Internal Audit Fundamentals Questions and Answers
Which of the following is an example of an impairment to an internal auditor ' s independence?
Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?
Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?
An internal audit of an organization ' s disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors ' banking information?
Which of the following is a consulting service the internal audit activity can perform with respect to the organization ' s risk management?
An engagement supervisor noted that an internal auditor ' s personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner ' s area. According to MA guidance, which of the following should be used to manage this impairment?
An organization ' s operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?
Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report
- Qualifications and independence of me external assessment team
- Conclusions of assessors
- Corrective action plans
How should the CAE improve the aforementioned approach to reporting the resets of QAIP?
Which of the following is most likely to be considered a control weakness?
An internal auditor discovered that a former colleague from the internal audit activity now works in a junior position in a department scheduled for an upcoming audit. How can the auditor best ensure his objectivity for this engagement?
A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?
A chief audit executive (CAE) has just joined an organization with an existing internal audit activity. Based on her review of the current organizational structure, the CAE determines that the internal audit activity lacks adequate independence. Which of the following actions is the CAE ' s best step to take next to move the internal audit activity toward organizational independence?
Which of the following best demonstrates organizational independence of the internal audit activity?
The chief audit executive (CAE) has decided to outsource an audit of the organization ' s cloud governance in the annual audit plan. Why would the CAE outsource this audit?
Which of the following concepts is emphasized in the Mission of Internal Audit?
The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.
Which common characteristics of fraud will the practice and policy most likely reduce?
Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?
Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?
Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?
Which of the following best demonstrates internal auditors performing their work with proficiency?
The internal audit activity audited an organization ' s risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?
Which of the following most accurately describes the role of the board when it comes to organizational governance?
Which of the following statements relating to risk management is true?
Which of the following is part of a fraud detection program?
According to IIA guidance, which of the following corporate social responsibility {CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.
A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?
An organization established 20 years ago has had its internal audit activity in place for the last three years. Which of the following would allow the internal audit activity to accurately state that it is in conformance with the Standards ' ?
A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy. Which of the following is the most appropriate idea to include?
Which type of engagement requires that the client agrees with the techniques used by the internal audit activity?
A third-party provider ' s questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization ' s risk management practices was most likely ineffective?
A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?
Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?
Which of the following describes a responsibility of operating management in an organization ' s corporate social responsibility (CSR) efforts?
A newly hired internal auditor is most likely to need further education in the area of business acumen in which of the following situations?
According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?
The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program. Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?
Which of the following options describes the reason that conformance with The IIA ' s Code of Ethics is mandatory for internal auditors?
Which of the following statements is true regarding corporate social responsibility (CSR)?
The internal audit activity is performing an assessment of an organization ' s ethics program, and the engagement scope specifies a focus on the training program ' s design. According to IIA guidance, which of the following questions would be the most relevant?
1. Does the training include situations that require an ethical decision?
2. What percentage of employees have taken the training?
3. What are the results of the employee assessment of the organization ' s ethical climate?
4. Does the instructor provide feedback on the thought process to reach an ethical resolution?
Which of the following statements best describes the difference between risk appetite and risk tolerance?
According to IIA guidance, which of the following best demonstrates due professional care?
When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?
Which of the following is an indicator that the organization s risk management process is effective?
Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?
Which of the following is an example of a risk reduction strategy?
An internal audit activity uses a rotational program to recruit high-performing staff members from other parts of the organization One of these individuals is nearing the end of her four-year internal audit rotation The chief audit executive assigned her to an assurance engagement in the business area she will be going into when she leaves the internal audit activity Which of the following statements is
true regarding this scenario?
According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?
Which of the following best illustrates the application of due professional care during an audit of the procurement department?
An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?
Which of the following would be the most effective in helping to detect fraud?
Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?
According to IIA guidance, which of the following statements is true regarding ISO 31000?
Tr» chiet audit executive (CAE) of large organization is preparing job descriptions to hire five new general internal audit staff, two new IT auditors and a senior auditer how is the CAE likely to describe IT requirements for me general internal audit statt positions?
When would on-the-job training be more effective?
Which of the following actions should the organization ' s governing body perform to provide the most effective governance over the organization ' s culture?
Which of the following policies promotes internal audit objectivity?
Which of the following drivers of fraud is directly controllable by an organization?
In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?
According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?
In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?
In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?
An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?
During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management ' s request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?
In the COSO internal control framework, which of the following components serves as the foundation for the other components?
Which of the following situations undermines the independence of the internal audit activity?
During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?
The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions. The CAE was an accounting manager for the organization six months ago.
How should she respond to the request?
Senior management has requested that the internal audit activity review and amend policies where necessary when auditing the purchasing department. To which of the following would the chief audit executive most likely give primary consideration when responding to this request?
Which of the following is an example of a detective control?
A manufacturing organization ' s chief audit executive (CAE) was approached by the head of security from one of the manufacturer ' s third party suppliers The head of security requested internal audit records from a recent audit engagement involving the third-party supplier The head of security believed those records contained information that would enable to identify employees of the third-party supplier who may be involved m fraudulent activities What is the most appropriate course of action for the CAE?
Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?
Which of the following is an example of a risk avoidance strategy?
An internal audit team analyzed the organization ' s value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?
Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?
According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization’s social responsibility program is effective?
Which of the following is an example of a management control technique?
During an audit of an organization ' s accounts payable area, an internal auditor identified anomalies in the information examined that may indicate potential fraud. Which test should the auditor perform first to verify this?
Which of the following describes the internal audit activity ' s most appropriate role in an organization ' s risk management process?
As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers ' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?
According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?
Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?
A new company’s risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?
An internal auditor is assessing how the organization processes financial transactions and whether written policies and procedures are followed. The auditor requested to meet with certain employees to understand their related roles and responsibilities. However the employees refuse to meet with the auditor claiming they are too busy. Which of the following responses would best demonstrate the auditor ' s conflict-resolution skills?
Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?
Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?
Which of the following describes an ongoing monitoring activity that could be performed as part of an internal assessment for a quality assurance and improvement program (QAIP)?
Which of the following is an appropriate roe fa the internal audit activity?
A chief audit executive has reported to the board that the internal audit activity is lacking financial accounting knowledge for specific audit projects. Upon approval from the board which of the following hiring approaches is best in this situation?
Which of the following must be considered by the chief audit executive before writing the internal audit charter?
Which of the following would show appropriate disclosure of nonconformance with the Standards?
Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?
Which of the following controls would most likely prevent fraud related to the overpayment of vendors?
An internal auditor is assessing the effectiveness of the organization ' s risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?
While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?
The chief audit executive of an organization assigns audit resources to undertake a consulting engagement requested by senior management the previous year, and a scheduled assurance audit of the procurement process Which of the following appropriately differentiates the two engagements?
An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?
Which of the following is an example of a risk avoidance strategy?
An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?
A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?
The head of human resources notified the internal audit activity that a key account manager was fired because he did not register a large number of contracts with clients As a result the organization was unaware of its duties and would suffer some financial loss Which of the following should be expected from a competent internal auditor who is analyzing this situation?
The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?
When beginning an engagement to assess the effectiveness of the organization ' s newly revamped risk management processes, which of the following should internal auditors review first?
An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?
Which of the following best describes the risk contained in an initial public offering for a new stock?
Which of the following is a true statement regarding whistleblowing?
An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?
An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank ' s IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?
After the draft engagement report is issued, the manager of the area that was reviewed is informally interviewed by the engagement supervisor regarding the audit experience. Which of the following is most likely the purpose for this interview?
According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?
Which of the following represents an example of an ethical issue that the organization should address ' ?
Which of the following is an example of impairment to internal auditor independence or objectivity ' ?
Which of the following represents a deficiency in the control environment?
An internal auditor is reviewing the results of an employee survey at a mining company. Which of the following would alert the auditor to a potential ethics issue?
What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?
According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization ' s corporate social responsibility (CSR) program?
1. Determine whether the organization has adequate controls to achieve its CSR objectives.
2. Facilitate a management self-assessment of CSR controls and results.
3. Consult on the project design and implementation for the CSR program.
4. Exclude CSR-related external risks that are beyond the control of the organization.
Which of the following documents would promote objectivity within an organization ' s internal audit activity?
The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to
be included in the charter?
Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?
Which of the following is the primary benefit of establishing a formal training program for the internal audit activity?
Anew internal auditor suspects fraud is taking place. Which action should the new auditor take?
Which of the following would be a preventive control for helping to manage fraud in an organization?
Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?
Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?
Management decided to post the organization ' s newly established code of conduct on its website. This decision is primarily intended to mitigate which of the following risks?
In which of the following scenarios is the internal auditor in conformance with The IIA ' s Code of Ethics and the Standards?
During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control ' s design?
Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?
The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?
Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?
Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?
To encourage internal audit objectivity, which of the following is an appropriate policy the chief audit executive should establish?
Which of the following activities aligns with The IIA ' s Core Principles for the Professional Practice of Internal Auditing?
According to IIA guidance, which of the following statements is true regarding the internal audit activity’s responsibilities in providing consulting services?
Internal controls belong to which risk response category?
An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?
An internal auditor believes that the internal audit activity ' s independence is impaired. Which of the following actions should the internal auditor take first?
Which of the following should play a leading role in overseeing the ethical atmosphere of an organization?
Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?
Which of the following is true regarding risk analysis?
The internal auditor of a small manufacturer noted that the accounting department has insufficient staff to achieve proper segregation of duties. What type of controls would the auditor likely recommend to management to specifically address this problem?
Which of the following is a control that is used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a web-enabled application?
An organization ' s board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?
To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?
Which of the following organizations has reached the most mature level of corporate social responsibility?
A newly appointed chief audit executive (CAE) started analyzing the organization ' s policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?
Which of the following would be considered a monitoring activity in organization wide risk management?
In which of the following situations has the internal auditor violated the IIA ' s Code of Ethics?
Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?
Which of the following situations presents the lowest risk of impairing an internal audit activity ' s independence?
Which of the followIng would permit an internal audit activity to use the statement " conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?
Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?
A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE ' s best response?
Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?
The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?
Which of the following is an indicator of ineffective third-party risk management?
Which of the following statements best describes a functional difference between external auditors and internal auditors?
An internal auditor wants to compare her organization’s governance processes to those of a well-known governance model. Which of the following approaches would the auditor take for this purpose?
According to IIA guidance, which of the following is a required aspect of an internal audit charter?
Which of the following statements is true regarding control activities?
Which of the following statements best illustrates why internal auditors assess soft controls?
Which of the following fraud schemes is often an off-book fraud*?
According to IIA guidance, which of the following is an appropriate role for the internal audit activity?
Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?
Which of the following is the internal audit activity expected to do with respect to the organization ' s governance processes?
With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity ' ?
According to IIA guidance, which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?
An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?
Which of the following best describes the risk created when a manager bypasses organizational policies and procedures in order to meet an organization’s objective?
Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?
Which of the following would be considered a violation of The HAfs mandatory guidance on independence?
Which of the following situations is most likely to threaten the independence of the internal audit activity?
Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?
Which of the following statements is true regarding the importance of risk management?
Which of the following tests would most likely help discover a fictitious invoice?
An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?
A telecommunications organization is planning to cease operations in one or the markets in which it operates due to increasing volatility and uncertainties. Which of the following risk management techniques is the organization selecting?
Which of the following statements is true regarding the internal audit activity ' s quality assurance and improvement program (QAIP)?
Which of the following strategies for professional development best demonstrates an internal auditor’s competency ' ?
At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).
However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
Which of the following frauds is most likely to occur in the accounts payable function?
Which of the following demonstrates that the internal audit activity exercises due professional care?
According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?
In a small company with a small budget, the board and senior management asked the chief audit executive (CAE) to develop specific controls prompted by a new regulatory requirement affecting a specific process. The CAE was also directed to report functionally to senior management. An audit engagement on this process was already set in the internal audit plan. Which of the following represents an impairment to the internal audit activity ' s independence?
Which of the following situations undermines the independence of the internal audit activity?
Who is responsible for setting the risk appetite?
An internal auditor creates a professional development plan to obtain more experience in the organization ' s environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?
Which of the following best describes the internal audit activity’s responsibility within a risk and control framework?
According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?
1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.
2. Ability to provide relevant advice and recommendations to management and the board.
3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.
4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.
The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?
An internal auditor is assessing the effectiveness of the organization ' s risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty. According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?
During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?
If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable
resolution?
Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?
An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?
Which of the following risk management techniques best describes the strategy of obtaining insurance to protect against losses due to bad weather conditions?
Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?
A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?
How should the internal audit activity promote continuous improvement of organizational controls?
After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?
An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?
Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?
An Internal auditor accepted a role as an engagement supervisor on a highly specialized and technical engagement for which she did not have the expertise. Which of the following fundamental principles of The IIA ' s Code of Ethics did she violate?
Which of the following is a legitimate role for the internal audit activity in the organization ' s risk management process ' ?
With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?
Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?
Which of the following best describes the board’s role in establishing effective organizational governance?
Which of the following must be in existence as a precondition to developing an effective system of internal controls?
An internal auditor has suspicions that some fictitious vendors have been created in the organization ' s computer system. Which of the following would be the best technique to detect this fraud?
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation.
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.
According to the Standards, in today ' s technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?
Why is it imperative for the chief audit executive to track and develop the educational qualifications of internal audit staff?
Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity’s knowledge, skills, and competencies?
Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?
The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization ' s automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?
Which of the following is the most effective way for internal auditors to determine whether ethical values are followed throughout the organization?
Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?
Which of the following is the best example of a computer forensic audit activity?
During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?
Senior management and the board have expressed concerns about the length of engagements and whether their outcome aligns with the organization ' s strategies and objectives. Which of the following actions, if taken by the chief audit executive, could address these concerns?