Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-CIA-Part2 Questions and Answers

Question # 6

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 7

When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?

A.

When a manufacturing organization has stable demand for its products.

B.

When an organization is subjected to strong political and social pressures

C.

When a manufacturer has reliable resources and suppliers.

D.

When an organization is infrequently affected by technological advances

Full Access
Question # 8

Which of the following statements is false regarding audit criteria?

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Full Access
Question # 9

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

A.

Career model

B.

Center of competence model.

C.

Rotational model.

D.

Hybrid model

Full Access
Question # 10

Which of the following represents a ratio that measures short term debt-paying ability?

A.

Debt-to-equity ratio.

B.

Profit margin.

C.

Current ratio.

D.

Times interest earned.

Full Access
Question # 11

According to IIA guidance, which of the following typically serves as the basis for an engagement work program?

A.

Past audit findings.

B.

Scope and audit objectives.

C.

Techniques and resources.

D.

Stakeholders ' expectations.

Full Access
Question # 12

An internal auditor is planning an audit engagement of a subsidiary organization. The auditor learns that a corporate investigator from the holding organization is investigating the subsidiary regarding a fraud case. Which of the following is true regarding the scope of the internal auditor’s engagement?

A.

As the fraud is already being investigated by the corporate investigator, it should be excluded from the scope of the audit engagement

B.

The engagement should be framed as an advisory engagement to support the corporate investigator ' s work

C.

The area under investigation should be excluded from the engagement scope if the auditor does not have the technical skills required to support a fraud investigation

D.

The scope should consider the nature of the fraud risk and control weaknesses identified from the fraud case

Full Access
Question # 13

According to IIA guidance, which of the following statements about analytical procedures is true?

A.

Analytical procedures compare information against expectations.

B.

Analytical procedures begin after the engagement’s planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques.

Full Access
Question # 14

Which of the following would best prevent phishing attacks on an organization?

A.

An intrusion detection system

B.

Use of firewalls

C.

Regular security awareness training

D.

Application hardening

Full Access
Question # 15

An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?

A.

A criterion of the organization ' s accumulation of large travel advances

B.

A condition of the organization ' s accumulation of large travel advances

C.

A consequence of the organization ' s accumulation of large travel advances

D.

A cause of the organization ' s accumulation of large travel advances

Full Access
Question # 16

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1.Consult on CSR program design and implementation

2.Serve as an advisor on CSR governance and risk management.

3.Review third parties for contractual compliance with CSR terms

4Identify and mitigate risks to help meet the CSR program objectives

A.

1,2, and 3.

B.

1.2. and 4.

C.

1, 3, and 4.

D.

2. 3. and 4.

Full Access
Question # 17

According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity ' s (IAA ' s) objectives?

A.

Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.

B.

Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.

C.

Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.

D.

Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization ' s governance structure.

Full Access
Question # 18

A manufacturing organization specializes in the production of evaporated milk and breakfast cereals. The manufacturing processes create significant loss in the form of waste and byproducts. The provision for normal production loss is known to senior management, but little action is taken when abnormal production losses occur. The organization sells its production byproducts to fish farmers at a reduced price. The byproducts are a widely recognized and used product in the fish farming industry. The organization has a policy that also allows its employees to purchase the byproducts at a negligible price. Based on the above, which of the following risks should the internal audit function consider when planning an engagement of the production process?

A.

The production team may be incentivized to increase production losses.

B.

The production team may work overtime and be overworked.

C.

Increased misappropriation of finished products.

D.

Risk that the finished product quality may be impaired.

Full Access
Question # 19

An internal auditor is asked to perform an assurance engagement in the organization ' s newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?

A.

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

B.

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

C.

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

D.

The qualifications and competencies of the subsidiary ' s management team and their understanding of risk and control

Full Access
Question # 20

What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?

A.

Operational audit

B.

Compliance and financial audit

C.

Performance audit

D.

Quality audit

Full Access
Question # 21

Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?

A.

Surveys

B.

Management produced analysis 0

C.

Facilitated team workshops

D.

Weighted risk factors

Full Access
Question # 22

Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?

1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.

2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.

3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.

4. Communicate to senior management a summary report on the status and adequacy of audit resources.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Full Access
Question # 23

During an assurance engagement an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

A.

Internal audit management

B.

Conflict negotiation.

C.

Critical thinking

D.

Persuasion and collaboration

Full Access
Question # 24

Which of the following is true regarding the monitoring of internal audit activities?

A.

The form and content of monitoring policies could vary by industry

B.

The board of directors is responsible for the establishment of monitoring polities

C.

Both large and small audit departments must have written policies on monitoring.

D.

The chief audit executive must develop all monitoring policies related to the activity

Full Access
Question # 25

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Full Access
Question # 26

Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?

A.

When internal auditors need to cover many control procedures using ICQs is generally less efficient than conducting observations and inspections

B.

It is generally difficult for internal auditors lo compile appropriate ICQs for business activities that are governed by standardized operating procedures

C.

ICQs are inadequate to provide effective assurance on how organizational processes are executed in practice.

D.

It is generally difficult for internal auditors to process completed questionnaires, because ICQs frequently elicit detailed comments and long answers from management

Full Access
Question # 27

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities

Full Access
Question # 28

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Full Access
Question # 29

Which of the following factors should be considered when determining the staff requirements for an audit engagement?

    The internal audit activity ' s time constraints.

    The nature and complexity of the area to be audited.

    The period of time since the area was last audited.

    The auditors’ preference to audit the area.

    The results of a preliminary risk assessment of the activity under review.

A.

1 and 4 only.

B.

1, 2, and 5 only.

C.

2, 3, and 5 only.

D.

1, 2, 3, 4, and 5.

Full Access
Question # 30

According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?

A.

The CAE should continue to meet with management to obtain their agreement for corrective action

B.

The CAE should note in the final report that management has decided to accept the risk.

C.

The CAE should ask that additional testing be undertaken to strengthen his case as to the need for corrective action.

D.

The CAE should advise senior management of his intention to escalate the matter to the board.

Full Access
Question # 31

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Full Access
Question # 32

An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?

A.

The internal auditor concludes that management may be placing undue reliance on me specified control

B.

The internal auditor concludes that the specified control is more effective than it really is.

C.

The internal auditor concludes that the specified control is acceptably effective

D.

The internal auditor concludes that additional testing will be required to evaluate the specified control

Full Access
Question # 33

Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

A.

Knowledge/skills gap.

B.

Monitoring gap.

C.

Accountability reward failure

D.

Communication failure

Full Access
Question # 34

An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

A.

Switch the existing assurance engagement into a fraud investigation engagement

B.

Extend the audit scope and perform additional testing of controls on other related areas

C.

Review the poor year ' s transaction volume and amounts paid compared to the poor year ' s budget

D.

Perform data analytics on the supplier ' s information, invoiced amounts, and payments performed

Full Access
Question # 35

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

1.There is a clear strategy and timeline to migrate risk management responsibility back to management.

2.The internal audit activity has the final approval on any risk management decisions.

3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

4.The nature of services provided to the organization is documented in the internal audit charter.

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Full Access
Question # 36

Which of the following is an appropriate activity when supervising engagements?

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor ' s discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Full Access
Question # 37

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management ' s response to audit recommendations?

A.

Evaluate and verify management ' s response, and determine the need and scope for additional work.

B.

Evaluate and verify management ' s response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Full Access
Question # 38

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management ' s decision, which of the following is the most appropriate next step for the CAE to take?

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders

C.

The CAE must discuss the matter with legal counsel

D.

The CAE must discuss the matter with the board

Full Access
Question # 39

In which of following scenarios is the internal auditor performing benchmarking?

A.

The auditor compares information from one period with the same information from the poor period

B.

The auditor compares new information to his general knowledge of the organization

C.

The auditor compares information he collected with simmer information from another source

D.

The auditor compares expected outcomes with actual results

Full Access
Question # 40

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?

A.

Politely decline the engagement due to a lack of qualified staff available at the time.

B.

Complete the engagement as requested, with the best of the current staff’s abilities.

C.

Consider using employees from other departments in the organization on the audit team.

D.

Change the scope of the testing to ensure that only available staff proficiencies are used

Full Access
Question # 41

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices.

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner.

Full Access
Question # 42

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Full Access
Question # 43

While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?

A.

It enables the auditor to identify the inherent risks to the effective operation of accounts payable process controls.

B.

It enables the auditor to understand the framework of the activities and associated accounts payable subprocesses

C.

it enables the auditor to understand the accounts payable process and its flow, including key steps and systems.

D.

It enables the auditor to categorize the population of transactions within the accounts payable process

Full Access
Question # 44

An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?

A.

Paying off an overdraft debt using funds from another bank current account.

B.

Purchasing inventory using funds from long-term bank loans.

C.

Acquiring a new car through leasing.

D.

Factoring short-term accounts receivable in exchange for cash.

Full Access
Question # 45

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

A.

Persuade senior management to take appropriate action.

B.

Cancel issuing the engagement report due to the assumed risks.

C.

Accept senior management’s assumption of the risks.

D.

Discuss the issue with the board for them to take appropriate action.

Full Access
Question # 46

According to IIA guidance, when would an interim report typically be produced?

A.

During a standard audit engagement when management wants to address an issue before the final report is drafted.

B.

Following each workshop conducted during a consulting engagement.

C.

During lengthy audit engagements involving several organizational units.

D.

Following management ' s update tor actions taken on outstanding recommendations.

Full Access
Question # 47

Which of The following best describes a risk that is deemed " unacceptable " to the organization?

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Full Access
Question # 48

After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?

A.

The process objectives.

B.

The process risks

C.

The process controls

D.

The process scope

Full Access
Question # 49

During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?

A.

Identify and map existing controls to their relevant inherent fraud risks

B.

Detect fraudulent activities in the activity under review for the audited period

C.

Select the appetite level for each inherent fraud risk

D.

Evaluate and respond to residual fraud risks that need to be mitigated

Full Access
Question # 50

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization ' s risk strategy and risk appetite framework

D.

Discuss the department ' s present strategies ‘and objectives with the head of the HR department

Full Access
Question # 51

An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?

A.

Draft report, to be reviewed by management just prior to final report issuance.

B.

Preliminary observation document, discussed during the engagement.

C.

Final report, after review by audit management.

D.

Verbal communication during the engagement, followed by the final report issuance.

Full Access
Question # 52

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Full Access
Question # 53

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

A.

The CAE should send the final report to operational and senior management and the audit committee.

B.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Full Access
Question # 54

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports

1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting

3.Setting up a hotline for employees to report fraudulent behavior anonymously.

4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only.

Full Access
Question # 55

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

A.

Inform senior management that the branch manager decided to cancel the committed action plan without any previous communication.

B.

Discuss the issue with the board, which has ultimate responsibility to resolve this risk.

C.

Have another discussion with the branch manager, attempt to change his view, and encourage him to implement the recommendations.

D.

Document the branch manager’s decision to accept the risk; otherwise, no other specific course of action is required.

Full Access
Question # 56

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

A.

To obtain sufficient audit evidence.

B.

To test the client ' s knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Full Access
Question # 57

During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?

A.

The audit team that conducted the operational audit must also conduct the investigative audit.

B.

The investigative audit must be conducted by an independent third-party service provider.

C.

To preserve objectivity, auditors who participated on the initial operational audit engagement team must not partake in the investigative audit.

D.

The investigative audit engagement team must include at least one auditor who possesses fraud-related skills and competencies.

Full Access
Question # 58

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

A.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Full Access
Question # 59

A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Full Access
Question # 60

According to HA guidance on IT, which of the following actions would be performed as part of the " Define IT Universe " stage of the IT audit plan development process?

A.

Identify significant applications that support the business operations

B.

Assess risk and rank subjects using business risk factors

C.

Identify how the organization structures its business operations

D.

Select audit subjects and bundle into distinct audit engagements

Full Access
Question # 61

Which of the following statements describes an engagement planning best practice?

A.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.

Engagement planning activities include setting engagement objectives that align with audit client ' s business objectives.

Full Access
Question # 62

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Full Access
Question # 63

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

A.

A star.

B.

A cash cow.

C.

A question mark.

D.

A dog

Full Access
Question # 64

According to IIA guidance, which of the following should be a primary objective for an internal auditor who is conducting an exit conference?

A.

Improve relations with the engagement clients.

B.

Present the final engagement communication.

C.

Identify concerns for future audit engagements.

D.

Ensure the accuracy of engagement conclusions.

Full Access
Question # 65

An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a given precision and confidence level?

A.

The sample rate of occurrence plus the precision exceeds the acceptable error rate.

B.

The sample rate of occurrence is less than the acceptable error rate.

C.

The acceptable rate of occurrence less the precision exceeds the sample rate of occurrence.

D.

The sample rate of occurrence plus the precision equals the acceptable error rate.

Full Access
Question # 66

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Full Access
Question # 67

An internal auditor wants to obtain management ' s evaluation of the organizational risk culture. Because there are more than 30 geographically dispersed managers, one-to-one interviews are not possible. Which of the following is the most efficient option for the auditor to adopt?

A.

Send out a survey with a few open questions, such as “What is your impression of the risk culture in our organization?”

B.

Send out a survey with statements and request defined answers, such as “strongly agree” and “strongly disagree.”

C.

Send out an email asking managers to evaluate the risk culture and provide detailed justification.

D.

Send out an email asking those who have something to report on organizational risk culture to step forward.

Full Access
Question # 68

The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?

A.

The internal control is operating with 95% effectiveness

B.

There is 90% probability that the internal control is operating as designed

C.

The internal control is not designed appropriately

D.

5% of the selected timesheets were not properly approved

Full Access
Question # 69

Which of the following best exemplifies having effective risk management and internal control processes?

A.

Relevant risk indicators and mitigation plans are in place

B.

All risks are identified and assessed

C.

Business profitability is likely to be achieved

D.

Risk information is communicated to customers and suppliers

Full Access
Question # 70

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Full Access
Question # 71

Which of the following statements best demonstrates application of due professional care during an assurance engagement?

A.

The engagement detected irregularities and noncompliance instances.

B.

The engagement supervisor had no significant comments in the supervisory review.

C.

The audit procedures were systematically planned: executed, and documented.

D.

The engagement objectives were designed to assist the engagement client

Full Access
Question # 72

Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity ' s recommendations are being acted upon?

A.

The CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

B.

The CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

C.

The CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

D.

The CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

Full Access
Question # 73

According to IIA guidance which of the following statements is true regarding heat maps?

A.

A heat map sets likelihood to have higher priority than impact.

B.

A heat map sets impact to have higher priority than likelihood.

C.

A heat map recognizes that the priority of impact and likelihood can vary.

D.

A heat map recognizes impact and likelihood as equally important

Full Access
Question # 74

According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?

A.

Elements of evaluation

B.

Elements of organization

C.

Elements of practice

D.

Elements of confidentiality

Full Access
Question # 75

Which of the following would help the internal audit activity assess compliance with the organization ' s standard operating procedures for bank deposits during a preliminary survey?

A.

Issue an internal control questionnaire to select branch customers.

B.

Issue an internal control questionnaire to the president of the organization.

C.

Issue an internal control questionnaire to the director of bank operations.

D.

Issue an internal control questionnaire to select branch managers.

Full Access
Question # 76

Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?

A.

Whether an audit is explicitly required by the internal audit charter

B.

The extent to which the work to be performed is an assurance or consulting engagement

C.

The organization ' s annual risk management strategy

D.

Risks that are identified by operations staff or senior management

Full Access
Question # 77

To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?

A.

The organization ' s view on risk tolerance

B.

The organization ' s principal risk events.

C.

The organization ' s risk response strategies

D.

The organization ' s major control activities

Full Access
Question # 78

According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Full Access
Question # 79

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider ' s experience in the type of work being considered.

Full Access
Question # 80

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

A.

Criteria

B.

Condition

C.

Cause

D.

Effect

Full Access
Question # 81

According to IIA guidance, which of the following activities is most likely to enhance stakeholders ' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Full Access
Question # 82

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE ' s best option for fulfilling the internal audit activity ' s responsibilities in this case?

A.

Outsource the investigation to independent professional consultants

B.

Select certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

C.

Recruit additional internal auditors possessing relevant qualification and experience

D.

Decline the engagement at this time

Full Access
Question # 83

Internal control questionnaires are used to achieve which of the following objectives?

A.

To ascertain the operating effectiveness of a procedure

B.

To verify the accuracy of Information in a report

C.

To assess the controls mitigating major risks

D.

To determine whether specified contra procedures are in place

Full Access
Question # 84

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Full Access
Question # 85

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization ' s goals.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4

D.

1, 3, and 4

Full Access
Question # 86

An internal auditor is tasked with evaluating the adequacy of the organization ' s inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?

A.

Accounting adjustments of inventories are approved by the management in accordance with a signature policy

B.

Root causes of inventory differences are analyzed and corrective measures are followed

C.

High value items are inventoried more frequently throughout the year

D.

Value of accounting adjustments matches with the value of inventory differences and are made in a timely manner

Full Access
Question # 87

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

A.

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Full Access
Question # 88

Which of the following best describes the engagement objective in a banking compliance audit?

A.

Assessing the cost-efficiency of business continuity plans

B.

Assessing whether the business continuity plans implement regulatory requirements

C.

Assessing whether the business continuity plans implement best practice recommendations

D.

Assessing the operating effectiveness of the business continuity plans

Full Access
Question # 89

Which of the following could increase risks to the organization’s control environment?

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline

Full Access
Question # 90

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

A.

It documents the audit steps and procedures to be performed.

B.

it documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review

Full Access
Question # 91

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?

A.

Compare purchase orders generated from test data input into the LAN with purchase orders generated from production data for the most recent period

B.

Develop a report of excess inventory and compare the inventory with current production volume

C.

Compare the pans needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Full Access
Question # 92

Which of the following contributes to the reliability of information collected for an audit engagement?

A.

The information is gathered from a system where the controls are operating effectively

B.

The information is obtained directly from an experienced manager in writing

C.

The information is consistent with the objectives for the engagement

D.

The information is useful to help the organization meet its goals

Full Access
Question # 93

Which of the following statements is true regarding different competitive strategies?

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Full Access
Question # 94

Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?

A.

The calculated statistical sample size is 50 however the internal auditor believes errors exist so he decides to increase the sample size to 80

B.

The internal auditor traces serial numbers of computer equipment listed on an invoice to the fixed asset inventory

C.

The internal auditor reviews the accounts payable manager ' s petty cash fund and vouchers

D.

The internal auditor reviews the related invoice purchase order and receiving report for each sample selection

Full Access
Question # 95

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

A.

increased access to the organization ' s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

increased access to the organization ' s software and proprietary data.

Full Access
Question # 96

An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager.

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Full Access
Question # 97

Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?

A.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

B.

Contract an external IT special to offer advice and consult on IT audits

C.

Employ an independent external IT specialist to perform IT audits for the first year

D.

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

Full Access
Question # 98

An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?

A.

A relevant procurement law or regulation.

B.

A list of the company ' s vendors.

C.

A review of a sample of tenders during the audited period.

D.

A summary of the company ' s expenditures and their categories.

Full Access
Question # 99

An internal auditor determined that the organization ' s accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?

A.

Each invoice for goods or services acquired by the organization must be recorded only once in the accounting system.

B.

The accounting system lacks efficient controls for the identification of duplicate invoices.

C.

Disbursements may be made inappropriately, and liabilities may be overstated.

D.

The accounting system is at the end of its lifetime and is no longer developed by the provider.

Full Access
Question # 100

The chief audit executive (CAE) is developing a workpaper preparation policy for a new internal audit activity. The CAE wants to ensure that all workpapers relate directly to the engagement objectives. Which of the following statements should be included in the policy specifically to address this concern?

A.

The workpapers should be understandable.

B.

The workpapers should be relevant.

C.

The workpapers should be economical.

D.

The workpapers should be complete.

Full Access
Question # 101

According to IIA guidance, which of the following statements is true regarding due professional care?

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Full Access
Question # 102

Which of the following is true regarding the communication of engagement results with stakeholders?

A.

When the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management. If the CAE determines that the matter has not been resolved, the CAE should seek the opinion from regulatory bodies.

B.

The CAE should avoid issuing any interim reports, even for high-risk observations, prior to the issuance of the final written report to avoid leakage of sensitive information.

C.

It is mandatory for the CAE to assess the potential risk to the organization, consult with senior management and legal counsel as appropriate, and control dissemination by restricting the use of the results prior to releasing them to parties outside of the organization if not otherwise mandated by legal, statutory, or regulatory requirements.

D.

The board should always be given the final written internal audit reports at the conclusion of all internal audit engagements. Executive summaries should be avoided in all cases.

Full Access
Question # 103

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Full Access
Question # 104

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

A.

To help develop process maps.

B.

To determine segregation of duties.

C.

To identify residual risks.

D.

To test the adequacy of controls.

Full Access
Question # 105

According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Full Access
Question # 106

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

A.

Improper segregation of duties.

B.

Incentives and bonus programs.

C.

An employee ' s reported concerns.

D.

Lack of an ethics policy.

Full Access
Question # 107

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor ' s decision to combine both observations into one reported finding?

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Full Access
Question # 108

An audit observation states the following:

" Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history "

Which of the following components are missing in the observation?

A.

Cause and effect.

B.

Effect and criteria

C.

Condition and cause

D.

Criteria and condition.

Full Access
Question # 109

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective.

B.

The chief audit executive reports both functionally and administratively to the CEO

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives

Full Access
Question # 110

According to IIA guidance which of the following represents sufficient information?

A.

Information that is factual adequate and convincing

B.

Information that is best attainable through the use of appropriate engagement techniques

C.

Information that supports engagement objectives and recommendations

D.

Information that helps the organization meet its goals

Full Access
Question # 111

Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?

A.

The senior auditors are unavailable, as they are currently working on other portions of the engagement

B.

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.

The audit engagement has a tight deadline and the work must be completed timely.

D.

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement

Full Access
Question # 112

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Full Access
Question # 113

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.

Management is responsible for ensuring that the organization ' s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Full Access
Question # 114

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

A.

1 only

B.

3 only

C.

1 and 3 only

D.

1, 2, and3

Full Access
Question # 115

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Full Access
Question # 116

Which of the following statements is true regarding engagement planning?

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management ' s view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Full Access
Question # 117

During an organization’s management meetings, employees who report bad news and significant risks are treated as if they were to blame for those circumstances. As a result, employees tend to postpone delivering bad news to management for as long as possible. Which of the following should be addressed to improve this culture?

A.

Tone at the top

B.

Risk accountability

C.

Risk leadership

D.

Code of ethics

Full Access
Question # 118

Management testimony of improper segregation of duties in the cash receipt process can be considered which of the following?

A.

Analytical

B.

Reliable

C.

Relevant

D.

Sufficient

Full Access
Question # 119

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?

A.

Competency.

B.

Objectivity.

C.

integrity

D.

Confidentiality

Full Access
Question # 120

A chief audit executive (CAE) a developing a work program for an upcoming engagement that will review an organization’s small contracting services. When of the following would the CAT need to consider most when developing the work program?

A.

The contracting department ' s staffing changes within the last year

B.

The certifications held by the internal auditors assigned to the engagement

C.

The internal audit activity ' s increase n budget and staffing for the year

D.

The organization ' s recent changes to how it processes payments

Full Access
Question # 121

An IT auditor is reviewing the access controls in an organization ' s accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?

A.

Utility software

B.

Generalized audit software

C.

Audit expert systems.

D.

integrated test facility

Full Access
Question # 122

Which of the following statements is true regarding internal auditors and other assurance providers?

A.

Assurance providers who report to management and/or are part of management cannot provide control self-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers.

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit hours.

D.

internal auditors can rely on the work of other assurance providers only if the other assurance providers report directly to the board

Full Access
Question # 123

During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?

A.

Compare turnover m the organization to published turnover rates of peer organizations.

B.

Compare turnover in one period with turnover in the previous period in the organization

C.

Compare turnover in the period to total employees in the organization

D.

Compare turnover with the auditor ' s general knowledge of the organization

Full Access
Question # 124

An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?

A.

A three-way match between the invoice, purchase requisition, and documentation of receipt of services

B.

A member of management approves the purchase requisition before the temporary employee begins work

C.

A scope of work for the temporary employee is included in the purchase requisition and signed by the organization

D.

Payments to the vendor are analyzed monthly to ensure they do not exceed the amount approved on the purchase order

Full Access
Question # 125

What is the most likely reason an internal auditor would interview operational management during engagement planning?

A.

To validate the engagement work program.

B.

To help the internal auditor understand the objectives of the area or process under review.

C.

To determine whether operational management has sufficient knowledge of risks and controls.

D.

To determine whether management followed through on action plans from a previous consulting engagement.

Full Access
Question # 126

Which of the following statements generally true regarding audit engagement planning?

A.

The best source tor detailed process information is senior management

B.

Audit objectives should be general and do not change.

C.

Computer-assisted audit techniques are typically not useful during engagement planning

D.

Internal auditors should prepare a dented audit program for testing controls

Full Access
Question # 127

Which of the following is a disadvantage of using flowcharts during a risk assessment?

A.

People cannot quickly understand the processes via flowcharts

B.

Flowcharts are not applicable for evaluating the design of controls

C.

Some serious risks that are not part of the linear process can be missed

D.

Flowcharts do not enable auditors to identify missing controls

Full Access
Question # 128

Which of the following statements is true regarding the use of internal control questionnaires (ICOs)?

A.

ICQs are efficient because they minimize the need for follow-up with survey respondents

B.

Controls with positive survey responses can be eliminated from further testing

C.

Answers to survey questions can be easily misinterpreted

D.

ICQs offer limited value for organizations with uniform procedures

Full Access
Question # 129

Which of the following internal audit activities is performed in the design evaluation phase?

A.

The internal auditor reviews prior audits and workpapers

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management

Full Access
Question # 130

A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CCO and present the revised audit plan to the board for approval

Full Access
Question # 131

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Full Access
Question # 132

The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Full Access
Question # 133

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Full Access
Question # 134

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding. Which of the following is a reason to use narrative memoranda?

A.

To create a detailed risk assessment.

B.

To identify individuals who perform key roles.

C.

To explain a simple process.

D.

To document which outputs support other activities.

Full Access
Question # 135

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?

A.

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.

Develop a report of excess inventory and compare the inventory with current production volume.

C.

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Full Access
Question # 136

Which of the following is the primary reason to develop an audit work program?

A.

To alert operational management to the types of audit tests that will likely be performed.

B.

To help the engagement team understand which tasks have to be performed and how.

C.

To assist with communicating all relevant audit findings, conclusions, and recommendations to operational management.

D.

To facilitate the supervision of the audit engagement and enable the chief audit executive to provide relevant feedback.

Full Access
Question # 137

When estimating the impact of an inherent risk, which of the following should internal auditors consider?

A.

The probability and frequency of occurrence

B.

Financial and nonfinancial factors related to the risk

C.

The number of risks identified on the heat map

D.

The residual risk following implementation of appropriate controls

Full Access
Question # 138

In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?

A.

Sum of the years’ digits.

B.

Declining balance.

C.

Double-declining balance.

D.

Straight line.

Full Access
Question # 139

For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

A.

Independently evaluating conflicts of interests.

B.

Assessing contracts for relevant terms and conditions.

C.

Performing statistical analysis for data anomalies.

D.

Preparing evidentiary documentation.

Full Access
Question # 140

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Full Access
Question # 141

An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

A.

As soon as possible, no later than two months after the audit

B.

When convenient for both parties

C.

When management has indicated that the issue has been resolved

D.

Before financial year end

Full Access
Question # 142

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management ' s compliance with privacy laws for safeguarding customer information stored on the organization ' s servers. Which course of action is appropriate for this phase of the engagement?

A.

Solicit the services of a specialist information systems auditor

B.

Obtain the most current approved copies of the organization ' s privacy policy

C.

Consult with legal counsel about new privacy laws to establish appropriate criteria

D.

Consider the detection risk of noncompliance with the laws

Full Access
Question # 143

An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Full Access
Question # 144

Which of the following would most likely form part of the engagement scope?

A.

Potential legislation on privacy topics will be employed as a compliance target O Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

B.

Both random and judgmental samplings will be used during the engagement

C.

The probability of significant errors will be considered via risk assessment.

Full Access
Question # 145

A chief audit executive ' s report to the board showed a significant trend of recent aud4s going over planned budgeted hours. Which of the following factors could cause this trend?

A.

Poor engagement supervision

B.

ineffective board reporting

C.

Untimely observation follows up and closure

D.

Limited staff resources

Full Access
Question # 146

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring

D.

Include all types of observations in the monitoring process

Full Access
Question # 147

Below is a flowchart detailing an organization ' s bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?

Question # 147

A.

There is a conflict in the segregation of duties between preparing bank reconciliations and posting payments to the accounting books.

B.

There is an appropriate segregation of duties in the treasury department during the bank reconciliation process.

C.

There is a large workload for the treasury accountant during the bank reconciliation process.

D.

Bank statements should be obtained at a higher level, such as through the treasury supervisor.

Full Access
Question # 148

In which of the following situations has an internal audit of obtained physical evidence?

A.

An internal auditor made purchases from several of the organization ' s retail outlets to evaluate customer service

B.

An internal auditor interviewed various employees regarding health and safety issues and recorded their answers

C.

An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio

D.

An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney

Full Access
Question # 149

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with the internal policy.

Full Access
Question # 150

Which of the following statements concerning workpapers is the most accurate?

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Full Access
Question # 151

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Full Access
Question # 152

Which of the following types of resources is the most important and challenging to identify and allocate in order to perform an audit engagement?

A.

External resources.

B.

IT resources.

C.

Human resources.

D.

Monetary budget.

Full Access
Question # 153

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product.

D.

Variable cost plus a markup.

Full Access
Question # 154

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?

A.

To create a detailed risk assessment

B.

To identify individuals who perform key roles

C.

To explain a simple process.

D.

To document which outputs support other activities.

Full Access
Question # 155

While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?

A.

Inform management and request that the plan be tested immediately.

B.

Update the recovery plan for management, as part of the review.

C.

Evaluate the recovery plan and report weaknesses to management.

D.

Recommend that management and users update and test the recovery plan.

Full Access
Question # 156

For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Full Access
Question # 157

Which of the following is an example of a compliance assurance engagement?

A.

Providing in-house training to senior management regarding applicable laws and regulations.

B.

Providing an assessment of the design adequacy of controls related to consumer privacy and confidentiality.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization.

D.

Providing testing on the operating effectiveness of controls over the reliability of financial reporting.

Full Access
Question # 158

According to IIA guidance, which of the following is a limitation of a heat map?

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Full Access
Question # 159

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization ' s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board ' s meeting records.

Full Access
Question # 160

Which of the following situations would justify the removal of a finding from the final audit report?

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Full Access
Question # 161

Which of the following is least likely to help ensure that risk is considered in a work program?

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Full Access
Question # 162

A multinational organization has asked the internal audit activity to assist in setting up the organization ' s risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?

A.

Coordinate and facilitate risk workshops for management to attend

B.

Establish the degree of risk appetite for management to accept.

C.

Set risk Indicators and mitigation plans for management to Implement.

D.

Determine the number of significant risks for management to report to the board

Full Access
Question # 163

Which of the following internal audit activities is performed in the design evaluation phase?

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Full Access
Question # 164

According to IIA guidance,which of the following is true about the supervising internal auditor ' s review notes?

• They are discussed with management prior to finalizing the audit.

• They may be discarded after working papers are amended as appropriate.

• They are created by the auditor to support her fieldwork in case of questions.

• They are not required to support observations issued in the audit report.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Full Access
Question # 165

An internal auditor wants to examine the intensity of correlation between electricity price and wind speed. Which of the following analytical approaches would be most appropriate for this purpose?

A.

A Gantt chart

B.

A scatter diagram

C.

A RACI chart

D.

A SIPOC diagram

Full Access
Question # 166

Which of the following statements is true regarding internal control questionnaires?

A.

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

B.

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

C.

Internal control questionnaires can be used by internal auditors as an interview guide

D.

Internal control questionnaires provide direct audit evidence which may need corroboration

Full Access
Question # 167

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Full Access
Question # 168

Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?

A.

End the consulting engagement and report the results to management as planned

B.

Report the significant control issues to senior management and the board and recommend corrective action

C.

Mutually agree with the engagement client on corrective actions

D.

Focus on the consulting engagement and schedule an assurance engagement next to address the control issues

Full Access
Question # 169

Which of the following statements is true regarding internal controls?

A.

For assurance engagements, internal auditors should plan to assess the effectiveness of all entity-level controls.

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review, to prevent tipping off probable audit tests.

D.

Reviewing process maps and flowcharts is an appropriate method for the internal auditor to identify all key risks and controls during engagement planning.

Full Access
Question # 170

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

A.

The need and availability of automated support.

B.

The potential impact of key risks.

C.

The expected outcomes and deliverables.

D.

The operational and geographic boundaries.

Full Access
Question # 171

According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?

A.

Reperformance.

B.

Vouching.

C.

Independent confirmation.

D.

Root cause analysis.

Full Access
Question # 172

A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?

A.

Include using in a subsequent audit to determine if the risks are still present

B.

Discuss the matter with senior management and it not reserved with the board

C.

Require that management implement controls to mitigate lie risks

D.

Report the risks to the process owners so that they can modify their process

Full Access
Question # 173

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^

A.

CAE reviews and approves the annual audit plan.

B.

CAE meets privately with the CEO at least annually

C.

CAE meets privately with the board at least annually.

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Full Access
Question # 174

During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?

A.

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.

Career and promotion paths are not easily visible and defined.

C.

Communication is likely to be top-down, with little feedback from lower-level employees.

D.

Employees have little autonomy, which may result in employee turnover or low morale.

Full Access
Question # 175

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

A.

Nonstatistical sampling provides more objective recommendations for management.

B.

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

Full Access
Question # 176

An internal auditor is assigned to validate calculations on the organization ' s billing application. As part of the test, the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

A.

Generalized audit software.

B.

Utility software.

C.

Integrated test facilities.

D.

Audit expert systems.

Full Access
Question # 177

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Full Access
Question # 178

The objective of an upcoming engagement is to review the wind park projects and assess compliance with established project management principles. Which of the following is most likely to be the aim of the engagement work program?

A.

Evaluate the application of project management guidance in the development of wind parks.

B.

Identify key risks and mitigation plans pertaining to the management of wind parks.

C.

Assess whether development of wind parks is compliant with relevant legal acts and international best practices.

D.

Review the wind park development strategy and compare its goals with operational targets and metrics.

Full Access
Question # 179

The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?

A.

Explain the situation to senior management and remove the audit from the audit plan until next year

B.

Conduct the audit of the quality department but adjust the audit program to remove the quality control testing

C.

Engage one of the other trained employees to participate in the audit review of the quality department

D.

Request that external auditors include this area as part of their review and provide independent assurance

Full Access
Question # 180

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Full Access
Question # 181

Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?

A.

Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.

B.

Accept the audit engagement and use the engagement as an opportunity to develop the audit team’s IT expertise while performing the audit work.

C.

Temporarily hire an experienced and knowledgeable IT analyst from the organization ' s IT department to lead the audit.

D.

Outsource the audit engagement to a reputable IT audit consulting firm.

Full Access
Question # 182

Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?

A.

Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.

B.

Ensure new procedures have been documented, approved, and distributed to the employees responsible.

C.

Perform retesting to confirm that new procedures address the previously identified deficient control activities.

D.

Analyze the new procedures, then report to senior management whether the associated risks have been managed.

Full Access
Question # 183

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

A.

Communicate immediately to the relevant regulatory agency the information regarding the company ' s control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Full Access
Question # 184

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Full Access
Question # 185

Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?

A.

The frequency of executing the internal audit engagements

B.

The frequency of changes in the organization environment

C.

The expectations set by the board and senior management

D.

The expectations set by operating management and senior management

Full Access
Question # 186

Which of the following represents the best example of a strategic goal?

A.

Customer satisfaction index has to be 90% each quarter.

B.

Ten rapid charging stations will be installed next year.

C.

The organization aims to decrease the budget by 10%.

D.

The organization will be carbon neutral within 5 years.

Full Access
Question # 187

A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?

A.

The AI program becomes self-reliant and no longer requires human assistance to perform tasks for the organization.

B.

The AI program advancements allow for it to generate original images for use by content creators and other individuals.

C.

The AI program captures images found online that are created and owned by individuals and other organizations.

D.

The AI program will have to comply with the national regulation expected to come in force in two years ' time.

Full Access
Question # 188

Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

A.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

B.

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

C.

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

D.

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Full Access
Question # 189

At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Full Access
Question # 190

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

A.

Leadership

B.

Documentation.

C.

Analysis.

D.

Reporting

Full Access
Question # 191

According to IIA guidance, which of the following statements is true regarding audit workpapers?

A.

Review notes on audit workpapers must be retained to provide a record of questions raised by the reviewer.

B.

Audit workpaper documentation policies are reviewed and approved by the audit committee.

C.

Management of the department being audited should review the prepared workpapers for accuracy.

D.

Audit workpaper preparation contributes to the professional development of the internal audit staff.

Full Access
Question # 192

Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?

A.

It provides the internal audit activity with more resourcing options to meet the audit plan

B.

It offers internal auditors the opportunity to learn more about other work areas.

C.

It gives nonauditors a better understanding of the control environment.

D.

It provides an opportunity for the recruitment of employees as permanent internal auditors

Full Access
Question # 193

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

A.

To prepare for testing the effectiveness of controls.

B.

To plan for evaluating potential losses.

C.

To prepare a sampling plan for the engagement.

D.

To evaluate the design of controls.

Full Access
Question # 194

The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

A.

It minimizes the amount of time spent and cost incurred to gather the necessary information.

B.

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

C.

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

D.

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Full Access
Question # 195

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

There is a clear strategy and timeline to migrate risk management responsibility back to management.

The internal audit activity has the final approval on any risk management decisions.

The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

The nature of services provided to the organization is documented in the internal audit charter.

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Full Access
Question # 196

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A.

A description of their job responsibilities.

B.

A non-disclosure agreement

C.

An annual declaration of commitment to The HAs Code of Ethics.

D.

The internal audit charter

Full Access
Question # 197

An internal auditor has discovered that duplicate payments were made to one vendor. Management has recouped the duplicate payments as a corrective action. Which of the following describes management’s action in this case?

A.

A condition-based action plan.

B.

A cause-based action plan.

C.

A root cause-based action plan.

D.

An effect-based action plan.

Full Access
Question # 198

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors.

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Full Access
Question # 199

An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

A.

The policies and procedures of the internal audit activity.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The IIA ' s Code of Ethics.

Full Access
Question # 200

An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?

A.

Perform a site visit to see whether the organization ' s servers are operational

B.

Interview end users to determine whether they understand how to use the database information

C.

Determine whether policies are in place on how to use the database information

D.

Review for indications of potential issues with the database information

Full Access
Question # 201

What is the primary objective of an engagement supervisor ' s review of key activities performed during the engagement?

A.

To ensure that the engagement is completed on time and within budget

B.

To ensure that all work performed meets acceptable quality standards

C.

To ensure that management has provided suitable responses to all observations

D.

To ensure that management is satisfied with the progress of the engagement

Full Access
Question # 202

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Full Access
Question # 203

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?

1. Coordinate post-engagement conferences to discuss the final audit report with management.

2. Include management ' s responses in the final audit report.

3. Review and approve the final audit report.

4. Determine who will receive the final audit report.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Full Access
Question # 204

An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?

A.

Credit limit over drafts are not monitored in accordance with the organizations policy

B.

Seventeen percent of customers ' open balances in the sample exceed their approved unsecured credit rent

C.

The threshold for credit limits defined by the organization ' s policy is not adequate

D.

Management should perform monthly monitoring of open customer balances

Full Access
Question # 205

During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?

A.

It would be an inefficient way for internal auditors to address multiple controls in the activity under review.

B.

It would limit certain members of the internal audit team from being fully involved in the engagement.

C.

It would be the most effective way for the internal audit team to obtain a detailed understanding of the processes and controls in the activity to be audited.

D.

It would be an efficient way for the internal audit team to determine whether specified control activities are in place.

Full Access
Question # 206

Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?

A.

Stratification of numeric values

B.

Gap testing

C.

Joining different data sources

D.

Duplicate testing

Full Access
Question # 207

Which of the following sources of audit evidence is most reliable?

A.

Evidence obtained directly from an untested third party.

B.

Uncorroborated audit evidence obtained indirectly from an employee.

C.

Undocumented audit evidence obtained directly from a manager.

D.

Timely audit evidence obtained directly from a customer.

Full Access
Question # 208

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Full Access
Question # 209

Which of the following is an appropriate documentation of proper engagement supervision?

A.

A completed engagement workpaper review checklist.

B.

The supervisor ' s review notes on engagement workpapers.

C.

The email exchanges between the audit team and the supervisor.

D.

A supervisor ' s approval of resources allocated to the engagement

Full Access
Question # 210

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Full Access
Question # 211

Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?

A.

The presence of an independent critical mass

B.

The established philosophy and operating style of senior management

C.

The articulated internal control objectives of the organization

D.

The organization ' s employee recruiting and retention policies

Full Access
Question # 212

During the review of an organization ' s retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?

A.

Sufficiency.

B.

Reliability.

C.

Relevancy.

D.

Usefulness.

Full Access
Question # 213

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

it is more successful when goal-setting Is performed not only by management, but by all team members, including lower-level staff

D.

it is particularly successful in environments that are prone to having poor employer-employee relations

Full Access
Question # 214

Which of the following is a true statement regarding whistleblowing?

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations.

Full Access
Question # 215

An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

A.

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.

if it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor ' s previous role when this engagement was assigned.

Full Access
Question # 216

Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?

A.

Strategic plans reflect the organization ' s business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Full Access
Question # 217

To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?

A.

Assess controls for potential compliance issues that may affect me consolidation

B.

Brief vendors on the potential risks that will occur without continued business

C.

Advise division managers on how to streamline operations for better efficiency

D.

Determine whether the organization’s controls are effective in meeting business objectives

Full Access
Question # 218

According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?

A.

Sufficiency.

B.

Appropriateness.

C.

Effective deployment.

D.

Cost effectiveness.

Full Access
Question # 219

Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?

A.

Gap analysis

B.

Staff preferences

C.

Maturity analysis

D.

Extent of external audit coverage

Full Access
Question # 220

The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Full Access
Question # 221

What is the primary reason that audit supervision includes approval of the engagement report?

A.

To ensure the objectives of the area under review are met

B.

To ensure senior management supports the reports conclusions

C.

To ensure report style and grammar are appropriate.

D.

To ensure report findings are substantiated

Full Access
Question # 222

An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Full Access
Question # 223

Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?

A.

Tracing

B.

Reperformance

C.

Vouching

D.

Walkthrough

Full Access
Question # 224

An organization ' s health-care insurance costs have been rising approximately 10 percent per year for several years Which of the following analytical review procedures would best evaluate the reasonableness of the increase in health-care costs?

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations

B.

Obtain the government index of health-care costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another health-care administrator to provide the same administrative services as the current health-care administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred

Full Access