sales channels to target new markets.

Full Access
Question # 43

Which of the following describes a typical desktop workstation used by most employees in their daily work?

A.

Workstation contains software that prevents unauthorized transmission of information into and out of the organization's network.

B.

Workstation contains software that controls information flow between the organization's network and the Internet.

C.

Workstation contains software that enables the processing of transactions and is not shared among users of the organization's network.

D.

Workstation contains software that manages user's access and processing of stored data on the organization's network.

Full Access
Question # 44

A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:

A.

Functional departmentalization.

B.

Product departmentalization.

C.

Matrix organization.

D.

Divisional organization.

Full Access
Question # 45

All of the following are true with regard to the first-in, first-out inventory valuation method except:

A.

It values inventory close to current replacement cost.

B.

It generates the highest profit when prices are rising.

C.

It approximates the physical flow of goods.

D.

It minimizes current-period income taxes.

Full Access
Question # 46

Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management's duties with regard to this model?

A.

Ensure compliance with the model.

B.

Identify management functions.

C.

Identify emerging issues.

D.

Set goals for implementation.

Full Access
Question # 47

Which of the following statements is correct regarding corporate compensation systems and related bonuses?

1. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.

2. Compensation systems are not part of an organization's control system and should not be reported as such.

3. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.

A.

1 only

B.

2 only

C.

3 only

D.

2 and 3 only

Full Access
Question # 48

According to MA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?

A.

Report identifying data that is outside of system parameters

B.

Report identifying general ledger transactions by time and individual

C.

Report comparing processing results with original input

D.

Report confirming that the general ledger data was processed without error.

Full Access
Question # 49

According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?

  • Determine whether previous incidents have been reported, managed, and resolved.
  • Determine whether a business contingency plan exists.
  • Determine the extent of transparency in reporting.
  • Determine whether a cost/benefit analysis was performed for all related projects.

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 50

If a just-in-time purchasing system is successful in reducing the total inventory costs of a manufacturing company, which of the following combinations of cost changes would be most likely to occur?

A.

1

B.

2

C.

3

D.

4

Full Access
Question # 51

In an analysis of alternative credit-management policies, which of the following components will cause the net present value of receivables on credit sales to increase, if everything else remains constant?

A.

A tougher collections policy that reduces the bad debt loss ratio.

B.

A higher cost per unit sold.

C.

A longer average collection period.

D.

An increase in the cost of capital.

Full Access
Question # 52

According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?

A.

Key processes across the entity which impact quality must be identified and included.

B.

The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.

C.

Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.

D.

The entity must have processes for inspections, testing, measurement, analysis, and improvement.

Full Access
Question # 53

An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?

A.

Standards used for evaluation and control are determined at local subsidiaries, not set by headquarters.

B.

Orders, commands and advice are sent to the subsidiaries from headquarters.

C.

People of local nationality are developed for the best positions within their own country

D.

There is a significant amount of collaboration between headquarters and subsidiaries.

Full Access
Question # 54

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

A.

Adequate segregation of duties between data processing controls and file security controls.

B.

Documented procedures for remote job entry and for local data file retention.

C.

Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.

D.

Established procedures to prevent and detect unauthorized changes to data files.

Full Access
Question # 55

When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:

A.

Draws positive attention to the writing style.

B.

Treats all receivers with respect.

C.

Suits the method of presentation and delivery.

D.

Develops ideas without overstatement.

Full Access
Question # 56

According to IIA guidance, which of the following statements is true regarding analytical procedures?

A.

Data relationships are assumed to exist and to continue where no known conflicting conditions exist.

B.

Analytical procedures are intended primarily to ensure the accuracy of the information being examined.

C.

Data relationships cannot include comparisons between operational and statistical data

D.

Analytical procedures can be used to identify unexpected differences but cannot be used to identify the absence of differences

Full Access
Question # 57

Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:

A.

Motivation.

B.

Performance.

C.

Organizational structure.

D.

Communication.

Full Access
Question # 58

An organization engages in questionable financial reporting practices due to pressure to meet unrealistic performance targets. Which internal control component is most negatively affected?

A.

Monitoring.

B.

Control activities.

C.

Risk assessment.

D.

Control environment.

Full Access
Question # 59

Which of the following is true regarding the COSO enterprise risk management framework?

A.

The framework categorizes an organization's objectives to distinct, non overlapping objectives.

B.

Control environment is one of the framework's eight components.

C.

The framework facilitates effective risk management, even if objectives have not been established.

D.

The framework integrates with, but is not dependent upon, the corresponding internal control framework.

Full Access
Question # 60

Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?

1. Evaluate the business continuity plans for adequacy and currency.

2. Prepare a business impact analysis regarding the loss of critical business.

3. Identify key personnel who will be required to implement the plans.

4. Identify and prioritize the resources required to support critical business processes.

A.

1 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 61

Which of the following is a primary objective of the theory of constraints?

A.

Full or near capacity in processes.

B.

Smooth workflow among processes.

C.

Few or no defects.

D.

Lowered inventory levels.

Full Access
Question # 62

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Full Access
Question # 63

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Full Access
Question # 64

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 65

Which of the following is not a direct benefit of control self-assessment (CSA)?

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Full Access
Question # 66

Which of the following components should be included in an audit finding?

1. The scope of the audit.

2. The standard(s) used by the auditor to make the evaluation.

3. The engagement's objectives.

4. The factual evidence that the internal auditor found in the course of the examination.

A.

1 and 2

B.

1 and 3 only

C.

2 and 4

D.

1, 3, and 4

Full Access
Question # 67

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

A.

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.

Local law enforcement should be involved as they are more familiar with the applicable local laws.

Full Access
Question # 68

Which of the following has the greatest effect on the efficiency of an audit?

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Full Access
Question # 69

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Full Access
Question # 70

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Full Access
Question # 71

Which of the following best describes the four components of a balanced scorecard?

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Full Access
Question # 72

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Full Access
Question # 73

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Full Access
Question # 74

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Full Access
Question # 75

A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?

1. Graded positive opinion.

2. Negative assurance opinion.

3. Limited assurance opinion.

4. Third-party opinion.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 76

Which of the following factors should a chief audit executive consider when determining the audit universe?

1. Components of the organization's strategic plan.

2. Inputs from senior management and the board.

3. Views of competitors and business associates.

4. Results of exit interviews with departing employees.

A.

1 and 2 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Full Access
Question # 77

Which of the following statements about internal audit's follow-up process is true?

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit's follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Full Access
Question # 78

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

A.

Evaluate and verify management's response, and determine the need and scope for additional work.

B.

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Full Access
Question # 79

Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?

A.

Identifying and managing risks in line with the entity's risk appetite.

B.

Ensuring that a proper and effective risk management process exists.

C.

Attaining an adequate understanding of the entity's key mitigation strategies.

D.

Identifying and ensuring that appropriate controls exist to mitigate risks.

Full Access
Question # 80

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Full Access
Question # 81

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Full Access
Question # 82

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

A.

The organization's audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Full Access
Question # 83

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Full Access
Question # 84

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Full Access
Question # 85

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Full Access
Question # 86

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Full Access
Question # 87

The final internal audit report should be distributed to which of the following individuals?

A.

Audit client management only

B.

Executive management only

C.

Audit client management, executive management, and others approved by the chief audit executive.

D.

Audit client management, executive management, and any those who request a copy.

Full Access
Question # 88

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Full Access
Question # 89

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Full Access
Question # 90

Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?

A.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

B.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

C.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

D.

The audit engagement has already been communicated and approved through the annual audit plan.

Full Access