Which of the followIng would permit an internal audit activity to use the statement "conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?
Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?
Which of the following should the internal audit activity establish to ensure auditors develop the appropriate skills for conducting audits?
Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?
An internal auditor creates a professional development plan to obtain more experience in the organization's environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?
At the beginning of an IT development project key risks were identified and assessed and risk owners were appointed Six months later the IT development team reported that the project Is significantly over budget, it will not be completed on time and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?
An internal auditor found that his organization did not make a disclosure that is required by law. However, the auditor decided not to raise an audit finding. Which of the following Code of Ethics principles was violated?
A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?
Which of the following statements is true regarding the importance of risk management?
Management decided to post the organization's newly established code of conduct on its website. This decision is primarily intended to mitigate which of the following risks?
When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity's assurance over risk management?
According to IIA guidance, which of the following is an appropriate role for the internal audit activity?
Which of the following frauds is most likely to occur in the accounts payable function?
Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?
With regard to the internal audit activity's quality assurance and improvement program, which of the following topics would the chief audit executive include on the quarterly board meeting agenda?
During an audit of an organization's accounts payable area, an internal auditor identified anomalies in the information examined that may indicate potential fraud. Which test should the auditor perform first to verify this?
Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?
A financial services organization's board is assessing increased regulations and its effect on current industry lending practices. Which of the following committees would help the board identify and assess the effects of the increased regulations?
Which of the following requests, if accepted by the internal audit activity, would impair its independence?
A telecommunications organization is planning to cease operations in one or the markets in which it operates due to increasing volatility and uncertainties. Which of the following risk management techniques is the organization selecting?
According to IIA guidance, which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?
The CEO has delegated several responsibilities to the internal audit activity. Which of the following directives should concern the chief audit executive the most?
What is the main difference between a consulting engagement versus an assurance engagement?
Which of the following is an indicator of ineffective third-party risk management?
Which of the following is a control that is used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a web-enabled application?
Which risk management activity would cause the internal auditor to assume a management responsibility?
Which of the following best demonstrates the application of due professional care?
Which of the following is (he most effective way any organization can ensure proper governance over its internal controls?
When testing a sample of payroll records during an engagement, an internal auditor suspects mat fraud has been committed. What should be the next step?
A new company’s risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?
Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?
A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?
Which of the following statements is true regarding the quality assurance and improvement program (QAIP)?
In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?
Which of the following best describes the board’s role in establishing effective organizational governance?
Which of the following is an example of an impairment to an internal auditor's independence?
An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?
Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?
The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?
With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity'?
Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?
An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?
Which of the following would be a red flag for potential issues in the control environment?
An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?
According to IIA guidance, which of the following is a required aspect of an internal audit charter?
Which of the following is most accurate concerning corporate social responsibility?
Which of the following is the best way for an internal auditor to demonstrate due professional care?
Which of the following should be implemented to promote independence of the internal audit activity?
The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?
Which of the following best demonstrates conformance with IIA standards related to continuing professional development?
Which of the following is a legitimate requirement for an internal audit activity’s quality assurance and improvement program (QAIP)?
According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?
The organization's internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?
Which of the following represents an example of an ethical issue that the organization should address'?
Which of the following characteristics is typical of the internal audit activity?
Which of the following is most likely to impair the organizational independence of the internal audit activity?
Which of the following activities best demonstrates an internal auditor’s commitment to developing professional competencies?
Which of the following would be included in quality assurance and improvement program (QAIP) reporting?
Which of the following statements is true regarding organizational culture and an audit of the control environment?
According to IIA guidance, which of the following threats to objectivity is described as familiarity'?
An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?
According to IIA guidance, which of the following statements is true regarding internal auditors' knowledge, skills and other competencies?
According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?
The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member’s suggestion is adopted?
Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?
Which of the following needs to be established prior to undertaking an assessment of the quality assurance and improvement program?
Which of the following must be in existence as a precondition to developing an effective system of internal controls?
Which of the following controls would best mitigate the risk of fraud in the bidding process?
Which of the following scenarios would most significantly restrict the areas where internal audit could perform assurance services?
According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?
A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?
When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?
1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management
reporting and the negative consequences of intentional misreporting.
3. Setting up a hotline for employees to report fraudulent behavior anonymously,
4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.
Which of the following best demonstrates internal auditors performing their work with proficiency?
Which of the following best describes the risk contained in an initial public offering for a new stock?
A multinational organization has asked the internal audit activity to assist in setting up the organization’s risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?
Which of the following situations is most likely to heighten an internal auditor's professional skepticism regarding potential fraud?
Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large
organization?
At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).
However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?
If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?
A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?
Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?
Which of the following statements is true with regard to services provided by the internal audit activity?
While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?
Which of the following is most likely to be considered a control weakness?
In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?
In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?
An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?
Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework. According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?
Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
A description of their job responsibilities,
Which of the following factors is most important for internal auditors to consider when prioritizing fraud risks?
Which of the following best illustrates the application of due professional care during an audit of the procurement department?
Which of the following processes does the board manage to ensure adequate governance?
Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?
An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?
Which of the following options describes the reason that conformance with The IIA's Code of Ethics is mandatory for internal auditors?
During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control's design?
Which of the following organizations has reached the most mature level of corporate social responsibility?
Management of an area under review is aggressive, upset, and questioning the knowledge and experience of the organization's internal auditors, as the audit results highlight critical findings. The relationship between the internal audit activity and management has continued to degenerate. as previous audit reports also showed a large number of issues. What would be the best strategy for working through the current audit results while also attempting to repair the relationship with management?
What is expected of internal auditors in regards to due professional care?
It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?
Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?
Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?
A chief audit executive (CAE) was asked by senior management to establish and manage a risk management function. A new chief risk officer was hired a year later to assume these responsibilities. As this function was included in the current annual audit plan, the CAE engaged an external resource for a risk management engagement. Which of the following potential threats to objectivity was the CAE likely addressing?
IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?
Which of the following actions best demonstrates an internal auditor exercising due professional care?
An organization’s board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively Which of !he following areas is the board seeking to improve by making this change?
In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity's QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity's current state of conformance with the Standards?
Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?
An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?
The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement. Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?
Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?
An internal auditor assessed that the risk of steel theft at a plant is high. In response, the plant's management introduced a number of controls, including fences around the facility, a metal detector at the entrance, and monthly steel inventory counts. If the controls operate as intended, which of the following outcomes would the internal auditor hope to see?
Which of the following statements best describes how the internal audit activity obtains reasonable assurance that significant risks in the organization are identified and assessed?
Which of the following should play a leading role in overseeing the ethical atmosphere of an organization?
As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?
An organization's board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?
Which of the following demonstrates that the internal audit activity exercises due professional care?
Which of the following concepts is emphasized in the Mission of Internal Audit?
What is an appropriate first step in an internal auditor’s fraud risk assessment to evaluate how the organization manages such risk?
Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?
Which of the following statements is true regarding an organization's code of ethics?
Which of the following scenarios demonstrates an impairment to internal audit independence?
According to MA guidance, which of the following is an appropriate role for the internal audit activity?
Which of the following is a key determinant used by external auditors to decide whether they can rely on work performed by the internal audit activity?
A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?
During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?
The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?
Which of the following is an appropriate roe fa the internal audit activity?
Which of the following would most likely be classified as a consulting engagement?
Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?
According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?
An accounts payable clerk who has access to the vendor master file replaced the payment details of a legitimate vendor with those of a friend before processing the payment through the organization's cashier. Immediately afterward, he restored the original vendor information. Which of the following controls could have prevented this fraud?
According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?
According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?
A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.
Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?
Which of the following is a primary responsibility of senior management with respect to ethical violations?
A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE's best response?
Which of the following is the first step in the process of identifying relevant fraud risk factors?
During an assurance engagement internal auditors interview operational management to gather and evaluate information. Which approach is most important for internal auditors to be able to listen effectively to interviewees in the given situation?
Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?
Which of the following is true regarding the use of a formal risk management framework?
1. It facilitates a methodical approach to risk mitigation.
2. It defines and standardizes the terminology used in risk communication.
3. It establishes the risk tolerance levels to be accommodated in the strategy.
4. It facilitates the alignment of risk mitigation strategies with management priorities.
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?
According to The IIA’s Code of Ethics, which of the following scenarios offers the best example of violating the principle of integrity?
A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization's stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?
The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?
Due to the increased operational responsibility of the CEO the chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO) What is the likely impact of such a situation?
During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?
Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?
Which of the following statements is most likely to be true regarding a consulting engagement involving an organization's new payroll system?
According to The IIA’s Code of Ethics, which of the following statements is true?
According to IIA guidance, which of the following statements is true regarding ISO 31000?
An internal auditor has suspicions that some fictitious vendors have been created in the organization's computer system. Which of the following would be the best technique to detect this fraud?
Which of the following situations undermines the independence of the internal audit activity?
Which of the following conditions classifies an engagement as a consulting service provided by the internal audit activity?
Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?
Which of the following best describes the type of organizational culture known as adaptability culture'?
The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?
Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity'?
An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?
An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?
According to IIA guidance, which of the following statements is true regarding the internal audit activity’s responsibilities in providing consulting services?
A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?
An engagement supervisor noticed that a newly hired internal auditor struggles with large data samples because he appears reluctant to apply available spreadsheet statistical functions and tends to perform testing of transactions manually In which of the following areas does the internal auditor most likely need training?
The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?
During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management's request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?
Which of the following is the best example of a risk appetite statement concerning an investment portfolio?
Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?
To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?
Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?
According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?
According to NA guidance which of the following should be documented in the internal audit chatter?
When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?
Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?
The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor's name is similar to that of the procurement manager, some staff members think the two are related, although they are not. Which of the following actions is most appropriate for the CAE to take?
An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?
Which of the following statements best describes internal auditors' role in fraud detection?
Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?
To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?
Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?
Which of the following best demonstrates organizational independence of the internal audit activity?
During an audit of the purchasing department, an internal auditor identifies significant issues that could affect the organization's financial reporting. Management disagrees with the audit results. Which of the following responses best demonstrates the internal auditor has the necessary competencies related to professional Judgment and conflict management?
Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?
According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?
An internal audit activity is taking steps to promote professional development among the staff, and is in the process of implementing a mentorship program. According to HA guidance, which of the following is important for a successful mentorship program?
During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor's review and approval. Which of the following would be an appropriate course of action for the auditor to take?
According to the Standards, which of the following demonstrates the proficiency of an internal auditor?
According to MA guidance, which of the following is the most accurate statement regarding the internal audit charter?
A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?
According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?
Which of the following best describes the differences between internal auditors and external auditors?
Which of the following would be considered an indicator that an organization's ethics program is not yet well developed?
Which of the following is considered to be a threat to the internal auditor's objectivity?
An engagement supervisor noted that an internal auditor's personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner's area. According to MA guidance, which of the following should be used to manage this impairment?
Why is it imperative for the chief audit executive to track and develop the educational qualifications of internal audit staff?
Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?