Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > IIA > CIA > IIA-CIA-Part2

IIA-CIA-Part2 Internal Audit Engagement Question and Answers

Question # 4

An internal auditor discovered that sales contracts with business clients were not stored in the electronic document management database instead they were scanned and saved in a nonsystematic manner to server folders Which of the following would be an appropriate consequence for the internal auditor to include in the documented observation?

A.

The document management policy requires business client data to be stored in a specific management database

B.

Sales contracts were stored improperly because the office manager was not trained to use the electronic database and prefers to avoid it

C.

if the organization becomes subject to litigation the agreed pricing terms and conditions of the contracts may be difficult to prove

D.

All staff should be appropriately trained and required to follow the organization ' s established policies and procedures pertaining to document management

Full Access
Question # 5

What would be the effect if an organization paid one of its liabilities twice during the year, in error?

A.

Assets, liabilities, and owners ' equity would be understated.

B.

Assets, net income, and owners’ equity would be unaffected

C.

Assets and liabilities would be understated.

D.

Assets, net income, and owners’ equity would be understated, but liabilities would be overstated

Full Access
Question # 6

According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?

A.

Manufacturing.

B.

Profitability.

C.

Overheads.

D.

Quality.

Full Access
Question # 7

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client ' s expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Full Access
Question # 8

Which of the following statements describes an engagement planning best practice?

A.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.

Engagement planning activities include setting engagement objectives that align with audit client ' s business objectives.

Full Access
Question # 9

While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?

A.

Request that the internal auditors remove irrelevant workpapers from the records.

B.

Sign off on all workpapers, and arrange the documentation from most relevant to least relevant.

C.

Ensure that the final audit report indicates that the initial engagement objectives were expanded.

D.

Expand the scope of the audit and include the additional documentation.

Full Access
Question # 10

According to IIA guidance, which of the following statements best justifies a chief audit executive ' s request for external consultants to complement internal audit activity (IAA) resources?

A.

The organization ' s audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Full Access
Question # 11

An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?

A.

Analytical procedures.

B.

Detail testing.

C.

Test of design.

D.

Test of control.

Full Access
Question # 12

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

A.

Create an assurance map to illustrate each provider ' s level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Full Access
Question # 13

According to HA guidance on IT, which of the following actions would be performed as part of the " Define IT Universe " stage of the IT audit plan development process?

A.

Identify significant applications that support the business operations

B.

Assess risk and rank subjects using business risk factors

C.

Identify how the organization structures its business operations

D.

Select audit subjects and bundle into distinct audit engagements

Full Access
Question # 14

In preparing the engagement work program, which of the following is generally true with respect to secondary controls?

A.

A separate engagement work program should be created for secondary controls

B.

Secondary controls do not necessarily need to be tested for effectiveness

C.

Any documented secondary controls are deemed essential to the adequacy of control design

D.

Secondary controls should be held to the same requirements as key controls

Full Access
Question # 15

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

A.

Were audit findings relevant and useful to management?

B.

Does the audit report format present issues clearly and concisely?

C.

Does the IAA work with a high degree of professionalism and objectivity?

D.

Were the findings reported in a timely manner?

Full Access
Question # 16

An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?

A.

Examining the entire population

B.

Asking management about the malpractice

C.

Testing a sample of random transactions.

D.

Using data analytics

Full Access
Question # 17

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

The organizational chart, business objectives, and policies and procedures of the area to be reviewed

A.

The most recent risk assessment conducted by management of the area to be reviewed.

B.

The requests of operational and senior management throughout the organization.

C.

The preliminary risk assessment performed by internal auditors planning the engagement.

Full Access
Question # 18

According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?

A.

A primary purpose of the exit conference is to provide for the timely communication of observations that call for immediate management action.

B.

Both the chief audit executive and the chief executive over the activity or function reviewed must attend the exit conference to validate the findings.

C.

The exit conference provides only anticipated results for inclusion in the final audit communication.

D.

During the exit conference, the performance of the internal auditors who executed the engagement is reviewed.

Full Access
Question # 19

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

A.

The overall adequacy of the internal audit activity ' s resources

B.

The availability of guest auditors for the engagement

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required

Full Access
Question # 20

An internal auditor performed a test of controls and found that a statistically selected representative sample of recorded transactions within the account receivables ledger had an error rate that was within management expectations. The associated revenue account was outside the scope of the audit engagement. How should the conclusion to this engagement be reported?

A.

The auditor should state that the error rate was within the selected confidence level.

B.

Negative assurance should be provided, as the associated revenue account was not examined.

C.

The auditor should state that controls over the recording of transactions in the revenue account are operating effectively.

D.

Positive assurance could be provided for the effectiveness of the accounts receivable controls.

Full Access
Question # 21

According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Full Access
Question # 22

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Full Access
Question # 23

An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?

A.

Description of the procurement policy

B.

Summary of the tendering process

C.

Substantiated and comparative evidence

D.

Impact analysis of unfavorable prices

Full Access
Question # 24

What is the most likely reason an internal auditor would interview operational management during engagement planning?

A.

To validate the engagement work program.

B.

To help the internal auditor understand the objectives of the area or process under review.

C.

To determine whether operational management has sufficient knowledge of risks and controls.

D.

To determine whether management followed through on action plans from a previous consulting engagement.

Full Access
Question # 25

According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Full Access
Question # 26

An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

A.

Enhanced capability to prevent frauds from occurring.

B.

Greater assurance that procurement frauds will be detected in a timely manner

C.

Improved capability of evaluating fraud risks within the organization.

D.

Greater understanding of fraud through better evidence collection

Full Access
Question # 27

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?

A.

To create a detailed risk assessment

B.

To identify individuals who perform key roles

C.

To explain a simple process.

D.

To document which outputs support other activities.

Full Access
Question # 28

An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?

A.

Conduct a trend analysis of customers ' payment history and flag those with the most inconsistent payments and debts

B.

Conduct a ratio analysis by calculating the relationship between sums paid in local currency and volume of electricity billed in megawatt hours

C.

Conduct an analysis of clients’ electricity consumption patterns within a specified period and identify consumption spikes

D.

Conduct a comparison to identify deviations between electricity amounts billed to customers and information regarding actual consumption

Full Access
Question # 29

An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?

A.

Enter into long-term gasoline purchase agreements with end customers.

B.

Trade crude oil derivatives at financial markets in order to benefit from price fluctuations

C.

Purchase crude oil-related derivatives such as futures or options

D.

Stock as much raw materials as possible and consider Investing into additional facilities

Full Access
Question # 30

Which of the following statements is true regarding different competitive strategies?

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Full Access
Question # 31

A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?

A.

Comer of competence

B.

Career model

C.

Rotational model

D.

Cosourcing agreement

Full Access
Question # 32

An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services. Which of the following actions is most appropriate for the internal auditor to take?

A.

Inform the audit supervisor.

B.

Investigate the potential conflict of interest.

C.

Inform the external auditors of the potential conflict of interest.

D.

Disregard the potential conflict, because it is outside the scope of the audit assignment.

Full Access
Question # 33

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components ' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Full Access
Question # 34

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager ' s decision to accept the risk otherwise, no other speak: course of action is required.

Full Access
Question # 35

Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization ' s head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?

A.

The engagement objectives.

B.

The head of accounting’s schedule availability.

C.

The auditors ' qualifications.

D.

The details of the audit test plan.

Full Access
Question # 36

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program ' s activities. What is the appropriate next step?

A.

Conclude whether the ESG program ' s activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Full Access
Question # 37

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Full Access
Question # 38

Which of the following is a true statement regarding the use of flowcharts as an audit tool?

A.

Flowcharts are typically not well suited to support information provided by a risk and control matrix.

B.

Flowcharts are preferred to narratives, as they can provide much greater detail on the design and operation of a process.

C.

Flowcharts are best applied to linear process flows but cannot address all risks related to the process.

D.

Flowcharts describe process steps but cannot provide the level of detail needed to adequately assess the design of the process.

Full Access
Question # 39

In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?

A.

A scheduled audit observed that several agreed improvements from the previous audit were still being implemented.

B.

A planned inventory count at the production plant revealed a material variance.

C.

An employee shared concerns of suspected fraud but did not provide evidence.

D.

An auditor responsible for the fieldwork has carried out only half of the planned audit procedures and has no observations so far.

Full Access
Question # 40

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Full Access
Question # 41

According to IIA guidance, when would an interim report typically be produced?

A.

During a standard audit engagement when management wants to address an issue before the final report is drafted.

B.

Following each workshop conducted during a consulting engagement.

C.

During lengthy audit engagements involving several organizational units.

D.

Following management ' s update tor actions taken on outstanding recommendations.

Full Access
Question # 42

An internal auditor wants to assess whether the organization ' s governing body was involved in strategic decisions for the use of social media. What could provide the most relevant evidence?

A.

The board ' s meeting minutes

B.

The executive committee’s social media budget report

C.

The organization’s marketing plan

D.

The organization’s procedures manual for daily social media management

Full Access
Question # 43

Which method of examining entity-level controls involves gathering information from work groups that represent different levels in an organization?

A.

Questionnaires.

B.

Surveys.

C.

Structured interviews

D.

Facilitated team workshops

Full Access
Question # 44

In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?

A.

It will be difficult to quantify the information obtained through this approach

B.

This approach does not help the auditor learn about the existence of controls

C.

It takes the auditor a long time to assess the relevant controls using this approach

D.

Information on control functionality is limited

Full Access
Question # 45

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

A.

Persuade senior management to take appropriate action.

B.

Cancel issuing the engagement report due to the assumed risks.

C.

Accept senior management’s assumption of the risks.

D.

Discuss the issue with the board for them to take appropriate action.

Full Access
Question # 46

For an action plan to be effective, it should be designed primarily to address which of the following elements of an observation?

A.

Condition

B.

Root cause

C.

Criteria

D.

Recommendation

Full Access
Question # 47

An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?

A.

Sufficiency

B.

Reliability

C.

Relevance

D.

Usefulness

Full Access
Question # 48

Which of the following is critical to the success of an effective interview?

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Full Access
Question # 49

An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?

A.

A criterion of the organization ' s accumulation of large travel advances

B.

A condition of the organization ' s accumulation of large travel advances

C.

A consequence of the organization ' s accumulation of large travel advances

D.

A cause of the organization ' s accumulation of large travel advances

Full Access
Question # 50

Which of the following would be most useful for an internal auditor to obtain during the preliminary survey of an engagement on internal controls over user access management?

A.

The policy for granting, modifying, and deleting user access to ensure processing requirements are clearly articulated.

B.

A sample of change request forms to verify whether the forms bear the required approval for the user access change.

C.

User access reports that were reviewed by management to ensure that access rights are appropriate for employee roles.

D.

A current listing of system users and an employee listing to determine whether system users are active employees of the organization.

Full Access
Question # 51

As part of an audit engagement, an internal auditor verifies whether raw material is regularly delivered to the organization ' s warehouse in a timely manner. What type of objective does this exemplify?

A.

Operations

B.

Compliance

C.

Financial reporting

D.

Strategic

Full Access
Question # 52

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

A.

Inform senior management that the branch manager decided to cancel the committed action plan without any previous communication.

B.

Discuss the issue with the board, which has ultimate responsibility to resolve this risk.

C.

Have another discussion with the branch manager, attempt to change his view, and encourage him to implement the recommendations.

D.

Document the branch manager’s decision to accept the risk; otherwise, no other specific course of action is required.

Full Access
Question # 53

The final internal audit report should be distributed to which of the following individuals?

A.

Audit client management only

B.

Executive management only

C.

Audit client management, executive management, and others approved by the chief audit executive.

D.

Audit client management, executive management, and any those who request a copy.

Full Access
Question # 54

An internal auditor is asked to perform an assurance engagement in the organization ' s newly acquired subsidiary When developing the objectives tor the engagement which ot the following statements describes the most important items that the auditor needs to consider?

A.

Previous performance of the subsidiary specifically its financial results over the last three years and the outcome of external audit reviews

B.

The results of previous internal audits of the subsidiary the recommendations provided and whether the recommended actions have been implemented

C.

Organizational strategy objectives, risks, control framework and the expectations of stakeholders regarding the audit

D.

The qualifications and competencies of the subsidiary ' s management team and their understanding of risk and control

Full Access
Question # 55

Which of the blowing is an example of a compliance assurance engagement?

A.

Proving in-house training to senior management regarding applicable laws and regulations

B.

Proving an assessment of the design adequacy of controls related to consumer privacy and confidentially.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization

D.

Providing testing on the operating effectiveness of controls ever the reliability of financial reporting

Full Access
Question # 56

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

A.

Perform benchmarking

B.

Perform a trend analysis

C.

Perform a ratio analysis

D.

Perform observation to gather evidence

Full Access
Question # 57

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys.

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff.

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies.

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews.

Full Access
Question # 58

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

A.

A clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Full Access
Question # 59

Which of the following is the primary purpose of financial statement audit engagements?

A.

To assess the efficiency and effectiveness of the accounting department.

B.

To evaluate organizational and departmental structures, including assessments of process flows related to financial matters.

C.

To provide a review of routine financial reports, including analyses of selected accounts for compliance with generally accepted accounting principles.

D.

To provide an analysis of business process controls in the accounting department, including tests of compliance with internal policies and procedures.

Full Access
Question # 60

The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Full Access
Question # 61

Which of the following is least likely to help ensure that risk is considered in a work program?

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Full Access
Question # 62

According to Maslow ' s hierarchy of needs theory, which of the following best describes a strategy where a manager offers an assignment to a subordinate specifically to support his professional growth and future advancement^

A.

Esteem by colleagues.

B.

Self-fulfillment.

C.

Sense of belonging in the organization

D.

Job security.

Full Access
Question # 63

An internal audit activity is planning its first audit of IT shared services. Which of the following controls would typically be evaluated first?

A.

Entity-level controls

B.

Application controls

C.

General controls.

D.

Transaction controls

Full Access
Question # 64

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Full Access
Question # 65

Which of the following has the greatest effect on the efficiency of an audit?

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Full Access
Question # 66

The chief audit executive (CAE) determined that the internal audit activity lacks the resources needed to complete the internal audit plan Which of the following would be the most appropriate action tor the CAE to take?

A.

Use guest auditors from within the organization, and leverage their experience by assigning them to lead engagements m areas where they previously worked

B.

Outsource some of the audits to the organization s external auditor who is already familiar with the organization

C.

Invite nonauditors to join the internal audit activity for a two-year rotational position, and assign them to join audit teams that are reviewing areas where they have no previous management responsibility

D.

Recruit recent college graduates and employ them as audit interns with an aim to offer permanent employment

Full Access
Question # 67

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^

A.

CAE reviews and approves the annual audit plan.

B.

CAE meets privately with the CEO at least annually

C.

CAE meets privately with the board at least annually.

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Full Access
Question # 68

An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?

A.

Collect the policies and procedures relevant to the audited area

B.

Understand the financial results published for the period under review

C.

Assess the design of the internal controls in place

D.

Define the objectives of the assurance engagement

Full Access
Question # 69

Which of the following should be the focus of the effect section of the preliminary observations document?

A.

Residual risk

B.

Inherent risk

C.

Compensating controls

D.

Control activities

Full Access
Question # 70

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with the internal policy.

Full Access
Question # 71

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Full Access
Question # 72

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable resolution?

A.

Politely decline the engagement due to a lack of qualified staff available at the time.

B.

Complete the engagement as requested, with the best of the current staff’s abilities.

C.

Consider using employees from other departments in the organization on the audit team.

D.

Change the scope of the testing to ensure that only available staff proficiencies are used

Full Access
Question # 73

An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?

A.

Select a sample of invoices for substantive testing

B.

Review the contract for evidence of authorization

C.

Document underlying reasons for noncompliance

D.

Assess the inherent risk of paying duplicate invoices

Full Access
Question # 74

While performing fieldwork for an assurance engagement, a member of the internal audit team identified a key control that was not identified during the planning phase of the engagement Which of the following actions by the internal auditor would be most appropriate?

A.

Promptly adjust the audit work program to include tests that address the newly identified control and notify the other audit team members of the change

B.

Proceed with the current audit work program because the engagement scope has already been finalized but plan to address the newly identified control as part of the follow up engagement

C.

Adjust the audit work program to account for the new control, but only with approval from the engagement supervisor

D.

Discuss the control with management of the area under review and seek their approval prior to including the control in the current audit engagement

Full Access
Question # 75

An audit observation noted that annual inventory counts of biofuel was not being performed appropriately Fuel yards were not visited and physical amounts of biofuel were not reconciled with accounting data Management of the division understood the issue and promised to resolve the problem When should the internal auditor schedule a follow-up review?

A.

As soon as possible, no later than two months after the audit

B.

When convenient for both parties

C.

When management has indicated that the issue has been resolved

D.

Before financial year end

Full Access
Question # 76

According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

A.

Review the organizational structure, management roles and responsibilities, and operating procedures.

B.

Evaluate management ' s risk assessment and the internal audit activity ' s risk assessment.

C.

Assess process flow and control documents used to meet regulatory requirements.

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Full Access
Question # 77

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Full Access
Question # 78

An internal auditor reviewed bank reconciliations prepared by management of the area under review. The auditor noted that the bank statements attached did not have the

bank heading, logo, or address. Which of the following statements is true regarding this situation?

A.

The evidence may not be reliable.

B.

The evidence is not relevant.

C.

The evidence may not be sufficient.

D.

The information missing is not relevant to the audit.

Full Access
Question # 79

The internal audit activity of an insurance company is reviewing six of the company’s 11 branches. During the review of the fourth branch that was selected, the internal audit team discovered control breaches that could result in regulatory sanctions if not addressed. How should the internal audit team proceed?

A.

Communicate immediately to the relevant regulatory agency the information regarding the company ' s control breaches along with details of recommended corrective actions to address the issue.

B.

Complete the branch reviews, ensure that the issue and impact are adequately detailed in the audit report, hold an exit meeting to discuss the issue with branch management, and provide recommendations for corrective actions.

C.

Have a discussion with branch management on the matter and recommend in an interim audit report that management take appropriate corrective action in order to address the current identified issues.

D.

Expand the audit to include the branches that were not previously selected and determine whether there are similar control breaches at those branches prior to compiling a comprehensive audit report and reporting the issue to senior management and the board.

Full Access
Question # 80

Which of the following statements is true regarding internal auditors and other assurance providers?

A.

Assurance providers who report to management and/or are part of management cannot provide control self-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers.

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit hours.

D.

internal auditors can rely on the work of other assurance providers only if the other assurance providers report directly to the board

Full Access
Question # 81

Which of the following best describes the engagement objective in a banking compliance audit?

A.

Assessing the cost-efficiency of business continuity plans

B.

Assessing whether the business continuity plans implement regulatory requirements

C.

Assessing whether the business continuity plans implement best practice recommendations

D.

Assessing the operating effectiveness of the business continuity plans

Full Access
Question # 82

When presenting an observation m writing which or the Mowing is usually true regarding the level of detail provided?

1. The description of the observation in the final audit report contains more detail then the description m the engagement workpapers

2. The description of the observation m the engagement workpapers contains more detail than the descriptor n a preliminary observation document

3. A preliminary observation document contains more detail than tie observation description in the final audit report

4. A preliminary observation document contains more detail than tie observation description in the engagement workpapers

A.

1 and 2

B.

1 and 4

C.

2 and3

D.

3 and 4

Full Access
Question # 83

The internal auditor and her supervisor are in dispute about a risk that was not tested during an audit of the procurement function. Which of the following tools would best support the auditor ' s decision not to test the risk?

A.

A spaghetti map

B.

A heat map.

C.

A process map

D.

An assurance map

Full Access
Question # 84

Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?

A.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

B.

Contract an external IT special to offer advice and consult on IT audits

C.

Employ an independent external IT specialist to perform IT audits for the first year

D.

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

Full Access
Question # 85

When auditing an organization ' s cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?

A.

Testimony from the cashier who performs the processes being reviewed

B.

Testimony from me cashier ' s supervisor who knows how processes should be performed

C.

Testimony from a knowledgeable person who is independent of the cashiering duty

D.

Testimony from a manager who oversees all cashiering activities being reviewed

Full Access
Question # 86

Which of the following would present the most critical external risk to an organization?

A.

The organization experiences a merger, and the management team is reorganized and redistributed globally

B.

The organization launches a product into new global markets

C.

After minimal testing, the organization implements a new system to replace a legacy system

D.

Regulators announce broad legislative reforms applicable to the industry within which the organization operates

Full Access
Question # 87

Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?

A.

Written observations allow for more interpretation.

B.

Written observations help the internal auditors express the significance.

C.

Written and verbal observations are equally effective.

D.

Written observations limit premature agreement.

Full Access
Question # 88

Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?

A.

Increased completeness, including risk categories like political, supplier, and social media.

B.

Business managers can identify and assess risks that occur within each category.

C.

The internal audit activity can rely on management ' s risk assessment.

D.

Organizationwide audits are required since risk events within categories occur in many different ways.

Full Access
Question # 89

Which of the following would most likely form part of the engagement scope?

A.

Potential legislation on privacy topics will be employed as a compliance target.

B.

Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

C.

Both random and judgmental samplings will be used during the engagement.

D.

The probability of significant errors will be considered via risk assessment.

Full Access
Question # 90

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

A.

To obtain sufficient audit evidence.

B.

To test the client ' s knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Full Access
Question # 91

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

A.

The CAE should send the final report to operational and senior management and the audit committee.

B.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Full Access
Question # 92

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address this risks highlighted by the Internal audit Which of the following Is the most appropriate action to address the outstanding audit recommendation?

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts managements explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Full Access
Question # 93

An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?

A.

Diagnostic analytics

B.

Descriptive analytics

C.

Prescriptive analytics

D.

Predictive analytics

Full Access
Question # 94

An internal auditor is preparing for an auditor of newly implemented software that is used by 3,000 employees in South America and Europe. What would be the best way for the auditor to gather relevant feedback?

A.

interview IT management in both regions

B.

Inspect regional user software training records

C.

Interview propel management and the vendor responsible for implementation

D.

Distribute surveys to software users in both regions

Full Access
Question # 95

An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?

A.

Disclose the information in a separate report.

B.

Distribute the information in a confidential report to the board only

C.

Distribute the reports through the use of blind copies.

D.

Exclude the results from the report and verbally report the conditions to senior management and the board.

Full Access
Question # 96

An internal audit manager assigns an audit team to test purchase transactions by selecting a sample from transactions processed by each of the three procurement officers.

Which of the following techniques will help the audit team achieve this sampling objective?

A.

Systematic sampling.

B.

Stratified sampling.

C.

Stop-or-go sampling

D.

Discovery sampling.

Full Access
Question # 97

A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Full Access
Question # 98

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Full Access
Question # 99

An organization uses the management-by-objectives method, whereby employee performance is based on defined goals. Which of the following statements is true regarding this approach?

A.

It is particularly helpful to management when the organization is facing rapid change.

B.

It is a more successful approach when adopted by mechanistic organizations.

C.

it is more successful when goal-setting Is performed not only by management, but by all team members, including lower-level staff

D.

it is particularly successful in environments that are prone to having poor employer-employee relations

Full Access
Question # 100

Which of the following statements about internal audit ' s follow-up process is true?

A.

The nature, timing, and extent of follow-up for assurance engagements is standardized to ensure quality performance.

B.

The actions of external auditors and other external assurance providers is not encompassed by internal audit ' s follow-up process.

C.

Internal auditors have responsibility for determining if management and the board have implemented the recommended action or otherwise accepted the risk.

D.

The follow-up process must be complete and documented in the working papers in order to conclude the engagement.

Full Access
Question # 101

Which of the following statements is true regarding managements use of judgement to design, implement, and conduct internal control?

A.

The use of judgment enhances managements ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

introducing judgment generally diminishes managements ability to make good decisions about internal control

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Full Access
Question # 102

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring

D.

Include all types of observations in the monitoring process

Full Access
Question # 103

Which of the following best demonstrates that the internal audit activity is using due professional care?

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysis techniques

Full Access
Question # 104

According to IIA guidance, which of the following should be a primary objective for an internal auditor who is conducting an exit conference?

A.

Improve relations with the engagement clients.

B.

Present the final engagement communication.

C.

Identify concerns for future audit engagements.

D.

Ensure the accuracy of engagement conclusions.

Full Access
Question # 105

Which of the following is true regarding the communication of engagement results with stakeholders?

A.

When the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management. If the CAE determines that the matter has not been resolved, the CAE should seek the opinion from regulatory bodies.

B.

The CAE should avoid issuing any interim reports, even for high-risk observations, prior to the issuance of the final written report to avoid leakage of sensitive information.

C.

It is mandatory for the CAE to assess the potential risk to the organization, consult with senior management and legal counsel as appropriate, and control dissemination by restricting the use of the results prior to releasing them to parties outside of the organization if not otherwise mandated by legal, statutory, or regulatory requirements.

D.

The board should always be given the final written internal audit reports at the conclusion of all internal audit engagements. Executive summaries should be avoided in all cases.

Full Access
Question # 106

According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?

A.

Having no active role or involvement in the risk management process.

B.

Auditing the risk management process for reasonableness.

C.

Coordinating and managing the risk management process.

D.

Participating with management in identifying and evaluating risks.

Full Access
Question # 107

Which of the following should be included in a company ' s year-end inventory valuation?

A.

Company goods that were sold during the year, free on board shipping point, that have been shipped but not yet received by the customer

B.

Goods purchased by the company, free on board destination, that have not yet been received.

C.

Goods on consignment, which the company is trying to sell for its customers.

D.

Company goods for sale on consignment at a consignment shop

Full Access
Question # 108

Which of the following is the most important concept to be included in a consulting engagement agreement?

A.

Define the duties and responsibilities needed from management to perform the engagement.

B.

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

C.

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

D.

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Full Access
Question # 109

Which of the following is a disadvantage of using flowcharts during a risk assessment?

A.

People cannot quickly understand the processes via flowcharts

B.

Flowcharts are not applicable for evaluating the design of controls

C.

Some serious risks that are not part of the linear process can be missed

D.

Flowcharts do not enable auditors to identify missing controls

Full Access
Question # 110

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

A.

The CAE previously undertook a consulting assignment in that area to improve processes.

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Full Access
Question # 111

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Full Access
Question # 112

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

A.

The internal audit risk assessment and audit plan for the next fiscal year.

B.

The internal audit budget and resource plan for the coming fiscal year.

C.

A request for an increase of the CAE ' s salary for the next fiscal year.

D.

The evaluation and compensation of the internal audit team.

Full Access
Question # 113

Which of the following represents the best method for confirming that vendor invoices were for authorized purchases?

A.

Vouching vendor invoices to payments made.

B.

Sorting invoices by purchase orders and comparing for successive duplicate invoices.

C.

Comparing a random sample of vendor invoices to purchase orders.

D.

Sorting payments by invoice to detect successive duplicate invoices.

Full Access
Question # 114

When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?

1. Add value.

2. Improve operations.

3. Provide assurance that the internal audit activity conforms with the Standards.

4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

A.

1 only

B.

1 and 2 only

C.

1 and 3 only

D.

1, 2, 3, and 4

Full Access
Question # 115

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring.

D.

Include all types of observations in the monitoring process.

Full Access
Question # 116

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit acth/lty ' s reporting

Full Access
Question # 117

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend

C.

Reaffirm the importance of the organization ' s code of ethics to all employees

D.

Conduct an organization wide employee survey on ethical practices.

Full Access
Question # 118

According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?

A.

Process objectives.

B.

Process risks

C.

Process controls.

D.

Process scope

Full Access
Question # 119

The internal audit manager has been delegated the task of preparing the annual internal audit plan for the forthcoming fiscal year All engagements should be appropriately categorized and presented to the chief audit executive for review Which of the following would most likely be classified as a consulting engagement?

A.

Evaluating procurement department process effectiveness

B.

Helping in the design of the risk management program

C.

Assessing financial reporting control adequacy

D.

Reviewing environmental, social, and governance reporting compliance

Full Access
Question # 120

The board has asked the internal audit activity (IAA) to be involved in the organization ' s enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

Full Access
Question # 121

Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?

A.

Stratification of numeric values

B.

Gap testing

C.

Joining different data sources

D.

Duplicate testing

Full Access
Question # 122

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Full Access
Question # 123

An internal auditor of a construction organization found that completed inspection results, required by the organization ' s policy, were missing from the computer system. Which of the following, if included in the audit report, would demonstrate that the auditor performed a root cause analysis of this observation?

A.

Some inspection results were missing from the computer system.

B.

The results of lengthy inspections were more likely to be omitted from the computer system.

C.

Flaws in the computer system prevented employees from saving their inspection results.

D.

Employees did not ensure that inspection results were completed in the computer system.

Full Access
Question # 124

The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review Which of the following would be the most appropriate approach?

A.

An internal auditor who recently attended a three-day workshop on chemical waste disposal, and therefore has the most knowledge on the topic, should lead the engagement.

B.

A team of available internal auditors should be assembled and should consult with an external nonaudit expert on chemical waste disposal to plan and conduct the engagement.

C.

A team of the most knowledgeable auditors could be assembled and use the engagement work program from the previous year to gather additional insight regarding recommended audit procedures

D.

A nonaudit employee from the chemical disposal area may share his expertise with the audit team, provided the internal audit manager conducts a detailed review of all engagement work performed.

Full Access
Question # 125

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization ' s risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization ' s goals.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4

D.

1, 3, and 4

Full Access
Question # 126

According to IIA guidance, which of the following most appropriately justifies the CEO’s decision that the internal audit activity shall be responsible for risk management and Investigation at multinational organization?

A.

The recommendation of the parent office external auditors.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The level of proficiency of the chief audit executive

Full Access
Question # 127

According to IIA guidance, which of the following activities are typically primary objectives of engagement supervision?

A.

Enable training and development of staff, identify engagement objectives, and assign responsibilities to individual auditors.

B.

Identify engagement objectives, assign responsibilities to individual auditors, and approve the engagement program.

C.

Assign responsibilities to individual auditors, approve the engagement program, and enable training and development of staff.

D.

Approve the engagement program, enable training and development of staff, and identify engagement objectives

Full Access
Question # 128

An organization facing financial hardships is planning to reduce its internal audit function size without a reduction in workload. The organization plans to aid internal auditors by providing a generative artificial intelligence application that will process written responses from the activity under review to identify high-risk areas on which the remaining auditors will concentrate. Which of the following would be the most significant concern in this process?

A.

Slight variations in answers can result in very different risk assessments

B.

Generative artificial intelligence cannot make inferences out of free text responses

C.

Replacing auditor judgment with machine judgment is contrary to the Global Internal Audit Standards

D.

Poor acceptance of the new system by the activity under review will impact engagement outcomes

Full Access
Question # 129

Which of the following statements is true regarding an organization’s inventory valuation?

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Full Access
Question # 130

What is the purpose of an internal control questionnaire?

A.

To gather information from a sample of people who are geographically dispersed

B.

To assess risks that could prevent an audited area from achieving its objectives.

C.

To evaluate tie level of compliance of remote offices with centrally designed procedures

D.

To perform testing of controls more frequently

Full Access
Question # 131

Which of the following recognized competitive strategies focuses on gaining efficiencies?

A.

Focus

B.

Cost leadership.

C.

Innovation

D.

Differentiation

Full Access
Question # 132

Which of the following internal audit activities is performed in the design evaluation phase?

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Full Access
Question # 133

A technology firm ' s internal audit function is slated to perform a series of engagements assessing the security of its software development processes. To successfully perform these engagements, which competency should the internal audit function possess?

A.

Expertise in IT general controls

B.

Understanding of change management processes

C.

Proficiency in using design software

D.

Fluency in multiple programming languages

Full Access
Question # 134

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with management ' s decision, which of the following is the most appropriate next step for the CAE to take?

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders

C.

The CAE must discuss the matter with legal counsel

D.

The CAE must discuss the matter with the board

Full Access
Question # 135

Which of the following statements concerning workpapers is the most accurate?

A.

The organization and the format of workpapers is the same for all engagements

B.

The extent of what is included in workpapers is a matter of professional judgment

C.

Workpapers should be complete so that every conceivable question that can be raised should be answered

D.

Copies of operational managements records should not be included, but referenced so that they can be located

Full Access
Question # 136

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

A.

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.

Local law enforcement should be involved as they are more familiar with the applicable local laws.

Full Access
Question # 137

Which of the following is true about surveys?

A.

A survey with open-ended questions is weaker than a structured interview

B.

A survey with closed-ended questions can produce quantifiable evidence

C.

A survey ' s participants are likely to volunteer information that was not specifically requested

D.

A survey, like inspections and confirmations are best used to test the operating effectiveness of controls

Full Access
Question # 138

Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?

A.

Low levels of inventory

B.

Higher level of profitability

C.

High level of liquidity

D.

Higher level of risk

Full Access
Question # 139

An organization ' s board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management ' s responsibility for risk management without board approval.

Full Access
Question # 140

An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for

testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?

A.

Review logs of the vehicles assigned to employees for the delivery of goods during the engagement period.

B.

Visit the home address of the specific employee to see the selected vehicle.

C.

Compare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.

D.

Seek independent confirmation of the vehicle ' s details from one of the delivery employees.

Full Access
Question # 141

The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Full Access
Question # 142

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Full Access
Question # 143

An organization ' s internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 144

After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis. Which of the following is most likely to be a disadvantage of this outsourcing decision?

A.

Cost.

B.

Independence.

C.

Familiarity.

D.

Flexibility.

Full Access
Question # 145

According to IIA guidance, which of the following statements is true regarding engagement planning?

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by. or in conjunction with, the engagement client

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment

Full Access
Question # 146

According to the IIA guidance, which of the following foes the engagement work test in a review in a review of an organization al process?

A.

Process objectives

B.

Process risks

C.

Process controls

D.

Process scope

Full Access
Question # 147

When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?

A.

Intern accounting management via an interim memorandum update

B.

Note the item in the workpapers for inclusion in the final audit report

C.

Call a meeting and discuss me issue with the audit committee

D.

Alert the CEO as soon as the issue is discovered

Full Access
Question # 148

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management ' s corrective actions Doing so would help the CAE assess which of the following?

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Full Access
Question # 149

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?

A.

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.

Both total sales and cost of ingredients used are greater than expected.

D.

Both total sales and cost of ingredients used are less than expected.

Full Access
Question # 150

A manufacturing organization specializes in the production of evaporated milk and breakfast cereals. The manufacturing processes create significant loss in the form of waste and byproducts. The provision for normal production loss is known to senior management, but little action is taken when abnormal production losses occur. The organization sells its production byproducts to fish farmers at a reduced price. The byproducts are a widely recognized and used product in the fish farming industry. The organization has a policy that also allows its employees to purchase the byproducts at a negligible price. Based on the above, which of the following risks should the internal audit function consider when planning an engagement of the production process?

A.

The production team may be incentivized to increase production losses.

B.

The production team may work overtime and be overworked.

C.

Increased misappropriation of finished products.

D.

Risk that the finished product quality may be impaired.

Full Access
Question # 151

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

A.

To help develop process maps.

B.

To determine segregation of duties.

C.

To identify residual risks.

D.

To test the adequacy of controls.

Full Access
Question # 152

During which phase of the contracting process are contracts drafted for a proposed business activity’

A.

Initiation phase.

B.

Bidding phase.

C.

Development phase.

D.

Management phase

Full Access
Question # 153

During the filework phase of an assurance engagement the internal auditor decides that she wants to adjust the audit work program. Which of the following is the most appropriate next step for the auditor to take9

A.

Request additional information needed from management of the area under review.

B.

Obtain approval from the engagement supervisor

C.

Obtain the required resources, including IT. to complete the work

D.

Discuss the change in scope with management of the area under review.

Full Access
Question # 154

An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?

A.

Documentary evidence

B.

Testimonial evidence

C.

Analytical evidence

D.

Physical evidence

Full Access
Question # 155

As part of internal audit ' s assistance with an annual external audit, the internal auditors are required to do a preliminary analytical review of an bank account balances. This involves verifying the current year end balances as web as comparing the current year end balances with previous year end balances to highlight significant changes. Which of the following is the most reliable source for verification of the current year end bank balances?

A.

Bank confirmations

B.

Internal bonk statements

C.

Bank reconciliations as of the end of the year

D.

Bank account general ledger balancer as of the end of the year

Full Access
Question # 156

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization ' s risk strategy and risk appetite framework

D.

Discuss the department ' s present strategies ‘and objectives with the head of the HR department

Full Access
Question # 157

An internal auditor and engagement client are deadlocked over the auditor ' s differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

A.

Conduct a joint brainstorming session with management.

B.

Ask the chief audit executive to mediate.

C.

Disclose the client ' s differing opinion in the final report.

D.

Escalate the issue to senior management for a decision.

Full Access
Question # 158

Which of the following statements is false regarding audit criteria?

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Full Access
Question # 159

In which of the following situations would an internal control questionnaire best suit the internal auditor ' s purpose?

A.

The auditor wants to receive mid-level management insight on how to improve hiring practices

B.

The auditor wants to obtain information on whether adherence to approval matrices is actually taking place in different maintenance units.

C.

The auditor wants to gain assurance that inventory counts are conducted in accordance with established procedures.

D.

The auditor wants to assess whether different subsidiaries apply centrally established procurement rules in the same manner

Full Access
Question # 160

Internal control questionnaires are used to achieve which of the following objectives?

A.

To ascertain the operating effectiveness of a procedure

B.

To verify the accuracy of Information in a report

C.

To assess the controls mitigating major risks

D.

To determine whether specified contra procedures are in place

Full Access
Question # 161

Which informal ion- gathering method would be most efficient for an internal auditor to determine whether specified control procedures are in place?

A.

Interviews

B.

Observations

C.

Reperformance

D.

Internal control questionnaires

Full Access
Question # 162

An internal auditor is assessing the organization ' s risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 163

An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?

A.

The organization incurred excessive cost overruns that resulted in significant financial and legal risk to the project.

B.

The organization experienced a potential conflict of interest

C.

The organization had weaknesses in its review process which allowed questionable transactions with some vendors

D.

The organization allowed the project to launch without assurance that all transactions were regularly approved

Full Access
Question # 164

An IT auditor is reviewing the access controls in an organization ' s accounting application. The auditor intends to deploy a tool that can help test the logical controls embedded in the system to ensure employee access is granted according to need. Which of the following would help achieve this objective?

A.

Utility software

B.

Generalized audit software

C.

Audit expert systems.

D.

integrated test facility

Full Access
Question # 165

Which of the following is an example of a properly supervised engagement?

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues ' workpapers for completeness and format.

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met.

Full Access
Question # 166

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Full Access
Question # 167

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Full Access
Question # 168

Which of the following is an example of a compliance assurance engagement?

A.

Providing in-house training to senior management regarding applicable laws and regulations.

B.

Providing an assessment of the design adequacy of controls related to consumer privacy and confidentiality.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization.

D.

Providing testing on the operating effectiveness of controls over the reliability of financial reporting.

Full Access
Question # 169

An engagement team is being assembled to audit of one of the organization ' s vendors Which of the following statements best applies to this scenario?

A.

The engagement team should include internal auditors who have expertise in investigating vendor fraud

B.

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

C.

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

D.

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Full Access
Question # 170

Which of the following statements is true regarding the chief audit executive ' s (CAT$) responsibilities after completing an assurance or consulting engagement?

A.

The CAE must establish a follow-up process tor both assurance and consulting engagements to monitor that management actions have been effectively implemented to address observations

B.

The CAE must communicate the results of assurance and consulting engagements lo whoever can ensure that the results are given due consideration.

C.

The CAE must acknowledge satisfactory performance when communicating the results of assurance and consulting engagements

D.

The CAE may delegate the responsibility for communicating the results of consulting engagements although this responsibility cannot be delegated for assurance engagements

Full Access
Question # 171

Which of the following factors should be considered when determining the staff requirements for an audit engagement?

    The internal audit activity ' s time constraints.

    The nature and complexity of the area to be audited.

    The period of time since the area was last audited.

    The auditors’ preference to audit the area.

    The results of a preliminary risk assessment of the activity under review.

A.

1 and 4 only.

B.

1, 2, and 5 only.

C.

2, 3, and 5 only.

D.

1, 2, 3, 4, and 5.

Full Access
Question # 172

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

A.

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B.

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C.

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the auditD, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Full Access
Question # 173

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

A.

It documents the audit steps and procedures to be performed.

B.

It documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review.

Full Access
Question # 174

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A.

A monitoring process

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process

Full Access
Question # 175

Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?

A.

Facilitated workshops.

B.

Surveys.

C.

Structured interviews.

D.

Elicitation.

Full Access
Question # 176

Which of the following sources of audit evidence is most reliable?

A.

Evidence obtained directly from an untested third party.

B.

Uncorroborated audit evidence obtained indirectly from an employee.

C.

Undocumented audit evidence obtained directly from a manager.

D.

Timely audit evidence obtained directly from a customer.

Full Access
Question # 177

An organization ' s healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations.

B.

Obtain the government index of healthcare costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another healthcare administrator to provide the same administrative services as the current healthcare administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred.

Full Access
Question # 178

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Full Access
Question # 179

An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?

A.

An agreed action adopted by management.

B.

A condition-based recommendation as an interim solution to correct a current condition.

C.

A cause-based recommendation to prevent inappropriate access being granted again.

D.

A management action plan.

Full Access
Question # 180

A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?

A.

Review the auditor ' s job description

B.

Create a checklist

C.

Develop a control questionnaire

D.

Prepare a fishbone diagram

Full Access
Question # 181

An internal auditor concluded that delays in an ongoing construction project have cost the organization $10 million to date. Which documents should be included in the audit workpapers to provide sufficient evidence to support the conclusion?

A.

Payment and work milestones

B.

Pictures from the construction site

C.

Initial sprint planning

D.

Project internal rate of return

Full Access
Question # 182

An organization obtains maintenance personnel from a third-party service provider. The third-party service provider submits monthly timetables of contracted maintenance personnel and bills the organization on an hourly basis. Which of the following will most likely help an internal auditor validate the number of hours billed by the third-party service provider?

A.

Conduct a due diligence review of the third-party service provider

B.

Ask the third-party service provider to provide internal time-keeping records

C.

Obtain access logs from entrances to the organization ' s facilities

D.

Interview the manager responsible for contracting external personnel

Full Access
Question # 183

Which of the following describes the primary objective of an internal audit engagement supervisor?

A.

Uphold the quality of the internal audit actively

B.

Provide engagement progress updates to management of the area under review

C.

Assure risks and controls are identified and assessed

D.

Ensure timely completion of the engagement

Full Access
Question # 184

An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?

A.

Remove the new employee ' s excessive access rights and request that he report any future access error.

B.

Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access

C.

Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system

D.

Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.

Full Access
Question # 185

When auditing an organization ' s purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?

A.

Determine whether the purchasing department complies with policy by examining a random selection of purchase orders.

B.

Evaluate whether purchasing requests are properly approved by authorized staff by obtaining independent verification from the vendors.

C.

Ascertain whether material receipts are recorded on a timely basis by reviewing physical inventory stock counts.

D.

Determine whether prices charged for goods received are correct by reviewing the appropriate accounts payable record by vendor.

Full Access
Question # 186

During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?

A.

Insist on establishing an internal whistleblowing process, as originally recommended, because this is a key control.

B.

Review the agreement with the third-party service provider and ensure that appropriate controls are in place.

C.

Raise the issue to a higher level of management, as outsourcing the process was not previously discussed or agreed upon.

D.

Take no action, as management has accepted the risk of moving to a third party for this whistleblowing process.

Full Access
Question # 187

In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization ' s management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?

A.

Infrastructure.

B.

Emerging.

C.

Managed.

D.

Initial.

Full Access
Question # 188

An internal auditor is assigned to an advisory engagement for the launch of a new system relating to travel and expense. During fieldwork, the auditor tests interfacing controls with the procurement system. The auditor observes that a key control is missing within the procurement system. The auditor identifies that senior management has approved a temporary manual workaround for the missing control. Which of the following actions should the auditor take?

A.

Propose to include an assurance engagement for the procurement system in next year’s audit plan

B.

Perform a root cause analysis and test the workaround effectiveness

C.

Expand the scope of the advisory engagement to include the procurement system

D.

Ignore the risk as senior management has implemented the workaround

Full Access
Question # 189

When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?

A.

Fixed costs per unit for each additional unit sold.

B.

Variable costs per unit for each additional unit sold.

C.

Contribution margin per unit for each additional unit sold.

D.

Gross margin per unit for each additional unit sold

Full Access
Question # 190

Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?

A.

A procurement manager does not have the expected academic credentials for his position

B.

A salesperson frequently complains about the organization ' s policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions

D.

A financial accountant is absent from work frequently due to regular medical procedures

Full Access
Question # 191

White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?

A.

Compare card transaction types against procurement card policy guidelines.

B.

Develop the scope and objectives of the engagement

C.

Determine how many cardholders exceeded their daily limit.

D.

Meet with the procurement card program administrator

Full Access
Question # 192

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Full Access
Question # 193

For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

A.

Independently evaluating conflicts of interests.

B.

Assessing contracts for relevant terms and conditions.

C.

Performing statistical analysis for data anomalies.

D.

Preparing evidentiary documentation.

Full Access
Question # 194

During follow-up, the chief audit executive (CAE) is having a discussion with management about the internal audit team ' s recommendations related to a significant issue Management accepted the issue but took no remedial action What is the next step for the CAE?

A.

The CAE should reassess and validate the risk tolerance policy

B.

The CAE should escalate the issue to senior management .

C.

The CAE should reiterate the internal audit team ' s recommendations to management .

D.

The CAE should grant management more time to implement the recommendation and check the status of the issue during the next scheduled follow-up.

Full Access
Question # 195

An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?

A.

Draft report, to be reviewed by management just prior to final report issuance.

B.

Preliminary observation document, discussed during the engagement.

C.

Final report, after review by audit management.

D.

Verbal communication during the engagement, followed by the final report issuance.

Full Access
Question # 196

Who is responsible for ensuring internal auditors continuing professional development*

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Full Access
Question # 197

A company makes a product at a cost of $26 per unit, of which $10 is fixed cost. The product is usually sold for $30 per unit; however, the company has been approached by a new customer who would like to purchase 3,500 units for $18 each Further, the company would Incur additional cost to deliver the units to this customer If the company has the excess manufacturing capacity and all other factors are constant, what is the additional cost that the company would Incur in order to make a profit of $1.50 per unit for this order?

A.

$0.50

B.

$1.50

C.

$2 50

D.

$3.50

Full Access
Question # 198

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors.

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Full Access
Question # 199

Which of the following situations is most critical for the chief audit executive to report to the board?

A.

The chief audit executive disagreed with the business unit manager ' s initial decision to accept a particular risk Management ultimately agreed to address the risk only after discussing the issue with senior management.

B.

The internal audit activity was restructured, which resulted in a significant change in responsibilities among audit managers and supervisors for some audits

C.

A staff internal auditor had difficulties completing a portion of the audit because management of the area under review was unwilling to cooperate and provide information timely.

D.

The resignation of an internal audit manager during the year caused the chief audit executive to defer a number of audit engagements to the following year.

Full Access
Question # 200

To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?

A.

Assess controls for potential compliance issues that may affect me consolidation

B.

Brief vendors on the potential risks that will occur without continued business

C.

Advise division managers on how to streamline operations for better efficiency

D.

Determine whether the organization’s controls are effective in meeting business objectives

Full Access
Question # 201

Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors ' work?

A.

Board of directors

B.

External auditors

C.

Chief audit executive

D.

Senior management

Full Access
Question # 202

Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?

A.

Enterprise resource planning

B.

Material requirements planning

C.

Electronic data interchange

D.

Customer relationship management

Full Access
Question # 203

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Full Access
Question # 204

An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?

A.

Review management ' s organ nationwide risk assessment

B.

Understand the objectives and strategies of the new arrangement

C.

Revise the scope of the audit engagement

D.

Form objectives for the audit engagement

Full Access
Question # 205

Which of the following represents the best example of a strategic goal?

A.

Customer satisfaction index has to be 90% each quarter.

B.

Ten rapid charging stations will be installed next year.

C.

The organization aims to decrease the budget by 10%.

D.

The organization will be carbon neutral within 5 years.

Full Access
Question # 206

Which of the following approaches to understanding business processes is conducted from a broad organizational perspective and has the greatest risk of overlooking processes that are ultimately critical?

A.

Process narrative.

B.

Process mapping.

C.

Bottom-up.

D.

Top-down.

Full Access
Question # 207

According to IIA guidance, which of the following is based on the results of a preliminary assessment of risks relevant to the area under review?

A.

Audit findings

B.

Audit resources

C.

Audit objectives

D.

Audit plan

Full Access
Question # 208

An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?

A.

The internal auditor concludes that management may be placing undue reliance on me specified control

B.

The internal auditor concludes that the specified control is more effective than it really is.

C.

The internal auditor concludes that the specified control is acceptably effective

D.

The internal auditor concludes that additional testing will be required to evaluate the specified control

Full Access
Question # 209

Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

A.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

B.

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

C.

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

D.

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Full Access
Question # 210

During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?

A.

Compare turnover m the organization to published turnover rates of peer organizations.

B.

Compare turnover in one period with turnover in the previous period in the organization

C.

Compare turnover in the period to total employees in the organization

D.

Compare turnover with the auditor ' s general knowledge of the organization

Full Access
Question # 211

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data ' ?

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause

C.

Applying administrative privileges to ensure right-to-access controls are appropriate

D.

Creating a standing cybersecurity committee to identify and manage risks related to data security.

Full Access
Question # 212

Which of the following processes does the board manage to ensure adequate governance?

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization ' s objectives

Full Access
Question # 213

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Full Access
Question # 214

An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Full Access
Question # 215

During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.

Which of the following responses would be most effective to mitigate this risk?

A.

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Full Access
Question # 216

The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

A.

Refuse to accept the consulting engagement because it would be a violation of independence.

B.

Collaborate with the external auditor to ensure the most efficient use of resources.

C.

Accept the engagement but hire an external training specialist to provide the necessary expertise.

D.

Accept the engagement even if the audit engagement staff was previously responsible for operational areas being trained.

Full Access
Question # 217

Which of the following would best prevent phishing attacks on an organization?

A.

An intrusion detection system

B.

Use of firewalls

C.

Regular security awareness training

D.

Application hardening

Full Access
Question # 218

At a conference an internal auditor presented a new computer-assisted audit technique developed by his organization The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers and the trip was approved by the chief audit executive (CAE). However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Full Access
Question # 219

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts management ' s explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Full Access
Question # 220

A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?

A.

The engagement supervisor has an open door pokey for audit team members to discuss concerns

B.

The supervisor reviews weekly progress reports from the audit team members

C.

The supervisor reviews and initials internal audit workpapers for the engagement

D.

The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.

Full Access
Question # 221

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports

1.Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2.Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting

3.Setting up a hotline for employees to report fraudulent behavior anonymously.

4.Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of. sales.

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only.

Full Access
Question # 222

The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Full Access
Question # 223

When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?

A.

The chief audit executive may recommend that management conduct further work to identify the root cause and address the issue

B.

Internal auditors should finish the engagement without conducting the root cause analysis and draft the audit report, though the report would not be considered complete until the analysis is concluded

C.

internal auditors must adjust their future engagement schedule to ensure that the root cause analysis is always performed before the engagement is concluded

D.

Internal auditors should Instead perform a Pareto rule analysis

Full Access
Question # 224

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Full Access