In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization's management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?
During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?
An IT auditor is reviewing the access controls in an organization's accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?
A chief audit executive (CAE) is trying to balance the internal audit activity's needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?
Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
Which of the following internal audit procedures commonly involves sampling?
When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group. Which of the following is the most appropriate role that she should assume when facilitating the workshop?
An organization's finance manager plans to implement a state-of-the-art management system to better manage the organization's receivables. The finance manager consulted the chief audit executive (CAE) and asked for her assistance in determining whether the organization is able to accommodate this system. How would the CAE proceed to determine the objectives of this engagement
Which of the following would most Holy reflect the best possible engagement objectives?
The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?
The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?
According to IIA guidance, which of re following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?
Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?
During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team's recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?
Which of the following is a detective control for managing the risk of fraud?
An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?
An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization's policy What should the auditor document in the workpapers?
The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques Which of the following audit procedures should be used to test the auditor's theory?
Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?
Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?
Which of the following is the primary reason for internal auditors to conduct interim communications with management of the area under review?
Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?
According to HA guidance, which of the following statements regarding audit workpapers is true?
An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?
Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?
An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?
An internal auditor is assigned to validate calculations on the organization's building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?
As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
An internal auditor is conducting a preliminary survey of the investments area, and sends an internal control questionnaire to the management of the function. (An extract of the survey is provided below).
1. Are there any restrictions for any company's investments?
2. Are there any written policies and procedures that document the flow of investment processing?
3. Are investment purchases recorded in the general ledger on the date traded?
4. Is the documentation easily accessible to an persons who need in to perform their job?
Which of the following is a drawback of testing methods like this?
An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?
To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?
Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?
The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department's risks and controls?
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?
Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?
An audit observation states the following:
"Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history"
Which of the following components are missing in the observation?
An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?