An electrician visits a client to assess the scope of work. After the visit, the sales office compiles and sends the client a proposal based on the electrician ' s estimation and approved price list. The internal auditor notices that in the last six months, the number of cancelled proposals has increased substantially. Which of the following is a fraud risk scenario that the auditor should consider in this situation?
Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?
Which principle of the HA Code of Ethics focuses on continuing education and professional development?
Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?
The organization ' s internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?
Which of the following is considered to be a threat to the internal auditor ' s objectivity?
During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?
An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?
According to IIA guidance, which of the following best demonstrates due professional care?
An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?
Which of the following controls would best mitigate the risk of fraud in the bidding process?
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank ' s IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?
Which of the following is the best example of a risk appetite statement concerning an investment portfolio?
An employee accepts cash payments from customers and does not record the sale. This is an example of which of the following types of fraud?
To comply with the proficiency standard, which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?
Which of the following statements is true regarding organizational culture and an audit of the control environment?
While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor ' s relative. Which course of action should the auditor take?
After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?
In a small organization, management is unable to achieve adequate segregation of duties for its cash-handling procedures Therefore hidden surveillance cameras were installed to monitor cash-handling activities Which of the following best describes this type of control?
At a construction company, supervisors are entitled to bonus payments if there are no safety rule violations on their teams. There are several channels available for workers to report accidents and violations, and all reported violations are investigated. Bonus payment calculations are approved by managers and the head of safety. Which of the controls best addresses the risk that supervisors will conceal accidents on their teams in order to receive the bonus?
An internal audit activity uses a rotational program to recruit high-performing staff members from other parts of the organization One of these individuals is nearing the end of her four-year internal audit rotation The chief audit executive assigned her to an assurance engagement in the business area she will be going into when she leaves the internal audit activity Which of the following statements is
true regarding this scenario?
Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?
During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?
Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?
An internal audit of warehouse inventory revealed no material deficiencies. However, management later discovered fraud, which occurred during the period that was audited, and determined that a major control deficiency allowed the fraud to occur. Given management ' s discovery, which of the following statements is valid?
A chief audit executive assigned an internal auditor to perform an assurance engagement. The auditor concluded with a major audit finding based on hearsay evidence Which of the following competencies did the auditor appear to be lacking?
A risk assessment showed that the cost of addressing a particular risk in the organization ' s human resources department is greater than the perceived benefit. Which risk response approach should the organization take in this scenario?
According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?
Internal audit is performing an engagement to determine whether there were indications of questionable bidding on a city s infrastructure project. As part of the engagement the internal audit activity became aware that certain firms tend to receive the contracts for large city projects. How should the internal audit activity proceed with the engagement and identify questionable bidding practices?
Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large
organization?
According to MA guidance, which of the following is an appropriate role for the internal audit activity?
An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?
Which of the following should catch the internal auditor ' s attention as a potential red flag for fraud?
Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?
What would be the proper sequence of steps for an internal auditor to take in order to draw a conclusion on internal control effectiveness and adequacy after ascertaining the key controls?
With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?
According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?
In which of the following scenarios is the internal auditor in conformance with The IIA ' s Code of Ethics and the Standards?
For a high-risk observation, which is the best approach to follow when management takes an aggressive, uncompromising position in opposition to the internal audit activity?
An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?
Which of the following activities would breach the principles of The IIA ' s Code of Ethics?
An internal auditor in a busy internal audit activity reviews her continuing professional development records toward the end of the year and is concerned to find she has undertaken limited training and formal professional development. Which of the following actions is the most appropriate for her to take?
Which of the following survey questions would be most effective to identify ethics violations within the organization?
Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?
Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?
According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?
According to IIA guidance, which of the following would be the most appropriate to help a new internal auditor understand the nature and positioning of the internal audit activity within his organization?
Which of the following best demonstrates the application of due professional care?
Which of the following could increase risks to the organization’s control environment?
Whch ol the following would show appropriate disclosure of nonconformance with the Standards?
The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization ' s automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?
The CEO has delegated several responsibilities to the internal audit activity. Which of the following directives should concern the chief audit executive the most?
Which of the following statements best describes internal auditors ' role in fraud detection?
Which of the following situations is most likely to heighten an internal auditor ' s professional skepticism regarding potential fraud?
Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?
Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?
During a monthly internal audit staff meeting, the chief audit executive (CAE) decided to reinforce the importance of internal audit staff being objective in their work. Which of the following examples would be most appropriate for the CAE to include as part of the meeting presentation?
At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).
However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
Which of the following statements best describes a functional difference between external auditors and internal auditors?
Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?
According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?
Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?
Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?
An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?
Which of the following statements is true regarding the role of the internal audit activity in the organization ' s risk management process?
Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?
Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?
Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?
Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?
Outsourcing a business activity is considered which of the following risk management techniques?
According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?
Nearing the completion of fieldwork, an internal auditor shared the draft report findings with management prior to the closing meeting. During the closing meeting, management expressed dissatisfaction in that they were not familiar with some of the findings. Management also noted that some aspects of the report seemed confusing. Which of the following competencies appears to have been lacking in this scenario?
Which of the following best describes the type of organizational culture known as adaptability culture ' ?
Which of the following statements is true regarding a key difference between assurance and consulting services provided by the internal audit activity?
Which of the following is ultimately responsible for the continuing professional development of internal audit activity staff?
An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system ' s design strengths and weaknesses. Which of the following is true regarding impairment to the auditor ' s objectivity?
Which of the following represents an example of an ethical issue that the organization should address ' ?
Which of the following scenarios demonstrates nonconformance with the Standards?
Which of the following is an appropriate role for the internal audit activity?
Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?
Which of the following should be part of the internal audit activity ' s duties?
Due to toe increased operational responsibility of the CEO. The chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO). What is the likely imped of such a situation?
Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?
According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?
The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?
An external assessment was performed as part of the organization ' s quality assurance and improvement program. Which of the following conclusions confirms that the internal audit activity is in conformance with the Standards ' ?
According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?
Which of the following is a legitimate role for the internal audit activity in the organization ' s risk management process ' ?
Which of the following statements best represents the duo professional care that is required of internal auditor’s?
Which risk management activity would cause the internal auditor to assume a management responsibility?
Which of the following actions by the internal audit activity requires disclosure to the board of nonconformance with the Standards?
Which of the following situations is most likely to prompt the internal audit activity to disclose its nonconformance with the Standards?
The results of an assessment of the adequacy of controls would be considered incomplete or misleading unless the internal auditor considers which of the following?
Which of the following best demonstrates internal auditors performing their work with proficiency?
Which of the following is an example of impairment to internal auditor independence or objectivity ' ?
After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?
Which of the following is most likely to impair the organizational independence of the internal audit activity?
Which of the following best demonstrates that the internal audit activity is using due professional care?
An internal audit of an organization ' s disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors ' banking information?
As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers ' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?
Which of the following statements demonstrates that internal auditors are in conformance with the standard of due professional care?
During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?
Which of the following scenarios provides the most concerning red flag or indicator of possible fraud?
An internal auditor has completed an assurance engagement. Which of the following is most likely true regarding the engagement?
Six months after an employee was transferred to the internal audit activity his former operating manager requested that he return to assist a project team with the evaluation of a new pricing module for the organization’s online ordering system According to IIA guidance which of the following statements is true?
Which of the following best demonstrates conformance with the Standards regarding the internal audit activity ' s purpose authority, and responsibility?
Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?
According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?
Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?
Which of the following would be a red flag for potential issues in the control environment?
According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?
Which of the following activities best demonstrates an internal auditor’s commitment to developing professional competencies?
Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
Which of the following best describes a consulting engagement rather an assurance engagement?
Which of the following statements best describes the difference between risk appetite and risk tolerance?
What should be the first step for a newly hired chief audit executive to build and maintain the proficiency of the internal audit activity ' ?
According to IIA guidance, which of the following statements is true regarding proficiency?
Which of the following situations undermines the independence of the internal audit activity?
A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?
During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?
An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?
An internal auditor at a multinational organization is reviewing the effectiveness of the organization ' s risk management framework. In this scenario, which of the following statements is true?
An auditor for a large wholesaler is evaluating the controls over the approval and oversight of credit sales. Which of the following procedures would be a control weakness?
The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?
Which of the following statements is correct regarding disclosure of conformance or Standards?
Which of the following best describes the approach the internal audit activity should take to assess and make appropriate recommendations to improve the organization?
During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?
According to IIA guidance, which of the following statements is true of assurance services provided by the internal audit activity?
Which of the following types of policies best helps promote objectivity in the interna! audit activity ' s work?
Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?
According to IIA guidance, which of the following statements is true regarding risk management in an organization?
According to MA guidance, which of the following is true with regard to the internal audit charter?
1. It specifies the minimum resources needed for assurance engagements.
2. It requires final approval from senior management.
3. It defines the internal audit activity ' s authority and responsibilities.
4. It describes the expectations for communicating the results of a quality assurance and Improvement program.
A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management. Which of the following would be the most appropriate action for the CAE to take?
A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?
Who is held responsible for oversight of the organization ' s risk management framework?
Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?
When dealing with various stakeholders which of the following is true regarding an internal auditor ' s responsibility to remain objective and independent?
Which of the following best describes a consulting engagement rather than an assurance engagement?
Which of the following would best preserve the organizational independence of the internal audit activity?
Which of the following documents would promote objectivity within an organization ' s internal audit activity?
In the context of an internal control framework, organizational structure and assignment of authority and responsibility is related to which of the following?
Which of the following would best describe a control implemented to detect cash register disbursement fraud in a large retail store?
When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
Which of the following practices, applied by the chief audit executive {CAE), most likely indicates an effective continuing professional educational program for the internal audit activity?
Which of the following engagements would be considered an appropriate consulting service?
With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity ' ?
Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?
A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?
Which of the following statements is true with regard to services provided by the internal audit activity?
An internal audit team was assigned to review the organization ' s information security protocol. After fieldwork was completed, an internal auditor identified an error in the review of security access. The error could affect the overall results of the engagement. Which of the following is the most appropriate course of action for the internal auditor?
Which of the following describes two duties that should not be performed by the same person?
A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?
Which of the following is the primary benefit of an effective professional development program for internal auditors?
Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?
The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?
According to IIA guidance, which of the following best describes expense reimbursement fraud?
According to IIA guidance, which of the following statements is true regarding due professional care?
Which of the following accurately describes the concept of inherent risk?
During an assurance engagement, an internal auditor identified that a developer of the organization ' s enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?
Which of the following fundamental principles of The IIA ' s Code of Ethics is best described as performing work honestly diligently and responsibly?
In which of the following ways can a whistleblower hotline serve as a prevent
An internal auditor discovered that a former colleague from the internal audit activity now works in a junior position in a department scheduled for an upcoming audit. How can the auditor best ensure his objectivity for this engagement?
Which of the following is a primary responsibility of senior management with respect to ethical violations?
Nine months ago, an employee who was responsible for collections in the accounts receivables department joined the internal audit team. There is an accounts receivables assurance audit scheduled as part of this year ' s approved audit plan, which will include a review of the collections unit. With the knowledge and experience of this individual in the area, which of the following is the best approach for the chief audit executive (CAE) to take?
Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?
A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization ' s stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?
According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?
The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator. Which of the following would most likely be the next step?
According to IIA guidance, which of the following statements is true regarding ISO 31000?
Which of the following would be the most effective in helping to detect fraud?
Which of the following scenarios best illustrates the Fraud Triangle component known as " perceived opportunity " ?
According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?
An internal audit activity is using the auditing-by-element approach to audit the organization ' s controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?
During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor ' s review and approval. Which of the following would be an appropriate course of action for the auditor to take?
Which of the following is an indicator that the organization ' s risk management process is effective?
The chief audit executive (CAE) has decided to outsource an audit of the organization ' s cloud governance in the annual audit plan. Why would the CAE outsource this audit?
It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?
According to IIA guidance, which of the following is an appropriate role for the internal audit activity?
Which of the following actions should the organization ' s governing body perform to provide the most effective governance over the organization ' s culture?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?
Which of the following is an appropriate roe fa the internal audit activity?
Which of the following techniques should an internal auditor use in order to conduct an effective interview?
Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?
According to MA guidance, which of the following statements is true regarding internal auditors ' use of technology-based techniques?
Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?
A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?
Which of the following is a limitation of detective internal controls in fraud management?
An internal auditor is finalizing an audit report on the effectiveness of the organization ' s overall system of internal control. Several audit tests were performed, and the only issue identified was that the CEO frequently asks employees to make exceptions or bypass the organization ' s standard written policies and procedures. Which of the following conclusions is most appropriate for the auditor to report?
According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?
The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?
According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?
Which of the following best describes the risk contained in an initial public offering for a new stock?
According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization ' s governance process for strategic and operational decisions ' ?
Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?
Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization ' s risk management process?
Which of the following is most likely to result in the impairment of independence for the internal audit activity?
According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?
1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.
2. Ability to provide relevant advice and recommendations to management and the board.
3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.
4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.
During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company ' s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?
An organization ' s fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?
The largest risks facing an organization should be mitigated by which type of controls?
Which of the following would best assist the internal audit activity in assessing whether an organization ' s responses to risk are aligned with its risk appetite?
Which of the following scenarios would most likely impair the independence of an internal audit activity?
To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?
Which of the following actions taken during an audit engagement is the best demonstration of an internal auditor ' s due professional care?
Which of the following best demonstrates organizational independence of the internal audit activity?
Which of the following drivers of fraud is directly controllable by an organization?
In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?
Which of the following would be considered a monitoring activity in organization wide risk management?