IIA Part 1 - Code of Ethics, IPPF Flashcards
1
Q
A large sales organization maintains a system of internal control according to the COSO model and has updated its code of conduct. This change relates to which component of the COSO framework? You Options: A Control activities. B Information and communication. C Commitment. D Control environment.
A
d
2
Q
Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
A An independent third party has assessed the organization’s system of internal controls to be adequate and effective.
B The chief audit executive reports both functionally and administratively to the CEO.
C The internal audit charter is drafted properly and approved by the appropriate parties.
D The mission statement and strategy of the internal audit activity demonstrates alignment to organizational objectives.
A
b
3
Q
Which of the following is an example of a risk avoidance strategy?
You Options:
A Hedging against exchange rate variations.
B Limiting access to an organization’s data center.
C Selling a nonstrategic business unit.
D Outsourcing a high-risk activity.
A
c
4
Q
Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
- The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
- The internal audit activity must assess whether the IT governance of the organization supports the organization’s strategies and objectives.
- The internal audit activity may assess whether the IT governance of the organization supports the organization’s strategies and objectives.
- The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization’s strategies and objectives.
You Options: A 1 only. B 4 only. C 2 and 4. D 3 and 4.
A
a
5
Q
Which of the following documents is most appropriate in promoting the objectivity of the internal audit activity?
You Options: A Usage of IT system policy. B Risk management framework. C Acceptance of gifts policy. D Personal responsibility policy.
A
c
6
Q
Management is developing and implementing a risk and control framework for use throughout the organization. Which of the following elements should be included in the organization’s control framework?
- Appropriate levels of authority and responsibility.
- Supervision of staff and appropriate review of work.
- The seniority of management in the organization.
- The ability to trace each transaction to an accountable and responsible individual.
You Options: A 1,2, and 3. B 1.2, and 4. C 1.3, and 4. D 2, 3, and 4.
A
d
7
Q
With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?
You Options:
A Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization’s risk appetite.
B Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.
C Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.
D Assess whether governance activities are aligned with the organization’s risk appetite and take into consideration emerging risks.
A
d
8
Q
As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?
You Options: A Organizational independence. B Professional objectivity. C Due professional care. D Individual proficiency.
A
b
9
Q
The manager for an organization’s accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?
You Options:
A An operations audit of the accounts payable department.
B A consulting engagement related to a new accounts payable optimization initiative.
C A review of the employees’ sports club finances, which are overseen by the chief audit executive.
D An assurance review for a sales program on which she previously provided consultation.
A
c
10
Q
An internal auditor needs to recommend a policy element to be included in an organization’s code of ethics. Which of the following recommendations would be most effective?
You Options:
A Ethics should vary with local customs in the organization’s foreign operations.
B Whistleblowing should be discouraged because it can cause distrust among employees.
C Ethical behavior should be incorporated into performance evaluations.
D Senior management should be granted specific exemptions to the code of ethics.
A
c
11
Q
Which of the following types of fraud includes embezzlement?
You Options: A Fraudulent statements. B Bribery. C Misappropriation of assets. D Corruption.
A
c
12
Q
According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?
You Options:
A When planning assurance and consulting engagements, internal auditors must consider the strategies and objectives of the activity being reviewed.
B Internal auditors determine the engagement objectives, scope, and work program for both assurance and consulting services.
C Internal auditors must not provide assurance or consulting services for an activity for which they had responsibility within the previous year.
D Both assurance and consulting services generally involve the internal auditor, the area under review, senior management, and the board.
A
a
13
Q
Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor’s most appropriate next step?
You Options:
A Immediately notify management of the area under review and the other internal auditors involved in the engagement.
B Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.
C Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.
D Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.
A
a
14
Q
The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?
You Options:
A The assigned internal auditor must determine the objectives, scope, and techniques of the engagement.
B The CAE must personally obtain the needed skills, knowledge, or other competencies if the internal auditor does not have them.
C The assigned internal auditor must not assume management responsibilities while performing the engagement.
D The assigned internal auditor must maintain objectivity while performing the engagement.
A
a
15
Q
An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing {Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations. According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?
You Options:
A Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity has addressed all areas of nonconformance and the audit committee has been notified.
B Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.
C Indicate that the internal audit activity operates in partial conformance with the Standards, as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.
D Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to all parties who received the original reports.
A
b
16
Q
The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently. Which common characteristics of fraud will the practice and policy most likely reduce?
You Options: A Pressure or incentive. B Opportunity. C Rationalization. D Commitment.
A
a
17
Q
Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?
You Options:
A Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.
B Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization’s operations.
C Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.
D Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.
A
b
18
Q
According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?
- Identification.
- Mitigation.
- Remediation.
- Reduction.
You Options: A 1 only. | B 1 and 4 only. C 1, 3, and 4 only. D 1,2, 3, and 4.
A
b
19
Q
During an audit engagement, the internal auditor discussed a risk mitigation recommendation with the manager of the area under review. The manager disagreed with the risk assessment and recommendation. The two failed to come up with an alternative solution, and the auditor decided to proceed with including the original recommendation in the engagement report. Which of the following is especially important in dealing with this type of situation?
You Options:
A Soft skills in communication, negotiation, and collaboration.
B Technical skills in the area under review.
C Professional qualifications and certification in internal auditing.
D Confidentiality and independence.
A
a
20
Q
According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?
- Advocating the establishment of a risk management function.
- Identifying and evaluating significant risk exposures during audit engagements.
- Developing a risk response for the organization if there is no chief risk officer.
- Benchmarking risk management activities with other organizations.
- Documenting risk mitigation strategies and techniques.
You Options: A 4 and 5 only. B 1.2, and 3 only. C 1.2. 4. and 5 only. D 2. 3. 4. and 5 only.
A
c
21
Q
If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?
You Options:
A Imposing risk management processes.
B Providing consolidated reporting on risks.
C Taking accountability for risk management.
D Making decisions on risk responses.
A
b
22
Q
A manufacturing line supervisor joins the internal audit activity for a two-year rotational job assignment and is assigned to an accounts receivable audit. With regard to this assignment, which of the following should be the primary concern of the audit manager?
You Options: A Due professional care. B Individual independence. C Individual objectivity. D Organizational independence.
A
a
23
Q
A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to MA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?
You Options:
A Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.
B Review the investigation and implement any improvements to the process.
C Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.
D Determine why The fraud was not detected earlier and design controls to strengthen early detection.
A
c
24
Q
Which of the following is an example of a risk management avoidance response?
You Options: A Exiting a marketplace. B Recalling a product. C Obtaining product insurance. D Outsourcing production.
A
a
25
Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?
You Options:
A Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).
B Approve the annual budget and resource plan for the internal audit activity.
C Assist the CAE with hiring objective and competent internal audit staff.
D Encourage the CAE to communicate and coordinate with the external auditor.
a
26
A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?
```
You Options:
A From sharing to reduction.
B From acceptance to reduction.
C From sharing to avoidance.
D From acceptance to avoidance.
```
a
27
According to IIA guidance, which of the following should be formally documented in the internal audit charter?
You Options:
A The internal audit activity's responsibility for imposing risk management processes.
B The internal audit activity's responsibility for the organization's governance framework.
C The nature of consulting services provided by the internal audit activity.
D The budgeting process for the internal audit activity.
c
28
According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?
You Options:
A CAE reviews and approves the annual audit plan.
B CAE meets privately with The CEO at least annually.
C CAE meets privately with The board at least annually.
D CAE reports to the board regarding audit staff performance evaluation and compensation.
d
29
While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?
You Options:
A Proceed with the audit engagement, but do not include the relative's information.
B Have the chief audit executive and management determine whether the auditor should continue with the audit engagement.
C Disclose in the engagement final communication that the relative is a customer.
D Immediately withdraw from the audit engagement.
b
30
According to The IIA's Code of Ethics, which of the following statements is true?
You Options:
A When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.
B When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.
C When an internal auditor disagrees with the treatment received by workers in the organization's foreign subsidiary and alters the audit program to highlight the issue, he fails to demonstrate objectivity.
D When an internal auditor continues with an audit engagement, despite the audit client's claims that the work performed is unnecessary and redundant he fails to demonstrate competency.
c
31
In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?
You Options:
A The CAE would need to procure external services to deliver the internal audit assurance program.
B There is no expertise within the internal audit team for detecting and investigating fraud.
C There is no expertise within the internal audit team for auditing an IT engagement.
D There is no available expertise on the internal audit team to perform a consulting engagement.
b
32
Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?
You Options:
A If an organization does not have a mature privacy framework, the internal audit activity should assist in developing and implementing an appropriate privacy framework.
B Because the audit committee is ultimately responsible for ensuring that appropriate control processes are in place to mitigate risks associated with personal information, the internal audit activity is C. required to conduct privacy assessments.
D The internal audit activity may delegate to nonaudit IT specialists the responsibility of determining whether personal information has been secured adequately and data protection controls are sufficient.
D The internal audit activity should have appropriate knowledge and competence to conduct an asses .......framework.
d
33
According to The IIA's Code of Ethics, which of the following actions violates the principle of confidentiality?
You Options:
A Accepting a consulting request in the IT department without possessing the requisite experience.
B Providing personal tax preparation services for a fee for several employees during the lunch hour.
C Providing a friend with the marketing strategic plan, which she will use to prepare her university thesis.
D Agreeing to reword an observation to avoid the client complaining directly to the auditor's supervisor.
c
34
Which of the following would be considered a violation of The IIA's mandatory guidance on independence?
You Options:
A The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.
B The board seeks senior management's recommendation before approving the annual salary adjustment of the CAE.
C The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity.
D The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline.
b
35
Which of the following responsibilities would fall under the role of the chief audit executive, rather than internal audit staff or the audit manager?
You Options:
A Manage and support a quality assurance and improvement program.
B Maintain industry-specific knowledge appropriate to the audit engagements
C Set clear performance standards for internal auditors and the internal audit activity.
D Apply problem-solving techniques for routine situations.
c
36
Which of the following is considered a violation of The IIA's Code of Ethics?
You Options:
A An auditor conveys public information about an organization's financial condition.
B An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.
C An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.
D An auditor reports material deficiencies, despite the fact that management is already aware of the defects.
c
37
Which of the following are generally recognized as essential elements of a corporate social responsibility program?
You Options:
A Human rights and the environment.
B Organizational governance and financial reporting.
C Fair operating practices and government regulation.
D Consumer issues and return on investment.
a
38
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?
```
You Options:
A Workshops.
B Surveys.
C Interviews.
D Observation.
```
b
39
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?
```
You Options:
A Residual.
B Net.
C Inherent.
D Accepted.
```
c
40
According to the HA Code of Ethics, which of the following statements best describes the principle of competency?
You Options:
A Internal auditors shall perform their work with honesty, diligence, and responsibility.
B Internal auditors shall perform their work in accordance with the Standards.
C Internal auditors shall perform their work in accordance with the law and make disclosures expected by the law.
D Internal auditors shall be prudent in the use of information acquired while performing their work.
b
41
Which of the following are components of the ISO 31000 risk management process?
1. Setting the context.
2. Risk treatment.
3. Risk avoidance.
4. Communication.
```
You Options:
A 1 and 2 only.
B 2 and 3.
C 3 and 4.
D 1,2, and 4.
```
a
42
Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?
You Options:
A The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.
B Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.
C System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.
D Department managers are required to perform periodic user access reviews of relevant systems and applications.
d
43
What should the internal auditor's role be in assessing the organization's ethical climate?
You Options:
A Perform ongoing surveys of the employees, customers, and partners of the organization to assess the organization's ethical climate. ^Evaluate the effectiveness of the organization's strategies and
B processes for achieving the desired level of legal and ethical compliance.
C Maintain a whistleblower hotline to identify inappropriate or illegal activity within the organization.
D Perform background checks of potential new employees before they are hired by the organization.
b
44
What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?
You Options:
A During facilitated workshops, people more openly say things to internal auditors than during private interviews.
B Internal auditors do not need other sources of information, as the data gathered during facilitated workshops is sufficient.
C Facilitated workshops create a synergy of discussion that can bring multiple perspectives to the same issue.
D The testimonial evidence obtained during facilitated workshops is generally considered more reliable.
c
45
An organization is facing a financial downturn and needs to impose major budget reductions to all departments. According to MA guidance, which of the following actions is most appropriate for the board to take to evaluate the potential impact on the internal audit activity?
You Options:
A Ask management to determine which internal audit engagements are lower risk and could be considered for removal from the annual audit plan.
B Ask appropriate stakeholders for their opinion on the potential impacts of reducing the scope of the internal audit plan.
C Ask the chief audit executive to determine whether budgetary limitations impede the ability of the internal audit activity to execute its responsibilities.
D Ask The human resources department to determine how the annual compensation and salary of the audit staff could be adjusted to achieve savings.
c
46
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?
You Options:
A Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.
B Not allow the audit manager to hire the contractor, as it would be a conflict of interest.
C Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.
D Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.
a
47
Which of the following items should the chief audit executive disclose to senior management regarding the results of the internal audit activity's quality assessments?
You Options:
A The internal audit activity's plan for resource allocation.
B The amount of the organization's potential loss prevented by the risk-based auditing of the internal audit activity.
C The number of audits from the annual internal audit plan that were completed last year.
D The qualifications and independence of the assessment Team.
b
48
Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?
You Options:
A Assign more experienced internal auditors to mentor the less experienced auditors.
B Send internal auditors to external trainings in advanced internal audit topics.
C Appraise internal auditors' performance and competencies at least annually and issue constructive feedback.
D Rotate internal auditors among different engagement assignments.
d
49
The security department uncovered what appears to be a complex fraud in the accounting department. The CEO has requested the internal audit activity to investigate the fraud. If the internal audit staff lacks the expertise to conduct the investigation, how should the chief audit executive proceed?
You Options:
A Disclose the deficiency, and request that the investigation be reassigned to the first line of defense.
B Proceed with the investigation, as internal auditors are not required to have fraud expertise.
C Outsource the sensitive investigation to a third-party consultant with fraud expertise.
D Select a member of the accounting department who is not involved in the fraud to join the investigation team in a consulting capacity.
c
50
In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member?
You Options:
A Maintaining industry-specific knowledge appropriate to the organization.
B Assessing how IT contributes to organization objectives, risks, and relevance to audit.
C Maintaining technical aspects of accounting standards and reporting processes.
D Understanding regulatory and legal framework and assessing its relevance.
d
51
An internal audit charter, approved by the board, restricts the internal audit activity to providing assurance only on the reliability of financial information and the effectiveness of internal accounting controls. Which of the following statements is true regarding the extent to which the external auditor may rely on the internal audit activity's work?
You Options:
A The external auditor may make full use of the work, as the audit charter is very specific as to the work the internal audit activity may undertake.
B The external auditor may use the work, as the board has approved the charter, thus taking responsibility for any deficiencies.
C The external auditor must disregard the work, as the scope of the charter may introduce bias and result in a lack of due professional care.
D The external auditor may use the work with caution, due to the internal audit activity's scope and responsibility restrictions.
d
52
Which of the following situations is most likely to impair internal audit objectivity?
You Options:
A An internal auditor reports both functionally and administratively to the chief financial officer (CFO).
B An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle.
C According to policy, the internal auditor must obtain approval from the CFO prior to requesting information for internal audit purposes.
D An internal auditor performs an audit in a department that is led by the auditor's close friend.
d
53
Which of the following best describes the details that must be included in the quality assurance and improvement program (QAIP) report to senior management and the board?
You Options:
A The scope and frequency of internal and external assessments as well as the qualifications and independence of the assessor.
B The scope and cost of the QAIP. frequency of internal and external assessments, and conclusions of the assessor.
C The scope, findings, risks, recommendations, and agreed-upon improvement actions.
D The number and types of people involved in the assessment, costs, and duration of the QAIP
c
54
Who is responsible for setting the risk appetite?
```
You Options:
A External auditors.
B Chief risk officer.
C Operations management.
D Board of directors.
```
d
55
According to The IIA's Code of Ethics, which of the following is true?
You Options:
A Confidentiality requires that auditors disclose all material facts known to them.
B Integrity requires that auditors perform internal audit services in accordance with the Standards.
C Objectivity requires that auditors perform their work with honesty, diligence, and responsibility.
D Confidentiality requires that auditors be prudent in the use and protection of client information.
d
56
Which of the following would be the most important consideration by the internal audit activity when selecting employees to perform an internal quality assessment?
You Options:
A Their understanding of auditing standards.
B Previous experience working with the internal audit activity.
C Their reporting line within the organization.
D The nature of their regular duties and responsibilities.
a
57
According to IIA guidance, when preparing the charter for the internal audit activity, the chief audit executive (CAE), board, and senior management should agree on which of the following?
1. The standards to be used by the internal audit activity.
2. The internal audit activity's code of ethics.
3. The CAE's reporting line.
4. The internal audit activity's responsibilities.
```
You Options:
A 4 only.
B 1 and 2 only.
C 3 and 4.
D 1,2, and 3.
```
c
58
Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?
You Options:
A Act as an adviser to the committee responsible for reviewing violations of the code.
B Review and adjudicate all violations of the code of conduct.
C Lead the committee responsible for the oversight of the code.
D Implement a system of procedures to inform all employees of the code.
a
59
According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?
When auditing investments, the auditor identified instruments with which he was unfamiliar. He decided not to select that type of investment in his sample, as he did not have the knowledge needed to
You Options:
A perform a proper assessment.
B An auditor was reviewing inventory counts conducted by the warehouse staff. One truck containing an immaterial amount of inventory was off-site and wasn't verified by the auditor.
C An auditor visited a plant that produces a significant portion of the organization's inventory. The day he arrived, the plant manager was out sick, so the auditor issued the report without interviewing the manager.
D An auditor in charge needed to have testing completed by the end of the month, but was behind schedule. He identified a junior auditor to conduct the work for him on a complex area of the organization.
a
60
A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?
```
You Options:
A Control environment.
B Control activities.
C Information and communication.
D Monitoring activities.
```
a
61
Which of the following actions best demonstrates that an internal auditor is exercising due professional care?
You Options:
A The auditor performs thorough reviews and provides absolute assurance of regulatory compliance.
B The auditor is alert to the possibility of fraud and activities where irregularities are most likely to occur.
C The auditor recommends improvements for all of the organization's procedures and practices.
D The auditor is cognizant of reducing travel expenses by combining a personal vacation with a business trip.
b
62
A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company's board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?
You Options:
A Appoint the CAE as a member of the board.
B Move the CAE's functional reporting to an executive who is not on the board.
C Obtain full board approval of the internal audit activity's annual audit plan.
D Move the CAE's functional reporting to the audit committee.
d
63
Which of the following best explains why integrity is a necessary personal quality for internal auditors at all levels?
You Options:
A Internal auditor integrity enables stakeholders to constantly question the work of the internal audit activity.
B Internal auditor integrity enables the internal auditor to avoid being challenged by any party in the organization.
C Internal auditor integrity enables the internal audit activity to be able to demonstrate independence.
D Internal auditor integrity enables users of internal auditors' work to make important business decisions.
d
64
A headquarters-based internal auditor has been sent to a major overseas subsidiary to conduct various engagements. Initially, the internal auditor spends time to become familiar with local customs and organization's practices while embarking on the first engagement. Which of the following competencies does the internal auditor exercise?
```
You Options:
A Communication.
B Persuasion and collaboration.
C Business acumen.
D Governance, risk, and control.
```
a
65
A chief audit executive (CAE) is reviewing the internal audit activity's performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. According to MA guidance, which of the following elements of the internal audit activity's quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?
You Options:
A The overall effectiveness of the internal audit activity's periodic self assessments.
B The type of audit productivity and performance statistics reported.
C The adequacy of the day-to-day supervision and review process.
D The scope and frequency of external assessments.
c
66
Which of the following is a detective control strategy against fraud?
You Options:
A Requiring employees to attend ethics training.
B Performing background checks on employees.
C Implementing a control self-assessment.
D Performing a surprise audit.
d
67
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
```
You Options:
A Leadership.
B Documentation.
C Analysis.
D Reporting.
```
c
68
Which of the following statements accurately describes an internal auditor's responsibility with regard to due professional care?
You Options:
A An internal auditor should express an opinion only when consensus with top management has been achieved.
B An internal auditor's opinion should be based on experience and free of all bias.
C An internal auditor's opinion should be based on factual evidence.
D An internal auditor's opinion should be limited to the effectiveness of internal controls.
c
69
According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?
```
You Options:
A Negotiation and conflict resolution.
B Project management.
C Financial accounting.
D Ethics and fraud.
```
b
70
Which of the following must be in existence as a precondition to developing an effective system of internal controls?
```
You Options:
A A monitoring process.
B A risk assessment process.
C A strategic objective-setting process.
D An information and communication process.
```
b
71
A multinational organization has asked the internal audit activity to assist in setting up the organization's risk management system. The chief audit executive (CAE) agrees to take on the engagement as a consultant. Which of the following tasks is appropriate for the CAE to undertake?
You Options:
A Coordinate and facilitate risk workshops for management to attend.
B Establish the degree of risk appetite for management to accept.
C Set risk indicators and mitigation plans for management to implement.
D Determine the number of significant risks for management to report to the board.
d
72
According to the COSO enterprise risk management framework, which of the following best describes the activity that helps ensure risk responses are carried out effectively?
```
You Options:
A Objective setting.
B Control activities.
C Information and communication.
D Event identification.
```
b
73
Which of the following statements is true about The IIA Global Internal Audit Competency Framework?
You Options:
A The core competencies outlined in the framework are not expected of a person undertaking an entry-level position as an internal auditor.
B The framework is designed to be used primarily by chief audit executives that are developing indicators to measure the performance of the internal audit activity for which they are responsible.
C The framework lists the core competencies internal auditors should possess before attempting to attain The IIA's Certified Internal Auditor certification.
D The framework describes competencies needed for individual internal auditors, but not those necessary at the chief audit executive level.
b
74
An internal auditor completed an audit of a bank's loan department and found all significant risks to be managed adequately through effective internal controls. Which of the following would be an appropriate conclusion to report to management?
You Options:
A The residual risk is lower than or equal to the risk appetite.
B The residual risk is higher than or equal to the risk appetite.
C The inherent risk is lower than or equal to the risk tolerance.
D The inherent risk is higher than or equal to the risk tolerance.
a
75
According to IIA guidance, which of the following best describes internal auditors' responsibility regarding fraud?
You Options:
A Internal auditors should take a leading role in investigating all fraud-related cases.
B Internal auditors must have sufficient knowledge to evaluate the risk of fraud.
C Internal auditors should report all fraud cases to law enforcement agents, in accordance with the Code of Ethics.
D Internal auditors are responsible for ensuring that fraud does not occur.
b
76
Which of the following is most likely to enhance an internal auditor's objectivity?
You Options:
A An auditor is appropriately able to communicate results.
B An auditor performs his work free from interference.
C An auditor is unrestricted in determination of scope.
D An auditor avoids conflicts of interest.
d
77
An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. Which of the following best describes this risk strategy?
```
You Options:
A Risk avoidance.
B Risk-benefit analysis.
C Risk sharing.
D Risk acceptance.
```
d
78
Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?
You Options:
A Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.
B The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.
C Security cameras that monitor cash handling at the register are not functioning.
D The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff.
b
79
According to IIA guidance, which of the following statements is true regarding the reporting of results from an external quality assessment of the internal audit activity?
You Options:
A The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans.
B The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly.
C The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported.
D The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation.
b
80
An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies?
1. Proficiency in analyzing key IT risks and controls.
2. The ability to recognize significant deviations from good business practices.
3. Knowledge of key indicators of fraud in tax reporting.
4. The ability to recognize the existence of problems related to tax accounting.
```
You Options:
A 1 and 4 only.
B 3 and 4 only.
C 2, 3, and 4 only.
D 1,2, 3, and 4.
```
b
81
What is the purpose of a secondary control?
You Options:
A It replaces primary controls that are either ineffective or cannot fully mitigate a risk.
B It partially reduces the residual risk level when a key control does not operate effectively.
C lt combines with other controls to help reduce significant risk exposures to an acceptable level.
D It helps to ensure the completeness and accuracy of automated controls in a system environment.
c
82
Which of the following is most likely to be considered a control weakness?
You Options:
A Vendor invoice payment requests are accompanied by a purchase order and receiving report.
B Purchase orders are typed by the purchasing department using prenumbered forms.
C Buyers promptly update the official vendor listing as new supplier sources become known.
D Department managers initiate purchase requests that must be approved by the plant superintendent.
c
83
According to the COSO internal control framework, which of the following best describes the use of continuous auditing programs by the internal audit activity?
```
You Options:
A Control environment.
B Control activities.
C Risk assessment.
D Monitoring.
```
d
84
Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
You Options:
A Planning an engagement of the area in which fraud is suspected.
B Employing audit tests to detect fraud.
C Interrogating a suspected fraudster.
D Completing a process review to improve controls to prevent fraud.
b
85
Which of the following is the most common way that occupational fraud is detected?
```
You Options:
A Internal audits.
B Whistleblower hotline.
C Key controls.
D External audits.
```
b
86
What is the primary benefit to the internal audit activity for undertaking an internal quality assessment?
You Options:
A To help the internal audit activity complete its annual assurance plan.
B To identify inefficiencies within the internal audit team.
C To help improve the overall quality of the internal audit activity's work.
D To identify key risks and areas of concern within the organization.
c
87
Which of the following is an example
a
88
An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 2 and 4.
```
d
89
To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. According to IIA guidance, which of the following statements is true regarding these circumstances?
You Options:
A The chief audit executive (CAE) should review all work performed by the auditor during her temporary assignment to ensure no impairments.
B The CAE may conduct audits in the purchasing department during the auditor's temporary assignment.
C The auditor should obtain the CAE's approval as to the nature and scope of the duties she is permitted to perform during her temporary assignment.
D Any work performed by the auditor during her temporary assignment must conform to the internal audit charter.
c
90
Which of the following types of social responsibilities is voluntary and guided purely by the organization's desire to make social contributions?
```
You Options:
A The bottom of the pyramid responsibility.
B Innovative responsibility.
C Ethical responsibility.
D Discretionary responsibility.
```
c
91
According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization's corporate social responsibility program?
```
You Options:
A Consumers.
B Activists.
C Suppliers.
D Investors.
```
b
92
An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?
You Options:
A Management sells the product division to a competitor.
B Management outsources the product division to a third party.
C Management allows the product division to remain unchanged.
D Management modifies the product division to minimize errors.
d
93
Which of the following best demonstrates the authority of the internal audit activity?
You Options:
A Suggesting alternatives to decision makers.
B Improving the integrity of information.
C Determining the scope of internal audit services.
D Achieving engagement objectives.
c
94
Which of the following is an example of collusion?
You Options:
A An employee includes a faked receipt in his expense claim, and the claim is signed by the employee's manager.
B A vendor inflates the price of an item and remits a portion of the excess to the purchasing manager.
C A vendor sends a duplicate invoice with a new invoice number, and the accounts payable system fails to detect the duplication.
D An employee works with the IT manager to develop a program for identifying duplicate invoice payments.
b
95
Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?
You Options:
A Requesting a private meeting with senior management, without the presence of the chief audit executive.
B Intervening during an audit involving ethical wrongdoing.
C Discussing periodic reports of ethical breaches.
D Authorizing an investigation of an unsafe product.
b
96
Which of the following factors have the greatest influence on the independence of the internal audit activity?
You Options:
A Quality assessments and cultural biases of the internal audit activity.
B Rotational assignments and familiarity of the internal audit activity.
C Employee incentives and self review of the internal audit activity.
D Organizational positioning and scope control of the internal audit activity.
d
97
According to COSO, which of the following describes a principle related to the control environment?
You Options:
A The organization identifies and assesses changes that could significantly impact the system of internal control.
B The organization establishes appropriate authorities and responsibilities in the pursuit of objectives.
C The organization selects and develops control activities that contribute to the mitigation of risks.
D The organization performs evaluations to ascertain whether internal control components are present and functioning.
b
98
A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?
You Options:
A Continuously monitor the organization's overall risk activities in relation to its risk appetite.
B Evaluate the adequacy and effectiveness of the organization's governance activities.
C Oversee the establishment and administration of an effective risk management program.
D Assist management in implementing recommended control improvements.
c
99
Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?
You Options:
A The internal audit activity has to ensure team members' objectivity is not impaired.
B Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.
C The scope and objective of the engagement is agreed upon based on the engagement client's needs.
D The internal audit activity must ensure management actions have been implemented effectively or risk accepted.
b
100
Which of the following is an example of a directive control?
```
You Options:
A Segregation of duties.
B Exception reports.
C Incentive compensation plans.
D Automated reconciliations.
```
c
101
According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization's social responsibility program is effective?
```
You Options:
A Senior management.
B Internal audit activity.
C All employees.
D Board of directors.
```
d
102
According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?
You Options:
A The services must be aligned with those defined in the internal audit charter.
B The services must not be performed by the same internal auditor who performed assurance services, in order to maintain objectivity.
C The services may preclude assurance services from the consulting engagement.
D The services impose no responsibility to communicate information other than to the engagement client.
b
103
Which of the following describes a key characteristic related to effective organizational communication?
You Options:
A Comprehensive supervisory and verification procedures.
B A well-designed system of internal controls.
C A culture of integrity and transparency.
D Unique operating environments with varying complexity.
b
104
Which of the following actions would be characterized as a preventive control to safeguard inventory from the risk of theft?
1. Locking doors and physically securing inventory items.
2. Independently observing the receipt of materials.
3. Conducting monthly inventory counts.
4. Requiring the use of employee ID badges at all times.
```
You Options:
A 1 and 3.
B 1 and 4.
C 2 and 3.
D 2 and 4.
```
b
105
Which of the following options is the most cost-effective and efficient way for internal auditors to keep current with the latest developments in the internal audit profession?
You Options:
A Attending annual professional conferences and seminars.
B Participating in on-the-job training in various departments of the organization.
C Pursuing as many professional certifications as possible.
D Maintaining membership in The HA and similar professional organizations and subscribing to relevant email updates or news feeds.
d
106
Which of the following statements is true with regard to conducting an effective quality assurance and improvement program?
You Options:
A The IIA's Quality Assessment Manual for the Internal Audit Activity must be used as the basis for periodic assessments.
B Members of the internal audit activity are not permitted to perform quality assessments, as they would not be independent.
C Periodic internal assessments provide the most current and independent recommendations for improvement.
D The conclusions of periodic internal assessments are intended to assist in achieving conformity to the Standards.
d
107
Which of the following scenarios best illustrates the principle of due professional care?
You Options:
A An internal auditor evaluates the significant risks arising from a consulting engagement.
B An internal auditor declares that he would have a conflict of interest in providing planned audit support.
C An internal auditor has been given sufficient authority to access documents needed to make an appraisal of an issue.
D An internal auditor uses technology-based audit techniques to ensure that all significant risks are identified.
a
108
Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?
You Options:
A Determine the organization's overall risk appetite.
B Establish a governance committee.
C Delegate authority to members of senior management.
D Identify key stakeholders and their expectations.
d
109
Which of the following is an example of a detective control?
```
You Options:
A Automatic shut-off valve.
B Auto-correct software functionality.
C Confirmation with suppliers and vendors.
D Safety instructions.
```
c
110
While preparing for an audit of senior management expenses, the chief audit executive (CAE) learns that management is unable to locate a number of original expense claims to support the related disbursements. She decides to defer the engagement until they can be located. Which of the following principles likely guided the CAE's decision?
```
You Options:
A Objectivity.
B Proficiency.
C Independence.
D Due professional care.
```
d
111
According to IIA guidance, which of the following should be included in the internal audit charter?
You Options:
A The minimum resources and competencies needed for the internal audit activity.
B Identification of the organizational units where engagements are to be performed.
C Organizational relationships and reporting lines.
D Assigned responsibilities for designing and implementing controls.
c
112
According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?
You Options:
A Internal assessments are conducted to benchmark the internal audit activity's performance against industry best practices.
B Internal assessments must be performed at least once every five years by a qualified assessor.
C An internal auditor may perform a peer review of a colleague's workpapers, as long as the auditor wasn't involved in the audit under review.
D Follow-up to ensure appropriate improvements are implemented is a recommended, but not mandatory, element of internal assessments.
c
113
An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?
```
You Options:
A Working conditions.
B Employees' families.
C Marketplace competition.
D Shareholders and investors.
```
b
114
Which of the following is true regarding the use of a formal risk management framework?
1. It facilitates a methodical approach to risk mitigation.
2. It defines and standardizes the terminology used in risk communication.
3. It establishes the risk tolerance levels to be accommodated in the strategy.
4. It facilitates the alignment of risk mitigation strategies with management priorities.
```
You Options:
A 1.2, and 3.
B 1,2, and 4.
C 1.3, and 4.
D 2. 3, and 4.
```
b
115
According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?
You Options:
A To enable Triple Bottom Line reporting capability.
B To facilitate the conduct of risk assessment.
C To achieve and maintain sustainable development.
D To fulfill regulatory and compliance requirements.
c
116
During an audit, the client questions the internal audit activity's authority to perform procedures over fraud allegations. According to HA guidance, which of the following would provide the most relevant support to respond to the client's concerns?
```
You Options:
A Definition of Internal Auditing.
B MA Standards.
C Internal audit charter.
D The IIA's Code of Ethics.
```
c
117
According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?
You Options:
A Internal auditors shall continually improve their proficiency and effectiveness and quality of their services.
B Internal auditors shall respect and contribute to legitimate and ethical objectives of the organization.
C Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.
D Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.
c
118
An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?
```
You Options:
A Bank statements.
B Customer confirmation letters.
C Copies of sales invoices.
D Copies of deposit slips.
```
d
119
The internal audit activity is planning a procurement audit and needs to obtain a thorough understanding of the subcontracting process, which can involve multiple individuals in multiple countries.
Which of the following internal audit tools would be most effective to document the process and the key controls?
```
You Options:
A Internal control checklist.
B Procurement employee survey.
C Cross-functional flow chart.
D Segregation of duties matrix.
```
c
120
Which of the following controls could an internal auditor reasonably conclude is effective by observing the physical controls of a large server room?
You Options:
A Adequate signs are in place to assist in locating safety equipment.
B Servers are secured individually to their racks by locks.
C Foam fire extinguishers are operable to protect against electrical fires.
D Swipe card access is required to gain access to the server room.
a
121
The chief audit executive (CAE) is planning to conduct an internal assessment of the internal audit activity (IAA). Part of this assessment will include benchmarking. According to IIA guidance, which of the following qualitative metrics would be appropriate for the CAE to use?
1. Average client customer satisfaction score for a given year.
2. Client survey comments on how to improve the IAA.
3. Auditor interviews once an audit has been completed.
4. Percentage of audits completed within 90 days.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 3 and 4.
```
c
122
An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?
```
You Options:
A Higher inventory turnover.
B Higher operating margin.
C Lower obsolete stock disposal.
D Lower sales volume.
```
d
123
An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?
You Options:
A Statistical sampling only
B Nonstatistical sampling only
C A combination of both statistical and nonstatistical sampling.
D Neither approach to testing the audit theory would be cost effective.
b
124
Which of the following is a weakness of observation as audit evidence?
You Options:
A It cannot be used to test the completeness assertion.
B It cannot be used to test the existence assertion.
C It cannot be used to test the occurrence assertion.
D It cannot be relied upon because the evidence is not persuasive.
a
125
Which of the following would not be considered part of preliminary survey of an engagement area?
```
You Options:
A Interviews with individuals affected by the entity.
B Functional walk through test.
C Analytical reviews.
D Sampling scope.
```
d
126
Which of the following is the most common method of fraud detection?
You Options:
A Analytical reviews of high-risk areas.
B Detective controls built into the daily processes.
C Unannounced audits or reviews of programs or departments.
D Tips received from employees or citizens.
d
127
Which of the following is the best way to detect fraud?
```
You Options:
A Conduct anti-fraud training.
B Perform background investigations.
C Implement process controls.
D Activate a whistleblower hotline.
```
d
128
In which of the following functions would fraud be most likely to occur?
```
You Options:
A Maintaining custody of inventory records.
B Collecting payments on accounts.
C Approving changes to employee records.
D Preparing customer statements.
```
b
129
When developing the organization's first risk universe, which of the following would the chief audit executive be least likely to consider?
You Options:
A The amount of risk that an organization is willing to seek or accept.
B The extent and degree of interdependency for identified key risks.
C The boundaries established to manage the amount of risk taken.
D The exposure to risks following management's risk responses.
d
130
According to COSO, which of the following is not considered one of the components of an organization's internal environment?
You Options:
A Authority and responsibility to resolve issues.
B Framework to plan, execute and monitor activities.
C Integrated responses to multiple risks.
D Knowledge and skills needed to perform activities.
c
131
Which of the following is most likely to function as a directive control?
```
You Options:
A Security dogs.
B Alert employees.
C Insurance claims.
D Cycle counts.
```
b
132
An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?
```
You Options:
A Preventive controls.
B Detective controls.
C Soft controls.
D Directive controls.
```
a
133
According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?
You Options:
A The training courses necessary to enhance the internal auditor's knowledge, skills, and other competencies.
B The appropriateness of assurance procedures necessary to ensure all significant risks will be identified.
C The use of innovative technology and data analysis techniques.
D The extent of work needed to achieve the engagement's objectives.
d
134
According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?
1. The complexity of the work required.
2. The needs and expectations of the client.
3. The potential value of the engagement compared to the effort.
4. Information regarding assumptions and procedures to be employed.
```
You Options:
A 1 and 4 only
B 2 and 3 only
C 1, 2, and 3 only
D 1, 2, 3, and 4
```
c
135
Internal auditors must exercise due professional care by considering which of the following?
1. Cost of assurance in relation to potential benefits.
2. Adequacy and effectiveness of governance, risk management, and control processes.
3. Management's competency level in the area being evaluated.
4. Probability of significant errors, fraud, or noncompliance.
```
You Options:
A 1 and 2 only
B 1, 2, and 3 only
C 1, 2, and 4 only
D 2, 3, and 4 only
```
c
136
Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?
1. Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.
2. Experience of the engineer in the type of work being considered.
3. Compensation or other incentives that the engineer may receive.
4. The extent of other ongoing services that the engineer may be performing for the organization.
```
You Options:
A 1 and 4 only
B 2 and 3 only
C 3 and 4 only
D 1, 2, and 4 only
```
d
137
According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?
You Options:
A An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.
B An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.
C An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.
D An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.
c
138
A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director's independence?
You Options:
A Preparing the financial statements for the company's defined contribution plan.
B Performing a pre-implementation review of the company's payroll application.
C Providing the COBIT framework as a possible IT management tool.
D Reviewing the company's policy for foreign currency translation adjustments for compliance with accounting standards.
a
139
A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?
You Options:
A She may participate, but only after she has completed one year with the IAA.
B She may participate, because she did not previously work in the Human Resources Department.
C She may participate, but she must be supervised by the auditor in charge.
D She may participate for training purposes, to build her knowledge of the IAA.
b
140
An internal audit charter should do which of the following?
You Options:
A Outline the schedule of future audits.
B Define the scope of internal audit activities.
C Establish the size of the internal audit activity.
D Communicate the internal audit activity's goals.
b
141
Which of the following are core responsibilities to be included in the internal audit charter?
1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
2. Determine the adequacy and effectiveness of the organization's systems of internal accounting and operating controls.
3. Participate in the planning and performance of audits of potential acquisitions with the organization's outside accountants and other members of the corporate staff.
4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.
```
You Options:
A 1 and 2.
B 1 and 4.
C 2 and 3.
D 2 and 4.
```
a
142
An assurance mapping exercise helps an organization do which of the following?
1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.
2. Fulfill best practices in the industry.
3. Identify and address any gaps in the risk management process.
4. Identify fraud.
```
You Options:
A 1 and 4.
B 1 and 3.
C 2 and 3.
D 3 and 4.
```
b
143
According to IIA guidance, which of the following statements about working papers is false?
You Options:
A They assist in the implementation of recommendations.
B They provide support for communication to third parties.
C They demonstrate compliance with auditing standards.
D They contribute to development of the internal audit staff.
a
144
An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?
```
You Options:
A Condition section.
B Criteria section.
C Effect section.
D Cause section.
```
c
145
An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result, the auditor assumes that approximately 59 of the total population of 492 entries are incorrect. To reach this assumption, the auditor has used a technique known as which of the following?
```
You Options:
A Variability tolerance.
B Ratio estimation.
C Stratification.
D Acceptance sampling.
```
b
146
Click the Exhibit.
Internal auditors are asked to keep track of how many hours per day they spend planning the audit, conducting the engagement, and writing the audit report. The data for two days has been collected as follows:
Day 1
Day 2
Planning the audit
2 hours
3 hours
Conducting the engagement
1 hour
1 hour
Writing the audit report
2 hours
4 hours
Which of the following graphs depicts the data accurately?
```
You Options:
A Graph A only
B Graph B only
C Both A and B.
D Neither A nor B.
```
c
147
Non-statistical sampling does not require which of the following?
You Options:
A The sample to be representative of the population.
B The sample to be selected haphazardly.
C A smaller sample size than if selected using statistical sampling.
D Projecting the results to the population.
c
148
According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?
1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 4.
D 3 and 4.
```
a
149
Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?
1. To understand better the activity and processes that will be audited.
2. To identify the audit procedures that will be used during the engagement.
3. To ensure that matters of greatest vulnerability will be addressed.
4. To use the information obtained as evidence in the current engagement.
```
You Options:
A 4 only
B 1 and 3 only
C 1 and 4 only
D 2, 3, and 4 only
```
b
150
Which of the following is a common type of payroll fraud?
```
You Options:
A Unauthorized overtime.
B Fictitious employees.
C Unearned bonuses or commissions.
D Skimming.
```
b
151
Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?
1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.
```
You Options:
A 1 and 2 only
B 3 and 4 only
C 1, 2, and 4 only
D 1, 2, 3, and 4
```
b
152
Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?
```
You Options:
A $11, 250
B $25, 000
C $33, 750
D $45, 000
```
a
153
According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?
```
You Options:
A Assessing the risk factors.
B Aligning risk appetite and strategy.
C Enhancing risk response decisions.
D Reducing operational surprises and losses.
```
a
154
Which of the following is not an objective of internal control?
```
You Options:
A Compliance.
B Accuracy.
C Efficiency.
D Validation.
```
d
155
A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?
You Options:
A Require the physician to submit a signed statement attesting that the treatments had been performed.
B Send confirmations to the physicians, requesting them to verify the exact nature of the claims submitted to the insurance provider.
C Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.
D Use computer software to identify abnormal claims based on the insured's age and medical history.
d
156
According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?
You Options:
A The audit committee and senior management.
B The audit committee and the external auditors.
C Senior management and management of the audited area.
D Senior management and the external auditors.
a
157
According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?
1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.
2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.
3. The application of technology-based audit and other data analysis techniques, where appropriate.
4. The relative complexity and extent of work needed to achieve the engagement's objectives.
```
You Options:
A 1, 2, and 3
B 1, 2, and 4
C 1, 3, and 4
D 2, 3, and 4
```
b
158
According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?
You Options:
A Management principles.
B Computerized information systems.
C Internal audit standards, procedures, and techniques.
D Fundamentals of accounting, economics, and finance.
c
159
A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?
You Options:
A Postpone the audit until the CAE hires internal audit staff with the required knowledge.
B Ask the audit committee to decide the course of action.
C Select the most experienced auditors in the department to perform the engagement.
D Hire consultants who possess the required knowledge to perform the engagement.
d
160
Which of the following statements describes impairment to the internal auditor's objectivity?
You Options:
A An internal auditor reviews a purchasing agent's contract drafts prior to their execution.
B An internal auditor reduces the scope of an audit engagement due to budget restrictions.
C An internal auditor receives a promotional gift that is available to the organization's employees.
D An internal auditor performs an assessment of the operations for which he was recently responsible.
d
161
Which of the following enhances the independence of the internal audit activity?
You Options:
A The chief audit executive (CAE) approves the annual internal audit plan.
B The CAE administratively reports to the board.
C The audit committee approves the CAE's annual salary increase.
D The chief executive officer approves the internal audit charter.
c
162
Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.
```
You Options:
A 3 only
B 1 and 2 only
C 2 and 3 only
D 1, 2, and 3
```
c
163
An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?
You Options:
A Replace the auditor with another audit staff member.
B Continue with the present auditor, as more than one year has passed.
C Withdraw the audit team and outsource the financial audit of the division.
D Work with the division's management to resolve the situation.
a
164
Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?
1. Reappraising risks levels.
2. Providing accurate information to management.
3. Marketing the internal audit activity.
4. Planning safeguards for assets in high-risk areas.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 3 and 4.
```
b
165
Which of the following statements is true regarding assurance services provided to clients outside of the organization?
You Options:
A Assurance services for outside clients are not covered under the internal audit charter.
B Assurance services for outside clients must be approved on a case-by-case basis by the board of directors.
C The nature of assurance services for outside clients should be defined in the internal audit charter.
D The nature of assurance services for outside clients is the same as for internal clients.
c
166
Which of the following is an activity that an internal auditor must not perform?
You Options:
A Establish and provide continuing assurance on an anti-money laundering program for new hires.
B Survey employees for their understanding of anti-money laundering practices.
C Provide assurance for the effectiveness of anti-money laundering training.
D Assess the risk of being fined for ineffective anti-money laundering practices.
a
167
An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management.
Which of the following correctly identifies the type of evidence this information represents?
You Options:
A Competent, corroborative evidence of future working capital requirements.
B Sufficient, analytical evidence of the cash flow position at a given point of time in the future.
C Competent, documentary evidence of future cash flow changes within the organization.
D Sufficient, circumstantial evidence of the future solvency of the organization.
c
168
According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?
You Options:
A Rating each engagement record to assess its relevance and accessibility for the organization's board.
B Controlling access to engagement records, including access by senior management.
C Developing retention requirements for engagement records that are consistent with organizational guidelines.
D Forming policies governing the custody and retention of consulting engagement records before their release to other parties.
a
169
The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?
You Options:
A The CAE's work may be reviewed by any other experienced staff member within the IAA.
B The CAE's work should be reviewed by an individual with the appropriate background and knowledge.
C The CAE may self-review his work, provided he discloses this practice in the final report.
D The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.
b
170
Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?
1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.
```
You Options:
A 1 and 4
B 2 and 3 only
C 1, 2, and 3
D 2, 3, and 4
```
d
171
An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?
You Options:
A The auditor should accept the calculations generated by the function, as any further work or documentation would be inefficient.
B The auditor should perform a manual recalculation of several results to validate and document the results.
C The auditor should review the programming of the macro before its use to ensure that it is appropriate for the required calculations.
D The auditor should tabulate the results in the spreadsheet to ensure the macro has generated the correct results for all calculations.
b
172
While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?
1. Ensure all tests use a random sampling technique.
2. Consider a judgmental approach for the sample size.
3. Assess testing errors through root cause analysis.
4. Ensure that the entire data set is tested.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 2 and 4.
```
c
173
Which of the following techniques would provide the most compelling evidence that a safety hazard exists within a manufacturing facility?
You Options:
A Observation of the facility during operations.
B Questioning of facility management, including the facility safety officer.
C Analysis of facility operating reports, focusing on instances when breakdowns occurred.
D Review of records involving safety violations, filed by facility production employees.
a
174
Which of the following combinations of conditions is most likely a red flag for fraud?
You Options:
A The practice of surprise audits and the implementation of an employee support program.
B Hiring an employee with a prior fraud conviction and yearly management review.
C Occasional accounting department overrides and discontinuation of the anonymous fraud hotline due to infrequent use.
D A veteran employee in upper management experiencing financial difficulties and recently implemented enhanced controls.
c
175
When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?
1. Subsequent change orders increase requirements for low-bid items.
2. Material contract requirements are different on the actual contract than on the request for bids.
3. A high percentage of employees are charged to indirect accounts.
4. Losing bidders are hired as subcontractors.
```
You Options:
A 1 only
B 2 only
C 1 and 3.
D 2 and 4.
```
d
176
Which of the following best describes the misdirection of payments on accounts receivable to an employee's bank account?
```
You Options:
A Fraud open on the books.
B Fraud hidden on the books.
C Fraud off the books.
D Fraud on the balance sheet.
```
c
177
An organization invests its savings in a volatile stock with the potential for high gains rather than a mutual fund with a lower expected return and lower volatility. This best describes which of the following risk concepts?
```
You Options:
A Risk identification.
B Risk appetite.
C Risk capacity.
D Risk tolerance.
```
d
178
An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?
You Options:
A Management will be able to reduce inherent risk because they will have a better understanding of risk.
B Internal auditors will be able to reduce their sample sizes because controls will be more consistent.
C Stakeholders will have more assurance that the risks are assessed consistently.
D Decision makers will understand that the likelihood of missing or ineffective controls will be reduced.
c
179
Which segregation of duties would best reduce the risk of payroll fraud?
You Options:
A Human resources personnel add employees, and payroll personnel process hours and enter employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.
B Human resources personnel add employees, payroll personnel process hours, and human resources personnel deliver paychecks to employees.
C Human resources personnel add employees, review and submit payroll hours to the payroll department for processing, and deliver paychecks to employees.
D Human resources personnel add employees and enter employee bank information. Payroll personnel process hours, and paychecks are automatically deposited in the employee's bank account.
a
180
A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.
```
You Options:
A 1 and 2.
B 1 and 4.
C 2 and 3.
D 3 and 4.
```
a
181
Which two of the following are preventive controls in a check disbursement process?
1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un-reconciled items.
2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.
3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.
4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.
```
You Options:
A 1 and 3.
B 1 and 4.
C 2 and 3.
D 2 and 4.
```
d
182
A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?
```
You Options:
A Logic test.
B Check digits.
C Data integrity tests.
D Balancing control activities.
```
a
183
An internal audit team is performing an audit of workplace accident claims.
Which of the following actions by the audit team best demonstrates due professional care?
You Options:
A Having an occupational health officer on the engagement team.
B Determining that the claims have been classified properly.
C Placing reliance on medical reports from the injured worker's doctor.
D Reviewing claims to ensure all accidents actually occurred in the workplace.
a
184
Which of the following actions should an internal auditor take to exercise due professional care?
1. Consider the probability of significant noncompliance in each audit engagement.
2. Weigh the cost of assurance against the benefits.
3. Perform assurance procedures with sufficient care to ensure that all risks are identified.
```
You Options:
A 1 and 2 only
B 1 and 3 only
C 2 and 3 only
D 1, 2, and 3
```
a
185
Which of the following is not one of the 10 core competencies identified in the IIA Competency Framework?
```
You Options:
A Governance, risk, and control.
B Performance management.
C Business acumen.
D Internal audit delivery.
```
b
186
The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The audit committee requests an assessment of regulatory compliance. According to IIA guidance, which of the following is the CAE's best course of action?
You Options:
A Have a proficient internal audit staff member perform the assessment and disclose the impairment in the audit report and to the board.
B Have a regulatory compliance staff member perform a self-assessment, to be reviewed by a proficient internal auditor.
C Have a proficient internal audit staff member perform the audit and report the results of the assessment directly to senior management and the board.
D Contract with a third-party entity or external auditor to complete the assessment and report the results to senior management and the board.
d
187
A chief audit executive (CAE) learns that the brother-in-law of a senior auditor who audits the procurement process was hired as the head of the procurement department six months prior. Which of the following is the most appropriate action for the CAE to take?
You Options:
A The CAE should not interfere because there is no evidence that a conflict of interest has occurred.
B The CAE should remind the senior auditor of his obligation to be objective and impartial.
C The CAE should change the senior auditor's assignment and take corrective action for the auditor's failure to disclose the conflict of interest.
D The CAE should require the senior auditor to disclose the relationship in writing before continuing his responsibility for monitoring procurement.
c
188
Which the following activities should be performed by the internal audit activity to facilitate an effective relationship with the audit committee?
1. Periodically report about the accounting standards followed by the organization.
2. Provide assurance to the audit committee that its charter, activities, and processes are appropriate.
3. Ensure that the role and activities of the internal audit activity are clearly understood and responsive to the needs of the audit committee.
4. Maintain open and effective communications with the audit committee.
```
You Options:
A 1 and 2 only
B 3 and 4 only
C 1, 3, and 4 only
D 2, 3, and 4 only
```
d
189
An internal audit charter describes the mission and scope of the internal audit activity (IAA), responsibilities of the IAA, accountability of the chief audit executive, independence of the IAA, and standards followed by the IAA. Which of the following also should be included in the charter?
You Options:
A The purpose of the IAA.
B The IAA's right to have unrestricted access to functions, records, personnel, and physical property.
C A detailed audit plan or program for the year.
D The job specifications and descriptions of the internal audit staff.
b
190
Which of the following best ensures an internal audit activity has the ability to render impartial and unbiased assessments?
```
You Options:
A Organizational status and objectivity.
B Supervision of the chief audit executive (CAE) by senior management.
C Organizational knowledge and skills.
D CAE certification.
```
a
191
Why is a code of ethics for the internal audit profession necessary?
You Options:
A It ensures that all members of the profession possess the same level of competence.
B It provides auditors with protection from lawsuits.
C It guides internal auditors in their service to others.
D It requires auditors to exhibit loyalty to their organizations.
c
192
Which of the following statements best explains why internal auditors map processes?
1. To obtain audit evidence to support auditor's observations.
2. To determine scope and objectives of the audit.
3. To facilitate the identification of ownership and responsibility for key risks.
4. To identify potential efficiency improvements.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 4.
D 3 and 4.
```
d
193
An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.
```
You Options:
A 1 and 2.
B 1 and 3.
C 2 and 3.
D 3 and 4.
```
c
194
An internal auditor makes a series of observations when performing an analytical review of division operations. The auditor notes the following things: the current ratio is increasing and the quick ratio is decreasing, sales and current liabilities have remained constant, and the number of day sales in inventory is increasing. Which conclusion should the auditor draw from this data?
You Options:
A Cash or accounts receivable has decreased.
B The gross margin has decreased.
C The division produced fewer items this year than in prior years.
D The gross margin has increased.
a
195
Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?
```
You Options:
A Analytical review.
B Inquiry.
C Document verification.
D Observation.
```
a
196
Which of the following would provide the best evidence of errors in the quantities of items received from suppliers?
You Options:
A Suppliers' reports of over shipments.
B Warehouse receiving logs.
C Purchase requisitions and purchase orders.
D Observation and inspection of inventory.
b
197
According to IIA guidance, which of the following objectives of an assurance engagement for the organization's risk management process is valid?
You Options:
A All risks have been identified and mitigated.
B Risks have been accurately analyzed and evaluated.
C All controls are both adequate and efficient.
D The board is appropriately addressing intolerable risks.
b
198
Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?
You Options:
A They serve as a reminder of what controls should exist in a process.
B They require yes/no responses to specific questions, not open-ended responses.
C They do not capture all controls that may exist.
D They are useful in assessing risk.
c
199
Which of the following would not be a red flag for fraud?
You Options:
A Several recent, large expenditures to a new vendor have not been documented.
B A manager has bragged about multiple extravagant vacations taken within the last year, which are excessive relative to the manager's salary.
C A weak control environment has been accepted by management to encourage creativity.
D New employees occasionally fail to meet established project deadlines due to staffing shortages.
d
200
Which of the following conditions is the most likely indicator of fraud?
You Options:
A Commissions are paid based on verified increases to sales.
B Departmental reports are consistently issued in an untimely manner.
C A manager regularly assumes subordinates' duties.
D Lower earnings occur during the industry's down cycle.
c
201
An accounts receivable clerk receives cash payments, posts the payments to customer accounts, and prepares the daily cash deposit.
The clerk has been stealing some cash and manipulating the customer payments to hide the theft.
This fraud could be detected with which of the following controls?
You Options:
A Monthly bank reconciliations are performed by the clerk on a timely basis.
B Total cash deposits for the month are reconciled to the cash receipts journal.
C Names, amounts, and dates on remittance advices are reconciled with the names, amounts, and dates recorded in the cash receipts journal.
D Total cash deposits are compared with the bank reconciliation.
c
202
Which of the following is a second line of defense in effective risk management and control?
```
You Options:
A Purchasing department.
B Compliance department.
C Credit department.
D Internal audit department.
```
b
203
Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?
You Options:
A Evaluating risk management processes.
B Recommending accountability for risk management.
C Providing assurance that risks are evaluated correctly.
D Supporting managers to identify ways to mitigate risks.
b
204
Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?
You Options:
A Hire a risk consultant.
B Implement a hedging strategy.
C Maintain a large foreign currency balance.
D Insist that customers only pay in a stable currency.
b
205
While reviewing first quarter sales transactions, an internal auditor discovered that 10 invoices for a new customer had not been posted into the accounts receivable subsidiary ledger. Those 10 invoices were listed in an error report automatically generated by the sales processing system. The system had rejected the invoices because the customer's account number was not found in the customer master file. In this scenario, which of the following controls was lacking?
```
You Options:
A Corrective control.
B Preventive control.
C Detective control.
D Directive control.
```
a
206
Which of the following statements describes a control failure that is not directly attributable to a customer billing application?
1. End users have raised a number of concerns regarding data integrity.
2. An untested program change is transferred from the test environment to production.
3. Purchase history does not reconcile with accounts receivable for some customers.
4. End user security is inadvertently granted to an unauthorized individual by management.
```
You Options:
A 1 and 3.
B 1 and 4.
C 2 and 3.
D 2 and 4.
```
d
207
The last quality assessment of the internal audit activity identified three areas for improvement: the achievement of audit engagement objectives, quality of work, and staff development. According to IIA guidance, which of the following should be the chief audit executive's primary focus to achieve these recommended improvements?
```
You Options:
A Demonstrated compliance with procedures.
B Due professional care.
C Engagement supervision.
D Employment of tools and techniques.
```
c
208
While reviewing the workpapers of a new auditor, the auditor in charge discovered that additional audit procedures might be necessary. According to IIA guidance, which of the following would be most relevant for the auditor in charge to consider when making this decision?
```
You Options:
A Resource management.
B Coordination.
C Due professional care.
D Engagement supervision.
```
c
209
When an internal auditor applies due professional care to perform an assurance engagement, which of the following must she consider?
1. Findings of the last audit engagement performed.
2. Probability of significant errors, irregularities, or noncompliance.
3. Extent of work needed to achieve engagement objectives.
4. Cost of the engagement versus the potential benefits.
```
You Options:
A 1 and 4 only
B 2 and 3 only
C 2, 3, and 4 only
D 1, 2, 3, and 4
```
c
210
Management has asked the chief audit executive (CAE) to provide assurance on the organization's automated control system related to financial data. The current audit staff does not have the expertise needed to conduct this type of engagement. Which of the following would be the best response by the CAE?
You Options:
A Accept the assignment and use control self-assessment to complete the project.
B Do not accept the assignment because the internal audit activity lacks the competency to perform the engagement with due professional care.
C Accept the assignment and use an external provider with the necessary knowledge and skills to perform the engagement.
D Accept the assignment if the engagement is included in the current audit plan, but inform senior management that the current audit staff does not have the knowledge and skills required.
c
211
Which of the following is not an appropriate activity for internal auditors to perform?
You Options:
A Recommend management seek a consulting firm to advise on outsourcing.
B Highlight matters that require management's attention.
C Implement solutions for specific organizational problems.
D Accumulate data, obtain varying views, and report information to senior management.
c
212
A government agency's policy states that board members' travel and hospitality expenses must be audited annually. Which of following people or groups is most appropriate to perform this audit?
```
You Options:
A The government's independent auditor.
B The external auditors from an accounting firm.
C The internal audit activity.
D The agency's chief compliance officer.
```
a
213
Which of the following does not need to be defined in the internal audit charter?
You Options:
A The audit engagements to be performed during the upcoming year.
B The internal audit activity's position within the organization.
C The scope of internal audit activities.
D Management and the board of directors' agreement regarding the roles and responsibilities of the internal audit activity.
a
214
According to IIA guidance, which of the following statements regarding the internal audit charter is true?
You Options:
A Senior management should approve the charter before it is submitted to the board.
B The charter should describe the purpose and authority of the internal audit activity, consistent with the Standards.
C The charter should define the consulting services that the internal audit activity is permitted to perform.
D The CEO periodically should assess whether the terms of the charter continue to be adequate.
a
215
The director of purchasing, a certified internal auditor (CIA), signs a contract to procure a large order from a supplier whose products provide the best price, quality, and performance. A few days after signing the contract, the supplier presents the CIA with $1, 000 as a gift. Which statement regarding acceptance of the money is correct?
You Options:
A Accepting the money would be prohibited only if it were non-customary.
B Accepting the money would violate the IIA Code of Ethics.
C Because the CIA is not acting as an internal auditor, accepting the money would be governed only by the organization's code of conduct.
D Because the contract was signed before the money was offered, accepting the money would not violate the IIA Code of Ethics.
b
216
The audit committee is concerned that the small size of the internal audit activity (IAA) makes it impractical to achieve full conformance with the Standards. To address this concern, which of the following actions is most appropriate for the CAE to take?
You Options:
A The CAE should agree with the audit committee and implement only those standards appropriate to the size of the IAA.
B The CAE should request the audit committee to review the Standards to identify specifically which are creating the greatest concern.
C The CAE should seek sufficient funding to increase audit resources to meet the minimum requirements of the Standards.
D The CAE should explain that conformance with the Standards is essential and not dependent upon the size of the IAA.
d
217
An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization's mission. Which of the following pieces of evidence would be sufficient for completing this task?
You Options:
A A log from the last year that includes dates of travel, conference titles, and conference objectives, all of which correspond with employee names and costs per trip.
B A log that includes titles of conferences that all employees were invited to attend in the last year, along with the dates of those conferences and average costs per traveler.
C A log of conferences titles, dates of travel for each employee, and a detailed summary of conference objectives and how they relate to the organization's mission needs.
D A log of employee travel requests, which include the title of each conference, the conference objectives, anticipated dates of travel, and estimated costs.
a
218
An internal auditor would like to identify the involvement of various organizational units in handling employee travel reimbursement claims. Which of the following methods would be most effective and efficient in completing this task?
```
You Options:
A Process mapping.
B Interviewing.
C Monitoring.
D Distributing questionnaires.
```
a
219
The internal audit supervisor is reviewing the workpapers prepared by the staff. According to the Standards, which of the following statements regarding workpaper supervision is not true?
You Options:
A Review notes of questions that arise during the review process must be retained.
B Dating and initialing each workpaper provides evidence of review.
C Workpaper review allows for staff training and development.
D Workpapers may be amended during the review process.
a
220
Which of the following audit techniques is used to evaluate control design while also embodying auditing's analytical process?
```
You Options:
A A risk and control matrix.
B A flowchart.
C A walk-through.
D A process narrative.
```
a
221
According to the Standards, which of the following best describes why initial audit test results should be reported to the auditor-in-charge prior to advising management?
You Options:
A It increases the likelihood of obtaining the audit client's agreement with the results.
B It ensures that an appropriate chain of evidence is maintained through the workpapers.
C It helps ensure that appropriate professional judgments and conclusions are made.
D It is required to demonstrate that effective engagement supervision has occurred.
c
222
During an engagement, an internal auditor decided to use variance analysis as an auditing techniques. Which of the following steps should the auditor pursue if he discovers unexpected deviations of actual results from budget?
You Options:
A Report the deviations immediately to the audit committee.
B Gather additional information to determine the cause of the deviations.
C Conclude that the budget was unreasonably set and accept the deviations.
D Perform alternative forms of analytical procedures which provide no deviations.
b
223
When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:
You Options:
A Obtain specific answers and maximize efficiency.
B Gather factual data on several different topics.
C Determine agreement or disagreement with a stated viewpoint.
D Obtain information based on the person's own perspective.
d
224
Which of the following techniques would best assist an internal auditor in evaluating the efficiency of a wholesale grocery distributor`s process to fill and package orders for shipping?
You Options:
A A Bedford analysis of orders filled to average delivery times.
B Decision trees rating actual performance against requirements.
C Queuing theory to assess potential bottlenecks in the process.
D A program evaluation and review technique chart.
c
225
Which of the following would most likely be considered a red flag for fraud?
You Options:
A An organization lacks a whistleblower hotline for reporting suspicious activity.
B A senior manager has been delegating the authority to sign-off on small dollar amount purchases to a subordinate.
C An employee in charge of payroll disbursements has rotated these duties with several colleagues.
D An employee with significant personal debt is in charge of handling large wire transfers for the organization.
d
226
Which of the following risk management activities is most appropriate for an internal auditor to undertake?
```
You Options:
A Impose risk management processes.
B Coordinate risk management activities.
C Implement risk responses on management's behalf.
D Review the management of key risks.
```
d
227
Which of the following best describes the assessment of risks?
You Options:
A Assess the actions necessary to reduce the likelihood and/or impact of risk to tolerable levels.
B Assess the likelihood and/or impact of risk on the achievement of organizational objectives.
C Assess the amount of risk an organization can accept while pursuing its objectives.
D Assess alternative strategies to reduce or eliminate major risks.
b
228
According to IIA guidance, which of the following statements is true?
You Options:
A Risks in IT processes are best mitigated by individual controls.
B The overall focus of the framework is on significant controls in all critical IT applications.
C IT risks and related controls are operational and best identified using a bottom-up approach.
D Control process risks are found at multiple layers of the IT environment.
d
229
An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?
You Options:
A Apply antivirus and patch management software.
B Utilize dedicated and encrypted network connections.
C Install a software inventory management application.
D Utilize secure socket layer encryption.
c
230
Which of the following is a preventive control?
You Options:
A Creating an audit trail.
B Placing controls on physical access to inventory.
C Reconciling purchase orders with approvals.
D Reviewing expense accounts for irregularities.
b
231
Which of the following is an example of a transaction-level control?
```
You Options:
A Human resource policies.
B Tone at the top.
C Reconciliations of primary accounts.
D Inventory counts.
```
c
232
According to IIA guidance, which of the following best describes processes and tools typically used in ongoing internal assessments?
You Options:
A Benchmarking of the internal audit activity's practices and performance.
B Report of internal assessment results, response plans, and outcomes.
C Analysis of performance metrics such as cycle times.
D Self-assessments and surveys of stakeholder groups.
c
233
According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?
You Options:
A Continuing professional education can be obtained through IAA involvement in research projects.
B Employers are responsible for ensuring that the continuing professional education needs of the IAA are met.
C Completion of self-study courses fulfills IAA continuing professional education requirements.
D Specialized education that meets unique organizational needs cannot qualify as IAA professional development.
b
234
According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?
You Options:
A The relative complexity, materiality, or significance of matters to which assurance procedures are applied.
B The extent of assurance services necessary to ensure that all risks are identified.
C The cost of providing the assurance services in relation to potential benefits.
D The probability of significant errors, irregularities or instances of noncompliance.
b
235
Which of the following decisions made during the testing phase of a compliance audit requires the most judgment by an internal auditor?
You Options:
A Which sampling methodology to select for testing.
B Which fields to examine on each invoice.
C Whether an individual expenditure is allowable.
D What level of noncompliance is acceptable.
d
236
A candidate has applied for an entry level internal audit position. The candidate holds a CISA (Certified Information Systems Auditor) designation, and has six months of audit experience, but limited knowledge of accounting principles and techniques. According to the IIA guidance, which of the following is the most relevant reason for the chief audit executive to consider this candidate?
You Options:
A Other internal auditors possess sufficient knowledge of accounting principles and techniques.
B The candidate's information systems knowledge and real-world experience in internal auditing.
C Accounting skills can be learned over time with appropriate training.
D An entry level position does not require expertise in any particular area.
b
237
This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline.
Which of the following would be the best course of action for the CAE to take?
You Options:
A Continue with the engagement in order to meet the regulatory deadline, but highlight areas in the final report that might need to be revised in the future.
B Ask that a senior member of the organization's IT department with the required systems expertise join the audit team to assist in completing the engagement.
C Delay the engagement and inform the board of the situation, asking them to provide acceptable alternatives for completing the engagement.
D Remove the planned engagement from the audit plan and explain to senior management the problems with moving forward without an auditor with the necessary expertise.
c
238
If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?
You Options:
A Terminate the audit engagement in full because an operational audit will not be productive without the client's cooperation.
B Terminate only the specific action or process with which the client disagrees and work to determine a substitute function that will not impede further IAA or the client-audit relationship.
C Refer the client to the IAA's charter and the approved yearly audit plan, which includes the areas designated for audit in the current time period.
D Seek the approval of senior management or the board in mediation, allowing an overseer to clarify the scope of the audit engagement for the client.
c
239
What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?
You Options:
A Diversifying the risk that network access will not be available to legitimate, authorized users.
B Accepting the risk that there may be attempts at unauthorized access to the network.
C Avoiding the risk of having a direct network connection to un-trusted networks.
D Sharing the risk that either firewall could be compromised by hackers.
a
240
An internal auditor finds during an engagement that payment for the organization's general insurance policy is two months overdue. The issue is informally mentioned to the finance department which immediately submits the invoice for payment. The auditor decides to exclude this finding from the final audit report as the oversight was immediately corrected and there were no consequences because of this late payment.
Which of the following rules of conduct as described in the IIA Code of Ethics, did the auditor fail to uphold?
```
You Options:
A Confidentiality.
B Objectivity.
C Integrity.
D Competency.
```
b
241
According to the IIA guidance, who is responsible for periodically assessing the internal audit activity?
```
You Options:
A The board.
B The chief audit executive.
C Senior management.
D The external auditors.
```
b
242
Allegations have been made that an organization's share price has been manipulated.
Which of the following would provide an internal auditor with the most objective evidence in this case?
```
You Options:
A Major shareholders of the organization.
B Large customers of the organization.
C Former members of management.
D Former financial consultants.
```
d
243
Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?
You Options:
A The CAE initials and dates every working paper after it has been reviewed.
B The CAE completes an engagement working paper checklist.
C The CAE prepares a memorandum discussing the results of the working paper review.
D The CAE utilizes an external third party to make an objective recommendation after each working paper review.
d
244
During an account receivables audit, an internal auditor found a significant number of input errors resulting in a $500, 000 balance understatement.
Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?
```
You Options:
A Who?
B How?
C Why?
D When?
```
c
245
When internal auditors are preparing workpapers for the testing stage of an engagement, which of the following guidelines should be observed?
1. Include copies of all client files that were reviewed for the audit.
2. Avoid the use of professional, industry-appropriate jargon and technical terms.
3. Indicate the original sources of all data and information used in the workpapers.
4. Leave blank space for cross-references to be completed during the post-audit process.
```
You Options:
A 1 and 2 only
B 1 and 4 only
C 2 and 3 only
D 3 and 4 only
```
c
246
During an internal audit, the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole.
This is an example of which of the following analytical auditing procedures?
```
You Options:
A Reasonableness test.
B Regression analysis.
C Benchmarking.
D Trend analysis.
```
c
247
Which of the following statements is true regarding the use of non-statistical sampling in auditing control tests?
You Options:
A It considers tolerable deviation rate more effectively than does statistical sampling.
B Sampling risk will be accurately quantified through non-statistical sampling.
C Non-statistical sample results must be projected to the population.
D Lesser evidence is required to support a conclusion than for statistical sampling.
c
248
During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.
Which of the following tests would best help the internal auditor detect fraudulent activity?
```
You Options:
A Check inventory levels.
B Search for gaps in check numbers.
C Compare vendor summaries.
D Review raw material purchase quantities.
```
a
249
An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization.
Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?
You Options:
A The periodic rotation of procurement officers' assignments to supplier accounts.
B A pre-award financial capacity analysis of suppliers.
C An automated computer report, organized by supplier, of any invoices for the same amount.
D Periodic inventories of kiln-dried wood at the organization's warehouse.
a
250
Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?
```
You Options:
A Strategic objectives.
B Operational objectives.
C Reporting objectives.
D Compliance objectives.
```
b
251
According to IIA guidance, which of the following is the best example of a system application control?
You Options:
A A physical security control over a data center.
B A system development life cycle control.
C A program change management control.
D An input control over data integrity.
d
252
Which of the following are components of the COSO enterprise risk management framework?
1. Objective setting.
2. External environment.
3. Data collection.
4. Control activities.
```
You Options:
A 1 and 3 only
B 1 and 4 only
C 2 and 3 only
D 2 and 4 only
```
b
253
Which of the following would be considered a preventive control?
```
You Options:
A A library control log.
B A review of exception reports.
C A password lock on a server.
D A software scan of financial records for irregularities.
```
c
254
Why are preventative controls generally preferred to detective controls?
You Options:
A Because preventive controls promote doing the right thing in the first place, and lessen the need for corrective action.
B Because preventive controls are more sensitive and identify more exceptions than detective controls.
C Because preventive controls include output procedures, which cover the full range of possible reviews, reconciliations and analysis.
D Because preventive controls identify exceptions after-the-fact, allowing them to be used after the entire review is complete and therefore finding exceptions that detective controls may have missed.
a
255
The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?
You Options:
A 'Completed with the advance certification of the External Assessors Association for Auditing Review.'
B 'Conforms with the International Standards for the Professional Practice of Internal Auditing.'
C 'Certified 100% accuracy, per the International Standards of External Assessment.'
D 'Compliant with all domestic and international legal statutes, and certified quality assured for ten years.'
b
256
According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?
You Options:
A A former employee knowledgeable of the IAA who resigned three years earlier from the organization.
B A competent employee of an independent external organization that provides co-sourcing services to the IAA.
C An employee in an affiliated organization who has never worked directly with the IAA.
D An employee in the parent organization who has not had any previous contact with the IAA.
a
257
A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?
You Options:
A Require that all staff obtain a minimum of two relevant audit certifications.
B Perform a gap analysis of the IAA's existing knowledge, skills and competencies.
C Engage a consultant to benchmark the IAA's training program against its peers.
D Assign one experienced manager to better coordinate staff training and development activities.
b
258
Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?
```
You Options:
A Due professional care.
B Individual objectivity.
C Proficiency.
D Organizational independence.
```
a
259
The chief audit executive (CAE) has been asked to manage the regulatory compliance function for the organization's retail store operations. Store operations are included in the annual audit plan.
Which of the following strategies best fulfills the requirements of the Standards regarding these audits?
You Options:
A The scope of store operations audits should exclude compliance.
B Store operations audits can be fully executed with appropriate disclosure to the board.
C Store operations audits should be performed by an external service provider.
D A store operations compliance audit should be performed by a staff internal auditor under the direction of the CAE.
c
260
According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?
```
You Options:
A Three months.
B Six months.
C One year.
D Two years.
```
c
261
An internal audit activity (IAA) provided assurance services for an activity it was responsible for during the preceding year.
As a result, which IIA Code of Ethics principle is presumed to be impaired?
```
You Options:
A Competence.
B Flexibility.
C Objectivity.
D Independence.
```
c
262
A chief audit executive (CAE) of an international charity reports functionally to the audit committee of the board of directors and administratively to the charity's chief financial officer (CFO).
Which of the following would impair the internal audit function's independence?
You Options:
A The CFO determines the scope of internal audit work in the accounting department.
B The CFO manages the accounting of the budget for the internal audit function.
C The CFO administers the annual evaluation process for the internal auditors.
D The CFO provides feedback on the CAE's audit reports.
a
263
While attending a conference, an internal auditor won an all-expense paid trip sponsored by a vendor of the internal auditor's organization.
Which of the following actions are most appropriate for the auditor to take?
You Options:
A Consult with an immediate supervisor and notify the organization's audit committee.
B Consult with an immediate supervisor and review the organization's ethics policy.
C Give the prize to a friend or family member and notitfy the organization's audit committee.
D Give the prize to a friend or family member and review the organization's ethics policy.
b
264
Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?
You Options:
A The internal auditor reviews the physical access to merchandise during an inventory count.
B The audit manager conducts an internal quality assessment of the internal audit activity's adherence to the Standards.
C The audit manager refrains from assigning an auditor who was a former payroll clerk to conduct a payroll audit.
D The board approves the annual performance evaluation of the chief audit executive.
a
265
Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?
You Options:
A A change was implemented requiring the IAA to report administratively to the organization's chief legal counsel rather than the board.
B Responsibility for risk management processes were removed from the IAA and placed under a newly created chief risk officer.
C The IAA was denied access to expenditure and budget requirement reports because the reports were considered to be financial administrative matters.
D An internal auditor was informed by the chief financial officer that client survey results would be unfavorable unless the auditor changed a finding in the report.
c
266
A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.
Which of the following statements is true about the auditor's actions?
You Options:
A They are in violation of the IIA Code of Ethics because the auditor withheld meaningful information.
B They are in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
C They are in violation of neither the IIA Code of Ethics nor the Standards.
D They are not in violation of the Standards but are in violation of the IIA Code of Ethics.
c
267
During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee's name that are unrelated to the basic business of the organization.
The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization.
Division management views the employee's actions as extra incentive to retain the employee.
A decision to include the employee's action in the engagement final communication would be:
1. A violation of the IIA Code of Ethics.
2. A violation of the reporting requirements in the Standards.
3. Justified and necessary, according to the IIA Code of Ethics and Standards.
```
You Options:
A 1 only
B 2 only
C 3 only
D 1 and 2 only
```
c
268
Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store's cash function?
You Options:
A The audit report included a well-supported recommendation for a reduction in staff even though such a reduction might adversely impact morale.
B The auditor tested samples of transactions to test the cash function's process flows.
C After determining that the cash function internal controls were strong, the audit report assured senior management that fraud was not present.
D The auditor discovered an instance of potential fraud and reported it immediately to management, but did not alert authorities outside the organization.
c
269
Why is it important for the chief audit executive to periodically review the audit charter and present the results to senior management and the board?
You Options:
A Because management requires the review to measure effectiveness of the internal audit activity.
B So that the individual objectivity of the internal audit staff can be more clearly established.
C So that there is assurance of the internal audit staff's proficiency to complete audit activities.
D Because changes in the organization may impair the internal audit activity's ability to meet its objectives.
d
270
A computer system automatically locks a user's account after three unsuccessful attempts to log on.
Which type of control does this scenario represent?
```
You Options:
A Corrective control.
B Preventive control.
C Detective control.
D Compensating control.
```
b
271
A manufacturing organization discovers that the waste water released has failed to meet permitted limits.
Which control function will be least effective in correcting the issue?
You Options:
A Performing a chemical analysis of the water, prior to discharge, for components specified in the permit.
B Posting signs that tell employees which substances may be disposed of via sinks and floor drains within the facility.
C Diluting pollutants by flushing sinks and floor drains daily with large volumes of clean water.
D Establishing a preventive maintenance program for the pretreatment system.
c
272
Which of the following controls is not appropriate for sales in a manufacturing organization?
You Options:
A Customers' orders are recorded promptly.
B Goods shipped are matched with valid customer orders.
C Goods returned are inspected for damage by the receiving department for proper disposition.
D Sales department approval is required for credit sales transactions.
d
273
Which of the following actions does not violate the IIA Code of Ethics or Standards?
You Options:
A An internal auditor performing an audit on an operation that they managed less than a year ago.
B An internal auditor performing an audit on procedures that they were responsible for creating.
C An internal auditor disclosing details of an audit report to colleagues from a different organization.
D An internal auditor disclosing confidential information in response to a lawsuit.
d
274
An organization has implemented a new automated payroll system that contains a table of pay rates that are matched to employee job classifications. Which control should an internal auditor suggest in order to ensure that the table is updated correctly, and is used only for valid pay changes?
You Options:
A Restrict data-table access from management and line supervisors who have the authority to determine pay rates.
B Require a supervisor in the department, who has the ability to change the table, to compare the changes to a signed management authorization.
C Ensure that adequate edit and reasonableness checks are built into the automated system.
D Require a manager, who is independent of the system and who cannot change the table, to authorize and sign-off on any employee pay changes.
d
275
After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?
You Options:
A To determine audit priorities in the new job, the auditor uses the audit risk approach that the auditor's previous employer used, without receiving permission to do so.
B At the new organization, the auditor is asked to develop forms to implement probability-proportional-to-size sampling. Although unsure of how to perform this type of sampling, the auditor proceeds without asking for assistance.
C In preparing for an audit at the previous organization, the auditor had conducted a great deal of research on the Internet at home to identify best practices for the management of a treasury function. The auditor has retained much of the research and uses it to conduct an audit of the new employer's treasury function.
D In the first week at the new organization, the auditor discovers a high fraud risk surrounding the organization's database and suggests that the information technology department implement a new password system to prevent fraudulent actions before they occur.
b
276
Which of the following scenarios exemplifies a potential internal control weakness?
You Options:
A The same employee who receives cash from customers prepares a prelisting of cash receipts.
B The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information.
C The same employee who restrictively endorses checks received from customers prepares the bank's check deposit slips.
D The same employee who makes deposits at the bank prepares the monthly bank reconciliation.
d
277
Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management's decision is least plausible?
You Options:
A Management may be concerned about its reputation in the financial markets.
B Management is following best-practice protocol, as stipulated by the Standards, which states that internal auditors must review quarterly financial statements.
C Management may be concerned about potential penalties that could occur if quarterly financial statements are misstated.
D Management may perceive that having quarterly financial information examined by the internal auditors enhances the information's value to internal decision making.
b
278
An organization's chief audit executive (CAE) determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following would be the best course of action for the CAE to follow?
You Options:
A Outsource the audit engagement to a qualified external auditing firm without burdening the audit committee with the decision.
B Determine the requisite knowledge needed, and obtain the proper training for auditors, even if the training will significantly push back the project's timeframe as outlined by the audit committee.
C Notify the audit committee of the problem, and assign the most competent auditors on staff to perform the audit engagement.
D Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.
d
279
Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?
You Options:
A A review of audit staff education and training records.
B Information about the audit staff size and composition of comparable organizations.
C Results from discussions of audit needs with executive management and the audit committee.
D The results of the audit staff's most recent performance reviews.
c
280
An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts. Which of the following irregularities is the most likely cause of the auditor's suspicion?
You Options:
A A much higher bad debt expense as a percentage of sales than that of previous years.
B A much higher bad debt expense as a percentage of sales than that of other stores.
C A much higher percentage of past-due accounts receivable than that of other stores.
D A much higher percentage of past-due accounts receivable than that of previous years.
b
281
Which of the following is a valid statement about the use of visual observations during an audit engagement?
1. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.
2. Visual observations can be used during both preliminary survey and fieldwork stages of the audit engagement.
3. Visual observations can provide unsubstantiated facts to management if the internal auditor believes the information is useful.
4. Visual observations can assist an auditor in determining if a material observation should be communicated through informal means to the organization's senior management.
```
You Options:
A 1 and 2 only
B 1 and 4 only
C 2 and 3 only
D 3 and 4 only
```
a
282
In which of the following scenarios would a customer service hotline receive a high volume of complaints regarding payments not being applied to customers' accounts?
You Options:
A Invoices are not being mailed to customers.
B An employee is tampering with customer checks.
C Employees are submitting fraudulent expense reports.
D The customer service department is not forwarding complaints to the accounts receivable department.
b
283
What is the primary purpose of a fishbone diagram?
You Options:
A To depict the areas of responsibility for departments in an organization.
B To plan and control complex projects, such as internal audits.
C To represent the frequencies of adverse conditions in a given process.
D To identify the possible causes of adverse conditions.
d
