Weekend Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-CIA-Part1 Questions and Answers

Question # 6

Which of the followIng would permit an internal audit activity to use the statement "conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?

A.

The result of a quality assurance and improvement program confirm there are no material issues.

B.

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

Full Access
Question # 7

Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?

A.

The quality assurance and improvement program identified several opportunities for the internal audit activity to make improvements.

B.

In lieu of an external assessment, the internal audit activity performed a self-assessment with independent external validation.

C.

During an internal quality assessment, it was identified that rotational auditors often perform consulting engagements for areas of the organization where they had previous responsibilities.

D.

External assessments are performed every five years by a competent internal audit team from the organization's parent company.

Full Access
Question # 8

Which of the following should the internal audit activity establish to ensure auditors develop the appropriate skills for conducting audits?

A.

An audit charter that includes the internal audit activity mission and vision

B.

A policy encouraging audit staff to earn certifications

C.

A quality assurance and improvement program to address audit risk areas

D.

An internal audit plan that links engagements to strategic objectives

Full Access
Question # 9

Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?

A.

The profitability impact of its products in developing markets.

B.

The amount of political donations to local government races.

C.

The number of complaints related to traffic from its new factory.

D.

The compensation packages awarded to senior management.

Full Access
Question # 10

An internal auditor creates a professional development plan to obtain more experience in the organization's environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization's committee meeting that is focused on strategic community awareness.

Full Access
Question # 11

At the beginning of an IT development project key risks were identified and assessed and risk owners were appointed Six months later the IT development team reported that the project Is significantly over budget, it will not be completed on time and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

A.

Risk response.

B.

Risk assessment

C.

Risk monitoring.

D.

Risk avoidance.

Full Access
Question # 12

An internal auditor found that his organization did not make a disclosure that is required by law. However, the auditor decided not to raise an audit finding. Which of the following Code of Ethics principles was violated?

A.

Objectivity.

B.

Integrity.

C.

Proficiency.

D.

Confidentiality.

Full Access
Question # 13

A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?

A.

Independent assessments.

B.

Continuous monitoring.

C.

Business continuity and backups.

D.

Organization wide objectives.

Full Access
Question # 14

Which of the following statements is true regarding the importance of risk management?

A.

Risk management ensures the ability to eliminate potential hazards to the organization.

B.

Risk management includes consideration of potential opportunities for the organization.

C.

Risk management aids with the establishment of appropriate key performance indicators.

D.

Risk management increases employees' commitment and belief in strategic goals.

Full Access
Question # 15

Management decided to post the organization's newly established code of conduct on its website. This decision is primarily intended to mitigate which of the following risks?

A.

Accountability risk.

B.

Communication risk.

C.

Knowledge risk.

D.

Cultural risk.

Full Access
Question # 16

When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity's assurance over risk management?

A.

The chief audit executive.

B.

A member of the compliance function.

C.

A party outside of the internal audit activity.

D.

A member of the risk management function.

Full Access
Question # 17

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management's behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Full Access
Question # 18

Which of the following frauds is most likely to occur in the accounts payable function?

A.

Factitious vendors are entered into the system, possibly resulting in improper disbursements.

B.

Bad debt expense is intentionally omitted from the financial statements.

C.

Certain costs are capitalized, rather than expensed.

D.

A related party receives benefits not appropriate in an arm's-length transaction.

Full Access
Question # 19

Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?

A.

The internal audit activity used a risk-based approach to create the internal audit plan.

B.

The engagement supervisor considered requests from senior management regarding engagements to include in the internal audit plan.

C.

The CAE only accepted engagements that the internal audit activity collectively had the knowledge to perform.

D.

The area under review restricted the internal audit activity's ability to access records, impacting the audit results.

Full Access
Question # 20

With regard to the internal audit activity's quality assurance and improvement program, which of the following topics would the chief audit executive include on the quarterly board meeting agenda?

A.

The scope and frequency of both internal and external quality assessments.

B.

The list of audit engagements that will be assessed during the year.

C.

The number and qualifications of internal audit staff members assigned to perform internal assessments during the year.

D.

The compensation structure of the qualified assessment team.

Full Access
Question # 21

During an audit of an organization's accounts payable area, an internal auditor identified anomalies in the information examined that may indicate potential fraud. Which test should the auditor perform first to verify this?

A.

Verify the completeness and integrity of the data being analyzed.

B.

Identify duplicated organizational transactions.

C.

Analyze all transactions within the targeted area.

D.

Check control totals that have may have been falsified.

Full Access
Question # 22

Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?

A.

The chief audit executive (CAE) shall report directly to the board and administratively to the CEO.

B.

The CAE shall provide senior management and the board with performance updates quarterly.

C.

The internal audit team shall have full access to the organization's records, physical property, and personnel required to conduct audit engagements.

D.

The internal audit activity shall maintain a quality assurance and improvement program in conformance with the Standards.

Full Access
Question # 23

A financial services organization's board is assessing increased regulations and its effect on current industry lending practices. Which of the following committees would help the board identify and assess the effects of the increased regulations?

A.

Quality committee.

B.

Audit committee.

C.

Risk committee.

D.

Governance committee.

Full Access
Question # 24

Which of the following requests, if accepted by the internal audit activity, would impair its independence?

A.

A request to develop workshops on corporate governance for management.

B.

A request to act as liaison with external auditors.

C.

A request to determine appropriate risk management responses for management.

D.

A request to provide counseling services on ethical matters.

Full Access
Question # 25

A telecommunications organization is planning to cease operations in one or the markets in which it operates due to increasing volatility and uncertainties. Which of the following risk management techniques is the organization selecting?

A.

Risk acceptance.

B.

Risk avoidance.

C.

Risk sharing.

D.

Risk reduction.

Full Access
Question # 26

According to IIA guidance, which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance.

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management.

D.

At the board's discretion, the frequency of external assessments can exceed the five-year guideline.

Full Access
Question # 27

The CEO has delegated several responsibilities to the internal audit activity. Which of the following directives should concern the chief audit executive the most?

A.

Internal auditors shall perform engagement-level risk assessments

B.

Internal auditors shall perform risk management activities.

C.

Internal auditors shall perform risk-based engagements

D.

Internal auditors shall perform organization wide risk assessments

Full Access
Question # 28

What is the main difference between a consulting engagement versus an assurance engagement?

A.

The nature of services provided are defined in the internal audit charter.

B.

Internal auditors must maintain objectivity while performing their work.

C.

The objectives and scope of the engagement typically are directed by management.

D.

Internal auditors may assume management responsibilities.

Full Access
Question # 29

Which of the following is an indicator of ineffective third-party risk management?

A.

Sourcing of third parties does not follow public procurement law.

B.

Violations of service conditions trigger either fines or termination.

C.

Due diligence of third parties is conducted only after contract signing.

D.

The right-to-audit clause is limited by personal data protection regulations.

Full Access
Question # 30

Which of the following is a control that is used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a web-enabled application?

A.

General IT control.

B.

Processing control.

C.

Input control

D.

Integrity control

Full Access
Question # 31

Which risk management activity would cause the internal auditor to assume a management responsibility?

A.

Assessing management's acceptance of risk.

B.

Reviewing a cybersecurity risk report issued by management.

C.

Developing a list of emerging risks for management.

D.

Prioritizing risks for management.

Full Access
Question # 32

Which of the following best demonstrates the application of due professional care?

A.

An engagement supervisor requests that the employment of a process owner be terminated due to a significant control failure.

B.

An audit lead establishes internal audit manuals to guide the internal audit activity on now to undertake audit engagements.

C.

An audit manager provides a guarantee to senior management that internal controls relating to an audited process operate effectively.

D.

An organization's internal audit activity operates under a direct reporting structure to tie audit committee of the board

Full Access
Question # 33

Which of the following is (he most effective way any organization can ensure proper governance over its internal controls?

A.

By adopting the best practices of similar organizations in the industry.

B.

By adjusting their internal control framework as business practices evolve.

C.

By introducing the universally accepted COSO internal control framework.

D.

By encouraging the internal audit activity to provide training on internal controls.

Full Access
Question # 34

Which of the following relates to the concept of due professional care?

A.

An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.

B.

The appointment of the chief audit executive is ratified by the board.

C.

An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.

D.

The internal audit resource plan is only approved by the chief financial officer.

Full Access
Question # 35

When testing a sample of payroll records during an engagement, an internal auditor suspects mat fraud has been committed. What should be the next step?

A.

The auditor should increase the sample size to determine the extent ol the fraud.

B.

The suspicions should be communicated to the chief audit executive.

C.

The testing should be completed with the results reported in the final audit report.

D.

A fraud investigator should examine the evidence and report back to the auditor.

Full Access
Question # 36

A new company’s risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?

A.

Start building a cybersecurity culture and set the desired behavior using a bottom-up approach

B.

Determine the cybersecurity framework that will establish and report on the effectiveness of the program

C.

Define the cybersecurity risk appetite and perform a cost-benefit analysis of the program

D.

Raise cybersecurity awareness across various departments outside of the IT department

Full Access
Question # 37

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Full Access
Question # 38

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Full Access
Question # 39

Which of the following statements is true regarding the quality assurance and improvement program (QAIP)?

A.

Reporting on the QAIP to the board should occur at least once every five years

B.

The responsibility for the selection of an external assessor rests with the board

C.

The qualifications of the assessors must be communicated to the board

D.

The reporting of outcomes of the QAIP can be delegated to senior audit staff

Full Access
Question # 40

In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

A.

An assessment of compliance of individual data protection procedures with data protection regulations

B.

An assessment of profit and loss generated by financial assets and instruments in the past quarter

C.

An assessment of the effectiveness of back-up procedures and execution of business recovery plans

D.

An assessment of performance management practices and establishment of key performance indicators

Full Access
Question # 41

Which of the following best describes the board’s role in establishing effective organizational governance?

A.

The board is involved in approving operational policy

B.

The board monitors key processes and procedures

C.

The board has oversight responsibility for organizational resources

D.

The board approves management's detailed plans and objectives

Full Access
Question # 42

Which of the following is an example of an impairment to an internal auditor's independence?

A.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

B.

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

C.

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

D.

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Full Access
Question # 43

An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?

A.

Opportunity

B.

Pressure

C.

Rationalization

D.

Justification

Full Access
Question # 44

Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?

A.

Transaction testing, mapping and flowcharting is applicable while testing such controls

B.

Breakdowns in the these types of controls have historically led to fraudulent financial reporting

C.

Such controls can be defined as inherently ob)ective and tangible elements of control

D.

From an audit perspective it is significantly easier to assess ethical values than segregation of duties

Full Access
Question # 45

The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?

A.

The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.

B.

The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.

C.

The assigned internal auditor must not assume management responsibilities while performing the engagement

D.

The assigned internal auditor must maintain objectivity while performing the engagement.

Full Access
Question # 46

With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity'?

A.

Assess compliance with the organization's code of conduct

B.

Oversee the governance and risk management processes

C.

Initiate new organizational control processes

D.

Provide advice on organizational governance activities

Full Access
Question # 47

Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?

A.

Authority and responsibility of the internal audit activity

B.

Hours and sources of continuing professional education

C.

Scope and frequency of both the internal and external assessments

D.

independence and objectivity impairments of the CAE

Full Access
Question # 48

According to ISO 31000, which of the following statements is correct?

A.

The board is responsible for setting the organizational attitude through tone at the top,

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities,

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Full Access
Question # 49

An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

A.

If it is an assurance engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible

C.

If it is a consulting engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement accept the assignment becausethe chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned

Full Access
Question # 50

Which of the following would be a red flag for potential issues in the control environment?

A.

Segregation of duties during preparation of the financial statements

B.

Compensation structures that are based on commissions

C.

A low rate of turnover in key financial positions

D.

The presence of a whistleblower policy and fraud hotlinea

Full Access
Question # 51

An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?

A.

Risk avoidance

B.

Risk reduction

C.

Risk sharing

D.

Risk acceptance

Full Access
Question # 52

According to IIA guidance, which of the following is a required aspect of an internal audit charter?

A.

Management approval

B.

Independent review

C.

Reporting relationships

D.

Quarterly assessment

Full Access
Question # 53

Which of the following is most accurate concerning corporate social responsibility?

A.

A moral agent in an organization makes decisions that are based on the rules and regulations of the organization as they apply to human resources decisions

B.

The utilitarian approaching deciding on ethical dilemmas is concerned with choosing the simplest solution that will apply to the most people

C.

Ethics are not defined by laws but they are not a matter of free choice ethics are based on standards of conduct derived from shared principles and values

D.

The individualism approach to ethical decision making is focused on implementing a customized long-term outcome that is most beneficial for the entire organization

Full Access
Question # 54

Which of the following is the best way for an internal auditor to demonstrate due professional care?

A.

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.

Seek feedback from the engagement supervisor during the engagement

C.

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.

Request and receive client feedback surveys during the engagement

Full Access
Question # 55

Which of the following should be implemented to promote independence of the internal audit activity?

A.

Internal auditors do not review an area where they previously worked

B.

The internal audit charter is reviewed and updated annually

C.

The chief audit executive reports functionally to the board

D.

Management does not influence the consulting services provided by the internal audit activity

Full Access
Question # 56

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Full Access
Question # 57

Which of the following best demonstrates conformance with IIA standards related to continuing professional development?

A.

Retaining evidence of training in the form of continuing education credits

B.

Seeking guidance regarding internal audit best practices from The IIA

C.

Retaining supervisory reviews conducted on the basis of the development plan

D.

Giving consideration to certain areas of specialization as part of development planning

Full Access
Question # 58

Which of the following is a legitimate requirement for an internal audit activity’s quality assurance and improvement program (QAIP)?

A.

Quality assessments should be performed by individuals with sufficient knowledge of the internal audit practices

B.

External quality assessments should be conducted every seven years

C.

All quality assessments should be either conducted or validated by an independent assessment team

D.

The results of the QAIP should be communicated to shareholders annually

Full Access
Question # 59

According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

A.

The CAE seeks senior management approval of the internal audit charter

B.

The CAE obtains senior management's approval to hire staff

C.

The CAE reports significant issues to the organization's CEO

D.

The CAE provides the board with an annual budget for approval

Full Access
Question # 60

The organization's internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Full Access
Question # 61

Which of the following represents an example of an ethical issue that the organization should address'?

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Full Access
Question # 62

Which of the following characteristics is typical of the internal audit activity?

A.

Serves third parties that need reliable financial information from audit engagements

B.

Responds to the needs and desires of senior management and the board, but remains independent of areas under review

C.

Ensures the organization complies with laws and regulations in the area under review

D.

Is completely independent of senior management, the board and the area under review

Full Access
Question # 63

Which of the following is most likely to impair the organizational independence of the internal audit activity?

A.

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Full Access
Question # 64

Which of the following activities best demonstrates an internal auditor’s commitment to developing professional competencies?

A.

Requesting to be part of all engagements on the annual audit plan.

B.

Attending a series of locally offered training courses.

C.

Completing a skills assessment and development plan for targeted training needs,

D.

Attending a webinar on how to use data analytics

Full Access
Question # 65

Which of the following would be included in quality assurance and improvement program (QAIP) reporting?

A.

Descriptions of standardized work practices.

B.

Outcomes of internal audit key performance indicators.

C.

Conformance of individual engagements with the Standards,

D.

Annual summaries of consulting and audit engagements.

Full Access
Question # 66

Which of the following statements is true regarding organizational culture and an audit of the control environment?

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Full Access
Question # 67

According to IIA guidance, which of the following threats to objectivity is described as familiarity'?

A.

An internal auditor is a close friend or relative of the manager or an employee of the audit client

B.

An internal auditor has a long-term business relationship with the audit client.

C.

An internal auditor has an economic stake in the performance of the organization

D.

An internal auditor is exposed to or perceived to be exposed to pressures from external parties

Full Access
Question # 68

An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?

A.

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes wifi provide depth and add more value.,

B.

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.

If it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value.

D.

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned.

Full Access
Question # 69

According to IIA guidance, which of the following statements is true regarding internal auditors' knowledge, skills and other competencies?

A.

The chief audit executive (CAE) must obtain competent advice and assistance if the internal audit activity lacks the knowledge, skills, or other competencies needed to complete the audit engagement

B.

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization and should have the expertise of a fraud investigator

C.

Internal auditors need to have basic knowledge of key IT risks and controls and available technology-based audit techniques in order to perform their assigned work

D.

The CAE must refuse a consulting engagement if the internal audit activity lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement

Full Access
Question # 70

According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

A.

Developing policies and procedures for the internal audit activity.

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors.

Full Access
Question # 71

The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member’s suggestion is adopted?

A.

Due professional care.

B.

Internal audit objectivity.

C.

Risk management assurance.

D.

Professional development.

Full Access
Question # 72

Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?

A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices.

Full Access
Question # 73

Which of the following needs to be established prior to undertaking an assessment of the quality assurance and improvement program?

A.

Department performance standards.

B.

Remediation timeframes.

C.

Nonconformance disclosures.

D.

External assessment resources

Full Access
Question # 74

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A.

A monitoring process,

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Full Access
Question # 75

Which of the following controls would best mitigate the risk of fraud in the bidding process?

A.

Have a bidding committee open the tender bids.

B.

Restrict the time to submit tender bids.

C.

Keep minutes of pre-bid meetings.

D.

Allow the higher tenders to rebid.

Full Access
Question # 76

Which of the following scenarios would most significantly restrict the areas where internal audit could perform assurance services?

A.

Regulators mandate specific audit engagements to be included in the audit plan.

B.

The internal audit activity reports functionally to the chief financial officer

C.

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

D.

The internal audit activity reports administratively to the chief financial officer.

Full Access
Question # 77

According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed,

C.

The organization establishes effective governing body oversight,

D.

Audit assignments are rotated among internal audit staff

Full Access
Question # 78

A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?

A.

The board should ask the internal audit activity to perform additional assurance engagements.

B.

A comprehensive fraud risk assessment and management program should be carried out.

C.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

D.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

Full Access
Question # 79

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Full Access
Question # 80

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Full Access
Question # 81

Which of the following best describes the risk contained in an initial public offering for a new stock?

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Full Access
Question # 82

A multinational organization has asked the internal audit activity to assist in setting up the organization’s risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

A.

Coordinate and facilitate risk workshops for management to attend.

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk indicators and mitigation plans for management to implement

D.

Determine the number of significant risks for management to report to the board.

Full Access
Question # 83

Which of the following situations is most likely to heighten an internal auditor's professional skepticism regarding potential fraud?

A.

A procurement manager does not have the expected academic credentials for his position.

B.

A salesperson frequently complains about the organization's policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions.

D.

A financial accountant is absent from work frequently due to regular medical procedures.

Full Access
Question # 84

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large

organization?

A.

The internal assessment results should be discussed once every five years,

B.

The rating conclusions and the impact from results of the external assessment should be explained,

C.

The results of the external assessment should be discussed every seven years,

D.

The qualifications and independence of the internal assessment team should be discussed

Full Access
Question # 85

At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Full Access
Question # 86

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity’s position within the organization in an audit charter.

Full Access
Question # 87

If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

A.

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.

Immediately inform senior management and the board of the suspected fraud.

C.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

Full Access
Question # 88

A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?

A.

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

B.

Standard training for each employee, including internal auditors, is 10 hours per year.

C.

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

D.

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

Full Access
Question # 89

Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?

A.

Complete a skills assessment of the internal audit activity based on. The IIA Global Internal Audit Competency Framework.

B.

Develop a competency assessment tool for the internal audit activity based on The IIA Global Internal Audit Competency Framework.

C.

Incorporate the basic criteria for competency of the internal audit activity into the job descriptions of potential internal auditors,

D.

Develop an internal audit activity plan for training internal auditors to perform required assurance and consulting activities.

Full Access
Question # 90

Which of the following statements is true with regard to services provided by the internal audit activity?

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Full Access
Question # 91

While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?

A.

Proceed with the audit engagement, but do not include the relative's information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative is a customer.

D.

Immediately withdraw from the audit engagement.

Full Access
Question # 92

Which of the following is most likely to be considered a control weakness?

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Full Access
Question # 93

In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

A.

Investigation of health and safety incidents.

B.

Auditing of controls and management systems.

C.

Communication of disclosures and external reporting,

D.

Involvement in focus groups and complaint management

Full Access
Question # 94

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Full Access
Question # 95

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

A.

The CAE previously undertook a consulting assignment in that area to improve processes,

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Full Access
Question # 96

An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Full Access
Question # 97

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Full Access
Question # 98

Which of the following is an example of a detective control?

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Full Access
Question # 99

Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework. According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

A.

Everyone in the agency has a primary responsibility for identifying and managing risks as part of the risk management process.

B.

The risk management process, while evaluating risk, should develop a mechanism to rank the relative importance of each risk.

C.

The risk management process should be regularly reviewed and respond to changes in the environment, to remain relevant.

D.

The risk management process should use a formal technique to consider the consequence and likelihood of each risk.

Full Access
Question # 100

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Full Access
Question # 101

Which of the following factors is most important for internal auditors to consider when prioritizing fraud risks?

A.

The organization’s code of conduct.

B.

The organization’s competition.

C.

The organization’s code of ethics.

D.

The organization’s culture

Full Access
Question # 102

Which of the following best illustrates the application of due professional care during an audit of the procurement department?

A.

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.

B.

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’s

reasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

C.

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

D.

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management's declaration, the internal auditor determined that the procurement process was effective.

Full Access
Question # 103

Which of the following processes does the board manage to ensure adequate governance?

A.

Establish and measure performance objectives for the internal audit activity.

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization.

D.

Develop strategies to mitigate the risks to achieving the organization’s objectives

Full Access
Question # 104

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

A.

ISO 26000.

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework

Full Access
Question # 105

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?

A.

Management’s acceptance of inadequate controls for cybersecurity risk.

B.

Discussions with senior management relating to a new revenue stream.

C.

Mitigating controls implemented by the engagement supervisor

D.

Project manager planned hours versus time spent for all prior year projects

Full Access
Question # 106

Which of the following options describes the reason that conformance with The IIA's Code of Ethics is mandatory for internal auditors?

A.

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization's risk management.

C.

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity's findings.

D.

The internal audit activity's ethical compliance sets the tone for the ethical compliance by the organization's board, management, and employees.

Full Access
Question # 107

During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control's design?

A.

Flowchart of the vendor addition process.

B.

Independent confirmations sent to vendors.

C.

Analysis of the control's costs and benefits.

D.

Interview with management of the procurement function.

Full Access
Question # 108

Which of the following organizations has reached the most mature level of corporate social responsibility?

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Full Access
Question # 109

Management of an area under review is aggressive, upset, and questioning the knowledge and experience of the organization's internal auditors, as the audit results highlight critical findings. The relationship between the internal audit activity and management has continued to degenerate. as previous audit reports also showed a large number of issues. What would be the best strategy for working through the current audit results while also attempting to repair the relationship with management?

A.

Take an accommodating approach and change the overall rating of the audit report.

B.

Take a compromising approach by modifying the tone of the report, while maintaining the critical findings.

C.

Take an assertive approach and be persistent in attempting to convince the director.

D.

Take an assisting approach and offer to assist with the implementation of action plans.

Full Access
Question # 110

What is expected of internal auditors in regards to due professional care?

A.

Auditors perform assurance services without regard to cost

B.

Auditors perform assurance services effectively to identify all risks

C.

Auditors perform assurance services needed to achieve the engagement's objectives

D.

Auditors perform assurance services to guarantee all significant risks will be addressed

Full Access
Question # 111

It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?

A.

The cost-benefit relationship of planned audits.

B.

Proficiency needed to carry out engagements.

C.

Achievement of the objectives of internal control.

D.

Quantity of the audits performed.

Full Access
Question # 112

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Full Access
Question # 113

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Full Access
Question # 114

A chief audit executive (CAE) was asked by senior management to establish and manage a risk management function. A new chief risk officer was hired a year later to assume these responsibilities. As this function was included in the current annual audit plan, the CAE engaged an external resource for a risk management engagement. Which of the following potential threats to objectivity was the CAE likely addressing?

A.

Self-review threat.

B.

Advocacy threat.

C.

Familiarity threat.

D.

Personal relationship threat.

Full Access
Question # 115

IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?

A.

Knowledge’s kills gap

B.

Monitoring gap

C.

Accountability/reward failure

D.

Communication failure

Full Access
Question # 116

Which of the following actions best demonstrates an internal auditor exercising due professional care?

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Full Access
Question # 117

An organization’s board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively Which of !he following areas is the board seeking to improve by making this change?

A.

Internal audit authority.

B.

Internal audit reporting structure.

C.

Internal audit independence and objectivity.

D.

Internal audit interaction with the board

Full Access
Question # 118

In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity's QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity's current state of conformance with the Standards?

A.

Conformance with the Standards.

B.

Nonconformance with the Standards

C.

Unable to determine conformance with the Standards.

D.

Partial conformance with the Standards

Full Access
Question # 119

Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

A.

Determining whether management measures and monitors the costs and benefits of controls.

B.

Providing training on controls and ongoing self-monitoring processes.

C.

Developing flowcharts to obtain information about control design adequacy.

D.

Identifying objectives and the risks involved in achieving them.

Full Access
Question # 120

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Full Access
Question # 121

The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement. Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?

A.

Chief audit executive.

B.

Senior management.

C.

The forensic accountant.

D.

The legal department.

Full Access
Question # 122

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Full Access
Question # 123

An internal auditor assessed that the risk of steel theft at a plant is high. In response, the plant's management introduced a number of controls, including fences around the facility, a metal detector at the entrance, and monthly steel inventory counts. If the controls operate as intended, which of the following outcomes would the internal auditor hope to see?

A.

The inherent risk will be mitigated to a level lower than the residual risk.

B.

The inherent risk will be reduced to an acceptable level.

C.

The residual risk will be reduced to an acceptable level.

D.

The residual risk will be eliminated

Full Access
Question # 124

Which of the following statements best describes how the internal audit activity obtains reasonable assurance that significant risks in the organization are identified and assessed?

A.

The internal auditors review the organization's strategic plan, business plan, and policies, and have discussions with the board and senior management.

B.

The internal auditors evaluate the adequacy and timeliness of management's reporting of risk management results.

C.

The internal auditors interview staff at various levels and determine whether the organization's objectives, significant risks, and risk appetite are articulated sufficiently.

D.

The internal auditors review recently completed risk assessments and related reports issued by senior management, external auditors, and other sources.

Full Access
Question # 125

Which of the following should play a leading role in overseeing the ethical atmosphere of an organization?

A.

Internal audit activity

B.

Operating management

C.

Senior management

D.

Board of directors

Full Access
Question # 126

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

A.

The organization's board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Full Access
Question # 127

An organization's board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?

A.

The risk response.

B.

The risk tolerance.

C.

The residual risk.

D.

The inherent risk.

Full Access
Question # 128

Which of the following demonstrates that the internal audit activity exercises due professional care?

A.

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.

A self-assessment is conducted through the quality assurance and improvement program every five years

C.

Internal auditors are required to give absolute assurance of regulatory compliance

D.

The chief audit executive reports functionally to the board

Full Access
Question # 129

Which of the following concepts is emphasized in the Mission of Internal Audit?

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Full Access
Question # 130

What is an appropriate first step in an internal auditor’s fraud risk assessment to evaluate how the organization manages such risk?

A.

Develop preventive and detective controls

B.

Identify potential fraud scenarios

C.

Assess the impact and likelihood of fraud risks

D.

Determine fraud risk responses

Full Access
Question # 131

Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

A.

Participate in a fraud risk-assessment session as an in-house facilitator.

B.

Send regular written updates to senior management on new control-related regulations.

C.

Lead a seminar on internal controls and provide numerous examples to the audience.

D.

Conduct a surprise inventory count at the raw materials warehouse.

Full Access
Question # 132

Which of the following statements is true regarding an organization's code of ethics?

A.

It should be written with primary consideration given to using a rule-based approach.

B.

It should be of two variations: one applicable internally and one applicable for third parties.

C.

Its operational effectiveness cannot be tested using traditional audit and rating systems such as maturity models.

D.

It should require an annual attestation of compliance with the code of conduct by all employees.

Full Access
Question # 133

Which of the following scenarios demonstrates an impairment to internal audit independence?

A.

The internal auditor s denied access to partner information from management of me area under review

B.

The internal auditor tarts to disclose a potential conflict of interest relationship with management of the area under review

C.

The internal auditor concludes that controls operate effectively, although he did not gather supporting evidence

D.

The internal auditor was assigned to an assurance review of an area for which he previously had responsibilities

Full Access
Question # 134

According to MA guidance, which of the following is an appropriate role for the internal audit activity?

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management's behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Full Access
Question # 135

Which of the following is a key determinant used by external auditors to decide whether they can rely on work performed by the internal audit activity?

A.

The auditors' independence.

B.

The auditors' objectivity.

C.

The auditors' integrity.

D.

The auditors' confidentiality.

Full Access
Question # 136

A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?

A.

Interview the employee identified by the whistleblower.

B.

Attain an understanding of the employee's role, responsibilities, and relationship with the supplier.

C.

Notify senior management, the board, and the external auditor about the alleged fraud

D.

Review all the orders issued to the supplier to investigate potential fraud.

Full Access
Question # 137

During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

A.

Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.

B.

Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.

C.

Require that a manager use a reserved register code to approve voids or refunds.

D.

Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.

Full Access
Question # 138

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Full Access
Question # 139

Which of the following is an appropriate roe fa the internal audit activity?

A.

Ensuring the organization's key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Full Access
Question # 140

Which of the following would most likely be classified as a consulting engagement?

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system's business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Full Access
Question # 141

Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

A.

The cost and frequency of both internal and external assessments.

B.

Any assumptions made by the assessment team

C.

A potential conflict of interest of the assessment team.

D.

The assessment team’s execution plan of relevant procedures.

Full Access
Question # 142

According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?

A.

Determining whether any opportunity exists for senior executives to misappropriate property or funds

B.

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

C.

Verifying whether the board of directors has implemented effective internal controls

D.

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

Full Access
Question # 143

An accounts payable clerk who has access to the vendor master file replaced the payment details of a legitimate vendor with those of a friend before processing the payment through the organization's cashier. Immediately afterward, he restored the original vendor information. Which of the following controls could have prevented this fraud?

A.

Approval of master file change requests by the accounts payable supervisor

B.

Comparison of the check register to original invoices.

C.

Segregation of duties between accounts payable and the cashier.

D.

Frequent issuance of account statements sent to the vendors.

Full Access
Question # 144

According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

A.

Conclude the engagement and inform management that fraud has occurred

B.

Perform further testing to verify the existence of fraud.

C.

Suspend the engagement and undertake a formal fraud investigation.

D.

Notify the board of the possible fraud immediately

Full Access
Question # 145

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Full Access
Question # 146

A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.

Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

A.

An evaluation of the current performance and compensation program.

B.

The performance of background investigations on all existing employees.

C.

The availability of fraud training to all employees.

D.

The availability of an employee whistleblower hotline

Full Access
Question # 147

Which of the following is a primary responsibility of senior management with respect to ethical violations?

A.

Senior management provides oversight for the organization's ethical climate.

B.

Senior management promotes an ethical culture in the organization.

C.

Senior management assesses the effectiveness of the organization’s ethical programs.

D.

Senior management reviews major ethical policies in the organization for compliance

Full Access
Question # 148

A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE's best response?

A.

The CAE refers to the Standards and explains that to protect her independence, she needs to remain isolated from the investigation.

B.

The CAE refers to the Standards and explains that the internal audit activity must obtain competent assistance if needed.

C.

The CAE refers to the Standards and explains that to protect her objectivity, she needs to remain isolated from the investigation.

D.

The CAE describes the specifics of the allegation to underscore the importance of the situation and the need for expert investigation

Full Access
Question # 149

Which of the following are considered root causes of fraud?

A.

Rationalization and corruption

B.

Corruption and opportunity

C.

Opportunity and perceived need

D.

Perceived need and weak internal controls

Full Access
Question # 150

Which of the following is the first step in the process of identifying relevant fraud risk factors?

A.

Identifying preventive and detective controls

B.

Gathering information about the organization’s business activities to gain an understanding of fraud risks

C.

Engaging in strategic reasoning to anticipate the fraud scheme

D.

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

Full Access
Question # 151

During an assurance engagement internal auditors interview operational management to gather and evaluate information. Which approach is most important for internal auditors to be able to listen effectively to interviewees in the given situation?

A.

Make an audio recording of the interview

B.

Interrupt with questions during unclear statements

C.

Express interest by asking follow-up questions

D.

Avoid periods of silence

Full Access
Question # 152

Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?

A.

The relative complexity of the engagement

B.

The cost of the engagement relative to its benefits

C.

The extent of work needed to achieve the engagement's objective

D.

The needs and expectations of the engagement client

Full Access
Question # 153

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

A.

1. 2. and 3.

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3, and 4.

Full Access
Question # 154

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Full Access
Question # 155

According to The IIA’s Code of Ethics, which of the following scenarios offers the best example of violating the principle of integrity?

A.

An internal audit manager collaborates with senior management to provide misleading information to government authorities.

B.

An internal audit manager provides sample audit reports and workpapers to a friend without obtaining prior approval

C.

An internal audit manager carries out a technical audit request without seeking expert opinion, despite a lack of the requisite skills.

D.

An internal audit manager assigned to audit a sales process failed to reveal that the process owner is a relative

Full Access
Question # 156

A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization's stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

A.

Assess plant employees' social media activity for specific messages related to tolerance and open communication

B.

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

Full Access
Question # 157

The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

A.

The internal audit activity should add value by implementing the recommendations on management's behalf.

B.

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

Full Access
Question # 158

Due to the increased operational responsibility of the CEO the chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO) What is the likely impact of such a situation?

A.

There may be limitation in the scope of engagements that can be undertaken

B.

The CFO could provide expert advice when auditing areas under his purview

C.

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.

The expertise of finance staff can be called upon during an audit of finance-related areas

Full Access
Question # 159

During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

A.

Directive

B.

Preventive

C.

Detective

D.

Automatic

Full Access
Question # 160

Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Full Access
Question # 161

Which of the following statements is most likely to be true regarding a consulting engagement involving an organization's new payroll system?

A.

The internal auditor and engagement client established an understanding that the scope would include the new payroll system project.

B.

The payroll system engagement was scheduled as a result of internal audit's risk-based annual planning process.

C.

The internal auditor concluded that the engagement objectives would include assessing the effectiveness of the payroll process controls.

D.

The internal auditor acknowledged the engagement client’s satisfactory performance in the final engagement results that were communicated to senior management and the board.

Full Access
Question # 162

According to The IIA’s Code of Ethics, which of the following statements is true?

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization’s foreign subsidiary and alters the audit program to highlight the issue, the fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client’s claims that the work performed is unnecessary and redundant, he fails to demonstrate competency.

Full Access
Question # 163

According to IIA guidance, which of the following statements is true regarding ISO 31000?

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Full Access
Question # 164

An internal auditor has suspicions that some fictitious vendors have been created in the organization's computer system. Which of the following would be the best technique to detect this fraud?

A.

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

B.

Run checks to find matches between vendor and employee addresses

C.

Check for recurring requests for refunds where invoices are paid twice

D.

Review for unexplained increases in inventory

Full Access
Question # 165

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company's risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization's CEO reviews the internal audit activity's annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning

Full Access
Question # 166

Which of the following conditions classifies an engagement as a consulting service provided by the internal audit activity?

A.

The internal auditor assigned to the engagement previously worked in the area under review and lacks objectivity.

B.

The internal audit engagement will involve providing an opinion on the effectiveness of controls.

C.

The internal auditor assigned to the engagement was specifically requested by management of the area under review.

D.

he internal audit engagement involves only two parties: the internal auditor and the engagement client.

Full Access
Question # 167

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Full Access
Question # 168

Which of the following best describes the type of organizational culture known as adaptability culture'?

A.

A results-oriented culture that values competitiveness and personal initiative

B.

A culture that emerges in quick-response and high-risk decision-making environments

C.

A culture that is characterized by low involvement with environmental and health issues

D.

A culture that places high value on participation and meeting the needs of employees.

Full Access
Question # 169

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Full Access
Question # 170

Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity'?

A.

For both assurance and consulting engagements, the auditor must independently and objectively select the criteria for evaluation

B.

For a consulting engagement, internal auditors and management jointly agree on the adequate criteria needed to evaluate governance, risk management, and controls. This is not true of assurance engagements

C.

Engagement planning and fieldwork are similar for both types of engagements (there are no major differences) although the reporting process is different depending on which service is provided

D.

For a consulting engagement objectives must address governance risk management and control processes to the extent agreed upon with the client. This is not true of assurance engagements

Full Access
Question # 171

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Full Access
Question # 172

An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?

A.

During audit planning, the auditor provided the client with the scope of the engagement for their agreement

B.

The results of the engagement were included in a written report that was issued to the client who requested the engagement

C.

During audit planning, the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.

The client requested the review of a new payroll system in order to improve the security of the system

Full Access
Question # 173

According to IIA guidance, which of the following statements is true regarding the internal audit activity’s responsibilities in providing consulting services?

A.

The chief audit executive is responsible for deciding the priority of consulting services in the internal audit plan

B.

The scope of consulting services is determined primarily by the internal auditor with input from management of the area under review

C.

The board defines the internal audit activity’s responsibilities over consulting activities

D.

Adding value to an organization requires the internal audit activity to initiate a consulting engagement

Full Access
Question # 174

A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?

A.

The requirement to provide an annual cost analysis that justifies having an internal audit activity

B.

The specific engagements that the internal audit activity will perform for the organization

C.

The board s oversight role and responsibilities pertaining to the internal audit activity

D.

The relevant regulations that will guide the internal audit activity's regulatory compliance assessments

Full Access
Question # 175

An engagement supervisor noticed that a newly hired internal auditor struggles with large data samples because he appears reluctant to apply available spreadsheet statistical functions and tends to perform testing of transactions manually In which of the following areas does the internal auditor most likely need training?

A.

Critical thinking.

B.

International Professional Practices Framework

C.

Professional ethics

D.

Business acumen

Full Access
Question # 176

The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?

A.

Parties are confident of the solution and are ready to defend it.

B.

There is a high level of trust among the parties.

C.

Resolution is time sensitive and a quick decision is necessary.

D.

The issue is more important to one patty than the others.

Full Access
Question # 177

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management's request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Full Access
Question # 178

Which of the following is the best example of a risk appetite statement concerning an investment portfolio?

A.

We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.

B.

We will hedge 95 percent of our U S. currency exposure and 100 percent of our European currency exposure.

C.

We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.

D.

We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.

Full Access
Question # 179

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Full Access
Question # 180

To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?

A.

Internal auditors should report their audit findings directly to the audit committee.

B.

To receive an outstanding performance rating, internal auditors are required to generate audit findings.

C.

Prior to hiring a new internal auditor, the chief audit executive must determine whether the auditor owns stock in the organization.

D.

Internal auditors are permitted to audit an entity managed by a close friend or relative, as long as they notify the chief audit executive.

Full Access
Question # 181

Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?

A.

The assessment will cover soft controls and company values.

B.

The assessment will focus on the policy for a particular process.

C.

The assessment will lack a defined scope

D.

The assessment will probably uncover fraud risks.

Full Access
Question # 182

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Full Access
Question # 183

According to NA guidance which of the following should be documented in the internal audit chatter?

A.

The risk assessment process applied by the internal audit activity

B.

The organization's internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Full Access
Question # 184

When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Full Access
Question # 185

Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?

A.

Monitor the organization's overall risk activities in relation to its risk appetite and other risk criteria.

B.

Guide the integration of risk management with other business planning and management activities.

C.

Review the portfolio of risk of the organization in relation to its risk appetite.

D.

Assume responsibility for the effectiveness and success of the risk management framework

Full Access
Question # 186

The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor's name is similar to that of the procurement manager, some staff members think the two are related, although they are not. Which of the following actions is most appropriate for the CAE to take?

A.

Take no action, as there is no impairment to independence.

B.

Remove the new internal auditor from the engagement team.

C.

Discuss the matter with the appropriate personnel to alleviate concerns.

D.

Closely supervise the new auditor and carefully review his work.

Full Access
Question # 187

An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

A.

Working conditions.

B.

Employees' families.

C.

Marketplace competition.

D.

Shareholders and investors

Full Access
Question # 188

Which of the following statements best describes internal auditors' role in fraud detection?

A.

Internal auditors' roles are similar to those performed by loss prevention managers or fraud investigators.

B.

Internal auditors' demonstration of adequate professional skepticism during an audit engagement is of paramount importance.

C.

Internal auditors should consider fraud risks in every assignment and demonstrate due care by detecting fraud instances.

D.

Internal auditors should possess a fraud-related body of knowledge, enabling them to carry out preventative and detective measures.

Full Access
Question # 189

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Full Access
Question # 190

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Full Access
Question # 191

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Full Access
Question # 192

Which of the following best demonstrates organizational independence of the internal audit activity?

A.

The chief audit executive (CAE) reports functionally to the CEO.

B.

The CAE's compensation is approved by the chief financial officer.

C.

The CAE's appointment Is determined by the CEO

D.

The CAE reports administratively to the chief operating officer.

Full Access
Question # 193

During an audit of the purchasing department, an internal auditor identifies significant issues that could affect the organization's financial reporting. Management disagrees with the audit results. Which of the following responses best demonstrates the internal auditor has the necessary competencies related to professional Judgment and conflict management?

A.

The auditor maintains his convictions and continues to proceed with the review process despite management's concerns related to the results.

B.

The auditor bypasses management, discusses the results with the board, and seeks the board's input on how best to address the recommendations.

C.

The auditor consults with other members of the audit team, and together they develop alternative recommendations that management may be more likely to accept.

D.

The auditor meets with management to discuss the results and obtain a better understanding of the specific concerns.

Full Access
Question # 194

Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?

A.

The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

B.

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Full Access
Question # 195

According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

A.

Pursuance of an internal audit certification.

B.

Enrollment in internal audit practice webinars.

C.

Attendance of internal audit workshops.

D.

Involvement in a variety of audit assignments.

Full Access
Question # 196

An internal audit activity is taking steps to promote professional development among the staff, and is in the process of implementing a mentorship program. According to HA guidance, which of the following is important for a successful mentorship program?

A.

It is best if the mentor is the chief audit executive.

B.

Mentor meeting documentation should be retained in personnel files.

C.

It should target both new hires and highly experienced staff.

D.

Meetings with mentors should be formal and scheduled.

Full Access
Question # 197

During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor's review and approval. Which of the following would be an appropriate course of action for the auditor to take?

A.

Review the submission and if no further remarks exist approve the risk limits

B.

Provide advice if needed and ask management of the area under review to forward to senior management and the board for approval

C.

Develop risk limit calculation criteria and ask management of the area under review to resubmit the values.

D.

Avoid providing any advice or review until the audit report is issued

Full Access
Question # 198

According to the Standards, which of the following demonstrates the proficiency of an internal auditor?

A.

Each internal auditor must hold one or more certifications in the area of fraud and seek out continuing professional development related to fraud detection and fraud investigation.

B.

Each internal auditor must have sufficient knowledge of IT risks and controls, and be able to evaluate the risk of fraud and the manner in which it is managed by the organization.

C.

Each internal auditor on the engagement team must possess the same level of knowledge, skills, and other competencies as other auditors on the engagement team.

D.

Each internal auditor must be paired, by the chief audit executive, with an individual who possesses the knowledge, skills, or other competencies required to complete the audit.

Full Access
Question # 199

According to MA guidance, which of the following is the most accurate statement regarding the internal audit charter?

A.

The IIA's Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the Internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Full Access
Question # 200

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Full Access
Question # 201

According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

A.

Whenever the business objectives of the organization change

B.

Just prior to an external assessment of the internal audit activity

C.

At the completion of each engagement.

D.

Progressively on a day-to-day basis

Full Access
Question # 202

Which of the following best describes the differences between internal auditors and external auditors?

A.

External auditors are concerned about misstatements in the organization's financial statements, while internal auditors are concerned about fraudulent activities that could impact the organization’s financial statements

B.

External auditors are required to hold an accounting designation and are responsible for continuing their education, while internal auditors are required to hold an internal audit designation.

C.

External auditors focus on the accuracy and understandability of financial statements, while internal auditors help the organization accomplish its objectives by evaluating and improving the effectiveness of the control process.

D.

External auditors are not employees of the organization, while internal auditors are employees who have in-depth knowledge of the business, making their opinion more reliable to the board and senior management.

Full Access
Question # 203

Which of the following would be considered an indicator that an organization's ethics program is not yet well developed?

A.

Disciplinary actions for ethics compliance violations are reviewed by the internal audit activity for consistency.

B.

Communication of ethics compliance expectations is the responsibility of employees' direct managers.

C.

The organization's code of ethics and related compliance policy are reviewed annually for potential updates.

D.

The board of directors reviews ethics oversight metrics for violations and compliance.

Full Access
Question # 204

Which of the following is considered to be a threat to the internal auditor's objectivity?

A.

The auditor drafted the operational procedures of the area that she is currently auditing.

B.

The auditor received a bonus that was approved by the board of directors.

C.

The assigned auditor recommended operational procedures for the organization.

D.

The assigned auditor rotated out of the same business activity three years ago

Full Access
Question # 205

An engagement supervisor noted that an internal auditor's personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner's area. According to MA guidance, which of the following should be used to manage this impairment?

A.

An internal audit charter.

B.

An employee disciplinary policy.

C.

A functional audit committee.

D.

A functional reporting placement.

Full Access
Question # 206

Why is it imperative for the chief audit executive to track and develop the educational qualifications of internal audit staff?

A.

To accurately conduct performance appraisals

B.

To ensure that staff complete required continuing professional education credits annually.

C.

To ensure that the resources needed to complete the audit plan are available.

D.

To satisfy the audit committee requirements.

Full Access
Question # 207

Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?

A.

Currency exchange rates, as they relate to internal audit-related expenses.

B.

Differences in typical working hours, compared to other countries.

C.

The effects of subtle language nuances on translations.

D.

Accepted practices that may be illegal in other countries.

Full Access