Weekend Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-CIA-Part2 Questions and Answers

Question # 6

Which of the following internal audit activities is performed in the design evaluation phase?

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Full Access
Question # 7

Which of the following is one of the five basic tnanoal statement assertions when an internal auditor evaluates controls over financial reporting?

A.

Reliability or appropriateness

B.

Reasonableness

C.

Existence or occurrence

D.

Relevance

Full Access
Question # 8

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

A.

Criteria

B.

Condition

C.

Cause

D.

Effect

Full Access
Question # 9

An engagement team is being assembled to audit of one of the organization's vendors Which of the following statements best applies to this scenario?

A.

The engagement team should include internal auditors who have expertise in investigating vendor fraud

B.

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

C.

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

D.

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Full Access
Question # 10

According to IIA guidance, which of the following statements is true regarding audit workpapers?

A.

Review notes on audit workpapers must be retained to provide a record of questions raised by the reviewer.

B.

Audit workpaper documentation policies are reviewed and approved by the audit committee.

C.

Management of the department being audited should review the prepared workpapers for accuracy.

D.

Audit workpaper preparation contributes to the professional development of the internal audit staff.

Full Access
Question # 11

Which of the following would be most likely found in an internal audit procedures manual?

A.

A summary of the strategic plan of the area under review.

B.

Appropriate response options for when findings are disputed by management.

C.

An explanation of the resources needed for each engagement.

D.

The extent of the auditor's authority to collect data from management.

Full Access
Question # 12

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Full Access
Question # 13

The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks Which of the following engagement objectives would be appropriate to fulfill this request?

A.

Assess the organization's ability to minimize potential external risks

B.

Assess the organization's process of vetting vendors that provide necessary services to the organization

C.

Assess the organization's risk impacts from the markets in which it operates

D.

Assess the organization's controls implemented that would help minimize risks

Full Access
Question # 14

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Full Access
Question # 15

A chief audit executive (CAE) is trying to balance the internal audit activity's needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Full Access
Question # 16

Which of the following statements is true regarding internal controls?

A.

For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts

D.

Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning

Full Access
Question # 17

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

A.

Create an assurance map to illustrate each provider's level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Full Access
Question # 18

What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?

A.

Operational audit

B.

Compliance and financial audit

C.

Performance audit

D.

Quality audit

Full Access
Question # 19

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Full Access
Question # 20

Which of the following is true about surveys?

A.

A survey with open-ended questions is weaker than a structured interview

B.

A survey with closed-ended questions can produce quantifiable evidence

C.

A survey's participants are likely to volunteer information that was not specifically requested

D.

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

Full Access
Question # 21

Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?

A.

Written observations allow for more interpretation.

B.

Written observations help the internal auditors express the significance.

C.

Written and verbal observations are equally effective.

D.

Written observations limit premature agreement.

Full Access
Question # 22

An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?

A.

interview IT management in both regions

B.

Inspect regional user software training records

C.

Interview propel management and the vendor responsible for implementation

D.

Distribute surveys to software users in both regions

Full Access
Question # 23

When presenting an observation m writing which or the Mowing is usually true regarding the level of detail provided?

1. The description of the observation in the final audit report contains more detail then the description m the engagement workpapers

2. The description of the observation m the engagement workpapers contains more detail than the descriptor n a preliminary observation document

3. A preliminary observation document contains more detail than tie observation description in the final audit report

4. A preliminary observation document contains more detail than tie observation description in the engagement workpapers

A.

1 and 2

B.

1 and 4

C.

2 and3

D.

3 and 4

Full Access
Question # 24

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

A.

It documents the audit steps and procedures to be performed.

B.

It documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review.

Full Access
Question # 25

According to IIA guidance, which of the following reflects a valid principle for the internal audit activity to rely on the work of internal or external assurance providers?

A.

Elements of evaluation

B.

Elements of organization

C.

Elements of practice

D.

Elements of confidentiality

Full Access
Question # 26

When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Full Access
Question # 27

A chief audit executive (CAE) a developing a work program for an upcoming engagement that will review an organization’s small contracting services. When of the following would the CAT need to consider most when developing the work program?

A.

The contracting department's staffing changes within the last year

B.

The certifications held by the internal auditors assigned to the engagement

C.

The internal audit activity's increase n budget and staffing for the year

D.

The organization's recent changes to how it processes payments

Full Access
Question # 28

Which of the following should management action plans include at a minimum?

A.

An implementer for the action plan

B.

An owner of the action plan

C.

The internal auditor's next review date of the action plan

D.

Detailed procedures for the action plan

Full Access
Question # 29

Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?

A.

The calculated statistical sample size is 50 however the internal auditor believes errors exist so he decides to increase the sample size to 80

B.

The internal auditor traces serial numbers of computer equipment listed on an invoice to the fixed asset inventory

C.

The internal auditor reviews the accounts payable manager's petty cash fund and vouchers

D.

The internal auditor reviews the related invoice purchase order and receiving report for each sample selection

Full Access
Question # 30

Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?

A.

The internal audit team and audit client have a serious dispute over the scope and objective of the engagement

B.

The internal audit team expects management to address certain issues immediately due to their severe impact

C.

The internal audit team anticipates that the formal final audit report would be undesirable for management due to the significance of outlined risks

D.

The internal audit team would like to issue a clean final audit report without any material observations or risks

Full Access
Question # 31

An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization's policies. When of the following approaches would provide the auditor with the best information?

A.

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

B.

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

C.

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

D.

Randomly select several months obtain ageing reports for these months and compare them with the poor year

Full Access
Question # 32

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

A.

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Full Access
Question # 33

Which of the following statements is true regarding engagement planning?

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management's view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Full Access
Question # 34

The audit manager asked the internal auditor to perform additional testing because several irregularities were found in the financial information. Which of the following would be the most appropriate analytical review for the auditor to perform?

A.

Compare the firm's financial performance with organizations in the same industry

B.

Interview all managers involved in preparing the financial statements

C.

Perform a bank reconciliation to confirm the cash balance in the financial statements.

D.

Trace each financial transaction to the original supporting document

Full Access
Question # 35

Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

A.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

B.

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

C.

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

D.

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Full Access
Question # 36

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

A.

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Full Access
Question # 37

An internal control questionnaire would be most appropriate in which of the following situations?

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Full Access
Question # 38

To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?

A.

The organization's view on risk tolerance

B.

The organization's principal risk events.

C.

The organization's risk response strategies

D.

The organization's major control activities

Full Access
Question # 39

Which of the following constitutes supervisory activity undertaken during the planning phase of an assurance engagement?

A.

Ensuring the process owner with the engagement objectives

B.

Reviewing engagement draft reports

C.

Ensuring workpapers support audit findings

D.

Approving audit work programs

Full Access
Question # 40

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Full Access
Question # 41

According to HA guidance, which of the following statements regarding audit workpapers is true?

A.

Audit reports should include the workpapers as a reference for the audit conclusions.

B.

The internal auditor's workpapers are the primary reference for reported control deficiencies.

C.

Ad-hoc communications with management of the area under review should be excluded from the workpapers.

D.

Both draft and final versions of workpapers should be saved at the end of the engagement

Full Access
Question # 42

During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:

"As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the

respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure

to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended

that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management

should register the subsidiary in the current year as soon as possible."

What part of this narrative represents a condition of the observation made by auditors in the final report?

A.

" ... the subsidiary did not submit required documentation for registration in the prior year."

B.

" ... the entity is required to register annually with the respective ministry."

C.

" ... failure to comply with internal and external regulations might lead to penalties or fines from the respective authorities."

D.

" ... management should register the subsidiary in the current year as soon as possible."

Full Access
Question # 43

Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?

1. The hedge documentation designating the hedge.

2. The spot exchange rate on the transaction date.

3. The terms of the forward contract.

4. The amount of fuel purchased.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Full Access
Question # 44

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Full Access
Question # 45

An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?

A.

Select a sample of invoices for substantive testing

B.

Review the contract for evidence of authorization

C.

Document underlying reasons for noncompliance

D.

Assess the inherent risk of paying duplicate invoices

Full Access
Question # 46

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Full Access
Question # 47

Which of the following is the primary weakness of internal control questionnaires (ICQs)?

A.

ICQs do not allow for open-ended questions.

B.

ICQs do not allow for evaluating multiple locations.

C.

ICQs require significant auditor follow-up, as different managers may give different responses.

D.

ICQ respondents have incentives to answer that there are internal controls in place.

Full Access
Question # 48

What is the primary objective of an engagement supervisor's review of key activities performed during the engagement?

A.

To ensure that the engagement is completed on time and within budget

B.

To ensure that all work performed meets acceptable quality standards

C.

To ensure that management has provided suitable responses to all observations

D.

To ensure that management is satisfied with the progress of the engagement

Full Access
Question # 49

Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?

A.

PPS sampling s used to reach conclusions regarding monetary amounts, attribute sampling is not.

B.

PPS sampling is used to roach conclusions regarding rates of occurrence, attribute sampling is not.

C.

PPS sampling a applied within the context of testing controls attribute sampling s not.

D.

Attribute sampling is affected by the monetary book value of the population PPS sampling is not

Full Access
Question # 50

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Full Access
Question # 51

When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?

1. Add value.

2. Improve operations.

3. Provide assurance that the internal audit activity conforms with the Standards.

4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

A.

1 only

B.

1 and 2 only

C.

1 and 3 only

D.

1, 2, 3, and 4

Full Access
Question # 52

An internal auditor for a regional bank suspects that the head of commercial lending has been granting loans without the required collateral Which of the following sampling techniques will be most effective for investigating the auditor's suspicion?

A.

Variables sampling

B.

Dollar-unit sampling

C.

Judgmental sampling

D.

Discovery sampling

Full Access
Question # 53

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

A.

1 only

B.

4 only

C.

1 and 3

D.

2 and 4

Full Access
Question # 54

An internal auditor performed a test of controls and found that a statistically selected representative sample of recorded transactions within the account receivables ledger had an error rate that was within management expectations. The associated revenue account was outside the scope of the audit engagement. How should the conclusion to this engagement be reported?

A.

The auditor should state that the error rate was within the selected confidence level.

B.

Negative assurance should be provided, as the associated revenue account was not examined.

C.

The auditor should state that controls over the recording of transactions in the revenue account are operating effectively.

D.

Positive assurance could be provided for the effectiveness of the accounts receivable controls.

Full Access
Question # 55

During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?

A.

The auditor must not perform the training, because any task to improve the business process could impact audit independence.

B.

The auditor must create a new, separate consulting engagement with the business process owner prior to performing the improvement task.

C.

The auditor should get permission to extend the current engagement, and with the process owner's approval, perform the improvement task.

D.

The auditor may proceed with the improvement task without obtaining formal approval, because the task is voluntary and not time-intensive.

Full Access
Question # 56

During a review of data privacy an internal auditor is tasked with testing management's identification and prioritization of critical data collected by the organization. Which of the following steps would accomplish this objective?

A.

interview management to determine what types of data are collected and maintained

B.

Trace data from storage to the collection sources to determine how critical data is collected and organized

C.

Review a sample of data to determine whether the risk classification is reasonable

D.

Document and test a data inventory and classification program by determining the data classification levels and framework

Full Access
Question # 57

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

A.

Present the revised audit plan directly to the board for approval.

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CEO and present the revised audit plan to the board for approval.

Full Access
Question # 58

Which of the followings statements describes a best practice regarding assurance engagement communication activities?

A.

All assurance engagement observations should be communicated to the audit committee.

B.

All assurance engagement observations should be included in the main section of the engagement communication.

C.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

D.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

Full Access
Question # 59

Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?

A.

Understanding management's risk tolerance.

B.

Understanding business processes.

C.

Determining the size of the audit team needed to perform the review.

D.

Understanding organizational objectives.

Full Access
Question # 60

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 61

An internal auditor develops an engagement observation related to an organization's accumulation of large travel advances. The auditor observes that the organization's procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization's procedures?

A.

A criterion of the organization's accumulation of large travel advances

B.

A condition of the organization's accumulation of large travel advances

C.

A consequence of the organization's accumulation of large travel advances

D.

A cause of the organization's accumulation of large travel advances

Full Access
Question # 62

The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?

A.

Percentage of recommendations implemented by corrective action date

B.

Staff experience

C.

Percentage of planned audits completed

D.

Conformance with the International Professional Practices Framework

Full Access
Question # 63

Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?

A.

An expert or decision support system

B.

Generalized audit software

C.

A system utility program

D.

An integrated test facility

Full Access
Question # 64

When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?

A.

The chief audit executive may recommend that management conduct further work to identify the root cause and address the issue

B.

Internal auditors should finish the engagement without conducting the root cause analysis and draft the audit report, though the report would not be considered complete until the analysis is concluded

C.

internal auditors must adjust their future engagement schedule to ensure that the root cause analysis is always performed before the engagement is concluded

D.

Internal auditors should Instead perform a Pareto rule analysis

Full Access
Question # 65

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Full Access
Question # 66

Which of the following actions is the most appropriate response for an internal auditor to take when a significant risk is identified during a consulting engagement?

A.

Report the risk identified from the consulting engagement to senior management.

B.

Do not include the risk in the assessment of risk management processes, as that is management's responsibility.

C.

Do not report the risk, as it is out of scope for the consulting engagement.

D.

Include the risk identified from the consulting engagement in the next annual risk assessment only if it is part of the consulting engagement objectives.

Full Access
Question # 67

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Full Access
Question # 68

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Full Access
Question # 69

Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?

A.

To gam an understanding of the control environment

B.

To collect as much financial data as possible before engagement fieldwork begins.

C.

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.

To facilitate the quantification of financial data obtained

Full Access
Question # 70

During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

A.

The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily

B.

The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate

C.

The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.

D.

The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts

Full Access
Question # 71

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area's business plan.

D.

A review of previous audit and follow- up results of the area under review

Full Access
Question # 72

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 73

Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate

to achieve this objective?

A.

A compliance audit.

B.

A due diligence audit.

C.

A financial audit.

D.

An external audit.

Full Access
Question # 74

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

A.

Contact the audit committee chair to discuss the finding

B.

Obtain verbal assurance from management that the inappropriate access will be removed

C.

Issue an interim audit report so that management can implement action plans

D.

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Full Access
Question # 75

During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team's recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?

A.

The CAE should reassess and validate the risk tolerance policy

B.

The CAE should escalate the issue to senior management .

C.

The CAE should reiterate the internal audit team's recommendations to management .

D.

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

Full Access
Question # 76

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Full Access
Question # 77

Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?

A.

The assessment of high-level risks is typically a linear process.

B.

Management should create the preliminary risk matrix

C.

The analysis should begin with ne identification of objectives

D.

Likelihood should receive greater consideration than impact

Full Access
Question # 78

Which of the following statements is true regarding the audit objective for an assurance engagement?

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Full Access
Question # 79

Which of the following engagement supervision activities should be performed first?

A.

Ensure that internal audit recommendations are practical, cost-effective, and value-added

B.

Ensure that internal audit conclusions am based on sufficient and reliable evidence

C.

Ensure that risks to the timely completion of the engagement are assessed

D.

Ensure that performance assessments are completed for audit team members

Full Access
Question # 80

In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization's management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?

A.

Infrastructure.

B.

Emerging.

C.

Managed.

D.

Initial.

Full Access
Question # 81

An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?

A.

An interview with the employee who performed the work

B.

An analysis of purchasing and receiving documentation

C.

Existence of a signed completion document accepting the work

D.

A physical inspection of the retail outlet.

Full Access
Question # 82

Which of the following is least likely to help ensure that risk is considered in a work program?

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Full Access
Question # 83

Which of the following statements generally true regarding audit engagement planning?

A.

The best source tor detailed process information is senior management

B.

Audit objectives should be general and do not change.

C.

Computer-assisted audit techniques are typically not useful during engagement planning

D.

Internal auditors should prepare a dented audit program for testing controls

Full Access
Question # 84

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

Full Access
Question # 85

According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity's (IAA's) objectives?

A.

Align organizational activities to internal audit activities and measure according to the approved IAA performance measures.

B.

Establish a periodic review of monitoring and reporting processes to help ensure relevant IAA reporting.

C.

Use the results of IAA engagement and advisory reporting to guide current and future internal audit activities.

D.

Establish a format and frequency for IAA reporting that is appropriate and aligns with the organization's governance structure.

Full Access
Question # 86

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Full Access
Question # 87

To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?

A.

Assess controls for potential compliance issues that may affect me consolidation

B.

Brief vendors on the potential risks that will occur without continued business

C.

Advise division managers on how to streamline operations for better efficiency

D.

Determine whether the organization’s controls are effective in meeting business objectives

Full Access
Question # 88

A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?

A.

Operational management, because they are responsible for the day-to-day management of the operational risks.

B.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

C.

The chief audit executive, although he is not accountable for risk management in the organization.

D.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

Full Access
Question # 89

Which of the following statements is true regarding internal auditors and other assurance providers?

A.

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

D.

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Full Access
Question # 90

Which of the following sources of audit evidence is most reliable?

A.

Evidence obtained directly from an untested third party.

B.

Uncorroborated audit evidence obtained indirectly from an employee.

C.

Undocumented audit evidence obtained directly from a manager.

D.

Timely audit evidence obtained directly from a customer.

Full Access
Question # 91

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

A.

Having no active role or involvement in the risk management process.

B.

Auditing the risk management process for reasonableness.

C.

Coordinating and managing the risk management process.

D.

Participating with management in identifying and evaluating risks.

Full Access
Question # 92

When addressing the excessive overtime being paid lo employees in an organization's customer service call center, which of the following would be most relevant for the internal auditor to use?

1 Confirmation.

2. Trend analysis.

3 External benchmarking

4. Internal benchmarking

A.

1.2 and 3

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3. and 4.

Full Access
Question # 93

An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?

A.

The internal auditor may communicate the results to the advertising agency as instructed by the audit client, with approval from the chief audit executive.

B.

The internal auditor may not communicate the results to this external party regardless of the engagement client's instruction.

C.

The internal auditor may send the report and is required to include instructions for the advertising agency to limit further distribution and the use of results.

D.

The internal auditor may only communicate the results verbally to the advertising agency and should not provide a hard copy.

Full Access
Question # 94

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Full Access
Question # 95

Besides a chief audit executive's professional experience what determines the frequency and approach to assessing residual risk?

A.

The frequency of executing the internal audit engagements

B.

The frequency of changes in the organization environment

C.

The expectations set by the board and senior management

D.

The expectations set by operating management and senior management

Full Access
Question # 96

Which of the following statements is true regarding risk assessments, including the evaluation and prioritization of risk and control factors?

A.

A risk-by-process matrix enables the user to determine associations between any of the processes and the risks.

B.

The risk-factor approach for linking business processes and risks is more direct than the use of a risk-by-process matrix.

C.

Internal risk factors are built into the environment and the nature of the process itself.

D.

A risk map is used primarily to depict which risks will be reduced and which will be shared.

Full Access
Question # 97

Which of the following statements concerning workpapers is the most accurate?

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Full Access
Question # 98

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Full Access
Question # 99

An internal auditor is testing the success of the IT support department in meeting the service levels guaranteed to small, medium and large customers. The customer's size classification is based on its annual expenditures with the organization and the nature and extent of services it receives. Which of the following sampling techniques would be the most suitable to select customers for this test?

A.

Interval sampling

B.

Cluster sampling

C.

Stop-and-go sampling

D.

Stratified sampling

Full Access
Question # 100

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Full Access
Question # 101

After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?

A.

The process objectives.

B.

The process risks

C.

The process controls

D.

The process scope

Full Access
Question # 102

An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization's policy What should the auditor document in the workpapers?

A.

Credit limit over drafts are not monitored in accordance with the organizations policy

B.

Seventeen percent of customers' open balances in the sample exceed their approved unsecured credit rent

C.

The threshold for credit limits defined by the organization's policy is not adequate

D.

Management should perform monthly monitoring of open customer balances

Full Access
Question # 103

In an organization with a large internal audit activity that has several audit teams performing engagements simultaneously which of the following tasks is an engagement supervisor most likely to perform during the planning phase of a new engagement?

A.

Establish a means for resolving any professional judgment differences over ethical issues that may arise during the engagement.

B.

Approve the engagement work program to ensure the program is designed to achieve the engagement objectives

C.

Evaluate whether the testing and results support the engagement results and conclusion

D.

Review the sample testing results for exceptions.

Full Access
Question # 104

During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?

A.

RACI (responsible, accountable, consult and inform) chart

B.

Flowchart

C.

SWOT{strengths. weaknesses opportunities, and threats) analysis

D.

Workflow analysis

Full Access
Question # 105

Which of the following statements is true regarding internal control questionnaires?

A.

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

B.

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

C.

Internal control questionnaires can be used by internal auditors as an interview guide

D.

Internal control questionnaires provide direct audit evidence which may need corroboration

Full Access
Question # 106

Below is a flowchart detailing an organization's bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?

A.

There is a conflict in the segregation of duties between preparing bank reconciliations and posting payments to the accounting books.

B.

There is an appropriate segregation of duties in the treasury department during the bank reconciliation process.

C.

There is a large workload for the treasury accountant during the bank reconciliation process.

D.

Bank statements should be obtained at a higher level, such as through the treasury supervisor.

Full Access
Question # 107

Which of the following actions best describes an internal auditor's use of test data to determine whether an organization's new accounts payable system avoids processing questionable invoices for payment?

A.

Creating an automated tool that monitors the computer program on a daily basis for potential issues that need corrective actions.

B.

Using an automated system that assists internal auditors with automating the risk analysis of the computer program for invoicing

C.

Embedding tools in the computer program to analyze the review processes of invoices for potential issues that may hamper payments

D.

Adding invoices to the computer program to assess the reliability and effectiveness of the review process and whether controls work.

Full Access
Question # 108

Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?

A.

Gap analysis

B.

Staff preferences

C.

Maturity analysis

D.

Extent of external audit coverage

Full Access
Question # 109

Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?

A.

Sampling risk.

B.

Audit risk.

C.

Residual risk.

D.

Inherent risk

Full Access
Question # 110

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Full Access
Question # 111

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Full Access
Question # 112

Which of the following is essential for ensuring that the internal audit activity's findings and recommendations receive adequate consideration?

A.

Reporting results of audits with recommendations to management.

B.

Providing formal follow-up procedures to ensure that management complies with an action plan or accepted risk of not taking action.

C.

Reporting quarterly to management that the audit plan is focused on higher exposures of risk.

D.

Discussing audit findings with independent auditors.

Full Access
Question # 113

Which of The following best describes a risk that is deemed "unacceptable" to the organization?

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Full Access
Question # 114

During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9

A.

Request additional information needed from management of the area under review.

B.

Obtain approval from the engagement supervisor

C.

Obtain the required resources, including IT. to complete the work

D.

Discuss the change in scope with management of the area under review.

Full Access
Question # 115

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client's expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Full Access
Question # 116

Which of the following factors should a chief audit executive consider when determining the audit universe?

1. Components of the organization's strategic plan.

2. Inputs from senior management and the board.

3. Views of competitors and business associates.

4. Results of exit interviews with departing employees.

A.

1 and 2 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Full Access
Question # 117

An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?

A.

Perform additional audit work to better articulate the risk

B.

Report the finding that management has accepted a level of risk that is unacceptable.

C.

Proceed to testing how effectively the control is opening.

D.

Because the design weakness has been identified no additional audit work is needed

Full Access
Question # 118

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

A.

To prepare for testing the effectiveness of controls

B.

To plan for evaluating potential losses

C.

To prepare a sampling plan for the engagement

D.

To evaluate the design of controls

Full Access
Question # 119

Which of the following best describes the guideline for preparing audit engagement workpapers?

A.

Workpapers should be understandable to the auditor in charge and the chief audit executive.

B.

Workpapers should be understandable to the audit client and the board.

C.

Workpapers should be understandable to another internal auditor who was not involved in the engagement.

D.

Workpapers should be understandable to external auditors and regulatory agencies.

Full Access
Question # 120

In which of the following ways can the internal audit activity new engagement opportunities?

A.

By defining activities by business processes.

B.

By looking external factors such as product complaints.

C.

By looking at activities by businesses cost centers.

D.

By defining activities by the organization chart.

Full Access
Question # 121

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee's final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Full Access
Question # 122

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Full Access
Question # 123

In which of the following populations would the internal auditor most likely choose to use a stratified sampling approach?

A.

Inventory comprised of the same items stored in different warehouses

B.

Batches of materials that must be confirmed as meeting quality standards

C.

Revenue that is earned by an organization through cash receipts or as receivable.

D.

Tax reports submitted to meet the requirements of the local taxation authority

Full Access
Question # 124

According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?

A.

Process objectives.

B.

Process risks

C.

Process controls.

D.

Process scope

Full Access
Question # 125

An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?

A.

The test of the control design should have occurred at the performance stage.

B.

The test of the operating effectiveness of the control was not necessary.

C.

A risk and control matrix is not appropriate for this type of engagement.

D.

The test of the operating effectiveness of the control should have occurred at the planning stage.

Full Access
Question # 126

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Full Access
Question # 127

Which of the following would most likely cause an internal auditor to consider adding fraud work steps to the audit program?

A.

Improper segregation of duties.

B.

Incentives and bonus programs.

C.

An employee's reported concerns.

D.

Lack of an ethics policy.

Full Access
Question # 128

A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?

A.

Sampling risk.

B.

Control risk.

C.

Nonsampling risk.

D.

Residual risk.

Full Access
Question # 129

An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?

A.

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

B.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

C.

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

D.

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Full Access
Question # 130

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Full Access
Question # 131

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Full Access
Question # 132

Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity's recommendations are being acted upon?

A.

The CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

B.

The CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

C.

The CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

D.

The CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

Full Access
Question # 133

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 134

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

A.

Evaluate and verify management's response, and determine the need and scope for additional work.

B.

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Full Access
Question # 135

An organization has a mature control environment but limited internal audit resources Given this scenario, on which of the following should the internal auditors focus their testing?

A.

Detective compensating controls

B.

Preventive compensating controls

C.

Detective Key controls

D.

Preventive key controls

Full Access
Question # 136

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

A.

To obtain sufficient audit evidence.

B.

To test the client's knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Full Access
Question # 137

Which of the following statements is true regarding engagement planning?

A.

The engagement objectives are the boundaries for the engagement, which outline what will be included in the review

B.

The risk-based objectives of the engagement can be determined once the scope of the engagement has been formed

C.

For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined

D.

For an assurance engagement, once the scope is established and testing has begun, the scope cannot be modified.

Full Access
Question # 138

'Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.

A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’

Which of the following should be added to the observation?

A.

The reason for not following the internal policy

B.

A description of what constitutes proper approval

C.

The annual impact of the changed agreement on cash flows

D.

Details regarding when the change to the agreement was signed

Full Access