Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CIA > IIA-CIA-Part2

IIA-CIA-Part2 Internal Audit Engagement Question and Answers

Question # 4

Which of the following is not a direct benefit of control self-assessment (CSA)?

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Full Access
Question # 5

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client's expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Full Access
Question # 6

Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that

management is considering acquiring?

A.

A due diligence engagement.

B.

An operational audit engagement.

C.

A feasibility study engagement.

D.

A risk and control self-assessment engagement.

Full Access
Question # 7

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Full Access
Question # 8

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Full Access
Question # 9

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

A.

Inform the audit supervisor.

B.

Investigate the potential conflict of interest.

C.

Inform the external auditors of the potential conflict of interest.

D.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Full Access
Question # 10

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Full Access
Question # 11

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

A.

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Full Access
Question # 12

The internal audit activity plans to assess the effectiveness of management's self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Full Access
Question # 13

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

A.

Present the revised audit plan directly to the board for approval.

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CEO and present the revised audit plan to the board for approval.

Full Access
Question # 14

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program's activities. What is the appropriate next step?

A.

Conclude whether the ESG program's activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Full Access
Question # 15

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

A.

Communicate immediately to the relevant regulatory agency the information regarding the company's control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Full Access
Question # 16

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Full Access
Question # 17

Which of the following statements accurately describes the Standards requirement for ret internal audit records?

A.

Retention requirements for internal audit records should be compliant with ones set for external audit records

B.

Retention requirements should take into account the medium in which internal audit records are stored

C.

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

D.

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Full Access
Question # 18

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Full Access
Question # 19

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisor’s review notes?

A.

The review notes may be cleared from the final documentation once the engagement supervisor’s concerns have been addressed.

B.

Management of the area under review must address the engagement supervisor's review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisor’s review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program.

Full Access
Question # 20

According to IIA guidance, organizations have the most influence on which element of fraud?

A.

Opportunity.

B.

Rationalization.

C.

Pressure.

D.

Incentives.

Full Access
Question # 21

An internal auditor wanted to determine whether the organization's 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:

- 5 Time reports were incorrect.

- 21 Time reports were correct.

- 4 Time reports were not supported.

A.

The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization's failure to report accurate and complete employee time could lead to potential fraud and abuse.

B.

The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects By dang so the organization can minimize potential issues related to overstating employee tames and labor project costs.

C.

The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts As a result the organization cannot ensure at protects costs are accurately reported to stakeholders

D.

The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor coats

Full Access
Question # 22

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Full Access
Question # 23

An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?

A.

Perform additional audit work to better articulate the risk

B.

Report the finding that management has accepted a level of risk that is unacceptable.

C.

Proceed to testing how effectively the control is opening.

D.

Because the design weakness has been identified no additional audit work is needed

Full Access
Question # 24

Which of the following computerized audit tools or techniques should be used if the internal auditor wants to extract specific files and records in the database?

A.

An expert or decision support system

B.

Generalized audit software

C.

A system utility program

D.

An integrated test facility

Full Access
Question # 25

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring.

D.

Include all types of observations in the monitoring process.

Full Access
Question # 26

According to IIA guidance, which of the following statements is true regarding engagement planning?

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by. or in conjunction with, the engagement client

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment

Full Access
Question # 27

Which of the following statements is false regarding audit criteria?

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Full Access
Question # 28

The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year All engagements should be appropriately categorized and presented to the chief audit executive for review Which of the following would most likely be classified as a consulting engagement?

A.

Evaluating procurement department process effectiveness

B.

Helping in the design of the risk management program

C.

Assessing financial reporting control adequacy

D.

Reviewing environmental, social, and governance reporting compliance

Full Access
Question # 29

An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?

A.

interview IT management in both regions

B.

Inspect regional user software training records

C.

Interview propel management and the vendor responsible for implementation

D.

Distribute surveys to software users in both regions

Full Access
Question # 30

To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?

A.

The organization's attitude to hierarchy

B.

The organization's whistleblowing strategy

C.

The organization's ongoing risk monitoring process

D.

The organization's risk management policy

Full Access
Question # 31

During the planning phase of an assurance engagement, which of the following would an internal auditor use to assess and present the severity of the impact of identified risks?

A.

Kanban board

B.

Control self-assessment

C.

Heat map

D.

Risk register

Full Access
Question # 32

Which of the following would most likely form part of the engagement scope?

A.

Potential legislation on privacy topics will be employed as a compliance target.

B.

Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

C.

Both random and judgmental samplings will be used during the engagement.

D.

The probability of significant errors will be considered via risk assessment.

Full Access
Question # 33

A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?

A.

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

Full Access
Question # 34

An internal auditor finds inconsistencies in a risk area that needs immediate attention. Which of the following actions is most appropriate for the auditor?

A.

Prepare an action plan to address the inconsistencies

B.

Contact regulatory agencies to report the inconsistencies and recommended corrective actions

C.

Assess the risk of the inconsistencies against the organization's mission

D.

Issue an interim report to senior management

Full Access
Question # 35

Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?

A.

Understanding management's risk tolerance.

B.

Understanding business processes.

C.

Determining the size of the audit team needed to perform the review.

D.

Understanding organizational objectives.

Full Access
Question # 36

Which of the following is true regarding the monitoring of internal audit activities?

A.

The form and content of monitoring policies could vary by industry

B.

The board of directors is responsible for the establishment of monitoring polities

C.

Both large and small audit departments must have written policies on monitoring.

D.

The chief audit executive must develop all monitoring policies related to the activity

Full Access
Question # 37

During the planning process for a human resources audit, an internal auditor obtains an organizational chart. The auditor observes a flat organizational structure. Which of the below risks should the auditor consider for this engagement?

A.

Transactions and decision-making require multiple approvals, resulting in processing delays.

B.

Career and promotion paths are not easily visible and defined.

C.

Communication is likely to be top-down, with little feedback from lower-level employees.

D.

Employees have little autonomy, which may result in employee turnover or low morale.

Full Access
Question # 38

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

A.

Persuade senior management to take appropriate action.

B.

Cancel issuing the engagement report due to the assumed risks.

C.

Accept senior management’s assumption of the risks.

D.

Discuss the issue with the board for them to take appropriate action.

Full Access
Question # 39

During an audit of the accounts payable process, an internal auditor was assigned to confirm the quantity of goods received on receiving documents to invoices for those goods and subsequent postings in the accounting system. Which of the following procedures would be most appropriate for this test?

A.

Independent confirmation

B.

Tracing

C.

Vouching

D.

Reperformance

Full Access
Question # 40

Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?

A.

Written observations allow for more interpretation.

B.

Written observations help the internal auditors express the significance.

C.

Written and verbal observations are equally effective.

D.

Written observations limit premature agreement.

Full Access
Question # 41

According to IIA guidance, which of the following statements is true regarding due professional care?

A.

Internal auditors must exercise due professional care to ensure that all significant risks will be identified.

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor.

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist.

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost

Full Access
Question # 42

An internal auditor is conducting a preliminary survey of the investments area, and sends an internal control questionnaire to the management of the function. (An extract of the survey is provided below).

1. Are there any restrictions for any company's investments?

2. Are there any written policies and procedures that document the flow of investment processing?

3. Are investment purchases recorded in the general ledger on the date traded?

4. Is the documentation easily accessible to an persons who need in to perform their job?

Which of the following is a drawback of testing methods like this?

A.

They ore kitted as they do not allow the auditor to test many controls.

B.

They do not highlight control gaps

C.

They are not useful for identifying areas on which the auditor should locus.

D.

They are limited as there is a risk that management may not answer fairly.

Full Access
Question # 43

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.

Management is responsible for ensuring that the organization's CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Full Access
Question # 44

An internal auditor wants to determine if employees spend more than their approved daily stipend for meals. Which technique would be most appropriate to identify meal expenses that exceed the approved threshold?

A.

Using compliance verification data analytics

B.

Using regression analysis

C.

Using software with a gap testing function

D.

Drafting a flowchart of the meal expense reporting process

Full Access
Question # 45

Which of the following is most likely to impair the organizational independence of the internal audit activity?

A.

The chief audit executive (CAE) reports administratively to the chief financial officer

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Full Access
Question # 46

An internal auditor is assessing whether a vendor onboarding procedure is being followed in all business units. The procedure has been centrally designed and depicts activities and validations that must be performed at every step. Which of the following is the most suitable way to compile an internal control questionnaire?

A.

Develop statements that are based on the procedure requirements and ask respondents to select yes or no responses

B.

Develop open questions that inquire about the appropriateness and efficacy of the procedure

C.

Develop closed questions asking managers to describe the onboarding process in detail

D.

Develop multiple response questions where a respondent has to identify one correct answer out of four

Full Access
Question # 47

An internal auditor uses a data query tool in the purchasing process to review the vendor master file for authorizations Which of the following describes the control objective likely being tested?

A.

Effectiveness

B.

Response

C.

Efficiency

D.

Mitigation.

Full Access
Question # 48

In preparing the engagement work program, which of the following is generally true with respect to secondary controls?

A.

A separate engagement work program should be created for secondary controls

B.

Secondary controls do not necessarily need to be tested for effectiveness

C.

Any documented secondary controls are deemed essential to the adequacy of control design

D.

Secondary controls should be held to the same requirements as key controls

Full Access
Question # 49

In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?

A.

A scheduled audit observed that several agreed improvements from the previous audit were still being implemented.

B.

A planned inventory count at the production plant revealed a material variance.

C.

An employee shared concerns of suspected fraud but did not provide evidence.

D.

An auditor responsible for the fieldwork has carried out only half of the planned audit procedures and has no observations so far.

Full Access
Question # 50
A.

To validate the engagement work program.

B.

To help the internal auditor understand the objectives of the area or process under review.

C.

To determine whether operational management has sufficient knowledge of risks and controls.

D.

To determine whether management followed through on action plans from a previous consulting engagement.

Full Access
Question # 51

Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?

A.

Sampling risk.

B.

Audit risk.

C.

Residual risk.

D.

Inherent risk

Full Access
Question # 52

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

A.

Nonstatistical sampling provides more objective recommendations for management.

B.

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

Full Access
Question # 53

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

A.

ISO 26000

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework.

Full Access
Question # 54

Which of the following is the advantage of using internal control questionnaires (ICQs) as part of a preliminary survey for an engagement?

A.

ICQs provide testimonial evidence.

B.

ICQs are efficient.

C.

ICQs provide tangible evidence to be quantified.

D.

ICQs put observations into perspective.

Full Access
Question # 55

Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization's head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?

A.

The engagement objectives.

B.

The head of accounting’s schedule availability.

C.

The auditors' qualifications.

D.

The details of the audit test plan.

Full Access
Question # 56

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization's key business processes.

D.

Increased access to the organization’s software and proprietary data.

Full Access
Question # 57

Below is a flowchart detailing an organization's bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?

A.

There is a conflict in the segregation of duties between preparing bank reconciliations and posting payments to the accounting books.

B.

There is an appropriate segregation of duties in the treasury department during the bank reconciliation process.

C.

There is a large workload for the treasury accountant during the bank reconciliation process.

D.

Bank statements should be obtained at a higher level, such as through the treasury supervisor.

Full Access
Question # 58

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA's Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Full Access
Question # 59

An internal auditor wants to compare performance information from one quarter to another. Which analytics procedure would the auditor use?

A.

Ratio analysis

B.

Trend analysis

C.

Vertical analysis

D.

Benchmarking analysis

Full Access
Question # 60

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives.

Full Access
Question # 61

Which of the following should an internal auditor document to support an assurance engagement’s conclusions?

A.

Evidence of all data used in an engagement

B.

Internal audit policies and workpaper templates

C.

Workpapers, cross-referenced to audit observations

D.

Satisfaction ratings from management of the area under review

Full Access
Question # 62

Some lime after the final audit report was issued, the engagement supervisor teamed that several internal control deficiencies were not remedied, despite management's previous agreement to remedy them According to IIA guidance, which of the following is the most appropriate response'5

A.

The engagement supervisor must notify the chief audit executive (CAE) that the deficiencies have not been rectified

B.

The engagement supervisor should rely on professional judgment as to whether the CAE should be informed, or the management action plan should be adjusted

C.

The engagement supervisor should rely on his negotiation skills and issue an ultimatum to management to remedy the control deficiencies

D.

Ensure that these deficiencies are captured in the documentation as high-priority areas to be reviewed during the next audit.

Full Access
Question # 63

A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval.

C.

Present the revised audit plan directly to the CEO for approval.

D.

Communicate with the CEO and present the revised audit plan to the board for approval

Full Access
Question # 64

Which of the following statements concerning workpapers is the most accurate?

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Full Access
Question # 65

An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?

A.

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.

Communicate to the board the current situation, including the risk exposure to the organization.

C.

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.

Contact the regulatory agency and inform them of the risk exposure.

Full Access
Question # 66
A.

Reviewing quality department survey results, which show 96% of employees believe all defective products are removed prior To shipping.

B.

Physically inspecting a sample of completed processing cycles for detective products prior to shipment.

C.

Observing employees while they raped products for defects

D.

Reviewing a quality report provided by management mat snows 13 products were identified and removed during me most recent processing cycle

Full Access
Question # 67

Which of the following processes does the board manage to ensure adequate governance?

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization's objectives

Full Access
Question # 68

Which of the following statements is true regarding engagement planning?

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management's view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Full Access
Question # 69

Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?

A.

Questionnaires.

B.

Surveys.

C.

Structured interviews

D.

Facilitated team workshops

Full Access
Question # 70

According to IIA guidance, which of the following statements about analytical procedures is true?

A.

Analytical procedures compare information against expectations

B.

Analytical procedures begin after the engagements planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques

Full Access
Question # 71

With regard to project management, which of the following statements about project crashing is true?

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project

Full Access
Question # 72

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Full Access
Question # 73

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Full Access
Question # 74

Which of the following statements is true regarding the final assurance engagement report issued to management?

A.

Ratings are only used to assess the condition of an observation made by an internal auditor.

B.

Audit findings may be communicated to management prior to issuance of the final approved audit report.

C.

Communications must be relevant logical, and free from errors before they are disseminated.

D.

The audit report must present the information in the following order (1) audit scope, (2) engagement objectives, and (3) engagement results

Full Access
Question # 75

Which of the following is true regarding the communication of engagement results with stakeholders?

A.

When the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management. If the CAE determines that the matter has not been resolved, the CAE should seek the opinion from regulatory bodies.

B.

The CAE should avoid issuing any interim reports, even for high-risk observations, prior to the issuance of the final written report to avoid leakage of sensitive information.

C.

It is mandatory for the CAE to assess the potential risk to the organization, consult with senior management and legal counsel as appropriate, and control dissemination by restricting the use of the results prior to releasing them to parties outside of the organization if not otherwise mandated by legal, statutory, or regulatory requirements.

D.

The board should always be given the final written internal audit reports at the conclusion of all internal audit engagements. Executive summaries should be avoided in all cases.

Full Access
Question # 76

Which of the following is applicable to both a job order cost system and a process cost system'?

A.

Total manufacturing costs are determined at the end of each period.

B.

Costs are summarized in a production cost report for each department

C.

Three manufacturing cost elements are tracked: direct materials, direct labor, and manufacturing overhead.

D.

The unit cost can be calculated by dividing the total manufacturing costs for the period by the units produced during the period.

Full Access
Question # 77

Which of the following internal control attributes should internal auditors consider testing during a review of the board of directors?

A.

The presence of an independent critical mass

B.

The established philosophy and operating style of senior management

C.

The articulated internal control objectives of the organization

D.

The organization's employee recruiting and retention policies

Full Access
Question # 78

Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?

A.

The criteria used to make the evaluation

B.

The methodology used to analyze data

C.

The proposed follow-up engagement work to be performed

D.

The scope of work performed during the engagement

Full Access
Question # 79

According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?

A.

Process objectives

B.

Process risks

C.

Process controls

D.

Process scope

Full Access
Question # 80

In which of the following situations has an internal audit of obtained physical evidence?

A.

An internal auditor made purchases from several of the organization's retail outlets to evaluate customer service

B.

An internal auditor interviewed various employees regarding health and safety issues and recorded their answers

C.

An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio

D.

An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney

Full Access
Question # 81

Which of the following is an example of a compliance assurance engagement?

A.

Providing in-house training to senior management regarding applicable laws and regulations.

B.

Providing an assessment of the design adequacy of controls related to consumer privacy and confidentiality.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization.

D.

Providing testing on the operating effectiveness of controls over the reliability of financial reporting.

Full Access
Question # 82

An organization is expanding into a new line of business selling natural gas. The internal auditor is planning an engagement and wants to obtain a general understanding of the natural gas market the market share that the organization wants to win, and the competitive advantage that the organization may have. Which of the following would be the best source of such information?

A.

Interview responsible managers and read strategic documents

B.

Conduct internet searches on gas sales and analyze market players

C.

Review gas clients' portfolio and compile statistics on sales margins

D.

Analyze the organization's revenues and calculate the proportion of gas

Full Access
Question # 83

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

A.

Create an assurance map to illustrate each provider's level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Full Access
Question # 84

Which of the following represents a ratio that measures short term debt-paying ability?

A.

Debt-to-equity ratio.

B.

Profit margin.

C.

Current ratio.

D.

Times interest earned.

Full Access
Question # 85

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Full Access
Question # 86

What is the purpose of an internal control questionnaire?

A.

To gather information from a sample of people who are geographically dispersed

B.

To assess risks that could prevent an audited area from achieving its objectives.

C.

To evaluate tie level of compliance of remote offices with centrally designed procedures

D.

To perform testing of controls more frequently

Full Access
Question # 87

Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?

A.

The results of individual engagements do not support a satisfactory opinion on the effectiveness of internal control.

B.

The results of the individual engagements do not support a positive assurance opinion on the effectiveness of internal control

C.

The audit risk and associated legal implications increase

D.

The reliance on other assurance providers increases

Full Access
Question # 88

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Full Access
Question # 89

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud

D.

Provide the evidence that was discovered to local lav/ enforcement for possible prosecution of the suspected fraud

Full Access
Question # 90

Which of the following conditions are necessary for successful change management?

1. Decisions and necessary actions are taken promptly.

2. The traditions of the organization are respected.

3. Changes result in improvement or reform.

4. Internal and external communications are controlled.

A.

1 and 2

B.

1 and 3

C.

2 and 3

D.

2 and 4

Full Access
Question # 91

During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?

A.

Insist on establishing an internal whistleblowing process, as originally recommended, because this is a key control.

B.

Review the agreement with the third-party service provider and ensure that appropriate controls are in place.

C.

Raise the issue to a higher level of management, as outsourcing the process was not previously discussed or agreed upon.

D.

Take no action, as management has accepted the risk of moving to a third party for this whistleblowing process.

Full Access
Question # 92

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

A.

Determine process outputs

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals

Full Access
Question # 93

Which of the following is an example of internal benchmarking?

A.

Book value per common share ratio is lower than that of the prior year.

B.

Staff turnover ratio is higher than the comparable organization in the same industry.

C.

Utilities expense of the sales unit is higher than that of the customer service unit.

D.

Sales are significantly higher than the industry’s average for five years.

Full Access
Question # 94

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider's experience in the type of work being considered.

Full Access
Question # 95

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Full Access
Question # 96

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Full Access
Question # 97

An audit reveals that a manager's spouse is receiving paychecks, but is not employed by the organization. According to IIA guidance, which of the following actions should the internal auditor take?

A.

Contact the external auditor and provide all relevant documentation.

B.

Report the finding to senior management in a timely manner, following the normal chain of command.

C.

Meet with the local manager to obtain more information on the finding before taking further action.

D.

Bypass the normal chain of command and contact the board directly to report the finding.

Full Access
Question # 98

Which of the following is the primary purpose of implementing a program whereby employees are rotated from other parts of the organization into the internal audit activity?

A.

It provides the internal audit activity with more resourcing options to meet the audit plan

B.

It offers internal auditors the opportunity to learn more about other work areas.

C.

It gives nonauditors a better understanding of the control environment.

D.

It provides an opportunity for the recruitment of employees as permanent internal auditors

Full Access
Question # 99

Which of the following best describes the risk contained in an initial public offering for a new stock?

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk

Full Access
Question # 100

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

The organizational chart, business objectives, and policies and procedures of the area to be reviewed

A.

The most recent risk assessment conducted by management of the area to be reviewed.

B.

The requests of operational and senior management throughout the organization.

C.

The preliminary risk assessment performed by internal auditors planning the engagement.

Full Access
Question # 101

The only internal auditor, who was part of a larger team of individuals trained in the testing and reading of the organization’s quality control equipment, has resigned. With a scheduled audit of the quality department not yet completed for this year, what alternative approach should the internal audit function take in this scenario?

A.

Explain the situation to senior management and remove the audit from the audit plan until next year

B.

Conduct the audit of the quality department but adjust the audit program to remove the quality control testing

C.

Engage one of the other trained employees to participate in the audit review of the quality department

D.

Request that external auditors include this area as part of their review and provide independent assurance

Full Access
Question # 102

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives

Full Access
Question # 103

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Full Access
Question # 104

Which of the following would help the internal audit activity assess compliance with the organization's standard operating procedures for bank deposits during a preliminary survey?

A.

Issue an internal control questionnaire to select branch customers.

B.

Issue an internal control questionnaire to the president of the organization.

C.

Issue an internal control questionnaire to the director of bank operations.

D.

Issue an internal control questionnaire to select branch managers.

Full Access
Question # 105

Upon concluding the engagement fieldwork an internal auditor discusses the audit findings with operational management There is a greater likelihood that the auditor will obtain a responsive action plan from management when both parties agree on which of the following attributes of the audit finding?

A.

Criteria

B.

Condition

C.

Cause

D.

Effect

Full Access
Question # 106

An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?

A.

Analytical procedures.

B.

Detail testing.

C.

Test of design.

D.

Test of control.

Full Access
Question # 107

While conducting a review of the logistics department the internal audit team identified a crucial control weakness. The chief audit executive (CAE) decided to prepare an audit memorandum for management of the logistics department followed by an informal meeting What is the most likely reason the CAE decided to prepare the audit memorandum?

A.

To report up-to-date audit progress to management

B.

To ensure that the internal audit team and the CAE are aligned with regard to the identified weakness

C.

To allow management to address the identified weakness timely

D.

To obtain management's agreement with regard to the identified weakness

Full Access
Question # 108

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

A.

Having no active role or involvement in the risk management process.

B.

Auditing the risk management process for reasonableness.

C.

Coordinating and managing the risk management process.

D.

Participating with management in identifying and evaluating risks.

Full Access
Question # 109

At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Full Access
Question # 110

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

A.

The organization's audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Full Access
Question # 111

What is the primary purpose of issuing a preliminary communication to management of the area under review?

A.

To build good relations with management

B.

To help management develop more responsive and timely action plans

C.

To formally report medium- and high-risk observations in writing

D.

To improve the internal audit key performance indicators

Full Access
Question # 112

Which procedure should an internal auditor perform to determine the audit objective?

A.

Meet with the board to discuss emerging issues and concerns

B.

Conduct a risk assessment of the area under review

C.

Establish the boundaries of the engagement

D.

Outline what will be included in the review

Full Access
Question # 113

The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization's policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?

A.

The internal control is operating with 95% effectiveness

B.

There is 90% probability that the internal control is operating as designed

C.

The internal control is not designed appropriately

D.

5% of the selected timesheets were not properly approved

Full Access
Question # 114

An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

A.

As soon as possible, no later than two months after the audit

B.

When convenient for both parties

C.

When management has indicated that the issue has been resolved

D.

Before financial year end

Full Access
Question # 115

Which of the following statements is true regarding the use of internal control questionnaires (ICOs)?

A.

ICQs are efficient because they minimize the need for follow-up with survey respondents

B.

Controls with positive survey responses can be eliminated from further testing

C.

Answers to survey questions can be easily misinterpreted

D.

ICQs offer limited value for organizations with uniform procedures

Full Access
Question # 116

Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?

A.

The senior auditors are unavailable, as they are currently working on other portions of the engagement

B.

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.

The audit engagement has a tight deadline and the work must be completed timely.

D.

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement

Full Access
Question # 117

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?

A.

Politely decline the engagement due to a lack of qualified staff available at the time.

B.

Complete the engagement as requested, with the best of the current staff’s abilities.

C.

Consider using employees from other departments in the organization on the audit team.

D.

Change the scope of the testing to ensure that only available staff proficiencies are used

Full Access
Question # 118

An internal auditor wants to obtain management's evaluation of the organizational risk culture. Because there are more than 30 geographically dispersed managers, one-to-one interviews are not possible. Which of the following is the most efficient option for the auditor to adopt?

A.

Send out a survey with a few open questions, such as “What is your impression of the risk culture in our organization?”

B.

Send out a survey with statements and request defined answers, such as “strongly agree” and “strongly disagree.”

C.

Send out an email asking managers to evaluate the risk culture and provide detailed justification.

D.

Send out an email asking those who have something to report on organizational risk culture to step forward.

Full Access
Question # 119

An internal audit intends to create a risk and control matrix to better understand the organization's complex manufacturing process. With which of the following approaches would the auditor most likely start?

A.

Assess management responses to key risk exposures

B.

Analyze the costs and benefits of key controls

C.

Evaluate the design adequacy of known controls

D.

Conduct a walk-through of all related activates

Full Access
Question # 120

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

A.

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Full Access
Question # 121

Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?

A.

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.

Retained earnings represent the amount of excess cash available in the organization.

C.

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

Full Access
Question # 122

During an organization’s management meetings, employees who report bad news and significant risks are treated as if they were to blame for those circumstances. As a result, employees tend to postpone delivering bad news to management for as long as possible. Which of the following should be addressed to improve this culture?

A.

Tone at the top

B.

Risk accountability

C.

Risk leadership

D.

Code of ethics

Full Access
Question # 123

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Full Access
Question # 124

Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?

A.

Objectives scope and timing at a high level to support coordination while adhering to confidentiality requirements

B.

The area and timing of the audit engagement to ensure confidentially and avoid conflict of interest.

C.

All plan information, including risk assessments, planned tests and past results to maximize the opportunity for coordination with internal and external providers.

D.

No information should be shared with internal and external provider as it could introduce bias into the engagement results.

Full Access
Question # 125

Which of the following statements is true regarding internal controls?

A.

For assurance engagements, internal auditors should plan to assess the effectiveness of all entity-level controls.

B.

Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.

C.

During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review, to prevent tipping off probable audit tests.

D.

Reviewing process maps and flowcharts is an appropriate method for the internal auditor to identify all key risks and controls during engagement planning.

Full Access
Question # 126

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

A.

increased access to the organization's employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization's key business processes.

D.

increased access to the organization's software and proprietary data.

Full Access
Question # 127

According to IIA guidance which of the following statements is true regarding heat maps?

A.

A heat map sets likelihood to have higher priority than impact.

B.

A heat map sets impact to have higher priority than likelihood.

C.

A heat map recognizes that the priority of impact and likelihood can vary.

D.

A heat map recognizes impact and likelihood as equally important

Full Access
Question # 128

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

A.

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Full Access
Question # 129

According to HA guidance, which of the following statements regarding audit workpapers is true?

A.

Audit reports should include the workpapers as a reference for the audit conclusions.

B.

The internal auditor's workpapers are the primary reference for reported control deficiencies.

C.

Ad-hoc communications with management of the area under review should be excluded from the workpapers.

D.

Both draft and final versions of workpapers should be saved at the end of the engagement

Full Access
Question # 130

According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?

A.

The establishment of an audit approach and documentation system

B.

The standardization of workpaper terminology and notations

C.

The ability to reach consistent audit conclusions regardless of who performs the audit

D.

The application of documentation standards m an appropriate and consistent manner

Full Access
Question # 131

The chief audit executive of an international organization is planning an audit of the treasury function located at the organization's headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?

A.

Outsource the engagement 10 tie organization's external auditor who has expertise in the area of financial markets

B.

Hire additional internal auditors who have expertise in the area of financial markets.

C.

Invite a guest auditor from one of the organization's affiliates who has expertise m the area of financial markets.

D.

Limit the scope of the engagement to the knowledge and skills possessed by the internal audit team.

Full Access
Question # 132

As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?

A.

Determine that this situation is acceptable and focus on more significant issues

B.

Document the issue m the draft audit report

C.

Document the observation for further follow up when testing the operating effectiveness of controls

D.

Interview the personnel associated with this observation.

Full Access
Question # 133

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

A.

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B.

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C.

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the auditD, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Full Access
Question # 134

During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?

A.

Tracing, because it would enable the auditor to verify quickly that the record counts were properly included in the compilation.

B.

Inspection, because it would enable the auditor to verify how management enters the data into the application for processing.

C.

Testing data, because it would enable the auditor to ensure that the application processes the transaction as described by management.

D.

Reperformance, because it enables the auditor to verify that the application performed the calculation correctly.

Full Access
Question # 135

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Full Access
Question # 136

Senior IT management requests the internal audit activity to perform an audit of a complex IT area. The chief audit executive (CAE) knows that the internal audit activity lacks the expertise to perform the engagement. Which of the following is the most appropriate action for the CAE to take?

A.

Decline the audit engagement, because the Standards prohibit internal auditors from performing engagements where they lack the necessary competencies.

B.

Accept the audit engagement and use the engagement as an opportunity to develop the audit team's IT expertise while performing the audit work.

C.

Temporarily hire an experienced and knowledgeable IT analyst from the organization's IT department to lead the audit.

D.

Outsource the audit engagement to a reputable IT audit consulting firm.

Full Access
Question # 137

According to the Standards, which of the following is true regarding the auditor's inclusion of management's satisfactory performance in the final audit report?

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Full Access
Question # 138

Which of the following factors should be considered when determining the staff requirements for an audit engagement?

    The internal audit activity's time constraints.

    The nature and complexity of the area to be audited.

    The period of time since the area was last audited.

    The auditors’ preference to audit the area.

    The results of a preliminary risk assessment of the activity under review.

A.

1 and 4 only.

B.

1, 2, and 5 only.

C.

2, 3, and 5 only.

D.

1, 2, 3, 4, and 5.

Full Access
Question # 139

Which of the following is an appropriate activity when supervising engagements?

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor's discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Full Access
Question # 140

An internal auditor s examination of accounts receivable generates the following results:

What is the projected misstatement for the population if ratio estimation is used?

A.

$84,000

B.

$238,095

C.

$700,000

D.

$2100.000

Full Access
Question # 141

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Full Access
Question # 142

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Full Access
Question # 143

What is the primary objective of an engagement supervisor's review of key activities performed during the engagement?

A.

To ensure that the engagement is completed on time and within budget

B.

To ensure that all work performed meets acceptable quality standards

C.

To ensure that management has provided suitable responses to all observations

D.

To ensure that management is satisfied with the progress of the engagement

Full Access
Question # 144

Which of the following has the greatest effect on the efficiency of an audit?

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Full Access
Question # 145

According to an internal audit observation, the organization’s rules of record management require all contracts to be registered and stored in a specific electronic system. One subsidiary has thousands of client contracts on paper, which are kept in the office because there are not enough assistants to scan the contracts into the system. Which of the following component should be added to this observation?

A.

Criteria

B.

Cause

C.

Effect

D.

Condition

Full Access
Question # 146

An internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step of the process How is the internal auditor most likely to use This document during the engagement?

A.

To perform an assessment of the adequacy of process controls.

B.

To perform an assessment of the effectiveness of process controls

C.

To perform a detailed assessment of process risks

D.

To perform an assessment of the sufficiency of residual process risks.

Full Access
Question # 147

Which of the following statements is true regarding internal auditors and other assurance providers?

A.

Assurance providers who report to management and/or are part of management cannot provide control self-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers.

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit hours.

D.

internal auditors can rely on the work of other assurance providers only if the other assurance providers report directly to the board

Full Access
Question # 148

The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?

A.

Run reports listing all payments made in countries other than vendor locations

B.

Run reports listing all credit limit overrides

C.

Run reports listing all instances of delayed revenue recognition

D.

Run three-way match reports, matching invoices, purchase orders, and receiving reports

Full Access
Question # 149

Which of the following structures would best suit a maintenance organization that needs to adapt quickly to rapidly changing technology?

A.

Traditional

B.

Decentralized

C.

Centralized

D.

Customer-centric

Full Access
Question # 150

An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?

A.

Remove the new employee's excessive access rights and request that he report any future access error.

B.

Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access

C.

Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system

D.

Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.

Full Access
Question # 151

Which of the following is a disadvantage of using flowcharts during a risk assessment?

A.

People cannot quickly understand the processes via flowcharts

B.

Flowcharts are not applicable for evaluating the design of controls

C.

Some serious risks that are not part of the linear process can be missed

D.

Flowcharts do not enable auditors to identify missing controls

Full Access
Question # 152

According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?

• They are discussed with management prior to finalizing the audit.

• They may be discarded after working papers are amended as appropriate.

• They are created by the auditor to support her fieldwork in case of questions.

• They are not required to support observations issued in the audit report.

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Full Access
Question # 153

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days What conditions would an auditor look for as an Indicator of employee theft of food from a specific store?

A.

On a rainy day. total sales are greater than expected when compared to the cost of ingredients used

B.

On a sunny day. total sales are less than expected when compared to the cost of ingredients used.

C.

Both total sales and cost of ingredients used are greater than expected.

D.

Both total sales and cost of ingredients used are less than expected.

Full Access
Question # 154

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Full Access
Question # 155

Which of the following best describes the engagement objective in a banking compliance audit?

A.

Assessing the cost-efficiency of business continuity plans

B.

Assessing whether the business continuity plans implement regulatory requirements

C.

Assessing whether the business continuity plans implement best practice recommendations

D.

Assessing the operating effectiveness of the business continuity plans

Full Access
Question # 156

An internal auditor performed a review that focused on the organization’s process for vetting vendors. The internal auditor’s testing identified that 120 out of 130 vendors had a business relationship with the organization’s procurement manager that violated conflict-of-interest policies. Which of the following conclusions could the internal auditor draw from these results?

A.

The organization is exposed to significant fraud and abuse risks as a result of the vendor and employee business relationships.

B.

Due to improper relationships and favoritism, vendors are not providing goods or services at a reasonable price to meet the objectives.

C.

The organization’s conflict-of-interest policies are not clear or well communicated throughout the organization.

D.

Improper relationships and favoritism means that controls are not effective and significant fraud occurs.

Full Access
Question # 157

Which of The following best describes a risk that is deemed "unacceptable" to the organization?

A.

A risk where likelihood and impact are high

B.

A risk where inherent risk exceeds its residual risk

C.

A risk where inherent risk exceeds the tolerance level

D.

A risk where residual risk exceeds the tolerance level

Full Access
Question # 158

An internal auditor wants to examine the intensity of correlation between electricity price and wind speed. Which of the following analytical approaches would be most appropriate for this purpose?

A.

A Gantt chart

B.

A scatter diagram

C.

A RACI chart

D.

A SIPOC diagram

Full Access
Question # 159

The chief audit executive (CAE) is developing a workpaper preparation policy for a new internal audit activity. The CAE wants to ensure that all workpapers relate directly to the engagement objectives. Which of the following statements should be included in the policy specifically to address this concern?

A.

The workpapers should be understandable.

B.

The workpapers should be relevant.

C.

The workpapers should be economical.

D.

The workpapers should be complete.

Full Access
Question # 160

Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?

A.

When preparing to recap audit test results.

B.

At sample selection, to determine sampling methodology.

C.

At the start of fieldwork, as part of developing the annual audit plan.

D.

At planning, to assist in developing the engagement work program.

Full Access
Question # 161

Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?

A.

Interviews

B.

Observations

C.

Reperformance

D.

Internal control questionnaires

Full Access
Question # 162

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

A.

To prepare for testing the effectiveness of controls

B.

To plan for evaluating potential losses

C.

To prepare a sampling plan for the engagement

D.

To evaluate the design of controls

Full Access
Question # 163

During a review of the organization's waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor's recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity's periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?

A.

Nothing, as the internal audit activity has fulfilled its responsibility of providing recommendations to mitigate the risks to which the organization is exposed.

B.

Contact the regulatory agency responsible for monitoring such matters in order to convince management to implement the recommendations.

C.

Convene a meeting with senior management and discuss the issue and the potential impact it may have on the organization.

D.

Highlight the current exposure to the external auditors so they too can highlight the issue and further pressure management to address the concern.

Full Access
Question # 164

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Full Access
Question # 165

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department's risks and controls?

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization's risk strategy and risk appetite framework

D.

Discuss the department's present strategies ‘and objectives with the head of the HR department

Full Access
Question # 166

A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?

A.

Review the auditor's job description

B.

Create a checklist

C.

Develop a control questionnaire

D.

Prepare a fishbone diagram

Full Access
Question # 167

An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

A.

Switch the existing assurance engagement into a fraud investigation engagement

B.

Extend the audit scope and perform additional testing of controls on other related areas

C.

Review the poor year's transaction volume and amounts paid compared to the poor year's budget

D.

Perform data analytics on the supplier's information, invoiced amounts, and payments performed

Full Access
Question # 168

While reviewing the organization’s financial year-end processes, an internal auditor discovered an erroneous journal entry. If the error is not addressed, it will result in a material misstatement of the financial records. The internal auditor needs an additional four weeks to complete the audit engagement. How should the auditor communicate this finding?

A.

The auditor should issue an interim report to management prior to completion of the audit and issuance of the final report.

B.

The auditor should include this item in the final audit report, marked with an asterisk, indicating that it is a high-risk item.

C.

The auditor should discuss the finding with the appropriate accounting staff who can make the correction immediately, and if corrected before the engagement is concluded, the finding would not need to be included in the audit report.

D.

The auditor is obligated to bypass management and immediately report the error directly to regulatory authorities.

Full Access
Question # 169

An internal control questionnaire would be most appropriate in which of the following situations?

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Full Access
Question # 170

According to IIA guidance which of the following statements is true regarding the annual audit plan?

A.

The annual audit plan should only be adjusted in response to problems with resourcing, scope, and data availability.

B.

The chief audit executive (CAE) may incorporate risk information, including risk appetite levels from management for the audit plan at her discretion.

C.

In an immature risk management environment it is preferable for the CAE to rely solely on her judgment regarding risk identification and assessment to develop the audit plan.

D.

The CAE may make adjustments to the annual audit plan as needed without senior management or board approval.

Full Access
Question # 171

After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?

A.

The process objectives.

B.

The process risks

C.

The process controls

D.

The process scope

Full Access
Question # 172

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

A.

Residual

B.

Net

C.

inherent.

D.

Accepted.

Full Access
Question # 173

Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?

A.

Enterprise resource planning

B.

Material requirements planning

C.

Electronic data interchange

D.

Customer relationship management

Full Access
Question # 174

As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization's warehouse in a timely manner. What type of objective does this exemplify?

A.

Operations

B.

Compliance

C.

Financial reporting

D.

Strategic

Full Access
Question # 175

A code of business conduct should include which of the following to increase its deterrent effect?

1. Appropriate descriptions of penalties for misconduct.

2. A notification that code of conduct violations may lead to criminal prosecution.

3. A description of violations that injure the interests of the employer.

4. A list of employees covered by the code of conduct.

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Full Access
Question # 176

An internal auditor determined that the organization's accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?

A.

Each invoice for goods or services acquired by the organization must be recorded only once in the accounting system.

B.

The accounting system lacks efficient controls for the identification of duplicate invoices.

C.

Disbursements may be made inappropriately, and liabilities may be overstated.

D.

The accounting system is at the end of its lifetime and is no longer developed by the provider.

Full Access
Question # 177

Which of the following activities Is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud

C.

Interrogating a suspected fraudster.

D.

Completing a process review to improve controls to prevent fraud.

Full Access
Question # 178

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Full Access
Question # 179

An engagement work program o of greatest value to audit management when which of the following is true?

A.

The work program provides more detailed support for the audit report

B.

The work program helps determined the required amount of audit resources

C.

The work program helps ensure tie achievement of the engagement objectives

D.

The work program assists the auditor n developing and managing audit tests

Full Access
Question # 180

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Full Access
Question # 181

Which of the following statements is true regarding the reporting of tangible and intangible assets?

A.

For plant assets, cost includes the purchase price and the cost of design and construction

B.

For intangible assets, cost includes the purchase price and development costs.

C.

Due to their indefinite nature, intangible assets are not subject to amortization.

D.

The organization must expense any cost incurred in developing a plant asset

Full Access
Question # 182

Which of the following audit steps would an internal auditor perform when reviewing cash disbursements to satisfy IIA guidance on due professional care?

A.

The calculated statistical sample size is 50 however the internal auditor believes errors exist so he decides to increase the sample size to 80

B.

The internal auditor traces serial numbers of computer equipment listed on an invoice to the fixed asset inventory

C.

The internal auditor reviews the accounts payable manager's petty cash fund and vouchers

D.

The internal auditor reviews the related invoice purchase order and receiving report for each sample selection

Full Access
Question # 183

An internal auditor for a regional bank suspects that the head of commercial lending has been granting loans without the required collateral Which of the following sampling techniques will be most effective for investigating the auditor's suspicion?

A.

Variables sampling

B.

Dollar-unit sampling

C.

Judgmental sampling

D.

Discovery sampling

Full Access
Question # 184

An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?

A.

Facilitate a control assessment to ensure all application risks were appropriately identified

B.

Advise the project team on how to develop effective controls

C.

Direct the project team to implement the appropriate controls within the software application

D.

Provide assurance that the design of the controls will mitigate the identified application risks

Full Access
Question # 185

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement

Full Access
Question # 186

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

A.

To help develop process maps.

B.

To determine segregation of duties.

C.

To identify residual risks.

D.

To test the adequacy of controls.

Full Access
Question # 187

As part of internal audit's assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?

A.

Bank confirmations

B.

Internal bonk statements

C.

Bank reconciliations as of the end of the year

D.

Bank account general ledger balancer as of the end of the year

Full Access
Question # 188

The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?

A.

Document in the engagement workpapers the rationale for changing the scope.

B.

Confirm that the scope change would align to the organization's objectives and goals

C.

Confirm that the internal audit activity continues to have the necessary knowledge and skills

D.

Seek approval from the chief audit executive for the proposed scope change

Full Access
Question # 189

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Full Access
Question # 190

During an assurance engagement an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

A.

Internal audit management

B.

Conflict negotiation.

C.

Critical thinking

D.

Persuasion and collaboration

Full Access
Question # 191

Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?

A.

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.

To verify that the corrective actions required by senior management are completed as agreed.

Full Access
Question # 192

Which of the following best describes the guideline for preparing audit engagement workpapers?

A.

Workpapers should be understandable to the auditor in charge and the chief audit executive.

B.

Workpapers should be understandable to the audit client and the board.

C.

Workpapers should be understandable to another internal auditor who was not involved in the engagement.

D.

Workpapers should be understandable to external auditors and regulatory agencies.

Full Access
Question # 193

Which of the following represents the best method for confirming that vendor invoices were for authorized purchases?

A.

Vouching vendor invoices to payments made.

B.

Sorting invoices by purchase orders and comparing for successive duplicate invoices.

C.

Comparing a random sample of vendor invoices to purchase orders.

D.

Sorting payments by invoice to detect successive duplicate invoices.

Full Access
Question # 194

An electric utility provider measures working time spent on processing grid connection applications, response time for electricity outages, and the call center queuing time. Which of the following criteria would better suit a customer-oriented provider for measurement?

A.

Past performance

B.

Legal obligations

C.

Board-approved budget

D.

Stakeholder expectations

Full Access
Question # 195

Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?

A.

Inquiry

B.

Analytical review

C.

Observation

D.

Inspection of documents

Full Access
Question # 196

A rapidly expanding retail organization continues to be tightly controlled by its original small management team. Which of the following is a potential risk in this vertically centralized organization?

A.

Lack of coordination among different business units

B.

Operational decisions are inconsistent with organizational goals.

C.

Suboptimal decision-making.

D.

Duplication of business activities.

Full Access
Question # 197

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors.

C.

The internal audit activity's purpose, authority, responsibility, and performance relative to plan.

D.

Management's assertions regarding the system of internal controls.

Full Access
Question # 198

According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?

A.

The CAE should continue to meet with management to obtain their agreement for corrective action

B.

The CAE should note in the final report that management has decided to accept the risk.

C.

The CAE should ask that additional testing be undertaken to strengthen his case as to the need for corrective action.

D.

The CAE should advise senior management of his intention to escalate the matter to the board.

Full Access
Question # 199

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?

A.

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.

Develop a report of excess inventory and compare the inventory with current production volume.

C.

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Full Access
Question # 200

Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors' work?

A.

Board of directors

B.

External auditors

C.

Chief audit executive

D.

Senior management

Full Access
Question # 201

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Full Access
Question # 202

In which of the following situations would an internal auditor consider the need to outsource competencies and skills9

A.

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

C.

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

Full Access
Question # 203

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 204

Senior management wants assurance that third-party contractors are following procedures as agreed with the organization. Which type of audit would be most appropriate

to achieve this objective?

A.

A compliance audit.

B.

A due diligence audit.

C.

A financial audit.

D.

An external audit.

Full Access
Question # 205

An investor has acquired an organization that has a dominant position in a mature, slow-growth industry and consistently creates positive financial income Which of the following terms would the investor most likely label this investment in her portfolio?

A.

A star.

B.

A cash cow.

C.

A question mark.

D.

A dog

Full Access
Question # 206

When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?

A.

The last available risk assessment.

B.

Requests from senior management and the board.

C.

The longest interval since the last examination of each audit universe item.

D.

The auditable areas required by regulatory agencies.

Full Access
Question # 207

An internal auditor collected several employee testimonials Which of the following is the best action for the internal auditor to take before drawing a conclusion?

A.

Ensure the testimonials are well documented

B.

Substantiate the testimonials with physical or documentary evidence

C.

Corroborate testimonials with the results from other soft control techniques

D.

Review the testimonials with the interviewed employees

Full Access
Question # 208

Which of the following factors would be the most critical in determining which engagements should be included in the annual internal audit plan?

A.

Whether an audit is explicitly required by the internal audit charter

B.

The extent to which the work to be performed is an assurance or consulting engagement

C.

The organization's annual risk management strategy

D.

Risks that are identified by operations staff or senior management

Full Access
Question # 209

An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 210

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Full Access
Question # 211

During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team's recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?

A.

The CAE should reassess and validate the risk tolerance policy

B.

The CAE should escalate the issue to senior management .

C.

The CAE should reiterate the internal audit team's recommendations to management .

D.

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

Full Access
Question # 212

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity's purpose, authority, responsibility, and performance relative to plan.

D.

Management's assertions regarding the system of internal controls.

Full Access
Question # 213

According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Full Access
Question # 214

Which of the following should the chief audit executive do when evaluating the possibility of relying on external auditors' work?

A.

Perform comprehensive background checks on all independent auditors on the engagement.

B.

Recalculate all financial calculations to confirm competency.

C.

Examine objectivity and any perceived or actual conflicts of interest.

D.

Review audit tests employed in all previous audits.

Full Access
Question # 215

According to ISO 31000, which of the following statements is correct?

A.

The board is responsible for setting the organizational attitude through tone at the top.

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Full Access
Question # 216

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area's business plan.

D.

A review of previous audit and follow- up results of the area under review

Full Access
Question # 217

An organization recently acquired a subsidiary in a new industry, and management asked the chief audit executive (CAE) to perform a comprehensive audit of the subsidiary prior to recommencing operations The CAE is unsure her team has the necessary skills and knowledge to accept the engagement According to IIAguidance, which of the following responses by the CAE would be most appropriate?

A.

The CAE should accept the engagement and ensure that an explanation of the expertise limitations is included in the final audit report.

B.

The CAE should ask management to hire an external expert who is familiar with the industry to perform an independent audit for management

C.

The CAE should accept the engagement and hire an external expert to assist the audit team with the audit of the subsidiary

D.

The CAE should recommend postponing the engagement until the internal audit team is able to develop sufficient knowledge of the new industry

Full Access
Question # 218

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

A.

It documents the audit steps and procedures to be performed.

B.

it documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review

Full Access
Question # 219

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board's meeting records.

Full Access
Question # 220

Which of the following statements is true regarding the audit objective for an assurance engagement?

A.

Operational management must determine the audit objective in cooperation with the internal auditor

B.

The audit objective may be adjusted after the start of an engagement and it does not need to align with the assessed risks

C.

The audit objective must consider the possibility of fraud and noncompliance

D.

The audit objective may or may not consider the possibility of fraud depending on the assessed likelihood and impact

Full Access
Question # 221

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Full Access
Question # 222

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

A.

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.

Inquiry of corrective action to be completed within a certain period

C.

Reporting the status of every observation for every engagement in a detailed manner.

D.

Soliciting management's feedback after completion of the audit engagement.

Full Access
Question # 223

In which of following scenarios is the internal auditor performing benchmarking?

A.

The auditor compares information from one period with the same information from the poor period

B.

The auditor compares new information to his general knowledge of the organization

C.

The auditor compares information he collected with simmer information from another source

D.

The auditor compares expected outcomes with actual results

Full Access
Question # 224

An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?

A.

Vendor contracts.

B.

Employee master list.

C.

Payment records.

D.

Purchasing policy.

Full Access