The internal auditor's opinion in terms of due professional care should be:
In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:
Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?
In which of the following cases is it appropriate for an audit report to not contain management's response either within the report or as an attachment?
The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?
Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?
1. Activities requested by management should be considered higher risk than those requested by the audit committee.
2. Activities with lower budgets can be as high risk as those with higher budgets.
3. The potential financial or adverse exposure should always be considered in the assessment of risk.
The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality assessment program. According to IIA guidance, which of the following would be part of this program?
A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Which of the following statements regarding risk in the department is true?
Five brand managers in a consumer products company met to determine how well certain promotions had performed. The data that they needed to analyze consisted of approximately 50 gigabytes of daily point-of-sale (POS) data for each month. The brand managers tried to download the POS data from the mainframe and import it into microcomputer spreadsheets for analysis. Their efforts were unsuccessful, most likely because oF.
The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:
Which of the following are typical steps in the design of an organization's performance measurement system?
Senior management of an organization has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by:
What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?
When conducting audit follow-up of a finding related to cash management routines, an internal auditor would expect to find that all of the following changes have occurred except:
Which of the following activities would be performed during a benchmarking consulting engagement?
I. Collect data relevant to the benchmarking process.
II. Review all business processes.
III. Define critical success factors.
IV. Identify performance gaps.
While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs bE.
If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:
An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?
An organization's internal auditors are reviewing production costs at a gas-powered electrical generating plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the environmental regulatory agency, due to computer errors. The auditors should immediately report the concern to:
If an auditor expects to find numerous discrepancies between recorded values and audited values of sample selections, which sampling technique would be most appropriate?
In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:
The efficiency of internal audit operations is best enhanced if workpaper standards:
During the development of a purchasing system, an auditor reviewed the payment authorization program. Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is greater than the quantity received?
Which of the following would provide the best audit evidence regarding the effectiveness of an applied research department?
According to the International Professional Practices Framework, which of the following statements is correct regarding the communication of audit results?
I. Summary reports may be issued separately from or in conjunction with the final report.
II. Interim reports may be written or oral.
III. Detailed reports should always be issued to the audit committee.
IV. Interim reports should be used to communicate information which requires immediate attention.
An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:
“A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted.”
The auditor did not place any audit verification symbols on this workpaper. Which of the following changes would most improve the auditor's workpaper?
Which of the following would constitute a violation of the IIA Code of Ethics?
An internal auditor is discussing an audit problem with an engagement client. While listening to the client, the internal auditor should:
An audit department has received anonymous information that an employee has allegedly been able to steal and cash checks sent to the organization by customers. What is the most efficient way for an auditor to determine how this type of fraud could occur and who might be the perpetrator?
Which of the following is used to identify and prioritize critical business applications to determine those that must be restored and the order of restoration in the event that a disaster impairs information systems processing?
The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?
Which of the following is the best problem-solving technique to use when analyzing performance and cost?
A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?
I. Recycling and reuse.
II. Elimination at the source.
III. Energy conservation.
IV. Recovery as a usable product Treatment.
Which of the following conditions is the strongest indicator of possible fraud?
As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping logs from the department's files. On 44 of the days, the log contained a sufficient number of shipments to meet the department's daily quota. Based on this test, the auditor concluded that the shipping department was effective at meeting its quotas. Which of the following is true about the auditor's conclusion?
The internal audit activity's primary responsibility in a review or examination of the organization by an external regulatory body is to:
An internal auditor found that the cost of some material installed on capital projects had been transferred to the inventory account because the capital budget had been exceeded. Which of the following would be an appropriate technique for the auditor to use to determine the extent of the problem?
As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?
Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?
A post-audit questionnaire sent to audit clients is an effective mechanism for:
Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
Which of the following must an auditor establish in order to demonstrate that fraud has occurred?
A major insurance company provides a discount on automobile insurance if the vehicle meets certain safety criteria. Which of the following audit tests would provide an internal auditor with the best evidence that all qualifying insured automobiles are receiving the discount?
Which of the following actions is related to the preliminary survey process?
A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal auditor has been assigned to determine if the manufacturer's accounts payable contain all outstanding liabilities. Which audit procedure is not relevant for this objective?
Risk assessments can vary in format, but generally include:
1. A description of identified risks.
2. Tests of audit controls.
3. A system of rating risks.
4. Sample size identification.
An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?
An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?
Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?
An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?
When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
Which of the following statements concerning workpapers is the most accurate?
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?
An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?
A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?
The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?
According to MA guidance, which of the following factors should an internal auditor consider when assessing the likelihood of fraud risk1?
According to the Standards, which of the following would have the least direct interest in the draft report of a compliance review of the purchasing function?
An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased. Which of the following actions would best enable an internal auditor to satisfy this objective?
According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)?
An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate?
Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?
Which of the following situations justifies the release of an interim report to management and the board?
• The internal auditor is convinced that the audit observations require immediate attention.
• The internal auditor would like to communicate a change in engagement scope for the activity under review.
• The internal auditor notes that the engagement may extend over a longer time period.
• The audit supervisor believes that issuing interim reports eases supervisory review and controls over working papers.
The chief audit executive (CAE) decided that based on management's oral response, the action taken on an audit observation for a minor improvement in the client's process is sufficient and no further follow-up is necessary. Which of the following would be the best statement regarding the action of the CAE?
An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
1. There is a clear strategy and timeline to migrate risk management responsibility back to management.
2. The IAA has the final approval on any risk management decisions.
3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.
4. The nature of services provided to the organization is documented in the internal audit charter.
Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?
An organization has adopted an enterprise-wide risk management process and has appointed a chief risk officer (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?
The following audit observation was included in the final audit report:
"Our review concluded that bank reconciliation statements for March and April did not show evidence of supervisory review. We recommend strict compliance with the controller's manual, which requires the department head to place their initials on the reconciliation statements to document their review."
Which of the following attributes are missing from the above audit observation?
1. Criteria.
2. Condition.
3. Cause.
4. Effect.
The internal audit activity of an investment company received a request to provide assurance on the risk management process. Preliminary discussion with senior management revealed that separate functions within the organization perform some form of risk management activities. Which of the following is the most effective tool for ensuring that risk management activities are coordinated among these functions?
An internal auditor is reviewing purchases made through the organization's corporate credit card program. Which of the following statements best describes a root cause of a deficiency?
The chief audit executive (CAE) of a new organization is in the process of determining the manner in which audit reports will be distributed and to whom. According to the Standards, which of the following is the most appropriate course of action for the CAE to take to develop this distribution process?
Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?
Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?