Spring Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

IIA IIA-CIA-Part2 Dumps

Internal Audit Engagement Questions and Answers

Question 1

What is the primary purpose of issuing a preliminary communication to management of the area under review?

Options:

A.

To build good relations with management

B.

To help management develop more responsive and timely action plans

C.

To formally report medium- and high-risk observations in writing

D.

To improve the internal audit key performance indicators

Question 2

Options:

A.

Reviewing quality department survey results, which show 96% of employees believe all defective products are removed prior To shipping.

B.

Physically inspecting a sample of completed processing cycles for detective products prior to shipment.

C.

Observing employees while they raped products for defects

D.

Reviewing a quality report provided by management mat snows 13 products were identified and removed during me most recent processing cycle

Question 3

When determining the level of staff and resources to be dedicated to an assurance engagement, which of the following would be the most relevant to the chief audit executive?

Options:

A.

The overall adequacy of the internal audit activity's resources.

B.

The availability of guest auditors for the engagement.

C.

The number of internal auditors used for the previous review of the same area.

D.

The available resources with the specific skill set required.

Question 4

Which of the following is an inherent risk of issuing an opinion on the overall effectiveness of internal control?

Options:

A.

The results of individual engagements do not support a satisfactory opinion on the effectiveness of internal control.

B.

The results of the individual engagements do not support a positive assurance opinion on the effectiveness of internal control

C.

The audit risk and associated legal implications increase

D.

The reliance on other assurance providers increases

Question 5

During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation. According to IIA guidance, which of the following would be the most appropriate next step?

Options:

A.

The audit supervisor should include the new contracts in the finding for the final audit report.

B.

The audit supervisor should communicate the finding to the supervisor of the sales manager through an interim report.

C.

The audit supervisor should remind the sales manager of his authority limit for the contracts under negotiation.

D.

The auditor should not reference the new contracts, because they are not yet signed and therefore cannot be included in the final report.

Question 6

An internal audit function described scenarios of fraud indicators and fraud-related key words. The objective is for this data to serve as an input into algorithms that will forecast potentially fraudulent behavior and prevent the execution of flagged transactions. Which of the following analytic methods is the internal audit function most likely developing?

Options:

A.

Diagnostic analytics

B.

Descriptive analytics

C.

Prescriptive analytics

D.

Predictive analytics

Question 7

An internal auditor is reviewing the accuracy of commission payments by recalculating 100% of the commissions and comparing them to the amount paid. According to IIA guidance, which of the following actions is most appropriate for identified variances?

Options:

A.

Document the results and report the overall percentage of variances.

B.

Determine the significance of the variances and investigate causes as needed.

C.

Review the results and investigate the cause of all variances.

D.

Report all variances to management and request an action plan to remediate them.

Question 8

A toy manufacturer receives certain components from an overseas supplier and uses them to assemble final products Recently quality reviews have identified numerous issues regarding the components' compliance with mandatory quality standards. Which type of engagement would be most appropriate to assess the root causes of the quality issues?

Options:

A.

A risk assessment

B.

An operational audit

C.

A third-party audit

D.

A fraud investigation

Question 9

When using cost-volume-profit analysis, which of the following will increase operating income once the break-even point has been reached?

Options:

A.

Fixed costs per unit for each additional unit sold.

B.

Variable costs per unit for each additional unit sold.

C.

Contribution margin per unit for each additional unit sold.

D.

Gross margin per unit for each additional unit sold

Question 10

An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?

Options:

A.

Escalate the unresolved issues to the board, because they could pose significant risk exposures to the organization.

B.

Confirm the decision with management and document this decision in the audit file.

C.

Document the issue in the audit file and follow up until the issues are resolved.

D.

Initiate an assurance engagement on the unresolved issues.

Question 11

According to MA guidance, which of the following factors should an internal auditor consider when assessing the likelihood of fraud risk1?

Options:

A.

The effect on the organization's reputation

B.

Any potential damage to the organization's relationship with customers.

C.

Past fraud allegations and actual occurrences

D.

The potential and realized financial impacts

Question 12

An internal auditor suspects that a program contains unauthorized code or errors. Which of the following would assist the internal auditor in this regard?

Options:

A.

Utility software

B.

Generalized audit software

C.

Application software tracing and mapping

D.

Audit expert systems

Question 13

Which of the following should be included in a company's year-end inventory valuation?

Options:

A.

Company goods that were sold during the year, free on board shipping point, that have been shipped but not yet received by the customer

B.

Goods purchased by the company, free on board destination, that have not yet been received.

C.

Goods on consignment, which the company is trying to sell for its customers.

D.

Company goods for sale on consignment at a consignment shop

Question 14

Which of the following is one of the advantages of organizing the risk universe by processes?

Options:

A.

Interfaces between organizational units are captured during audits by processes

B.

Audits by processes are less time-consuming

C.

During audits by processes, managers are more open at interviews

D.

The advantage of audits by processes is true completeness

Question 15

The engagement supervisor would like lo change the audit program's scope poor to beginning fieldwork According to IIA guidance before any change is implemented what is the most important action that should be undertaken?

Options:

A.

Document in the engagement workpapers the rationale for changing the scope.

B.

Confirm that the scope change would align to the organization's objectives and goals

C.

Confirm that the internal audit activity continues to have the necessary knowledge and skills

D.

Seek approval from the chief audit executive for the proposed scope change

Question 16

The internal auditor and her supervisor are in dispute about a risk that was not tested during an audit of the procurement function. Which of the following tools would best support the auditor's decision not to test the risk?

Options:

A.

A spaghetti map

B.

A heat map.

C.

A process map

D.

An assurance map

Question 17

During the planning stage of an assurance engagement, an internal auditor has been assigned to prepare a risk matrix. Which of the following should the internal auditor consider when attempting to identify process-level risks?

Options:

A.

Possible tests

B.

Possible scenarios

C.

Possible controls

D.

Possible samples

Question 18

A new internal auditor is overwhelmed by the number of tasks they need to complete at the engagement planning stage. Which of the following could support the auditor’s organization and delivery of planned work?

Options:

A.

Review the auditor's job description

B.

Create a checklist

C.

Develop a control questionnaire

D.

Prepare a fishbone diagram

Question 19

Which of the following statements is false regarding audit criteria?

Options:

A.

Audit criteria should be consistent across audit assignments.

B.

Audit criteria should represent reasonable standards against which to assess existing conditions.

C.

Audit criteria should provide flexibility but allow identification of nonadherence.

D.

Audit criteria should equate to good or acceptable management practices.

Question 20

According to IIA guidance, which of the following is the most appropriate action to be taken by the chief executive (CAE) if management refuses to accept audit recommendations and implement corrective actions, Even after escalation to senior management?

Options:

A.

The CAE should continue to meet with management to obtain their agreement for corrective action

B.

The CAE should note in the final report that management has decided to accept the risk.

C.

The CAE should ask that additional testing be undertaken to strengthen his case as to the need for corrective action.

D.

The CAE should advise senior management of his intention to escalate the matter to the board.

Question 21

Which of the following is true regarding the communication of engagement results with stakeholders?

Options:

A.

When the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management. If the CAE determines that the matter has not been resolved, the CAE should seek the opinion from regulatory bodies.

B.

The CAE should avoid issuing any interim reports, even for high-risk observations, prior to the issuance of the final written report to avoid leakage of sensitive information.

C.

It is mandatory for the CAE to assess the potential risk to the organization, consult with senior management and legal counsel as appropriate, and control dissemination by restricting the use of the results prior to releasing them to parties outside of the organization if not otherwise mandated by legal, statutory, or regulatory requirements.

D.

The board should always be given the final written internal audit reports at the conclusion of all internal audit engagements. Executive summaries should be avoided in all cases.

Question 22

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment.

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms.

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with internal policy.

Question 23

Which of the following statement is consistent with IIA guidance the use of mentoring for internal auditors?

Options:

A.

The member and the internal auditor should opt for informal meetings even if it means that no formal documentation will be created.

B.

The mentor relationship is usually not suitable for internal audit staff, as it does not leas to professional development.

C.

The value of mentoring is derived primarily from the personal relationship between the two parties involved, and the mentor’s level of relevant experience should not be a key factor.

D.

The mentor should be the internal auditor’s supervisor to ensure that the auditor performance is assessed in a relevant and meaningful context.

Question 24

The internal audit activity has adopted the balanced scorecard approach to assess its performance According to MA guidance which of the following is a key performance indicator relevant to the audit client?

Options:

A.

Percentage of recommendations implemented by corrective action date

B.

Staff experience

C.

Percentage of planned audits completed

D.

Conformance with the International Professional Practices Framework

Question 25

Which of the following statements is true regarding engagement planning?

Options:

A.

The scope of the engagement should be planned according to the internal audit activity’s budget and then aligned to the risk universe.

B.

The audit engagement objectives should be based on operational management's view of risk objectives.

C.

The planning phase of the engagement should be completed and approved before the fieldwork of the engagement begins.

D.

The main purpose of the engagement work program is to determine the nature and timing of procedures required to gather audit evidence.

Question 26

An internal auditor developed a list of internal and external risk considerations across the organization's processes, developed a scale to assess each risk and allocated the relative importance of each risk. When of the following approaches did the auditor take?

Options:

A.

Top-down approach

B.

Process-Metrix approach

C.

Risk-factor approach

D.

Bottom up approach

Question 27

'Internal policy prohibits employees from entering into contacts with financial obligations without proper approval.

A project manager signed a change to an important service agreement without obtaining the proper approval As a result the organization is receiving $5,000 per month less for its services.’’

Which of the following should be added to the observation?

Options:

A.

The reason for not following the internal policy

B.

A description of what constitutes proper approval

C.

The annual impact of the changed agreement on cash flows

D.

Details regarding when the change to the agreement was signed

Question 28

During the review of an organization's retail fraud deterrence program, an employee mentions that an expensive fraud surveillance information system is rarely used. The internal auditor concludes that additional staff are required to properly utilize the system to its full potential. According to IIA guidance, which criteria for evidence is most lacking to reach this conclusion?

Options:

A.

Sufficiency.

B.

Reliability.

C.

Relevancy.

D.

Usefulness.

Question 29

An internal auditor is assigned to validate calculations on the organization's building application As pad of the test the internal auditor is required to use an automated audit tool to simulate transactions for testing. Which of the following would most appropriately be used for this purpose?

Options:

A.

Generalized audit software.

B.

Utility software

C.

integrated test facilities

D.

Audit expert systems

Question 30

The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?

Options:

A.

Disclosure risk.

B.

Residual risk

C.

Compliance risk

D.

Inherent risk

Question 31

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable parts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production. The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?

Options:

A.

Compare purchase orders generated from test data Input into the LAN with purchase orders generated from production data for the most recent period.

B.

Develop a report of excess inventory and compare the inventory with current production volume.

C.

Compare the parts needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Question 32

An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Options:

A.

Recommend additional segregation-of-duty reviews.

B.

Recommend appropriate awareness training for all finance department staff.

C.

Recommend rotating finance staff in this area.

D.

Recommend that management address these concerns immediately.

Question 33

According to IIA guidance, which of the following describes the primary reason the chief audit executive (CAE) should actively network and build relationships with senior management and the board?

Options:

A.

To fulfill the CAE's responsibility to keep the board appropriately informed.

B.

To expand the CAE's understanding of management issues.

C.

To help maintain the objectivity of the internal audit activity.

D.

To increase opportunities to demonstrate the internal audit activity performance.

Question 34

The internal audit team judgmentally selected 60 of the 600 employee timesheets that were processed during the previous month to determine whether supervisors were properly approving timesheets in accordance with the organization's policies. The internal audit team found three exceptions. Based on the audit test, which of the following is most appropriate for the internal audit team to conclude?

Options:

A.

The internal control is operating with 95% effectiveness

B.

There is 90% probability that the internal control is operating as designed

C.

The internal control is not designed appropriately

D.

5% of the selected timesheets were not properly approved

Question 35

A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?

Options:

A.

Assert whether the described and reported control processes and systems exist.

B.

Assess whether senior management adequately supports and promotes the internal control culture described in the report.

C.

Evaluate the completeness of the report and management's responses to identified deficiencies.

D.

Determine whether management's operating style and the philosophy described in the report reflect the effective functioning of internal controls.

Question 36

An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?

1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.

2. The AIC should notify HR management before the planning stage begins.

3. The AIC should schedule formal status meetings with HR management at the start of the engagement.

4. The AIC should finalize the scope of the engagement before communicating with HR management.

Options:

A.

1 and 3

B.

1 and 4

C.

2 and 3

D.

2 and 4

Question 37

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

Options:

A.

Coach management in responding to risks.

B.

Develop risk management strategies for board approval.

C.

Facilitate identification and evaluation of risks.

D.

Evaluate risk management processes.

Question 38

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues’ workpapers for completeness and format

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met

Question 39

Which of the following best describes the four components of a balanced scorecard?

Options:

A.

Customers, innovation, growth, and internal processes.

B.

Business objectives, critical success factors, innovation, and growth.

C.

Customers, support, critical success factors, and learning.

D.

Financial measures, learning and growth, customers, and internal processes.

Question 40

According to IIA guidance, when of the Mowing statements is true regarding an engagement supervisor's use of review notes?

Options:

A.

The engagement supervisor's review notes should be retained m the final documental or even after they are addressed.

B.

The engagement supervisor's review notes cannot be used as evidence of engagement supervision

C.

The engagement supervisor's review notes could be cleared from all final documentation after they are addressed

D.

The engagement supervisor's review notes must be maintained in a checklist separate from tie final documentation

Question 41

At the conclusion of a quality assurance review, the chief audit executive (CAE) was informed that several audits included incomplete workpapers, and some workpapers were not completed within the established timeframe. How should the CAE address the issue of incomplete workpapers?

Options:

A.

Delete incomplete workpapers from the audit folder.

B.

Establish a task force to complete workpapers for audits that are contested.

C.

Develop guidelines and procedures for completing workpapers.

D.

Verify that the workpapers that support audit findings are complete; if so, no further action is required.

Question 42

According to IIA guidance, which of the following would be considered necessary for a one-person audit function?

Options:

A.

A formalized technical audit manual

B.

A written administrative audit manual

C.

A memorandum stating policies and procedures

D.

A comprehensive policy and procedure manual

Question 43

Which of the following statements is true regarding different competitive strategies?

Options:

A.

An organization that adopts a cost leadership competitive strategy generally maintains standard operating procedures to ensure efficiency.

B.

An organization that adopts a differentiation strategy generally maintains a targeted strategic approach to its operations.

C.

An organization that adopts a focus strategy is known for taking the lead in technological advancement.

D.

An organization that adopts a cost leadership strategy is known for cherishing employees who think creatively and emphasize uniqueness.

Question 44

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Question 45

Which of the following is an advantage of utilizing an external fraud specialist in a suspected fraud investigation?

Options:

A.

Increased access to the organization’s employees.

B.

Increased ability to preserve evidence and the chain of command.

C.

Increased ability to scrutinize the organization's key business processes.

D.

Increased access to the organization’s software and proprietary data.

Question 46

Which of the following internal audit activity staffing models has the disadvantage that auditors are always new and in training?

Options:

A.

Career model.

B.

Center of competence model.

C.

Rotational model.

D.

Hybrid model.

Question 47

According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process?

Options:

A.

The accounts payable supervisor, accounts payable manager, and controller.

B.

The accounts payable manager, purchasing manager, and receiving manager.

C.

The accounts payable supervisor, controller, and treasurer.

D.

The accounts payable manager, chief financial officer, and audit committee.

Question 48

Which of the following statements is true regarding internal auditors and other assurance providers?

Options:

A.

Assurance providers who report to management and/or are part of management cannot provide control self-assessments services

B.

Internal auditors should always reperform and validate audit work completed by external assurance providers.

C.

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit hours.

D.

internal auditors can rely on the work of other assurance providers only if the other assurance providers report directly to the board

Question 49

An organization is expanding into a new line of business selling natural gas. The internal auditor is planning an engagement and wants to obtain a general understanding of the natural gas market the market share that the organization wants to win, and the competitive advantage that the organization may have. Which of the following would be the best source of such information?

Options:

A.

Interview responsible managers and read strategic documents

B.

Conduct internet searches on gas sales and analyze market players

C.

Review gas clients' portfolio and compile statistics on sales margins

D.

Analyze the organization's revenues and calculate the proportion of gas

Question 50

Which of The following best justifies an internal auditor's decision to issue a preliminary audit report?

Options:

A.

The internal audit team and audit client have a serious dispute over the scope and objective of the engagement

B.

The internal audit team expects management to address certain issues immediately due to their severe impact

C.

The internal audit team anticipates that the formal final audit report would be undesirable for management due to the significance of outlined risks

D.

The internal audit team would like to issue a clean final audit report without any material observations or risks

Question 51

According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?

1. The IAA uses computer-assisted audit techniques and IT applications.

2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.

3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.

4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 52

According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?

1.Consult on CSR program design and implementation

2.Serve as an advisor on CSR governance and risk management.

3.Review third parties for contractual compliance with CSR terms

4Identify and mitigate risks to help meet the CSR program objectives

Options:

A.

1,2, and 3.

B.

1.2. and 4.

C.

1, 3, and 4.

D.

2. 3. and 4.

Question 53

While reviewing the workpapers and draft report from an audit engagement, the chief audit executive (CAE) found that an Important compensating control had not been considered adequately by the audit team when it reported a major control weakness Therefore, the CAE returned the documentation to the auditor in charge for correction Based on this Information, which of the following sections of the workpapers most likely would require changes?

1.Effect of the control weakness.

2.Cause of the control weakness

3.Conclusion on the control weakness.

4.Recommendation for the control weakness.

Options:

A.

1, 2, and 3.

B.

1.2. and 4

C.

1,3, and 4.

D.

2, 3, and 4.

Question 54

Which of the following statements is true regarding an organization’s inventory valuation?

Options:

A.

The valuation will be incorrect if the inventory includes goods in transit shipped free on board (FOB) destination to another organization.

B.

The valuation will be correct if the inventory includes goods received on consignment from another organization.

C.

The valuation will be incorrect if the inventory includes goods in transit shipped FOB shipping point from another organization.

D.

The valuation will be correct if the inventory includes goods sent on consignment to another organization

Question 55

During the planning phase of an assurance engagement, an internal auditor seeks to gam an understanding of now when the area under review is accomplishing its objectives When of the

Following information-gathering techniques is the auditor most likely to use?

Options:

A.

A review of the key performance indicators of me area under review.

B.

A walkthrough of the key processes of the area under review.

C.

An interview with the manager regarding the area's business plan.

D.

A review of previous audit and follow- up results of the area under review

Question 56

An internal auditor completed a test of 30 randomly selected accounts. For five of the accounts selected, the auditor was unable to find supporting documentation in the normal place of storage. Which of the following next steps would be most appropriate for the internal auditor to take?

Options:

A.

Conclude that the test failed because at least 17 percent of the sample items were not supported.

B.

Select five new accounts to replace the ones that were missing supporting documentation.

C.

Expand the sample size to 60 to determine whether the error rate remains the same.

D.

Contact management to determine whether the supporting documentation can be located elsewhere.

Question 57

Which of the following attribute sampling methods would be most appropriate to use to measure the total misstatement posted to an accounts payable ledger?

Options:

A.

Stop-or-go sampling

B.

Probability to proportional size sampling

C.

Classical variable sampling

D.

Discovery sampling

Question 58

An internal audit activity has to confirm the validity of the activities reported by a grantee that received a chantable contribution from the organization Which of the following methods would best help meet this objective?

Options:

A.

Visiting the grantee to assess whether the execution of the project was in line with the defined grant scope.

B.

Verifying that the grantee's final report is in line with what was depicted in the initial budget request.

C.

Reconciling general ledger accounts used by management of the area under review for reflecting expenses on charitable contributions

D.

Interviewing employees of the corporate affairs department, which is responsible for charitable activities

Question 59

During planning, the chief audit executive submits a risk-and-control questionnaire to management of the activity under review. Which of the following statements is true regarding the questionnaire?

Options:

A.

It would be an inefficient way for internal auditors to address multiple controls in the activity under review.

B.

It would limit certain members of the internal audit team from being fully involved in the engagement.

C.

It would be the most effective way for the internal audit team to obtain a detailed understanding of the processes and controls in the activity to be audited.

D.

It would be an efficient way for the internal audit team to determine whether specified control activities are in place.

Question 60

According to IIA guidance, which of the following is true regarding audit supervision?

1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.

2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.

3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Options:

A.

1 and 2 only

B.

1 and 3 only

C.

2 and 3 only

D.

1, 2, and 3

Question 61

A regional entertainment organization is in the process of developing a corporate social responsibility (CSR) policy. Management invites ideas from employees when developing the CSR policy Which of the following is the most appropriate idea to include?

Options:

A.

Management has overall responsibility for the effectiveness of governance, risk management, and internal control processes associated with CSR.

B.

The board Is responsible for ensuring that CSR objectives are established, risks are managed, performance is measured, and activities are appropriately monitored and reported

C.

Management is responsible for ensuring that the organization's CSR principles are communicated, understood, and integrated into decision-making processes.

D.

Generally, CSR activities are limited to the management of the organization, thus, employees do not have a responsibility for ensuring the success of CSR objectives.

Question 62

Which of the following types of policies best helps promote objectivity in the internal audit activity’s work?

Options:

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment.

B.

Policies that match internal auditors' performance with feedback from management of the area under review

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of Inappropriate business relationships

Question 63

After concluding a preliminary assessment, the engagement supervisor prepared a draft work program According to HA guidance which of the following would be tested by this program?

Options:

A.

The process objectives.

B.

The process risks

C.

The process controls

D.

The process scope

Question 64

Which of the following is most appropriate for internal auditors to do during the internal audit recommendations monitoring process?

Options:

A.

Report the monitoring status to senior management when requested.

B.

Assist management with implementing corrective actions.

C.

Determine the frequency and approach to monitoring

D.

Include all types of observations in the monitoring process

Question 65

An internal auditor is analyzing sates records and is concerned whether a transaction is recorded in the coned period. The accounting manager explains that the external auditor approved the records and produces an email from the external audit team leader. How should tie internal auditor respond?

Options:

A.

Ask the external auditor to review the same transaction again as an independent third party

B.

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

C.

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

D.

Compare the recording of this transaction to now similar ones were executed last year

Question 66

To compete in the global market, an organization is restructuring and consolidating many of its divisions. Prior to the consolidation, senior management requested assistance from tie internal audit activity. Which of the following consulting services would be most appropriate in this situation?

Options:

A.

Assess controls for potential compliance issues that may affect me consolidation

B.

Brief vendors on the potential risks that will occur without continued business

C.

Advise division managers on how to streamline operations for better efficiency

D.

Determine whether the organization’s controls are effective in meeting business objectives

Question 67

Which of the following statements is true regarding internal control questionnaires?

Options:

A.

Internal control questionnaires are useful m evaluating the effectiveness of standard operating procedures

B.

internal control questionnaires provide reliable documents allowing internal auditors to cover many control procedures in little time

C.

Internal control questionnaires can be used by internal auditors as an interview guide

D.

Internal control questionnaires provide direct audit evidence which may need corroboration

Question 68

For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?

Options:

A.

Independently evaluating conflicts of interests.

B.

Assessing contracts for relevant terms and conditions.

C.

Performing statistical analysis for data anomalies.

D.

Preparing evidentiary documentation.

Question 69

An internal auditor is asked to determine why the production line for a large manufacturing organization has been experiencing shutdowns due to unavailable pacts The auditor learns that production data used for generating automatic purchases via electronic interchange is collected on personal computers connected by a local area network (LAN) Purchases are made from authorized vendors based on both the production plans for the next month and an authorized materials requirements plan (MRP) that identifies the parts needed per unit of production The auditor suspects the shutdowns are occurring because purchasing requirements have not been updated for changes in production techniques. Which of the following audit procedures should be used to test the auditor's theory?

Options:

A.

Compare purchase orders generated from test data input into the LAN with purchase orders generated from production data for the most recent period

B.

Develop a report of excess inventory and compare the inventory with current production volume

C.

Compare the pans needed based on current production estimates and the MRP for the revised production techniques with the purchase orders generated from the system for the same period

D.

Select a sample of production estimates and MRPs for several periods and trace them into the system to determine that input is accurate

Question 70

An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete. According to IIA guidance, which of the following are appropriate options available to the chief audit executive?

1. Allow the auditor to decide whether to extend the audit engagement.

2. Determine whether the work already completed is sufficient to conclude the engagement.

3. Provide the auditor feedback on areas of improvement for future engagements.

4. Provide the auditor with instructions and directions to complete the audit.

Options:

A.

1, 2, and 3

B.

1, 2, and 4

C.

1, 3, and 4

D.

2, 3, and 4

Question 71

An internal auditor is preparing an internal control questionnaire for the procurement department as part of a preliminary survey. Which of the following would provide the best source of information for questions?

Options:

A.

A relevant procurement law or regulation.

B.

A list of the company's vendors.

C.

A review of a sample of tenders during the audited period.

D.

A summary of the company's expenditures and their categories.

Question 72

The internal audit function is performing an assurance engagement on the organization’s environmental, social, and governance (ESG) program. The engagement objective is to determine whether the ESG program’s activities are meeting the program’s established goals. The internal audit function has completed a risk and control assessment of the ESG program's activities. What is the appropriate next step?

Options:

A.

Conclude whether the ESG program's activities are meeting the established goals

B.

Communicate the results of the assessment to senior management

C.

Develop recommendations based on the results of the assessment

D.

Perform testing on the activities selected based on the assessment

Question 73

For a new board chair who has not previously served on the organization’s board, which of the following steps should first be undertaken to ensure effective leadership to the board*?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Question 74

The chief audit executive (CAE) of an organization has completed this year’s risk-based audit plan and realized that current staff resources are insufficient to meet the needs of the plan. What course of action should the CAE take?

Options:

A.

Amend the audit plan so that available audit resources are adequate to meet the plan’s requirements.

B.

Inform the board and senior management of the resources needed, as well as the associated risks.

C.

Communicate early to those unit managers whose areas would most likely not be able to get reviewed.

D.

Get approval from human resources regarding overtime payment to be made in an effort to complete the audit plan.

Question 75

Which of the following statements describes an engagement planning best practice?

Options:

A.

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

B.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

C.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

D.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

Question 76

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding Which of the following is a reason to use narrative memoranda?

Options:

A.

To create a detailed risk assessment

B.

To identify individuals who perform key roles

C.

To explain a simple process.

D.

To document which outputs support other activities.

Question 77

Which of the following scenarios is an example of appropriate engagement supervision?

Options:

A.

An engagement supervisor provides equal supervision to junior auditors and senior auditors.

B.

An engagement supervisor uses internal audit software.

C.

The chief audit executive personally supervises each engagement.

D.

The engagement supervisor and a team member meet regularly to discuss engagement progress.

Question 78

According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Options:

A.

Degree of effort and cost needed to correct the reported condition.

B.

Complexity of the corrective action.

C.

Impact that may result should the corrective action fail.

D.

Amount of resources required to conduct the follow-up activities.

Question 79

A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?

1. The client manager and her superior.

2. Anyone who may object to the report’s validity.

3. Anyone required to take action.

4. The same individuals who receive the final report.

Options:

A.

1 only

B.

1 and 2 only

C.

1, 2, and 3

D.

1, 2, and 4

Question 80

The audit manager asked the internal auditor to perform additional testing because several irregularities were found in the financial information. Which of the following would be the most appropriate analytical review for the auditor to perform?

Options:

A.

Compare the firm's financial performance with organizations in the same industry

B.

Interview all managers involved in preparing the financial statements

C.

Perform a bank reconciliation to confirm the cash balance in the financial statements.

D.

Trace each financial transaction to the original supporting document

Question 81

Below is a flowchart detailing an organization's bank reconciliation process. Which of the following conclusions can be drawn from the flowchart?

as

Options:

A.

There is a conflict in the segregation of duties between preparing bank reconciliations and posting payments to the accounting books.

B.

There is an appropriate segregation of duties in the treasury department during the bank reconciliation process.

C.

There is a large workload for the treasury accountant during the bank reconciliation process.

D.

Bank statements should be obtained at a higher level, such as through the treasury supervisor.

Question 82

Which of the following statements generally true regarding audit engagement planning?

Options:

A.

The best source tor detailed process information is senior management

B.

Audit objectives should be general and do not change.

C.

Computer-assisted audit techniques are typically not useful during engagement planning

D.

Internal auditors should prepare a dented audit program for testing controls

Question 83

Which of the following should be included in a privacy audit engagement?

1. Assess the appropriateness of the information gathered.

2. Review the methods used to collect information.

3. Consider whether the information collected is in compliance with applicable laws.

4. Determine how the information is stored.

Options:

A.

1 and 3 only

B.

2 and 4 only

C.

1, 3, and 4 only

D.

1, 2, 3, and 4

Question 84

An internal audit intends to create a risk and control matrix to better understand the organization's complex manufacturing process. With which of the following approaches would the auditor most likely start?

Options:

A.

Assess management responses to key risk exposures

B.

Analyze the costs and benefits of key controls

C.

Evaluate the design adequacy of known controls

D.

Conduct a walk-through of all related activates

Question 85

An internal auditor determined that the organization's accounting system was designed to reject duplicate invoices if they were issued with identical invoice numbers. However, if an invoice number was changed by at least one digit, the system would accept the duplicate invoice as new. Which of the following would be the most appropriate criteria to refer to in the audit observation?

Options:

A.

Each invoice for goods or services acquired by the organization must be recorded only once in the accounting system.

B.

The accounting system lacks efficient controls for the identification of duplicate invoices.

C.

Disbursements may be made inappropriately, and liabilities may be overstated.

D.

The accounting system is at the end of its lifetime and is no longer developed by the provider.

Question 86

What is the best course of action for a chief audit executive if an internal auditor identifies in the early stage of an audit that some employees have inappropriate access to a key system?

Options:

A.

Contact the audit committee chair to discuss the finding

B.

Obtain verbal assurance from management that the inappropriate access will be removed

C.

Issue an interim audit report so that management can implement action plans

D.

Ask the auditor to create a ticket with the IT help desk requesting to revoke the inappropriate access

Question 87

Which of the following would help the internal audit activity assess compliance with the organization's standard operating procedures for bank deposits during a preliminary survey?

Options:

A.

Issue an internal control questionnaire to select branch customers.

B.

Issue an internal control questionnaire to the president of the organization.

C.

Issue an internal control questionnaire to the director of bank operations.

D.

Issue an internal control questionnaire to select branch managers.

Question 88

Which of the following would most likely form part of the engagement scope?

Options:

A.

Potential legislation on privacy topics will be employed as a compliance target.

B.

Wire transfers that exceeded $10,000 in the last 12 months will be analyzed.

C.

Both random and judgmental samplings will be used during the engagement.

D.

The probability of significant errors will be considered via risk assessment.

Question 89

An internal auditor wants to determine whether the key risks identified by management in the risk register are reflective of the key risks in the industry. Which of the following techniques would the auditor apply to achieve this goal?

Options:

A.

Perform benchmarking

B.

Perform a trend analysis

C.

Perform a ratio analysis

D.

Perform observation to gather evidence

Question 90

When auditing an organization's purchasing function, which of the following appropriately matches an engagement objective and the resulting audit procedure?

Options:

A.

Determine whether the purchasing department complies with policy by examining a random selection of purchase orders.

B.

Evaluate whether purchasing requests are properly approved by authorized staff by obtaining independent verification from the vendors.

C.

Ascertain whether material receipts are recorded on a timely basis by reviewing physical inventory stock counts.

D.

Determine whether prices charged for goods received are correct by reviewing the appropriate accounts payable record by vendor.

Question 91

The chief audit executive (CAF) determined that the residual risk identified in an assurance engagement is acceptable. When should this be communicated to senior management?

Options:

A.

When the CAE reports the audit outcome to senior management.

B.

When the residual risk is identified before the engagement is complete.

C.

Immediately, as residual risk should be communicated as soon as possible

D.

When management of the area under review has resolved and mitigated the residual risk

Question 92

An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity may provide risk management consulting?

1.There is a clear strategy and timeline to migrate risk management responsibility back to management.

2.The internal audit activity has the final approval on any risk management decisions.

3.The internal audit activity gives objective assurance on all parts of the risk management framework for which it is responsible.

4.The nature of services provided to the organization is documented in the internal audit charter.

Options:

A.

1 and 4 only.

B.

2 and 4 only.

C.

1 and 3 only.

D.

2 and 3 only.

Question 93

With regard to project management, which of the following statements about project crashing is true?

Options:

A.

It leads to an increase in risk and often results in rework.

B.

It is an optimization technique where activities are performed in parallel rather than sequentially

C.

It involves a revaluation of project requirements and/or scope.

D.

It is a compression technique in which resources are added to the project

Question 94

An internal auditor is starting the fieldwork of an assurance engagement. The auditor will conduct a walkthrough of selected controls with control owners. What should be the primary objective of this walkthrough?

Options:

A.

Collect the policies and procedures relevant to the audited area

B.

Understand the financial results published for the period under review

C.

Assess the design of the internal controls in place

D.

Define the objectives of the assurance engagement

Question 95

Which of the following would be the most effective fraud prevention control?

Options:

A.

Email alert sent to management for checks issued over S100.000.

B.

installation of a video surveillance system in a warehouse prone to inventory loss

C.

New hire training to explain fraud and employee misconduct.

D.

Daily report that Identifies unsuccessful system log-in attempts

Question 96

An internal auditor is planning an engagement at a financial institution. Toe engagement objective is to identify whether loans were granted in accordance with the organization's policies. When of the following approaches would provide the auditor with the best information?

Options:

A.

Randomly select 30 cases of loans and verify whether they were repaid timely and in full

B.

Randomly select 30 cases of loans and validate them against applicable underwriting guidelines

C.

Randomly select 30 employees to complete a survey regarding whether policies and standards are followed

D.

Randomly select several months obtain ageing reports for these months and compare them with the poor year

Question 97

According to IIA guidance, which of the following is most likely to become part of the engagement work program?

Options:

A.

Information obtained from historic audits and memos.

B.

Risk and control registers or matrices.

C.

Resource deployment plans and sampling methodologies.

D.

Prior findings and management responses.

Question 98

An internal auditor s testing tor proper authorization of contracts and finds that the rate of deviations discovered in the sample is equal to the tolerable deviation rate. When of the following is the most appropriate conclusion for the internal auditor to make based on this result?

Options:

A.

The internal auditor concludes that management may be placing undue reliance on me specified control

B.

The internal auditor concludes that the specified control is more effective than it really is.

C.

The internal auditor concludes that the specified control is acceptably effective

D.

The internal auditor concludes that additional testing will be required to evaluate the specified control

Question 99

A compliance engagement is underway, and management of the activity under review has asked the internal auditor to provide regular status updates and information regarding preliminary observations before the engagement is complete. Which of the following would be the internal auditor’s most appropriate response?

Options:

A.

The auditor should accommodate the request for information and brief management on significant preliminary observations as they develop.

B.

The auditor should advise management that the requested information cannot be communicated until the engagement is complete and the results undergo a quality check by the engagement supervisor.

C.

The auditor should share the requested information but clearly communicate that it is not appropriate for him to correct any observations based on further information that may be provided by management.

D.

The auditor should partially accommodate the request, explaining that he can provide status updates regarding the engagement procedures and timeline but he is unable to provide information regarding preliminary observations.

Question 100

Which of the following is required to classify, label, organize, and search big data stored and used in an organization?

Options:

A.

Metadata

B.

Data security

C.

A business application

D.

Data owner

Question 101

An internal auditor wants to test the processing logic of a computer application during a specific period to ensure consistent processing of transactions. Which of the following is the best approach to achieve the objective of the test?

Options:

A.

Utility software

B.

Integrated test facility

C.

Parallel simulation

D.

Generalized audit software

Question 102

The audit engagement objective is to identify vendors who might be involved in money laundering processes or tax evasion schemes. How would the internal auditor use data analytics to fulfill this objective?

Options:

A.

Run reports listing all payments made in countries other than vendor locations

B.

Run reports listing all credit limit overrides

C.

Run reports listing all instances of delayed revenue recognition

D.

Run three-way match reports, matching invoices, purchase orders, and receiving reports

Question 103

An internal auditor is performing a review of an organization's vendor for any possible conflicts of interest. Which of the following would provide the greatest assistance to the auditor in meeting this objective?

Options:

A.

Vendor contracts.

B.

Employee master list.

C.

Payment records.

D.

Purchasing policy.

Question 104

When reviewing workpapers, engagement supervisors may ask for additional evidence or clarification via review notes. According to IIA guidance, which of the following statements is true regarding the engagement supervisors review notes?

Options:

A.

The review notes may be cleared from the final documentation once the engagement supervisors concerns have been addressed

B.

Management of the area under review must address the engagement supervisors review notes before the audit report can be finalized.

C.

The chief audit executive must initial or sign the engagement supervisors review notes to provide evidence of appropriate engagement supervision.

D.

Review notes provide documented proof that the engagement is supervised properly and must be retained for the quality assurance and improvement program

Question 105

Which of the following activities demonstrates an example of the chief audit executive performing residual risk assessment?

Options:

A.

Cost-benefit analysis of management not implementing a recommendation to address an observation.

B.

Inquiry of corrective action to be completed within a certain period.

C.

Reporting the status of every observation for every engagement in a detailed manner.

D.

Soliciting management’s feedback after completion of the audit engagement.

Question 106

Acceding to IIA guidance, which of the following statements is true regarding the risk assessment process performed by the internal audit activity?

Options:

A.

The assessment of high-level risks is typically a linear process.

B.

Management should create the preliminary risk matrix

C.

The analysis should begin with ne identification of objectives

D.

Likelihood should receive greater consideration than impact

Question 107

A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?

Options:

A.

On a rainy day, total sales are greater than expected when compared to the cost of ingredients used.

B.

On a sunny day, total sales are less than expected when compared to the cost of ingredients used.

C.

Both total sales and cost of ingredients used are greater than expected.

D.

Both total sales and cost of ingredients used are less than expected.

Question 108

White planning an audit engagement of a procurement card activity. which of the following actions should an internal auditor take to denary relevant risks and controls?

Options:

A.

Compare card transaction types against procurement card policy guidelines.

B.

Develop the scope and objectives of the engagement

C.

Determine how many cardholders exceeded their daily limit.

D.

Meet with the procurement card program administrator

Question 109

Acceding to IIA guidance, when of the Mowing is an assurance service commonly performed by the internal audit activity?

Options:

A.

Proposing fine item recommendation lot the annual financial budget of the accounting department

B.

Making recommendations regarding financial approval authority limits for the operations department

C.

Validating whether employees are following established policies and procedures in the procurement department

D.

Generating expense report metrics for employees in the finance department

Question 110

The chief audit executive of an international organization is planning an audit of the treasury function located at the organization's headquarters. The current internal audit team at headquarters lacks expertise in the area of financial markets which is needed tor the engagement When of the following would be the most approbate solution considering the time constraint?

Options:

A.

Outsource the engagement 10 tie organization's external auditor who has expertise in the area of financial markets

B.

Hire additional internal auditors who have expertise in the area of financial markets.

C.

Invite a guest auditor from one of the organization's affiliates who has expertise m the area of financial markets.

D.

Limit the scope of the engagement to the knowledge and skills possessed by the internal audit team.

Question 111

An organization owns vehicles that are kept off-site by employees to pick up and deliver orders. An internal auditor selects a specific vehicle from the fixed asset register for

testing. Which of the following would best provide sufficient, indirect evidence for the auditor to confirm the existence of the vehicle?

Options:

A.

Review logs of the vehicles assigned to employees for the delivery of goods during the engagement period.

B.

Visit the home address of the specific employee to see the selected vehicle.

C.

Compare the registered details of the vehicle in the fixed asset register to a date-stamped photograph of the vehicle.

D.

Seek independent confirmation of the vehicle's details from one of the delivery employees.

Question 112

According to HA guidance, which of the following statements regarding audit workpapers is true?

Options:

A.

Audit reports should include the workpapers as a reference for the audit conclusions.

B.

The internal auditor's workpapers are the primary reference for reported control deficiencies.

C.

Ad-hoc communications with management of the area under review should be excluded from the workpapers.

D.

Both draft and final versions of workpapers should be saved at the end of the engagement

Question 113

Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?

Options:

A.

Determine whether there are any compensating controls in place to reduce the nsk to an acceptable level, and discuss this matter with management of the business area to determine which corrective action is needed

B.

Test the control anyway to determine the likelihood that the control was not performed property, and discuss this matter with management of the business area to determine which corrective action is needed

C.

Conclude that the process control environment is weak, issue a finding on this conclusion and report this finding to management of the business area

D.

Confer with a second internal auditor to determine whether the control failure is legitimate issue a finding on this conclusion and report this finding to management of the business area

Question 114

The audit plan requires a review of the testing procedures used in pre-production of a large information system prior to its live launch. If the chief audit executive (CAE) is uncertain that the current audit team has all the required knowledge to conduct the engagement, which of the following would be the most appropriate course of action for the CAE to take to preserve independence?

Options:

A.

Contract with the software vendor to provide an appropriate resource.

B.

Ask for a knowledgeable resource from the IT department.

C.

Make use of an external service provider.

D.

Request audit resources through the external auditor.

Question 115

During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as the are earning a significantly higher salary. The auditor noted the names and amounts of each; and he planned to prepare a request to the chief audit executive for a salary Increase based on this Information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Options:

A.

Competency.

B.

Objectivity.

C.

integrity

D.

Confidentiality

Question 116

Which of the following parties is accountable for ensuring adequate support for conclusions and opinions readied by the internal audit activity while relying on external auditors' work?

Options:

A.

Board of directors

B.

External auditors

C.

Chief audit executive

D.

Senior management

Question 117

During a review of the organization's waste management processes, the internal auditor discovered that wastewater is being disposed of inappropriately. The auditor's recommendations, suggested to mitigate the risk of regulatory sanctions and reputational damages, were accepted and timelines for implementation were agreed. However, during the internal audit activity's periodic follow-up exercise, management indicated that the recommendation was too expensive to implement and the current disposal method has been cost-effective. What should the chief audit executive do in this case?

Options:

A.

Nothing, as the internal audit activity has fulfilled its responsibility of providing recommendations to mitigate the risks to which the organization is exposed.

B.

Contact the regulatory agency responsible for monitoring such matters in order to convince management to implement the recommendations.

C.

Convene a meeting with senior management and discuss the issue and the potential impact it may have on the organization.

D.

Highlight the current exposure to the external auditors so they too can highlight the issue and further pressure management to address the concern.

Question 118

While reviewing warehouse inventory records, an internal auditor noticed that the warehouse has a surprisingly high number of products in storage. Over the past three years, the auditor had visited this particular warehouse numerous times for previous engagements and remembered that the warehouse was rather small. The auditor then decided to compare the square footage of the warehouse to the recorded number of products in storage. The auditor’s action is an example of which of the following?

Options:

A.

Performing a reasonableness test.

B.

Conducting a fraud investigation.

C.

Conducting trend analysis.

D.

Operating with impaired objectivity.

Question 119

Which of the following is least likely to help ensure that risk is considered in a work program?

Options:

A.

Risks are discussed with audit client.

B.

All available information from the risk-based plan is used.

C.

Client efforts to affect risk management are considered.

D.

Prior risk assessments are considered.

Question 120

An examination of the accounts payable function evidenced multiple findings with respect to segregation of duties. After management's response and action plan are received and documented in the final report, which of the following is most appropriate?

Options:

A.

Follow up after the applicable changes have been incorporated to validate management’s response.

B.

Include the items in the scope of the next scheduled audit of the accounts payable function.

C.

Because management agreed with the findings, no further action is deemed necessary.

D.

Have an internal audit staff member placed into the accounting department until corrections are made.

Question 121

According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?

Options:

A.

Require the approval of additions and changes to the vendor master listing, where the inherent risk of false vendors is high.

B.

Monitor amounts paid each period and compare them to the budget to identify potential issues.

C.

Compare employee addresses to vendor addresses to identify potential employee fraud.

D.

Monitor customer quality complaints compared to the prior period to identify vendor issues.

Question 122

According to the IIA Code of Ethics, which of the following is required with regard to communicating results?

Options:

A.

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization

B.

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

C.

The internal auditor should obtain all material information within the established time and budget parameters.

D.

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review

Question 123

The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?

Options:

A.

Were audit findings relevant and useful to management?

B.

Does the audit report format present issues clearly and concisely?

C.

Does the IAA work with a high degree of professionalism and objectivity?

D.

Were the findings reported in a timely manner?

Question 124

Which of the following statements is true regarding a drawback of using internal control questionnaires (ICQs)?

Options:

A.

When internal auditors need to cover many control procedures using ICQs is generally less efficient than conducting observations and inspections

B.

It is generally difficult for internal auditors lo compile appropriate ICQs for business activities that are governed by standardized operating procedures

C.

ICQs are inadequate to provide effective assurance on how organizational processes are executed in practice.

D.

It is generally difficult for internal auditors to process completed questionnaires, because ICQs frequently elicit detailed comments and long answers from management

Question 125

An internal auditor completed a review of expenses related to the launch of a new project. The auditor sampled 45 transactions approved by a senior project manager and identified 30 with questionable vendor documentation. Which of the following is the most appropriate conclusion for the auditor to include in the audit report?

Options:

A.

The organization incurred excessive cost overruns that resulted in significant financial and legal risk to the project.

B.

The organization experienced a potential conflict of interest

C.

The organization had weaknesses in its review process which allowed questionable transactions with some vendors

D.

The organization allowed the project to launch without assurance that all transactions were regularly approved

Question 126

A senior internal auditor is hired within the internal audit activity for a period of two years before advancing to an operations manager role within the business operations team. When staffing arrangement is being used in this scenario?

Options:

A.

Comer of competence

B.

Career model

C.

Rotational model

D.

Cosourcing agreement

Question 127

A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor. Which of the following actions should the CAE take?

1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.

2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.

3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet-based sales process and key controls.

4. Include the incident in the next quarterly report to the audit committee.

Options:

A.

1 and 2

B.

1 and 3

C.

2 and 4

D.

3 and 4

Question 128

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

Options:

A.

Residual

B.

Net

C.

inherent.

D.

Accepted.

Question 129

An internal auditor has discovered that duplicate payments were made to one vendor Management has recouped the duplicate payments as a corrective action Which of the following describes managements action in this case?

Options:

A.

A condition-based action plan

B.

A cause-based action plan.

C.

A root cause-based action plan.

D.

An effect-based action plan.

Question 130

The internal audit activity has become aware of public complaints regarding the sales practices of telephone marketing personnel in a large organization. The internal auditors decide to review a sample of all complaints within the last three months to ensure they are reflective of current marketing practices. Which of the following best describes this sampling technique?

Options:

A.

Judgmental sampling

B.

Random sampling

C.

Discovery sampling

D.

Statistical sampling

Question 131

The board of directors expressed concerns about potential external risks that could impact the organization s ability to meet its annual objectives and goals The board requested consulting services from the internal audit activity to gain insight regarding the external risks Which of the following engagement objectives would be appropriate to fulfill this request?

Options:

A.

Assess the organization's ability to minimize potential external risks

B.

Assess the organization's process of vetting vendors that provide necessary services to the organization

C.

Assess the organization's risk impacts from the markets in which it operates

D.

Assess the organization's controls implemented that would help minimize risks

Question 132

Acceding to MA guidance, when of the Mowing strategies would like provide the most assurance to the chief audit executive (CAE) that the internal audit activity's recommendations are being acted upon?

Options:

A.

The CAF obtains a formal response from senior management regarding the corrective actions they plan to take w address the recommendations.

B.

The CAE develops a tracking system to monitor the stains of engagement recommendations reported to management for action

C.

The CAE communicates with impacted department managers to determine whether corrective actions have addressed engagement recommendations

D.

The CAE works with the engagement supervisor to monitor the recommendations issued to management for corrective action

Question 133

Which of the following is the next step in understanding a business process once an internal auditor has identified the process?

Options:

A.

Determine process outputs.

B.

Determine process inputs.

C.

Determine process activities.

D.

Determine process goals.

Question 134

According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?

Options:

A.

The number, experience, and availability of audit staff as well as the nature, complexity, and time constraints of the engagement.

B.

The appropriateness and sufficiency of resources and the ability to coordinate with external auditors.

C.

The number, proficiency, experience, and availability of audit staff as well as the ability to coordinate with external auditors.

D.

The appropriateness and sufficiency of resources as well as the nature, complexity, and time constraints of the engagement.

Question 135

An organization invests excess short-term cash in trading securities Which of the following actions should an internal auditor take to test the valuation of those securities'*

Options:

A.

Use the equity method to recalculate the investment carrying value

B.

Confirm the securities held by the broker.

C.

Perform a calculation of premium or discount amortization.

D.

Compare the carrying value with current market quotations

Question 136

An internal auditor wanted to determine whether the organization's 200 employees are charging their work hours accurately to the correct project. The internal auditor selected a sample of 30 employee time reports for testing. Based on the testing, the internal auditor determined the following:

- 5 Time reports were incorrect.

- 21 Time reports were correct.

- 4 Time reports were not supported.

Options:

A.

The organization has significant flaws in its reporting of employee time, which could lead to the overstatement of project labor costs. The organization's failure to report accurate and complete employee time could lead to potential fraud and abuse.

B.

The organization needs to ensure that all reporting of employee time is accurate and complete for each of its projects By dang so the organization can minimize potential issues related to overstating employee tames and labor project costs.

C.

The organization overstated project costs due to inaccurate and incomplete reporting of employee time charged to the affected accounts As a result the organization cannot ensure at protects costs are accurately reported to stakeholders

D.

The organization generally ensured that employee hours charged to each project were accurate and complete. However, there were instances of employee time reports that were incorrect or not supported to justify the multiple project labor coats

Question 137

Which of the following information is most appropriate for the chief audit executive to share when coordinating audit plans with other internal and external assurance providers?

Options:

A.

Objectives scope and timing at a high level to support coordination while adhering to confidentiality requirements

B.

The area and timing of the audit engagement to ensure confidentially and avoid conflict of interest.

C.

All plan information, including risk assessments, planned tests and past results to maximize the opportunity for coordination with internal and external providers.

D.

No information should be shared with internal and external provider as it could introduce bias into the engagement results.

Question 138

Which of the following is not an outcome of control self-assessment?

Options:

A.

Informal, soft controls are omitted, and greater focus is placed on hard controls.

B.

The entire objectives-risks-controls infrastructure of an organization is subject to greater monitoring and continuous improvement.

C.

Internal auditors become involved in and knowledgeable about the self-assessment process.

D.

Nonaudit employees become experienced in assessing controls and associating control processes with managing risks.

Question 139

Which of the following risk assessment approaches involves gathering data from work team representing different levels of an organisation?

Options:

A.

Surveys

B.

Management produced analysis 0

C.

Facilitated team workshops

D.

Weighted risk factors

Question 140

Which of the following would most likely be found in an organization that uses a decentralized organizational structure?

Options:

A.

There is a higher reliance on organizational culture

B.

There are clear expectations set for employees.

C.

There are electronic monitoring techniques employed

D.

There is a defined code for employee behavior

Question 141

The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?

1. Use an external service provider.

2. Conduct a self-assessment with independent validation.

3. Arrange for a review by qualified employees outside of the IAA.

4. Arrange for reciprocal peer review with another CAE.

Options:

A.

1 and 2

B.

2 and 4

C.

1, 2, and 3

D.

2, 3, and 4

Question 142

An organization is experiencing a significant risk that threatens its financial well-being Senior management requested that the chief audit executive (CAE) meet with them to discuss the risk. Which of the following would best describe the CAE's responsibility at the meeting?

Options:

A.

Inform senior management of the appropriate actions they should take to control the risk

B.

Recommend that the internal audit activity provide consulting services to help minimize the risk

C.

Assume the responsibility of resolving the significant risk that will affect the organization

D.

Determine whether senior management accepted risk that may be deemed unacceptable for the organization

Question 143

Which of the following is the primary weakness of internal control questionnaires (ICQs)?

Options:

A.

ICQs do not allow for open-ended questions.

B.

ICQs do not allow for evaluating multiple locations.

C.

ICQs require significant auditor follow-up, as different managers may give different responses.

D.

ICQ respondents have incentives to answer that there are internal controls in place.

Question 144

An internal auditor accessed accounts payable records and extracted data related to fuel purchased tor the organization's vehicles As a first step, she sorted the data by vehicle and used spreadsheet functions to identify all instances of refueling on the same or sequential dates She then performed other tests Based on the auditor's actions which of the following is most likely the objective of this engagement1?

Options:

A.

To identify whether fuel was purchased for work-related purposes

B.

To estimate future fuel costs for the organization's fleet of vehicles

C.

To determine trends in average fuel consumption by vehicle

D.

To determine whether the organization is paying more than the industry average for fuel

Question 145

A chief audit executive (CAE) following up on action plans from previously completed audits identifies that management has determined that certain action plans are no longer necessary If the CAE disagrees with managements decision, which of the following is the most appropriate next step for the CAE to take?

Options:

A.

The CAE must discuss the matter with senior management

B.

The CAE must discuss the matter with key shareholders.

C.

The CAE must discuss the matter with legal counsel.

D.

The CAE must discuss the matter with the board

Question 146

The organization’s internal audit charter was last updated six years ago to update the charter, which of the following actions is most appropriate for the chief audit executive to take?

Options:

A.

Wait for the next external assessment and address all of the missing information in the charter based on the recommendations from the external assessment team

B.

Perform a review of HA guidance to become acquainted with the latest mandatory elements prior to updating the charter

C.

Use an internal audit charter template from another organization that operates within the same industry.

D.

Identify an individual within the internal audit activity who has in-depth knowledge of mandatory IIA guidance elements to address any gaps or areas of the current version of the charter that could be improved

Question 147

An engagement work program o of greatest value to audit management when which of the following is true?

Options:

A.

The work program provides more detailed support for the audit report

B.

The work program helps determined the required amount of audit resources

C.

The work program helps ensure tie achievement of the engagement objectives

D.

The work program assists the auditor n developing and managing audit tests

Question 148

Which of the following statements is true regarding engagement planning?

Options:

A.

The engagement objectives are the boundaries for the engagement, which outline what will be included in the review

B.

The risk-based objectives of the engagement can be determined once the scope of the engagement has been formed

C.

For a consulting engagement, planning typically occurs after the engagement objectives and scope have already been determined

D.

For an assurance engagement, once the scope is established and testing has begun, the scope cannot be modified.

Question 149

The internal audit function is in the fieldwork stage of the annual staff performance appraisal assurance engagement. A new auditor is hired and added to the engagement team. The auditor reviews the engagement work program with another member of the team and suggests improvements to make the fieldwork easier to complete. What action should be taken next?

Options:

A.

Refer the suggested changes to the engagement supervisor for approval.

B.

Note the suggested changes to be included in next year’s engagement program.

C.

Update the engagement work program with the suggested changes.

D.

No action is required as the work program has been approved and is underway.

Question 150

A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?

Options:

A.

Include using in a subsequent audit to determine if the risks are still present

B.

Discuss the matter with senior management and it not reserved with the board

C.

Require that management implement controls to mitigate lie risks

D.

Report the risks to the process owners so that they can modify their process

Question 151

Which of the following has the greatest effect on the efficiency of an audit?

Options:

A.

The complexity of deficiency findings.

B.

The adequacy of preliminary survey information.

C.

The organization and content of workpapers.

D.

The method and amount of supporting detail used for the audit report.

Question 152

A multinational organization has multiple divisions that sell their products internally to other divisions When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Options:

A.

Full cost

B.

Full cost plus a markup.

C.

Market price of the product.

D.

Variable cost plus a markup.

Question 153

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data'?

Options:

A.

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

B.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause

C.

Applying administrative privileges to ensure right-to-access controls are appropriate

D.

Creating a standing cybersecurity committee to identify and manage risks related to data security.

Question 154

In which of the following situations would it be most appropriate for an internal audit function to issue an interim report or memo?

Options:

A.

A scheduled audit observed that several agreed improvements from the previous audit were still being implemented.

B.

A planned inventory count at the production plant revealed a material variance.

C.

An employee shared concerns of suspected fraud but did not provide evidence.

D.

An auditor responsible for the fieldwork has carried out only half of the planned audit procedures and has no observations so far.

Question 155

An employee in the sales department completes a purchase requisition and forwards it to the purchaser. The purchaser places competitive bids and orders the requested items using approved purchase orders. When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?

Options:

A.

Verify that approvals of purchasing documents comply with the authority matrix.

B.

Observe whether the purchase orders are sequentially numbered.

C.

Examine whether the sales department supervisor approves invoices for payment.

D.

Determine whether the accounts payable department reconciles all purchasing documents prior to payment.

Question 156

Operational management In the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge/skills gap.

B.

Monitoring gap.

C.

Accountability reward failure

D.

Communication failure

Question 157

An internal auditor observes a double payment transaction on a supplier invoice during an accounts payable engagement. Which of the following steps would be the most effective in helping the auditor determine whether fraud exists?

Options:

A.

Switch the existing assurance engagement into a fraud investigation engagement

B.

Extend the audit scope and perform additional testing of controls on other related areas

C.

Review the poor year's transaction volume and amounts paid compared to the poor year's budget

D.

Perform data analytics on the supplier's information, invoiced amounts, and payments performed

Question 158

Which of the following internal audit activities is performed in the design evaluation phase?

Options:

A.

The internal auditor reviews prior audits and workpapers

B.

The internal auditor identifies the controls over segregation of duties.

C.

The internal auditor checks a process for completeness.

D.

The internal auditor communicates the audit results to management

Question 159

If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?

Options:

A.

Acts that may endanger the health or safety of individuals.

B.

Acts that favor one party to the detriment of another.

C.

Acts that damage or have an adverse effect on the environment.

D.

Acts that conceal inappropriate activities in the organization.

Question 160

In a health care organization the internal audit activity provides overall assurance on governance, risk and control The chief audit executive advises and influences senior management, and the audit strategy leverages the organization's management of risk According to HA guidance which of the following stages of internal audit maturity best describes this organization?

Options:

A.

Infrastructure.

B.

Emerging.

C.

Managed.

D.

Initial.

Question 161

An internal audit team was conducting an assurance engagement to review segregation of duties in the purchasing function. The internal auditors reviewed a sample of purchase orders from the past two year and discovered that 2 percent were signed by employees who were operating in a designated acting capacity due to employee absence. According to IIA guidance, which of the following attributes of information would most likely assist the auditor in deciding whether to report this finding?

Options:

A.

Sufficiency

B.

Reliability

C.

Relevance

D.

Usefulness

Question 162

Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?

Options:

A.

A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.

B.

A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.

C.

A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.

D.

A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.

Question 163

Management has taken immediate action to address an observation received during an audit of the organization's manufacturing process Which of the following is true regarding the validity of the observation closure?

Options:

A.

Valid closure requires evidence that ensures the corrected process will function as expected in the future

B.

Valid closure requires the client lo address not only the condition, but also the cause of the condition

C.

Valid closure of an observation ensures it will be included in the final engagement report

D.

Valid closure requires assurance from management that the original problem will not recur in the future

Question 164

The internal audit activity is currently working on several engagements, including a consulting engagement on the management process in the human resources department. Which of the following actions should the chief audit executive take to most efficiently and effectively ensure the quality of the engagement?

Options:

A.

Assign an experienced manager to monitor the whole engagement process.

B.

Employ fieldwork peer review to enhance the work quality.

C.

Require internal auditors to follow a standardized work program.

D.

Personally supervise the engagement

Question 165

A bicycle manufacturer incurs a combination of fixed and variable costs with the production of each bicycle. Which of the following statements is true regarding these costs?

Options:

A.

if the number of bicycles produced is increased by 15 percent, the variable cost per unit will increase proportionally

B.

The fixed cost per unit will vary directly based on the number of bicycles produced during the production cycle.

C.

The total variable cost will vary proportionally and inversely with the number of bicycles produced during a production run.

D.

if the number of bicycles produced is increased by 30 percent, the fixed cost per unit will decline.

Question 166

An internal auditor at a bank informed the branch manager of a malfunctioning lock on one of the vaults. The risk associated with this issue was deemed significant by the chief audit executive (CAE), and immediate remediation was recommended. However, during a follow-up engagement, the branch manager told the CAE that the risk was actually not significant, hence no action was taken. What is the most appropriate next step for the CAE?

Options:

A.

Inform senior management that the branch manager decided to cancel the committed action plan without any previous communication.

B.

Discuss the issue with the board, which has ultimate responsibility to resolve this risk.

C.

Have another discussion with the branch manager, attempt to change his view, and encourage him to implement the recommendations.

D.

Document the branch manager’s decision to accept the risk; otherwise, no other specific course of action is required.

Question 167

Which of the following methodologies consists of the internal auditor holding individual meetings with different people, asking them the same questions, and aggregating the results?

Options:

A.

Facilitated workshops.

B.

Surveys.

C.

Structured interviews.

D.

Elicitation.

Question 168

An organization's healthcare insurance costs have been rising approximately 10 percent per year for several years. Which of the following analytical review procedures would best evaluate the reasonableness of the increase in healthcare costs?

Options:

A.

Develop a comparison of the costs incurred with similar costs incurred by other organizations.

B.

Obtain the government index of healthcare costs for the comparable period of time and compare the rate of increase with that of the cost per employee incurred by the organization.

C.

Obtain a bid from another healthcare administrator to provide the same administrative services as the current healthcare administrator.

D.

Review all claims and compare with appropriate procedures to ensure that overpayments have not occurred.

Question 169

Which of the following is the best audit procedure to obtain evidence of an organization's legal ownership of a new property?

Options:

A.

Review documents registered with the appropriate governmental authority.

B.

Examine the board of directors' minutes and look for approvals to acquire property.

C.

Confirm with senior management and legal counsel concerning property acquisition.

D.

Confirm ownership with the title company that handles the escrow account.

Question 170

Which of the following situations best applies to an organization that uses a project, rather than a process, to accomplish its business activities?

Options:

A.

A clothing company designs, makes, and sells a new item.

B.

A commercial construction company is hired to build a warehouse.

C.

A city department sets up a new firefighter training program.

D.

A manufacturing organization acquires component parts from a contracted vendor

Question 171

Which of the following statements about including consulting engagements in the annual internal audit plan is true?

Options:

A.

All requests for consulting engagements must be included in the annual internal audit plan

B.

Assurance engagements must be included in the annual internal audit plan but there is no requirement to include consulting engagements

C.

Consulting engagements do not need to be included m the annual internal audit plan unless requested by the board

D.

The acceptance of proposed consulting engagements into the annual internal audit plan may depend on their ability to add value

Question 172

Which of the following situations is most likely to heighten an internal auditors professional skepticism regarding potential fraud?

Options:

A.

A procurement manager does not have the expected academic credentials for his position

B.

A salesperson frequently complains about the organization's policy on sales commissions.

C.

The accounts payable supervisor has requested advances against her monthly salary on several occasions

D.

A financial accountant is absent from work frequently due to regular medical procedures

Question 173

Internal auditors map a process by documenting the steps in the process, which provides a framework for understanding. Which of the following is a reason to use narrative memoranda?

Options:

A.

To create a detailed risk assessment.

B.

To identify individuals who perform key roles.

C.

To explain a simple process.

D.

To document which outputs support other activities.

Question 174

What is the primary objective of an engagement supervisor's review of key activities performed during the engagement?

Options:

A.

To ensure that the engagement is completed on time and within budget

B.

To ensure that all work performed meets acceptable quality standards

C.

To ensure that management has provided suitable responses to all observations

D.

To ensure that management is satisfied with the progress of the engagement

Question 175

Which of the following best demonstrates internal auditors performing their work with proficiency?

Options:

A.

internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA's Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Question 176

Which phase of an audit engagement is typically the most effective time for an internal auditor to develop a risk and control matrix?

Options:

A.

When preparing to recap audit test results.

B.

At sample selection, to determine sampling methodology.

C.

At the start of fieldwork, as part of developing the annual audit plan.

D.

At planning, to assist in developing the engagement work program.

Question 177

During the planning phase of an assurance engagement, the internal audit engagement team identifies and evaluates the inherent fraud risks within the procurement function. What should be the engagement team’s next step?

Options:

A.

Identify and map existing controls to their relevant inherent fraud risks

B.

Detect fraudulent activities in the activity under review for the audited period

C.

Select the appetite level for each inherent fraud risk

D.

Evaluate and respond to residual fraud risks that need to be mitigated

Question 178

An internal auditor is planning a consuming engagement and the objective is to identify opportunities to improve the efficiency of the organization’s procurement process. The auditor is preparing to conduct a preliminary survey of the area. Which of the following approaches would be most useful to obtain relevant information to support the engagement objective?

Options:

A.

Complete a transaction walkthrough fiat focuses on the design and operation of financial reporting controls

B.

Conduct interviews with senior management to obtain their input and insights regarding operational controls.

C.

Perform a comprehensive review of the organization s existing policies and standard operating procedures.

D.

Review the procurement process map w*h employees who carry out key activities to obtain their input and insights.

Question 179

When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?

• During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.

• During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.

• During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.

• During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.

Options:

A.

1 and 3 only

B.

1 and 4 only

C.

2 and 3 only

D.

2 and 4 only

Question 180

According to IIA guidance, which of the following statements about analytical procedures is true?

Options:

A.

Analytical procedures compare information against expectations

B.

Analytical procedures begin after the engagements planning phase.

C.

Analytical procedures provide internal auditors with explainable results.

D.

Analytical procedures are computer-assisted audit techniques

Question 181

Which of the following statements about assurance maps is correct?

Options:

A.

An assurance map is used by the chief audit executive to coordinate assurance activities with other internal and external assurance providers

B.

An assurance map is a picture of all assurance engagements performed by the internal audit activity across the organization

C.

An assurance map is used by the engagement supervisor to coordinate the roles of various internal audit team members assigned to assurance engagements

D.

An assurance map lists the procedures and testing activities performed by an internal audit team during an assurance engagement

Question 182

According to the Standards, which of the following is true regarding the auditor's inclusion of management's satisfactory performance in the final audit report?

Options:

A.

Acknowledgement of satisfactory performance is encouraged but not required.

B.

There are no standards to address the inclusion of satisfactory performance.

C.

Satisfactory performance should only be acknowledged with the advice of corporate counsel.

D.

Auditors must include satisfactory performance with the approval of the board.

Question 183

Which of the following is the best approach for the internal audit function to communicate moderate and high risk observations to management?

Options:

A.

Prepare a formal observation worksheet for all observations identified and send to management to review and provide feedback at the end of fieldwork.

B.

Verbally communicate the high risk observations to management when identified and prepare a documented worksheet that includes the root cause, effect, and recommendations.

C.

Prepare a formal observation worksheet for the high risk observations and a separate worksheet for the medium risk observations in an email to management.

D.

Verbally communicate all observations to management at the end of fieldwork and provide a formal worksheet for review and feedback.

Question 184

Which of the following methods is most closely associated to year over year trends?

Options:

A.

Horizontal analysts

B.

Vertical analysis.

C.

Common-size analysis.

D.

Ratio analysis.

Question 185

According to HA guidance, which of the following is the Key planning step internal auditors should perform to establish appropriate engagement objectives prior to starting an audit engagement?

Options:

A.

Review the organizational structure, management roles and responsibilities and operating procedures

B.

Evaluate management's risk assessment and the internal audit activity's risk assessment

C.

Assess process How and control documents used to meet regulatory requirements

D.

Review meeting notes from discussions involving management of the area to be reviewed.

Question 186

An internal auditor has suspicions that the management of a department splits me number of planned purchases to avoid the approval process required for larger purchases. Which of the following would be the most efficient technique to help the auditor identify the seventy of this malpractice?

Options:

A.

Examining the entire population

B.

Asking management about the malpractice

C.

Testing a sample of random transactions.

D.

Using data analytics

Question 187

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 188

According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?

Options:

A.

The employee’s name listed on organization’s payroll is compared to the personnel records.

B.

Payroll time sheets are reviewed and approved by the timekeeper before processing.

C.

Employee access to the payroll database is deactivated immediately upon termination.

D.

Changes to payroll are validated by the personnel department before being processed.

Question 189

Which of the following technologies will best reduce human processing errors and enable seamless exchange of business transactions among business partners?

Options:

A.

Enterprise resource planning

B.

Material requirements planning

C.

Electronic data interchange

D.

Customer relationship management

Question 190

While reviewing the organization’s financial year-end processes, an internal auditor discovered an erroneous journal entry. If the error is not addressed, it will result in a material misstatement of the financial records. The internal auditor needs an additional four weeks to complete the audit engagement. How should the auditor communicate this finding?

Options:

A.

The auditor should issue an interim report to management prior to completion of the audit and issuance of the final report.

B.

The auditor should include this item in the final audit report, marked with an asterisk, indicating that it is a high-risk item.

C.

The auditor should discuss the finding with the appropriate accounting staff who can make the correction immediately, and if corrected before the engagement is concluded, the finding would not need to be included in the audit report.

D.

The auditor is obligated to bypass management and immediately report the error directly to regulatory authorities.

Question 191

When a significant finding is noted early during a review of the accounts payable function, which next course of action is best for communicating the issue?

Options:

A.

Intern accounting management via an interim memorandum update

B.

Note the item in the workpapers for inclusion in the final audit report

C.

Call a meeting and discuss me issue with the audit committee

D.

Alert the CEO as soon as the issue is discovered

Question 192

Senior management requested that the internal audit activity perform a consulting project to assist in making a decision on a new software system. Which of the following would be used to determine the engagement objectives?

Options:

A.

An assessment of risks to the business objectives

B.

An understanding of the engagement client's expectations

C.

The probability of significant errors fraud or noncompliance

D.

Criteria previously established by the board

Question 193

An internal audit engagement supervisor approved the engagement work program submitted by an internal auditor and concluded that it satisfied engagement objectives. At the end of the engagement, the engagement supervisor reviewed the completed work program and found numerous deficiencies and inconsistencies in the engagement workpapers. Which of the following should be improved in the process of engagement supervision?

Options:

A.

The supervisor should regularly review the engagement team's workpapers throughout the engagement, including raising questions and providing guidance.

B.

The supervisor should evaluate whether the engagement work program includes audit procedures relevant to engagement objectives.

C.

The supervisor should thoroughly document all concerns prior to signing off the completed workpapers and finalizing the work program.

D.

The supervisor should issue a satisfaction questionnaire to management of the activity that was under review to understand the root causes of deficient performances.

Question 194

According to IIA guidance, which of the following objectives was most likely formulated for a non-assurance engagement?

Options:

A.

The internal audit activity will assess the effects of changes in maintenance strategy on the availability of production equipment

B.

The internal audit activity will inform management on the possible risks of moving the data warehouse to a cloud server maintained by a third party.

C.

The internal audit activity will ascertain whether the data center security arrangements are compliant with agreed terms

D.

The internal audit activity will ensure equipment downtime risks have been managed in accordance with the internal policy.

Question 195

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls9

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities.

D.

Attesting to fairness of financial statements

Question 196

A chief audit executive (CAE) reviews the supervision of an internal audit engagement Which of the following would most likely assure the CAE that the engagement had adequate supervision?

Options:

A.

The engagement supervisor has an open door pokey for audit team members to discuss concerns

B.

The supervisor reviews weekly progress reports from the audit team members

C.

The supervisor reviews and initials internal audit workpapers for the engagement

D.

The supervisor meets periodically with management in the reviewed area to get feedback during the engagement.

Question 197

An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Options:

A.

Observe corrective measures.

B.

Seek a management assurance declaration.

C.

Follow up during the next scheduled audit.

D.

Conduct appropriate testing to verify management responses.

Question 198

Which of the following statistical sampling approaches is the most appropriate for testing a population for fraud?

Options:

A.

Discovery sampling.

B.

Stop-or-go sampling.

C.

Haphazard sampling.

D.

Stratified attribute sampling.

Question 199

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Options:

A.

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

B.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

C.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

D.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Question 200

Which of the following describes (he primary reason why a preliminary risk assessment is conducted during engagement planning?

Options:

A.

To identify the greatest risks organizationwide

B.

To ensure that the engagement work program covers all risk areas

C.

To ensure that risks identified during previous audits of the area have been adequately addressed

D.

To ensure that significant risks are included in the engagement scope

Question 201

As part of the preliminary survey, an internal auditor sent an internal control questionnaire to the accounts payable function Based on the questionnaire responses, the auditor determines that there is no established procedure for adding and approving new vendors. What would the auditor do next?

Options:

A.

Determine that this situation is acceptable and focus on more significant issues

B.

Document the issue m the draft audit report

C.

Document the observation for further follow up when testing the operating effectiveness of controls

D.

Interview the personnel associated with this observation.

Question 202

An internal auditor discovered a control weakness that needs to be communicated to management. Which of the following is the best method for first communicating the weakness?

Options:

A.

Draft report, to be reviewed by management just prior to final report issuance.

B.

Preliminary observation document, discussed during the engagement.

C.

Final report, after review by audit management.

D.

Verbal communication during the engagement, followed by the final report issuance.

Question 203

An auditor reviews tender results for the procurement of construction equipment. Based on her significant experience the auditor believes that the obtained bid prices are too high. Which of the following is required to develop a relevant conclusion?

Options:

A.

Description of the procurement policy

B.

Summary of the tendering process

C.

Substantiated and comparative evidence

D.

Impact analysis of unfavorable prices

Question 204

Which of the following statements accurately describes the Standards requirement for ret internal audit records?

Options:

A.

Retention requirements for internal audit records should be compliant with ones set for external audit records

B.

Retention requirements should take into account the medium in which internal audit records are stored

C.

Retention requirements should be set by the chief audit executive and aligned will the organization s process and procedures

D.

Retention requirements should set a minimum period of the for records storage and the process of archiving documents

Question 205

During an audit of suspense accounts the internal auditor found that there were no written policies on how suspense accounts should be treated. The auditor also found that suspense account balances were cleared once per week, not daily. Which of the following is the most appropriate first response by the auditor?

Options:

A.

The auditor should conclude that suspense accounts were not being cleared on a timely basis because they should be cleared daily

B.

The auditor should ask management whether any undocumented policies exist and. if so, determine whether they are adequate

C.

The auditor should conclude that the clearing of suspense accounts was timely and appropriate because weekly clearing is sufficient.

D.

The auditor should rely on his professional judgment and experience to develop criteria for evaluating the existing controls over suspense accounts

Question 206

Who is responsible for ensuring internal auditors continuing professional development*

Options:

A.

Individual internal auditors

B.

Chief audit executive.

C.

The board

D.

Engagement supervisors

Question 207

Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?

1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.

2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.

3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.

4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

Options:

A.

1 and 2 only

B.

1 and 4 only

C.

2 and 3 only

D.

3 and 4 only

Question 208

Which of the following is the most important determinant of the objectives and scope of assurance engagements?

Options:

A.

The organizational chart, business objectives and policies and procedures of the area to be reviewed.

B.

The most recent risk assessment conducted by management of the area to be reviewed.

C.

The requests of operational and senior management throughout the organization.

D.

The preliminary risk assessment performed by internal auditors planning the engagement

Question 209

In which of the following situations would an internal auditor consider the need to outsource competencies and skills9

Options:

A.

During the inspection of a wind turbine. an internal auditor notices that some replaced parts took used According to purchase documents, the parts still have a long lifespan.

B.

The auditor believes that the audit client's actions contradict the organization's code of conduct The audit client disagrees and says his actions are for the organization's benefit

C.

An audit team member is allocated to conduct an assurance engagement m the sales unit. However, the same auditor performed an assurance engagement in that area just one year prior

D.

During an inventory count, the auditor ascertained that some goods were missing. The audit client argues that the auditor does not understand how inventory should be counted

Question 210

During an operational audit of the cash receipts process, internal auditors uncovered many red flags related to possible misappropriation of cash and other cash-flow problems indicative of potential employee fraud. Which of the following statements is true regarding the follow-up investigative audit?

Options:

A.

The audit team that conducted the operational audit must also conduct the investigative audit.

B.

The investigative audit must be conducted by an independent third-party service provider.

C.

To preserve objectivity, auditors who participated on the initial operational audit engagement team must not partake in the investigative audit.

D.

The investigative audit engagement team must include at least one auditor who possesses fraud-related skills and competencies.

Question 211

Which of the following processes does the board manage to ensure adequate governance?

Options:

A.

Establish and measure performance objectives for the internal audit activity

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization

D.

Develop strategies to mitigate the risks to achieving the organization's objectives

Question 212

The internal auditors available to perform the engagement do not have sufficient skills related to the area under review. Which of the following iss an appropriate action for the chief audit executive to take?

Options:

A.

Continue the engagement with the available staff, providing more hands-on supervision than usual

B.

Limit the objectives and scope of the engagement to align them with the skills available among the current staff.

C.

Cosource the performance of the engagement using personnel in the area that will be reviewed to supplement the knowledge of the staff and complete the engagement

D.

Supplement the internal auditors assigned to the engagement by bringing onto the engagement team a consultant who is independent of the area under review and has the missing expertise

Question 213

Following an audit, management developed an action plan to improve controls over the handling of scrap metal. Which of the following would be the most appropriate course of action for the auditor to follow up?

Options:

A.

Conduct another audit engagement to ensure all risks related to the sales of scrap metal have been mitigated.

B.

Ensure new procedures have been documented, approved, and distributed to the employees responsible.

C.

Perform retesting to confirm that new procedures address the previously identified deficient control activities.

D.

Analyze the new procedures, then report to senior management whether the associated risks have been managed.

Question 214

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

Options:

A.

ISO 26000

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework.

Question 215

An internal auditor conducted interviews with several employees, documented the interviews analyzed the summaries, and drew a number of conclusions. What sort of audit evidence has the internal auditor primarily obtained?

Options:

A.

Documentary evidence

B.

Testimonial evidence

C.

Analytical evidence

D.

Physical evidence

Question 216

Which of the following offers the best explanation of why the auditor in charge would assign a junior auditor to complete a complex part of the audit engagement?

Options:

A.

The senior auditors are unavailable, as they are currently working on other portions of the engagement.

B.

The auditor in charge believes that the junior auditor should obtain a specific type of experience.

C.

The audit engagement has a tight deadline and the work must be completed timely.

D.

The auditor in charge is unable to identify audit staff with all of the required skills needed to complete the engagement.

Question 217

New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Options:

A.

The audit committee of the board.

B.

The environmental, health, and safety manager.

C.

The organization's external environmental lawyers.

D.

The organization's insurance department.

Question 218

Which of the following sources of testimonial evidence would be considered the most reliable regarding whether a process is effectively performed according to its design?

Options:

A.

The person responsible for performing the task

B.

Two or more people that work in the area

C.

The supervisor in charge of the process

D.

The manager that wrote the steps to be followed

Question 219

Which of the following is more likely to be present in a highly centralized organization?

Options:

A.

The ability to make rapid changes

B.

Micromanagement

C.

Empowered employees

D.

Authority pushed downward

Question 220

Which of the following would be most likely found in an internal audit procedures manual?

Options:

A.

A summary of the strategic plan of the area under review.

B.

Appropriate response options for when findings are disputed by management.

C.

An explanation of the resources needed for each engagement.

D.

The extent of the auditor's authority to collect data from management.

Question 221

An internal auditor is conducting an initial risk assessment of an audit area and wants to assess management's compliance with privacy laws for safeguarding customer information stored on the organization's servers. Which course of action is appropriate for this phase of the engagement?

Options:

A.

Solicit the services of a specialist information systems auditor

B.

Obtain the most current approved copies of the organization's privacy policy

C.

Consult with legal counsel about new privacy laws to establish appropriate criteria

D.

Consider the detection risk of noncompliance with the laws

Question 222

The final engagement communication contains the following observation:

The internal auditor discovered that three of the 10 contracts reviewed failed to meet the organization's competitive bidding requirements Management explained that senior management deemed these purchases to be critical and awarded them as sole-source."

Which of the following components is missing in the documentation of the observation?

Options:

A.

Criteria.

B.

Effect

C.

Condition

D.

Cause

Question 223

Which of the following is an example of a properly supervised engagement?

Options:

A.

Auditors are asked to keep a daily record of their activity for review by the auditor in charge following the engagement.

B.

The senior internal auditor requires each auditor to review and initial colleagues' workpapers for completeness and format.

C.

A new internal auditor is accompanied by an experienced auditor during a highly sensitive fraud investigation.

D.

The auditor in charge provides reasonable assurance that engagement objectives were met.

Question 224

An engagement team is being assembled to audit of one of the organization's vendors Which of the following statements best applies to this scenario?

Options:

A.

The engagement team should include internal auditors who have expertise in investigating vendor fraud

B.

The engagement team should be composed of certified accountants who are proficient In financial statement analysis and local accounting principles

C.

To preserve independence and objectivity, an auditor who worked for the vendor two years prior may not participate on the engagement team

D.

The engagement team may include an auditor who lacks knowledge of the industry in which the vendor operates

Page: 1 / 75
Total 747 questions