Internal Audit Engagement Questions and Answers
According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.
According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?
Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?
When addressing the excessive overtime being paid lo employees in an organization ' s customer service call center, which of the following would be most relevant for the internal auditor to use?
1 Confirmation.
2. Trend analysis.
3 External benchmarking
4. Internal benchmarking
The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?
According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?
Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?
When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?
An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?
Which procedure should an internal auditor perform to determine the audit objective?
During an internal audit engagement, which of the following is true regarding the decision to use statistical sampling or nonstatistical sampling?
Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?
An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?
An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?
An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Which of the following is least likely to help ensure that risk is considered in a work program?
A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?
A chief audit executive (CAE) received a detailed internal report of senior management ' s internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management ' s assertions?
Which of the following procedures would provide the most reliable evidence for an internal auditor testing whether defective products are effectively being identified and removed during processing before shipping to customers?
According to IIA guidance, which of the following steps should precede the development of audit engagement objectives?
Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?
An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?
In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?
Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
Ensure encryption keys meet ISO standards.
Determine whether an independent review of the service provider ' s operation has been conducted.
Verify that the service provider’s contracts include necessary clauses.
Verify that only public-switched data networks are used by the service provider.
Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?
An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?
Which of the following internal audit activities is performed in the design evaluation phase?
An internal auditor is testing the success of the IT support department in meeting the service levels guaranteed to small, medium and large customers. The customer ' s size classification is based on its annual expenditures with the organization and the nature and extent of services it receives. Which of the following sampling techniques would be the most suitable to select customers for this test?
Which of the following recognized competitive strategies focuses on gaining efficiencies?
In which of following scenarios is the internal auditor performing benchmarking?
A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
Which of the following is an appropriate role for the internal audit activity with regard to the organization ' s risk management program?
An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?
An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?
Which of the following represents a ratio that measures short term debt-paying ability?
Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?
Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?
The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?
Which of the following is an example of a properly supervised engagement?
' Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.
A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’
Which of the following should be added to the observation?
An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?
Which of the following is the primary engagement responsibility of an entry-level internal auditor?
Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?
Which of the following statements is true regarding engagement planning?
The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
Which of the following situations is most critical for the chief audit executive to report to the board?
According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization ' s cash disbursements process?
Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?
An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?
Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?
Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?
Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?
Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?
1.Ensure encryption keys meet ISO standards.
2.Determine whether an independent review of the service provider ' s operation has been conducted.
3.Verify that the service provider ' s contracts include necessary clauses.
4.Verify that only public-switched data networks are used by the service provider
The head of customer service asked the chief audit executive (CAE) whether internal auditors could assist her staff with conducting a risk self-assessment in the customer service department The CAE promised to meet with customer service managers analyze relevant business processes and come up with a proposal Who is most likely to be the final approver of the engagement objectives and scope?
A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?
Which of the following is an appropriate activity when supervising engagements?
Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
During engagement planning, which party provides the most accurate and up-to-date description of how organizational processes and key controls operate?
Which of the following statements is true regarding the final assurance engagement report issued to management?
During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:
" As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the
respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure
to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended
that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management
should register the subsidiary in the current year as soon as possible. "
What part of this narrative represents a condition of the observation made by auditors in the final report?
Which of the following statements about including consulting engagements in the annual internal audit plan is true?
Which of the following audit steps would an internal auditor most likely be questioned on?
During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the
Following information-gathering techniques is the auditor most likely to use?
An internal auditor wants to identity potential ghost employees in the organization ' s payroll system The auditor extracts the following data
- Human resources data with employees ' names addresses employment conditions and identification codes
- Payroll data
- Logs from entrance systems
With this data, which of the following types of ghost employees will the auditor be able to identify?
Which of the following is the best audit procedure to obtain evidence of an organization ' s legal ownership of a new property?
Which of the following statements accurately describes the Standards requirement for ret internal audit records?
Which of the following actions best describes an internal auditor ' s use of test data to determine whether an organization ' s new accounts payable system avoids processing questionable invoices for payment?
According to IIA guidance, which of the following describes the primary reason the chief audit executive (CAE) should actively network and build relationships with senior management and the board?
Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?
Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?
An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?
A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?
Which of the following methods is most closely associated to year over year trends?
An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?
Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?
When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?
An internal auditor concluded that delays in an ongoing construction project have cost the organization $10 million to date. Which documents should be included in the audit workpapers to provide sufficient evidence to support the conclusion?
The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?
White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?
Which of the following would most likely be found in an organization that uses a decentralized organizational structure?
During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?
According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?
Which of the blowing is an example of a compliance assurance engagement?
Which of the following statements is true regarding internal control questionnaires?
An internal auditor selects a sample of paid invoices and matches them to receiving reports. What is the most likely purpose for this procedure?
Which of the following is an example of a directive control?
Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?
Which of the following processes does the board manage to ensure adequate governance?
Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?
According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1.Consult on CSR program design and implementation
2.Serve as an advisor on CSR governance and risk management.
3.Review third parties for contractual compliance with CSR terms
4Identify and mitigate risks to help meet the CSR program objectives
An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?
Which of the following situations would justify the removal of a finding from the final audit report?
Which of the following is true of matrix organizations?
An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?
While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?
The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?
An internal auditor is assessing whether a vendor onboarding procedure is being followed in all business units. The procedure has been centrally designed and depicts activities and validations that must be performed at every step. Which of the following is the most suitable way to compile an internal control questionnaire?
An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?
An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?
The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?
An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE ' s responsibility at the meeting?
Who is responsible for ensuring internal auditors continuing professional development*
According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management ' s response to audit recommendations?
An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?
Which of the following is required to classify, label, organize, and search big data stored and used in an organization?
Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?
An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?
The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?
The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?
An internal auditor is planning an audit engagement of a subsidiary organization. The auditor learns that a corporate investigator from the holding organization is investigating the subsidiary regarding a fraud case. Which of the following is true regarding the scope of the internal auditor’s engagement?
Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?
According to IIA guidance, which of the following statements is true regarding audit workpapers?
An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?
An internal audit intends to create a risk and control matrix to better understand the organization ' s complex manufacturing process. With which of the following approaches would the auditor most likely start?
A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report’s validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?
Which of the following is a disadvantage of using flowcharts during a risk assessment?
Which of the following is a true statement regarding whistleblowing?
Which of the following statements is true regarding internal auditors and other assurance providers?
According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?
To keep management informed of audit progress when audit engagements extend over a long period of time.
To provide an alternative to a final report for limited-scope audit engagements.
To communicate a change in engagement scope for the activity under review.
According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?
Which of the following is critical to the success of an effective interview?
An internal auditor is using computer-assisted audit techniques to examine employee expenses across several divisions of the organization. Which of the following is true in this situation?
To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?
Which of the following best describes the engagement objective in a banking compliance audit?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?
Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?
During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?
In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?
An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?
The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?
Which of the following engagement supervision activities should be performed first?
An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?
Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?
An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?
Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?
An organization has a mature control environment but limited internal audit resources. Given this scenario, on which of the following should the internal auditors focus their testing?
Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?
According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?
According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?
Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization ' s head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?
Which of the following represents a ratio that measures short-term debt-paying ability?
An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
Which of the following best describes the manual audit procedure known as vouching?
Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?
Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization ' s ability to continue business. How would the chief audit executive respond?
An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?
A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?
In which of the following situations has an internal audit of obtained physical evidence?
How do internal auditors generally determine the priority of the areas within the engagement scope?
In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?
Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?
Which of the following should be included in a company ' s year-end inventory valuation?
Organizations that adopt just-in-time purchasing systems often experience which of the following?
An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?
1. In the opinion of the CAE the level of residual risk assumed by senior management is too high
2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales
3. The cost of modifying the sales system to include a preventive control is less than S100.000
An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?
Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?
Which of the following statements is true regarding corporate social responsibility (CSR)?
An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?
While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an Important compensating control had not been considered adequately by the audit team when it reported a major control weakness Therefore, the CAE returned the documentation to the auditor in charge for correction Based on this Information, which of the following sections of the workpapers most likely would require changes?
1.Effect of the control weakness.
2.Cause of the control weakness
3.Conclusion on the control weakness.
4.Recommendation for the control weakness.
The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7
The engagement supervisor would like lo change the audit program ' s scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?
According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?
Which of the following best describes the four components of a balanced scorecard?
According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^
According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?
Which of the following is an example of a properly supervised engagement?
Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity ' s recommendations are being acted upon?
Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?
An internal auditor s examination of accounts receivable generates the following results:
What is the projected misstatement for the population if ratio estimation is used?
A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?
When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?
Which of the following best describes the risk contained in an initial public offering for a new stock?
What would be the effect if an organization paid one of its liabilities twice during the year, in error?
According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management ' s responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?
Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that
management is considering acquiring?
The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?
The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?
Which of the following is most likely to be considered a control weakness?
An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?
According to IIA guidance, which of the following is a limitation of a heat map?
In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?
According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?
Which of the following best describes how an internal auditor would use a flowchart during engagement planning?
Which of the following statements is true regarding an organization’s inventory valuation?
Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor ' s most appropriate next step?
After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?
An engagement supervisor reviewed a staff internal auditor ' s documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?
Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization ' s strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *
Which of the following approaches would best help an internal auditor determine whether a retailer database of 100,000 customers has nay duplicate accounts?
It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?
Which of the following is the primary reason a chief audit executive should network with an organization’s executives?
Which of the following statements is true regarding the reporting of tangible and intangible assets?
While conducting an audit of a third party ' s Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4. Submit management ' s plan of action to the external auditors for additional review.
The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?
A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?
According to IIA guidance, which of the following would be considered necessary for a one-person audit function?
According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?
The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?
Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?
At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts
• The first payment of 10% after approval of the customer s application
• The second payment of 70% prior to construction
• The third payment of 20% after construction is complete
Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?
As a result of server managements assumption of risk there is residual risk that exceeds me organisation ' s risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?
Which of the following should the chief audit executive do when evaluating the possibility of relying on external auditors ' work?
According to IIA guidance, which of the following statements regarding the internal audit charter is true?
When auditing an organization ' s cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?
Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?
An internal auditor wants to determine if employees spend more than their approved daily stipend for meals. Which technique would be most appropriate to identify meal expenses that exceed the approved threshold?