Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization's board under which of the tollowing circumstances'?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000
The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:
"As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the
respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure
to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended
that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management
should register the subsidiary in the current year as soon as possible."
What part of this narrative represents a condition of the observation made by auditors in the final report?
Which of the following best demonstrates internal auditors performing their work with proficiency?
Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
• The annual audit plan should include audits that are consistent with the skills of the IAA.
• Audits of high-risk areas of the organization should be conducted by internal audit staff.
• External resources may be hired to provide subject-matter expertise but should be supervised.
• Auditors should develop their skills by being assigned to complex audits for learning opportunities.
Which of the following statements best describes the difference between risk appetite and risk tolerance?
While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4. Submit management's plan of action to the external auditors for additional review.
An internal auditor is asked to perform an assurance engagement in the organization's newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
In a small internal audit function, a single auditor is responsible for conducting the entire audit engagement. In this situation, what is the benefit of using a checklist as part of an engagement work program?
What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?
An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?
An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?
Which of the following is a disadvantage of using flowcharts during a risk assessment?
The chief audit executive of an international organization is planning an audit of the treasury function located at the organization's headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?
In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?
While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
There is a clear strategy and timeline to migrate risk management responsibility back to management.
The internal audit activity has the final approval on any risk management decisions.
The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
The nature of services provided to the organization is documented in the internal audit charter.
Which of the following should management action plans include at a minimum?
An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?
After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the
organization. What is the most appropriate first step for the CAE to take?
As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization's warehouse in a timely manner. What type of objective does this exemplify?
An internal auditor suspects that employee turnover is unusually high at the organization's primary manufacturing plant To investigate this potential issue which of the following analytical approaches is the auditor likely to use?
Which of the following would be the most effective fraud prevention control?
The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?
When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?
An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE's responsibility at the meeting?
A healthcare organization's chief audit executive (CAE) noted that the organization's IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization's chief information officer (ClO) does not agree with the audit team's recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?
A manager has allowed a subordinate employee to have greater control and responsibility over the tasks that he performs This is an example of which of the following?
What information would be most useful to an internal auditor who is attempting to identify specific processes to include in the scope of an assurance engagement?
Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?
The following is a list of major findings in the executive summary report for an audit of the contract management process
- Noncompliance with contract provisions requiring vendors to obtain insurance policies with indemnity value of not less than $1 million
- Compliance with contract obligations and deliverables is not monitored
- No contract agreement with five vendors providing core services
Which of the following is an appropriate conclusion that can be drawn from these findings?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
The organization’s internal audit charter was last updated six years ago to update the charter, which of the following actions is most appropriate for the chief audit executive to take?
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?
In preparing the engagement work program, which of the following is generally true with respect to secondary controls?
An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?
According to Herzberg’s Two-Factor Theory of Motivation, which of the following factors are mentioned most often by satisfied employees9
An internal auditor has discovered that duplicate payments were made to one vendor. Management has recouped the duplicate payments as a corrective action. Which of the following describes management’s action in this case?
Which of the following is the primary purpose of financial statement audit engagements?
Which of the following is the most important concept to be included in a consulting engagement agreement?
Which of the following would present the most critical external risk to an organization?
An internal auditor of a construction organization found that completed inspection results, required by the organization's policy, were missing from the computer system. Which of the following, if included in the audit report, would demonstrate that the auditor performed a root cause analysis of this observation?
An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?
After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
Which of the following audit steps would an internal auditor most likely be questioned on?
Which of the following is essential for ensuring that the internal audit activity's findings and recommendations receive adequate consideration?
An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities'*
An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?
To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?
Organizations that adopt just-in-time purchasing systems often experience which of the following?
The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9
An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity's collective knowledge, skills, and other competencies?
Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?
An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management's decision, which of the following is the most appropriate next step for the CAE to take?
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?
Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?
The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the Internal auditor was assigned to an assurance engagement?
In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?
During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9
The audit plan of an internal audit function includes an assurance engagement of the organization’s cybersecurity protocols. However, the engagement supervisor assigned to execute the engagement identifies that the internal auditors with competencies in cybersecurity are scheduled for upcoming leave and are involved in other engagements. Those auditors would not be available to participate in the cybersecurity engagement. Which of the following would be the appropriate action for the engagement supervisor?
Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?
Which of the following statements is true regarding the final assurance engagement report issued to management?
According to IIA guidance which of the following statements is true regarding heat maps?
For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?
Which of the following is one of the advantages of organizing the risk universe by processes?
During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?
Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate
to achieve this objective?
During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team's recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?
According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?
During a review of data privacy an internal auditor is tasked with testing management's identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?
Which of the following would most likely form part of the engagement scope?
According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?
At the conclusion of a quality assurance review, the chief audit executive (CAE) was informed that several audits included incomplete workpapers, and some workpapers were not completed within the established timeframe. How should the CAE address the issue of incomplete workpapers?
An internal auditor is tasked with evaluating the adequacy of the organization's inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?
According to IIA guidance, which of the following statements regarding the internal audit charter is true?
According to IIA guidance, which of the following statements is true regarding due professional care?
According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?
An internal auditor was reviewing the procurement department's tender documentation for completeness He documented all discrepancies but the procurement manager disagreed with his findings Upon further review, the internal auditor noted that all discrepancies had been corrected in the tender database. Which of the following courses of action would have prevented this situation?
The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program's activities. What is the appropriate next step?
Which of the following statements accurately describes the Standards requirement for ret internal audit records?
Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large organization?
An internal auditor developed a list of internal and external risk considerations across the organization's processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?
Which of the following internal audit activities is performed in the design evaluation phase?
The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?
Which of the following methods is most closely associated to year over year trends?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
Which of the following has the greatest effect on the efficiency of an audit?
Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?
Which of the following statements is true regarding risk assessments, including the evaluation and prioritization of risk and control factors?
Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?
Which of the following would be considered a violation of The IIA’s mandatory guidance on independence?
An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
A bank uses customer departmentalization to categorize its departments. Which of the following groups best exemplifies this method of categorization?
During which phase of the contracting process are contracts drafted for a proposed business activity’
In which of following scenarios is the internal auditor performing benchmarking?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?
According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?
An internal auditor wants to obtain management's evaluation of the organizational risk culture. Because there are more than 30 geographically dispersed managers, one-to-one interviews are not possible. Which of the following is the most efficient option for the auditor to adopt?
While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditors relative. Which course of action should the auditor take?
Which of the following best exemplifies having effective risk management and internal control processes?
Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?
Which of the following actives is an internal auditor most likely to perform when establishing the objectives of an assurance engagement?
An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of
the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and
concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?
Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?
An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?
An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?
Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
In which of the following situations would an internal auditor consider the need to outsource competencies and skills9
An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?
Which of the following is the most important determinant of the objectives and scope of assurance engagements?
The organizational chart, business objectives, and policies and procedures of the area to be reviewed
To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?
An internal auditor reviewed the tender documents for the procurement of manufacturing equipment and observed the following:
Tender technical specifications were compliant with internal policies.
The sole assessment criterion of the tender was economic feasibility.
All bids were submitted to a designated software and could not be opened before the submission deadline.
The winner was approved by senior management.
The winner was selected based on which bidder offered the newest technology.
Which of the following is the most appropriate conclusion?
Which of the following represents a ratio that measures short-term debt-paying ability?
Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?
Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
According to IIA guidance, which of the following statements is true regarding engagement planning?
Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?
The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports. According to IIA guidance, which of the following statements is true?
Which of the following contributes to the reliability of information collected for an audit engagement?
White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?
Which of the following would most likely form part of the engagement scope?
Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
Which of the following statements is true regarding internal auditors and other assurance providers?
Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors' work?
Which of the following is the primary reason a chief audit executive should network with an organization’s executives?
Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?
According to IIA guidance, which of the following is a limitation of a heat map?
An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?
According to IIA guidance, which of the following statements about analytical procedures is true?
A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?
According to MA guidance, which of the following factors should an internal auditor consider when assessing the likelihood of fraud risk1?
Which of the following statements is true regarding an organization’s inventory valuation?
An organization is expanding into a new line of business selling natural gas. The internal auditor is planning an engagement and wants to obtain a general understanding of the natural gas market the market share that the organization wants to win, and the competitive advantage that the organization may have. Which of the following would be the best source of such information?
What is the primary reason that audit supervision includes approval of the engagement report?
Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?
While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an important compensating control had not been considered adequately by the audit team when it reported a major control weakness. Therefore, the CAE returned the documentation to the auditor in charge for correction. Based on this information, which of the following sections of the workpapers most likely would require changes?
Effect of the control weakness.
Cause of the control weakness.
Conclusion on the control weakness.
Recommendation for the control weakness.
An internal auditor s examination of accounts receivable generates the following results:
What is the projected misstatement for the population if ratio estimation is used?
A chief audit executive (CAE) is trying to balance the internal audit activity's needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
Which of the following would offer the strongest evidence to support the internal auditor's conclusion that a product is in stock, as stated in the accounting records?
When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?
Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?
In which of the following ways can the internal audit activity new engagement opportunities?
According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?
An engagement supervisor reviewed a staff internal auditor's documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?
According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?
• They are discussed with management prior to finalizing the audit.
• They may be discarded after working papers are amended as appropriate.
• They are created by the auditor to support her fieldwork in case of questions.
• They are not required to support observations issued in the audit report.
Which of the following describes (he primary reason why a preliminary risk assessment is conducted during engagement planning?
An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?
An internal auditor believes that the internal audit activity's independence is impaired Which of the following actions should the internal auditor take first?
Which of the following statements is true regarding partnership liquidation?
When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
An internal auditor is conducting an assurance engagement. One engagement objective is to evaluate the project manager’s effectiveness at controlling project costs. Which of the following audit tests should be included in the engagement program?
An internal auditor is assessing whether a vendor onboarding procedure is being followed in all business units. The procedure has been centrally designed and depicts activities and validations that must be performed at every step. Which of the following is the most suitable way to compile an internal control questionnaire?
An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?
An internal auditor wants to identity potential ghost employees in the organization's payroll system The auditor extracts the following data
- Human resources data with employees' names addresses employment conditions and identification codes
- Payroll data
- Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?
According to IIA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?
During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?
Which of the following is an appropriate activity when supervising engagements?
The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?
While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
Ensure encryption keys meet ISO standards.
Determine whether an independent review of the service provider's operation has been conducted.
Verify that the service provider’s contracts include necessary clauses.
Verify that only public-switched data networks are used by the service provider.
An organization's finance manager plans to implement a state-of-the-art management system to better manage the organization's receivables. The finance manager consulted the chief audit executive (CAE) and asked for her assistance in determining whether the organization is able to accommodate this system. How would the CAE proceed to determine the objectives of this engagement
When addressing the excessive overtime being paid lo employees in an organization's customer service call center, which of the following would be most relevant for the internal auditor to use?
1 Confirmation.
2. Trend analysis.
3 External benchmarking
4. Internal benchmarking
A customer has supplied personal information to a bank to facilitate opening an account. The bank is part of a larger group of companies with core businesses including general insurance, life insurance, and investment products. Considering that the customer has closed his only account with the bank and the statutory data retention period has elapsed, which of the following actions by the bank is most likely to align with appropriate data privacy principles?
Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?
A financial services organization's CEO requests that the internal audit function carry out fraud scenario testing over the supplier payment process. The engagement supervisor intends to identify these scenarios using a technique that motivates the sharing of ideas. Which of the following provides the internal audit function with this information?
Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
Which of the following is an example of a properly supervised engagement?
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor's use of review notes?
During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.
Which of the following responses would be most effective to mitigate this risk?
Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?
An internal auditor is using computer-assisted audit techniques to examine employee expenses across several divisions of the organization. Which of the following is true in this situation?
Which of the following is an advantage of nonstatistical sampling over statistical sampling?
Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?
Which of the following are advantages of flowcharts over internal control questionnaires''
1 Flowcharts reduce the need to test whether employees are observing internal control processes
2 Flowcharts provide a visual depiction of the processes in the area under review 3. Flowcharts identify and prioritize internal control design weaknesses.
4 Flowcharts highlight the control points to help internal auditors evaluate control design
Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
Which of the following engagements is likely to be most appropriate for an organization that is planning an acquisition?
According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity's (IAA's) objectives?
Which of the following is the primary weakness of internal control questionnaires (ICQs)?
The internal audit activity plans to assess the effectiveness of management's self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?
An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?