Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

IIA IIA-CIA-Part1 Dumps

Internal Audit Fundamentals Questions and Answers

Question 1

Which of the following is an example of an impairment to an internal auditor ' s independence?

Options:

A.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

B.

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

C.

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

D.

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Question 2

Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?

Options:

A.

The OAIP should be conducted at least once every three years, and must be performed by an external assessor.

B.

The OAIP should be conducted on an ongoing basis, and can be completed as a self-assessment,

C.

he QAIP should include both internal assessments performed by staff and external assessments performed by independent, objective individuals

D.

The OAIP should be performed with scoping limitations established by the board.

Question 3

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

Options:

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees ' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Question 4

An internal audit of an organization ' s disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors ' banking information?

Options:

A.

Management periodically reviews and verifies the information in the vendor master Tile.

B.

Management ' s approval is required for update to vendors ' banking information.

C.

Management randomly audits a sample of payments to verify the accuracy of vendors ' banking information.

D.

Management ' s approval is required before payments can be processed.

Question 5

Which of the following is a consulting service the internal audit activity can perform with respect to the organization ' s risk management?

Options:

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Question 6

An engagement supervisor noted that an internal auditor ' s personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner ' s area. According to MA guidance, which of the following should be used to manage this impairment?

Options:

A.

An internal audit charter.

B.

An employee disciplinary policy.

C.

A functional audit committee.

D.

A functional reporting placement.

Question 7

An organization ' s operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

Options:

A.

Foster the importance of the control environment

B.

Provide training on controls and on self-monitoring processes

C.

Recommend installing an enterprisewide risk management system.

D.

Conduct more assurance assignments on high risk areas

Question 8

Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report

- Qualifications and independence of me external assessment team

- Conclusions of assessors

- Corrective action plans

How should the CAE improve the aforementioned approach to reporting the resets of QAIP?

Options:

A.

Senior management should be excluded from the reporting as the QAiP results must be communicated to re board only

B.

The report can be streamlined by removing unnecessary information such as the qualifications and me independence of external assessors

C.

The results must be snared with the external a auditors as well, so they can determine the extent to which they can rely on me work of the internal audit activity

D.

The report should indicate that the external assessment must be performed at least once every five years

Question 9

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Question 10

An internal auditor discovered that a former colleague from the internal audit activity now works in a junior position in a department scheduled for an upcoming audit. How can the auditor best ensure his objectivity for this engagement?

Options:

A.

Recommend mat the chief audit executive outsource the upcoming audit engagement

B.

Proceed with the audit engagement in accordance with the internal audit manual

C.

Increase the amount of fieldwork in order to build greater credibility for audit conclusions

D.

Declare a conflict of interest and hand over the engagement to another auditor

Question 11

A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?

Options:

A.

The framework should not be developed by the internal audit activity

B.

The framework should apply to individual projects rather than the organization as a whole

C.

The framework should always be tailored to the organization

D.

The framework should require fewer resources to implement

Question 12

A chief audit executive (CAE) has just joined an organization with an existing internal audit activity. Based on her review of the current organizational structure, the CAE determines that the internal audit activity lacks adequate independence. Which of the following actions is the CAE ' s best step to take next to move the internal audit activity toward organizational independence?

Options:

A.

Ensure the limitations are disclosed through communication with the board and senior management, so that the internal audit activity can continue operating under the same organizational structure.

B.

Request that the board restructure the reporting line of the internal audit activity to ensure the CAE has unrestricted access to the board.

C.

Rotate internal audit assignments among members of the internal audit activity to minimize the effects of the current structure.

D.

Train internal auditors about organizational independence and have them sign an acknowledgment of understanding.

Question 13

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports functionally to the CEO.

B.

The CAE ' s compensation is approved by the chief financial officer.

C.

The CAE ' s appointment Is determined by the CEO

D.

The CAE reports administratively to the chief operating officer.

Question 14

The chief audit executive (CAE) has decided to outsource an audit of the organization ' s cloud governance in the annual audit plan. Why would the CAE outsource this audit?

Options:

A.

Lack of internal audit staff proficiency.

B.

Lack of audit planning.

C.

Lack of internal assessments.

D.

Lack of due professional care.

Question 15

Which of the following concepts is emphasized in the Mission of Internal Audit?

Options:

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Question 16

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Question 17

Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?

Options:

A.

Authority and responsibility of the internal audit activity

B.

Hours and sources of continuing professional education

C.

Scope and frequency of both the internal and external assessments

D.

independence and objectivity impairments of the CAE

Question 18

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Options:

A.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.

Approve the annual budget and resource plan for the internal audit activity.

C.

Assist the CAE with hiring objective and competent internal audit staff.

D.

Encourage the CAE to communicate and coordinate with the external auditor.

Question 19

Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?

Options:

A.

The nature and scope of a consulting engagement are determined by the internal audit activity based on its risk assessment

B.

The nature and scope of an assurance engagement are subject to agreement with management of the area under review

C.

Both assurance services and consulting services can be focused on controls or performance or both

D.

The assurance engagement process ends with reporting

Question 20

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question 21

The internal audit activity audited an organization ' s risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

Options:

A.

The internal audit activity should add value by implementing the recommendations on management ' s behalf.

B.

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

Question 22

Which of the following most accurately describes the role of the board when it comes to organizational governance?

Options:

A.

Responsibility for outcome of the process.

B.

Responsibility to be involved in management of the organization.

C.

Responsibility to determine who is accountable for outcomes.

D.

Responsibility to identify risks in the organization’s business environment

Question 23

Which of the following statements relating to risk management is true?

Options:

A.

The high-level risk assessment performed during engagement planning is a detailed step-by-step analytical process

B.

External auditors must be engaged to evaluate the potential for fraud and how the organization manages fraud risk

C.

A lack of controls is acceptable if the risk is reduced to an acceptable level in some other way

D.

Internal auditors are responsible for managing the risks of the organization

Question 24

Which of the following is part of a fraud detection program?

Options:

A.

Whistleblower hotline.

B.

Authority limits.

C.

Background investigations

D.

Evaluation of compensation programs.

Question 25

According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3.

B.

1,2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4

Question 26

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Question 27

An organization established 20 years ago has had its internal audit activity in place for the last three years. Which of the following would allow the internal audit activity to accurately state that it is in conformance with the Standards ' ?

Options:

A.

Documented assessment was performed by the audit committee and confirmed conformance.

B.

Internal and external assessments are performed annually, and nonconformance results are reported to the board.

C.

The independent and objective judgement of the chief audit executive confirmed conformance with the Standards.

D.

Documented internal assessments are performed periodically and confirm conformance.

Question 28

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported.

C.

Management is responsible for ensuring that the organization’s CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization; thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Question 29

Which type of engagement requires that the client agrees with the techniques used by the internal audit activity?

Options:

A.

A performance audit.

B.

A sensitive fraud investigation.

C.

A compliance audit

D.

A consulting service.

Question 30

A third-party provider ' s questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization ' s risk management practices was most likely ineffective?

Options:

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider ' s labor practices.

Question 31

A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Options:

A.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees

B.

Review the investigation and implement any improvements to the process.

C.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

D.

Determine why the fraud was not detected earlier and design controls to strengthen early detection.

Question 32

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Options:

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Question 33

Which of the following describes a responsibility of operating management in an organization ' s corporate social responsibility (CSR) efforts?

Options:

A.

Responsible for implementing CSR principles and overseeing of CSR performance.

B.

Responsible for performing periodic internal self-verifications of reported CSR results.

C.

Responsible for performing analysis and comparison of CSR reports and performance.

D.

Responsible for ongoing CSR reporting and accomplishing of performance targets.

Question 34

A newly hired internal auditor is most likely to need further education in the area of business acumen in which of the following situations?

Options:

A.

She was transferred from the managerial accounting department of the same organization.

B.

She was recruited from the internal audit activity of another organization that operates in a different industry.

C.

She was offered a permanent position after she had worked with the organization for two years in a temporary auditor-in-training position.

D.

She previously served on the organization ' s external audit team and was recruited to the internal audit activity following the current year ' s financial audit.

Question 35

According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?

Options:

A.

The IIA ' s Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Question 36

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program. Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Options:

A.

The internal audit charter does not identify which audit services are outsourced.

B.

The internal audit charter has not been reviewed by the legal department.

C.

The internal audit charter has not been approved by the board within the past year.

D.

The internal audit charter does not describe the authority of the internal audit activity.

Question 37

Which of the following options describes the reason that conformance with The IIA ' s Code of Ethics is mandatory for internal auditors?

Options:

A.

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization ' s risk management.

C.

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity ' s findings.

D.

The internal audit activity ' s ethical compliance sets the tone for the ethical compliance by the organization ' s board, management, and employees.

Question 38

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting investors generally do not rely on CSR information

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary

D.

Typically operating management does not have a major role to play based on the public nature of reporting

Question 39

The internal audit activity is performing an assessment of an organization ' s ethics program, and the engagement scope specifies a focus on the training program ' s design. According to IIA guidance, which of the following questions would be the most relevant?

1. Does the training include situations that require an ethical decision?

2. What percentage of employees have taken the training?

3. What are the results of the employee assessment of the organization ' s ethical climate?

4. Does the instructor provide feedback on the thought process to reach an ethical resolution?

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Question 40

Which of the following statements best describes the difference between risk appetite and risk tolerance?

Options:

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization ' s general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization ' s general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Question 41

According to IIA guidance, which of the following best demonstrates due professional care?

Options:

A.

Staffing audit engagements with internal auditors who possess professional designations.

B.

Relying on prior audit work to save planning time and costs.

C.

Performing assurance procedures to guarantee all significant risks are identified.

D.

Assessing the cost of assurance in relation to the potential benefits.

Question 42

When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?

Options:

A.

The identified risks have not undergone a detailed review to ensure completeness in the past two years.

B.

The controls in place to mitigate the risks are not tested on an annual basis to confirm operating effectiveness.

C.

The process in place to identify and evaluate new risks to the organization is informal and poorly documented.

D.

The identified risks have not been ranked to establish their importance and risk management priority.

Question 43

Which of the following is an indicator that the organization s risk management process is effective?

Options:

A.

The organization s risk appetite mission, and objectives are dearly outlined.

B.

The organization s risk management practices are assessed as mature.

C.

The organization has adopted risk management frameworks and global models.

D.

The organization s significant risks are identified and adequately assessed

Question 44

Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?

Options:

A.

The assessment will cover soft controls and company values.

B.

The assessment will focus on the policy for a particular process.

C.

The assessment will lack a defined scope

D.

The assessment will probably uncover fraud risks.

Question 45

Which of the following is an example of a risk reduction strategy?

Options:

A.

Outsourcing the payroll function.

B.

Absorbing the cost of losses.

C.

Insuring fixed assets.

D.

Installing cameras around the plant

Question 46

An internal audit activity uses a rotational program to recruit high-performing staff members from other parts of the organization One of these individuals is nearing the end of her four-year internal audit rotation The chief audit executive assigned her to an assurance engagement in the business area she will be going into when she leaves the internal audit activity Which of the following statements is

true regarding this scenario?

Options:

A.

Accepting the assignment is a violation of internal audit independence

B.

Accepting the assignment will improve competencies and develop relationships that will be needed in her next assignment

C.

Accepting the assignment creates the appearance of an impairment to her professional judgment and detectivity

D.

Accepting the assignment on the assurance engagement would be a breach of due professional care

Question 47

According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

Options:

A.

The periodic evaluation of risk ratings is primarily dependent on subjective assessments.

B.

Separate evaluations of the risk management process were conducted, but the results were never integrated.

C.

Management ' s primary objective is minimizing changes to the structure and operation of the risk management process.

D.

Many aspects of the related enterprise risk management program are informal and undocumented.

Question 48

Which of the following best illustrates the application of due professional care during an audit of the procurement department?

Options:

A.

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.

B.

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’sreasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

C.

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

D.

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management ' s declaration, the internal auditor determined that the procurement process was effective.

Question 49

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

Options:

A.

Recommend a control change and obtain management support

B.

Evaluate the potential impact on related controls

C.

Address the risk with senior management and the board

D.

Develop and communicate the scope and evaluation criteria to be used by management

Question 50

Which of the following would be the most effective in helping to detect fraud?

Options:

A.

Code of conduct.

B.

Exit interviews.

C.

Fraud awareness training

D.

Employee promotion policy.

Question 51

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

Options:

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Question 52

According to IIA guidance, which of the following statements is true regarding ISO 31000?

Options:

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization ' s structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Question 53

Tr» chiet audit executive (CAE) of large organization is preparing job descriptions to hire five new general internal audit staff, two new IT auditors and a senior auditer how is the CAE likely to describe IT requirements for me general internal audit statt positions?

Options:

A.

The candidate must be able to apply data analytics tolls methodologies

B.

The candidate must be able to evaluate IT governance and cybersecurity frameworks.

C.

The candidate must be able to understand IT-elated risk and general controls

D.

The candidate must be able to execute web servers, applications, and databases testing procedures.

Question 54

When would on-the-job training be more effective?

Options:

A.

When participants already have a certain degree of experience and knowledge.

B.

When it makes up the largest part of the training budget.

C.

When it includes ongoing feedback and coaching from experienced team members.

D.

When it is standardized for the whole entire staff.

Question 55

Which of the following actions should the organization ' s governing body perform to provide the most effective governance over the organization ' s culture?

Options:

A.

Coordinate control activities.

B.

Provide direction.

C.

Design key controls.

D.

Deliver assurance.

Question 56

Which of the following policies promotes internal audit objectivity?

Options:

A.

The chief audit executive (CAE) reports functionally to the CEO

B.

The CAE s compensation is approved by the chief financial officer

C.

The CAF ' s appointment is determined by the CEO

D.

The CAE reports administratively to the chief operating officer

Question 57

Which of the following drivers of fraud is directly controllable by an organization?

Options:

A.

Pressure

B.

Rationalization

C.

Opportunity

D.

Incentive

Question 58

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

Options:

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit activity ' s reporting

Question 59

According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

Options:

A.

Whenever the business objectives of the organization change

B.

Just prior to an external assessment of the internal audit activity

C.

At the completion of each engagement.

D.

Progressively on a day-to-day basis

Question 60

In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?

Options:

A.

The CAE shall report functionally to the board and administratively to the chief financial officer

B.

The CAE and the Internal audit activity shall have full access to any and all records and personnel of the organization that are relevant to audit engagements

C.

The CAE and the internal audit activity shall be independent and objective in performing their work.

D.

The CAE shall report periodically on the performance of the internal audit activity relative to its plan

Question 61

In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

Options:

A.

An assessment of compliance of individual data protection procedures with data protection regulations

B.

An assessment of profit and loss generated by financial assets and instruments in the past quarter

C.

An assessment of the effectiveness of back-up procedures and execution of business recovery plans

D.

An assessment of performance management practices and establishment of key performance indicators

Question 62

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

Options:

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Question 63

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Question 64

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

Options:

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Question 65

In the COSO internal control framework, which of the following components serves as the foundation for the other components?

Options:

A.

Control activities.

B.

Control environment.

C.

Risk assessment.

D.

Monitoring

Question 66

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company ' s risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning.

Question 67

During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

Options:

A.

Directive

B.

Preventive

C.

Detective

D.

Automatic

Question 68

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions. The CAE was an accounting manager for the organization six months ago.

How should she respond to the request?

Options:

A.

Decline, if it is a consulting engagement, because she recently worked in the organization ' s accounting department.

B.

Accept, if it is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department that the engagement can take place in the future, once she has been removed from accounting for a longer period of time.

D.

Accept, if it is a consulting engagement with agreed-upon scope and services to be provided by the internal audit activity.

Question 69

Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?

Options:

A.

Auditor competency.

B.

Internal audit independence.

C.

Auditor objectivity.

D.

Engagement scope.

Question 70

Which of the following is an example of a detective control?

Options:

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Question 71

A manufacturing organization ' s chief audit executive (CAE) was approached by the head of security from one of the manufacturer ' s third party suppliers The head of security requested internal audit records from a recent audit engagement involving the third-party supplier The head of security believed those records contained information that would enable to identify employees of the third-party supplier who may be involved m fraudulent activities What is the most appropriate course of action for the CAE?

Options:

A.

Obtain approval from the manufacturer ' s audit committee regarding the release of audit records

B.

Release the records but first remove all data regarding the manufacturing organization s internal actions and procedures

C.

Deny access to the records as the third party supplier s security learn should be able to investigate then own employees.

D.

Consult with the manufacturer ' s senior management to determine whether releasing tie records would be appropriate

Question 72

Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

Options:

A.

Percentage of highly significant risks covered by internal audit plan.

B.

Percentage of previously unknown risks identified per engagement.

C.

Percentage of internal audit staff skilled in alignment with the organization ' s structure and key risks.

D.

Percentage of observations made in assurance engagements compared to advisory engagements.

Question 73

Which of the following is an example of a risk avoidance strategy?

Options:

A.

Hedging against exchange rate variations.

B.

Limiting access to an organization’s data center.

C.

Selling a nonstrategic business unit.

D.

Outsourcing a high-risk activity

Question 74

An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Question 75

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

Options:

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Question 76

According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization’s social responsibility program is effective?

Options:

A.

Senior management

B.

Internal audit activity.

C.

All employees.

D.

Board of directors.

Question 77

Which of the following is an example of a management control technique?

Options:

A.

A budget.

B.

A risk assessment.

C.

The board of directors.

D.

The control environment

Question 78

During an audit of an organization ' s accounts payable area, an internal auditor identified anomalies in the information examined that may indicate potential fraud. Which test should the auditor perform first to verify this?

Options:

A.

Verify the completeness and integrity of the data being analyzed.

B.

Identify duplicated organizational transactions.

C.

Analyze all transactions within the targeted area.

D.

Check control totals that have may have been falsified.

Question 79

Which of the following describes the internal audit activity ' s most appropriate role in an organization ' s risk management process?

Options:

A.

Reporting to the board on management ' s assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Question 80

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers ' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

Options:

A.

Reject the court order, citing a potential breach of customers ' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Question 81

According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

Options:

A.

Pursuance of an internal audit certification.

B.

Enrollment in internal audit practice webinars.

C.

Attendance of internal audit workshops.

D.

Involvement in a variety of audit assignments.

Question 82

Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?

Options:

A.

Avoidance.

B.

Acceptance.

C.

Reduction.

D.

Sharing

Question 83

A new company’s risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?

Options:

A.

Start building a cybersecurity culture and set the desired behavior using a bottom-up approach

B.

Determine the cybersecurity framework that will establish and report on the effectiveness of the program

C.

Define the cybersecurity risk appetite and perform a cost-benefit analysis of the program

D.

Raise cybersecurity awareness across various departments outside of the IT department

Question 84

An internal auditor is assessing how the organization processes financial transactions and whether written policies and procedures are followed. The auditor requested to meet with certain employees to understand their related roles and responsibilities. However the employees refuse to meet with the auditor claiming they are too busy. Which of the following responses would best demonstrate the auditor ' s conflict-resolution skills?

Options:

A.

The auditor considers the employees to be unresponsive and proceeds to document the actions and concerns as a scope limitation that can affect the engagement

B.

The auditor considers other options to determine whether the employees are processing financial transactions as required by the organization

C.

The auditor meets with senior management of the organization to discuss the employees ' behavior and possible resolutions that would satisfy all parties

D.

The auditor meets with the department supervisor and staff to discuss the employees ' actions in order to obtain an understands and potential resolution

Question 85

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

The QAIP scope includes assurance work performed by the internal audit activity but not consulting work.

B.

The QAIP verifies conformance with the Definition of Internal Auditing, Code of Ethics, and Standards.

C.

QAIP reports are for internal use primarily and typically are not shared with members outside of the internal audit activity.

D.

QAIPs make a distinction between fully outsourced internal audit activities and in-house internal audit teams, as a different set of criteria is applied for each.

Question 86

Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

Options:

A.

Checking for invoice amounts that do not match that of the purchase order.

B.

Searching for identical invoice numbers and payment amounts.

C.

Running checks to uncover post office box addresses matching employee addresses.

D.

Comparing prices across vendors to see whether one vendor is unreasonably high.

Question 87

Which of the following describes an ongoing monitoring activity that could be performed as part of an internal assessment for a quality assurance and improvement program (QAIP)?

Options:

A.

Planning and supervising engagements

B.

Evaluating the quality of supervision

C.

Identifying opportunities for improvement m internal audit ' s processes and procedures

D.

Determining if the objectives of QAIP are current

Question 88

Which of the following is an appropriate roe fa the internal audit activity?

Options:

A.

Ensuring the organization ' s key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Question 89

A chief audit executive has reported to the board that the internal audit activity is lacking financial accounting knowledge for specific audit projects. Upon approval from the board which of the following hiring approaches is best in this situation?

Options:

A.

An inbound rotational program

B.

A full-time permanent recruitment

C.

An outbound rotational program

D.

A guest auditor program

Question 90

Which of the following must be considered by the chief audit executive before writing the internal audit charter?

Options:

A.

Internal auditors ' level of competencies and skills.

B.

The manner in which the internal audit activity is viewed by the board.

C.

Evaluation of staff certifications and continued development.

D.

Effectiveness of the quality assurance and improvement program.

Question 91

Which of the following would show appropriate disclosure of nonconformance with the Standards?

Options:

A.

The chief audit executive (CAE) documented in the personnel file a critical conflict of interest involving an internal auditor on an upcoming contracting engagement.

B.

The CAE discussed with the board an issue regarding the internal audit activity performing an IT engagement without proper skills and knowledge.

C.

The CAE met with the peer review team to discuss an internal auditor ' s failure to meet the annual requirements for continuing professional education.

D.

The CAE revealed to operational managers that he failed to appropriately consider risks while he was developing the audit plan.

Question 92

Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

Options:

A.

Describe data analytics and the application of data analytics methods in internal auditing.

B.

Apply data analytics methods in internal auditing.

C.

Evaluate the use of data analytics in an internal audit.

D.

Understand the definition of data analytics only.

Question 93

Which of the following controls would most likely prevent fraud related to the overpayment of vendors?

Options:

A.

Require supervisory review of all invoices and cash disbursements exceeding a stated threshold.

B.

Require the matching of a purchase order, receiving report, and invoice before payment.

C.

Require all checks to be signed by more than one person.

D.

Require all invoices to be paid within 30 days by check only.

Question 94

An internal auditor is assessing the effectiveness of the organization ' s risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach

B.

Process element approach

C.

Key principles approach

D.

Key performance indicators approach.

Question 95

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Options:

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization’s suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs.

Question 96

The chief audit executive of an organization assigns audit resources to undertake a consulting engagement requested by senior management the previous year, and a scheduled assurance audit of the procurement process Which of the following appropriately differentiates the two engagements?

Options:

A.

The details of assurance services are expected to be included in the risk-based audit plan; this is not the case for consulting services.

B.

The objectivity of assurance services is impaired when undertaken by internal auditors who have had recent prior responsibility in the area under review; this is not the case for consulting services

C.

The performance of assurance services may be outsourced for competency gaps: this is not the case for consulting services.

D.

The results of assurance services are required to be monitored; this is not the case for consulting services

Question 97

An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?

Options:

A.

Risks and relevant mitigating controls.

B.

Business processes and relevant fraud risks.

C.

Fraud scenarios and relevant risks.

D.

Opportunity, rationalization, and pressure to commit fraud.

Question 98

Which of the following is an example of a risk avoidance strategy?

Options:

A.

Outsourcing the payroll function

B.

Installing cameras in the mailroom

C.

Exiting a product line

D.

Insuring all fixed assets

Question 99

An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?

Options:

A.

Opportunity

B.

Pressure

C.

Rationalization

D.

Justification

Question 100

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

Options:

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Question 101

The head of human resources notified the internal audit activity that a key account manager was fired because he did not register a large number of contracts with clients As a result the organization was unaware of its duties and would suffer some financial loss Which of the following should be expected from a competent internal auditor who is analyzing this situation?

Options:

A.

The ability to apply forensic methods to obtain legally admissible evidence

B.

The ability to conduct admission-seeking interviews with potential suspects

C.

The ability to evaluate whether such attributes as intent and personal gain were present

D.

The ability to retrieve concealed or deleted information from the former employee ' s laptop

Question 102

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Options:

A.

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

Question 103

When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?

Options:

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Question 104

An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?

Options:

A.

There are checks to determine the existence of any potential conflict of interest.

B.

The CAE reports functionally to the highest level of management, the CEO.

C.

The CAE’s compensation depends on the performance of the organizational departments.

D.

Hiring and termination of the CAE is dependent on the decision of senior executives.

Question 105

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Question 106

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

Question 107

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

Options:

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Question 108

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank ' s IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

Options:

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Question 109

After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?

Options:

A.

Such an interview is performed when there is a need to dismiss an internal auditor

B.

Feedback from the manager will contribute to the audit team ' s professional development

C.

The manager ' s opinion will be used to form the final audit assessment and report rating.

D.

The manager will provide insights into the audited industry ' s trends

Question 110

According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

Options:

A.

The CAE seeks senior management approval of the internal audit charter

B.

The CAE obtains senior management ' s approval to hire staff

C.

The CAE reports significant issues to the organization ' s CEO

D.

The CAE provides the board with an annual budget for approval

Question 111

Which of the following represents an example of an ethical issue that the organization should address ' ?

Options:

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Question 112

Which of the following is an example of impairment to internal auditor independence or objectivity ' ?

Options:

A.

Assurance engagements for functions over which the chief audit executive (CAE) has responsibility are overseen by a party outside the internal audit activity

B.

Internal auditors provide consulting services relating to operations for which they had previous responsibilities

C.

Internal auditors provide consulting services relating to operations for which they have current responsibilities

D.

Consulting engagements for functions over which the CAE has responsibility are overseen by a party outside the internal audit activity

Question 113

Which of the following represents a deficiency in the control environment?

Options:

A.

The sales department has failed to achieve targets for the last nine months.

B.

Employees report suspicious activity by calling the organization ' s ethics hotline.

C.

Hiring procedures do not include background checks for prospective job candidates.

D.

Management reports three potential ethics issues to the board of directors.

Question 114

An internal auditor is reviewing the results of an employee survey at a mining company. Which of the following would alert the auditor to a potential ethics issue?

Options:

A.

Women account for 20% of the total number of employees in the company.

B.

Thirty percent of employees feel confident in raising concerns without a fear of retaliation.

C.

Most employees believe that transparent and fair decision-making forms the basis of business ethics.

D.

Employees with longer work experience believe that they deserve more privileges than new hires.

Question 115

What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

Options:

A.

Assign competent staff to the area under audit to remediate the nonconformance.

B.

Determine how the deviation impacted the overall scope of the internal audit activity.

C.

Meet with the board to gam an understanding of the board ' s expectations.

D.

Communicate the matter to the board at the time of the next external assessment.

Question 116

According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization ' s corporate social responsibility (CSR) program?

1. Determine whether the organization has adequate controls to achieve its CSR objectives.

2. Facilitate a management self-assessment of CSR controls and results.

3. Consult on the project design and implementation for the CSR program.

4. Exclude CSR-related external risks that are beyond the control of the organization.

Options:

A.

1 and 2 only.

B.

1, 2 and 3 only.

C.

2, 3, and 4 only.

D.

3 and 4 only.

Question 117

Which of the following documents would promote objectivity within an organization ' s internal audit activity?

Options:

A.

Internal audit charter.

B.

Internal audit manual.

C.

Audit committee charter

D.

Human resources employee handbook.

Question 118

The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to

be included in the charter?

Options:

A.

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

B.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

C.

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

D.

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

Question 119

Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?

Options:

A.

Typically less time is needed to train the NGO members on the audit process.

B.

NGO members are often more unbiased and objective

C.

A report with a positive statement from an NGO member is deemed to be more credible. As opposed to auditors.

D.

NGO members are licensed to audit corporate social responsibility.

Question 120

Which of the following is the primary benefit of establishing a formal training program for the internal audit activity?

Options:

A.

It is useful to reinforce the independence of the internal audit activity.

B.

It is useful to guide internal auditors as they perform specific engagements.

C.

It is useful to maintain the skills and competencies of internal audit staff.

D.

It is useful to measure the effectiveness and maturity of the internal audit activity.

Question 121

Anew internal auditor suspects fraud is taking place. Which action should the new auditor take?

Options:

A.

Collect relevant audit evidence and begin working with management of the area to investigate the fraud.

B.

Inform the chief audit executive and meet with the suspect to determine whether the person committed fraud.

C.

Document supporting information and recommend an investigation to the appropriate audit management.

D.

Evaluate existing controls and implement new procedures to mitigate the opportunity for fraud.

Question 122

Which of the following would be a preventive control for helping to manage fraud in an organization?

Options:

A.

Reviews of reports to determine which issued payments lack evidence of supervisory review.

B.

A monthly review of new vendors performed by management for reasonableness.

C.

Bank reconciliations performed on a monthly basis by the accounting department.

D.

A code of conduct and whistleblower policy that must be signed by all employees annually.

Question 123

Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

Options:

A.

The engagement supervisor requests that an auditor carry out improvements to workpapers to address numerous problems: evidence is missing, references are incorrect, and conclusions are superfluous

B.

Audit work was completed m accordance with the established goals; however, a material misstatement was later uncovered in the audited area by another assurance provider.

C.

According to the audit report, several control failures occurred due to irresponsible behavior of local management, who was consequently deprived of bonuses and wrote a negative feedback to the auditor

D.

The delivery of audit results was several weeks late because the internal auditor had to spend additional time trying to understand the nature of certain transactions with derivation.

Question 124

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Options:

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Question 125

Management decided to post the organization ' s newly established code of conduct on its website. This decision is primarily intended to mitigate which of the following risks?

Options:

A.

Accountability risk.

B.

Communication risk.

C.

Knowledge risk.

D.

Cultural risk.

Question 126

In which of the following scenarios is the internal auditor in conformance with The IIA ' s Code of Ethics and the Standards?

Options:

A.

The auditor testifies in front of a jury about an organization ' s fraudulent financial practices after receiving a subpoena

B.

Management has agreed to remedy a significant control deficiency, so the auditor excludes the deficiency from the engagement report

C.

The chief audit executive declines an assurance engagement in IT because the internal audit activity is not proficient in IT

D.

The auditor communicates an audit opinion on fraud risk during an audit engagement’s preliminary fraud risk assessment

Question 127

During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?

Options:

A.

Flowchart of the vendor addition process.

B.

Independent confirmations sent to vendors.

C.

Analysis of the control ' s costs and benefits.

D.

Interview with management of the procurement function.

Question 128

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Options:

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity’s position within the organization in an audit charter.

Question 129

The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

Options:

A.

The CAE ' s actions are likely to impair the Independence of the internal audit activity.

B.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Question 130

Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Options:

A.

Fewer internal audits

B.

More effective interviews

C.

Automated risk management strategy tools

D.

Reduced assurance costs

Question 131

Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?

Options:

A.

Volunteer for audit engagements in areas or industries in which the auditor is unfamiliar

B.

Sign an annual attestation indicating that the auditor has all required competencies to perform her job effectively.

C.

Obtain appropriate professional certifications or other designations.

D.

Disclose potential impairments to independence or objectivity prior to performing an audit engagement.

Question 132

To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?

Options:

A.

Internal auditors should report their audit findings directly to the audit committee.

B.

To receive an outstanding performance rating, internal auditors are required to generate audit findings.

C.

Prior to hiring a new internal auditor, the chief audit executive must determine whether the auditor owns stock in the organization.

D.

Internal auditors are permitted to audit an entity managed by a close friend or relative, as long as they notify the chief audit executive.

Question 133

Which of the following activities aligns with The IIA ' s Core Principles for the Professional Practice of Internal Auditing?

Options:

A.

The chief audit executive reports to senior management for compensation decisions and communications of audit results to the board

B.

Final reports from consulting engagements show the summary of findings, and the internal auditor’s advice is clearly distinct and separate from management ' s decisions

C.

Internal auditors rotate through operations and management positions then perform audit engagements on these areas to ensure timely application of their knowledge

D.

Due to limited resources, internal auditors prioritize assurance on internal controls and risk management and exclude evaluating governance processes, which are deemed outside of their core responsibilities

Question 134

According to IIA guidance, which of the following statements is true regarding the internal audit activity’s responsibilities in providing consulting services?

Options:

A.

The chief audit executive is responsible for deciding the priority of consulting services in the internal audit plan

B.

The scope of consulting services is determined primarily by the internal auditor with input from management of the area under review

C.

The board defines the internal audit activity’s responsibilities over consulting activities

D.

Adding value to an organization requires the internal audit activity to initiate a consulting engagement

Question 135

Internal controls belong to which risk response category?

Options:

A.

Reduction.

B.

Avoidance.

C.

Sharing.

D.

Acceptance.

Question 136

An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

Options:

A.

Encourage the auditor to continue this practice, as it demonstrates objectivity.

B.

Encourage the auditor to improve communication skills.

C.

Encourage the auditor to conduct post-engagement surveys to obtain the audit client ' s position on the issues raised.

D.

Encourage the auditor to sign the draft reports before submitting them.

Question 137

An internal auditor believes that the internal audit activity ' s independence is impaired. Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Question 138

Which of the following should play a leading role in overseeing the ethical atmosphere of an organization?

Options:

A.

Internal audit activity

B.

Operating management

C.

Senior management

D.

Board of directors

Question 139

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

Options:

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Question 140

Which of the following is true regarding risk analysis?

Options:

A.

Impact and likelihood should be assessed together.

B.

Impact and likelihood should be given equal consideration by the internal auditor.

C.

Impact and likelihood should be measured using quantitative methods.

D.

Impact and likelihood should be used to determine risk response.

Question 141

The internal auditor of a small manufacturer noted that the accounting department has insufficient staff to achieve proper segregation of duties. What type of controls would the auditor likely recommend to management to specifically address this problem?

Options:

A.

Entity-level.

B.

Preventive.

C.

Directive.

D.

Compensating.

Question 142

Which of the following is a control that is used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a web-enabled application?

Options:

A.

General IT control.

B.

Processing control.

C.

Input control

D.

Integrity control

Question 143

An organization ' s board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

Options:

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Question 144

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

Options:

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Question 145

Which of the following organizations has reached the most mature level of corporate social responsibility?

Options:

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Question 146

A newly appointed chief audit executive (CAE) started analyzing the organization ' s policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?

Options:

A.

Internal auditors1performance evaluation is primarily based on both client satisfaction surveys and cost savings identified from the audits.

B.

Standard training for each employee, including internal auditors, is 10 hours per year.

C.

To enhance efficiency, internal auditors should not be rotated regularly among engagements.

D.

Hiring practices include requiring potential auditors to disclose any significant stock ownership in the organization.

Question 147

Which of the following would be considered a monitoring activity in organization wide risk management?

Options:

A.

Validate the results of management ' s self-assessment.

B.

Perform reviews of personnel.

C.

Maintain rigorous and comprehensive documentation.

D.

Obtain authorizations and signatures.

Question 148

In which of the following situations has the internal auditor violated the IIA ' s Code of Ethics?

Options:

A.

An employee confided in an internal auditor and told him about fradulent activities. Although the employee asked for confidentially, the auditor disclosed her identity later during police questioning.

B.

While auditing payroll controls, an auditor was granted temporary access to salary data. The auditor referred to the acquired information while negotiating her work conditions three months later.

C.

Management considers an auditor to be highly competent and asked the audit to participate in an upcoming acquisition project. The auditor declined the request, calming a lack of knowledge.

D.

An internal auditor failed to acquire the continuing education credits needed for the year and requested that. The IIA change his certification status to inactive until the completed the required education activities.

Question 149

Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

Options:

A.

An external quality assessment of the internal audit activity is performed only once every five years.

B.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

C.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

D.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Question 150

Which of the following situations presents the lowest risk of impairing an internal audit activity ' s independence?

Options:

A.

Senior management has the authority to terminate the chief audit executive

B.

Senior management has control over the internal audit activity ' s budget

C.

Senior management provides feedback on the scope of the internal audit plan.

D.

Senior management limits the internal audit activity ' s access to the board

Question 151

Which of the followIng would permit an internal audit activity to use the statement " conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?

Options:

A.

The result of a quality assurance and improvement program confirm there are no material issues.

B.

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

Question 152

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

Options:

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization ' s risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Question 153

A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE ' s best response?

Options:

A.

The CAE refers to the Standards and explains that to protect her independence, she needs to remain isolated from the investigation.

B.

The CAE refers to the Standards and explains that the internal audit activity must obtain competent assistance if needed.

C.

The CAE refers to the Standards and explains that to protect her objectivity, she needs to remain isolated from the investigation.

D.

The CAE describes the specifics of the allegation to underscore the importance of the situation and the need for expert investigation

Question 154

Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

Options:

A.

A purchasing manager with two years of prior audit experience in public practice to lead a contracts management audit

B.

A communications officer who worked in the marketing department during the last six months to conduct a customer loyalty program audit

C.

A manager of social responsibility who has a nursing background to participate m a health and safety audit for the corporate office and plant facilities

D.

An accounting manager who discovered and reported fraud committed by a payables clerk to conduct a performance audit of accounts payable

Question 155

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Options:

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Question 156

Which of the following is an indicator of ineffective third-party risk management?

Options:

A.

Sourcing of third parties does not follow public procurement law.

B.

Violations of service conditions trigger either fines or termination.

C.

Due diligence of third parties is conducted only after contract signing.

D.

The right-to-audit clause is limited by personal data protection regulations.

Question 157

Which of the following statements best describes a functional difference between external auditors and internal auditors?

Options:

A.

Internal auditors evaluate past achievements to understand whether controls are operating effectively, and external auditors focus on the accuracy of financial reporting.

B.

Internal auditors provide assurance about the sufficiency of controls to manage risks. Including risks of failure to achieve future goals, and external auditors evaluate the accuracy and understandability of financial reporting.

C.

internal auditors are always employed by the organization, rather than outsourced, and external auditors are never employed by the organization but contracted independently.

D.

Internal auditors are most directly concerned with the detection of fraud, while external auditors are most directly concerned with the prevention of fraud.

Question 158

An internal auditor wants to compare her organization’s governance processes to those of a well-known governance model. Which of the following approaches would the auditor take for this purpose?

Options:

A.

Perform a gap analysis to assess me differences between the approaches

B.

Assess the governance processes using computerized modeling techniques

C.

identify any differences between the processes using a variance analysis

D.

Benchmark the governance processes using a capability maturity modal

Question 159

According to IIA guidance, which of the following is a required aspect of an internal audit charter?

Options:

A.

Management approval

B.

Independent review

C.

Reporting relationships

D.

Quarterly assessment

Question 160

Which of the following statements is true regarding control activities?

Options:

A.

Control activities are carried out by first-line and second-line functions to mitigate risks.

B.

Control activities are implemented by internal auditors to mitigate risks to an acceptable level.

C.

Control activities provide the foundation for the organization to establish its risk appetite.

D.

Control activities are a precondition to setting risk tolerance levels.

Question 161

Which of the following statements best illustrates why internal auditors assess soft controls?

Options:

A.

Assessing soft controls are an effective method of assessing risk related to personnel.

B.

Assessing soft controls, as opposed to hard controls, makes it easier to evaluate operating effectiveness.

C.

Assessing soft controls can help internal auditors in undertaking root-cause analysis.

D.

Assessing soft controls provides more objective information than assessing hard controls.

Question 162

Which of the following fraud schemes is often an off-book fraud*?

Options:

A.

Payroll fraud

B.

Disbursement fraud

C.

Corruption

D.

Information misrepresentation

Question 163

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

Options:

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management’s behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Question 164

Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?

Options:

A.

Deploying self-assessments against a competency benchmark.

B.

Acquiring memberships in professional organizations.

C.

Developing professional succession plans.

D.

Obtaining subscriptions to professional journals in their area of interest.

Question 165

Which of the following is the internal audit activity expected to do with respect to the organization ' s governance processes?

Options:

A.

Formally audit all governance activities.

B.

Provide strategic guidance on the organizational processes to senior management.

C.

Achieve agreement with the board regarding the range of activities, depth of review, and time period to include in the assessment.

D.

Audit against the governance structures and practices widely used in the industry.

Question 166

With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity ' ?

Options:

A.

Assess compliance with the organization ' s code of conduct

B.

Oversee the governance and risk management processes

C.

Initiate new organizational control processes

D.

Provide advice on organizational governance activities

Question 167

According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance.

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management.

D.

At the board ' s discretion, the frequency of external assessments can exceed the five-year guideline.

Question 168

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

Options:

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation

Question 169

Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?

Options:

A.

Accountability/reward risk.

B.

Monitoring failure risk.

C.

Communication failure risk.

D.

Knowledge/skills risk

Question 170

Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?

Options:

A.

Reporting to a higher level within the organization reduces the potential scope of engagements that can be undertaken by the IAA.

B.

The benefit of the IAA ' s organizational independence is realized primarily via reduced costs for the external auditor.

C.

Independence is impaired when the scope of the IAA is subject to changes required by senior management.

D.

Inadequate organizational independence can result in the chief audit executive being able to fire staff without consulting the audit committee.

Question 171

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management ' s recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Question 172

Which of the following situations is most likely to threaten the independence of the internal audit activity?

Options:

A.

The chief audit executive reports functionally to the board and administratively to the CEO.

B.

The annual budget for the internal audit activity is approved by the chief financial officer.

C.

The internal audit activity is completely outsourced to an external service provider.

D.

The internal audit manager provides consulting services to the procurement department, where she worked during the prior year.

Question 173

Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?

Options:

A.

Key principles approach

B.

Process elements approach

C.

Holistic approach

D.

Maturity model approach

Question 174

Which of the following statements is true regarding the importance of risk management?

Options:

A.

Risk management ensures the ability to eliminate potential hazards to the organization.

B.

Risk management includes consideration of potential opportunities for the organization.

C.

Risk management aids with the establishment of appropriate key performance indicators.

D.

Risk management increases employees ' commitment and belief in strategic goals.

Question 175

Which of the following tests would most likely help discover a fictitious invoice?

Options:

A.

Compare vendor addresses to employee addresses.

B.

Match cancelled checks to invoices.

C.

Search for duplicate payment amounts.

D.

Check employee bank records against invoice amounts.

Question 176

An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?

Options:

A.

Risk avoidance

B.

Risk reduction

C.

Risk sharing

D.

Risk acceptance

Question 177

A telecommunications organization is planning to cease operations in one or the markets in which it operates due to increasing volatility and uncertainties. Which of the following risk management techniques is the organization selecting?

Options:

A.

Risk acceptance.

B.

Risk avoidance.

C.

Risk sharing.

D.

Risk reduction.

Question 178

Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?

Options:

A.

Internal assessments must be performed by the chief audit executive.

B.

An internal assessment must be performed at least once every five years.

C.

It Is permissible to share the results of the QAIP with the organization ' s external auditors.

D.

Results of ongoing monitoring must be validated annually by an independent external assessor.

Question 179

Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?

Options:

A.

Completed education credits

B.

Membership in professional organizations

C.

Subscriptions to sources of relevant professional information

D.

Professional development and training plans

Question 180

At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

Options:

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Question 181

Which of the following frauds is most likely to occur in the accounts payable function?

Options:

A.

Factitious vendors are entered into the system, possibly resulting in improper disbursements.

B.

Bad debt expense is intentionally omitted from the financial statements.

C.

Certain costs are capitalized, rather than expensed.

D.

A related party receives benefits not appropriate in an arm ' s-length transaction.

Question 182

Which of the following demonstrates that the internal audit activity exercises due professional care?

Options:

A.

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.

A self-assessment is conducted through the quality assurance and improvement program every five years

C.

Internal auditors are required to give absolute assurance of regulatory compliance

D.

The chief audit executive reports functionally to the board

Question 183

According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

Options:

A.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

B.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

C.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

D.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Question 184

In a small company with a small budget, the board and senior management asked the chief audit executive (CAE) to develop specific controls prompted by a new regulatory requirement affecting a specific process. The CAE was also directed to report functionally to senior management. An audit engagement on this process was already set in the internal audit plan. Which of the following represents an impairment to the internal audit activity ' s independence?

Options:

A.

The development of controls by the CAE.

B.

The audit engagement regarding this process.

C.

The functional reporting of the CAE to senior management.

D.

The small budget.

Question 185

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company ' s risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization ' s CEO reviews the internal audit activity ' s annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management ' s risk profile to build its own risk profile for annual planning

Question 186

Who is responsible for setting the risk appetite?

Options:

A.

External auditors.

B.

Chief risk officer.

C.

Operations management.

D.

Board of directors.

Question 187

An internal auditor creates a professional development plan to obtain more experience in the organization ' s environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

Options:

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization ' s committee meeting that is focused on strategic community awareness.

Question 188

Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?

Options:

A.

The internal audit activity constitutes the first line of defense in effective risk management.

B.

The internal audit activity provides direction regarding internal controls implementation.

C.

The internal audit activity verifies that management has met its responsibility for implementing effective controls.

D.

The internal audit activity implements the internal control framework and advises management regarding best practices.

Question 189

According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?

1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.

2. Ability to provide relevant advice and recommendations to management and the board.

3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.

4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

Options:

A.

1 and 4 only.

B.

1, 2, and 3 only.

C.

1, 2, and 4 only.

D.

2, 3. and 4 only

Question 190

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

Options:

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Question 191

An internal auditor is assessing the effectiveness of the organization ' s risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty. According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach.

B.

Process element approach.

C.

Key principles approach.

D.

Key performance indicators approach.

Question 192

During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

Options:

A.

Internal audit management.

B.

Conflict negotiation.

C.

Critical thinking.

D.

Persuasion and collaboration.

Question 193

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable

resolution?

Options:

A.

Politely decline the engagement due to a lack of qualified staff available at the time.

B.

Complete the engagement as requested, with the best of the current staffs abilities.

C.

Consider using employees from other departments in the organization on the audit team.

D.

Change the scope of the testing to ensure that only available staff proficiencies are used

Question 194

Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

Options:

A.

Internal auditors should obtain 80 hours of continuing professional education every two years, 20 of which should be audit-related, and the remainder may be operations-related.

B.

Internal auditors should rotate to other areas of the organization for nonaudit assignments to gain an understanding of the organization ' s operations.

C.

Internal auditors should have direct and unrestricted access to personnel and information throughout the organization and the governing board.

D.

Internal auditors should undergo annual performance appraisals conducted by the chief audit executive, who reports administratively to the chief financial officer.

Question 195

An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?

Options:

A.

If it is an assurance engagement, accept the assignment because direct knowledge of the existing accounts payable processes wifi provide depth and add more value.,

B.

If it is a consulting engagement, decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible.

C.

If it is a consulting engagement, accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value.

D.

If it is an assurance engagement, accept the assignment because the chief audit executive had knowledge of the internal auditor ' s previous role when this engagement was assigned.

Question 196

Which of the following risk management techniques best describes the strategy of obtaining insurance to protect against losses due to bad weather conditions?

Options:

A.

Risk avoidance

B.

Risk reduction

C.

Risk acceptance

D.

Risk sharing

Question 197

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

Options:

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Question 198

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

Options:

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Question 199

How should the internal audit activity promote continuous improvement of organizational controls?

Options:

A.

By assessing implementation of controls m individual processes during audit engagements

B.

By identifying the most significant business processes and designing effective controls for those processes

C.

By implementing an internationally accepted internal control framework across the organization

D.

By facilitating control self-assessment sessions for managers responsible for business processes

Question 200

After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?

Options:

A.

Independence.

B.

Confidentiality.

C.

Objectivity.

D.

Competency

Question 201

An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?

Options:

A.

Inherent risk.

B.

Residual risk.

C.

Impact risk.

D.

Detection risk.

Question 202

Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Options:

A.

Benchmarking best practices

B.

Testing,

C.

Mapping,

D.

Interviewing

Question 203

An Internal auditor accepted a role as an engagement supervisor on a highly specialized and technical engagement for which she did not have the expertise. Which of the following fundamental principles of The IIA ' s Code of Ethics did she violate?

Options:

A.

Objectivity.

B.

Confidentiality.

C.

Competency.

D.

Due professional care.

Question 204

Which of the following is a legitimate role for the internal audit activity in the organization ' s risk management process ' ?

Options:

A.

Championing the establishment of a risk management framework

B.

Creating and implementing new risk management processes

C.

Maintaining sole responsibility for risk management within the organization

D.

Setting the risk appetite of the organization

Question 205

With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?

Options:

A.

Obtaining assurance on external financial, regulatory, and internal audits.

B.

Complying with laws, regulations, and codes.

C.

Assigning authority and responsibilities organization wide.

D.

Monitoring and measuring performance.

Question 206

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 207

Which of the following best describes the board’s role in establishing effective organizational governance?

Options:

A.

The board is involved in approving operational policy

B.

The board monitors key processes and procedures

C.

The board has oversight responsibility for organizational resources

D.

The board approves management ' s detailed plans and objectives

Question 208

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Options:

A.

A monitoring process,

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Question 209

An internal auditor has suspicions that some fictitious vendors have been created in the organization ' s computer system. Which of the following would be the best technique to detect this fraud?

Options:

A.

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

B.

Run checks to find matches between vendor and employee addresses

C.

Check for recurring requests for refunds where invoices are paid twice

D.

Review for unexplained increases in inventory

Question 210

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1. Consult on CSR program design and implementation.

2. Serve as an advisor on CSR governance and risk management.

3. Review third parties for contractual compliance with CSR terms.

4. Identify and mitigate risks to help meet the CSR program objectives.

Options:

A.

1,2, and 3,

B.

1 2, and 4.

C.

1, 3, and 4.

D.

2, 3, and 4.

Question 211

According to the Standards, in today ' s technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?

Options:

A.

Auditors must have an IT specialty in at least one of their organization ' s key information technology systems.

B.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

C.

Auditors must understand their organization ' s integrated test facilities and generalized audit software.

D.

Auditors must understand their organization ' s IT governance, risk, and control processes.

Question 212

Why is it imperative for the chief audit executive to track and develop the educational qualifications of internal audit staff?

Options:

A.

To accurately conduct performance appraisals

B.

To ensure that staff complete required continuing professional education credits annually.

C.

To ensure that the resources needed to complete the audit plan are available.

D.

To satisfy the audit committee requirements.

Question 213

Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?

Options:

A.

Complete a skills assessment of the internal audit activity based on. The IIA Global Internal Audit Competency Framework.

B.

Develop a competency assessment tool for the internal audit activity based on The IIA Global Internal Audit Competency Framework.

C.

Incorporate the basic criteria for competency of the internal audit activity into the job descriptions of potential internal auditors,

D.

Develop an internal audit activity plan for training internal auditors to perform required assurance and consulting activities.

Question 214

Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?

Options:

A.

Promoting continuous evaluation

B.

Promoting continuous monitoring

C.

Promoting continuous improvement

D.

Promoting continuous reporting

Question 215

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization ' s automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Options:

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry ' s production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Question 216

Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?

Options:

A.

Review the organization ' s ethical value structure and reporting procedures.

B.

Review what the organization considers to be ethical behavior, such as the employee code of conduct.

C.

Review employee survey responses and follow up on those that suggest weaknesses in the ethical climate.

D.

Review the organization ' s records to ensure all employees have signed statements that they will follow ethical practices.

Question 217

Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?

Options:

A.

Ongoing monitoring results

B.

Periodic management assessment results

C.

Annual risk assessment results

D.

Internal auditors ' training evaluation results

Question 218

Which of the following is the best example of a computer forensic audit activity?

Options:

A.

An internal auditor compared vendor addresses to employee home addresses.

B.

An internal auditor used analytical software to trace all disbursements processed on weekends.

C.

An internal auditor tried to circumvent the logical access controls of the purchasing system.

D.

An internal auditor recovered emails of an employee who was suspected of fraudulent activities

Question 219

During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?

Options:

A.

Business acumen

B.

Persuasion and collaboration

C.

Critical thinking

D.

Communication

Question 220

Senior management and the board have expressed concerns about the length of engagements and whether their outcome aligns with the organization ' s strategies and objectives. Which of the following actions, if taken by the chief audit executive, could address these concerns?

Options:

A.

Communicating to internal audit staff instructions for completing engagements within shorter time periods.

B.

Requesting additional funding from the board to train internal audit staff on time and resource management.

C.

Implementing the use of agile auditing during engagements to meet expectations.

D.

Encouraging internal audit staff to participate in workshops to further develop their understanding of the organization ' s strategies.

Page: 1 / 74
Total 735 questions