Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CIA > IIA-CIA-Part1

IIA-CIA-Part1 Internal Audit Fundamentals Question and Answers

Question # 4

An electrician visits a client to assess the scope of work. After the visit, the sales office compiles and sends the client a proposal based on the electrician ' s estimation and approved price list. The internal auditor notices that in the last six months, the number of cancelled proposals has increased substantially. Which of the following is a fraud risk scenario that the auditor should consider in this situation?

A.

Some electricians may be offering clients opportunities for reduced fees if they pay with cash.

B.

There is a new competitor in the area who offers better prices.

C.

Sales representatives may be manipulating the proposals to include additional costs.

D.

An unauthorized person may be modifying client data and cancelling the proposals.

Full Access
Question # 5

Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?

A.

The OAIP should be conducted at least once every three years, and must be performed by an external assessor.

B.

The OAIP should be conducted on an ongoing basis, and can be completed as a self-assessment,

C.

he QAIP should include both internal assessments performed by staff and external assessments performed by independent, objective individuals

D.

The OAIP should be performed with scoping limitations established by the board.

Full Access
Question # 6

Which principle of the HA Code of Ethics focuses on continuing education and professional development?

A.

Due professional care

B.

Professionalism

C.

Proficiency

D.

Competency

Full Access
Question # 7

Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?

A.

The nature and scope of a consulting engagement are determined by the internal audit activity based on its risk assessment

B.

The nature and scope of an assurance engagement are subject to agreement with management of the area under review

C.

Both assurance services and consulting services can be focused on controls or performance or both

D.

The assurance engagement process ends with reporting

Full Access
Question # 8

The organization ' s internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Full Access
Question # 9

Which of the following is considered to be a threat to the internal auditor ' s objectivity?

A.

The auditor drafted the operational procedures of the area that she is currently auditing.

B.

The auditor received a bonus that was approved by the board of directors.

C.

The assigned auditor recommended operational procedures for the organization.

D.

The assigned auditor rotated out of the same business activity three years ago

Full Access
Question # 10

During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?

A.

Business acumen

B.

Persuasion and collaboration

C.

Critical thinking

D.

Communication

Full Access
Question # 11

An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?

A.

Risks and relevant mitigating controls.

B.

Business processes and relevant fraud risks.

C.

Fraud scenarios and relevant risks.

D.

Opportunity, rationalization, and pressure to commit fraud.

Full Access
Question # 12

According to IIA guidance, which of the following best demonstrates due professional care?

A.

Staffing audit engagements with internal auditors who possess professional designations.

B.

Relying on prior audit work to save planning time and costs.

C.

Performing assurance procedures to guarantee all significant risks are identified.

D.

Assessing the cost of assurance in relation to the potential benefits.

Full Access
Question # 13

An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?

A.

There are checks to determine the existence of any potential conflict of interest.

B.

The CAE reports functionally to the highest level of management, the CEO.

C.

The CAE’s compensation depends on the performance of the organizational departments.

D.

Hiring and termination of the CAE is dependent on the decision of senior executives.

Full Access
Question # 14

Which of the following controls would best mitigate the risk of fraud in the bidding process?

A.

Have a bidding committee open the tender bids.

B.

Restrict the time to submit tender bids.

C.

Keep minutes of pre-bid meetings.

D.

Allow the higher tenders to rebid.

Full Access
Question # 15

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank ' s IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Full Access
Question # 16

Which of the following is the best example of a risk appetite statement concerning an investment portfolio?

A.

We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.

B.

We will hedge 95 percent of our U S. currency exposure and 100 percent of our European currency exposure.

C.

We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.

D.

We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.

Full Access
Question # 17

An employee accepts cash payments from customers and does not record the sale. This is an example of which of the following types of fraud?

A.

Asset misappropriation.

B.

Skimming

C.

Corruption.

D.

Lapping.

Full Access
Question # 18

To comply with the proficiency standard, which of the following would the chief audit executive likely consider as the primary hiring criterion when choosing a new internal auditor?

A.

The auditor ' s demonstrated problem-solving skills.

B.

The auditor ' s skills compared to those already possessed by other audit staff.

C.

The auditor ' s ability to be self-motivated and a good team player.

D.

The length and consistency of the auditor ' s work experience.

Full Access
Question # 19

Which of the following statements is true regarding organizational culture and an audit of the control environment?

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Full Access
Question # 20

While auditing an organization ' s credit approval process, an internal auditor learns that the organization has made a large loan to another auditor ' s relative. Which course of action should the auditor take?

A.

Proceed with the audit engagement, but do not include the relative ' s information.

B.

Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.

C.

Disclose in the engagement final communication that the relative is a customer.

D.

Immediately withdraw from the audit engagement.

Full Access
Question # 21

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Full Access
Question # 22

In a small organization, management is unable to achieve adequate segregation of duties for its cash-handling procedures Therefore hidden surveillance cameras were installed to monitor cash-handling activities Which of the following best describes this type of control?

A.

Corrective control

B.

Process-level control

C.

Compensating control

D.

Preventive control

Full Access
Question # 23

At a construction company, supervisors are entitled to bonus payments if there are no safety rule violations on their teams. There are several channels available for workers to report accidents and violations, and all reported violations are investigated. Bonus payment calculations are approved by managers and the head of safety. Which of the controls best addresses the risk that supervisors will conceal accidents on their teams in order to receive the bonus?

A.

The investigation of all reported violations

B.

The authorization process for bonus calculations

C.

The variety of reporting channels

D.

The presence of safety rules

Full Access
Question # 24

An internal audit activity uses a rotational program to recruit high-performing staff members from other parts of the organization One of these individuals is nearing the end of her four-year internal audit rotation The chief audit executive assigned her to an assurance engagement in the business area she will be going into when she leaves the internal audit activity Which of the following statements is

true regarding this scenario?

A.

Accepting the assignment is a violation of internal audit independence

B.

Accepting the assignment will improve competencies and develop relationships that will be needed in her next assignment

C.

Accepting the assignment creates the appearance of an impairment to her professional judgment and detectivity

D.

Accepting the assignment on the assurance engagement would be a breach of due professional care

Full Access
Question # 25

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

A.

Determine the organization’s overall risk appetite.

B.

Establish a governance committee.

C.

Delegate authority to members of senior management.

D.

Identify key stakeholders and their expectations

Full Access
Question # 26

During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

A.

Ensure that returned merchandise is restocked to shelves or sent to the manufacturer by an independent employee.

B.

Call a sample of customers who returned merchandise to test the legitimacy of the returns and check refund amounts.

C.

Require that a manager use a reserved register code to approve voids or refunds.

D.

Analyze voids and refunds by employee, credit card number, and amount for unusual numbers, amounts, or patterns.

Full Access
Question # 27

Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

A.

Delivering fraud awareness training to employees in the department.

B.

Segregating duties between employees in the department.

C.

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

Full Access
Question # 28

An internal audit of warehouse inventory revealed no material deficiencies. However, management later discovered fraud, which occurred during the period that was audited, and determined that a major control deficiency allowed the fraud to occur. Given management ' s discovery, which of the following statements is valid?

A.

The internal auditors violated the standard for due professional care because they did not detect the fraud, even though it occurred during the period that was reviewed.

B.

The internal auditors should have had sufficient knowledge of fraud to identify red flags indicating possible fraud.

C.

The internal auditors could not have detected the fraud due to collusion among employees in the inventory unit.

D.

The internal auditors are not responsible for considering fraud risk, which is a management responsibility.

Full Access
Question # 29

A chief audit executive assigned an internal auditor to perform an assurance engagement. The auditor concluded with a major audit finding based on hearsay evidence Which of the following competencies did the auditor appear to be lacking?

A.

Effective communication skills

B.

Risk-based assurance knowledge

C.

Demonstration of due professional care.

D.

Demonstration of ethical behavior

Full Access
Question # 30

A risk assessment showed that the cost of addressing a particular risk in the organization ' s human resources department is greater than the perceived benefit. Which risk response approach should the organization take in this scenario?

A.

Reduce the risk.

B.

Transfer the risk.

C.

Accept the risk.

D.

Share the risk.

Full Access
Question # 31

According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

A.

Outline expectations for communicating the results of all aspects of the internal audit activity.

B.

Declare the internal audit activity’s accountability for safeguarding assets and confidentiality.

C.

Document the chief audit executive’s (CAE ' s) reporting line

D.

Document agreement between the CAE and the individual to whom the CAE reports

Full Access
Question # 32

Internal audit is performing an engagement to determine whether there were indications of questionable bidding on a city s infrastructure project. As part of the engagement the internal audit activity became aware that certain firms tend to receive the contracts for large city projects. How should the internal audit activity proceed with the engagement and identify questionable bidding practices?

A.

Obtain the city s vendor listing to determine whether there was an adequate number of firms available to solicit bids for protects

B.

Obtain at of the city s financial records to identify any firms that received payments for contracted goods and services.

C.

Obtain the city ' s contracting files to determine whether the city demonstrated efforts to solicit bids from various interested firms.

D.

Obtain the city’s official public meeting minutes to determine whether there were concerns about the contracting practices

Full Access
Question # 33

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large

organization?

A.

The internal assessment results should be discussed once every five years,

B.

The rating conclusions and the impact from results of the external assessment should be explained,

C.

The results of the external assessment should be discussed every seven years,

D.

The qualifications and independence of the internal assessment team should be discussed

Full Access
Question # 34

According to MA guidance, which of the following is an appropriate role for the internal audit activity?

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management ' s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Full Access
Question # 35

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation

Full Access
Question # 36

Which of the following should catch the internal auditor ' s attention as a potential red flag for fraud?

A.

The accounting unit keeps detailed records and preserves supporting documentation in excess of company requirements

B.

One of the subsidiaries has more bank accounts than any other comparable subsidiary

C.

The same external audit firm has been with the company for three years without rotation

D.

The arithmetic median tenure of employees working at production facilities is 15 years

Full Access
Question # 37

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Full Access
Question # 38

What would be the proper sequence of steps for an internal auditor to take in order to draw a conclusion on internal control effectiveness and adequacy after ascertaining the key controls?

A.

Evaluate the adequacy of the controls and then test the controls for effectiveness.

B.

Test the controls for effectiveness and then evaluate the adequacy of the controls.

C.

Identify risks and then evaluate the controls for effectiveness.

D.

Evaluate the controls for effectiveness and then assess the risks in the area.

Full Access
Question # 39

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization ' s risk appetite.

B.

Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization ' s risk appetite and take into consideration emerging risks

Full Access
Question # 40

According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed,

C.

The organization establishes effective governing body oversight,

D.

Audit assignments are rotated among internal audit staff

Full Access
Question # 41

In which of the following scenarios is the internal auditor in conformance with The IIA ' s Code of Ethics and the Standards?

A.

The auditor testifies in front of a jury about an organization ' s fraudulent financial practices after receiving a subpoena

B.

Management has agreed to remedy a significant control deficiency, so the auditor excludes the deficiency from the engagement report

C.

The chief audit executive declines an assurance engagement in IT because the internal audit activity is not proficient in IT

D.

The auditor communicates an audit opinion on fraud risk during an audit engagement’s preliminary fraud risk assessment

Full Access
Question # 42

For a high-risk observation, which is the best approach to follow when management takes an aggressive, uncompromising position in opposition to the internal audit activity?

A.

The parties should work together to develop a mutually beneficial solution.

B.

The internal audit activity should share the observation with other business units to get their opinions.

C.

The internal audit activity should discuss with senior management, and if still not resolved, discuss with the board.

D.

The internal audit activity should accommodate management ' s position, since the relationship is more important than the fight.

Full Access
Question # 43

An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

A.

Verifying whether claims have been properly authorized for payment.

B.

Verifying whether claims are properly supported by invoices or other documents.

C.

Confirming that all claims are within the limits of the organization ' s travel policy.

D.

Reconciling claims against business trip requests that were approved by supervisors.

Full Access
Question # 44

Which of the following activities would breach the principles of The IIA ' s Code of Ethics?

A.

The internal auditor is keeping personal notes from an engagement conducted on the organization ' s information system security for future use.

B.

The internal auditor is performing an engagement of the purchasing department where he used to work five years ago.

C.

The internal auditor is using information from a recent engagement to assist with a friend ' s business.

D.

The internal auditor is discussing relevant information involving questionable vendors with a government regulatory agency.

Full Access
Question # 45

An internal auditor in a busy internal audit activity reviews her continuing professional development records toward the end of the year and is concerned to find she has undertaken limited training and formal professional development. Which of the following actions is the most appropriate for her to take?

A.

Remind the chief audit executive (CAE) that he is responsible for her continuing professional development and needs to address the issue

B.

Contact her professional organization and explain that she does not need formal professional development, as she is being developed sufficiently through undertaking audit engagements.

C.

Accept that she is unlikely to meet continuing professional development requirements but look to attend training courses at the next available time.

D.

Accept that she is responsible for her own continuing professional development, develop a professional plan, and discuss it with the CAE.

Full Access
Question # 46

Which of the following survey questions would be most effective to identify ethics violations within the organization?

A.

Are the performance targets in your department realistic and attainable?

B.

Do your coworkers have the knowledge, skills, and training needed to perform their job duties?

C.

Does your supervisor comply with laws and regulations affecting the organization?

D.

Do you have sufficient resources, tools, and time to accomplish your work objectives?

Full Access
Question # 47

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Full Access
Question # 48

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization ' s risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Full Access
Question # 49

According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?

A.

The initial review of workpapers should be conducted after the final engagement report is issued.

B.

Independent internal assessments of the internal audit activity should be performed by entry-level staff as part of on-the-job training.

C.

Internal audit staff should be informed regularly of changes to policies and procedures.

D.

Training documents should be destroyed at the end of the year to create space for the next year ' s training documents.

Full Access
Question # 50

According to IIA guidance, which of the following would be the most appropriate to help a new internal auditor understand the nature and positioning of the internal audit activity within his organization?

A.

The internal audit charter.

B.

Examples of internal audit reports.

C.

The internal audit policy and procedures manual.

D.

The IIA’s International Professional Practices Framework.

Full Access
Question # 51

Which of the following best demonstrates the application of due professional care?

A.

An engagement supervisor requests that the employment of a process owner be terminated due to a significant control failure.

B.

An audit lead establishes internal audit manuals to guide the internal audit activity on now to undertake audit engagements.

C.

An audit manager provides a guarantee to senior management that internal controls relating to an audited process operate effectively.

D.

An organization ' s internal audit activity operates under a direct reporting structure to tie audit committee of the board

Full Access
Question # 52

Which of the following could increase risks to the organization’s control environment?

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures.

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline.

Full Access
Question # 53

Whch ol the following would show appropriate disclosure of nonconformance with the Standards?

A.

The chief audit executive (CAE) documented in the personal file a critical conflict of interest involving an internal audit on a upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor’s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to revealed to operational manager that he failed to appropriately consider risks while he was developing the audit plan.

Full Access
Question # 54

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization ' s automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry ' s production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Full Access
Question # 55

The CEO has delegated several responsibilities to the internal audit activity. Which of the following directives should concern the chief audit executive the most?

A.

Internal auditors shall perform engagement-level risk assessments

B.

Internal auditors shall perform risk management activities.

C.

Internal auditors shall perform risk-based engagements

D.

Internal auditors shall perform organization wide risk assessments

Full Access
Question # 56

Which of the following statements best describes internal auditors ' role in fraud detection?

A.

Internal auditors ' roles are similar to those performed by loss prevention managers or fraud investigators.

B.

Internal auditors ' demonstration of adequate professional skepticism during an audit engagement is of paramount importance.

C.

Internal auditors should consider fraud risks in every assignment and demonstrate due care by detecting fraud instances.

D.

Internal auditors should possess a fraud-related body of knowledge, enabling them to carry out preventative and detective measures.

Full Access
Question # 57

Which of the following situations is most likely to heighten an internal auditor ' s professional skepticism regarding potential fraud?

A.

A procurement manager does not have the expected academic credentials for his position.

B.

A salesperson frequently complains about the organization ' s policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions.

D.

A financial accountant is absent from work frequently due to regular medical procedures.

Full Access
Question # 58

Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?

A.

Ongoing monitoring results

B.

Periodic management assessment results

C.

Annual risk assessment results

D.

Internal auditors ' training evaluation results

Full Access
Question # 59

Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

A.

A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit

B.

A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit

C.

A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities

D.

An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable

Full Access
Question # 60

During a monthly internal audit staff meeting, the chief audit executive (CAE) decided to reinforce the importance of internal audit staff being objective in their work. Which of the following examples would be most appropriate for the CAE to include as part of the meeting presentation?

A.

Statistical sampling techniques should always be used to pull unbiased sampling for testing.

B.

Fieldwork completed by internal auditors should be appropriately reviewed.

C.

Internal auditors should avoid using the lunch room simultaneously with audit clients.

D.

During the audit review period, there should be no nonaudit dialogues with the audit client.

Full Access
Question # 61

At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Full Access
Question # 62

Which of the following statements best describes a functional difference between external auditors and internal auditors?

A.

Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.

B.

Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.

C.

internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.

D.

Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.

Full Access
Question # 63

Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?

A.

Typically less time is needed to train the NGO members on the audit process.

B.

NGO members are often more unbiased and objective

C.

A report with a positive statement from an NGO member is deemed to be more credible. As opposed to auditors.

D.

NGO members are licensed to audit corporate social responsibility.

Full Access
Question # 64

According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?

A.

Establish policies and procedures concerning the engagement process

B.

Develop a strategy for recruiting assigning, and training staff

C.

Outsource complex engagements to an external service provider

D.

Base the auditor evaluation process on the number of observations

Full Access
Question # 65

Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed in the last year.

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.

Full Access
Question # 66

Wi ch of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed the last year

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistieblower hotline.

Full Access
Question # 67

An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?

A.

Opportunity

B.

Pressure

C.

Rationalization

D.

Justification

Full Access
Question # 68

Which of the following statements is true regarding the role of the internal audit activity in the organization ' s risk management process?

A.

The internal audit activity should not be responsible for developing the organization ' s risk management framework, even with appropriate safeguards.

B.

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Full Access
Question # 69

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Full Access
Question # 70

Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?

A.

The quality assurance and improvement program identified several opportunities for the internal audit activity to make improvements.

B.

In lieu of an external assessment, the internal audit activity performed a self-assessment with independent external validation.

C.

During an internal quality assessment, it was identified that rotational auditors often perform consulting engagements for areas of the organization where they had previous responsibilities.

D.

External assessments are performed every five years by a competent internal audit team from the organization ' s parent company.

Full Access
Question # 71

Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

A.

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

B.

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

C.

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

D.

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

Full Access
Question # 72

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Full Access
Question # 73

Outsourcing a business activity is considered which of the following risk management techniques?

A.

Sharing a risk.

B.

Avoiding a risk.

C.

Reducing a risk.

D.

Mitigating a risk

Full Access
Question # 74

According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

A.

Report external assessments upon completion of such assessments

B.

Report external assessments at least annually

C.

Report ongoing monitoring quarterly

D.

Report post-engagement reviews at least once every five years

Full Access
Question # 75

Nearing the completion of fieldwork, an internal auditor shared the draft report findings with management prior to the closing meeting. During the closing meeting, management expressed dissatisfaction in that they were not familiar with some of the findings. Management also noted that some aspects of the report seemed confusing. Which of the following competencies appears to have been lacking in this scenario?

A.

Communication.

B.

Business acumen.

C.

Persuasion.

D.

Critical thinking.

Full Access
Question # 76

Which of the following best describes the type of organizational culture known as adaptability culture ' ?

A.

A results-oriented culture that values competitiveness and personal initiative

B.

A culture that emerges in quick-response and high-risk decision-making environments

C.

A culture that is characterized by low involvement with environmental and health issues

D.

A culture that places high value on participation and meeting the needs of employees.

Full Access
Question # 77

Which of the following statements is true regarding a key difference between assurance and consulting services provided by the internal audit activity?

A.

When conducting a consulting engagement, the nature and scope of the engagement are determined by the internal audit activity.

B.

Three parties are participants in assurance services, while consulting engagements generally involve two parties.

C.

An assurance engagement has two participants, while consulting engagements generally involve three parties.

D.

When conducting an assurance engagement, the engagement objectives, scope, and techniques are agreed with the area under review.

Full Access
Question # 78

Which of the following is ultimately responsible for the continuing professional development of internal audit activity staff?

A.

Individual internal auditors.

B.

Chief audit executive.

C.

Board of directors.

D.

CEO.

Full Access
Question # 79

An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system ' s design strengths and weaknesses. Which of the following is true regarding impairment to the auditor ' s objectivity?

A.

This situation does not necessitate any action related to the auditor ' s objectivity.

B.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

C.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

D.

The auditor can provide only consulting services, not assurance.

Full Access
Question # 80

Which of the following represents an example of an ethical issue that the organization should address ' ?

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Full Access
Question # 81

Which of the following scenarios demonstrates nonconformance with the Standards?

A.

An internal auditor failed to expand the engagement and include managements preferences when determining the scope of an upcoming assurance engagement.

B.

An internal audit activity lacks the skills need to perform a high-risk security engagement included on the annual audit plan.

C.

A chief audit executive fated to perform a risk assessment prior to preparing the audit plan

D.

An internal audit activity has existed for two years and has not undergone external quality assessment

Full Access
Question # 82

Which of the following is an appropriate role for the internal audit activity?

A.

Ensuring the organization ' s key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

Implementing new controls to promote continuous improvement.

D.

Validating control assessments performed by the external auditor.

Full Access
Question # 83

Which of the following statements is true regarding management ' s use of judgement to design, implement, and conduct internal control?

A.

The use of judgment enhances management ' s ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management ' s ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Full Access
Question # 84

Which of the following should be part of the internal audit activity ' s duties?

A.

Actively reporting to the governing body.

B.

Providing risk management frameworks.

C.

Assisting management in developing processes and controls to manage risks and issues.

D.

Identifying and mitigating significant risks to the organization.

Full Access
Question # 85

Due to toe increased operational responsibility of the CEO. The chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO). What is the likely imped of such a situation?

A.

There may be limitation m the scope of engagements that can be undertaken

B.

The CPO could provide expert advice when auditing areas under his purview

C.

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.

The expense of finance staff can be catted upon during an audit of finance-related areas

Full Access
Question # 86

Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

A.

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization’s control processes.

B.

Quality assessments focus on the internal audit activity ' s structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

C.

In order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year.

D.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments.

Full Access
Question # 87

According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management

D.

At the board ' s discretion, the frequency of external assessments can exceed the five-year guideline

Full Access
Question # 88

The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?

A.

Parties are confident of the solution and are ready to defend it.

B.

There is a high level of trust among the parties.

C.

Resolution is time sensitive and a quick decision is necessary.

D.

The issue is more important to one patty than the others.

Full Access
Question # 89

An external assessment was performed as part of the organization ' s quality assurance and improvement program. Which of the following conclusions confirms that the internal audit activity is in conformance with the Standards ' ?

A.

The chief audit executive is well qualified and has responsibilities over operational areas that the internal audit activity assesses.

B.

Periodic self-assessments are assigned to entry-level internal audit staff to support their continuing professional development.

C.

All audit workpapers are reviewed and signed by the engagement supervisor before the audit report is issued.

D.

Employees who rotate into the internal audit activity from other areas of the organization are assigned to audit areas where they previously worked, to take advantage of their operational expertise and experience.

Full Access
Question # 90

According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?

A.

The IIA ' s Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Full Access
Question # 91

Which of the following is a legitimate role for the internal audit activity in the organization ' s risk management process ' ?

A.

Championing the establishment of a risk management framework

B.

Creating and implementing new risk management processes

C.

Maintaining sole responsibility for risk management within the organization

D.

Setting the risk appetite of the organization

Full Access
Question # 92

Which of the following statements best represents the duo professional care that is required of internal auditor’s?

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should device internal audit programs to confirm that the results are accurate.

Full Access
Question # 93

Which risk management activity would cause the internal auditor to assume a management responsibility?

A.

Assessing management ' s acceptance of risk.

B.

Reviewing a cybersecurity risk report issued by management.

C.

Developing a list of emerging risks for management.

D.

Prioritizing risks for management.

Full Access
Question # 94

Which of the following actions by the internal audit activity requires disclosure to the board of nonconformance with the Standards?

A.

The internal audit activity did not complete an external assessment within the last seven years

B.

The internal audit activity performed an engagement with limited scope due to lack of knowledge

C.

The internal audit activity failed to consider risk when conducting a review of a department

D.

An internal auditor was assigned to an engagement m an area where she previously worked more than 10 years ago

Full Access
Question # 95

Which of the following situations is most likely to prompt the internal audit activity to disclose its nonconformance with the Standards?

A.

One of the organization ' s senior internal auditors owns a side business, though to date, no sales have been made to this business.

B.

The annual internal audit plan includes performance audits of main business processes, but reviews of high-risk development projects were not considered.

C.

The internal audit activity committed to carrying out an audit of documentation on investment hed ging, and a hedging expert was contracted to assist with the engagement.

D.

A periodic quality self-assessment of the internal audit activity identified a number of improvement areas with regard to key performance indicators.

Full Access
Question # 96

The results of an assessment of the adequacy of controls would be considered incomplete or misleading unless the internal auditor considers which of the following?

A.

Number of mitigating controls.

B.

Effectiveness of the control environment

C.

Use of computer-assisted auditing techniques.

D.

IT security controls

Full Access
Question # 97

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Full Access
Question # 98

Which of the following is an example of impairment to internal auditor independence or objectivity ' ?

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Full Access
Question # 99

After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?

A.

Independence.

B.

Confidentiality.

C.

Objectivity.

D.

Competency

Full Access
Question # 100

Which of the following fraud schemes is often an off-book fraud*?

A.

Payroll fraud

B.

Disbursement fraud

C.

Corruption

D.

Information misrepresentation

Full Access
Question # 101

Which of the following relates to the concept of due professional care?

A.

An auditor attempts to obtain information needed to complete an assurance engagement but is denied access.

B.

The appointment of the chief audit executive is ratified by the board.

C.

An auditor demonstrates a good understanding of the steps involved in carrying out a consulting engagement.

D.

The internal audit resource plan is only approved by the chief financial officer.

Full Access
Question # 102

Which of the following is most likely to impair the organizational independence of the internal audit activity?

A.

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Full Access
Question # 103

Which of the following best demonstrates that the internal audit activity is using due professional care?

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysts techniques

Full Access
Question # 104

An internal audit of an organization ' s disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors ' banking information?

A.

Management periodically reviews and verifies the information in the vendor master Tile.

B.

Management ' s approval is required for update to vendors ' banking information.

C.

Management randomly audits a sample of payments to verify the accuracy of vendors ' banking information.

D.

Management ' s approval is required before payments can be processed.

Full Access
Question # 105

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers ' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

A.

Reject the court order, citing a potential breach of customers ' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Full Access
Question # 106

Which of the following statements demonstrates that internal auditors are in conformance with the standard of due professional care?

A.

Internal auditors have shown they have the freedom to carry out their responsibilities.

B.

Internal auditors have demonstrated the skills needed to carry out the audit engagement.

C.

Internal auditors have strictly followed a formal audit process in conducting their work.

D.

Internal auditors have demonstrated an unbiased mental attitude.

Full Access
Question # 107

During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?

A.

The ability to negotiate

B.

The ability to use analytical tools

C.

The ability to foresee issues

D.

The ability to manage conflict

Full Access
Question # 108

Which of the following scenarios provides the most concerning red flag or indicator of possible fraud?

A.

An employee receives a bonus for perfect attendance

B.

During the past 18 months three chief financial officers have left the organization after having been promoted to the position

C.

The organization does not perform any due diligence research on third party service providers

D.

Three competitors are highly profitable but a fourth equal in size is approaching bankruptcy limits

Full Access
Question # 109

An internal auditor has completed an assurance engagement. Which of the following is most likely true regarding the engagement?

A.

During audit planning the auditor provided the client with the scope of the engagement for their agreement

B.

The results of tie engagement were included m a written report mat was issued to the cleint who requested me engagement

C.

During audit planning the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.

The client requested the review of a new payroll system in order to improve the security of fie system

Full Access
Question # 110

Six months after an employee was transferred to the internal audit activity his former operating manager requested that he return to assist a project team with the evaluation of a new pricing module for the organization’s online ordering system According to IIA guidance which of the following statements is true?

A.

The auditor cannot be assigned to this project, as it has been fewer than 12 months since he was transferred from that department.

B.

Another internal auditor should be appointed to the engagement to preserve the independence of the internal audit activity

C.

The auditor cannot participate in the assignment, as providing an opinion would impair his objectivity

D.

The auditor may participate on the project, as the nature of the assignment is consulting

Full Access
Question # 111

Which of the following best demonstrates conformance with the Standards regarding the internal audit activity ' s purpose authority, and responsibility?

A.

Discussion and formal presentation of the internal audit charter to the board of directors

B.

Certification by external auditors on the purpose, authority and responsibility of the internal audit activity

C.

Approval of senior management that the internal audit activity is functioning as originally designed

D.

Self-assessment of the internal audit activity completed by the chief audit executive

Full Access
Question # 112

Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

A.

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

Full Access
Question # 113

Which of the following statements is true regarding intangible assets?

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Full Access
Question # 114

According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed.

C.

The organization establishes effective governing body oversight.

D.

Audit assignments are rotated among internal audit staff.

Full Access
Question # 115

Which of the following is an area that an organization would most likely include as part of its corporate social responsibility reporting?

A.

The profitability impact of its products in developing markets.

B.

The amount of political donations to local government races.

C.

The number of complaints related to traffic from its new factory.

D.

The compensation packages awarded to senior management.

Full Access
Question # 116

Which of the following would be a red flag for potential issues in the control environment?

A.

Segregation of duties during preparation of the financial statements

B.

Compensation structures that are based on commissions

C.

A low rate of turnover in key financial positions

D.

The presence of a whistleblower policy and fraud hotlinea

Full Access
Question # 117

According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?

A.

Monitoring resources.

B.

Compensating the chief audit executive.

C.

Determining scope.

D.

Allocating internal costs.

Full Access
Question # 118

Which of the following activities best demonstrates an internal auditor’s commitment to developing professional competencies?

A.

Requesting to be part of all engagements on the annual audit plan.

B.

Attending a series of locally offered training courses.

C.

Completing a skills assessment and development plan for targeted training needs,

D.

Attending a webinar on how to use data analytics

Full Access
Question # 119

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Full Access
Question # 120

Which of the following best describes a consulting engagement rather an assurance engagement?

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor ' s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations

Full Access
Question # 121

Which of the following statements best describes the difference between risk appetite and risk tolerance?

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization ' s general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Full Access
Question # 122

What should be the first step for a newly hired chief audit executive to build and maintain the proficiency of the internal audit activity ' ?

A.

Incorporate the basic criteria of internal audit competency into job descriptions

B.

Complete a periodic skills assessment of the internal audit activity

C.

Develop a competency or skill assessment tool.

D.

Perform benchmarking with competitors to learn what other firms are doing related to this topic

Full Access
Question # 123

According to IIA guidance, which of the following statements is true regarding proficiency?

A.

The globally accepted Certified Internal Auditor designation is mandatory at chief audit executive levels.

B.

Internal auditors are encouraged to obtain appropriate professional designations.

C.

Specialty designations are required for those who perform specialized audit and consulting work.

D.

Studies for professional designations are the preferred source of continuing professional education

Full Access
Question # 124

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company ' s risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization ' s CEO reviews the internal audit activity ' s annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning

Full Access
Question # 125

A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?

A.

The requirement to provide an annual cost analysis that justifies having an internal audit activity

B.

The specific engagements that the internal audit activity will perform for the organization

C.

The board s oversight role and responsibilities pertaining to the internal audit activity

D.

The relevant regulations that will guide the internal audit activity ' s regulatory compliance assessments

Full Access
Question # 126

During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?

A.

An employee believes his poor compensation package justifies engaging in unethical behavior.

B.

The head of the department is the only signatory to purchase orders issued to third party contractors.

C.

Some employees strongly believe monetary gifts from vendors is a means of saving for life after employment.

D.

One of the employees was found to have an obsession with expensive jewelry

Full Access
Question # 127

An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?

A.

Support a mix of environmental economic and social initiatives to ensure a balanced approach is taken

B.

Survey employees and external stakeholders to see which causes are best suited to the organization.

C.

Select corporate social responsibility initiatives that support the overall strategic goals of the organization

D.

Conduct a financial analysis to determine where the most impact can be made with the budget available

Full Access
Question # 128

An internal auditor at a multinational organization is reviewing the effectiveness of the organization ' s risk management framework. In this scenario, which of the following statements is true?

A.

The auditor should consider local cultures and customs in various regions when assessing control effectiveness.

B.

Regardless of their location, employees at all levels share responsibility for designing effective controls to mitigate risks.

C.

To achieve an effective internal control environment, the organization ' s risk management plan must be documented and communicated to all levels throughout each region.

D.

Setting clear objectives is a precondition to effectively identifying, assessing, and responding to the organization ' s risks.

Full Access
Question # 129

An auditor for a large wholesaler is evaluating the controls over the approval and oversight of credit sales. Which of the following procedures would be a control weakness?

A.

The credit department is responsible for approving shipments to all customers

B.

The finance committee of the board of directors periodically reviews credit standards

C.

Customers who fail to meet credit requirements must pay cash for shipments upon delivery

D.

The sales department is responsible for determining the credit ratings of customers

Full Access
Question # 130

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Full Access
Question # 131

Which of the following statements is correct regarding disclosure of conformance or Standards?

A.

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

Full Access
Question # 132

Which of the following best describes the approach the internal audit activity should take to assess and make appropriate recommendations to improve the organization?

A.

To evaluate an organization s governance processes for making strategic and operational decisions eternal auditors should review the organization s policies and processes related to staff compensation

B.

To determine how an organization provides oversight of its risk management and control activities internal auditors should review board meeting minutes and the board policy manual

C.

To assess how an organization promotes ethics and values both internally and among its external business partners, internal auditors should review the organization ' s related objectives programs and activities

D.

To evaluate how an organization ensures effective performance management and accountability internal auditors should review previously conducted risk assessments

Full Access
Question # 133

During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?

A.

Flowchart of the vendor addition process.

B.

Independent confirmations sent to vendors.

C.

Analysis of the control ' s costs and benefits.

D.

Interview with management of the procurement function.

Full Access
Question # 134

According to IIA guidance, which of the following statements is true of assurance services provided by the internal audit activity?

A.

Internal auditors cannot assess an operation for which they were responsible within the previous year.

B.

Management of the area under review must agree with the engagement objectives, scope, and techniques.

C.

The engagement results will vary in form and content depending upon the needs and wishes of the engagement client.

D.

The only parties involved in the engagement are the internal auditor and management of the area under review.

Full Access
Question # 135

Which of the following types of policies best helps promote objectivity in the interna! audit activity ' s work?

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment,

B.

Policies that match internal auditors ' performance with feedback from management of the area under review.

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of inappropriate business relationships.

Full Access
Question # 136

Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?

A.

Monitor the organization ' s overall risk activities in relation to its risk appetite and other risk criteria.

B.

Guide the integration of risk management with other business planning and management activities.

C.

Review the portfolio of risk of the organization in relation to its risk appetite.

D.

Assume responsibility for the effectiveness and success of the risk management framework

Full Access
Question # 137

According to IIA guidance, which of the following statements is true regarding risk management in an organization?

A.

The risk management function has the sole responsibility for identifying and managing risks in all departments

B.

Risk management is a core responsibility of the internal audit activity

C.

The internal audit activity should consider the organization’s maturity, structure, and the competitive environment to establish the organization’s risk appetite

D.

The internal audit activity may use a risk management or control framework to assist in risk identification

Full Access
Question # 138

According to MA guidance, which of the following is true with regard to the internal audit charter?

1. It specifies the minimum resources needed for assurance engagements.

2. It requires final approval from senior management.

3. It defines the internal audit activity ' s authority and responsibilities.

4. It describes the expectations for communicating the results of a quality assurance and Improvement program.

A.

1 and 4 only.

B.

3 and 4 only.

C.

1.2. and 4.

D.

2. 3. and 4.

Full Access
Question # 139

A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management. Which of the following would be the most appropriate action for the CAE to take?

A.

Compare the design of the organization ' s ethical programs with best practices.

B.

Verify that a code of conduct and related policies exist and are communicated.

C.

Use employee surveys to assess whether ethical programs are achieving desired outcomes.

D.

Compare the cost of the ethical programs with the achieved outcomes.

Full Access
Question # 140

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Full Access
Question # 141

Who is held responsible for oversight of the organization ' s risk management framework?

A.

Operational management.

B.

Board of directors.

C.

Internal auditors.

D.

Head of risk management.

Full Access
Question # 142

Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?

A.

Regulatory approval from an accrediting agency.

B.

Self-assessments against a competency framework.

C.

Approval and signoff from the board of directors.

D.

A review by external auditors on an annual basis

Full Access
Question # 143

When dealing with various stakeholders which of the following is true regarding an internal auditor ' s responsibility to remain objective and independent?

A.

When deciding between conflicting reports of a control ' s performance from a control operator and the operator ' s manager the internal auditor should generally believe the manager

B.

Some audit issues may remain unremediated and unreported if management will accept recommendations that the internal auditor deems more important

C.

The internal auditor may initially disagree with management s acceptance of a risk, but reevaluate and agree with management’s judgment after further discussion

D.

When working on business unit audits it is sometimes sufficient for the internal auditor to report deficiencies only to the unit manager when remediation is not complex

Full Access
Question # 144

Which of the following best describes a consulting engagement rather than an assurance engagement?

A.

Bank internal auditors review an activity checklist to determine that the loan officer followed proper procedures.

B.

The chief financial officer asks for the internal auditor ' s opinion regarding whether the new accounting pronouncements were properly and comprehensively adopted.

C.

An internal auditor is assigned to assess whether a proposed new initiative to convert a customer service system would be cost-effective.

D.

Senior management asks the internal audit activity to review compliance with customer data security regulations.

Full Access
Question # 145

Which of the following would best preserve the organizational independence of the internal audit activity?

A.

The internal audit charter is approved by the chief audit executive (CAE).

B.

The CAE reports functionally to the CEO.

C.

The CAE ' s internal audit plan is endorsed by the board.

D.

The chief financial officer determines the appointment of the CAE.

Full Access
Question # 146

Which of the following documents would promote objectivity within an organization ' s internal audit activity?

A.

Internal audit charter.

B.

Internal audit manual.

C.

Audit committee charter

D.

Human resources employee handbook.

Full Access
Question # 147

In the context of an internal control framework, organizational structure and assignment of authority and responsibility is related to which of the following?

A.

Control activities.

B.

Information and communication.

C.

Risk assessment.

D.

Control environment.

Full Access
Question # 148

Which of the following would best describe a control implemented to detect cash register disbursement fraud in a large retail store?

A.

Separate the duties of processing and authorizing refunds on merchandise

B.

Post signs in the register area prompting customers to ask for and examine their sales receipts

C.

Periodically count the cash in the register and compare it to the expected amount

D.

Use cash registers with internal tapes that are tamper proof and that require a manager to process voids or refunds

Full Access
Question # 149

When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Full Access
Question # 150

Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

A.

An independent third party has assessed the organization ' s system of internal controls to be adequate and effective,

B.

The chief audit executive reports both functionally and administratively to the CEO.

C.

The internal audit charter is drafted properly and approved by the appropriate parties.

D.

The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.

Full Access
Question # 151

Which of the following practices, applied by the chief audit executive {CAE), most likely indicates an effective continuing professional educational program for the internal audit activity?

A.

The CAE tasks internal auditors with coordinating assurance activities with other providers across the organization.

B.

The CAE encourages auditors to volunteer to support research work of the local professional institute.

C.

The CAE requires auditors to periodically attest to the profession ' s Code of Ethics.

D.

The CAE reminds auditors to ensure workpapers are completed for audit engagements.

Full Access
Question # 152

Which of the following engagements would be considered an appropriate consulting service?

A.

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

B.

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

C.

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

D.

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

Full Access
Question # 153

With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity ' ?

A.

Assess compliance with the organization ' s code of conduct

B.

Oversee the governance and risk management processes

C.

Initiate new organizational control processes

D.

Provide advice on organizational governance activities

Full Access
Question # 154

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

A.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

B.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

C.

Security cameras that monitor cash handling at the register are not functioning.

D.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff

Full Access
Question # 155

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Full Access
Question # 156

Which of the following statements is true with regard to services provided by the internal audit activity?

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Full Access
Question # 157

An internal audit team was assigned to review the organization ' s information security protocol. After fieldwork was completed, an internal auditor identified an error in the review of security access. The error could affect the overall results of the engagement. Which of the following is the most appropriate course of action for the internal auditor?

A.

Proceed with addressing the error and report any corrections to the engagement supervisor during the scheduled exit meeting.

B.

Issue the audit report to senior management on schedule but include a disclaimer about the error.

C.

Proceed with the scheduled closing of the engagement without consideration of the identified error.

D.

Inform the engagement supervisor of the error and allow the supervisor to determine the appropriate action to take.

Full Access
Question # 158

Which of the following describes two duties that should not be performed by the same person?

A.

Posting cash receipts and cash payments to the general ledger.

B.

Posting bad debt write-offs and reconciling the accounts payable subsidiary ledger.

C.

Distributing payroll checks and approving sales returns for credit.

D.

Recording cash receipts and preparing bank reconciliations.

Full Access
Question # 159

Which of the following is an example of a risk avoidance strategy?

A.

Outsourcing the payroll function

B.

Installing cameras in the mailroom

C.

Exiting a product line

D.

Insuring all fixed assets

Full Access
Question # 160

A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

A.

Implement a uniform professional development plan for the internal audit activity.

B.

Create a formal development agreement with each individual staff auditor.

C.

Require each internal auditor to obtain the same professional certifications.

D.

Require training and developmental activities that are sponsored by The HA.

Full Access
Question # 161

Which of the following is the primary benefit of an effective professional development program for internal auditors?

A.

An effective program may enhance internal auditors ' business acumen

B.

An effective program may ensure that HA Standards requirements are adhered to during audit engagements

C.

An effective program may ensure internal auditors ' effectiveness in setting the organization ' s nsk management process

D.

An effective program may clarify management ' s expectations of the auditors and their responsibilities to the organization

Full Access
Question # 162

Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?

A.

Develop a business continuity plan for contingent situations,

B.

Insure the organization against financial losses.

C.

Rely on third-party cloud solution providers for the organization ' s systems.

D.

Hedge company assets via purchasing derivatives.

Full Access
Question # 163

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Full Access
Question # 164

According to IIA guidance, which of the following best describes expense reimbursement fraud?

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Full Access
Question # 165

According to IIA guidance, which of the following statements is true regarding due professional care?

A.

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

Full Access
Question # 166

Which of the following accurately describes the concept of inherent risk?

A.

Risk factors that exist when controls are in place and operating effectively

B.

Internal risk factors assuming no controls are in place

C.

Risk factors that cannot be mitigated because they are innate to a process

D.

Combination of internal and external risk factors in their pure state assuming no controls are in place

Full Access
Question # 167

During an assurance engagement, an internal auditor identified that a developer of the organization ' s enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

A.

Segregate duties between code development and migrating changes into production.

B.

Conduct fraud training for the IT team responsible for the ERP system.

C.

Penalize the developer who committed the fraud by terminating employment.

D.

Restrict developers ' access to the ERP system ' s test environment.

Full Access
Question # 168

Which of the following fundamental principles of The IIA ' s Code of Ethics is best described as performing work honestly diligently and responsibly?

A.

Integrity

B.

Proficiency

C.

Due Professional Care

D.

Competency

Full Access
Question # 169

In which of the following ways can a whistleblower hotline serve as a prevent

A.

active control? 3

B.

Third parties who operate the hotline ensure anonymity for whistle blowers. D Whistleblower tips help discover wrongdoings and violations of the code of conduct.Potential perpetrators of fraud know that their actions can be reported easily.

C.

Better investigation protocols are triggered by the whistleblower hotline.

Full Access
Question # 170

An internal auditor discovered that a former colleague from the internal audit activity now works in a junior position in a department scheduled for an upcoming audit. How can the auditor best ensure his objectivity for this engagement?

A.

Recommend mat the chief audit executive outsource the upcoming audit engagement

B.

Proceed with the audit engagement in accordance with the internal audit manual

C.

Increase the amount of fieldwork in order to build greater credibility for audit conclusions

D.

Declare a conflict of interest and hand over the engagement to another auditor

Full Access
Question # 171

Which of the following is a primary responsibility of senior management with respect to ethical violations?

A.

Senior management provides oversight for the organization ' s ethical climate.

B.

Senior management promotes an ethical culture in the organization.

C.

Senior management assesses the effectiveness of the organization’s ethical programs.

D.

Senior management reviews major ethical policies in the organization for compliance

Full Access
Question # 172

Nine months ago, an employee who was responsible for collections in the accounts receivables department joined the internal audit team. There is an accounts receivables assurance audit scheduled as part of this year ' s approved audit plan, which will include a review of the collections unit. With the knowledge and experience of this individual in the area, which of the following is the best approach for the chief audit executive (CAE) to take?

A.

Have the auditor formerly with the collections unit assist with planning and documenting the audit field work.

B.

Have the auditor formerly with the collections unit not participate on the audit team.

C.

Have the auditor formerly with the collections unit conduct the fieldwork and ensure it is reviewed by the CAE.

D.

Have the auditor formerly with the collections unit review all fieldwork done to ensure that there was adequate coverage.

Full Access
Question # 173

Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?

A.

Complete a skills assessment of the internal audit activity based on. The IIA Global Internal Audit Competency Framework.

B.

Develop a competency assessment tool for the internal audit activity based on The IIA Global Internal Audit Competency Framework.

C.

Incorporate the basic criteria for competency of the internal audit activity into the job descriptions of potential internal auditors,

D.

Develop an internal audit activity plan for training internal auditors to perform required assurance and consulting activities.

Full Access
Question # 174

A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization ' s stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

A.

Assess plant employees ' social media activity for specific messages related to tolerance and open communication

B.

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

Full Access
Question # 175

According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

A.

Conclude the engagement and inform management that fraud has occurred

B.

Perform further testing to verify the existence of fraud.

C.

Suspend the engagement and undertake a formal fraud investigation.

D.

Notify the board of the possible fraud immediately

Full Access
Question # 176

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator. Which of the following would most likely be the next step?

A.

Ask internal auditors to gather all relevant information and evidence.

B.

Identify and interview witnesses first and potential suspects later.

C.

Conduct a fraud risk assessment to identify the most vulnerable areas.

D.

Determine the competencies needed and assess whether team members have a conflict of Interest.

Full Access
Question # 177

According to IIA guidance, which of the following statements is true regarding ISO 31000?

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization ' s structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Full Access
Question # 178

Which of the following would be the most effective in helping to detect fraud?

A.

Code of conduct.

B.

Exit interviews.

C.

Fraud awareness training

D.

Employee promotion policy.

Full Access
Question # 179

Which of the following is a detective control strategy against fraud?

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Full Access
Question # 180

Which of the following scenarios best illustrates the Fraud Triangle component known as " perceived opportunity " ?

A.

Substantial bonuses are awarded if financial targets are met.

B.

Duties are not properly segregated.

C.

Employees may perceive favoritism and feel overlooked and resentful.

D.

Bonuses may not be paid this year.

Full Access
Question # 181

According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

A.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

B.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

C.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

D.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Full Access
Question # 182

An internal audit activity is using the auditing-by-element approach to audit the organization ' s controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

A.

Working conditions.

B.

Employees ' families.

C.

Marketplace competition.

D.

Shareholders and investors

Full Access
Question # 183

During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor ' s review and approval. Which of the following would be an appropriate course of action for the auditor to take?

A.

Review the submission and if no further remarks exist approve the risk limits

B.

Provide advice if needed and ask management of the area under review to forward to senior management and the board for approval

C.

Develop risk limit calculation criteria and ask management of the area under review to resubmit the values.

D.

Avoid providing any advice or review until the audit report is issued

Full Access
Question # 184

Which of the following is an indicator that the organization ' s risk management process is effective?

A.

The organization ' s risk appetite, mission, and objectives are clearly outlined.

B.

The organization ' s risk management practices are assessed as mature.

C.

The organization has adopted risk management frameworks and global models.

D.

The organization ' s significant risks are identified and adequately assessed.

Full Access
Question # 185

The chief audit executive (CAE) has decided to outsource an audit of the organization ' s cloud governance in the annual audit plan. Why would the CAE outsource this audit?

A.

Lack of internal audit staff proficiency.

B.

Lack of audit planning.

C.

Lack of internal assessments.

D.

Lack of due professional care.

Full Access
Question # 186

It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?

A.

The cost-benefit relationship of planned audits.

B.

Proficiency needed to carry out engagements.

C.

Achievement of the objectives of internal control.

D.

Quantity of the audits performed.

Full Access
Question # 187

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management ' s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Full Access
Question # 188

According to ISO 31000, which of the following statements is correct?

A.

The board is responsible for setting the organizational attitude through tone at the top,

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities,

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Full Access
Question # 189

Which of the following actions should the organization ' s governing body perform to provide the most effective governance over the organization ' s culture?

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Full Access
Question # 190

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Full Access
Question # 191

Which of the following is an appropriate roe fa the internal audit activity?

A.

Ensuring the organization ' s key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Full Access
Question # 192

Which of the following techniques should an internal auditor use in order to conduct an effective interview?

A.

Use technical language to establish credibility with the employee being interviewed

B.

Avoid straightforward questions to make the person being interviewed think before answering

C.

Prepare the next question while the interviewee is responding to demonstrate preparedness

D.

Appear confident but not arrogant during the interview to show professionalism

Full Access
Question # 193

Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

A.

Percentage of highly significant risks covered by internal audit plan.

B.

Percentage of previously unknown risks identified per engagement.

C.

Percentage of internal audit staff skilled in alignment with the organization ' s structure and key risks.

D.

Percentage of observations made in assurance engagements compared to advisory engagements.

Full Access
Question # 194

According to MA guidance, which of the following statements is true regarding internal auditors ' use of technology-based techniques?

A.

Auditors must consider using technology if it advances the engagement, even when implementation costs exceed the benefits.

B.

Auditors must considering using technology to reduce the organization ' s risk by detecting all instances of fraud.

C.

Auditors must consider using technology only when the Implementation cost does not exceed benefits.

D.

Auditors must consider using technology in a variety of engagements to ensure that their work is substantiated and infallible.

Full Access
Question # 195

Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?

A.

Currency exchange rates, as they relate to internal audit-related expenses.

B.

Differences in typical working hours, compared to other countries.

C.

The effects of subtle language nuances on translations.

D.

Accepted practices that may be illegal in other countries.

Full Access
Question # 196

A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

A.

The organization ' s training policy.

B.

A list of auditors who requested to attend the next audit conference.

C.

Self-assessments against an internally developed audit benchmark

D.

In house training manual

Full Access
Question # 197

Which of the following is a limitation of detective internal controls in fraud management?

A.

Implementation costs tend to be higher than the expected benefits.

B.

They tend to be easy for fraudsters to circumvent.

C.

They are not designed to improve efficiency of operations.

D.

They are not effective in preventing fraud.

Full Access
Question # 198

An internal auditor is finalizing an audit report on the effectiveness of the organization ' s overall system of internal control. Several audit tests were performed, and the only issue identified was that the CEO frequently asks employees to make exceptions or bypass the organization ' s standard written policies and procedures. Which of the following conclusions is most appropriate for the auditor to report?

A.

The auditor should indicate that the system of internal control is not effective.

B.

The auditor should indicate that the system of internal control is generally effective, except for the minor issue identified.

C.

The auditor should indicate that the system of internal control is effective.

D.

The auditor cannot express a conclusive opinion in the audit report.

Full Access
Question # 199

According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

A.

The periodic evaluation of risk ratings is primarily dependent on subjective assessments.

B.

Separate evaluations of the risk management process were conducted, but the results were never integrated.

C.

Management ' s primary objective is minimizing changes to the structure and operation of the risk management process.

D.

Many aspects of the related enterprise risk management program are informal and undocumented.

Full Access
Question # 200

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?

A.

Ask internal auditors to gather all relevant information evidence

B.

Identify and interview witnesses first potential suspects later.

C.

Conduct a fraud risk assessment to the most vulnerable areas.

D.

Determine me competencies needed and assess whatever team members have a conflict of interest.

Full Access
Question # 201

According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?

A.

Discussions with the chief audit executive.

B.

A listing of employee profiles and certifications.

C.

Inquiry of external auditors.

D.

Validation by human resources.

Full Access
Question # 202

Which of the following best describes the risk contained in an initial public offering for a new stock?

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Full Access
Question # 203

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization ' s governance process for strategic and operational decisions ' ?

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Full Access
Question # 204

Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?

A.

As the head of the organization, the CEO selects and appoints the external quality assessment team to perform the OAIP reviews.

B.

The chief audit executive determines the scope and frequency of both internal and external quality assessments based on the availability and capacity of resources in accordance with the annual internal audit plan.

C.

Minutes of meetings held with senior management and the board to discuss the scope and frequency of internal and external assessments support the OAIP reporting requirement.

D.

The internal audit activity needs to assess whether each engagement on the annual internal audit plan is conducted in conformance with the Standards.

Full Access
Question # 205

Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization ' s risk management process?

A.

Internal audit designs and implements the organization ' s controls to help manage risk.

B.

Internal audit sets the organization ' s risk tolerance and promotes awareness throughout the organization.

C.

Internal audit assesses whether the organization ' s risk management processes are effective.

D.

Internal audit is responsible for safeguarding the organization ' s assets and preventing loss from occurring.

Full Access
Question # 206

Which of the following is most likely to result in the impairment of independence for the internal audit activity?

A.

The chief audit executive (CAE) has a dual reporting relationship within the organization.

B.

The CAE performs an audit of a functional area that is also under the CAE ' s oversight.

C.

The CAE has unrestricted access to information throughout the organization and to the board.

D.

The board is involved in decisions to hire or remove the CAE and in drafting and approving an internal audit charter.

Full Access
Question # 207

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Full Access
Question # 208

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company ' s expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company ' s expenses policy

Full Access
Question # 209

An organization ' s fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?

A.

Evaluate the effectiveness of fraud investigations

B.

Oversee and monitor senior management s approach to manage fraud risks

C.

Set the tone for fraud risk management within an organization

D.

Evaluate whether the financial statements are free of material misstatement due to fraud

Full Access
Question # 210

Which of the following statements is true regarding control activities?

A.

Control activities are carried out by first-line and second-line functions to mitigate risks.

B.

Control activities are implemented by internal auditors to mitigate risks to an acceptable level.

C.

Control activities provide the foundation for the organization to establish its risk appetite.

D.

Control activities are a precondition to setting risk tolerance levels.

Full Access
Question # 211

The largest risks facing an organization should be mitigated by which type of controls?

A.

Entity-level

B.

Activity-level

C.

Transaction-level

D.

Process-level

Full Access
Question # 212

Which of the following would best assist the internal audit activity in assessing whether an organization ' s responses to risk are aligned with its risk appetite?

A.

Analyzing the results of successful testing of controls and monitoring procedures implemented by management

B.

Determining that there are no gaps between the internal auditors ' risk assessment and the risk assessment performed by the organization

C.

Obtaining evidence that employees throughout the organization are aware of the organization s risk appetite

D.

Verifying that previously identified organizational risks were documented in board meeting minutes

Full Access
Question # 213

Which of the following scenarios would most likely impair the independence of an internal audit activity?

A.

A relative of an internal audit team member works m a department being reviewed

B.

The internal audit budget is reduced by management requiring the removal of all lT-related engagements from the audit plan

C.

An audit manager removes a finding from the draft report due to disagreements with the chief financial officer

D.

The operating effectiveness of a control is reported as ' satisfactory. " because no concerns were identified during planning

Full Access
Question # 214

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Full Access
Question # 215

Which of the following actions taken during an audit engagement is the best demonstration of an internal auditor ' s due professional care?

A.

Ensure that all financial information related to the engagement is included in the audit plan and examined for irregularities.

B.

Document all audit tests completely.

C.

Consider the possibility of noncompliance or irregularities at all times during an engagement.

D.

Notify the audit committee of any noncompliance or irregularity discovered during an engagement

Full Access
Question # 216

Which of the following is an example of a detective control?

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Full Access
Question # 217

Which of the following best demonstrates organizational independence of the internal audit activity?

A.

The chief audit executive (CAE) reports functionally to the CEO.

B.

The CAE ' s compensation is approved by the chief financial officer.

C.

The CAE ' s appointment Is determined by the CEO

D.

The CAE reports administratively to the chief operating officer.

Full Access
Question # 218

Which of the following drivers of fraud is directly controllable by an organization?

A.

Pressure

B.

Rationalization

C.

Opportunity

D.

Incentive

Full Access
Question # 219

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

A.

The CAE would need to procure external services to deliver the internal audit assurance program.

B.

There is no expertise within the internal audit team for detecting and investigating fraud.

C.

There is no expertise within the internal audit team for auditing an IT engagement.

D.

There is no available expertise on the internal audit team to perform a consulting engagement

Full Access
Question # 220

Which of the following would be considered a monitoring activity in organization wide risk management?

A.

Validate the results of management ' s self-assessment.

B.

Perform reviews of personnel.

C.

Maintain rigorous and comprehensive documentation.

D.

Obtain authorizations and signatures.

Full Access