Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
When is an organic organizational structure likely to be more successful than a mechanistic organizational structure?
Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?
Which of the following represents a ratio that measures short term debt-paying ability?
According to IIA guidance, which of the following typically serves as the basis for an engagement work program?
An internal auditor is planning an audit engagement of a subsidiary organization. The auditor learns that a corporate investigator from the holding organization is investigating the subsidiary regarding a fraud case. Which of the following is true regarding the scope of the internal auditor’s engagement?
According to IIA guidance, which of the following statements about analytical procedures is true?
Which of the following would best prevent phishing attacks on an organization?
An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1.Consult on CSR program design and implementation
2.Serve as an advisor on CSR governance and risk management.
3.Review third parties for contractual compliance with CSR terms
4Identify and mitigate risks to help meet the CSR program objectives
According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity ' s (IAA ' s) objectives?
A manufacturing organization specializes in the production of evaporated milk and breakfast cereals. The manufacturing processes create significant loss in the form of waste and byproducts. The provision for normal production loss is known to senior management, but little action is taken when abnormal production losses occur. The organization sells its production byproducts to fish farmers at a reduced price. The byproducts are a widely recognized and used product in the fish farming industry. The organization has a policy that also allows its employees to purchase the byproducts at a negligible price. Based on the above, which of the following risks should the internal audit function consider when planning an engagement of the production process?
An internal auditor is asked to perform an assurance engagement in the organization ' s newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?
What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?
Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?
Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.
During an assurance engagement an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?
Which of the following is true regarding the monitoring of internal audit activities?
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?
An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?
An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
Which of the following factors should be considered when determining the staff requirements for an audit engagement?
The internal audit activity ' s time constraints.
The nature and complexity of the area to be audited.
The period of time since the area was last audited.
The auditors’ preference to audit the area.
The results of a preliminary risk assessment of the activity under review.
According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?
Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?
An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?
Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?
An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
1.There is a clear strategy and timeline to migrate risk management responsibility back to management.
2.The internal audit activity has the final approval on any risk management decisions.
3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
4.The nature of services provided to the organization is documented in the internal audit charter.
Which of the following is an appropriate activity when supervising engagements?
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management ' s response to audit recommendations?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management ' s decision, which of the following is the most appropriate next step for the CAE to take?
In which of following scenarios is the internal auditor performing benchmarking?
If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?
While planning for an accounts payable audit an internal auditor performs an entity level controls analysis. Which of the following statements is true regarding me approach used by the auditor?
An organization must maintain a current ratio of at least 1.2 to comply with debt covenants. Its current ratio is now 0.9. Which year-end transaction can increase the current ratio?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
According to IIA guidance, when would an interim report typically be produced?
Which of The following best describes a risk that is deemed " unacceptable " to the organization?
After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?
During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?
The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?
An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?
After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?
When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports
1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting
3.Setting up a hotline for employees to report fraudulent behavior anonymously.
4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?
During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?
Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?
A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
According to HA guidance on IT, which of the following actions would be performed as part of the " Define IT Universe " stage of the IT audit plan development process?
Which of the following statements describes an engagement planning best practice?
While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?
An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?
According to IIA guidance, which of the following should be a primary objective for an internal auditor who is conducting an exit conference?
An internal auditor is using attributes sampling to test internal controls. Under which of the following circumstances would the auditor increase the original sample size to estimate error occurrence at a given precision and confidence level?
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?
An internal auditor wants to obtain management ' s evaluation of the organizational risk culture. Because there are more than 30 geographically dispersed managers, one-to-one interviews are not possible. Which of the following is the most efficient option for the auditor to adopt?
The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?
Which of the following best exemplifies having effective risk management and internal control processes?
The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9
Which of the following statements best demonstrates application of due professional care during an assurance engagement?
Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity ' s recommendations are being acted upon?
According to IIA guidance which of the following statements is true regarding heat maps?
According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?
Which of the following would help the internal audit activity assess compliance with the organization ' s standard operating procedures for bank deposits during a preliminary survey?
Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?
To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?
According to IIA guidance, which of the following activities is most likely to enhance stakeholders ' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE ' s best option for fulfilling the internal audit activity ' s responsibilities in this case?
Internal control questionnaires are used to achieve which of the following objectives?
A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization ' s goals.
An internal auditor is tasked with evaluating the adequacy of the organization ' s inventory fraud controls. What is the most relevant information that the auditor can obtain from the documentation of cyclic counting for this purpose?
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
Which of the following best describes the engagement objective in a banking compliance audit?
Which of the following could increase risks to the organization’s control environment?
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?
Which of the following contributes to the reliability of information collected for an audit engagement?
Which of the following statements is true regarding different competitive strategies?
Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?
Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?
An internal auditor believes that the internal audit activity ' s independence is impaired Which of the following actions should the internal auditor take first?
Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?
An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?
An internal auditor determined that the organization ' s accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?
The chief audit executive (CAE) is developing a workpaper preparation policy for a new internal audit activity. The CAE wants to ensure that all workpapers relate directly to the engagement objectives. Which of the following statements should be included in the policy specifically to address this concern?
According to IIA guidance, which of the following statements is true regarding due professional care?
Which of the following is true regarding the communication of engagement results with stakeholders?
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?
Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?
During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor ' s decision to combine both observations into one reported finding?
An audit observation states the following:
" Despite the rules of the organization there is no approved credit risk management policy in the subsidiary. The subsidiary is concluding contacts with clients who have very high credit ratings. The internal audit team tested 50 contacts and 17 showed clients with a poor credit history "
Which of the following components are missing in the observation?
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
According to IIA guidance which of the following represents sufficient information?
Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
During an organization’s management meetings, employees who report bad news and significant risks are treated as if they were to blame for those circumstances. As a result, employees tend to postpone delivering bad news to management for as long as possible. Which of the following should be addressed to improve this culture?
Management testimony of improper segregation of duties in the cash receipt process can be considered which of the following?
During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?
A chief audit executive (CAE) a developing a work program for an upcoming engagement that will review an organization’s small contracting services. When of the following would the CAT need to consider most when developing the work program?
An IT auditor is reviewing the access controls in an organization ' s accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?
Which of the following statements is true regarding internal auditors and other assurance providers?
During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?
An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?
What is the most likely reason an internal auditor would interview operational management during engagement planning?
Which of the following statements generally true regarding audit engagement planning?
Which of the following is a disadvantage of using flowcharts during a risk assessment?
Which of the following statements is true regarding the use of internal control questionnaires (ICOs)?
Which of the following internal audit activities is performed in the design evaluation phase?
A corporate merger decision prompts the cruel audit executive (CAE) to propose interim changes lo the existing annual audit plan to account for emerging risks. When of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?
The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding. Which of the following is a reason to use narrative memoranda?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor ' s theory?
Which of the following is the primary reason to develop an audit work program?
When estimating the impact of an inherent risk, which of the following should internal auditors consider?
In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?
An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?
An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management ' s compliance with privacy laws for safeguarding customer information stored on the organization ' s servers. Which course of action is appropriate for this phase of the engagement?
An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?
Which of the following would most likely form part of the engagement scope?
A chief audit executive ' s report to the board showed a significant trend of recent aud4s going over planned budgeted hours. Which of the following factors could cause this trend?
Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?
Below is a flowchart detailing an organization ' s bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?
In which of the following situations has an internal audit of obtained physical evidence?
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
Which of the following statements concerning workpapers is the most accurate?
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?
Which of the following types of resources is the most important and challenging to identify and allocate in order to perform an audit engagement?
A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?
Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?
While conducting an information security audit, an internal auditor learns that the existing disaster recovery plan is four years old and untested. The auditor also learns that in the four years since the recovery plan was implemented, the information systems have undergone extensive changes. Which of the following actions is most appropriate for the auditor to take?
For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?
Which of the following is an example of a compliance assurance engagement?
According to IIA guidance, which of the following is a limitation of a heat map?
A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization ' s attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?
Which of the following situations would justify the removal of a finding from the final audit report?
Which of the following is least likely to help ensure that risk is considered in a work program?
A multinational organization has asked the internal audit activity to assist in setting up the organization ' s risk management system The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?
Which of the following internal audit activities is performed in the design evaluation phase?
According to IIA guidance,which of the following is true about the supervising internal auditor ' s review notes?
• They are discussed with management prior to finalizing the audit.
• They may be discarded after working papers are amended as appropriate.
• They are created by the auditor to support her fieldwork in case of questions.
• They are not required to support observations issued in the audit report.
An internal auditor wants to examine the intensity of correlation between electricity price and wind speed. Which of the following analytical approaches would be most appropriate for this purpose?
Which of the following statements is true regarding internal control questionnaires?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
Management requested internal audit consulting services. During fieldwork significant control issues were identified by the internal audit team. Which of the following is an appropriate response from the chief audit executive?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
According to IIA guidance, which of the following provides additional insight into errors, problems, missed opportunities, or noncompliance to improve the effectiveness and efficiency of an organization ' s control process?
A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?
According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^
During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?
Which of the following is an advantage of nonstatistical sampling over statistical sampling?
An internal auditor is assigned to validate calculations on the organization ' s billing application. As part of the test, the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?
The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?
The objective of an upcoming engagement is to review the wind park projects and assess compliance with established project management principles. Which of the following is most likely to be the aim of the engagement work program?
The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?
Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?
Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?
The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?
When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?
Besides a chief audit executive ' s professional experience what determines the frequency and approach to assessing residual risk?
A technology organization is developing an artificial intelligence (AI) program for use on its social media platform. The AI program is meant to help content creators with images and posts that will acquire followers more efficiently. The internal audit function is planning an engagement of the AI program development. Which of the following should be considered a significant, immediate, and inherent risk?
Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?
At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
According to IIA guidance, which of the following statements is true regarding audit workpapers?
Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?
There is a clear strategy and timeline to migrate risk management responsibility back to management.
The internal audit activity has the final approval on any risk management decisions.
The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.
The nature of services provided to the organization is documented in the internal audit charter.
Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
An internal auditor has discovered that duplicate payments were made to one vendor. Management has recouped the duplicate payments as a corrective action. Which of the following describes management’s action in this case?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?
An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?
What is the primary objective of an engagement supervisor ' s review of key activities performed during the engagement?
After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the
organization. What is the most appropriate first step for the CAE to take?
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management ' s responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?
During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?
Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
Which of the following is an appropriate documentation of proper engagement supervision?
An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.
Which of the following techniques will help the audit team achieve this sampling objective?
Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?
During the review of an organization ' s retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?
Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?
To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?
The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
What is the primary reason that audit supervision includes approval of the engagement report?
An internal auditor is assigned to validate calculations on the organization ' s building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?
Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?
An organization ' s health-care insurance costs have been rising approximately 10 percent per year for several years Which of the following analytical review procedures would best evaluate the reasonableness of the increase in health-care costs?