Which of the following is an example of collusion?
According to The IIA's Code of Ethics, which of the following is true?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?
1. Locking doors and physically securing inventory items.
2. Independently observing the receipt of materials.
3. Conducting monthly inventory counts.
4. Requiring the use of employee ID badges at all times.
During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?
According to The IIA's Code of Ethics, which of the following actions violates the principle of confidentiality?
Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?
Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?
Which of the following is considered a violation of The IIA's Code of Ethics?
Which of the following situations is most likely to impair internal audit objectivity?
When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?
According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?
Which of the following is an activity that an internal auditor must not perform?
Which of the following is not an objective of internal control?
Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
What is the primary benefit to the internal audit activity for undertaking an internal quality assessment?
Which of the following actions best demonstrates that an internal auditor is exercising due professional care?
Which of the following is most likely to function as a directive control?
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.
Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?
1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.
Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity's quality assessments?
Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?
Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?
A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?
A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization's practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?
Which of the following methods, if used in conjunction with electronic data interchange (EDI), will improve the organization's cash management program, reduce transaction data input time and errors, and allow the organization to negotiate discounts with EDI vendors based on prompt payment?
Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?
When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?
1. Management’s tolerance for specific risks.
2. The cost versus benefit of implementing a control.
3. Whether a control can mitigate multiple risks.
4. The ability to test the effectiveness of the control.
In which of the following plans is an employee most likely to find guidance on action and performance standards?
The following transactions and events occurred during the year:
- $300,000 of raw materials were purchased, of which $20,000 were returned because of defects
- $600,000 of direct labor costs were incurred.
- S750.000 of manufacturing overhead costs were incurred.
What is the organization's cost of goods sold for the year?
Which of the following are the most common characteristics of big data?
Which of the following descriptions of the internal control system are indicators that risks are managed effectively?
1. Existing controls promote compliance with applicable laws and regulations.
2. The control environment is designed to address all identified risks to the organization.
3. Key controls for significant risks to the organization remain consistent over time.
4. Monitoring systems are in place to alert management to unexpected events.
What is the most significant potential problem introduced by just-in-time inventory systems?
The cost to enter a foreign market would be highest in which of the following methods of global expansion?
Refer to the exhibit.
A company's financial balance sheet is presented below:
The company has net working capital of:
Which of the following strategies would most likely prevent an organization from adjusting to evolving industry market conditions?
Which of the following describes a typical desktop workstation used by most employees in their daily work?
A small furniture-manufacturing firm with 100 employees is located in a two-story building and does not plan to expand. The furniture manufactured is not special-ordered or custom-made. The most likely structure for this organization would be:
All of the following are true with regard to the first-in, first-out inventory valuation method except:
Senior management has decided to implement the Three Lines of Defense model for risk management. Which of the following best describes senior management's duties with regard to this model?
Which of the following statements is correct regarding corporate compensation systems and related bonuses?
1. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.
2. Compensation systems are not part of an organization's control system and should not be reported as such.
3. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.
According to MA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?
According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?
If a just-in-time purchasing system is successful in reducing the total inventory costs of a manufacturing company, which of the following combinations of cost changes would be most likely to occur?
In an analysis of alternative credit-management policies, which of the following components will cause the net present value of receivables on credit sales to increase, if everything else remains constant?
According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?
An organization with global headquarters in the United States has subsidiaries in eight other nations. If the organization operates with an ethnocentric attitude, which of the following statements is true?
A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:
According to IIA guidance, which of the following statements is true regarding analytical procedures?
Providing knowledge, motivating organizational members, controlling and coordinating individual efforts, and expressing feelings and emotions are all functions of:
An organization engages in questionable financial reporting practices due to pressure to meet unrealistic performance targets. Which internal control component is most negatively affected?
Which of the following is true regarding the COSO enterprise risk management framework?
Which of the following steps should an internal auditor take during an audit of an organization's business continuity plans?
1. Evaluate the business continuity plans for adequacy and currency.
2. Prepare a business impact analysis regarding the loss of critical business.
3. Identify key personnel who will be required to implement the plans.
4. Identify and prioritize the resources required to support critical business processes.
Which of the following is a primary objective of the theory of constraints?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?
Which of the following is not a direct benefit of control self-assessment (CSA)?
Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
Which of the following has the greatest effect on the efficiency of an audit?
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?
Which of the following best describes the four components of a balanced scorecard?
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
Which of the following statements about internal audit's follow-up process is true?
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?
According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
The final internal audit report should be distributed to which of the following individuals?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?