New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

IIA-CIA-Part2 Questions and Answers

Question # 6

During an audit of the human resources department, an internal auditor adopts benchmarking to test the employee turnover rate. How should the internal auditor apply this technique?

A.

Compare turnover m the organization to published turnover rates of peer organizations.

B.

Compare turnover in one period with turnover in the previous period in the organization

C.

Compare turnover in the period to total employees in the organization

D.

Compare turnover with the auditor's general knowledge of the organization

Full Access
Question # 7

An engagement team is being assembled to audit of one of the organization's vendors Which of the following statements best applies to this scenario?

A.

The engagement team should include internal auditors who have expertise in investigating vendor fraud

B.

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

C.

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

D.

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Full Access
Question # 8

Which of the following is not an outcome of control self-assessment?

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Full Access
Question # 9

After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?

A.

The process objectives.

B.

The process risks

C.

The process controls

D.

The process scope

Full Access
Question # 10

According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

A.

Review the organizational structure, management roles and responsibilities and operating procedures

B.

Evaluate management's risk assessment and the internal audit activity's risk assessment

C.

Assess process How and control documents used to meet regulatory requirements

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Full Access
Question # 11

After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the

organization. What is the most appropriate first step for the CAE to take?

A.

Discuss the issue with senior management.

B.

Discuss the issue only with the CEO.

C.

Inform the board.

D.

Discuss the issue with the members of management responsible for the risk area.

Full Access
Question # 12

Which of the following best describes external benchmarking using trend analysis for a subsidiary of an international company?

A.

Comparing the current ratio of the subsidiary with the current ratio of another company for the same period

B.

Comparing common-size financial statements of the subsidiary with the averages of the industry for the last two periods

C.

Comparing the sales of the subsidiary with the sales of another subsidiary for the last two periods.

D.

Comparing the sales of the subsidiary with the budgeted figures for the last two periods

Full Access
Question # 13

During audit engagement planning, an internal auditor is determining the best approach for leveraging computer-assisted audit techniques (CAATs). Which of the following approaches maximizes the use of CAATs and why?

A.

Tracing, because it would enable the auditor to verify quickly that the record counts were properly included in the compilation.

B.

Inspection, because it would enable the auditor to verify how management enters the data into the application for processing.

C.

Testing data, because it would enable the auditor to ensure that the application processes the transaction as described by management.

D.

Reperformance, because it enables the auditor to verify that the application performed the calculation correctly.

Full Access
Question # 14

When me internal audit activity does not have sufficient time to complete its usual root cause analysis which c4 the following is most appropriate?

A.

The chief audit executive may recommend that management conduct further work to identify the root cause and address the issue

B.

Internal auditors should finish the engagement without conducting the root cause analysis and draft the audit report, though the report would not be considered complete until the analysis is concluded

C.

internal auditors must adjust their future engagement schedule to ensure that the root cause analysis is always performed before the engagement is concluded

D.

Internal auditors should Instead perform a Pareto rule analysis

Full Access
Question # 15

A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?

A.

Include using in a subsequent audit to determine if the risks are still present

B.

Discuss the matter with senior management and it not reserved with the board

C.

Require that management implement controls to mitigate lie risks

D.

Report the risks to the process owners so that they can modify their process

Full Access
Question # 16

Which of the following would be most likely found in an internal audit procedures manual?

A.

A summary of the strategic plan of the area under review.

B.

Appropriate response options for when findings are disputed by management.

C.

An explanation of the resources needed for each engagement.

D.

The extent of the auditor's authority to collect data from management.

Full Access
Question # 17

An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization's policies. When of the following approaches would provide the auditor with the best information?

A.

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

B.

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

C.

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

D.

Randomly select several months obtain ageing reports for these months and compare them with the poor year

Full Access
Question # 18

Where should internal auditor focus their attention when identify and assessing key risks during the planning stage of an assurance engagement?

A.

Sampling risk.

B.

Audit risk.

C.

Residual risk.

D.

Inherent risk

Full Access
Question # 19

According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

A.

The organization's audit universe is extensive and diverse.

B.

There has been an increase in unanticipated requests for advisory work.

C.

Previous work provided by the external service provider has been of great quality and value.

D.

A recent benchmarking study found that using external service providers is a common practice of similarly-sized IAAs in other organizations.

Full Access
Question # 20

Due to emerging new technologies that greatly affect the organization, the chief audit executive (CAE) wants to conduct frequent IT audit and is particularly focused on improving the quality of these engagements. Which of the following is the most viable solution for the CAE to ensure that IT audit quality is immediately enhanced and maintained long-term?

A.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

B.

Contract an external IT special to offer advice and consult on IT audits

C.

Employ an independent external IT specialist to perform IT audits for the first year

D.

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

Full Access
Question # 21

Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?

A.

The criteria used to make the evaluation

B.

The methodology used to analyze data

C.

The proposed follow-up engagement work to be performed

D.

The scope of work performed during the engagement

Full Access
Question # 22

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

A.

The overall adequacy of the internal audit activity's resources.

B.

The availability of guest auditors for the engagement.

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required.

Full Access
Question # 23

What is the primary objective of an engagement supervisor's review of key activities performed during the engagement?

A.

To ensure that the engagement is completed on time and within budget

B.

To ensure that all work performed meets acceptable quality standards

C.

To ensure that management has provided suitable responses to all observations

D.

To ensure that management is satisfied with the progress of the engagement

Full Access
Question # 24

What is the purpose of an internal control questionnaire?

A.

To gather information from a sample of people who are geographically dispersed

B.

To assess risks that could prevent an audited area from achieving its objectives.

C.

To evaluate tie level of compliance of remote offices with centrally designed procedures

D.

To perform testing of controls more frequently

Full Access
Question # 25

Which of the following should management action plans include at a minimum?

A.

An implementer for the action plan

B.

An owner of the action plan

C.

The internal auditor's next review date of the action plan

D.

Detailed procedures for the action plan

Full Access
Question # 26

Which of the following best exemplifies having effective risk management and internal control processes?

A.

Relevant risk indicators and mitigation plans are in place

B.

All risks are identified and assessed

C.

Business profitability is likely to be achieved

D.

Risk information is communicated to customers and suppliers

Full Access
Question # 27

Which of the following is one of the differences between probability-proportional-to-size (PPS) and attribute sampling?

A.

PPS sampling s used to reach conclusions regarding monetary amounts, attribute sampling is not.

B.

PPS sampling is used to roach conclusions regarding rates of occurrence, attribute sampling is not.

C.

PPS sampling a applied within the context of testing controls attribute sampling s not.

D.

Attribute sampling is affected by the monetary book value of the population PPS sampling is not

Full Access
Question # 28

While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?

1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

4. Submit management's plan of action to the external auditors for additional review.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Full Access
Question # 29

An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization's vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests Based on the auditor's actions which of the following is most likely the objective of this engagement1?

A.

To identify whether fuel was purchased for work-related purposes

B.

To estimate future fuel costs for the organization's fleet of vehicles

C.

To determine trends in average fuel consumption by vehicle

D.

To determine whether the organization is paying more than the industry average for fuel

Full Access
Question # 30

The head of customer service asked the chief audit executive (CAE) whether internal auditors could assist her staff with conducting a risk self-assessment in the customer service department The CAE promised to meet with customer service managers analyze relevant business processes and come up with a proposal Who is most likely to be the final approver of the engagement objectives and scope?

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Full Access
Question # 31

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department's risks and controls?

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization's risk strategy and risk appetite framework

D.

Discuss the department's present strategies ‘and objectives with the head of the HR department

Full Access
Question # 32

The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE's best option for fulfilling the internal audit activity's responsibilities in this case?

A.

Outsource the investigation to independent professional consultants

B.

Select certain internal auditors and remove them from their current assignments so that they can begin a forensic investigation course

C.

Recruit additional internal auditors possessing relevant qualification and experience

D.

Decline the engagement at this time

Full Access
Question # 33

An internal audit report includes a recommendation to remove inappropriate user access to an IT application. Which of the following does the recommendation represent?

A.

An agreed action adopted by management.

B.

A condition-based recommendation as an interim solution to correct a current condition.

C.

A cause-based recommendation to prevent inappropriate access being granted again.

D.

A management action plan.

Full Access
Question # 34

Which of the following would be the most helpful to a chief audit executive when developing a talent management strategy?

A.

Gap analysis

B.

Staff preferences

C.

Maturity analysis

D.

Extent of external audit coverage

Full Access
Question # 35

An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?

A.

Vendor contracts.

B.

Employee master list.

C.

Payment records.

D.

Purchasing policy.

Full Access
Question # 36

According to IIA guidance, which of the following statements is true regarding engagement planning?

A.

For both assurance and consulting engagements, planning typically occurs after the engagement objectives and scope have already been determined.

B.

The expectations and objectives of an assurance engagement are usually determined by, or in conjunction with, the engagement client.

C.

Internal auditors may not need to complete a preliminary risk assessment for a consulting engagement as they would when planning an assurance engagement.

D.

For both consulting and assurance engagements, internal auditors usually form the engagement objectives prior to completing the preliminary risk assessment.

Full Access
Question # 37

Which of the following statements generally true regarding audit engagement planning?

A.

The best source tor detailed process information is senior management

B.

Audit objectives should be general and do not change.

C.

Computer-assisted audit techniques are typically not useful during engagement planning

D.

Internal auditors should prepare a dented audit program for testing controls

Full Access
Question # 38

When estimating the impact of an inherent risk, which of the following should internal auditors consider?

A.

The probability and frequency of occurrence

B.

Financial and nonfinancial factors related to the risk

C.

The number of risks identified on the heat map

D.

The residual risk following implementation of appropriate controls

Full Access
Question # 39

During the preliminary survey of the procurement department, an internal auditor noted a major control weakness in the organization's ordering and receiving process. According to IIA guidance, which of the following is the most appropriate action the internal auditor should take?

A.

Issue a final report on the control weakness to senior management.

B.

Bring the control weakness to the attention of the process owner for resolution.

C.

Note the control weakness for discussion during the exit meeting.

D.

Carry out an investigation of the control weakness for disciplinary action.

Full Access
Question # 40

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

A.

Determine process outputs.

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals.

Full Access
Question # 41

When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?

1. Add value.

2. Improve operations.

3. Provide assurance that the internal audit activity conforms with the Standards.

4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

A.

1 only

B.

1 and 2 only

C.

1 and 3 only

D.

1, 2, 3, and 4

Full Access
Question # 42

Upon the completion of an audit engagement an audit manager performs a review of a staff auditor's workpapers. Which of the following actions by the manager is the most appropriate this review''

A.

Communicate the workpaper review results to management of fie area under review to validate the final report

B.

Update the final report in the file with any necessary corrections based on the workpaper review.

C.

Discuss the workpaper review results with the staff auditor where appropriate as a leaning opportunity

D.

Add the manager's review notes to the final documentation following the review

Full Access
Question # 43

An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?

A.

Conduct a joint brainstorming session with management.

B.

Ask the chief audit executive to mediate.

C.

Disclose the client's differing opinion in the final report.

D.

Escalate the issue to senior management for a decision.

Full Access
Question # 44

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager's decision to accept the risk otherwise, no other speak: course of action is required.

Full Access
Question # 45

According to MA guidance, which of the following factors should an internal auditor consider when assessing the likelihood of fraud risk1?

A.

The effect on the organization's reputation

B.

Any potential damage to the organization's relationship with customers.

C.

Past fraud allegations and actual occurrences

D.

The potential and realized financial impacts

Full Access
Question # 46

According to IIA guidance, which of the following statements about analytical procedures is true?

A.

Analytical procedures compare information against expectations.

B.

Analytical procedures begin after the engagement’s planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques.

Full Access
Question # 47

Which of the following is an advantage of nonstatistical sampling over statistical sampling?

A.

Nonstatistical sampling provides more objective recommendations for management.

B.

Nonstatistical sampling provides an opportunity to select the minimum sample size required to satisfy the objectives of the audit tests.

C.

Nonstatistical sampling provides for the use of subjective judgment in determining the sample size.

D.

Nonstatistical sampling permits the auditor to specify a level of reliability and the desired degree of precision.

Full Access
Question # 48

An internal control questionnaire would be most appropriate in which of the following situations?

A.

Testing controls where operating procedures vary.

B.

Testing controls in decentralized offices.

C.

Testing controls in high risk areas.

D.

Testing controls in areas with high control failure rates.

Full Access
Question # 49

An internal auditor is testing the success of the IT support department in meeting the service levels guaranteed to small, medium and large customers. The customer's size classification is based on its annual expenditures with the organization and the nature and extent of services it receives. Which of the following sampling techniques would be the most suitable to select customers for this test?

A.

Interval sampling

B.

Cluster sampling

C.

Stop-and-go sampling

D.

Stratified sampling

Full Access
Question # 50

Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?

1. Intervening during an audit involving ethical wrongdoing.

2. Discussing periodic reports of ethical breaches.

3. Authorizing an investigation of an unsafe product.

4. Negotiating a settlement of an employee claim for personal damages.

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Full Access
Question # 51

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Full Access
Question # 52

A team of internal auditors is assigned to audit the employee relations process in an organization, which includes employee conduct and disciplinary hearings. Which of the following audit approaches would provide the auditors with the best evidence to determine the degree to which disciplinary decisions are complying with documented policy?

A.

Review a random sample of concluded disciplinary reports to assess how the policy was applied in each case.

B.

Interview a sample of impacted employees for their opinions on the clarity and fairness of the policy.

C.

Observe several disciplinary hearings to determine whether they are in compliance with the policy.

D.

Conduct an interview to assess the disciplinary hearing chairman’s understanding of the policy and its appropriate use.

Full Access
Question # 53

An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE's responsibility at the meeting?

A.

Inform senior management of the appropriate actions they should take to control the risk

B.

Recommend that the internal audit activity provide consulting services to help minimize the risk

C.

Assume the responsibility of resolving the significant risk that will affect the organization

D.

Determine whether senior management accepted risk that may be deemed unacceptable for the organization

Full Access
Question # 54

Besides a chief audit executive's professional experience what determines the frequency and approach to assessing residual risk?

A.

The frequency of executing the internal audit engagements

B.

The frequency of changes in the organization environment

C.

The expectations set by the board and senior management

D.

The expectations set by operating management and senior management

Full Access
Question # 55

At a construction company, an internal auditor is planning an audit of the company's process for designing and building grid connections The process involves customers making payments m three parts

• The first payment of 10% after approval of the customer s application

• The second payment of 70% prior to construction

• The third payment of 20% after construction is complete

Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?

A.

Controls that ensure that grid connection design is finalized before construction is approved to begin

B.

Controls that ensure construction orders are initiated after the second invoice is paid

C.

Controls that ensure all three invoices are calculated correctly according to the total project cost

D.

Controls that ensure that applications are verified for approval prior to initiating design and construction

Full Access
Question # 56

The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?

• The annual audit plan should include audits that are consistent with the skills of the IAA.

• Audits of high-risk areas of the organization should be conducted by internal audit staff.

• External resources may be hired to provide subject-matter expertise but should be supervised.

• Auditors should develop their skills by being assigned to complex audits for learning opportunities.

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Full Access
Question # 57

What is the primary reason that audit supervision includes approval of the engagement report?

A.

To ensure the objectives of the area under review are met.

B.

To ensure senior management supports the report's conclusions.

C.

To ensure report style and grammar are appropriate.

D.

To ensure report findings are substantiated.

Full Access
Question # 58

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization's key business processes.

D.

Increased access to the organization’s software and proprietary data.

Full Access
Question # 59

Which of the following reasonably represents best practices regarding what should be the level of internal audit resource investment in monitoring and following up on engagement outcomes?

A.

Limited resources should be employed since the actual engagement is already completed and the onus of corrective actions rests with management

B.

No resources should be exclusively deployed for that at all rather it should be planned as part of future engagements in the same area

C.

Resources should only be provided towards this if doing so does not result in depletion of resources for new engagements planned in the current period

D.

Resources should be allocated to this without conditions as long as doing so meets the expectations of management and the judgment of the chief audit executive.

Full Access
Question # 60

The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks Which of the following engagement objectives would be appropriate to fulfill this request?

A.

Assess the organization's ability to minimize potential external risks

B.

Assess the organization's process of vetting vendors that provide necessary services to the organization

C.

Assess the organization's risk impacts from the markets in which it operates

D.

Assess the organization's controls implemented that would help minimize risks

Full Access
Question # 61

A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?

A.

Sampling risk.

B.

Control risk.

C.

Nonsampling risk.

D.

Residual risk.

Full Access
Question # 62

As a result of server managements assumption of risk there is residual risk that exceeds me organisation's risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?

A.

ignore the responsibility of addressing the residual risk

B.

Assume the responsibility of addressing the residual risk

C.

Ensure senior management acknowledges residual risk

D.

Communicate with the board the issue of residual risk

Full Access
Question # 63

Which of the following describes the primary objective of an internal audit engagement supervisor?

A.

Uphold the quality of the internal audit actively

B.

Provide engagement progress updates to management of the area under review

C.

Assure risks and controls are identified and assessed

D.

Ensure timely completion of the engagement

Full Access
Question # 64

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Full Access
Question # 65

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

A.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Full Access
Question # 66

According to IIA guidance, which of the following reflects a characteristic of sufficient and reliable information?

A.

The establishment of an audit approach and documentation system

B.

The standardization of workpaper terminology and notations

C.

The ability to reach consistent audit conclusions regardless of who performs the audit

D.

The application of documentation standards m an appropriate and consistent manner

Full Access
Question # 67

According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Full Access
Question # 68

During a review of the treasury function an internal auditor identified a risk that all bank accounts may net to include in the daily reconciliation process.

Which of the following responses would be most effective to mitigate this risk?

A.

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

B.

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

C.

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

D.

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Full Access
Question # 69

The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Full Access
Question # 70

According to IIA guidance which of the following represents sufficient information?

A.

Information that is factual adequate and convincing

B.

Information that is best attainable through the use of appropriate engagement techniques

C.

Information that supports engagement objectives and recommendations

D.

Information that helps the organization meet its goals

Full Access
Question # 71

Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?

A.

Identify and manage risks in line with the organization's risk appetite.

B.

Ensure that a proper and effective risk management process exists.

C.

Attain an adequate understanding of the organization's key risk mitigation strategies.

D.

Identify and ensure that appropriate controls exist to mitigate risks.

Full Access
Question # 72

Which of the following statements is false regarding audit criteria?

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Full Access
Question # 73

Which of the following engagement techniques would be best to meet the objective of denting a personal conflict -of -interest situation affecting an organization’s procurement function?

A.

Inquiry

B.

Analytical review

C.

Observation

D.

Inspection of documents

Full Access
Question # 74

Which of the following best describes why an internal audit activity would consider sending written preliminary observations to the audit client?

A.

Written observations allow for more interpretation.

B.

Written observations help the internal auditors express the significance.

C.

Written and verbal observations are equally effective.

D.

Written observations limit premature agreement.

Full Access
Question # 75

Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Full Access
Question # 76

Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?

A.

Increased completeness, including risk categories like political, supplier, and social media.

B.

Business managers can identify and assess risks that occur within each category.

C.

The internal audit activity can rely on management's risk assessment.

D.

Organizationwide audits are required since risk events within categories occur in many different ways.

Full Access
Question # 77

Which of the following situations is most critical for the chief audit executive to report to the board?

A.

The chief audit executive disagreed with the business unit manager's initial decision to accept a particular risk Management ultimately agreed to address the risk only after discussing the issue with senior management.

B.

The internal audit activity was restructured, which resulted in a significant change in responsibilities among audit managers and supervisors for some audits

C.

A staff internal auditor had difficulties completing a portion of the audit because management of the area under review was unwilling to cooperate and provide information timely.

D.

The resignation of an internal audit manager during the year caused the chief audit executive to defer a number of audit engagements to the following year.

Full Access
Question # 78

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Full Access
Question # 79

What type of audit engagement would be the most appropriate to determine how an organization could be more profitable in the long term?

A.

Operational audit

B.

Compliance and financial audit

C.

Performance audit

D.

Quality audit

Full Access
Question # 80

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Full Access
Question # 81

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Full Access
Question # 82

The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?

A.

Percentage of recommendations implemented by corrective action date

B.

Staff experience

C.

Percentage of planned audits completed

D.

Conformance with the International Professional Practices Framework

Full Access
Question # 83

An internal auditor discovered that equipment used to monitor air quality was not maintained according to the established maintenance schedule. If the issue is not addressed, the equipment may not provide accurate information on pollutant levels, which could result in regulatory sanctions and reputational damage. The auditor discussed the issue with both the manager in charge and the CEO, who explained that they understand the risk, but it has become too expensive to maintain the equipment as scheduled. In this situation, what should the chief audit executive do?

A.

Add value to the organization by taking initiative and implementing corrective actions to mitigate the identified risks.

B.

Communicate to the board the current situation, including the risk exposure to the organization.

C.

Discuss the matter with external auditors and request that they persuade management to address the issue.

D.

Contact the regulatory agency and inform them of the risk exposure.

Full Access
Question # 84

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Full Access
Question # 85

An organization buys crude oil on the open market and refines it into a high-quality gasoline. The price of crude oil is extremely volatile. Which of the following is the most appropriate risk management technique to protect the organization against these price fluctuations?

A.

Enter into long-term gasoline purchase agreements with end customers.

B.

Trade crude oil derivatives at financial markets in order to benefit from price fluctuations

C.

Purchase crude oil-related derivatives such as futures or options

D.

Stock as much raw materials as possible and consider Investing into additional facilities

Full Access
Question # 86

An internal auditor used a risk and control matrix to prepare a work program for testing a software release. During the engagement planning stage, he tested the design of

the release procedure as a key control and concluded that the control was not designed well. During the performance stage, he tested the operation of this control and

concluded that it was implemented as designed. Which of the following statements is true regarding this scenario?

A.

The test of the control design should have occurred at the performance stage.

B.

The test of the operating effectiveness of the control was not necessary.

C.

A risk and control matrix is not appropriate for this type of engagement.

D.

The test of the operating effectiveness of the control should have occurred at the planning stage.

Full Access
Question # 87

Which of the following statements is true pertaining to interviewing a fraud suspect?

1. Information gathered can be subjective as well as objective to be useful.

2. The primary objective is to obtain a voluntary written confession.

3. The interviewer is likely to begin the interview with open-ended questions.

4. Video recordings always should be used to provide the highest quality evidence.

A.

1 only

B.

4 only

C.

1 and 3

D.

2 and 4

Full Access
Question # 88

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Full Access
Question # 89

An internal auditor is assigned to validate calculations on the organization's building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Full Access
Question # 90

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Full Access
Question # 91

The internal audit activity has requested that new vendor information be summarized once per week in a single report, and that all invoices each week for these vendors be automatically flagged in the invoice processing system. Which of the following computerized audit techniques is the internal audit activity most likely applying?

A.

Enabling continuous auditing.

B.

Employing generalized audit software.

C.

Facilitating electronic workpapers.

D.

Using machine learning.

Full Access
Question # 92

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

Ensure encryption keys meet ISO standards.

Determine whether an independent review of the service provider's operation has been conducted.

Verify that the service provider’s contracts include necessary clauses.

Verify that only public-switched data networks are used by the service provider.

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Full Access
Question # 93

An internal auditor using the five-attribute approach to document deficiencies in a warehouse shipping process. Which of the following attributes will be included in the workpapers?

A.

Risk, impact likelihood existing control, recommendation

B.

Condition, cause, effect, recommendation

C.

Condition, cause effect test result

D.

Risk, impact test result recommendation

Full Access
Question # 94

A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''

A.

Present the revised audit plan directly to the board for approval.

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

C.

Present the revised audit plan directly to the CEO for approval

D.

Communicate with the CEO and present the revised audit plan to the board for approval.

Full Access
Question # 95

Which type of assurance engagement is conducted to determine whether a process or area is performing as intended, accomplishing its objectives, and doing so in an efficient and economical way?

A.

Compliance audit.

B.

Operational audit.

C.

Financial audit.

D.

Provider audit.

Full Access
Question # 96

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

A.

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.

Local law enforcement should be involved as they are more familiar with the applicable local laws.

Full Access
Question # 97

Which of the following approaches would best help an internal auditor determine whether a retailer database of 100,000 customers has nay duplicate accounts?

A.

Stratifying the customer information

B.

Extracting the customer information

C.

Filtering the customer information

D.

Sorting the customer information

Full Access
Question # 98

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Full Access
Question # 99

When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?

A.

Intern accounting management via an interim memorandum update

B.

Note the item in the workpapers for inclusion in the final audit report

C.

Call a meeting and discuss me issue with the audit committee

D.

Alert the CEO as soon as the issue is discovered

Full Access
Question # 100

In order to obtain background information on an assigned audit of data center operations an internal auditor administers control questionnaires to select individuals who have primary responsibilities within the process. Which of the following is a drawback of this approach?

A.

It will be difficult to quantify the information obtained through this approach

B.

This approach does not help the auditor learn about the existence of controls

C.

It takes the auditor a long time to assess the relevant controls using this approach

D.

Information on control functionality is limited

Full Access
Question # 101

An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?

A.

A relevant procurement law or regulation.

B.

A list of the company's vendors.

C.

A review of a sample of tenders during the audited period.

D.

A summary of the company's expenditures and their categories.

Full Access
Question # 102

Which of the following approaches to understanding business processes is conducted from a broad organizational perspective and has the greatest risk of overlooking processes that are ultimately critical?

A.

Process narrative.

B.

Process mapping.

C.

Bottom-up.

D.

Top-down.

Full Access
Question # 103

An engagement supervisor reviewed a staff internal auditor's documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?

A.

The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review

B.

Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review

C.

The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf

D.

The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

Full Access
Question # 104

Which of the following best describes the manual audit procedure known as vouching?

A.

Testing the validity of information by following it backward to a previously prepared record

B.

Testing the accuracy of the control by reperforming the task or process required

C.

Soliciting and obtaining written verification of the accuracy from an independent third party

D.

Testing the completeness of information forward from a record to a subsequently prepared document

Full Access
Question # 105

The internal audit activity needs to review the information security function but does not have the IT expertise needed for the engagement. Which of the following actions should the chief audit executive take to ensure the internal audit activity conforms with the Standards?

A.

Assign the engagement to a staff auditor and closely review his work and report.

B.

Assign the engagement to a senior auditor, who carefully researches and studies the company’s IT infrastructure.

C.

Contract an external service provider auditor with the experience necessary to perform the audit.

D.

Perform the audit herself and work closely with the information security function to obtain expertise in the area.

Full Access
Question # 106

An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?

A.

The internal auditor concludes that management may be placing undue reliance on me specified control

B.

The internal auditor concludes that the specified control is more effective than it really is.

C.

The internal auditor concludes that the specified control is acceptably effective

D.

The internal auditor concludes that additional testing will be required to evaluate the specified control

Full Access
Question # 107

Internal audit staff lacks the expertise to perform a fraud investigation engagement stemming from a whistleblowing incident. Which of the following is the most appropriate

option for the chief audit executive?

A.

Appoint an independent fraud investigation specialist to work with the selected internal auditors.

B.

Organize in-house fraud investigation training sessions for selected internal auditors.

C.

Assign an experienced auditor to the engagement for a development opportunity.

D.

Hire a new internal auditor who possesses fraud investigation experience.

Full Access
Question # 108

An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?

A.

Names and work titles of employees

B.

Description of responsibilities of business units.

C.

Average fuel consumption data of vehicles

D.

Location and route data of vehicles

Full Access
Question # 109

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Full Access
Question # 110

An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 111

An internal auditor receives a document displaying all the steps of a process and the path taken as transactions flow between each step of the process How is the internal auditor most likely to use This document during the engagement?

A.

To perform an assessment of the adequacy of process controls.

B.

To perform an assessment of the effectiveness of process controls

C.

To perform a detailed assessment of process risks

D.

To perform an assessment of the sufficiency of residual process risks.

Full Access
Question # 112

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Full Access
Question # 113

Which of the following would be the most reliable source of documentary evidence?

A.

Confirmation letters.

B.

Remittance advices.

C.

Policy statements.

D.

Canceled checks.

Full Access
Question # 114

Which of the following would help the internal audit activity assess compliance with the organization's standard operating procedures for bank deposits during a preliminary survey?

A.

Issue an internal control questionnaire to select branch customers.

B.

Issue an internal control questionnaire to the president of the organization.

C.

Issue an internal control questionnaire to the director of bank operations.

D.

Issue an internal control questionnaire to select branch managers.

Full Access
Question # 115

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Full Access
Question # 116

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Full Access
Question # 117

An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?

A.

Manage and coordinate risk management processes.

B.

Audit risk management processes.

C.

Become involved in risk oversight committees, monitoring activities, and status reporting.

D.

Accept management's responsibility for risk management without board approval.

Full Access
Question # 118

Which of the following is the primary reason a chief audit executive should network with an organization’s executives?

A.

To better understand and influence executives' planning.

B.

To make executives aware of the benefits that the internal audit activity can provide.

C.

To assist executives in setting the organization’s risk appetite.

D.

To have a better understanding of the training needed to strengthen the audit team.

Full Access
Question # 119

An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?

A.

Facilitate a control assessment to ensure all application risks were appropriately identified

B.

Advise the project team on how to develop effective controls

C.

Direct the project team to implement the appropriate controls within the software application

D.

Provide assurance that the design of the controls will mitigate the identified application risks

Full Access
Question # 120

Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?

A.

Identifying and managing risks in line with the entity's risk appetite.

B.

Ensuring that a proper and effective risk management process exists.

C.

Attaining an adequate understanding of the entity's key mitigation strategies.

D.

Identifying and ensuring that appropriate controls exist to mitigate risks.

Full Access
Question # 121

A chief audit executive (CAE) is determining which engagements to include on the annual audit plan. She would like to consider the organization's attitude toward risk and the degree of difficulty in achieving objectives. Which of the following resources should the CAE consult?

A.

The corporate risk register.

B.

The strategic plan.

C.

Internal and external audit reports.

D.

The board's meeting records.

Full Access
Question # 122

Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?

A.

Tracing

B.

Reperformance

C.

Vouching

D.

Walkthrough

Full Access
Question # 123

According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor's use of review notes?

A.

The engagement supervisor's review notes should be retained m the final documental or even after they are addressed.

B.

The engagement supervisor's review notes cannot be used as evidence of engagement supervision

C.

The engagement supervisor's review notes could be cleared from all final documentation after they are addressed

D.

The engagement supervisor's review notes must be maintained in a checklist separate from tie final documentation

Full Access
Question # 124

When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?

A.

The last available risk assessment.

B.

Requests from senior management and the board.

C.

The longest interval since the last examination of each audit universe item.

D.

The auditable areas required by regulatory agencies.

Full Access
Question # 125

An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?

A.

Sufficiency

B.

Reliability

C.

Relevance

D.

Usefulness

Full Access
Question # 126

Following an IT systems audit, management agreed to implement a specific control in one of the IT systems. After a period, the internal auditor followed up and learned that management had not implemented the agreed management action due to the decision to move to another IT system that has built-in controls, which may address the risks highlighted by the internal audit. Which of the following is the most appropriate action to address the outstanding audit recommendation?

A.

The auditor examines the system documentation of the new system to verify that the risk has been addressed in the new system, then reports to senior management the closure of the issue.

B.

The auditor accepts management's explanation that the previously identified issue is adequately addressed by the new IT system, as management understands the concern and is most knowledgeable about the new system, and closes the outstanding issue.

C.

The auditor advises management that replacing the IT system does not dismiss the prior obligation to implement the agreed action plan, and escalates the issue to senior management and the board.

D.

The auditor requires management to provide details regarding the process for selecting the new IT system and whether other systems were evaluated, and closure of the issue would depend on the new information provided.

Full Access
Question # 127

If there is a significant error or omission in the final audit report that was communicated to management, which of the following is the key action for the internal audit activity?

A.

Communicate the corrected information to the manager of the audited department.

B.

There should be a follow-up audit to address the error or omission.

C.

The auditor should update the scope of the audit to include the omission.

D.

The corrected communication should be redistributed to the original recipients.

Full Access
Question # 128

Flowcharts are useful during audit planning because they contain information that may help internal auditors with which of the following?

A.

Understanding management's risk tolerance.

B.

Understanding business processes.

C.

Determining the size of the audit team needed to perform the review.

D.

Understanding organizational objectives.

Full Access
Question # 129

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

A.

It documents the audit steps and procedures to be performed.

B.

It documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review.

Full Access
Question # 130

An internal auditor developed a list of internal and external risk considerations across the organization's processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?

A.

Top-down approach

B.

Process-Metrix approach

C.

Risk-factor approach

D.

Bottom up approach

Full Access
Question # 131

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

A.

Evaluate and verify management's response, and determine the need and scope for additional work.

B.

Evaluate and verify management's response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Full Access
Question # 132

Which of the following is critical to the success of an effective interview?

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Full Access
Question # 133

Which of the following is an appropriate activity when supervising engagements?

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor's discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Full Access
Question # 134

The chief audit executive can illustrate the value of the internal audit activity by reporting which of the following to the board?

A.

The overall performance resulting from the internal audit balanced scorecard

B.

The number of outstanding and overdue management actions

C.

The experience of the organization's internal auditors

D.

The number of audits in the annual audit plan relative to similar organizations

Full Access
Question # 135

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Full Access
Question # 136

To effectively communicate the acceptance of risk in an organization a chief audit executive must first consider which of the following?

A.

The organization's view on risk tolerance

B.

The organization's principal risk events.

C.

The organization's risk response strategies

D.

The organization's major control activities

Full Access
Question # 137

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Full Access
Question # 138

Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors' work?

A.

Board of directors

B.

External auditors

C.

Chief audit executive

D.

Senior management

Full Access
Question # 139

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan Which of the following approaches would be most beneficial to help the CAE obtain details of the Internal audit activity's collective knowledge skills, and other competencies?

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews

Full Access
Question # 140

Which of the following items, included in the preliminary audit communication would be most useful for management to formulate action plans in response to audit recommendations?

A.

A condition

B.

An audit objectives

C.

An audit scope

D.

An observation rating

Full Access
Question # 141

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Full Access
Question # 142

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?

A.

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.

Both total sales and cost of ingredients used are greater than expected.

D.

Both total sales and cost of ingredients used are less than expected.

Full Access
Question # 143

During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit. Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

A.

The observation was made during the same audit, and the action plan has a common owner.

B.

The observation relates to the same control activity within a common process.

C.

The observation has a common control, and it was noted in a prior audit.

D.

The observation has a common process, and the action plan for the observation has a common owner.

Full Access
Question # 144

An internal auditor develops an engagement observation related to an organization's accumulation of large travel advances. The auditor observes that the organization's procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization's procedures?

A.

A criterion of the organization's accumulation of large travel advances

B.

A condition of the organization's accumulation of large travel advances

C.

A consequence of the organization's accumulation of large travel advances

D.

A cause of the organization's accumulation of large travel advances

Full Access