New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-ACCA Questions and Answers

Question # 6

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Full Access
Question # 7

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

A.

1 only

B.

4 only

C.

1 and 3

D.

2 and 4

Full Access
Question # 8

Which of the following situations would justify the removal of a finding from the final audit report?

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Full Access
Question # 9

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Full Access
Question # 10

According to IIA guidance, which of the following should be included in the internal audit charter?

A.

The minimum resources and competencies needed for the internal audit activity.

B.

Identification of the organizational units where engagements are to be performed.

C.

Organizational relationships and reporting lines.

D.

Assigned responsibilities for designing and implementing controls.

Full Access
Question # 11

Which of the following is an example of a detective control?

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Full Access
Question # 12

Which of the following has the greatest effect on the efficiency of an audit?

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Full Access
Question # 13

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

Full Access
Question # 14

According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Full Access
Question # 15

Which of the following is not an outcome of control self-assessment?

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Full Access
Question # 16

According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

A.

The review should focus on the efficiency of the controls in place to prevent fraud.

B.

The scope of the review does not need to include all operating areas of the organization.

C.

The cost of the control should be compared to the benefit of mitigating the related risk.

D.

The review should assess whether the internal controls can be circumvented.

Full Access
Question # 17

Which of the following is not a direct benefit of control self-assessment (CSA)?

A.

CSA allows management to have input into the audit plan.

B.

CSA allows process owners to identify, evaluate, and recommend improving control deficiencies.

C.

CSA can improve the control environment.

D.

CSA increases control consciousness.

Full Access
Question # 18

Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?

A.

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Full Access
Question # 19

Which of the followings statements describes a best practice regarding assurance engagement communication activities?

A.

All assurance engagement observations should be communicated to the audit committee.

B.

All assurance engagement observations should be included in the main section of the engagement communication.

C.

During the "communicate" phase of an assurance engagement, it is best to define the methods and timing of engagement communications.

D.

A detailed escalation process should be developed during the planning stage of an assurance engagement.

Full Access
Question # 20

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

A.

Evaluate and verify management's response, and determine the need and scope for additional work.

B.

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Full Access
Question # 21

Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?

A.

To help develop process maps.

B.

To determine segregation of duties.

C.

To identify residual risks.

D.

To test the adequacy of controls.

Full Access
Question # 22

According to IIA guidance, which of the following statements are true regarding the internal audit plan?

1. The audit plan is based on an assessment of risks to the organization.

2. The audit plan is designed to determine the effectiveness of the organization's risk management process.

3. The audit plan is developed by senior management of the organization.

4. The audit plan is aligned with the organization's goals.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4

D.

1, 3, and 4

Full Access
Question # 23

During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

A.

Scheme.

B.

Opportunity.

C.

Rationalization.

D.

Pressure.

Full Access
Question # 24

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 25

In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member?

A.

Maintaining industry-specific knowledge appropriate to the organization.

B.

Assessing how IT contributes to organization objectives, risks, and relevance to audit.

C.

Maintaining technical aspects of accounting standards and reporting processes.

D.

Understanding regulatory and legal framework and assessing its relevance.

Full Access
Question # 26

As a matter of policy, the chief audit executive routinely rotates internal audit staff assignments and periodically interviews the staff to discuss the potential for conflicts of interest. These actions help fulfill which of the following internal audit mandates?

A.

Organizational independence.

B.

Professional objectivity.

C.

Due professional care.

D.

Individual proficiency.

Full Access
Question # 27

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

A.

1.2, and 3.

B.

1,2, and 4.

C.

1.3, and 4.

D.

2. 3, and 4.

Full Access
Question # 28

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 29

Which of the following best describes the four components of a balanced scorecard?

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Full Access
Question # 30

The final internal audit report should be distributed to which of the following individuals?

A.

Audit client management only

B.

Executive management only

C.

Audit client management, executive management, and others approved by the chief audit executive.

D.

Audit client management, executive management, and any those who request a copy.

Full Access
Question # 31

Which of the following types of fraud includes embezzlement?

A.

Fraudulent statements.

B.

Bribery.

C.

Misappropriation of assets.

D.

Corruption.

Full Access
Question # 32

Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?

1. Periodically reviewing the vendor list for unusual vendors and addresses.

2. Segregating duties for amount purchasing, receiving, shipping, and accounting.

3. Validating sequential integrity of purchase orders.

4. Verifying the validity of invoices with post office box addresses.

A.

1 and 2 only

B.

3 and 4 only

C.

1, 2, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 33

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently. Which common characteristics of fraud will the practice and policy most likely reduce?

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Full Access
Question # 34

Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?

A.

The internal audit activity has to ensure team members' objectivity is not impaired.

B.

Auditors cannot participate in an assurance engagement of a function for which they previously performed a consulting engagement.

C.

The scope and objective of the engagement is agreed upon based on the engagement client's needs.

D.

The internal audit activity must ensure management actions have been implemented effectively or risk accepted.

Full Access
Question # 35

Which of the following are components of the ISO 31000 risk management process?

1. Setting the context.

2. Risk treatment.

3. Risk avoidance.

4. Communication.

A.

1 and 2 only.

B.

2 and 3.

C.

3 and 4.

D.

1,2, and 4.

Full Access
Question # 36

Which of the following statements best describes the frameworks set forth by the International Standards Organization?

A.

Globally accepted standards for industries and processes.

B.

Bridging the gaps among control requirements, technical issues, and business risks.

C.

Practical guidance and benchmarks for all organizations that use information systems.

D.

Frameworks and guidance on enterprise risk management, internal control, and fraud deterrence.

Full Access
Question # 37

An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?

A.

Disclose the information in a separate report.

B.

Distribute the information in a confidential report to the board only

C.

Distribute the reports through the use of blind copies.

D.

Exclude the results from the report and verbally report the conditions to senior management and the board.

Full Access
Question # 38

A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director's independence?

A.

Preparing the financial statements for the company's defined contribution plan.

B.

Performing a pre-implementation review of the company's payroll application.

C.

Providing the COBIT framework as a possible IT management tool.

D.

Reviewing the company's policy for foreign currency translation adjustments for compliance with accounting standards.

Full Access
Question # 39

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A.

A monitoring process.

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Full Access
Question # 40

An organization decides to take no action on one of its financial risks because the cost of implementing the control outweighs the value of the asset being protected. Which of the following best describes this risk strategy?

A.

Risk avoidance.

B.

Risk-benefit analysis.

C.

Risk sharing.

D.

Risk acceptance.

Full Access
Question # 41

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Full Access
Question # 42

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider's experience in the type of work being considered.

Full Access
Question # 43

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board's meeting records.

Full Access
Question # 44

Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

A.

Senior management is charged with overseeing the establishment risk management and control processes.

B.

The chief audit executive is responsible for overseeing the evaluation risk management and control processes.

C.

Operating managers are responsible for assessing risks and controls in their departments.

D.

Internal auditors provide assurance about risk management and control process effectiveness.

Full Access
Question # 45

Which of the following statements about mentoring is true?

1. Mentoring can be used effectively for increasing employee retention

2. Mentoring can be used effectively in reducing employees frustration.

3. Mentoring can be used effectively for increasing organization communication.

4. Mentoring can be used effectively as a short term activity consisting of instruction and training

A.

1 2. and 3 only.

B.

1. 2 and 4 only

C.

1, 3. and 4 only.

D.

1,2. 3, and 4

Full Access
Question # 46

Which of the following stages of group development is associated with accepting team responsibilities?

A.

Forming stage.

B.

Performing stage.

C.

Norming stage.

D.

Storming stage.

Full Access
Question # 47

According to MA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?

A.

Report identifying data that is outside of system parameters

B.

Report identifying general ledger transactions by time and individual

C.

Report comparing processing results with original input

D.

Report confirming that the general ledger data was processed without error.

Full Access
Question # 48

Which of the following stages of contracting focuses on aligning the markets with objectives of the organization?

A.

Initiation stage

B.

Bidding stage

C.

Development stage

D.

Negotiation stage

Full Access
Question # 49

Which of the following local area network physical layouts is subject to the greatest risk of failure if one device fails?

A.

Star network.

B.

Bus network.

C.

Token ring network.

D.

Mesh network.

Full Access
Question # 50

Which of the following is a characteristic of an emerging industry?

A.

Established strategy of players.

B.

Low number of new firms.

C.

High unit costs.

D.

Technical expertise.

Full Access
Question # 51

The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

A.

The CAE's work may be reviewed by any other experienced staff member within the IAA.

B.

The CAE's work should be reviewed by an individual with the appropriate background and knowledge.

C.

The CAE may self-review his work, provided he discloses this practice in the final report.

D.

The CAE should avoid performing engagements to ensure he is able to review all audit work objectively.

Full Access
Question # 52

According to The IIA's Code of Ethics, which of the following actions violates the principle of confidentiality?

A.

Accepting a consulting request in the IT department without possessing the requisite experience.

B.

Providing personal tax preparation services for a fee for several employees during the lunch hour.

C.

Providing a friend with the marketing strategic plan, which she will use to prepare her university thesis.

D.

Agreeing to reword an observation to avoid the client complaining directly to the auditor's supervisor.

Full Access
Question # 53

Which of the following is considered a violation of The IIA's Code of Ethics?

A.

An auditor conveys public information about an organization's financial condition.

B.

An auditor reports a manager's illegal activity to senior management, rather than reporting the incident to the appropriate external authority.

C.

An auditor receives allegations of fraud from a whistleblower and immediately reports the allegations to senior management.

D.

An auditor reports material deficiencies, despite the fact that management is already aware of the defects.

Full Access
Question # 54

Which of the following scenarios best illustrates a rationalization as the root cause of potential fraud?

A.

Managers who have been with the organization for several decades become aware that newly hired, younger managers are being moved more quickly into senior positions.

B.

The controller at a nationwide manufacturing company recently opted to no longer require two-week mandatory vacations for accounting staff.

C.

Security cameras that monitor cash handling at the register are not functioning.

D.

The organization is slowly phasing out three mature products that produce the highest commissions for the sales staff.

Full Access
Question # 55

According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?

1. Obtain and review all purchasing-related audit reports issued within the past year.

2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.

3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.

4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.

A.

1 and 2.

B.

1 and 3.

C.

2 and 4.

D.

3 and 4.

Full Access
Question # 56

Which of the following situations is most likely to impair internal audit objectivity?

A.

An internal auditor reports both functionally and administratively to the chief financial officer (CFO).

B.

An internal auditor, who was an accounts receivable intern for the organization three years prior, performs an audit of the accounts receivable cycle.

C.

According to policy, the internal auditor must obtain approval from the CFO prior to requesting information for internal audit purposes.

D.

An internal auditor performs an audit in a department that is led by the auditor's close friend.

Full Access
Question # 57

Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:

Activity Level -

Maintenance Cost

Month

Patient Days

Incurred

January

5,600

$7,900

February

7,100

$8,500

March

5,000

$7,400

April

6,500

$8,200

May

7,300

$9,100

June

8,000

$9,800

If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

A.

Fixed cost.

B.

Variable cost.

C.

Total maintenance cost.

D.

Patient days.

Full Access
Question # 58

An internal auditor is using a spreadsheet application to review a cash flow forecast prepared by management.

Which of the following correctly identifies the type of evidence this information represents?

A.

Competent, corroborative evidence of future working capital requirements.

B.

Sufficient, analytical evidence of the cash flow position at a given point of time in the future.

C.

Competent, documentary evidence of future cash flow changes within the organization.

D.

Sufficient, circumstantial evidence of the future solvency of the organization.

Full Access
Question # 59

Which of the following is an activity that an internal auditor must not perform?

A.

Establish and provide continuing assurance on an anti-money laundering program for new hires.

B.

Survey employees for their understanding of anti-money laundering practices.

C.

Provide assurance for the effectiveness of anti-money laundering training.

D.

Assess the risk of being fined for ineffective anti-money laundering practices.

Full Access
Question # 60

Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

A.

The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.

B.

Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.

C.

System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.

D.

Department managers are required to perform periodic user access reviews of relevant systems and applications.

Full Access
Question # 61

Which of the following factors have the greatest influence on the independence of the internal audit activity?

A.

Quality assessments and cultural biases of the internal audit activity.

B.

Rotational assignments and familiarity of the internal audit activity.

C.

Employee incentives and self review of the internal audit activity.

D.

Organizational positioning and scope control of the internal audit activity.

Full Access
Question # 62

Which of the following scenarios best illustrates the principle of due professional care?

A.

An internal auditor evaluates the significant risks arising from a consulting engagement.

B.

An internal auditor declares that he would have a conflict of interest in providing planned audit support.

C.

An internal auditor has been given sufficient authority to access documents needed to make an appraisal of an issue.

D.

An internal auditor uses technology-based audit techniques to ensure that all significant risks are identified.

Full Access
Question # 63

An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?

1. The organization uses an automated authority approval matrix to control payments.

2. The organization has a whistleblower hotline that is available to employees.

3. Annually, every manager completes a comprehensive fraud assessment of his or her department.

4. Annually, the organization reviews and communicates the code of expected behavior.

A.

1 and 2.

B.

1 and 3.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 64

Which of the following best describes the misdirection of payments on accounts receivable to an employee's bank account?

A.

Fraud open on the books.

B.

Fraud hidden on the books.

C.

Fraud off the books.

D.

Fraud on the balance sheet.

Full Access
Question # 65

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

A.

The CAE would need to procure external services to deliver the internal audit assurance program.

B.

There is no expertise within the internal audit team for detecting and investigating fraud.

C.

There is no expertise within the internal audit team for auditing an IT engagement.

D.

There is no available expertise on the internal audit team to perform a consulting engagement.

Full Access
Question # 66

According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

A.

To enable Triple Bottom Line reporting capability.

B.

To facilitate the conduct of risk assessment.

C.

To achieve and maintain sustainable development.

D.

To fulfill regulatory and compliance requirements.

Full Access
Question # 67

According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

A.

An internal auditor assessed the effectiveness of controls over payroll software, which he had helped implement with a previous employer.

B.

An internal auditor participated in an audit of controls around absenteeism, despite providing some consultation on controls in this area earlier in the year.

C.

An internal auditor performed an assurance engagement for the effectiveness of accounts payable access controls, one of which he previously helped to design.

D.

An internal auditor, previously employed in the quality assurance operations area, performed a consulting engagement for the operations manager.

Full Access
Question # 68

An assurance mapping exercise helps an organization do which of the following?

1. Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.

2. Fulfill best practices in the industry.

3. Identify and address any gaps in the risk management process.

4. Identify fraud.

A.

1 and 4.

B.

1 and 3.

C.

2 and 3.

D.

3 and 4.

Full Access
Question # 69

Listening effectiveness is best increased by:

A.

Resisting both internal and external distractions.

B.

Waiting to review key concepts until the speaker has finished talking.

C.

Tuning out messages that do not seem to fit the meeting purpose.

D.

Factoring in biases in order to evaluate the information being given.

Full Access
Question # 70

Which of the following is useful for forecasting the required level of inventory?

1. Statistical modeling.

2. Information about seasonal variations in demand.

3. Knowledge of the behavior of different business cycles.

4. Pricing models linked to seasonal demand.

A.

1 and 2 only

B.

2 and 3 only

C.

1, 2, and 3 only

D.

1, 2, 3, and 4

Full Access
Question # 71

According to IIA guidance on IT. which of the following plans would pair the identification of critical business processes with recovery time objectives?

A.

The business continuity management charter.

B.

The business continuity risk assessment plan

C.

The business impact analysis plan

D.

The business case for business continuity planning

Full Access
Question # 72

An organization has instituted a bring-your-own-device (BYOD) work environment Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

A.

Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.

B.

Ensure that relevant access to key applications is strictly controlled through an approval and review process

C.

Institute detection and authentication controls for all devices used for network connectivity and data storage

D.

Use management software to scan and then prompt patch reminders when devices connect to the network

Full Access
Question # 73

Which of the following is not a barrier to effective communication?

A.

Filtering.

B.

Communication overload.

C.

Similar frames of reference.

D.

Lack of source credibility.

Full Access
Question # 74

Which of the following are included in ISO 31000 risk principles and guidelines?

A.

Standards, framework, and process.

B.

Standards, assessments, and process.

C.

Principles, framework, and process.

D.

Principles, practices, and process.

Full Access
Question # 75

Which of the following factors is considered a disadvantage of vertical integration?

A.

It may reduce the flexibility to change partners.

B.

It may not reduce the bargaining power of suppliers.

C.

It may limit the organization's ability to differentiate the product.

D.

It may lead to limited control of proprietary knowledge.

Full Access
Question # 76

While reviewing the contracts for a large city, the internal auditor learns that the organization contracted to perform trash collection is paid based on the number of bins emptied each week As a result, the city has minimal control over payments Which of the following actions should the auditor recommend to give the city greater control over payments?

A.

Change the contract so payment is based on the distances traveled by the contractor during collection.

B.

Renegotiate a lump-sum contract when the contract is up for renewal

C.

Assign a city employee to verify the number of bins emptied each day

D.

Require that the contractor provide supervisory review of the number of bins emptied each day

Full Access
Question # 77

The first step in determining product price is:

A.

Determining the cost of the product.

B.

Developing pricing objectives.

C.

Evaluating prices set by the competitors.

D.

Selecting a pricing method.

Full Access
Question # 78

An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:

A.

Lack of awareness of the state of processing.

B.

Increased cost and complexity of network traffic.

C.

Interference of the mirrored data with the original source data.

D.

Confusion about where customer data are stored.

Full Access
Question # 79

An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?

A.

Develop and test the organization's disaster recovery plan.

B.

Install and test fire detection and suppression equipment.

C.

Restrict access to tangible IT resources.

D.

Ensure that at least one developer has access to both systems and operations.

Full Access
Question # 80

Which of the following is not a potential area of concern when an internal auditor places reliance on spreadsheets developed by users?

A.

Increasing complexity over time.

B.

Interface with corporate systems.

C.

Ability to meet user needs.

D.

Hidden data columns or worksheets.

Full Access
Question # 81

Which of the following borrowing options is an unsecured loan?

A.

Second-mortgage financing from a bank.

B.

An issue of commercial paper.

C.

Pledged accounts receivable.

D.

Asset-based financing.

Full Access
Question # 82

Which of the following strategies is most appropriate for an industry that is in decline?

A.

Invest in marketing.

B.

Invest in research and development.

C.

Control costs.

D.

Shift toward mass production.

Full Access
Question # 83

A retail organization mistakenly did not include S10.000 of inventory in the physical count at the end of the year. What was the impact to the organization's financial statements?

A.

Cost of sales and net income are understated

B.

Cost of sales and net income are overstated

C.

Cost of sales is understated and net income is overstated.

D.

Cost of sales is overstated and net income is understated.

Full Access
Question # 84

Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?

A.

Voice recognition and token.

B.

Password and fingerprint.

C.

Fingerprint and voice recognition

D.

Password and token

Full Access
Question # 85

An internal auditor is trying to assess control risk and the effectiveness of an organization's internal controls. Which of the following audit procedures would not provide assurance to the auditor on this matter?

A.

Interviewing the organization's employees.

B.

Observing the organization's operations.

C.

Reading the board's minutes.

D.

Inspecting manuals and documents.

Full Access
Question # 86

According to the ISO 14001 standard, which of the following is not included in the requirements for a quality management system?

A.

Key processes across the entity which impact quality must be identified and included.

B.

The quality management system must be documented in the articles of incorporation, quality manual, procedures, work instructions, and records.

C.

Management must review the quality policy, analyze data about quality management system performance, and assess opportunities for improvement and the need for change.

D.

The entity must have processes for inspections, testing, measurement, analysis, and improvement.

Full Access
Question # 87

Which of the following control features consists of a set of authorization codes that distinguishes among actions such as reading, adding, and deleting records?

A.

Internally encrypted passwords

B.

System access privileges.

C.

Logon passwords

D.

Protocol controls.

Full Access
Question # 88

A brand manager in a consumer food products organization suspected that several days of the point-of-sale data on the spreadsheet from one grocery chain were missing. The best approach for detecting missing rows in spreadsheet data would be to:

A.

Sort on product identification code and identify missing product identification codes.

B.

Review store identification code and identify missing product identification codes.

C.

Compare product identification codes for consecutive periods.

D.

Compare product identification codes by store for consecutive periods.

Full Access
Question # 89

Which of the following strategies would most likely prevent an organization from adjusting to evolving industry market conditions?

A.

Specializing in proven manufacturing techniques that have made the organization profitable in the past.

B.

Substituting its own production technology with advanced techniques used by its competitors.

C.

Forgoing profits over a period of time to gain market share from its competitors.

D.

Using the same branding to sell its products through new sales channels to target new markets.

Full Access
Question # 90

If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?

A.

Conform with all other parts of The IIA's Standards and provide appropriate disclosures.

B.

Conform with all other parts of The IIA's Standards; there is no need to provide appropriate disclosures.

C.

Continue the engagement without conforming with the other parts of The IIA's Standards.

D.

Withdraw from the engagement.

Full Access