Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

IIA-CIA-Part2 Questions and Answers

Question # 6

The internal auditor's opinion in terms of due professional care should be:

A.

Limited to the effectiveness of internal controls.

B.

Expressed only when consensus with top management has been achieved.

C.

Based on experience and free of all bias.

D.

Based on sufficient factual evidence.

Full Access
Question # 7

In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:

A.

Stockout costs, including lost customers.

B.

Seasonal variations in forecasting inventory demand.

C.

Optimal order sizes determined by an economic order quantity model.

D.

The potential for obsolescence of inventory items.

Full Access
Question # 8

Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?

A.

The department managed long-term investments, including investment in derivatives and other financial instruments, to maximize return.

B.

The department manager sets a tone of honesty and integrity in all business dealings and this tone is emulated by department personnel.

C.

Many department functions were duplicated or verified by other department employees as part of the department's normal procedures.

D.

Audit tests designed to verify compliance with control procedures detected a general failure to follow standard procedures for transaction authorization.

Full Access
Question # 9

In which of the following cases is it appropriate for an audit report to not contain management's response either within the report or as an attachment?

A.

Management’s response to an audit report is generally not a requirement.

B.

Internal controls were found to be properly designed and operating effectively although operations are deemed inefficient.

C.

There was insufficient time to obtain management’s response during the draft reporting process.

D.

An internal audit report contains no observations.

Full Access
Question # 10

The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?

A.

Accept the request as the role of coordinating ERM is a core function of internal audit.

B.

Decline the request as this role compromises the CAE's objectivity.

C.

Accept the request after consulting with the board and adhering to proper safeguards.

D.

Decline the request as internal audit has limited knowledge and experience of risk at the enterprise level to undertake the assignment.

Full Access
Question # 11

Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?

1. Activities requested by management should be considered higher risk than those requested by the audit committee.

2. Activities with lower budgets can be as high risk as those with higher budgets.

3. The potential financial or adverse exposure should always be considered in the assessment of risk.

A.

1 only

B.

2 only

C.

3 only

D.

2 and 3 only

Full Access
Question # 12

The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality assessment program. According to IIA guidance, which of the following would be part of this program?

A.

Assessment of the IAA conducted independently of client feedback, and the review of individual audits to determine the quality and timeliness of supervision.

B.

Assessment of the IAA conducted independently of client feedback, and identified areas of improvement reviewed at the end of the year.

C.

Compliance with a checklist of required audit procedures, and review of individual audits to determine the quality and timeliness of supervision.

D.

Compliance with a checklist of required audit procedures, and identified areas of improvement reviewed at the end of the year.

Full Access
Question # 13

A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?

A.

As compared to departments A and C, department B has a stronger control system to compensate for the greater complexity of the department's transactions and dollar value of its assets.

B.

The internal audit activity should schedule audits of department B more often than audits of department C because of the relative control strength of department C as compared to department B.

C.

The nature of department A's control structure may be justified by the nature of the department's assets and the complexity of its transactions.

D.

The relative ranking of the departments in order of their risk, from greatest to least risk, is: A; C; B.

Full Access
Question # 14

Five brand managers in a consumer products company met to determine how well certain promotions had performed. The data that they needed to analyze consisted of approximately 50 gigabytes of daily point-of-sale (POS) data for each month. The brand managers tried to download the POS data from the mainframe and import it into microcomputer spreadsheets for analysis. Their efforts were unsuccessful, most likely because oF.

A.

The complexity of the mainframe data structure and the large volume of data.

B.

The difficulty of establishing access privileges for each subset of the mainframe data.

C.

Inconsistencies in the mainframe data due to lack of integrity constraints on the data files.

D.

Error-prone transmission links for downloading the data from the mainframe data files.

Full Access
Question # 15

The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:

A.

The cost of audit involvement can be minimized.

B.

There are clearly defined points at which to issue audit comments.

C.

Redesign costs can be minimized.

D.

The threat of lack of audit independence can be minimized.

Full Access
Question # 16

Which of the following best defines an audit opinion?

A.

A summary of the significant audit observations and recommendations.

B.

An auditor's evaluation of the effects of the observations and recommendations on the activities reviewed.

C.

A conclusion which must be included in the audit report.

D.

A recommendation for corrective action.

Full Access
Question # 17

Which of the following are typical steps in the design of an organization's performance measurement system?

A.

Understand organizational strategy; perform a situational assessment; establish measurement categories; and take actions based upon measurement results.

B.

Categorize performance measures; establish a data collection plan; analyze data; and predict future performance.

C.

Establish a measurement plan; create an organizational strategy linked to those measurements; trend measurement data; and measure data variability.

D.

Perform a situational assessment; generate macro measurements; review measurement data; and change strategy based upon measurement results.

Full Access
Question # 18

Senior management of an organization has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by:

A.

A formal consulting engagement.

B.

An informal consulting engagement.

C.

A performance assurance engagement.

D.

An operational assurance engagement.

Full Access
Question # 19

What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?

A.

Spontaneous agreement.

B.

Consensus building.

C.

Majority voting.

D.

Compromise.

Full Access
Question # 20

When conducting audit follow-up of a finding related to cash management routines, an internal auditor would expect to find that all of the following changes have occurred except:

A.

The steps being taken are resolving the condition disclosed by the finding.

B.

Inherent risk has been eliminated as a result of resolution of the condition.

C.

Controls have been implemented to deter or detect a recurrence of the finding.

D.

Benefits have accrued to the entity as a result of resolving the condition.

Full Access
Question # 21

Which of the following activities would be performed during a benchmarking consulting engagement?

I. Collect data relevant to the benchmarking process.

II. Review all business processes.

III. Define critical success factors.

IV. Identify performance gaps.

A.

I and III only

B.

II and IV only

C.

I, II, and III only

D.

I, III, and IV only

Full Access
Question # 22

While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs bE.

A.

Generated and maintained on a separate secure server.

B.

Accessible by administrative users only

C.

Encrypted to ensure that the logs cannot be deleted.

D.

Restored automatically to the Web server from backup files.

Full Access
Question # 23

If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:

A.

Ignore the behavior and continue the workshop.

B.

Allow them to continue briefly and then remind them of the ground rules.

C.

Have the participants modify the ground rules.

D.

Strictly enforce the ground rules.

Full Access
Question # 24

An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

A.

Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability.

B.

Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business.

C.

Select a sample of accounts payable from the accounts payable list and verify the supporting receiving reports, purchase orders, and invoices.

D.

Trace receiving reports issued before the period end to the related vendor invoices and accounts payable list.

Full Access
Question # 25

An organization's internal auditors are reviewing production costs at a gas-powered electrical generating plant. They identify a serious problem with the accuracy of carbon dioxide emissions reported to the environmental regulatory agency, due to computer errors. The auditors should immediately report the concern to:

A.

The regulatory agency.

B.

Plant management.

C.

A plant health and safety officer.

D.

The risk management function.

Full Access
Question # 26

If an auditor expects to find numerous discrepancies between recorded values and audited values of sample selections, which sampling technique would be most appropriate?

A.

Attributes sampling.

B.

Probability-proportional-to-size sampling.

C.

Difference estimation sampling.

D.

Discovery sampling.

Full Access
Question # 27

In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:

A.

Tell the employee a piece of information obtained from a coworker in a previous interview.

B.

Put sensitive questions at the beginning of a questionnaire to ensure that they are answered.

C.

Explain that the auditor's reputation for integrity, which is vital to the auditor's business success, would be seriously damaged if confidentiality were breached.

D.

Point out that management has given the auditor full authority to conduct this interview.

Full Access
Question # 28

The efficiency of internal audit operations is best enhanced if workpaper standards:

A.

Permit the extent of documentation to vary according to engagement objectives.

B.

Require supervisors to initial and date each workpaper that they review.

C.

Allow access to workpapers by external parties if approved by senior management or the audit committee.

D.

Mandate the workpaper retention period.

Full Access
Question # 29

During the development of a purchasing system, an auditor reviewed the payment authorization program. Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is greater than the quantity received?

A.

Issue an exception report.

B.

Pay the amount billed and adjust the inventory account for the difference.

C.

Return the invoice to the vendor for correction.

D.

Authorize payment of the full invoice, but maintain an open purchase order record for the missing goods.

Full Access
Question # 30

Which of the following would provide the best audit evidence regarding the effectiveness of an applied research department?

A.

Develop a cost-per-product analysis for products developed over the past five years.

B.

Develop a report on revenue generated by or cost savings directly attributable to newly developed products.

C.

Compare research as a percentage of revenue between this company and all major competitors in the same industry.

D.

Compare the number of this year's new product developments to the number of new product developments for the past five years.

Full Access
Question # 31

According to the International Professional Practices Framework, which of the following statements is correct regarding the communication of audit results?

I. Summary reports may be issued separately from or in conjunction with the final report.

II. Interim reports may be written or oral.

III. Detailed reports should always be issued to the audit committee.

IV. Interim reports should be used to communicate information which requires immediate attention.

A.

I and III only

B.

II and IV only

C.

I, II, and IV only

D.

I, II, III, and IV.

Full Access
Question # 32

An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:

“A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted.”

The auditor did not place any audit verification symbols on this workpaper. Which of the following changes would most improve the auditor's workpaper?

A.

Use of audit verification symbols to show that each file was examined.

B.

Removal of the employee names to protect their confidentiality.

C.

Justification for the sample size.

D.

Listing of the actual documents examined for each employee.

Full Access
Question # 33

Which of the following would constitute a violation of the IIA Code of Ethics?

A.

An internal auditor, who has recently joined the organization, has accepted an assignment to audit the electronics manufacturing division. The auditor previously served as senior auditor for the external audit of that division and has audited many electronics companies during the past two years.

B.

An internal auditor has accepted an assignment to audit the warehousing function six months from now. The auditor has no expertise in that area but has signed up for courses in warehousing that will be completed before the assignment begins.

C.

An internal auditor has no ambitions for promotion and has not engaged in training or other professional development activities during the last three years. The auditor's performance assessments indicate consistent quality of work.

D.

An internal auditor discovered an internal financial fraud during the year, and the financial statements were adjusted to properly reflect the loss associated with the fraud. The auditor discussed the fraud with the external auditor during the external auditor's review of the working papers detailing the incident.

Full Access
Question # 34

An internal auditor is discussing an audit problem with an engagement client. While listening to the client, the internal auditor should:

A.

Prepare a response to the client.

B.

Take mental notes on the speaker's nonverbal communication, as it is more important than what is being said.

C.

Make sure that all details, as well as the main ideas of the client, are remembered.

D.

Integrate the incoming information from the client with information that is already known.

Full Access
Question # 35

An audit department has received anonymous information that an employee has allegedly been able to steal and cash checks sent to the organization by customers. What is the most efficient way for an auditor to determine how this type of fraud could occur and who might be the perpetrator?

A.

Confirm accounts receivable.

B.

Confirm accounts payable.

C.

Review the endorsements and banks of deposit on customers' canceled checks.

D.

Flowchart and analyze key controls in the cash receipts process.

Full Access
Question # 36

Which of the following is used to identify and prioritize critical business applications to determine those that must be restored and the order of restoration in the event that a disaster impairs information systems processing?

A.

Contingent facility contract analysis.

B.

System backup analysis.

C.

Vendor supply agreement analysis.

D.

Risk analysis.

Full Access
Question # 37

The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?

A.

Initiate a follow-up audit to ensure that action has really been taken.

B.

Follow-up with management until a written response is obtained.

C.

Escalate the issue to the board and get their position on the issue.

D.

Note in the permanent file that follow-up needs to be performed as part of the next engagement.

Full Access
Question # 38

Which of the following is the best problem-solving technique to use when analyzing performance and cost?

A.

Value analysis.

B.

Attribute listing.

C.

Brainstorming.

D.

Component analysis.

Full Access
Question # 39

A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?

I. Recycling and reuse.

II. Elimination at the source.

III. Energy conservation.

IV. Recovery as a usable product Treatment.

A.

V, II, IV, I, III.

B.

IV, II, I, III, V.

C.

I, III, IV, II, V.

D.

III, IV, II, V, I.

Full Access
Question # 40

Which of the following conditions is the strongest indicator of possible fraud?

A.

An assistant treasurer who refuses to take vacations.

B.

Independent reconciliations of subsidiary to general ledgers that are not always completed on a timely basis.

C.

A condition of excess manufacturing waste material.

D.

A manager who is often over budget at the end of a reporting period.

Full Access
Question # 41

As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping logs from the department's files. On 44 of the days, the log contained a sufficient number of shipments to meet the department's daily quota. Based on this test, the auditor concluded that the shipping department was effective at meeting its quotas. Which of the following is true about the auditor's conclusion?

A.

The number of items selected for testing is inadequate to justify the conclusion.

B.

The shipping department is effective in meeting its responsibilities.

C.

This conclusion would negate any need to perform tests of efficiency.

D.

None of the above.

Full Access
Question # 42

The internal audit activity's primary responsibility in a review or examination of the organization by an external regulatory body is to:

A.

Verify that regulatory reviews occur with adequate frequency.

B.

Provide follow-up to determine if the regulator's findings are appropriately resolved by management.

C.

Prepare documentation for the regulator.

D.

Document the responses to the regulator's findings.

Full Access
Question # 43

An internal auditor found that the cost of some material installed on capital projects had been transferred to the inventory account because the capital budget had been exceeded. Which of the following would be an appropriate technique for the auditor to use to determine the extent of the problem?

A.

Identify variances between amounts capitalized each month and the capital budget.

B.

Analyze a sample of capital transactions each quarter to detect instances in which installed material was transferred to inventory.

C.

Review all journal entries that transferred costs from capital to inventory accounts.

D.

Compare inventory receipts with debits to the inventory account and investigate discrepancies.

Full Access
Question # 44

As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?

A.

Determine the effects of a stock-out on the organization's profitability.

B.

Determine whether a clear policy exists for setting inventory limits.

C.

Determine who approved the purchase orders for the spare parts.

D.

Determine whether purchases were properly recorded.

Full Access
Question # 45

Which of the following best defines an engagement conclusion?

A.

An auditor's determination of the cause of an engagement observation.

B.

An auditor's professional judgment of the situation which was reviewed.

C.

An opinion that must be included in the engagement final communication.

D.

A recommendation for corrective action.

Full Access
Question # 46

Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?

A.

Benchmarking.

B.

Baseline measurements.

C.

Walk-throughs.

D.

Quality circles.

Full Access
Question # 47

A post-audit questionnaire sent to audit clients is an effective mechanism for:

A.

Substantiating audit observations.

B.

Promoting the internal audit activity.

C.

Improving future audit engagements.

D.

Validating process flow.

Full Access
Question # 48

Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:

A.

Statements are supported and can be authenticated.

B.

Recommendations for corrective action are clear.

C.

Processes within the audited area were reviewed.

D.

Sample sizes appear appropriate for any issues found.

Full Access
Question # 49

Which of the following must an auditor establish in order to demonstrate that fraud has occurred?

A.

Monetary damage to the victim.

B.

The suspect's intent.

C.

Existence of an internal control deficiency.

D.

Evidence of collusion.

Full Access
Question # 50

A major insurance company provides a discount on automobile insurance if the vehicle meets certain safety criteria. Which of the following audit tests would provide an internal auditor with the best evidence that all qualifying insured automobiles are receiving the discount?

A.

Compare the percentage of automobiles receiving discounts this year to that of last year.

B.

Ask managers whether they are aware of the discount criteria and whether they are providing the discount to all qualifying automobiles.

C.

Select a sample of automobiles that are not receiving the discount and determine if they have been properly excluded.

D.

Select a sample of automobiles receiving the discount and determine that the required discount criteria are being met.

Full Access
Question # 51

Which of the following actions is related to the preliminary survey process?

A.

Determining if controls are effective.

B.

Preparing the engagement work program.

C.

Identifying the current controls.

D.

Completing a detailed test of controls.

Full Access
Question # 52

A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal auditor has been assigned to determine if the manufacturer's accounts payable contain all outstanding liabilities. Which audit procedure is not relevant for this objective?

A.

Verify the period of liability of subsequent cash disbursements using related supporting documentation.

B.

Send confirmations, including zero-balance accounts, to vendors with whom the manufacturer normally does business.

C.

Trace receiving reports issued before the period end to the accounts payable list and vendor invoices.

D.

Verify a sample of accounts payable by using related invoices, receiving reports, and purchase orders.

Full Access
Question # 53

Risk assessments can vary in format, but generally include:

1. A description of identified risks.

2. Tests of audit controls.

3. A system of rating risks.

4. Sample size identification.

A.

1 and 2 only

B.

1 and 3 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Full Access
Question # 54

An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?

A.

Compare the planned outputs with the actual outputs.

B.

Ascertain the costs of materials purchased.

C.

Evaluate the plant's ability to meet production quotas.

D.

Review the levels of scrap and rework.

Full Access
Question # 55

An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

A.

As soon as possible, no later than two months after the audit

B.

When convenient for both parties

C.

When management has indicated that the issue has been resolved

D.

Before financial year end

Full Access
Question # 56

Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Full Access
Question # 57

Which of the following is not an outcome of control self-assessment?

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Full Access
Question # 58

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

A.

The internal audit risk assessment and audit plan for the next fiscal year.

B.

The internal audit budget and resource plan for the coming fiscal year.

C.

A request for an increase of the CAE's salary for the next fiscal year.

D.

The evaluation and compensation of the internal audit team.

Full Access
Question # 59

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

A.

Conduct a joint brainstorming session with management.

B.

Ask the chief audit executive to mediate.

C.

Disclose the client's differing opinion in the final report.

D.

Escalate the issue to senior management for a decision.

Full Access
Question # 60

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?

A.

Compare purchase orders generated from test data input into the LAN with purchase orders generated from production data for the most recent period

B.

Develop a report of excess inventory and compare the inventory with current production volume

C.

Compare the pans needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Full Access
Question # 61

When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?

A.

The need and availability of automated support.

B.

The potential impact of key risks.

C.

The expected outcomes and deliverables.

D.

The operational and geographic boundaries.

Full Access
Question # 62

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management's action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Full Access
Question # 63

Which of the following statements concerning workpapers is the most accurate?

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Full Access
Question # 64

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Full Access
Question # 65

Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

A.

To gain access to a wider variety of skills, competencies and best practices.

B.

To complement existing expertise with a required skill and competency for a particular audit engagement.

C.

To focus on and strengthen core audit competencies.

D.

To provide the organization with appropriate contingency planning for the internal audit function.

Full Access
Question # 66

An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

A.

Entity-level controls

B.

Application controls

C.

General controls.

D.

Transaction controls

Full Access
Question # 67

A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?

A.

Assert whether the described and reported control processes and systems exist.

B.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

C.

Evaluate the completeness of the report and management's responses to identified deficiencies.

D.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Full Access
Question # 68

Which of the following statements about assurance maps is correct?

A.

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Full Access
Question # 69

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Full Access
Question # 70

Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?

A.

Advance notice may result in management making corrections to reduce the number of potential deficiencies.

B.

Previous management action plans addressing prior internal audit recommendations remain incomplete.

C.

The engagement includes audit assurance procedures such as sensitive or restricted asset verifications.

D.

The audit engagement has already been communicated and approved through the annual audit plan.

Full Access
Question # 71

The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?

A.

Document in the engagement workpapers the rationale for changing the scope.

B.

Confirm that the scope change would align to the organization's objectives and goals

C.

Confirm that the internal audit activity continues to have the necessary knowledge and skills

D.

Seek approval from the chief audit executive for the proposed scope change

Full Access
Question # 72

According to MA guidance, which of the following factors should an internal auditor consider when assessing the likelihood of fraud risk1?

A.

The effect on the organization's reputation

B.

Any potential damage to the organization's relationship with customers.

C.

Past fraud allegations and actual occurrences

D.

The potential and realized financial impacts

Full Access
Question # 73

According to the Standards, which of the following would have the least direct interest in the draft report of a compliance review of the purchasing function?

A.

Purchasing staff.

B.

Purchasing manager.

C.

Director of finance.

D.

Audit committee.

Full Access
Question # 74

An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased. Which of the following actions would best enable an internal auditor to satisfy this objective?

A.

Analyze the provision for sales allowances.

B.

Analyze the percentage of scrap incurred during production.

C.

Research the rationale for customer returns.

D.

Evaluate the volume and characteristics of products rejected during processing.

Full Access
Question # 75

According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)?

A.

Due to management changes, the IAA is advised by management that no further work will be done. Further follow-up work is not required as management has accepted the related risk.

B.

A newly appointed auditor immediately proceeds to conduct follow-up testing based on previous work performed for the engagement and then reports the results to the chief audit executive (CAE).

C.

Management has stopped implementing several key recommendations citing a growing disagreement with their effectiveness. The auditor communicates the situation to the CAE who then escalates the matter to senior management.

D.

In situations where the identified risk may have a significant impact to the business and senior management has accepted the risk, it is not necessary for the CAE to inform the board of the decision.

Full Access
Question # 76

Controls are implemented to:

A.

Eliminate risk and reduce the potential for loss.

B.

Mitigate risk and eliminate the potential for loss.

C.

Mitigate risk and reduce the potential for loss.

D.

Eliminate risk and eliminate potential for loss.

Full Access
Question # 77

Which of the following is a preventive control strategy against fraud?

A.

Performing a surprise audit.

B.

Maintaining a whistleblower hotline.

C.

Implementing control self-assessment.

D.

Performing background checks on employees.

Full Access
Question # 78

An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate?

A.

Take no action, because all the items were within the expiration date requirement, and no corrective action is needed.

B.

Permit production staff the access to files where the certificates of conformity are kept, so they can choose the items with the closest expiration date.

C.

Determine the cost of inventory for the items that have a shelf life and apply a new policy regarding inventory levels to be maintained (i.e., minimums, maximums, reorder points etc.).

D.

Add to the product label a "use by date" line, enter the expiration at the time of receipt, and perform periodic inventory checks.

Full Access
Question # 79

Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?

A.

With management's agreement, amend the scope of the audit to ensure that areas examined do not require specialized knowledge and expertise.

B.

Meet with management to explain that the audit cannot be undertaken and discuss alternative strategies that can be implemented until internal audit can develop its capability in the area.

C.

Accept the request provided management has conducted a thorough risk assessment prior to the engagement to help guide the audit.

D.

Advise management that compliance audits of this type should only be conducted by the corresponding regulatory agency to ensure independence.

Full Access
Question # 80

Which of the following situations justifies the release of an interim report to management and the board?

• The internal auditor is convinced that the audit observations require immediate attention.

• The internal auditor would like to communicate a change in engagement scope for the activity under review.

• The internal auditor notes that the engagement may extend over a longer time period.

• The audit supervisor believes that issuing interim reports eases supervisory review and controls over working papers.

A.

1 and 3 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

2, 3, and 4 only

Full Access
Question # 81

The chief audit executive (CAE) decided that based on management's oral response, the action taken on an audit observation for a minor improvement in the client's process is sufficient and no further follow-up is necessary. Which of the following would be the best statement regarding the action of the CAE?

A.

The CAE action is not acceptable, as a follow-up audit is needed to ensure that action is really taken by management.

B.

The CAE action is not acceptable, as follow-up on the issue is critical until a written response is obtained from management.

C.

The CAE action is acceptable as long as the follow-up is sufficient when weighed against the relative importance of the recommendation.

D.

The CAE action is acceptable as long as the issue has been escalated to the board to get their position on the issue.

Full Access
Question # 82

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?

1. There is a clear strategy and timeline to migrate risk management responsibility back to management.

2. The IAA has the final approval on any risk management decisions.

3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.

4. The nature of services provided to the organization is documented in the internal audit charter.

A.

1, 2, and 3 only

B.

1, 2, and 4 only

C.

1, 3, and 4 only

D.

2, 3, and 4 only

Full Access
Question # 83

Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?

A.

The CAE's responsibility is not impaired by engaging an external expert.

B.

The external expert could have a prior relationship with the audit client.

C.

The audit report should not disclose the use of contracted services.

D.

The expert should be directed by the objectives and scope of work.

Full Access
Question # 84

An organization has adopted an enterprise-wide risk management process and has appointed a chief risk officer (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?

A.

The audit committee should get assurance on the adequacy and effectiveness of the risk management process from the CRO.

B.

The chief audit executive has the mandate to conduct risk assessments and give assurance to the audit committee.

C.

The audit committee, on behalf of the board, has overall responsibility for the risk management process in the organization.

D.

Senior management is accountable to the board for monitoring the system of internal controls.

Full Access
Question # 85

The following audit observation was included in the final audit report:

"Our review concluded that bank reconciliation statements for March and April did not show evidence of supervisory review. We recommend strict compliance with the controller's manual, which requires the department head to place their initials on the reconciliation statements to document their review."

Which of the following attributes are missing from the above audit observation?

1. Criteria.

2. Condition.

3. Cause.

4. Effect.

A.

1 and 4 only

B.

2 and 3 only

C.

1, 3, and 4 only

D.

3 and 4 only

Full Access
Question # 86

The internal audit activity of an investment company received a request to provide assurance on the risk management process. Preliminary discussion with senior management revealed that separate functions within the organization perform some form of risk management activities. Which of the following is the most effective tool for ensuring that risk management activities are coordinated among these functions?

A.

Delphi technique.

B.

Assurance map.

C.

Facilitated workshop.

D.

Analytical reviews.

Full Access
Question # 87

An internal auditor is reviewing purchases made through the organization's corporate credit card program. Which of the following statements best describes a root cause of a deficiency?

A.

A personal computer was purchased from a non-approved vendor.

B.

Company policy limits card use to $500 per transaction.

C.

A control to detect split purchases has not been activated in the credit card system.

D.

Sample testing found 10% non-compliance with the organization's business travel policy.

Full Access
Question # 88

The chief audit executive (CAE) of a new organization is in the process of determining the manner in which audit reports will be distributed and to whom. According to the Standards, which of the following is the most appropriate course of action for the CAE to take to develop this distribution process?

A.

The process should be determined in meetings with the external auditor and senior management to ensure alignment with external reporting.

B.

The CAE should meet with senior management for their input, but finalize the distribution of all reports with the board.

C.

The CAE should independently implement the report distribution, using best judgment to ensure that all relevant stakeholders are informed.

D.

The CAE should request that senior management and the board meet to determine the most appropriate reporting method.

Full Access
Question # 89

Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?

A.

The objectives of the audit should be set.

B.

The organization's management should be informed about the work to be performed.

C.

Attention should be devoted toward the key audit areas.

D.

The timing of the audit should be set.

Full Access
Question # 90

Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?

A.

Ensuring that the internal audit activity meets the external auditor's expectations.

B.

Ensuring that the internal audit activity has an audit charter approved by the board of directors.

C.

Complying with specific standards for the professional practice of internal auditing.

D.

Ensuring the adequacy of the goals, mission and vision of the internal audit activity.

Full Access