New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-CIA-Part1 Questions and Answers

Question # 6

A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE's best response?

A.

The CAE refers to the Standards and explains that to protect her independence, she needs to remain isolated from the investigation.

B.

The CAE refers to the Standards and explains that the internal audit activity must obtain competent assistance if needed.

C.

The CAE refers to the Standards and explains that to protect her objectivity, she needs to remain isolated from the investigation.

D.

The CAE describes the specifics of the allegation to underscore the importance of the situation and the need for expert investigation

Full Access
Question # 7

Which of the following scenarios best illustrates due professional care?

A.

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

Full Access
Question # 8

An organization is testing a new IT system for digital data storage and security. The internal audit activity has been asked to evaluate the system in a consulting engagement. Although several internal auditors on staff are qualified to perform basic assessments of IT systems, none are familiar with the new system. Which of the following is a legitimate response to the prospective client?

1. Decline the engagement.

2. Proceed with the engagement, performing only those parts of the engagement that the internal auditors are qualified to perform.

3. Accept the engagement and develop the additional competencies in-house prior to the engagement's starting date.

4. Make arrangements to obtain assistance from a competent IT auditing expert.

A.

1 and 4 only.

B.

2 and 3 only.

C.

1. 2, and 3 only.

D.

1, 3, and 4 only.

Full Access
Question # 9

Which of the following activities aligns with The IIA's Core Principles for the Professional Practice of Internal Auditing?

A.

The chief audit executive reports to senior management for compensation decisions and communications of audit results to the board

B.

Final reports from consulting engagements show the summary of findings, and the internal auditor’s advice is clearly distinct and separate from management's decisions

C.

Internal auditors rotate through operations and management positions then perform audit engagements on these areas to ensure timely application of their knowledge

D.

Due to limited resources, internal auditors prioritize assurance on internal controls and risk management and exclude evaluating governance processes, which are deemed outside of their core responsibilities

Full Access
Question # 10

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Full Access
Question # 11

Which of the following describes the internal audit activity's most appropriate role in an organization's risk management process?

A.

Reporting to the board on management's assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Full Access
Question # 12

Which of the following best describes organizational governance processes?

A.

Processes employed by internal and external assurance providers to authorize, direct, and provide oversight to management to better enable the meeting of organizational objectives

B.

Processes employed by the board of directors to authorize and provide guidance and oversight to management to promote the achievement of organizational objectives.

C.

Processes employed by the board of directors and senior management to mitigate risks to acceptable levels.

D.

Processes employed by risk owners to mitigate risks to acceptable levels within the organization's risk appetite

Full Access
Question # 13

An engagement supervisor noticed that a newly hired internal auditor struggles with large data samples because he appears reluctant to apply available spreadsheet statistical functions and tends to perform testing of transactions manually In which of the following areas does the internal auditor most likely need training?

A.

Critical thinking.

B.

International Professional Practices Framework

C.

Professional ethics

D.

Business acumen

Full Access
Question # 14

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Full Access
Question # 15

Guidelines need to be set for various levels of suspected fraud within an organization and when it would be reported to the audit committee. Which of the following would be

reported at the next meeting?

A.

Minor theft of less than $10,000, not involving senior management.

B.

Theft using collusion for more than $10,000. but not involving senior management.

C.

Denial of access to requested employees during an audit.

D.

Discussion of replacement of the chief audit executive.

Full Access
Question # 16

A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.

Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

A.

An evaluation of the current performance and compensation program.

B.

The performance of background investigations on all existing employees.

C.

The availability of fraud training to all employees.

D.

The availability of an employee whistleblower hotline

Full Access
Question # 17

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Full Access
Question # 18

Which of the following are considered root causes of fraud?

A.

Rationalization and corruption

B.

Corruption and opportunity

C.

Opportunity and perceived need

D.

Perceived need and weak internal controls

Full Access
Question # 19

The internal audit activity is performing an assessment of an organization's ethics program, and the engagement scope specifies a focus on the training program's design. According to IIA guidance, which of the following questions would be the most relevant?

1. Does the training include situations that require an ethical decision?

2. What percentage of employees have taken the training?

3. What are the results of the employee assessment of the organization's ethical climate?

4. Does the instructor provide feedback on the thought process to reach an ethical resolution?

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Full Access
Question # 20

Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

A.

The cost and frequency of both internal and external assessments.

B.

Any assumptions made by the assessment team

C.

A potential conflict of interest of the assessment team.

D.

The assessment team’s execution plan of relevant procedures.

Full Access
Question # 21

According to IIA guidance, which of the following statements is true regarding ISO 31000?

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Full Access
Question # 22

Which of the following would provide the best support for internal auditors to meet their continuing professional development requirements?

A.

Access to online internal audit and business skills courses.

B.

Records of self-assessment reports completed by the internal audit staff.

C.

Cosourcing arrangements with external providers on specific engagements.

D.

Performance reviews comparing internal auditors' achievements against specified goals.

Full Access
Question # 23

Which of the following is an example of a risk avoidance strategy?

A.

Hedging against exchange rate variations.

B.

Limiting access to an organization’s data center.

C.

Selling a nonstrategic business unit.

D.

Outsourcing a high-risk activity

Full Access
Question # 24

Six months after an employee was transferred to the internal audit activity his former operating manager requested that he return to assist a project team with the evaluation of a new pricing module for the organization’s online ordering system According to IIA guidance which of the following statements is true?

A.

The auditor cannot be assigned to this project, as it has been fewer than 12 months since he was transferred from that department.

B.

Another internal auditor should be appointed to the engagement to preserve the independence of the internal audit activity

C.

The auditor cannot participate in the assignment, as providing an opinion would impair his objectivity

D.

The auditor may participate on the project, as the nature of the assignment is consulting

Full Access
Question # 25

According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

A.

Conclude the engagement and inform management that fraud has occurred

B.

Perform further testing to verify the existence of fraud.

C.

Suspend the engagement and undertake a formal fraud investigation.

D.

Notify the board of the possible fraud immediately

Full Access
Question # 26

What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

A.

Assign competent staff to the area under audit to remediate the nonconformance.

B.

Determine how the deviation impacted the overall scope of the internal audit activity.

C.

Meet with the board to gam an understanding of the board's expectations.

D.

Communicate the matter to the board at the time of the next external assessment.

Full Access
Question # 27

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company's risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization's CEO reviews the internal audit activity's annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning

Full Access
Question # 28

Which of the following describes two duties that should not be performed by the same person?

A.

Posting cash receipts and cash payments to the general ledger.

B.

Posting bad debt write-offs and reconciling the accounts payable subsidiary ledger.

C.

Distributing payroll checks and approving sales returns for credit.

D.

Recording cash receipts and preparing bank reconciliations.

Full Access
Question # 29

Which of the following is the first step in the process of identifying relevant fraud risk factors?

A.

Identifying preventive and detective controls

B.

Gathering information about the organization’s business activities to gain an understanding of fraud risks

C.

Engaging in strategic reasoning to anticipate the fraud scheme

D.

The use of brainstorming, management interviews, analytical procedures and review of prior frauds.

Full Access
Question # 30

An internal audit team received the following feedback from operational management via a post-engagement survey "Management agrees with all audit findings However, the audit team did not consider our input on the best way to resolve the issues”

This feedback is an indication that the internal audit activity may need to improve which of the following interpersonal skills?

A.

Leadership

B.

Conflict management

C.

Communication

D.

Influence

Full Access
Question # 31

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

B.

Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks

Full Access
Question # 32

Which of the following statements is most likely to be true regarding a consulting engagement involving an organization's new payroll system?

A.

The internal auditor and engagement client established an understanding that the scope would include the new payroll system project.

B.

The payroll system engagement was scheduled as a result of internal audit's risk-based annual planning process.

C.

The internal auditor concluded that the engagement objectives would include assessing the effectiveness of the payroll process controls.

D.

The internal auditor acknowledged the engagement client’s satisfactory performance in the final engagement results that were communicated to senior management and the board.

Full Access
Question # 33

Which of the following should catch the internal auditor's attention as a potential red flag for fraud?

A.

The accounting unit keeps detailed records and preserves supporting documentation in excess of company requirements

B.

One of the subsidiaries has more bank accounts than any other comparable subsidiary

C.

The same external audit firm has been with the company for three years without rotation

D.

The arithmetic median tenure of employees working at production facilities is 15 years

Full Access
Question # 34

An internal auditor performed a risk assessment and concluded that the controls over access privileges to a bank account were appropriate. Later, the auditor learned that a contractor was using a shared password provided by an authorized user of the account. Which of the following statements best describes the auditor's application of due professional care?

A.

Due professional care was exercised, despite the auditor’s failure to identify the significant risk.

B.

Due professional care was not exercised because the auditor failed to identify all the significant risks during the risk assessment.

C.

Due professional care was not exercised because the residual risk from the possibility of authorized users sharing their passwords was not considered.

D.

Due professional care was not exercised because the auditor failed to conduct interviews to obtain testimonial evidence of possible password sharing

Full Access
Question # 35

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Full Access
Question # 36

Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

A.

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

B.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization's operations.

C.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

D.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

Full Access
Question # 37

Which of the following processes does the board manage to ensure adequate governance?

A.

Establish and measure performance objectives for the internal audit activity.

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization.

D.

Develop strategies to mitigate the risks to achieving the organization’s objectives

Full Access
Question # 38

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Full Access
Question # 39

Which of the following types of policies best helps promote objectivity in the interna! audit activity's work?

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment,

B.

Policies that match internal auditors' performance with feedback from management of the area under review.

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of inappropriate business relationships.

Full Access
Question # 40

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization’s suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs.

Full Access
Question # 41

According to IIA guidance, which of the following statements is true regarding due professional care?

A.

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

Full Access
Question # 42

The internal audit activity completed its analysis of sample transactions to determine occurrences of double billings According to If A guidance, which of the following best demonstrates that internal auditors exercised due professional care during the review?

A.

Internal auditors found no instances of double billing and concluded there were no significant risks in this area.

B.

Internal auditors documented the scope and methodology of the data testing.

C.

Internal auditors discussed with management how data is safeguarded.

D.

Internal auditors received formal performance feedback from the engagement supervisor.

Full Access
Question # 43

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Full Access
Question # 44

Which of the following documents would promote objectivity within an organization's internal audit activity?

A.

Internal audit charter.

B.

Internal audit manual.

C.

Audit committee charter

D.

Human resources employee handbook.

Full Access
Question # 45

In which of the following ways can a chief audit executive demonstrate to the board that the internal audit activity collectively possesses all of the skills needed to complete its annual goals?

A.

Involve board members in hiring activities and request advice.

B.

Require all internal audit staff to complete the same training course on a general audit subject,

C.

Require senior auditors to obtain a professional certification.

D.

Provide a competency assessment of the internal audit staff.

Full Access
Question # 46

Which of the following best illustrates the application of due professional care during an audit of the procurement department?

A.

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.

B.

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’s

reasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

C.

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

D.

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management's declaration, the internal auditor determined that the procurement process was effective.

Full Access
Question # 47

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

A.

A monitoring process,

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Full Access
Question # 48

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Full Access
Question # 49

If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

A.

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.

Immediately inform senior management and the board of the suspected fraud.

C.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

Full Access
Question # 50

Which of the following should a general internal auditor be able to characterize as an IT-related risk?

A.

Computer servers are in a room that is accessible to all employees,

B.

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.

Hours billed by IT developers exceed 24 hours daily.

D.

Audit logs are lacking in a system that processes personal data.

Full Access
Question # 51

A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following is the most appropriate action the CAE should take regarding the request?

A.

Assign the engagement to a more senior internal auditor.

B.

Decline the engagement request.

C.

Allow the internal auditors to acquire the needed skills while performing the engagement.

D.

Supervise the assigned internal auditors throughout the engagement.

Full Access
Question # 52

According to NA guidance, which of the following is true regarding typical fraud schemes?

1. A diversion occurs when an employee has an undisclosed personal economic interest in a transaction that adversely affects

the organization.

2. Tax evasion is intentional reporting of false or misleading information on a tax return by an organization to reduce taxes owed.

3. Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization’s

records.

4, Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services.

A.

1 and 3.B.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 53

An internal auditor is performing testing to gather evidence regarding an organization’s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. The auditor's concern best describes which of the following risks?

A.

incorrect rejection risk

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk.

D.

Anticipated misstatement risk

Full Access
Question # 54

Which of the following statements is true with regard to services provided by the internal audit activity?

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Full Access
Question # 55

For a new board chair who has not previously served on the organization's board, which of the following steps should first be undertaken to ensure effective leadership to the board?

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company.

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Full Access
Question # 56

Which of the following is most likely to be considered a control weakness?

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Full Access
Question # 57

Applying ISO 31000, which of the following is part of the external context for risk management?

A.

Risk treatment method based on risk evaluation.

B.

Organizational culture, objectives, and processes.

C.

The regulatory and competitive environment

D.

The method of determining the risk level.

Full Access
Question # 58

Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

A.

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

B.

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

C.

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

D.

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

Full Access
Question # 59

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit activity's reporting

Full Access
Question # 60

A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?

A.

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

B.

Focus on operational audit work and disregard lack of direct access to the members of the board.

C.

Initiate changes to the internal audit charter to report to senior management for the time being,

D.

Engage in written communications with the board and present relevant issues in writing

Full Access
Question # 61

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

A.

1,2, and 3,

B.

1 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Full Access
Question # 62

An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Full Access
Question # 63

A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?

A.

The board should ask the internal audit activity to perform additional assurance engagements.

B.

A comprehensive fraud risk assessment and management program should be carried out.

C.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

D.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

Full Access
Question # 64

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company's risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning.

Full Access
Question # 65

Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

A.

Groupthink.

B.

Collaboration skills.

C.

Process analysis skills.

D.

Project management skills.

Full Access
Question # 66

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Full Access
Question # 67

At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Full Access
Question # 68

Which of the following would be considered a monitoring activity in organization wide risk management?

A.

Validate the results of management's self-assessment.

B.

Perform reviews of personnel.

C.

Maintain rigorous and comprehensive documentation.

D.

Obtain authorizations and signatures.

Full Access
Question # 69

Which of the following is an example of a detective control?

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Full Access
Question # 70

Which of the following situations best describes an internal auditor who may have violated the IIA Code of Ethics principle of confidentiality?

A.

The auditor intentionally omitted from his resume that he was fired from his previous job for fraud allegations,

B.

The auditor decided not to notify her supervisor that her brother-in-law was responsible for the project the auditor was expected to evaluate.

C.

The auditor asked the audit client to copy requested files to her personal unencrypted memory stick because it was faster and more convenient.

D.

The auditor was assigned to analyze the organization's incentive program and spent long hours reviewing other employees’ bonuses,

Full Access
Question # 71

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

C.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Full Access
Question # 72

Which of the following actions should the organization's governing body perform to provide the most effective governance over the organization's culture?

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Full Access
Question # 73

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Full Access
Question # 74

A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?

A.

Interview the employee identified by the whistleblower.

B.

Attain an understanding of the employee's role, responsibilities, and relationship with the supplier.

C.

Notify senior management, the board, and the external auditor about the alleged fraud

D.

Review all the orders issued to the supplier to investigate potential fraud.

Full Access
Question # 75

An organization's board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?

A.

The risk response.

B.

The risk tolerance.

C.

The residual risk.

D.

The inherent risk.

Full Access
Question # 76

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Full Access
Question # 77

Of all the common characteristics of frauds, which of the following can the organization influence the most?

A.

Pressure or incentive.

B.

Rationalization

C.

Opportunity

D.

Commitment.

Full Access
Question # 78

Which of the following concepts is emphasized in the Mission of Internal Audit?

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Full Access
Question # 79

Which of the following statements is correct regarding disclosure of conformance or Standards?

A.

An internal audit activity that has been in existence fewer than five years cannot Indicate that it is operating in conformance with the Standards because it has not yet undergone an external assessment.

B.

Once an external assessment validates conformance with the Standards, the internal audit activity may continue to use the statement until the next external assessment.

C.

If it has been more than five years since the last external assessment was conducted, the Internal audit activity must cease indicating that it operates in conformance with the Standards.

D.

The chief audit executive must disclose every instance of noncompliance with the Code of Ethics or the Standards.

Full Access
Question # 80

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Full Access
Question # 81

The organization's chief audit executive (CAE) is planning an immediate assurance engagement following several product recalls. However, the internal audit staff does not have the required Knowledge and experience to adequately assess all the relevant processes and procedures. According to 11A guidance, which of the following actions should the CAE take under these circumstances?

A.

Use the current available resources to conduct the review and exclude those procedures that can't currently be performed.

B.

Implement an accelerated training plan to provide the audit staff with the necessary skills and knowledge to conduct the engagement.

C.

Encourage management to accept the assessed risk until the internal audit activity is able to adequately review the area.

D.

Obtain assistance for the audit team from other internal assurance providers who possess the requisite expertise in the area.

Full Access
Question # 82

Which of the following scenarios demonstrates an impairment to internal audit independence?

A.

The internal auditor s denied access to partner information from management of me area under review

B.

The internal auditor tarts to disclose a potential conflict of interest relationship with management of the area under review

C.

The internal auditor concludes that controls operate effectively, although he did not gather supporting evidence

D.

The internal auditor was assigned to an assurance review of an area for which he previously had responsibilities

Full Access
Question # 83

An internal auditor is finalizing an audit report on the effectiveness of the organization's overall system of internal control. Several audit tests were performed, and the only issue identified was that the CEO frequently asks employees to make exceptions or bypass the organization's standard written policies and procedures. Which of the following conclusions is most appropriate for the auditor to report?

A.

The auditor should indicate that the system of internal control is not effective.

B.

The auditor should indicate that the system of internal control is generally effective, except for the minor issue identified.

C.

The auditor should indicate that the system of internal control is effective.

D.

The auditor cannot express a conclusive opinion in the audit report.

Full Access
Question # 84

Whch ol the following would show appropriate disclosure of nonconformance with the Standards?

A.

The chief audit executive (CAE) documented in the personal file a critical conflict of interest involving an internal audit on a upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor’s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to revealed to operational manager that he failed to appropriately consider risks while he was developing the audit plan.

Full Access
Question # 85

Which documents would help a forensic auditor identify instances of collusion between an employee and vendor to defraud the organization?

A.

Email correspondence.

B.

Payment request forms.

C.

Vendor invoices.

D.

Bank statements.

Full Access
Question # 86

Which of the following statements best represents the duo professional care that is required of internal auditor’s?

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should device internal audit programs to confirm that the results are accurate.

Full Access
Question # 87

Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

A.

Determining whether management measures and monitors the costs and benefits of controls.

B.

Providing training on controls and ongoing self-monitoring processes.

C.

Developing flowcharts to obtain information about control design adequacy.

D.

Identifying objectives and the risks involved in achieving them.

Full Access
Question # 88

An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted. Which of the following would best help the organization manage the risk of fraud?

A.

Accounting personnel should regularly perform reconciliation between invoices and purchase orders

B.

Accounting personnel should conduct a periodic inventory count and reconcile inventory movements

C.

internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels

D.

Management should established a policy requiring new inventory asset purchases to be made on serialized order forms with copies retained

Full Access
Question # 89

According to IIA guidance, which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management

D.

At the board's discretion, the frequency of external assessments can exceed the five-year guideline

Full Access
Question # 90

What is an appropriate first step in an internal auditor’s fraud risk assessment to evaluate how the organization manages such risk?

A.

Develop preventive and detective controls

B.

Identify potential fraud scenarios

C.

Assess the impact and likelihood of fraud risks

D.

Determine fraud risk responses

Full Access
Question # 91

Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

A.

Delivering fraud awareness training to employees in the department.

B.

Segregating duties between employees in the department.

C.

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

Full Access
Question # 92

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Full Access
Question # 93

Which of the following statements is true regarding intangible assets?

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Full Access
Question # 94

Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

A.

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.

The CAE assesses the audit staff's knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.

The CAE provides absolute assurance to line management during each eternal audit engagement

Full Access
Question # 95

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

A.

The organization's board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Full Access
Question # 96

Which of the following is true regarding the stakeholder theory of corporate social responsibility?

A.

An organization has a fiduciary duty to put shareholders' needs first

B.

Customers' needs are the primary responsibility of the organization

C.

Competitors are considered stakeholders of the organization

D.

Employees are the organization's best assets and primary responsibility

Full Access
Question # 97

Which of the following statements is true regarding an organization's code of ethics?

A.

It should be written with primary consideration given to using a rule-based approach.

B.

It should be of two variations: one applicable internally and one applicable for third parties.

C.

Its operational effectiveness cannot be tested using traditional audit and rating systems such as maturity models.

D.

It should require an annual attestation of compliance with the code of conduct by all employees.

Full Access
Question # 98

Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

A.

Participate in a fraud risk-assessment session as an in-house facilitator.

B.

Send regular written updates to senior management on new control-related regulations.

C.

Lead a seminar on internal controls and provide numerous examples to the audience.

D.

Conduct a surprise inventory count at the raw materials warehouse.

Full Access
Question # 99

According to MA guidance, which of the following is true with regard to the internal audit charter?

1. It specifies the minimum resources needed for assurance engagements.

2. It requires final approval from senior management.

3. It defines the internal audit activity's authority and responsibilities.

4. It describes the expectations for communicating the results of a quality assurance and Improvement program.

A.

1 and 4 only.

B.

3 and 4 only.

C.

1.2. and 4.

D.

2. 3. and 4.

Full Access
Question # 100

The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

A.

The CAE's actions are likely to impair the Independence of the internal audit activity.

B.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Full Access
Question # 101

According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization's corporate social responsibility (CSR) program?

1. Determine whether the organization has adequate controls to achieve its CSR objectives.

2. Facilitate a management self-assessment of CSR controls and results.

3. Consult on the project design and implementation for the CSR program.

4. Exclude CSR-related external risks that are beyond the control of the organization.

A.

1 and 2 only.

B.

1, 2 and 3 only.

C.

2, 3, and 4 only.

D.

3 and 4 only.

Full Access
Question # 102

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Full Access
Question # 103

According to MA guidance, which of the following statements is true regarding an effective governance process?

A.

It stipulates that risk needs to be considered when making strategic decisions.

B.

It encourages strict segregation of the risk management and internal control processes.

C.

It relies on effective risk management when establishing the organization's risk appetite.

D.

It relies on the board to devise ways to communicate the effectiveness of internal controls.

Full Access
Question # 104

Which of the following would most likely be classified as a consulting engagement?

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system's business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Full Access
Question # 105

Which of the following actions best demonstrates an internal auditor exercising due professional care?

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Full Access
Question # 106

Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization's risk management process?

A.

Internal audit designs and implements the organization's controls to help manage risk.

B.

Internal audit sets the organization's risk tolerance and promotes awareness throughout the organization.

C.

Internal audit assesses whether the organization's risk management processes are effective.

D.

Internal audit is responsible for safeguarding the organization's assets and preventing loss from occurring.

Full Access
Question # 107

In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

A.

Fraud prevention.

B.

Fraud detection.

C.

Corporate culture.

D.

Forensic analysis techniques.

Full Access
Question # 108

Which of the following fraud prevention measures is most likely to trigger undesired adverse behavior if improperly designed?

A.

Disclosure of outside business activities

B.

Ethics training programs

C.

Compensation programs

D.

Exit interviews

Full Access
Question # 109

Senior management asks the chief audit executive to review the organization's compliance with recently introduced legislation on international transfer pricing. The review requires an internal auditor who thoroughly understands the legislation and pricing methods. The internal audit activity does not have an auditor with those skills. Which of the following is the most appropriate course of action?

A.

Outsource the engagement to an external audit firm that has appropriate skills.

B.

Recruit a lawyer with knowledge of the legislation to the audit team and ask the new auditor to perform the engagement.

C.

Decline to perform the engagement, as the internal audit activity does not have the appropriate skill set.

D.

Carry out the engagement using existing internal audit staff to help them gain the appropriate experience.

Full Access
Question # 110

Due to unfavorable economic conditions management decided to postpone new investments for the next year. Which of the following best describes the risk management strategy used to address this situation?

A.

Risk mitigation

B.

Risk avoidance

C.

Risk reduction

D.

Risk transfer

Full Access
Question # 111

Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

A.

A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit

B.

A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit

C.

A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities

D.

An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable

Full Access
Question # 112

Due to toe increased operational responsibility of the CEO. The chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO). What is the likely imped of such a situation?

A.

There may be limitation m the scope of engagements that can be undertaken

B.

The CPO could provide expert advice when auditing areas under his purview

C.

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.

The expense of finance staff can be catted upon during an audit of finance-related areas

Full Access
Question # 113

What is the ultimate goal of establishing a robust risk management framework in an organization?

A.

To support the organization's risk culture, involving employees at all levels.

B.

To ensure that the organization attains a better financial position.

C.

To assist the organization in identifying and mitigating key risks.

D.

To facilitate the organization's achievement of business goals and objectives.

Full Access
Question # 114

An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

A.

Verifying whether claims have been properly authorized for payment

B.

Verifying whether claims are properly supported by invoices or other documents.

C.

Confirming that all claims are within the limits of the organization's travel policy.

D.

Reconciling claims against business the requests that were approved by supervisors

Full Access
Question # 115

Which of the following is an indicator that an organization's risk management processes are effective?

A.

Departmental objectives are managed by department heads and are independent of the organization's mission.

B.

Organization wide mechanisms exist to enable the identification and assessment of all significant risks.

C.

Department heads have the autonomy to determine risk responses that fall outside of the organizations risk appetite

D.

Relevant risk information is captured and communicated primarily between management and the board

Full Access
Question # 116

According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?

A.

Monitoring resources.

B.

Compensating the chief audit executive.

C.

Determining scope.

D.

Allocating internal costs.

Full Access
Question # 117

Which of the following describes the primary objective when implementing a risk management framework?

A.

To achieve planned profitability for business expansion.

B.

To enhance an organization's confidence in achieving strategy.

C.

To strengthen corporate governance standards.

D.

To eliminate business risks and uncertainties.

Full Access
Question # 118

Which level of corporate social responsibility does whistleblowing in companies primarily support?

A.

Ethical responsibility.

B.

Economic responsibility.

C.

Legal responsibility.

D.

Discretionary responsibility.

Full Access
Question # 119

To meet the resource requirements of this year’s internal audit plan, the chief audit executive (CAE) has recruited additional staff auditors, including an employee who resigned as a senior supervisor from the accounts payable department two months ago. There is a scheduled accounts payable review that the CAE wants to start within the next five months. Which approach should the CAE take, knowing the expertise of his new recruit in the area intended to be audited?

A.

Have the new internal auditor’s previous boss be excused from the area during fieldwork.

B.

Have the new internal auditor be responsible for the planning of the audit as well as the review of the audit fieldwork.

C.

Have the new internal auditor assigned to other responsibilities and not work on the accounts payable audit engagement.

D.

Have the new internal auditor assist with conducting the fieldwork, but ensure that her work is reviewed by the CAE.

Full Access
Question # 120

A senior executive at a government-owned organization received an invitation to attend a public exhibition where he can learn about new trucks relevant to the organization's business. As a special perk, the executive is offered an opportunity to drive a luxury vehicle manufactured by one of the exhibiting companies. Prior to the event, the executive asked for the chief audit executive s (CAE’s) advice. What should the CAE recommend as the most appropriate course of action for the executive?

A.

Attend the event, but decline the offer to use the luxury vehicle

B.

Decline the invitation to the exhibition.

C.

Ask the board to decide on the issue.

D.

Select a lower-level employee to enjoy the luxury vehicle instead

Full Access
Question # 121

Which of the following is ultimately responsible for the continuing professional development of internal audit activity staff?

A.

Individual internal auditors.

B.

Chief audit executive.

C.

Board of directors.

D.

CEO.

Full Access
Question # 122

An internal auditor creates a professional development plan to obtain more experience in the organization's environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization's committee meeting that is focused on strategic community awareness.

Full Access
Question # 123

What is the primary purpose of The IIA's Code of Ethics?

A.

Communicate specific activities appropriate to the performance of internal auditing

B.

Promote ethical culture within corporations and other business organizations

C.

Establish mandatory standards of competence for the practice of internal auditing

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing

Full Access
Question # 124

An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

A.

Encourage the auditor to continue this practice, as it demonstrates objectivity.

B.

Encourage the auditor to improve communication skills.

C.

Encourage the auditor to conduct post-engagement surveys to obtain the audit client's position on the issues raised.

D.

Encourage the auditor to sign the draft reports before submitting them.

Full Access
Question # 125

How should the internal audit activity promote continuous improvement of organizational controls?

A.

By assessing implementation of controls m individual processes during audit engagements

B.

By identifying the most significant business processes and designing effective controls for those processes

C.

By implementing an internationally accepted internal control framework across the organization

D.

By facilitating control self-assessment sessions for managers responsible for business processes

Full Access
Question # 126

Which of the following accurately describes the concept of inherent risk?

A.

Risk factors that exist when controls are in place and operating effectively

B.

Internal risk factors assuming no controls are in place

C.

Risk factors that cannot be mitigated because they are innate to a process

D.

Combination of internal and external risk factors in their pure state assuming no controls are in place

Full Access
Question # 127

An internal auditor is reviewing the results of an employee survey at a mining company. Which of the following would alert the auditor to a potential ethics issue?

A.

Women account for 20% of the total number of employees in the company.

B.

Thirty percent of employees feel confident in raising concerns without a fear of retaliation.

C.

Most employees believe that transparent and fair decision-making forms the basis of business ethics.

D.

Employees with longer work experience believe that they deserve more privileges than new hires.

Full Access
Question # 128

Which of the following documents most directly describes the guidelines for and importance of the objectivity of internal auditors?

A.

Internal audit quality assessments.

B.

Internal audit charter.

C.

Internal audit plan.

D.

Internal audit reporting.

Full Access
Question # 129

An experienced internal auditor is planning an assurance engagement of the organization's sales activities. During process walkthroughs and interviews, many sales representatives expressed concerns about management's escalating demands to meet the organization's sales goals. According to the MA guidance, which of the following is the best application of due professional care in planning the engagement?

A.

Disregard the complaints because the information isn't reliable and isn't sufficient to support engagement conclusions and results.

B.

Consider the significance of the risks related to the complaints and develop appropriate assurance procedures in work programs.

C.

Disregard the complaints because using them would violate the confidentiality principle.

D.

Discuss management's needs and expectations related to including the complaints in the audit scope.

Full Access
Question # 130

Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?

A.

Key principles approach

B.

Process elements approach

C.

Holistic approach

D.

Maturity model approach

Full Access
Question # 131

Which of the following tests would most likely help discover a fictitious invoice?

A.

Compare vendor addresses to employee addresses.

B.

Match cancelled checks to invoices.

C.

Search for duplicate payment amounts.

D.

Check employee bank records against invoice amounts.

Full Access
Question # 132

Once an organization's risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

A.

Risk responses must be selected.

B.

Risks must be assessed.

C.

The risk universe must be established.

D.

Risk responses must be aligned.

Full Access
Question # 133

According to IIA guidance, which of the following statements regarding ethics is true?

A.

Business ethics may vary within an organization with both domestic and foreign operations.

B.

Business ethics are universal in nature and organizations across the world are expected to comply with similar standards.

C.

A business ethics policy for an organization is established solely to direct the behavior and expectations of employees.

D.

Business ethics of an organization must remain independent from those of suppliers, customers, and business partners.

Full Access
Question # 134

An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?

A.

Support a mix of environmental economic and social initiatives to ensure a balanced approach is taken

B.

Survey employees and external stakeholders to see which causes are best suited to the organization.

C.

Select corporate social responsibility initiatives that support the overall strategic goals of the organization

D.

Conduct a financial analysis to determine where the most impact can be made with the budget available

Full Access
Question # 135

Which of the following frauds is most likely to occur in the accounts payable function?

A.

Factitious vendors are entered into the system, possibly resulting in improper disbursements.

B.

Bad debt expense is intentionally omitted from the financial statements.

C.

Certain costs are capitalized, rather than expensed.

D.

A related party receives benefits not appropriate in an arm's-length transaction.

Full Access
Question # 136

Which of the following principles of The IIA's Code of Ethics implies that internal auditors should refrain from performing assurance services when there is an impairment to audit independence that has not been declared?

A.

Confidentiality.

B.

Objectivity.

C.

Integrity.

D.

Competency.

Full Access
Question # 137

Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?

A.

Risk reduction.

B.

Risk transfer.

C.

Risk acceptance.

D.

Risk avoidance.

Full Access
Question # 138

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

A.

Monitor and review.

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Full Access
Question # 139

According to IIA guidance, which of the following is accurate regarding the chief audit executive's (CAE's) requirement to report the results of quality assessments?

1. The CAE must report the results of external assessments at least annually.

2. The CAE must report the results of ongoing monitoring at least annually.

3. The CAE must report the results of quality assessments to senior management.

4. The CAE must report the results of quality assessments to the board.

A.

1 and 3 only.

B.

2 and 4 only.

C.

1,2. and 3.

D.

2,3, and 4.

Full Access
Question # 140

An internal auditor has completed an assurance engagement. Which of the following is most likely true regarding the engagement?

A.

During audit planning the auditor provided the client with the scope of the engagement for their agreement

B.

The results of tie engagement were included m a written report mat was issued to the cleint who requested me engagement

C.

During audit planning the auditor determined that the engagement scope would include a review of the security and privacy of payroll records

D.

The client requested the review of a new payroll system in order to improve the security of fie system

Full Access
Question # 141

Which of the following would decrease or be reduced if an organization establishes and implements excessive internal controls?

A.

Production cycle time.

B.

Activities that add no value.

C.

Staff productivity.

D.

Complexity of operations.

Full Access
Question # 142

Which of the following statements best describes a functional difference between external auditors and internal auditors?

A.

Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.

B.

Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.

C.

internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.

D.

Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.

Full Access
Question # 143

Which of the following internal control components has COSO identified as the most important?

A.

Information and communication

B.

Risk assessment

C.

Control activities

D.

Control environment

Full Access
Question # 144

An engagement supervisor noted that an internal auditor's personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner's area. According to MA guidance, which of the following should be used to manage this impairment?

A.

An internal audit charter.

B.

An employee disciplinary policy.

C.

A functional audit committee.

D.

A functional reporting placement.

Full Access
Question # 145

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Full Access
Question # 146

According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

A.

1,2, and 3.

B.

1,2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4

Full Access
Question # 147

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

A.

Reject the court order, citing a potential breach of customers' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Full Access
Question # 148

To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?

A.

Internal auditors should report their audit findings directly to the audit committee.

B.

To receive an outstanding performance rating, internal auditors are required to generate audit findings.

C.

Prior to hiring a new internal auditor, the chief audit executive must determine whether the auditor owns stock in the organization.

D.

Internal auditors are permitted to audit an entity managed by a close friend or relative, as long as they notify the chief audit executive.

Full Access
Question # 149

The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?

A.

Parties are confident of the solution and are ready to defend it.

B.

There is a high level of trust among the parties.

C.

Resolution is time sensitive and a quick decision is necessary.

D.

The issue is more important to one patty than the others.

Full Access
Question # 150

What is the primary reason for establishing a continuing professional development program within an organization's internal audit activity?

A.

To ensure all internal audit responsibilities can be met

B.

To ensure all audit staff members are capable of performing a quality self-assessment.

C.

To ensure that each auditor maintains responsibility for his own professional development.

D.

To attract the best and most talented candidates in the profession

Full Access
Question # 151

During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor's review and approval. Which of the following would be an appropriate course of action for the auditor to take?

A.

Review the submission and if no further remarks exist approve the risk limits

B.

Provide advice if needed and ask management of the area under review to forward to senior management and the board for approval

C.

Develop risk limit calculation criteria and ask management of the area under review to resubmit the values.

D.

Avoid providing any advice or review until the audit report is issued

Full Access
Question # 152

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Full Access
Question # 153

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Full Access
Question # 154

Which of the following statements is the most appropriate for a chief audit executive to include in the internal audit policy manual in order to promote objectivity?

A.

Internal auditors may conduct a financial effectiveness engagement in a business unit at any point after being transferred from that area.

B.

Internal auditors may conclude that a business unit's current control environment is adequate and effective if the review of the prior year's workpapers and audit report supports that conclusion.

C.

Internal auditors may conduct an engagement in a business unit at any point after providing a training workshop in that area.

D.

Internal auditors should limit the scope of an engagement if they become aware of a potential impairment of their objectivity in order to reduce the potential impact of the impairment on the engagement results.

Full Access
Question # 155

Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

A.

An external quality assessment of the internal audit activity is performed only once every five years.

B.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

C.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

D.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Full Access
Question # 156

During an audit of the purchasing department, an internal auditor identifies significant issues that could affect the organization's financial reporting. Management disagrees with the audit results. Which of the following responses best demonstrates the internal auditor has the necessary competencies related to professional Judgment and conflict management?

A.

The auditor maintains his convictions and continues to proceed with the review process despite management's concerns related to the results.

B.

The auditor bypasses management, discusses the results with the board, and seeks the board's input on how best to address the recommendations.

C.

The auditor consults with other members of the audit team, and together they develop alternative recommendations that management may be more likely to accept.

D.

The auditor meets with management to discuss the results and obtain a better understanding of the specific concerns.

Full Access
Question # 157

Which of the following internal controls best mitigates the risk of corruption schemes between employees and vendors?

A.

Establishing policies that prohibit an employee from receiving gifts from an interested party.

B.

Having employees sign annual attestations that they adhere to the organization's code of ethics.

C.

Having strong management oversight of the purchasing and accounts payable functions.

D.

Conducting regular examinations of documentation both paper and electronic.

Full Access
Question # 158

According to the Standards, which of the following is a requirement for internal audit professional development plans?

A.

Plans must include a path to certification so that each internal auditor has a certification in auditing finances.

B.

Plans must ensure that staff development activities are based primarily on the skills and competencies needed to complete the audit plan.

C.

Plans must include rotating audit areas so that auditors acquire business knowledge to be efficient in performing engagements.

D.

Plans must include rotating auditors out into business units for temporary assignments so they can obtain more business knowledge.

Full Access
Question # 159

An organization sells products through distributors. The organization's chief audit executive insists that the organization's code of conduct be applicable to their distributors as well. Which of the following risks would this mitigate?

A.

Business continuity

B.

Market manipulation

C.

intellectual property leakage

D.

Reputational damage

Full Access
Question # 160

Which of the following organizations is adopting an acceptance technique in terms of its risk response?

A.

An organization that takes no action in managing the possible exposure to an earthquake.

B.

An organization that opts out of investing in a new region due to volatility in foreign exchange rates.

C.

An organization that takes out insurance policies to protect its property and equipment.

D.

An organization that deploys policies and procedures to guide business activities and practices

Full Access
Question # 161

The internal audit activity is asked to provide consulting services regarding the risks related to implementing a proposed new Inventory management system. Which of the following would be a key consideration of the internal audit activity in accepting this engagement?

A.

Ask the inventory manager to determine whether the work planned would be sufficient to meet the consulting engagement objectives.

B.

Ensure that the method used to communicate the results of the consulting engagement is consistent with the board's preferred method.

C.

Determine whether the benefits to be derived from the requested assessment would exceed the cost of providing the consulting service.

D.

Use email and telephone conversations to convey the results of the engagement, as these may prove to be the most efficient methods for communicating.

Full Access
Question # 162

Which of the following represents a deficiency in the control environment?

A.

The sales department has failed to achieve targets for the last nine months.

B.

Employees report suspicious activity by calling the organization's ethics hotline.

C.

Hiring procedures do not include background checks for prospective job candidates.

D.

Management reports three potential ethics issues to the board of directors.

Full Access
Question # 163

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Full Access
Question # 164

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Full Access
Question # 165

In which of the following scenarios would the internal auditor’s objectivity be best protected?

A.

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.

An internal auditor conducts an effectiveness review of an organization's business continuity plan in which his son is a minority stockholder.

Full Access
Question # 166

An organization's operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

A.

Foster the importance of the control environment

B.

Provide training on controls and on self-monitoring processes

C.

Recommend installing an enterprisewide risk management system.

D.

Conduct more assurance assignments on high risk areas

Full Access
Question # 167

Which of the following is a way to demonstrate an individual internal auditor's competency through continuing professional development?

A.

Create different training budgets for each of the internal auditors

B.

Define average training hours per auditor as a team performance measure

C.

Analyze internal audit client survey feedback following audits

D.

Review training records for all internal auditors

Full Access
Question # 168

An organization's board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Full Access
Question # 169

Which of the following is most important for an internal auditor to consider when developing an approach for an audit engagement in a foreign country?

A.

Currency exchange rates, as they relate to internal audit-related expenses.

B.

Differences in typical working hours, compared to other countries.

C.

The effects of subtle language nuances on translations.

D.

Accepted practices that may be illegal in other countries.

Full Access
Question # 170

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Full Access
Question # 171

According to NA guidance which of the following should be documented in the internal audit chatter?

A.

The risk assessment process applied by the internal audit activity

B.

The organization's internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Full Access
Question # 172

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Full Access
Question # 173

Which of the following is considered to be a threat to the internal auditor's objectivity?

A.

The auditor drafted the operational procedures of the area that she is currently auditing.

B.

The auditor received a bonus that was approved by the board of directors.

C.

The assigned auditor recommended operational procedures for the organization.

D.

The assigned auditor rotated out of the same business activity three years ago

Full Access
Question # 174

Which of the following best describes the differences between internal auditors and external auditors?

A.

External auditors are concerned about misstatements in the organization's financial statements, while internal auditors are concerned about fraudulent activities that could impact the organization’s financial statements

B.

External auditors are required to hold an accounting designation and are responsible for continuing their education, while internal auditors are required to hold an internal audit designation.

C.

External auditors focus on the accuracy and understandability of financial statements, while internal auditors help the organization accomplish its objectives by evaluating and improving the effectiveness of the control process.

D.

External auditors are not employees of the organization, while internal auditors are employees who have in-depth knowledge of the business, making their opinion more reliable to the board and senior management.

Full Access
Question # 175

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Full Access
Question # 176

Which of the following is an example of a management control technique?

A.

A budget.

B.

A risk assessment.

C.

The board of directors.

D.

The control environment

Full Access
Question # 177

Which of the following would be the most effective in helping to detect fraud?

A.

Code of conduct.

B.

Exit interviews.

C.

Fraud awareness training

D.

Employee promotion policy.

Full Access
Question # 178

Which of the following drivers of fraud is directly controllable by an organization?

A.

Pressure

B.

Rationalization

C.

Opportunity

D.

Incentive

Full Access
Question # 179

During an audit engagement, a junior staff internal auditor begins to suspect a fraud may have occurred involving a friend of the engagement supervisor. He reports his concerns to the engagement supervisor, who disagrees with his suspicions and directs him to continue with the engagement as planned. Given the circumstance, what is the most appropriate action for the junior auditor to take?

A.

Document in the workpapers and expand testing.

B.

Continue with the engagement as planned, per the more senior auditor.

C.

Report the suspected fraud to law enforcement officials and seek financial restitution.

D.

Escalate the concern to the chief audit executive.

Full Access
Question # 180

Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

A.

Checking for invoice amounts that do not match that of the purchase order.

B.

Searching for identical invoice numbers and payment amounts.

C.

Running checks to uncover post office box addresses matching employee addresses.

D.

Comparing prices across vendors to see whether one vendor is unreasonably high.

Full Access
Question # 181

Which of the following statements is true regarding occupational fraud?

A.

An employee who diverts the organization's purchases for personal use is demonstrating asset misappropriation

B.

An employee who intentionally omits negative information in the financial statement disclosures is demonstrating an example of corruption

C.

An employee who made an error in estimating losses may have committed fraud even if the error was not intentional

D.

An employee who creates a denial of service in the organization’s computer systems is committing asset misappropriation

Full Access
Question # 182

Which of the following is an example of impairment to internal auditor independence or objectivity'?

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Full Access
Question # 183

The organization's internal audit charter was last updated six years ago. To update the charter, which of the following actions is most appropriate for the chief audit executive to take?

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team.

B.

Perform a review of IIA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved.

Full Access
Question # 184

According to ISO 31000, which of the following statements is correct?

A.

The board is responsible for setting the organizational attitude through tone at the top,

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities,

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Full Access
Question # 185

A new company’s risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?

A.

Start building a cybersecurity culture and set the desired behavior using a bottom-up approach

B.

Determine the cybersecurity framework that will establish and report on the effectiveness of the program

C.

Define the cybersecurity risk appetite and perform a cost-benefit analysis of the program

D.

Raise cybersecurity awareness across various departments outside of the IT department

Full Access
Question # 186

Which of the following is a typical characteristic of an organization's risk management framework?

A.

Risk tolerance may or may not align with risk appetite depending on whether the assessment is quantitative or qualitative

B.

Risk is assessed on both an inherent and a residual basis

C.

The framework addresses four organizational objective categories strategic, historical, operational, and investment

D.

External risks and internal opportunities are omitted from the risk assessment scope

Full Access
Question # 187

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Full Access
Question # 188

Which of the following characteristics is typical of the internal audit activity?

A.

Serves third parties that need reliable financial information from audit engagements

B.

Responds to the needs and desires of senior management and the board, but remains independent of areas under review

C.

Ensures the organization complies with laws and regulations in the area under review

D.

Is completely independent of senior management, the board and the area under review

Full Access
Question # 189

A global organization established a new internal audit activity and the recently hired chief audit executive needs to develop an internal audit manual for internal auditors Among the following policies in the manual, which would facilitate internal auditors in upholding their objectivity?

A.

Internal auditors shall attend professional workshops to refresh internal audit norms and concepts

B.

Internal auditors' performance is synchronized with satisfaction ratings given by audit clients

C.

Internal auditors take prior audit results into account when conducting current audit engagements

D.

Internal auditors observe the audit client’s expectations when scoping audit engagements

Full Access
Question # 190

Which of the following represents an example of an ethical issue that the organization should address'?

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Full Access
Question # 191

Which of the following statements relating to risk management is true?

A.

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.

Internal auditors are responsible for managing the risks of the organization

Full Access
Question # 192

Which of the following is the best way for an internal auditor to demonstrate due professional care?

A.

Conduct an audit to the same extent that another prudent auditor would under similar circumstances

B.

Seek feedback from the engagement supervisor during the engagement

C.

Execute internal audit work in such a manner as to provide absolute assurance of compliance

D.

Request and receive client feedback surveys during the engagement

Full Access
Question # 193

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Full Access
Question # 194

Which of the following would be included in quality assurance and improvement program (QAIP) reporting?

A.

Descriptions of standardized work practices.

B.

Outcomes of internal audit key performance indicators.

C.

Conformance of individual engagements with the Standards,

D.

Annual summaries of consulting and audit engagements.

Full Access
Question # 195

When would on-the-job training be more effective?

A.

When participants already have a certain degree of experience and knowledge.

B.

When it makes up the largest part of the training budget.

C.

When it includes ongoing feedback and coaching from experienced team members.

D.

When it is standardized for the whole entire staff.

Full Access
Question # 196

When dealing with various stakeholders which of the following is true regarding an internal auditor's responsibility to remain objective and independent?

A.

When deciding between conflicting reports of a control's performance from a control operator and the operator's manager the internal auditor should generally believe the manager

B.

Some audit issues may remain unremediated and unreported if management will accept recommendations that the internal auditor deems more important

C.

The internal auditor may initially disagree with management s acceptance of a risk, but reevaluate and agree with management’s judgment after further discussion

D.

When working on business unit audits it is sometimes sufficient for the internal auditor to report deficiencies only to the unit manager when remediation is not complex

Full Access
Question # 197

The management team of an agricultural organization has prioritized corporate social responsibility (CSR) initiatives. Which of the following would be considered a CSR activity?

A.

Offering a one-off donation to an environmental charity for its expansion efforts

B.

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

C.

Providing special year-end monetary bonuses to the organization's employees at all levels

D.

Arranging a free-of-charge picnic for all of the organization's employees and their family members

Full Access
Question # 198

An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

A.

If it is an assurance engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible

C.

If it is a consulting engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement accept the assignment becausethe chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned

Full Access
Question # 199

Which of the following should be implemented to promote independence of the internal audit activity?

A.

Internal auditors do not review an area where they previously worked

B.

The internal audit charter is reviewed and updated annually

C.

The chief audit executive reports functionally to the board

D.

Management does not influence the consulting services provided by the internal audit activity

Full Access
Question # 200

Which of the following is a legitimate role for the internal audit activity in the organization's risk management process'?

A.

Championing the establishment of a risk management framework

B.

Creating and implementing new risk management processes

C.

Maintaining sole responsibility for risk management within the organization

D.

Setting the risk appetite of the organization

Full Access
Question # 201

According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

A.

Developing policies and procedures for the internal audit activity.

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors.

Full Access
Question # 202

The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?

A.

Request the internal audit activity to perform an ethics-related assurance engagement.

B.

Offer in-house ethics-related training seminars for employees to attend.

C.

Reaffirm the importance of the organization's code of ethics to all employees.

D.

Conduct an organizationwide employee survey on ethical practices

Full Access
Question # 203

An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?

A.

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes wifi provide depth and add more value.,

B.

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.

If it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value.

D.

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned.

Full Access
Question # 204

According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?

A.

Establish policies and procedures concerning the engagement process

B.

Develop a strategy for recruiting assigning, and training staff

C.

Outsource complex engagements to an external service provider

D.

Base the auditor evaluation process on the number of observations

Full Access
Question # 205

An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?

A.

Risk avoidance

B.

Risk reduction

C.

Risk sharing

D.

Risk acceptance

Full Access
Question # 206

Which of the following would be a red flag for potential issues in the control environment?

A.

Segregation of duties during preparation of the financial statements

B.

Compensation structures that are based on commissions

C.

A low rate of turnover in key financial positions

D.

The presence of a whistleblower policy and fraud hotlinea

Full Access
Question # 207

An external assessment of an organization's internal audit activity was last completed four years ago Which of the following options would be acceptable this year if the internal audit activity is to fulfill the requirements of the Standards?

A.

The internal audit activity conducts a self-assessment that is validated by a qualified and experienced internal auditor and then schedules a qualified, independent external assessor

B.

The board nominates an independent individual from senior management in the organization to conduct an assessment of the internal audit activity

C.

An external auditor conducts an audit of the organization which includes information about the internal audit activity

D.

The chief audit executive schedules a self-assessment and the board approves the results

Full Access
Question # 208

According to IIA guidance, which of the following threats to objectivity is described as familiarity'?

A.

An internal auditor is a close friend or relative of the manager or an employee of the audit client

B.

An internal auditor has a long-term business relationship with the audit client.

C.

An internal auditor has an economic stake in the performance of the organization

D.

An internal auditor is exposed to or perceived to be exposed to pressures from external parties

Full Access
Question # 209

Which of the following fraud schemes is often an off-book fraud*?

A.

Payroll fraud

B.

Disbursement fraud

C.

Corruption

D.

Information misrepresentation

Full Access
Question # 210

Which of the following actions should an organization take to detect an emerging risk of potential fraud?

A.

Adopt reward and recognition programs that promote good behaviors

B.

Undertake background checks for new employees as part of the hiring process

C.

Establish an anonymous platform for reporting suspected unethical behaviors

D.

Institute periodic educational training on expected ethical behaviors

Full Access
Question # 211

Which of the following statements is true regarding the independent peer review process undertaken to fulfill the requirement for an external quality assessment?

A.

Two individuals in the same internal audit activity may perform an independent peer review as long as they do not report to the same audit manager

B.

Individuals from a separate but related organization such as an affiliate may perform peer reviews

C.

Individuals working in separate internal audit activities may be considered independent as long as do not report to the same chief audit executive

D.

Peer reviews are generally less cost-effective than hiring an external quality assessor

Full Access
Question # 212

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls?

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities,

D.

Attesting to fairness of financial statements.

Full Access
Question # 213

According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

A.

Report external assessments upon completion of such assessments

B.

Report external assessments at least annually

C.

Report ongoing monitoring quarterly

D.

Report post-engagement reviews at least once every five years

Full Access
Question # 214

During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?

A.

Business acumen

B.

Persuasion and collaboration

C.

Critical thinking

D.

Communication

Full Access
Question # 215

When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?

A.

Industry knowledge

B.

Project management

C.

Leadership skills

D.

Risk assessments

Full Access
Question # 216

According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?

A.

The mentor must have a higher position in the organization than the mentee

B.

An auditor s supervisor is best positioned to serve as the auditor's mentor

C.

Meetings between a mentor and a mentee should be formal and well documented

D.

Auditors at the same level may be assigned different mentors and some auditors may have no mentor

Full Access