Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

IIA IIA-CIA-Part2 Dumps

Internal Audit Engagement Questions and Answers

Question 1

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Question 2

According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?

1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.

2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.

3. Provide structured learning opportunities for engagement auditors when possible.

4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 3

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Question 4

Which of the following is an advantage of an internal audit activity coordinating with a management-defined risk universe?

Options:

A.

Increased completeness, including risk categories like political, supplier, and social media.

B.

Business managers can identify and assess risks that occur within each category.

C.

The internal audit activity can rely on management ' s risk assessment.

D.

Organizationwide audits are required since risk events within categories occur in many different ways.

Question 5

When addressing the excessive overtime being paid lo employees in an organization ' s customer service call center, which of the following would be most relevant for the internal auditor to use?

1 Confirmation.

2. Trend analysis.

3 External benchmarking

4. Internal benchmarking

Options:

A.

1.2 and 3

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3. and 4.

Question 6

The chief audit executive was asked to define me internal audit activity s key performance indicators (KPIs) tor the upcoming year. The KPIs must measure efficiency and effectiveness. Which of the following is an example of a KPI that measures effectiveness?

Options:

A.

Internal audit reports are consistently submitted prior to the audit report deadline

B.

Post engagement surveys completed by management indicate a " meets or exceeds expectations " idling

C.

There is a significant reduction of travel costs per project over the next fiscal year

D.

Internal auditors identify a minimum number of issues and provide recommendations to address them for each audit

Question 7

According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?

Options:

A.

Communication of any internal ethics violations to external parties may occur with appropriate safeguards.

B.

Cultural impacts are less critical where the organization practices uniform polices around the globe.

C.

Cross-cultural differences should always be handled by the staff of the same cultural background.

D.

Local law enforcement should be involved as they are more familiar with the applicable local laws.

Question 8

An internal audit manager is planning a contract compliance audit Which of the following should be done prior to developing the audit work program?

Options:

A.

Select a sample of invoices for substantive testing

B.

Review the contract for evidence of authorization

C.

Document underlying reasons for noncompliance

D.

Assess the inherent risk of paying duplicate invoices

Question 9

Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?

Options:

A.

A procurement manager does not have the expected academic credentials for his position

B.

A salesperson frequently complains about the organization ' s policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions

D.

A financial accountant is absent from work frequently due to regular medical procedures

Question 10

When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?

Options:

A.

Intern accounting management via an interim memorandum update

B.

Note the item in the workpapers for inclusion in the final audit report

C.

Call a meeting and discuss me issue with the audit committee

D.

Alert the CEO as soon as the issue is discovered

Question 11

An internal auditor has been asked to join a project team to help design controls in a software application to address specific risks that have been identified by the team Which of the following actions is most appropriate for the internal auditor to perform?

Options:

A.

Facilitate a control assessment to ensure all application risks were appropriately identified

B.

Advise the project team on how to develop effective controls

C.

Direct the project team to implement the appropriate controls within the software application

D.

Provide assurance that the design of the controls will mitigate the identified application risks

Question 12

Which procedure should an internal auditor perform to determine the audit objective?

Options:

A.

Meet with the board to discuss emerging issues and concerns

B.

Conduct a risk assessment of the area under review

C.

Establish the boundaries of the engagement

D.

Outline what will be included in the review

Question 13

During an internal audit engagement, which of the following is true regarding the decision to use statistical sampling or nonstatistical sampling?

Options:

A.

The decision affects the test procedures performed.

B.

The auditor ' s response to errors detected will be influenced.

C.

The competence of the evidence obtained is greater with statistical sampling.

D.

Nonstatistical sampling may be more cost effective.

Question 14

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization ' s key business processes.

D.

Increased access to the organization’s software and proprietary data.

Question 15

An internal audit team leader is having difficulties completing the planning phase of an assurance engagement because the business unit lacks a system of internal controls. Which of the following is the most appropriate course of action for the internal audit team leader?

Options:

A.

Defer the engagement until a system of internal control has been established

B.

Change the scheduled engagement from assurance to consulting to help correct the shortcomings

C.

Add a consulting component to the already scheduled assurance engagement

D.

Seek the involvement of the external auditor to assist with improving the internal controls

Question 16

An internal auditor develops an engagement observation related to an organization ' s accumulation of large travel advances. The auditor observes that the organization ' s procedures do not require justification for travel advances greater than a specific amount Which of the following best describes the organization ' s procedures?

Options:

A.

A criterion of the organization ' s accumulation of large travel advances

B.

A condition of the organization ' s accumulation of large travel advances

C.

A consequence of the organization ' s accumulation of large travel advances

D.

A cause of the organization ' s accumulation of large travel advances

Question 17

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Options:

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Question 18

Which of the following is least likely to help ensure that risk is considered in a work program?

Options:

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Question 19

A corporate merger decision prompts the chief audit executive (CAE) to propose interm changes to the existing annual audit plan to account for emerging risks Which of the following Is the most appropriate action for the CAE to take regarding the changes made to the audit plan?

Options:

A.

Present the revised audit plan directly to the board for approval

B.

Communicate with the chief financial officer and present the revised audit plan to the CEO for approval.

C.

Present the revised audit plan directly to the CEO for approval.

D.

Communicate with the CEO and present the revised audit plan to the board for approval

Question 20

A chief audit executive (CAE) received a detailed internal report of senior management ' s internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management ' s assertions?

Options:

A.

Assert whether the described and reported control processes and systems exist.

B.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

C.

Evaluate the completeness of the report and management ' s responses to identified deficiencies.

D.

Determine whether management ' s operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Question 21

Which of the following procedures would provide the most reliable evidence for an internal auditor testing whether defective products are effectively being identified and removed during processing before shipping to customers?

Options:

A.

Reviewing quality department survey results, which show 96% of employees believe all defective products are removed prior To shipping.

B.

Physically inspecting a sample of completed processing cycles for detective products prior to shipment.

C.

Observing employees while they raped products for defects

D.

Reviewing a quality report provided by management mat snows 13 products were identified and removed during me most recent processing cycle

Question 22

According to IIA guidance, which of the following steps should precede the development of audit engagement objectives?

Options:

A.

Identification of controls.

B.

Scope establishment.

C.

Risk assessment.

D.

Review of resources.

Question 23

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

Options:

A.

There is no risk management and control process and risk management is solely tie responsibility of operational managers

B.

The organisation’s code of conduct is distributed to employees each year however employees are not required to attest that they will operate In compliance with the code.

C.

Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was canceled, and the agenda topics were covered at the following meeting.

D.

The review of the five-year strategic plan shows that the details of the plan have not been dearly communicated to employees throughout the organization

Question 24

An organization experiencing staff shortages wants to contract a temporary employee to assist with work in the accounting office. Which of the following controls should be in place to ensure the temporary employee performs the assigned work before payment is issued?

Options:

A.

A three-way match between the invoice, purchase requisition, and documentation of receipt of services

B.

A member of management approves the purchase requisition before the temporary employee begins work

C.

A scope of work for the temporary employee is included in the purchase requisition and signed by the organization

D.

Payments to the vendor are analyzed monthly to ensure they do not exceed the amount approved on the purchase order

Question 25

In the years after the mid-service point of a depreciable asset, which of the following depreciation methods will result in the highest depreciation expense?

Options:

A.

Sum of the years’ digits.

B.

Declining balance.

C.

Double-declining balance.

D.

Straight line.

Question 26

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

Options:

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring.

D.

Include all types of observations in the monitoring process.

Question 27

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

Ensure encryption keys meet ISO standards.

Determine whether an independent review of the service provider ' s operation has been conducted.

Verify that the service provider’s contracts include necessary clauses.

Verify that only public-switched data networks are used by the service provider.

Options:

A.

1 and 3.

B.

1 and 4.

C.

2 and 3.

D.

2 and 4.

Question 28

Which statement best describes the benefit of using workpapers from recent internal audit engagements of the area under review to plan new engagements?

Options:

A.

Recent workpapers can help during the planning of a new engagement to understand any corrective actions taken by management to address previous engagement observations.

B.

Tests described in recent workpapers can be copied into the new workpapers to save time from reperforming a risk assessment.

C.

Recent workpapers serve as the best source for identification of the risks to be examined in the new engagement.

D.

The new engagement scope can be derived from recent workpapers to ensure the reperformance of engagement procedures.

Question 29

An organization has identified new strategic goals, and a current objective is to determine an optimal course of action to meet those goals. Which data analytics method is used to achieve this objective?

Options:

A.

Diagnostic analysis

B.

Predictive analysis

C.

Network analysis

D.

Prescriptive analysis

Question 30

Which of the following internal audit activities is performed in the design evaluation phase?

Options:

A.

The internal auditor reviews prior audits and workpapers.

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management.

Question 31

An internal auditor is testing the success of the IT support department in meeting the service levels guaranteed to small, medium and large customers. The customer ' s size classification is based on its annual expenditures with the organization and the nature and extent of services it receives. Which of the following sampling techniques would be the most suitable to select customers for this test?

Options:

A.

Interval sampling

B.

Cluster sampling

C.

Stop-and-go sampling

D.

Stratified sampling

Question 32

Which of the following recognized competitive strategies focuses on gaining efficiencies?

Options:

A.

Focus

B.

Cost leadership.

C.

Innovation

D.

Differentiation

Question 33

In which of following scenarios is the internal auditor performing benchmarking?

Options:

A.

The auditor compares information from one period with the same information from the poor period

B.

The auditor compares new information to his general knowledge of the organization

C.

The auditor compares information he collected with simmer information from another source

D.

The auditor compares expected outcomes with actual results

Question 34

A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline ' s pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?

Options:

A.

Training costs allocated to the number of aircraft delivered, and the cost of actual production hours completed to date.

B.

All completed training costs, and the cost of actual production hours completed to date.

C.

Training costs allocated to the number of aircraft delivered, and 50% of contracted production costs.

D.

All completed training costs, and 50% of the contracted production costs.

Question 35

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

Options:

A.

A description of their job responsibilities.

B.

A non-disclosure agreement

C.

An annual declaration of commitment to The HAs Code of Ethics.

D.

The internal audit charter

Question 36

Which of the following is an appropriate role for the internal audit activity with regard to the organization ' s risk management program?

Options:

A.

Identify and manage risks in line with the organization ' s risk appetite.

B.

Ensure that a proper and effective risk management process exists.

C.

Attain an adequate understanding of the organization ' s key risk mitigation strategies.

D.

Identify and ensure that appropriate controls exist to mitigate risks.

Question 37

An internal auditor was assigned to review controls in the accounts payable function. Most of tie accounts payable processes are performed by a third-party service provider. The auditor included in the audit report a number of control deficiencies involving processes performed by the service provider. The service provider requested a copy of the report Which of Vie following would be the most appropriate response from the chief audit executive (CAE)?

Options:

A.

The CAE would automatically sand a copy of the report to the service provider as many of the findings relate to Via area managed by the service provider

B.

The CAE may distribute the report to tie service provider at no cost, after consulting with legal counsel and tie chief compliance officer

C.

The CAE may provide a copy of the audit report to the service provider If an agreement & signed and the service provider agrees to reimburse the cost of the auditD, The CAE should benchmark with other organization in the industry by consorting with colleagues and distribute the report only I it is an acceptable practice m the industry

Question 38

An internal auditor at an electricity provider analyzes data sets related to customers’ household electricity usage, including payments, consumption, profiles, etc. The objective is to assess the completeness of the invoicing process. Which of the following would be the best approach to fulfill this purpose?

Options:

A.

Conduct a trend analysis of customers ' payment history and flag those with the most inconsistent payments and debts

B.

Conduct a ratio analysis by calculating the relationship between sums paid in local currency and volume of electricity billed in megawatt hours

C.

Conduct an analysis of clients’ electricity consumption patterns within a specified period and identify consumption spikes

D.

Conduct a comparison to identify deviations between electricity amounts billed to customers and information regarding actual consumption

Question 39

Which of the following represents a ratio that measures short term debt-paying ability?

Options:

A.

Debt-to-equity ratio.

B.

Profit margin.

C.

Current ratio.

D.

Times interest earned.

Question 40

Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Options:

A.

The financial interest the service provider may have in the organization.

B.

The relationship the service provider may have had with the organization or the activities being reviewed.

C.

Compensation or other incentives that may be applicable to the service provider.

D.

The service provider ' s experience in the type of work being considered.

Question 41

Which of the following data analysis techniques is used to identify inappropriately matching values, such as names, addresses, and account numbers in disparate systems?

Options:

A.

Stratification of numeric values

B.

Gap testing

C.

Joining different data sources

D.

Duplicate testing

Question 42

Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?

Options:

A.

The amount of experience the auditors have conducting audits in the specific area of the organization.

B.

The availability of the auditors in relation to the availability of key client staff.

C.

Whether the budgeted hours are sufficient to complete the audit within the current scope.

D.

Whether outside resources will be needed, and their availability.

Question 43

During a consulting engagement an internal auditor wants to determine whether all principal stakeholders are involved in a project. Which tool should the auditor use?

Options:

A.

RACI (responsible, accountable, consult and inform) chart

B.

Flowchart

C.

SWOT{strengths. weaknesses opportunities, and threats) analysis

D.

Workflow analysis

Question 44

The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?

Options:

A.

Contract with the software vendor to provide an appropriate resource.

B.

Ask for a knowledgeable resource from the IT department.

C.

Make use of an external service provider.

D.

Request audit resources through the external auditor.

Question 45

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues’ workpapers for completeness and format

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met

Question 46

' Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.

A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’

Which of the following should be added to the observation?

Options:

A.

The reason for not following the internal policy

B.

A description of what constitutes proper approval

C.

The annual impact of the changed agreement on cash flows

D.

Details regarding when the change to the agreement was signed

Question 47

An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?

Options:

A.

Ask the external auditor to review the same transaction again as an independent third party

B.

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

C.

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

D.

Compare the recording of this transaction to now similar ones were executed last year

Question 48

Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Options:

A.

Leadership

B.

Documentation.

C.

Analysis.

D.

Reporting

Question 49

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Options:

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Question 50

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management ' s view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Question 51

The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?

Options:

A.

It minimizes the amount of time spent and cost incurred to gather the necessary information.

B.

Responses can be confidential, thus encouraging participants to be candid expressing their concerns.

C.

Workshops do not require extensive facilitation skills and are therefore ideal for nonauditors.

D.

Workshop participants have an opportunity to learn while contributing ideas toward the objectives.

Question 52

Which of the following situations is most critical for the chief audit executive to report to the board?

Options:

A.

The chief audit executive disagreed with the business unit manager ' s initial decision to accept a particular risk Management ultimately agreed to address the risk only after discussing the issue with senior management.

B.

The internal audit activity was restructured, which resulted in a significant change in responsibilities among audit managers and supervisors for some audits

C.

A staff internal auditor had difficulties completing a portion of the audit because management of the area under review was unwilling to cooperate and provide information timely.

D.

The resignation of an internal audit manager during the year caused the chief audit executive to defer a number of audit engagements to the following year.

Question 53

According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization ' s cash disbursements process?

Options:

A.

The accounts payable supervisor, accounts payable manager, and controller.

B.

The accounts payable manager, purchasing manager, and receiving manager.

C.

The accounts payable supervisor, controller, and treasurer.

D.

The accounts payable manager, chief financial officer, and audit committee.

Question 54

Which of the following is the primary reason an internal auditor would issue an interim report during an engagement?

Options:

A.

To provide a status update on a short engagement to management of the area under review and to the audit supervisor.

B.

To confirm agreement with preliminary observations and conclusions identified during the engagement.

C.

To provide those responsible for the area under review with the opportunity to act on certain observations immediately.

D.

To verify that the corrective actions required by senior management are completed as agreed.

Question 55

An internal auditor examined a nostatistical sample of open accounts receivable balances and discovered that 10 out of 60 exceeded the approved unseated credit limit threshold defined by the organization ' s policy What should the auditor document in the workpapers?

Options:

A.

Credit limit over drafts are not monitored in accordance with the organizations policy

B.

Seventeen percent of customers ' open balances in the sample exceed their approved unsecured credit rent

C.

The threshold for credit limits defined by the organization ' s policy is not adequate

D.

Management should perform monthly monitoring of open customer balances

Question 56

Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Options:

A.

Report follow-up activities to senior management.

B.

Implement follow-up procedures to evaluate residual risk.

C.

Determine the costs of implementing the recommendations.

D.

Evaluate the extent of improvements.

Question 57

Which of the following is one of the five attributes that internal auditors include when documenting a deficiency?

Options:

A.

The criteria used to make the evaluation

B.

The methodology used to analyze data

C.

The proposed follow-up engagement work to be performed

D.

The scope of work performed during the engagement

Question 58

Which of the following statements is most accurate with respect to the required elements of the quality assurance and improvement program?

Options:

A.

Internal assessments provide sufficient objectivity to provide evidence to the board that the internal audit activity understands the organization ' s control processes.

B.

Quality assessments focus on the internal audit activity’s structure, relationships with stakeholders, compliance with the Standards, and internal audit staff proficiency.

C.

in order to comply with the Standards, the internal audit activity must obtain an objective assessment of its processes and function at least once a year

D.

Internal auditors completing internal assessments must demonstrate certification to perform quality assessments

Question 59

Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?

Options:

A.

The senior auditors are unavailable, as they are currently working on other portions of the engagement

B.

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.

The audit engagement has a tight deadline and the work must be completed timely.

D.

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement

Question 60

Which of the following steps should an internal auditor complete when conducting a review of an electronic data interchange application provided by a third-party service?

1.Ensure encryption keys meet ISO standards.

2.Determine whether an independent review of the service provider ' s operation has been conducted.

3.Verify that the service provider ' s contracts include necessary clauses.

4.Verify that only public-switched data networks are used by the service provider

Options:

A.

1 and 3.

B.

1 and 4

C.

2 and 3.

D.

2 and 4.

Question 61

The head of customer service asked the chief audit executive (CAE) whether internal auditors could assist her staff with conducting a risk self-assessment in the customer service department The CAE promised to meet with customer service managers analyze relevant business processes and come up with a proposal Who is most likely to be the final approver of the engagement objectives and scope?

Options:

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Question 62

A newly appointed chief audit executive (CAE) of a small organization is developing a resource management plan. Which of the following approaches would be most beneficial to help the CAE obtain details of the internal audit activity ' s collective knowledge, skills, and other competencies?

Options:

A.

Review or establish a documented skills assessment of the internal audit staff and gather information from post-audit surveys.

B.

Obtain from the human resources department the job descriptions and position requirements for all internal audit staff.

C.

Conduct an objective written test of the internal audit staff to assess their knowledge and skills related to core internal audit competencies.

D.

Request the internal audit staff to submit a document that summarizes their most recent performance appraisals and post audit reviews.

Question 63

Which of the following is an appropriate activity when supervising engagements?

Options:

A.

During engagement planning, the audit work program should be discussed between auditors and the engagement supervisor with the supervisor approving the work program.

B.

During fieldwork, scope changes made to the work program are at the auditor ' s discretion and should be supported adequately in the workpapers.

C.

Engagement supervision is most critical to the fieldwork and reporting phases of the audit, as this is where the majority of the work takes place.

D.

A degree of high supervision to no supervision may be provided to an auditor depending on his level of competence and the complexity of the engagement.

Question 64

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Question 65

During engagement planning, which party provides the most accurate and up-to-date description of how organizational processes and key controls operate?

Options:

A.

The management responsible for the activity under review

B.

The individuals who perform the daily tasks and functions of the activity under review

C.

The external auditors since they understand the key controls behind the financial statements

D.

The board of directors since they provide overall oversight for the organization

Question 66

Which of the following statements is true regarding the final assurance engagement report issued to management?

Options:

A.

Ratings are only used to assess the condition of an observation made by an internal auditor.

B.

Audit findings may be communicated to management prior to issuance of the final approved audit report.

C.

Communications must be relevant logical, and free from errors before they are disseminated.

D.

The audit report must present the information in the following order (1) audit scope, (2) engagement objectives, and (3) engagement results

Question 67

During an engagement in one of the subsidiaries of an organization, an internal auditor noted the following in the workpapers:

" As a subsidiary of a multinational organization in this particular country, the entity is required to register annually with the

respective ministry. However, the subsidiary did not submit the required documentation for registration during the prior year. Failure

to comply with internal and external regulations could lead to penalties or fines from the respective authorities. It is recommended

that the management of the subsidiary ensures compliance with the relevant legislation. As a recoverable action, management

should register the subsidiary in the current year as soon as possible. "

What part of this narrative represents a condition of the observation made by auditors in the final report?

Options:

A.

" ... the subsidiary did not submit required documentation for registration in the prior year. "

B.

" ... the entity is required to register annually with the respective ministry. "

C.

" ... failure to comply with internal and external regulations might lead to penalties or fines from the respective authorities. "

D.

" ... management should register the subsidiary in the current year as soon as possible. "

Question 68

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Question 69

Which of the following audit steps would an internal auditor most likely be questioned on?

Options:

A.

The auditor confirms the organization ' s ownership of physical equipment by verifying its presence on site visually.

B.

The auditor vouches for a sample of check copies to support voucher packages to test the checks ' validity.

C.

The auditor vouches a sales invoice to a shipping document to conclude that the invoice has been issued.

D.

The auditor recalculates the allowance for doubtful accounts based on management assertions.

Question 70

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

Options:

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area ' s business plan.

D.

A review of previous audit and follow- up results of the area under review

Question 71

An internal auditor wants to identity potential ghost employees in the organization ' s payroll system The auditor extracts the following data

- Human resources data with employees ' names addresses employment conditions and identification codes

- Payroll data

- Logs from entrance systems

With this data, which of the following types of ghost employees will the auditor be able to identify?

Options:

A.

Employees who are being paid more than then approved wages

B.

Employees who get paid although their employment has expired

C.

Employees who are related to one of the subcontractors

D.

Employees who are physically present at the workplace but who do not perform the specified job duties

Question 72

Which of the following is the best audit procedure to obtain evidence of an organization ' s legal ownership of a new property?

Options:

A.

Review documents registered with the appropriate governmental authority.

B.

Examine the board of directors ' minutes and look for approvals to acquire property.

C.

Confirm with senior management and legal counsel concerning property acquisition.

D.

Confirm ownership with the title company that handles the escrow account.

Question 73

Which of the following statements accurately describes the Standards requirement for ret internal audit records?

Options:

A.

Retention requirements for internal audit records should be compliant with ones set for external audit records

B.

Retention requirements should take into account the medium in which internal audit records are stored

C.

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

D.

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Question 74

Which of the following actions best describes an internal auditor ' s use of test data to determine whether an organization ' s new accounts payable system avoids processing questionable invoices for payment?

Options:

A.

Creating an automated tool that monitors the computer program on a daily basis for potential issues that need corrective actions.

B.

Using an automated system that assists internal auditors with automating the risk analysis of the computer program for invoicing

C.

Embedding tools in the computer program to analyze the review processes of invoices for potential issues that may hamper payments

D.

Adding invoices to the computer program to assess the reliability and effectiveness of the review process and whether controls work.

Question 75

According to IIA guidance, which of the following describes the primary reason the chief audit executive (CAE) should actively network and build relationships with senior management and the board?

Options:

A.

To fulfill the CAE ' s responsibility to keep the board appropriately informed.

B.

To expand the CAE ' s understanding of management issues.

C.

To help maintain the objectivity of the internal audit activity.

D.

To increase opportunities to demonstrate the internal audit activity performance.

Question 76

Which of the following is a primary reason for an internal auditor to use a risk and control questionnaire when auditing financial processes?

Options:

A.

To gain an understanding of the control environment

B.

To collect as much financial data as possible before engagement fieldwork begins.

C.

To test the effectiveness of financial controls in an efficient and relatively inexpensive way

D.

To facilitate the quantification of financial data obtained

Question 77

Which of the following is the primary reason the chief audit executive should consider the organization ' s strategic plans when developing the annual audit plan?

Options:

A.

Strategic plans reflect the organization ' s business objectives and overall attitude toward risk.

B.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

C.

Strategic plans are likely to show areas of weak financial controls.

D.

The strategic plan is a relatively stable document on which to base audit planning.

Question 78

An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

Options:

A.

Switch the existing assurance engagement into a fraud investigation engagement

B.

Extend the audit scope and perform additional testing of controls on other related areas

C.

Review the poor year ' s transaction volume and amounts paid compared to the poor year ' s budget

D.

Perform data analytics on the supplier ' s information, invoiced amounts, and payments performed

Question 79

A chief audit executive (CAE) is trying to balance the internal audit activity ' s needs for technical audit skills budget efficiency and staff development opportunities. Which of the following would best assist the CAE in achieving this balance1?

Options:

A.

Strategic sourcing

B.

Loan staff arrangement

C.

Flat organizational structure

D.

Hierarchical organizational structure

Question 80

Which of the following methods is most closely associated to year over year trends?

Options:

A.

Horizontal analysts

B.

Vertical analysis.

C.

Common-size analysis.

D.

Ratio analysis.

Question 81

An internal auditor is asked to review a recently completed renovation to a retail outlet. Which of the following would provide the most reliable evidence that the completed work conformed to the plan?

Options:

A.

An interview with the employee who performed the work

B.

An analysis of purchasing and receiving documentation

C.

Existence of a signed completion document accepting the work

D.

A physical inspection of the retail outlet.

Question 82

Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?

Options:

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment.

B.

Policies that match internal auditors ' performance with feedback from management of the area under review

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of Inappropriate business relationships

Question 83

When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?

1. The competency and qualifications of the audit staff for specific assignments.

2. The effectiveness of IAA staff performance measures.

3. The number of training hours received by staff auditors compared to the budget.

4. The geographical dispersion of audit staff across the organization.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 84

An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Options:

A.

Assess the status of corrective action during a follow-up audit engagement after the action plan has been completed.

B.

Assess the effectiveness of corrections by reviewing statistics related to unplanned system outages, and denials of service.

C.

Reassign information systems auditors to assist in implementing management ' s action plan.

D.

Evaluate the ability of the action plan to correct the weaknesses and monitor key dates and deliverables.

Question 85

According to the Standards, which of the following is true regarding the auditor ' s inclusion of management ' s satisfactory performance in the final audit report?

Options:

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Question 86

An internal auditor concluded that delays in an ongoing construction project have cost the organization $10 million to date. Which documents should be included in the audit workpapers to provide sufficient evidence to support the conclusion?

Options:

A.

Payment and work milestones

B.

Pictures from the construction site

C.

Initial sprint planning

D.

Project internal rate of return

Question 87

The internal audit activity is planning an assurance engagement for a foreign subsidiary. According to IIA guidance, which of the following would be included in the preliminary communication to management of the area under review?

Options:

A.

The scope of the engagement, the estimated time frame, and the names of the auditors.

B.

The estimated time frame, the names of the auditors, and the resources and travel budget.

C.

The names of the auditors, the resources and travel budget, and the scope of the engagement.

D.

The resources and travel budget, the scope of the engagement, and the estimated time frame.

Question 88

White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?

Options:

A.

Compare card transaction types against procurement card policy guidelines.

B.

Develop the scope and objectives of the engagement

C.

Determine how many cardholders exceeded their daily limit.

D.

Meet with the procurement card program administrator

Question 89

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed

D.

There is a defined code for employee behavior

Question 90

During a previous audit engagement, an internal auditor recommended that management implement a whistleblowing process. During follow-up, the auditor discovered that the process has been outsourced. Which of the following is the most appropriate response for the internal auditor?

Options:

A.

Insist on establishing an internal whistleblowing process, as originally recommended, because this is a key control.

B.

Review the agreement with the third-party service provider and ensure that appropriate controls are in place.

C.

Raise the issue to a higher level of management, as outsourcing the process was not previously discussed or agreed upon.

D.

Take no action, as management has accepted the risk of moving to a third party for this whistleblowing process.

Question 91

According to the MA guidance, which of the following does the engagement work program test in a review of an organizational process?

Options:

A.

Process objectives.

B.

Process risks

C.

Process controls.

D.

Process scope

Question 92

Which of the blowing is an example of a compliance assurance engagement?

Options:

A.

Proving in-house training to senior management regarding applicable laws and regulations

B.

Proving an assessment of the design adequacy of controls related to consumer privacy and confidentially.

C.

Providing an assessment of customer satisfaction with customer service provided by the organization

D.

Providing testing on the operating effectiveness of controls ever the reliability of financial reporting

Question 93

Which of the following statements is true regarding internal control questionnaires?

Options:

A.

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

B.

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

C.

Internal control questionnaires can be used by internal auditors as an interview guide

D.

Internal control questionnaires provide direct audit evidence which may need corroboration

Question 94

An internal auditor selects a sample of paid invoices and matches them to receiving reports. What is the most likely purpose for this procedure?

Options:

A.

To ensure all customer shipments are billed appropriately.

B.

To ensure invoices are only paid for goods received.

C.

To ensure all liabilities have been satisfied.

D.

To ensure invoices are only paid for goods ordered.

Question 95

Which of the following is an example of a directive control?

Options:

A.

Segregation of duties

B.

Exception reports

C.

Training programs,

D.

Supervisory review.

Question 96

Which of the following statements best explains why an internal auditor should pay attention to retained earnings of an organization?

Options:

A.

Retained earnings indicate the amount of potential dividends to be paid out to new investors.

B.

Retained earnings represent the amount of excess cash available in the organization.

C.

Retained earnings demonstrate that the organization was able to generate working capital from its own activities.

D.

Retained earnings constitute the main criterion used by ratings agencies to assess an organization.

Question 97

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization ' s objectives

Question 98

Which of the following is most likely to be judged as a significant residual risk that would exceed the organization ' s acceptable risk level?

Options:

A.

Any risk involving organizational expansion into a new geographical area with an unstable political environment.

B.

Any risk involving investments into bitcoin and suspicious derivatives

C.

Any risk that can cause material or financial loss

D.

Any risk that could cause injuries or pollute the environment

Question 99

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1.Consult on CSR program design and implementation

2.Serve as an advisor on CSR governance and risk management.

3.Review third parties for contractual compliance with CSR terms

4Identify and mitigate risks to help meet the CSR program objectives

Options:

A.

1,2, and 3.

B.

1.2. and 4.

C.

1, 3, and 4.

D.

2. 3. and 4.

Question 100

An organization ' s chief audit executive is developing an integrated audit approach to provide value-added services that can help the organization meet its strategic objectives and goals. Which of the following is an advantage of using an integrated audit approach that assists the organization?

Options:

A.

It allows the internal audit function to provide more subjective conclusions that would help the organization meet its goals and objectives.

B.

It allows the internal audit function to perform the appropriate engagements that minimize audit fatigue within the organization.

C.

It allows the internal audit function to focus more attention on ensuring that solutions and risks adhere to defined regulations.

D.

It allows the internal audit function to obtain more resources to perform more engagements of departments within the organization.

Question 101

Which of the following situations would justify the removal of a finding from the final audit report?

Options:

A.

Management disagrees with the report findings and conclusions in their responses.

B.

Management has already satisfactorily completed the recommended corrective action.

C.

Management has provided additional information that contradicts the findings.

D.

Management believes that the finding is insignificant and unfairly included in the report.

Question 102

Which of the following is true of matrix organizations?

Options:

A.

A unity-of-command concept requires employees to report technically, functionally, and administratively to the same manager.

B.

A combination of product and functional departments allows management to utilize personnel from various functions.

C.

Authority, responsibility, and accountability of the units involved may vary based on the projects life, or the organization ' s culture.

D.

it is best suited for firms with scattered locations or for multi-line, large-scale firms.

Question 103

An internal auditor discovered that a new employee was granted inappropriate access to the payroll system Apparently the IT specialist had made a mistake and granted access to the wrong new employee. Which of the following management actions would be most effective to prevent a similar issue from occurring again?

Options:

A.

Remove the new employee ' s excessive access rights and request that he report any future access error.

B.

Perform a complete review of all users who have access to the payroll system lo determine whether there are additional employees who were granted inappropriate access

C.

Review the system activity log of the employee to determine whether he used the inappropriate access to conduct any unauthorized activities in the payroll system

D.

Provide coaching to the IT specialist and introduce a secondary control to ensure system access is granted in accordance with the approved access request.

Question 104

While reviewing engagement workpapers prepared by an internal audit team, the engagement supervisor identifies instances where there is no direct connection between certain workpapers and the engagement objectives. How should the engagement supervisor respond?

Options:

A.

Request that the internal auditors remove irrelevant workpapers from the records.

B.

Sign off on all workpapers, and arrange the documentation from most relevant to least relevant.

C.

Ensure that the final audit report indicates that the initial engagement objectives were expanded.

D.

Expand the scope of the audit and include the additional documentation.

Question 105

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

Options:

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Question 106

An internal auditor is assessing whether a vendor onboarding procedure is being followed in all business units. The procedure has been centrally designed and depicts activities and validations that must be performed at every step. Which of the following is the most suitable way to compile an internal control questionnaire?

Options:

A.

Develop statements that are based on the procedure requirements and ask respondents to select yes or no responses

B.

Develop open questions that inquire about the appropriateness and efficacy of the procedure

C.

Develop closed questions asking managers to describe the onboarding process in detail

D.

Develop multiple response questions where a respondent has to identify one correct answer out of four

Question 107

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

Options:

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Question 108

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Question 109

The internal audit activity plans to assess the effectiveness of management ' s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Question 110

Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?

Options:

A.

A complete, accurate, and comprehensive account of engagement observations and recommendations.

B.

Oversight of the coordination between the internal audit activity and independent outside auditors.

C.

The internal audit activity ' s purpose, authority, responsibility, and performance relative to plan.

D.

Management ' s assertions regarding the system of internal controls.

Question 111

A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate ' s ability to probe further when reviewing incidents that have the appearance of misbehavior?

Options:

A.

Integrity.

B.

Flexibility.

C.

Initiative.

D.

Curiosity.

Question 112

An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE ' s responsibility at the meeting?

Options:

A.

Inform senior management of the appropriate actions they should take to control the risk

B.

Recommend that the internal audit activity provide consulting services to help minimize the risk

C.

Assume the responsibility of resolving the significant risk that will affect the organization

D.

Determine whether senior management accepted risk that may be deemed unacceptable for the organization

Question 113

Who is responsible for ensuring internal auditors continuing professional development*

Options:

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Question 114

According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management ' s response to audit recommendations?

Options:

A.

Evaluate and verify management ' s response, and determine the need and scope for additional work.

B.

Evaluate and verify management ' s response, and establish timelines for corrective action by management.

C.

Oversee the corrective actions undertaken by management, and determine the need and scope for additional work.

D.

Oversee the corrective actions undertaken by management, and establish timelines for corrective action by management.

Question 115

An internal auditor is examining the organization ' s internal control processes. Which of the following would the auditor do to test the reliability of a customer database1?

Options:

A.

Perform a site visit to see whether the organization ' s servers are operational

B.

Interview end users to determine whether they understand how to use the database information

C.

Determine whether policies are in place on how to use the database information

D.

Review for indications of potential issues with the database information

Question 116

Which of the following is required to classify, label, organize, and search big data stored and used in an organization?

Options:

A.

Metadata

B.

Data security

C.

A business application

D.

Data owner

Question 117

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

Options:

A.

Persuade senior management to take appropriate action.

B.

Cancel issuing the engagement report due to the assumed risks.

C.

Accept senior management’s assumption of the risks.

D.

Discuss the issue with the board for them to take appropriate action.

Question 118

An internal auditor is planning to audit the organization ' s payroll function, which was recently outsourced. Which of the following is the most appropriate first step for the auditor?

Options:

A.

Review management ' s organ nationwide risk assessment

B.

Understand the objectives and strategies of the new arrangement

C.

Revise the scope of the audit engagement

D.

Form objectives for the audit engagement

Question 119

The internal audit activity plans to assess the effectiveness of management’s self-assessment activities regarding the risk management process. Which of the following procedures would be most appropriate to accomplish this objective?

Options:

A.

Review corporate policies and board minutes for examples of risk discussions.

B.

Conduct interviews with line and senior management on current practices.

C.

Research and review relevant industry information concerning key risks.

D.

Observe and test control and monitoring procedures and related reporting.

Question 120

The head of customer service asked the chief audit executive (CAE) whether eternal auditors could assist her staff with conducting a risk self-assessment in the customer service department. The CAE promised to meet with customer service managers analyze relevant business processes, and come up with a proposal. Who is most likely to be the final approver of the engagement objectives and scope?

Options:

A.

Senior management of the organization

B.

The chief audit executive

C.

The head of customer service

D.

The board of directors

Question 121

An internal auditor is planning an audit engagement of a subsidiary organization. The auditor learns that a corporate investigator from the holding organization is investigating the subsidiary regarding a fraud case. Which of the following is true regarding the scope of the internal auditor’s engagement?

Options:

A.

As the fraud is already being investigated by the corporate investigator, it should be excluded from the scope of the audit engagement

B.

The engagement should be framed as an advisory engagement to support the corporate investigator ' s work

C.

The area under investigation should be excluded from the engagement scope if the auditor does not have the technical skills required to support a fraud investigation

D.

The scope should consider the nature of the fraud risk and control weaknesses identified from the fraud case

Question 122

Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap.

B.

Monitoring gap.

C.

Accountability reward failure

D.

Communication failure

Question 123

According to IIA guidance, which of the following statements is true regarding audit workpapers?

Options:

A.

Review notes on audit workpapers must be retained to provide a record of questions raised by the reviewer.

B.

Audit workpaper documentation policies are reviewed and approved by the audit committee.

C.

Management of the department being audited should review the prepared workpapers for accuracy.

D.

Audit workpaper preparation contributes to the professional development of the internal audit staff.

Question 124

An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions She sampled a population of purchase documents and identified instances where purchase requisitions were missing However, she did not notice that n some cases purchase requisitions were approved by an unauthorized person Which of the following risks most appropriately describes this situation?

Options:

A.

Nonsampling risk

B.

Sampling risk

C.

Inherent risk

D.

Due diligence risk

Question 125

An internal audit intends to create a risk and control matrix to better understand the organization ' s complex manufacturing process. With which of the following approaches would the auditor most likely start?

Options:

A.

Assess management responses to key risk exposures

B.

Analyze the costs and benefits of key controls

C.

Evaluate the design adequacy of known controls

D.

Conduct a walk-through of all related activates

Question 126

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

Options:

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Question 127

A healthcare organization ' s chief audit executive (CAE) noted that the organization ' s IT team relies heavily on a vendor. Therefore an IT vendor assessment review was added to the annual audit plan. During the review, the audit team discovered that the vendor had not been performing proper monitoring to ensure that the subcontractors it hired comply with the organization requirements. The organization ' s chief information officer (ClO) does not agree with the audit team ' s recommendation for the IT team to monitor the compliance level of vendor subcontractors. How should the audit team proceed to resolve this situation?

Options:

A.

Write a risk acceptance memo for the CIO to sign acknowledging the observation and indicating a willingness to accept the risk.

B.

Provide an example of the attestation form that vendors must use. Then, recommend that the IT team require vendors to submit the attestation form on a regular basis.

C.

Escalate the issue to the audit committee, as the CIO is unwilling to implement the recommended action plan.

D.

Escalate the issue to the CAE to assess whether the ClO ' s reasoning is acceptable.

Question 128

Which of the following is a disadvantage of using flowcharts during a risk assessment?

Options:

A.

People cannot quickly understand the processes via flowcharts

B.

Flowcharts are not applicable for evaluating the design of controls

C.

Some serious risks that are not part of the linear process can be missed

D.

Flowcharts do not enable auditors to identify missing controls

Question 129

Which of the following is a true statement regarding whistleblowing?

Options:

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations.

Question 130

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control self-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers.

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit hours.

D.

internal auditors can rely on the work of other assurance providers only if the other assurance providers report directly to the board

Question 131

According to the International Professional Practices Framework, which of the following is an appropriate reason for issuing an interim report?

To keep management informed of audit progress when audit engagements extend over a long period of time.

To provide an alternative to a final report for limited-scope audit engagements.

To communicate a change in engagement scope for the activity under review.

Options:

A.

1 and 2 only.

B.

1 and 3 only.

C.

2 and 3 only.

D.

1, 2, and 3.

Question 132

According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?

Options:

A.

The CAE can release prior internal audit reports with the approval of the board and senior management.

B.

The CAE can employ judgment and release prior audit results as they deem appropriate and necessary.

C.

The CAE can only release prior information outside the organization when mandated by legal or statutory requirements.

D.

The CAE can release prior information provided it is as originally published and distributed within the organization.

Question 133

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a charitable contribution from the organization. Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions.

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities.

Question 134

Which of the following is critical to the success of an effective interview?

Options:

A.

Present audit evidence and information to support the internal auditor’s line of questioning.

B.

Establish credibility, trust, and rapport.

C.

Develop flowcharts and review them with the interviewee.

D.

Observe the process and discuss it with the interviewee.

Question 135

An internal auditor is using computer-assisted audit techniques to examine employee expenses across several divisions of the organization. Which of the following is true in this situation?

Options:

A.

The data from various sources should remain segregated for easier analysis and discovery of anomalies.

B.

Fraud detection techniques should be performed against full data populations.

C.

A reactive approach is best suited for fraud detection due to the effectiveness of tips and whistleblowing programs.

D.

Random sampling is an effective method of detecting fraudulent transactions.

Question 136

To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?

Options:

A.

The organization ' s attitude to hierarchy

B.

The organization ' s whistleblowing strategy

C.

The organization ' s ongoing risk monitoring process

D.

The organization ' s risk management policy

Question 137

Which of the following best describes the engagement objective in a banking compliance audit?

Options:

A.

Assessing the cost-efficiency of business continuity plans

B.

Assessing whether the business continuity plans implement regulatory requirements

C.

Assessing whether the business continuity plans implement best practice recommendations

D.

Assessing the operating effectiveness of the business continuity plans

Question 138

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls

B.

To plan for evaluating potential losses

C.

To prepare a sampling plan for the engagement

D.

To evaluate the design of controls

Question 139

An internal auditor is performing an assessment in a vehicle brake manufacturing company. The auditor learned that the product quality test conditions are aligned with the company’s written test procedures. However, the test conditions are not similar to conditions experienced by vehicles in the real world. Documentation shows that a significant percentage of products fail the quality tests. Products that fail the tests are discarded. Which perspective is appropriate?

Options:

A.

The tests are acceptable since they are good enough to detect quality problems and failure products are not sent to the market.

B.

Despite a significant rejection percentage, the test conditions are not useful because they are not similar to real world conditions. The significance of the finding is reduced because tests are performed in accordance with written procedures.

C.

The quality tests must be run in similar conditions as vehicles experience in the real world. This is a major finding since there is a risk to life considering the type of product being evaluated.

D.

Despite the risk of an accident, the severity of the finding can be reduced because the company discards the failed products. Due to this, the likelihood of occurrence is low.

Question 140

Which of the following is the best option for the chief audit executive to consider for effective coordination of assurance coverage?

Options:

A.

Create an assurance map to illustrate each provider ' s level of assurance and planned activities for each area of the organization

B.

LIMIT© ricks inventory to identify the risks and controls in place and the relevant control owners.

C.

Rely on the risk and control and management testing information maintained for compliance with the regulatory framework

D.

Prepare a risk likelihood and impact heal map to prioritize assurance coverage coordination.

Question 141

During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

Options:

A.

The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily

B.

The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate

C.

The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.

D.

The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts

Question 142

In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

Options:

A.

The CAE previously undertook a consulting assignment in that area to improve processes.

B.

A couple of years ago, the CAE performed accounting functions for the payroll department.

C.

Prior to becoming the CAE, the CAE was the payroll manager.

D.

The assurance review was initiated following issues identified during a consulting assignment requested by management.

Question 143

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

Options:

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Question 144

The human resources (HR) department was last reviewed three years ago and is due for an assurance engagement after undergoing recent process changes. Which of the following would the most effective option identify the HR department ' s risks and controls?

Options:

A.

Meet with the chief operating officer 10 obtain Information about the MR department

B.

Review the previous internal audit report and locus on key audit observations and action plans

C.

Review the organization ' s risk strategy and risk appetite framework

D.

Discuss the department ' s present strategies ‘and objectives with the head of the HR department

Question 145

Which of the following engagement supervision activities should be performed first?

Options:

A.

Ensure that internal audit recommendations are practical, cost-effective, and value-added

B.

Ensure that internal audit conclusions am based on sufficient and reliable evidence

C.

Ensure that risks to the timely completion of the engagement are assessed

D.

Ensure that performance assessments are completed for audit team members

Question 146

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee ' s final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities

Question 147

Which of the following manual audit approaches describes testing the validity of a document by following it backward to a previously prepared record?

Options:

A.

Tracing

B.

Reperformance

C.

Vouching

D.

Walkthrough

Question 148

An internal auditor e assessing the design of a control and has identified a potential significant weakness. The auditor shared his concern with management however management does not agree that the weakness is significant. What should the internet auditor do next?

Options:

A.

Perform additional audit work to better articulate the risk

B.

Report the finding that management has accepted a level of risk that is unacceptable.

C.

Proceed to testing how effectively the control is opening.

D.

Because the design weakness has been identified no additional audit work is needed

Question 149

Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?

Options:

A.

Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.

B.

Ensure new procedures have been documented, approved, and distributed to the employees responsible.

C.

Perform retesting to confirm that new procedures address the previously identified deficient control activities.

D.

Analyze the new procedures, then report to senior management whether the associated risks have been managed.

Question 150

An organization has a mature control environment but limited internal audit resources. Given this scenario, on which of the following should the internal auditors focus their testing?

Options:

A.

Detective compensating controls

B.

Preventive compensating controls.

C.

Detective key controls.

D.

Preventive key controls

Question 151

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

Options:

A.

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.

Inquiry of corrective action to be completed within a certain period.

C.

Reporting the status of every observation for every engagement in a detailed manner.

D.

Soliciting management’s feedback after completion of the audit engagement.

Question 152

According to IIA guidance, which of the following is the key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities, and operating procedures.

B.

Evaluate management ' s risk assessment and the internal audit activity ' s risk assessment.

C.

Assess process flow and control documents used to meet regulatory requirements.

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Question 153

According to the Standards, which of the following is leastimportant in determining the adequacy of an annual audit plan?

Options:

A.

Sufficiency.

B.

Appropriateness.

C.

Effective deployment.

D.

Cost effectiveness.

Question 154

Two internal auditors are conducting an audit engagement concerning derivatives. The auditors meet with the organization ' s head of accounting. The head of accounting later complains to the chief audit executive (CAE) that it took hours for the auditors to understand basic derivatives concepts and how derivatives are typically recorded in bookkeeping. What should the CAE have considered more thoroughly?

Options:

A.

The engagement objectives.

B.

The head of accounting’s schedule availability.

C.

The auditors ' qualifications.

D.

The details of the audit test plan.

Question 155

Which of the following represents a ratio that measures short-term debt-paying ability?

Options:

A.

Debt-to-equity ratio

B.

Profit margin

C.

Current ratio

D.

Times interest earned

Question 156

An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?

Options:

A.

The matter does not need to be reported, because the noncompliant findings fall within the acceptable tolerance limit.

B.

The deviations are within the acceptable tolerance limit, so the matter only needs to be reported to the information security manager.

C.

The incidents of noncompliance fall outside the acceptable tolerance limit and require immediate corrective action, as opposed to reporting.

D.

The incidents of noncompliance exceed the tolerance level and should be included in the final engagement report.

Question 157

Which of the following best describes the manual audit procedure known as vouching?

Options:

A.

Testing the validity of information by following it backward to a previously prepared record

B.

Testing the accuracy of the control by reperforming the task or process required

C.

Soliciting and obtaining written verification of the accuracy from an independent third party

D.

Testing the completeness of information forward from a record to a subsequently prepared document

Question 158

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

Options:

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Question 159

Senior management is challenging regulatory fines that were assessed to the organization due to questionable business practices. Their actions and the fines could have an adverse effect on the organization ' s ability to continue business. How would the chief audit executive respond?

Options:

A.

Assume responsibility for quantifying and minimizing the residual risks to the organization.

B.

Assess the level of financial risks that may affect the organization ' s stability.

C.

Inform the regulatory agency about senior management ' s action and seek guidance.

D.

Proceed with a consulting engagement to benchmark similar organizations ' business practices in the region.

Question 160

An internal auditor wanted to determine whether company vehicles were being used for personal purposes She extracted a report that listed company vehicle numbers business units to which the vehicles are allocated travel dates, travel duration and mileage She then filtered the data for weekend dates Which of the following additional information would the auditor need?

Options:

A.

Names and work titles of employees

B.

Description of responsibilities of business units.

C.

Average fuel consumption data of vehicles

D.

Location and route data of vehicles

Question 161

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Question 162

In which of the following situations has an internal audit of obtained physical evidence?

Options:

A.

An internal auditor made purchases from several of the organization ' s retail outlets to evaluate customer service

B.

An internal auditor interviewed various employees regarding health and safety issues and recorded their answers

C.

An internal auditor obtained the current quarterly financial report and computed changes in deb-to-equity ratio

D.

An internal auditor received a signed confirmation regarding the terms of a transaction from an independent attorney

Question 163

How do internal auditors generally determine the priority of the areas within the engagement scope?

Options:

A.

By calculating the period of time when the area was last audited try internal auditors

B.

By totaling the monetary value of the processes within the organization in the scope of the engagement

C.

By counting the number of red flags indicating the potential fraudulent activities within the area.

D.

By estimating the likelihood of a risks occurring and the potential impact of that risk on the organization

Question 164

In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?

as

Options:

A.

The level of control is appropriate given the level of risk

B.

The level of control is excessive given the level of risk

C.

The level of control is inadequate given the level of risk

D.

There is not enough of information to determine whether the controls are appropriate or not

Question 165

Which of the following sampling techniques is typically used when an internal auditor wants to test a large sample for fraud?

Options:

A.

Stratified sampling

B.

Haphazard sampling

C.

Discovery sampling

D.

Probability-proportional-to-size sampling

Question 166

Which of the following should be included in a company ' s year-end inventory valuation?

Options:

A.

Company goods that were sold during the year, free on board shipping point, that have been shipped but not yet received by the customer

B.

Goods purchased by the company, free on board destination, that have not yet been received.

C.

Goods on consignment, which the company is trying to sell for its customers.

D.

Company goods for sale on consignment at a consignment shop

Question 167

Organizations that adopt just-in-time purchasing systems often experience which of the following?

Options:

A.

A slight increase in carrying costs.

B.

A greater need for inspection of goods as the goods arrive

C.

A greater need for linkage with a vendors computerized order entry system.

D.

An Increase in the number of suitable suppliers

Question 168

An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of S1 million The chief audit executive (CAE) would be justified in reporting this situation to the organization ' s board under which of the tollowing circumstances ' ?

1. In the opinion of the CAE the level of residual risk assumed by senior management is too high

2. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales

3. The cost of modifying the sales system to include a preventive control is less than S100.000

Options:

A.

1 only

B.

3 only

C.

1 and 3 only

D.

1, 2, and3

Question 169

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended However during a follow-up engagement the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager deeded to cancel the committed action plan without any previous communication

B.

Discuss the issue with the board which has ultimate responsibility to resolve the risk

C.

Have another discussion with the branch manager attempt to change his view, and encourage him to movement the recommendations

D.

Document the branch manager ' s decision to accept the risk otherwise, no other speak: course of action is required.

Question 170

Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?

Options:

A.

Determine whether there are any compensating controls in place to reduce the nsk to an acceptable level, and discuss this matter with management of the business area to determine which corrective action is needed

B.

Test the control anyway to determine the likelihood that the control was not performed property, and discuss this matter with management of the business area to determine which corrective action is needed

C.

Conclude that the process control environment is weak, issue a finding on this conclusion and report this finding to management of the business area

D.

Confer with a second internal auditor to determine whether the control failure is legitimate issue a finding on this conclusion and report this finding to management of the business area

Question 171

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting, investors generally do not rely on CSR information.

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary.

D.

Typically, operating management does not have a major role to play based on the public nature of reporting

Question 172

An internal auditor is conducting an assurance engagement in the procurement area. The auditor follows a checklist of tasks prepared for the engagement. During the process, the auditor notices some deviations from the procurement procedure requirements. However, these deviations are not directly linked to and do not prevent the auditor from completing the checklist tasks. So, the auditor does not investigate these deviations further. Which checklist drawback most likely applies to this situation?

Options:

A.

Over-reliance and a false sense of security

B.

Limited flexibility

C.

Inability to keep the checklist up to date

D.

Standardization and a systematic approach

Question 173

While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an Important compensating control had not been considered adequately by the audit team when it reported a major control weakness Therefore, the CAE returned the documentation to the auditor in charge for correction Based on this Information, which of the following sections of the workpapers most likely would require changes?

1.Effect of the control weakness.

2.Cause of the control weakness

3.Conclusion on the control weakness.

4.Recommendation for the control weakness.

Options:

A.

1, 2, and 3.

B.

1.2. and 4

C.

1,3, and 4.

D.

2, 3, and 4.

Question 174

The chief audit executive (CAE) for a manufacturing company included in this year s audit plan a review of the company ' s laboratory, using an experienced external service provider. The audit plan was approved by the audit committee without any changes At the time of engaging the external service provider, the CAE also secured the approval from the CEO. Who is responsible for ensuring that the conclusions reached for this exercise are adequately supported7

Options:

A.

Audit committee

B.

CEO

C.

CAE.

D.

External service provider

Question 175

The engagement supervisor would like lo change the audit program ' s scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?

Options:

A.

Document in the engagement workpapers the rationale for changing the scope.

B.

Confirm that the scope change would align to the organization ' s objectives and goals

C.

Confirm that the internal audit activity continues to have the necessary knowledge and skills

D.

Seek approval from the chief audit executive for the proposed scope change

Question 176

According to IIA guidance, which of the following is least likely to be a key financial control in an organization ' s accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Question 177

Which of the following best describes the four components of a balanced scorecard?

Options:

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Question 178

According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the Internal audit activity^

Options:

A.

CAE reviews and approves the annual audit plan.

B.

CAE meets privately with the CEO at least annually

C.

CAE meets privately with the board at least annually.

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Question 179

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Question 180

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues ' workpapers for completeness and format.

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met.

Question 181

Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity ' s recommendations are being acted upon?

Options:

A.

The CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

B.

The CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

C.

The CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

D.

The CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

Question 182

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework.

Question 183

An internal auditor s examination of accounts receivable generates the following results:

as

What is the projected misstatement for the population if ratio estimation is used?

Options:

A.

$84,000

B.

$238,095

C.

$700,000

D.

$2100.000

Question 184

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?

Options:

A.

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.

Both total sales and cost of ingredients used are greater than expected.

D.

Both total sales and cost of ingredients used are less than expected.

Question 185

When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?

Options:

A.

Fixed costs per unit for each additional unit sold.

B.

Variable costs per unit for each additional unit sold.

C.

Contribution margin per unit for each additional unit sold.

D.

Gross margin per unit for each additional unit sold

Question 186

Which of the following best describes the risk contained in an initial public offering for a new stock?

Options:

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk

Question 187

What would be the effect if an organization paid one of its liabilities twice during the year, in error?

Options:

A.

Assets, liabilities, and owners ' equity would be understated.

B.

Assets, net income, and owners’ equity would be unaffected

C.

Assets and liabilities would be understated.

D.

Assets, net income, and owners’ equity would be understated, but liabilities would be overstated

Question 188

According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?

1. Coordinate post-engagement conferences to discuss the final audit report with management.

2. Include management ' s responses in the final audit report.

3. Review and approve the final audit report.

4. Determine who will receive the final audit report.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Question 189

An internal auditor completed a consulting engagement covering a recent advertising campaign. The audit client asked the auditor to forward a copy of the report to one of the three advertising agencies used by the organization. According to IIA guidance, which of the following statements is true regarding this request?

Options:

A.

The internal auditor may communicate the results to the advertising agency as instructed by the audit client, with approval from the chief audit executive.

B.

The internal auditor may not communicate the results to this external party regardless of the engagement client ' s instruction.

C.

The internal auditor may send the report and is required to include instructions for the advertising agency to limit further distribution and the use of results.

D.

The internal auditor may only communicate the results verbally to the advertising agency and should not provide a hard copy.

Question 190

Which type of engagement would be the most appropriate to assess the maturity and rigor of the organizationwide risk management process of a target entity that

management is considering acquiring?

Options:

A.

A due diligence engagement.

B.

An operational audit engagement.

C.

A feasibility study engagement.

D.

A risk and control self-assessment engagement.

Question 191

The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?

Options:

A.

Amend the audit plan so that available audit resources are adequate to meet the plan’s requirements.

B.

Inform the board and senior management of the resources needed, as well as the associated risks.

C.

Communicate early to those unit managers whose areas would most likely not be able to get reviewed.

D.

Get approval from human resources regarding overtime payment to be made in an effort to complete the audit plan.

Question 192

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Question 193

Which of the following is most likely to be considered a control weakness?

Options:

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent

Question 194

An internal auditor discovered fraud while performing an audit of an organization ' s procurement process. Which of the following describes the greatest benefit of using forensic auditing techniques in this scenario?

Options:

A.

Enhanced capability to prevent frauds from occurring.

B.

Greater assurance that procurement frauds will be detected in a timely manner

C.

Improved capability of evaluating fraud risks within the organization.

D.

Greater understanding of fraud through better evidence collection

Question 195

According to IIA guidance, which of the following is a limitation of a heat map?

Options:

A.

Impact cannot be represented on a heat map unless it is quantified in financial terms

B.

Impact and likelihood at times cannot be differentiated as to which is more important.

C.

A heat map cannot be used unless a risk and control matrix has been developed.

D.

Qualitative factors cannot be incorporated into a heat map

Question 196

In addition to gathering information, which of the following is a primary objective of a client interview conducted during the planning stage of an audit engagement?

Options:

A.

To obtain sufficient audit evidence.

B.

To test the client ' s knowledge.

C.

To agree on the auditor’s scope of authority.

D.

To establish rapport.

Question 197

According to IIA guidance, which of the following best describes the purpose of a planning memorandum for an audit engagement?

Options:

A.

It documents the audit steps and procedures to be performed.

B.

it documents preliminary information useful to the audit team.

C.

It documents events that could hinder the achievement of process objectives.

D.

It documents existing measures that manage risks in the area under review

Question 198

Which of the following best describes how an internal auditor would use a flowchart during engagement planning?

Options:

A.

To prepare for testing the effectiveness of controls.

B.

To plan for evaluating potential losses.

C.

To prepare a sampling plan for the engagement.

D.

To evaluate the design of controls.

Question 199

Which of the following statements is true regarding an organization’s inventory valuation?

Options:

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Question 200

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor ' s most appropriate next step?

Options:

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud

D.

Provide the evidence that was discovered to local lav/ enforcement for possible prosecution of the suspected fraud

Question 201

After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Options:

A.

The CAE should send the final report to operational and senior management and the audit committee.

B.

The CAE should send the final report to operational management only, as there is no need to communicate this information to higher levels.

C.

The CAE should notify operational and senior management that the audit engagement was completed with no significant findings to report.

D.

The CAE should send the final report to operational management and notify senior management and the audit committee that no significant findings were identified.

Question 202

An engagement supervisor reviewed a staff internal auditor ' s documentation and noted that several edits should be made. The internal audit activity uses an electronic workpaper database and does not maintain paper files for its system of record. A system error prevents the engagement supervisor from adding her electronic signature to any workpaper in the database Given this situation which is the most appropriate response to provide evidence of supervisory review?

Options:

A.

The engagement supervisor should print sign and date each workpaper after the review is complete and scan the document into the database as evidence of review

B.

Because the engagement supervisor called the help desk to correct the IT problem, he should upload the support-request ticket from the help desk to serve as evidence of the review

C.

The engagement supervisor should ask another manager-level internal auditor not associated with the project to sign the workpaper on his behalf

D.

The engagement supervisor should instruct the staff internal auditor to add a note in the workpaper on his behalf indicating that the workpaper was reviewed and feedback was provided

Question 203

Which of the following factors should a chief audit executive consider when determining the audit universe?

1. Components of the organization ' s strategic plan.

2. Inputs from senior management and the board.

3. Views of competitors and business associates.

4. Results of exit interviews with departing employees.

Options:

A.

1 and 2 only

B.

2 and 4 only

C.

1, 2, and 4

D.

2, 3, and 4

Question 204

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

Options:

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Question 205

An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities ' *

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker.

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Question 206

Which of the following approaches would best help an internal auditor determine whether a retailer database of 100,000 customers has nay duplicate accounts?

Options:

A.

Stratifying the customer information

B.

Extracting the customer information

C.

Filtering the customer information

D.

Sorting the customer information

Question 207

It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?

Options:

A.

The internal audit risk assessment and audit plan for the next fiscal year.

B.

The internal audit budget and resource plan for the coming fiscal year.

C.

A request for an increase of the CAE ' s salary for the next fiscal year.

D.

The evaluation and compensation of the internal audit team.

Question 208

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?

Options:

A.

if the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B.

The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle.

C.

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run.

D.

if the number of bicycles produced is increased by 30 percent, the fixed cost per unit will decline.

Question 209

Which of the following is the primary reason a chief audit executive should network with an organization’s executives?

Options:

A.

To better understand and influence executives ' planning.

B.

To make executives aware of the benefits that the internal audit activity can provide.

C.

To assist executives in setting the organization’s risk appetite.

D.

To have a better understanding of the training needed to strengthen the audit team.

Question 210

Which of the following statements is true regarding the reporting of tangible and intangible assets?

Options:

A.

For plant assets, cost includes the purchase price and the cost of design and construction

B.

For intangible assets, cost includes the purchase price and development costs.

C.

Due to their indefinite nature, intangible assets are not subject to amortization.

D.

The organization must expense any cost incurred in developing a plant asset

Question 211

While conducting an audit of a third party ' s Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address. Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?

1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

4. Submit management ' s plan of action to the external auditors for additional review.

Options:

A.

1 and 2

B.

1 and 4

C.

2 and 3

D.

3 and 4

Question 212

The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization ' s policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?

Options:

A.

The internal control is operating with 95% effectiveness

B.

There is 90% probability that the internal control is operating as designed

C.

The internal control is not designed appropriately

D.

5% of the selected timesheets were not properly approved

Question 213

A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?

Options:

A.

Review the auditor ' s job description

B.

Create a checklist

C.

Develop a control questionnaire

D.

Prepare a fishbone diagram

Question 214

According to IIA guidance, which of the following would be considered necessary for a one-person audit function?

Options:

A.

A formalized technical audit manual

B.

A written administrative audit manual

C.

A memorandum stating policies and procedures

D.

A comprehensive policy and procedure manual

Question 215

According to the theory of constraints, which of the following is most influenced by various bottlenecks the organization encounters?

Options:

A.

Manufacturing.

B.

Profitability.

C.

Overheads.

D.

Quality.

Question 216

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

Options:

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement

Question 217

Management has taken immediate action to address an observation received during an audit of the organization ' s manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Question 218

At a construction company, an internal auditor is planning an audit of the company ' s process for designing and building grid connections The process involves customers making payments m three parts

• The first payment of 10% after approval of the customer s application

• The second payment of 70% prior to construction

• The third payment of 20% after construction is complete

Which of the following key controls should the auditor test to ensure that the company is not taking any unwanted credit risks?

Options:

A.

Controls that ensure that grid connection design is finalized before construction is approved to begin

B.

Controls that ensure construction orders are initiated after the second invoice is paid

C.

Controls that ensure all three invoices are calculated correctly according to the total project cost

D.

Controls that ensure that applications are verified for approval prior to initiating design and construction

Question 219

As a result of server managements assumption of risk there is residual risk that exceeds me organisation ' s risk appetite. Which of the following actions would be most appropriate for the chief audit executive to take?

Options:

A.

ignore the responsibility of addressing the residual risk

B.

Assume the responsibility of addressing the residual risk

C.

Ensure senior management acknowledges residual risk

D.

Communicate with the board the issue of residual risk

Question 220

Which of the following should the chief audit executive do when evaluating the possibility of relying on external auditors ' work?

Options:

A.

Perform comprehensive background checks on all independent auditors on the engagement.

B.

Recalculate all financial calculations to confirm competency.

C.

Examine objectivity and any perceived or actual conflicts of interest.

D.

Review audit tests employed in all previous audits.

Question 221

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Options:

A.

The nature of consulting services typically is not included in the charter.

B.

The chief audit executive must formally review the charter at least once a year

C.

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.

The charter typically defines the internal audit activity’s position within the organization.

Question 222

When auditing an organization ' s cash-handling activates which of the following is the most reliable form of testimonial evidence an internal auditor can obtain?

Options:

A.

Testimony from the cashier who performs the processes being reviewed

B.

Testimony from me cashier ' s supervisor who knows how processes should be performed

C.

Testimony from a knowledgeable person who is independent of the cashiering duty

D.

Testimony from a manager who oversees all cashiering activities being reviewed

Question 223

Senior management decides to adopt a conservative working capital policy. What would be the expected result for the organization?

Options:

A.

Low levels of inventory

B.

Higher level of profitability

C.

High level of liquidity

D.

Higher level of risk

Question 224

An internal auditor wants to determine if employees spend more than their approved daily stipend for meals. Which technique would be most appropriate to identify meal expenses that exceed the approved threshold?

Options:

A.

Using compliance verification data analytics

B.

Using regression analysis

C.

Using software with a gap testing function

D.

Drafting a flowchart of the meal expense reporting process

Page: 1 / 75
Total 747 questions