An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?
What would be the effect if an organization paid one of its liabilities twice during the year, in error?
According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?
Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?
Which of the following statements describes an engagement planning best practice?
While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?
According to IIA guidance, which of the following statements best justifies a chief audit executive ' s request for external consultants to complement internal audit activity (IAA) resources?
An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?
According to HA guidance on IT, which of the following actions would be performed as part of the " Define IT Universe " stage of the IT audit plan development process?
In preparing the engagement work program, which of the following is generally true with respect to secondary controls?
The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?
An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?
Which of the following is the most important determinant of the objectives and scope of assurance engagements?
The organizational chart, business objectives, and policies and procedures of the area to be reviewed
According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?
An internal auditor performed a test of controls and found that a statistically selected representative sample of recorded transactions within the account receivables ledger had an error rate that was within management expectations. The associated revenue account was outside the scope of the audit engagement. How should the conclusion to this engagement be reported?
According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?
Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?
An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?
What is the most likely reason an internal auditor would interview operational management during engagement planning?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?
An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?
Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?
An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?
An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?
Which of the following statements is true regarding different competitive strategies?
A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?
An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?
A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization ' s head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?
The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
Which of the following is a true statement regarding the use of flowcharts as an audit tool?
In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?
Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
According to IIA guidance, when would an interim report typically be produced?
An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?
Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?
In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
For an action plan to be effective, it should be designed primarily to address which of the following elements of an observation?
An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?
Which of the following is critical to the success of an effective interview?
An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?
Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?
As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization ' s warehouse in a timely manner. What type of objective does this exemplify?
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
The final internal audit report should be distributed to which of the following individuals?
An internal auditor is asked to perform an assurance engagement in the organization ' s newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?
An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?
Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?
Which of the following is the primary purpose of financial statement audit engagements?
The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
Which of the following is least likely to help ensure that risk is considered in a work program?
According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^
An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?
During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?
Which of the following has the greatest effect on the efficiency of an audit?
The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?
According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^
An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?
Which of the following should be the focus of the effect section of the preliminary observations document?
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?
An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?
According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?
The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?
An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the
bank heading, logo, or address. Which of the following statements is true regarding this situation?
The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?
Which of the following statements is true regarding internal auditors and other assurance providers?
Which of the following best describes the engagement objective in a banking compliance audit?
When presenting an observation m writing which or the Mowing is usually true regarding the level of detail provided?
1. The description of the observation in the final audit report contains more detail then the description m the engagement workpapers
2. The description of the observation m the engagement workpapers contains more detail than the descriptor n a preliminary observation document
3. A preliminary observation document contains more detail than tie observation description in the final audit report
4. A preliminary observation document contains more detail than tie observation description in the engagement workpapers
The internal auditor and her supervisor are in dispute about a risk that was not tested during an audit of the procurement function. Which of the following tools would best support the auditor ' s decision not to test the risk?
Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?
When auditing an organization ' s cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?
Which of the following would present the most critical external risk to an organization?
Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?
Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?
Which of the following would most likely form part of the engagement scope?
In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?
After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?
Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address this risks highlighted by the Internal audit Which of the following Is the most appropriate action to address the outstanding audit recommendation?
An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?
An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?
An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.
Which of the following techniques will help the audit team achieve this sampling objective?
A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?
Which of the following statements about internal audit ' s follow-up process is true?
Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?
Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?
Which of the following best demonstrates that the internal audit activity is using due professional care?
According to IIA guidance, which of the following should be a primary objective for an internal auditor who is conducting an exit conference?
Which of the following is true regarding the communication of engagement results with stakeholders?
According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?
Which of the following should be included in a company ' s year-end inventory valuation?
Which of the following is the most important concept to be included in a consulting engagement agreement?
Which of the following is a disadvantage of using flowcharts during a risk assessment?
In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?
When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
Which of the following represents the best method for confirming that vendor invoices were for authorized purchases?
When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?
In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?
The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year All engagements should be appropriately categorized and presented to the chief audit executive for review Which of the following would most likely be classified as a consulting engagement?
The board has asked the internal audit activity (IAA) to be involved in the organization ' s enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?
An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
An internal auditor of a construction organization found that completed inspection results, required by the organization ' s policy, were missing from the computer system. Which of the following, if included in the audit report, would demonstrate that the auditor performed a root cause analysis of this observation?
The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?
According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization ' s goals.
According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?
According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?
An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?
Which of the following statements is true regarding an organization’s inventory valuation?
Which of the following recognized competitive strategies focuses on gaining efficiencies?
Which of the following internal audit activities is performed in the design evaluation phase?
A technology firm ' s internal audit function is slated to perform a series of engagements assessing the security of its software development processes. To successfully perform these engagements, which competency should the internal audit function possess?
A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management ' s decision, which of the following is the most appropriate next step for the CAE to take?
Which of the following statements concerning workpapers is the most accurate?
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?
An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for
testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?
The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?
Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate
option for the chief audit executive?
An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?
According to IIA guidance, which of the following statements is true regarding engagement planning?
According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?
When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?
The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management ' s corrective actions Doing so would help the CAE assess which of the following?
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?
A manufacturing organization specializes in the production of evaporated milk and breakfast cereals. The manufacturing processes create significant loss in the form of waste and byproducts. The provision for normal production loss is known to senior management, but little action is taken when abnormal production losses occur. The organization sells its production byproducts to fish farmers at a reduced price. The byproducts are a widely recognized and used product in the fish farming industry. The organization has a policy that also allows its employees to purchase the byproducts at a negligible price. Based on the above, which of the following risks should the internal audit function consider when planning an engagement of the production process?
Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
During which phase of the contracting process are contracts drafted for a proposed business activity’
During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9
An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?
As part of internal audit ' s assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?
The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?
An internal auditor and engagement client are deadlocked over the auditor ' s differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?
In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?
Internal control questionnaires are used to achieve which of the following objectives?
Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?
An internal auditor is assessing the organization ' s risk management framework. Which of the following formulas should he use to calculate the residual risk?
A)
B)
C)
D)
An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?
An IT auditor is reviewing the access controls in an organization ' s accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?
Which of the following is an example of a properly supervised engagement?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
Which of the following is an example of a compliance assurance engagement?
An engagement team is being assembled to audit of one of the organization ' s vendors Which of the following statements best applies to this scenario?
Which of the following statements is true regarding the chief audit executive ' s (CAT$) responsibilities after completing an assurance or consulting engagement?
Which of the following factors should be considered when determining the staff requirements for an audit engagement?
The internal audit activity ' s time constraints.
The nature and complexity of the area to be audited.
The period of time since the area was last audited.
The auditors’ preference to audit the area.
The results of a preliminary risk assessment of the activity under review.
An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
Which of the following must be in existence as a precondition to developing an effective system of internal controls?
Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?
An organization ' s healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?
During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?
A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?
An internal auditor concluded that delays in an ongoing construction project have cost the organization $10 million to date. Which documents should be included in the audit workpapers to provide sufficient evidence to support the conclusion?
An organization obtains maintenance personnel from a third-party service provider. The third-party service provider submits monthly timetables of contracted maintenance personnel and bills the organization on an hourly basis. Which of the following will most likely help an internal auditor validate the number of hours billed by the third-party service provider?
Which of the following describes the primary objective of an internal audit engagement supervisor?
An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?
When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?
During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?
In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?
An internal auditor is assigned to an advisory engagement for the launch of a new system relating to travel and expense. During fieldwork, the auditor tests interfacing controls with the procurement system. The auditor observes that a key control is missing within the procurement system. The auditor identifies that senior management has approved a temporary manual workaround for the missing control. Which of the following actions should the auditor take?
When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?
Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?
White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team ' s recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?
An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?
Who is responsible for ensuring internal auditors continuing professional development*
A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
Which of the following situations is most critical for the chief audit executive to report to the board?
To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?
Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors ' work?
Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?
An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?
An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?
Which of the following approaches to understanding business processes is conducted from a broad organizational perspective and has the greatest risk of overlooking processes that are ultimately critical?
According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?
An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?
Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?
During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data ' ?
Which of the following processes does the board manage to ensure adequate governance?
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?
An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?
During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.
Which of the following responses would be most effective to mitigate this risk?
The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
Which of the following would best prevent phishing attacks on an organization?
At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?
A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?
When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports
1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting
3.Setting up a hotline for employees to report fraudulent behavior anonymously.
4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.
The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?
Which of the following statements about including consulting engagements in the annual internal audit plan is true?