Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

IIA IIA-CIA-Part1 Essentials of Internal Auditing Exam Practice Test

Essentials of Internal Auditing Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Question 1

During an audit of the purchasing department, an internal auditor identifies significant issues that could affect the organization's financial reporting. Management disagrees with the audit results. Which of the following responses best demonstrates the internal auditor has the necessary competencies related to professional Judgment and conflict management?

Options:

A.

The auditor maintains his convictions and continues to proceed with the review process despite management's concerns related to the results.

B.

The auditor bypasses management, discusses the results with the board, and seeks the board's input on how best to address the recommendations.

C.

The auditor consults with other members of the audit team, and together they develop alternative recommendations that management may be more likely to accept.

D.

The auditor meets with management to discuss the results and obtain a better understanding of the specific concerns.

Question 2

According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

Options:

A.

Outline expectations for communicating the results of all aspects of the internal audit activity.

B.

Declare the internal audit activity’s accountability for safeguarding assets and confidentiality.

C.

Document the chief audit executive’s (CAE's) reporting line

D.

Document agreement between the CAE and the individual to whom the CAE reports

Question 3

What is the primary reason for establishing a continuing professional development program within an organization's internal audit activity?

Options:

A.

To ensure all internal audit responsibilities can be met

B.

To ensure all audit staff members are capable of performing a quality self-assessment.

C.

To ensure that each auditor maintains responsibility for his own professional development.

D.

To attract the best and most talented candidates in the profession

Question 4

According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

Options:

A.

The periodic evaluation of risk ratings is primarily dependent on subjective assessments.

B.

Separate evaluations of the risk management process were conducted, but the results were never integrated.

C.

Management's primary objective is minimizing changes to the structure and operation of the risk management process.

D.

Many aspects of the related enterprise risk management program are informal and undocumented.

Question 5

A manufacturer of power tools is experiencing regular fluctuations in the price of electrical power which is having a serious impact on the bottom line. Which of the following would be the most effective risk strategy to reduce the impact of these fluctuations?

Options:

A.

Use an average cost for power to smooth the bottom line.

B.

Analyze the amount of power used to produce each power tool.

C.

Review the current process to identify opportunities to reduce power usage.

D.

Use a forward contract for bulk power purchases

Question 6

According to the Standards, which of the following is a requirement for internal audit professional development plans?

Options:

A.

Plans must include a path to certification so that each internal auditor has a certification in auditing finances.

B.

Plans must ensure that staff development activities are based primarily on the skills and competencies needed to complete the audit plan.

C.

Plans must include rotating audit areas so that auditors acquire business knowledge to be efficient in performing engagements.

D.

Plans must include rotating auditors out into business units for temporary assignments so they can obtain more business knowledge.

Question 7

Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?

Options:

A.

As the head of the organization, the CEO selects and appoints the external quality assessment team to perform the OAIP reviews.

B.

The chief audit executive determines the scope and frequency of both internal and external quality assessments based on the availability and capacity of resources in accordance with the annual internal audit plan.

C.

Minutes of meetings held with senior management and the board to discuss the scope and frequency of internal and external assessments support the OAIP reporting requirement.

D.

The internal audit activity needs to assess whether each engagement on the annual internal audit plan is conducted in conformance with the Standards.

Question 8

A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA's Code of Ethics would he violate?

Options:

A.

Due professional care.

B.

Competency.

C.

Effective communication

D.

Professionalism

Question 9

Which of the following is an advantage of using nongovernmental organization (NGO) members on an assurance team when auditing corporate social responsibility?

Options:

A.

Typically less time is needed to train the NGO members on the audit process.

B.

NGO members are often more unbiased and objective

C.

A report with a positive statement from an NGO member is deemed to be more credible. As opposed to auditors.

D.

NGO members are licensed to audit corporate social responsibility.

Question 10

During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

Options:

A.

Business acumen.

B.

Critical thinking.

C.

Communication.

D.

Audit report writing.

Question 11

Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Options:

A.

Transaction-level control.

B.

Management-oversight control.

C.

Governance control.

D.

Process-level control.

Question 12

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

Options:

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Question 13

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization's automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Options:

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry's production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Question 14

In which of the following scenarios would the internal auditor’s objectivity be best protected?

Options:

A.

A former human resources manager conducts an effectiveness review of the appointment and termination process six months after transferring to the internal audit activity.

B.

An accounts payable clerk assists the internal auditors during an effectiveness review of the physical access controls to the server room.

C.

An internal auditor writes the system manual for a newly acquired payroll software application prior to conducting an effectiveness review of the system.

D.

An internal auditor conducts an effectiveness review of an organization's business continuity plan in which his son is a minority stockholder.

Question 15

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

Options:

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Question 16

According to MA guidance, which of the following is the most accurate statement regarding the internal audit charter?

Options:

A.

The IIA's Code of Ethics must exist outside of the charter to maintain independence.

B.

The charter must be approved by both senior management and the board.

C.

The nature of consulting services does not need to be defined in the Internal audit charter.

D.

The charter provides a framework for performing a broad range of value-added audit services.

Question 17

Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?

Options:

A.

The assessment will cover soft controls and company values.

B.

The assessment will focus on the policy for a particular process.

C.

The assessment will lack a defined scope

D.

The assessment will probably uncover fraud risks.

Question 18

According to NA guidance which of the following should be documented in the internal audit chatter?

Options:

A.

The risk assessment process applied by the internal audit activity

B.

The organization's internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Question 19

During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor's review and approval. Which of the following would be an appropriate course of action for the auditor to take?

Options:

A.

Review the submission and if no further remarks exist approve the risk limits

B.

Provide advice if needed and ask management of the area under review to forward to senior management and the board for approval

C.

Develop risk limit calculation criteria and ask management of the area under review to resubmit the values.

D.

Avoid providing any advice or review until the audit report is issued

Question 20

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

Options:

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Question 21

Which of the following is the best example of a risk appetite statement concerning an investment portfolio?

Options:

A.

We will request CEO approval for investments greater than S20 million and board approval for investments greater than $50 million.

B.

We will hedge 95 percent of our U S. currency exposure and 100 percent of our European currency exposure.

C.

We have a moderate tolerance for investment earnings volatility with a target value at risk of S50 million.

D.

We will report to the risk committee all credit losses greater than S10 million and all market value losses greater than S20 million.

Question 22

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive (CAE) reports functionally to the CEO.

B.

The CAE's compensation is approved by the chief financial officer.

C.

The CAE's appointment Is determined by the CEO

D.

The CAE reports administratively to the chief operating officer.

Question 23

Which of the following should an internal auditor take into consideration when making a judgement regarding whether management selected appropriate risk responses?

Options:

A.

Significant risks

B.

Risk capacity

C.

Risk appetite

D.

Risk tolerance

Question 24

During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?

Options:

A.

The ability to negotiate

B.

The ability to use analytical tools

C.

The ability to foresee issues

D.

The ability to manage conflict

Question 25

Which of the following is considered to be a threat to the internal auditor's objectivity?

Options:

A.

The auditor drafted the operational procedures of the area that she is currently auditing.

B.

The auditor received a bonus that was approved by the board of directors.

C.

The assigned auditor recommended operational procedures for the organization.

D.

The assigned auditor rotated out of the same business activity three years ago

Question 26

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

Options:

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Question 27

Which of the following best demonstrates the board of directors' governance over internal control?

Options:

A.

The board bears direct responsibility for developing and implementing the internal control system.

B.

The majority of board members are experienced and qualified members of the organization's executive management team.

C.

The board may be assisted by an audit committee, chaired by the chief audit executive.

D.

The board is responsible for succession planning for the CEO and other key members of the executive management team.

Question 28

An engagement supervisor noted that an internal auditor's personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner's area. According to MA guidance, which of the following should be used to manage this impairment?

Options:

A.

An internal audit charter.

B.

An employee disciplinary policy.

C.

A functional audit committee.

D.

A functional reporting placement.

Question 29

An organization's board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

Options:

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Question 30

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Options:

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Question 31

Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

Options:

A.

An external quality assessment of the internal audit activity is performed only once every five years.

B.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

C.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

D.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Question 32

Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?

Options:

A.

The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

B.

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Question 33

According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

Options:

A.

Whenever the business objectives of the organization change

B.

Just prior to an external assessment of the internal audit activity

C.

At the completion of each engagement.

D.

Progressively on a day-to-day basis

Question 34

Which of the following scenarios best illustrates the concept of due professional care?

Options:

A.

After establishing engagement objectives and reviewing a process, the internal auditor assured process owners that all significant risk events were identified and tested using a systematic, disciplined approach.

B.

After conducting an audit based upon a predefined scope and objective, the internal auditor guaranteed management that the system of internal controls in an audited area operates effectively.

C.

As head of the internal audit activity, the chief audit executive reported functionally to the organization's board and administratively to senior management.

D.

As head of the internal audit activity, the chief audit executive ensures that engagement supervisors conduct post-engagement staff meetings.

Question 35

The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor's name is similar to that of the procurement manager, some staff members think the two are related, although they are not. Which of the following actions is most appropriate for the CAE to take?

Options:

A.

Take no action, as there is no impairment to independence.

B.

Remove the new internal auditor from the engagement team.

C.

Discuss the matter with the appropriate personnel to alleviate concerns.

D.

Closely supervise the new auditor and carefully review his work.

Question 36

To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

Options:

A.

Require board oversight of the QAIP.

B.

Assess Standards conformance for each individual engagement.

C.

Conduct a self assessment at least once every five years.

D.

Report the results of the QAIP to senior management

Question 37

A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?

Options:

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider's labor practices.

Question 38

If the skills and competencies are not present within the internal audit activity to complete an ad-hoc assurance engagement, which of the following is an acceptable

resolution?

Options:

A.

Politely decline the engagement due to a lack of qualified staff available at the time.

B.

Complete the engagement as requested, with the best of the current staffs abilities.

C.

Consider using employees from other departments in the organization on the audit team.

D.

Change the scope of the testing to ensure that only available staff proficiencies are used

Question 39

Which of the following procedures will best help an internal auditor assess operating effectiveness of fraud prevention and detection controls?

Options:

A.

Benchmarking best practices

B.

Testing,

C.

Mapping,

D.

Interviewing

Question 40

Applying ISO 31000, which of the following is part of the external context for risk management?

Options:

A.

Risk treatment method based on risk evaluation.

B.

Organizational culture, objectives, and processes.

C.

The regulatory and competitive environment

D.

The method of determining the risk level.

Question 41

While conducting an engagement in the procurement department, the internal auditor noticed that the department head’s travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Options:

A.

The auditor should make a note of the issue for follow-up when employee travel expenses are audited.

B.

The auditor should analyze trends and changes among the organization’s suppliers over the past few years.

C.

The auditor should investigate whether there are any special arrangements regarding senior management travel.

D.

The auditor should analyze the list of destinations the department head visited to estimate typical costs.

Question 42

Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?

Options:

A.

Regulatory approval from an accrediting agency.

B.

Self-assessments against a competency framework.

C.

Approval and signoff from the board of directors.

D.

A review by external auditors on an annual basis

Question 43

Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large

organization?

Options:

A.

The internal assessment results should be discussed once every five years,

B.

The rating conclusions and the impact from results of the external assessment should be explained,

C.

The results of the external assessment should be discussed every seven years,

D.

The qualifications and independence of the internal assessment team should be discussed

Question 44

Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Options:

A.

A monitoring process,

B.

A risk assessment process.

C.

A strategic objective-setting process.

D.

An information and communication process.

Question 45

An internal auditor is performing testing to gather evidence regarding an organization’s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. The auditor's concern best describes which of the following risks?

Options:

A.

incorrect rejection risk

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk.

D.

Anticipated misstatement risk

Question 46

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

Options:

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Question 47

Management assessed the organization’s risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?

Options:

A.

Avoidance.

B.

Acceptance.

C.

Reduction.

D.

Sharing

Question 48

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company's risk management function, and its head manager reports to the chief audit executive.

B.

A senior member of the internal audit activity once worked in the corporate finance department.

C.

The organization’s CEO reviews the internal audit activity’s annual budget per the organization’s policies and procedures.

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning.

Question 49

According to the 11A Code of Ethics, which of the following is required with regard to communicating results?

Options:

A.

The internal auditor should present material information to appropriate personnel within the organization without revealing confidential matters that could be detrimental to the organization.

B.

The internal auditor should disclose all material information obtained by the date of the final engagement communication.

C.

The internal auditor should obtain all material information within the established time and budget parameters.

D.

The internal auditor should reveal material facts that could potentially distort the reporting of activities under review.

Question 50

According to IIA guidance, which of the following statements is true regarding reporting the results of the quality assurance and improvement program?

Options:

A.

Results of internal assessments need to be reported to the board at least once every five years.

B.

The external assessor must present the findings from the external assessment to senior management and the board upon completion.

C.

Deficiencies within the internal audit activity must be reported to the board as soon as they are noted.

D.

Results of ongoing monitoring of the internal audit activity's performance must be reported to senior management and the board at least annually

Question 51

Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

Options:

A.

The internal audit activity must have auditors on staff who collectively possess all of the competencies required to fulfill the internal audit plan,

B.

All internal auditors on staff should possess the knowledge, skills, and competencies needed to perform any assurance engagement on the audit plan.

C.

The internal audit activity must possess or obtain the competencies needed to carry out their professional responsibilities, including providing relevant advice and recommendations.

D.

Internal auditors collectively are responsible for ensuring that the internal audit activity has the competencies required to fulfill the internal audit plan.

Question 52

Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Options:

A.

Planning an engagement of the area in which fraud is suspected.

B.

Employing audit tests to detect fraud.

C.

Interrogating a suspected fraudster

D.

Completing a process review to improve controls to prevent fraud

Question 53

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

Options:

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Question 54

According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

Options:

A.

CAE reviews and approves the annual audit plan,

B.

CAE meets privately with the CEO at least annually.

C.

CAE meets privately with the board at least annually,

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Question 55

Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Options:

A.

The chief audit executive (CAE) reports functionally to the board and administratively to the chief financial officer.

B.

The board seeks senior management's recommendation before approving the annual salary adjustment of the CAE.

C.

The CAE confirms to the board, at least once every five years, the organizational independence of the internal audit activity,

D.

The CAE updates the internal audit charter and presents it to the board for approval periodically, not on a specific timeline

Question 56

Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Options:

A.

Appoint the chief audit executive as a member of the board.

B.

Adopt written policies and procedures for the internal audit activity, approved by the board.

C.

Ensure the chief audit executive reports administratively to the audit committee.

D.

Establish the internal audit activity’s position within the organization in an audit charter.

Question 57

A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following is the most appropriate action the CAE should take regarding the request?

Options:

A.

Assign the engagement to a more senior internal auditor.

B.

Decline the engagement request.

C.

Allow the internal auditors to acquire the needed skills while performing the engagement.

D.

Supervise the assigned internal auditors throughout the engagement.

Question 58

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

Options:

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Question 59

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

Options:

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Question 60

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Options:

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Question 61

Which of the following most accurately describes the role of the board when it comes to organizational governance?

Options:

A.

Responsibility for outcome of the process.

B.

Responsibility to be involved in management of the organization.

C.

Responsibility to determine who is accountable for outcomes.

D.

Responsibility to identify risks in the organization’s business environment

Question 62

Which of the following would be considered a monitoring activity in organization wide risk management?

Options:

A.

Validate the results of management's self-assessment.

B.

Perform reviews of personnel.

C.

Maintain rigorous and comprehensive documentation.

D.

Obtain authorizations and signatures.

Question 63

Which of the following should a general internal auditor be able to characterize as an IT-related risk?

Options:

A.

Computer servers are in a room that is accessible to all employees,

B.

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.

Hours billed by IT developers exceed 24 hours daily.

D.

Audit logs are lacking in a system that processes personal data.

Question 64

Which of the following best illustrates the application of due professional care during an audit of the procurement department?

Options:

A.

The internal auditor began checking purchase requisitions for proper authorizations. He stopped when he discovered an instance of noncompliance. and he concluded the controls were ineffective.

B.

The internal auditor discovered an instance where management did not follow the standard bidding processes. The auditor assessed the validity of management’sreasons for deviating from standard practice and the supporting documentation, and determined that the deviation was acceptable.

C.

The internal auditor selected a sample of purchase orders with amounts greater than S5.000, the threshold at which the organization requires a bidding process. The auditor obtained documentation of the bidding process for each purchase order in the sample.

D.

The internal auditor analyzed bidding documents provided by management. Management indicated that the documents were purchase orders issued to a sole-source vendor Based on the analysis and management's declaration, the internal auditor determined that the procurement process was effective.

Question 65

Which of the following could increase risks to the organization’s control environment?

Options:

A.

Strong board of directors oversight.

B.

Incentive-based compensation structures.

C.

Lower than average employee turnover.

D.

Implementation of a fraud hotline.

Question 66

Which of the following types of policies best helps promote objectivity in the interna! audit activity's work?

Options:

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment,

B.

Policies that match internal auditors' performance with feedback from management of the area under review.

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of inappropriate business relationships.

Question 67

At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).

However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

Options:

A.

The auditor did not violate the standard of objectivity because the presentation had no impact on the organization.

B.

The auditor violated the principle of confidentiality by disclosing information about the organization without approval.

C.

The auditor should have obtained permission before using the material, but did not violate the IIA Code of Ethics or Standards,

D.

The auditor breached the conflict of interest standard by accepting payment for travel costs

Question 68

If an internal auditor suspects fraud during an engagement which of the following is expected of the auditor?

Options:

A.

Evaluate the suspected activities to determine whether a forma! investigation is warranted,

B.

Immediately inform senior management and the board of the suspected fraud.

C.

Ascertain the level of resources needed to formally investigate the fraud, and proceed with the investigation if resources permit,

D.

Include in the engagement documentation all possible effects and the potential impact of the fraud to the organization

Question 69

Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework. According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

Options:

A.

Everyone in the agency has a primary responsibility for identifying and managing risks as part of the risk management process.

B.

The risk management process, while evaluating risk, should develop a mechanism to rank the relative importance of each risk.

C.

The risk management process should be regularly reviewed and respond to changes in the environment, to remain relevant.

D.

The risk management process should use a formal technique to consider the consequence and likelihood of each risk.

Question 70

Which of the following controls would best mitigate the risk of fraud in the bidding process?

Options:

A.

Have a bidding committee open the tender bids.

B.

Restrict the time to submit tender bids.

C.

Keep minutes of pre-bid meetings.

D.

Allow the higher tenders to rebid.

Question 71

A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?

Options:

A.

The board should ask the internal audit activity to perform additional assurance engagements.

B.

A comprehensive fraud risk assessment and management program should be carried out.

C.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

D.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

Question 72

An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?

Options:

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Question 73

According to IIA guidance, which of the following statements is true regarding due professional care?

Options:

A.

Internal auditors must exercise due professional care to Insure that all significant risks will be identified,

B.

Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor

C.

Due professional care requires the internal auditor to conduct extensive examinations and verifications to ensure fraud does not exist,

D.

Due professional care is displayed during a consulting engagement when the internal auditor focuses on potential benefits of the engagement rather than the cost.

Question 74

For a new board chair who has not previously served on the organization's board, which of the following steps should first be undertaken to ensure effective leadership to the board?

Options:

A.

Chair should learn the current organizational culture of the company.

B.

Chair should learn the current risk management system of the company.

C.

Chair should determine the appropriateness of the current strategic risks.

D.

Chair should gain an understanding of the needs of key stakeholders.

Question 75

Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

Options:

A.

The ability to inspire trust

B.

The ability to communicate effectively

C.

The ability to display courage

D.

The ability to understand the needs of stakeholders

Question 76

Which of the following is true regarding the stakeholder theory of corporate social responsibility?

Options:

A.

An organization has a fiduciary duty to put shareholders' needs first

B.

Customers' needs are the primary responsibility of the organization

C.

Competitors are considered stakeholders of the organization

D.

Employees are the organization's best assets and primary responsibility

Question 77

Which of the following is an indicator that the organization s risk management process is effective?

Options:

A.

The organization s risk appetite mission, and objectives are dearly outlined.

B.

The organization s risk management practices are assessed as mature.

C.

The organization has adopted risk management frameworks and global models.

D.

The organization s significant risks are identified and adequately assessed

Question 78

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?

Options:

A.

Ask internal auditors to gather all relevant information evidence

B.

Identify and interview witnesses first potential suspects later.

C.

Conduct a fraud risk assessment to the most vulnerable areas.

D.

Determine me competencies needed and assess whatever team members have a conflict of interest.

Question 79

An organization’s board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively Which of !he following areas is the board seeking to improve by making this change?

Options:

A.

Internal audit authority.

B.

Internal audit reporting structure.

C.

Internal audit independence and objectivity.

D.

Internal audit interaction with the board

Question 80

Which of the following would most likely be classified as a consulting engagement?

Options:

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system's business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Question 81

In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity's QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity's current state of conformance with the Standards?

Options:

A.

Conformance with the Standards.

B.

Nonconformance with the Standards

C.

Unable to determine conformance with the Standards.

D.

Partial conformance with the Standards

Question 82

In addition to her internal audit activity responsibilities, the chief audit executive has been asked to oversee the organization's insurance function. Which of the following responses is most appropriate?

Options:

A.

Welcome the additional responsibility, as it represents an opportunity to gain more information for future audits.

B.

Revise the internal audit charter to include oversight of the insurance function, ensuring that all of her responsibilities are properly documented.

C.

Report the request to the board and recommend alternate processes to obtain assurance related to insurance activities.

D.

Promptly remove the organization's insurance function from the audit universe.

Question 83

Which of the following engagements would be considered an appropriate consulting service?

Options:

A.

The internal audit activity of a commercial bank routinely performs branch audits for compliance with regulations.

B.

The internal audit activity participates in a cosourcing arrangement with an IT audit firm to test information systems security.

C.

The internal audit activity facilitates biannual training of the risk management team in risk identification methodologies.

D.

The internal audit activity partners with external auditors annually to complete fieldwork required as a part of the external audit exercise.

Question 84

Which of the following statements is true regarding an organization's code of ethics?

Options:

A.

It should be written with primary consideration given to using a rule-based approach.

B.

It should be of two variations: one applicable internally and one applicable for third parties.

C.

Its operational effectiveness cannot be tested using traditional audit and rating systems such as maturity models.

D.

It should require an annual attestation of compliance with the code of conduct by all employees.

Question 85

Which of the following is a key determinant used by external auditors to decide whether they can rely on work performed by the internal audit activity?

Options:

A.

The auditors' independence.

B.

The auditors' objectivity.

C.

The auditors' integrity.

D.

The auditors' confidentiality.

Question 86

An organization's board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?

Options:

A.

The risk response.

B.

The risk tolerance.

C.

The residual risk.

D.

The inherent risk.

Question 87

Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?

Options:

A.

Assessment skills

B.

Assurance skills

C.

Interviewing skills

D.

Facilitation skills

Question 88

In which of the following situations would the organizational independence of an internal audit activity be impaired?

Options:

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Question 89

Which of the following actions best demonstrates an internal auditor exercising due professional care?

Options:

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Question 90

Which of the following statements best describes how the internal audit activity obtains reasonable assurance that significant risks in the organization are identified and assessed?

Options:

A.

The internal auditors review the organization's strategic plan, business plan, and policies, and have discussions with the board and senior management.

B.

The internal auditors evaluate the adequacy and timeliness of management's reporting of risk management results.

C.

The internal auditors interview staff at various levels and determine whether the organization's objectives, significant risks, and risk appetite are articulated sufficiently.

D.

The internal auditors review recently completed risk assessments and related reports issued by senior management, external auditors, and other sources.

Question 91

IT management requires all employees in the IT department to attend annual training on the department’s mission values and key performance measures This activity is designed to prevent which of the following conditions?

Options:

A.

Knowledge’s kills gap

B.

Monitoring gap

C.

Accountability/reward failure

D.

Communication failure

Question 92

Which of the following statements best represents the duo professional care that is required of internal auditor’s?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditor should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should device internal audit programs to confirm that the results are accurate.

Question 93

The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement. Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?

Options:

A.

Chief audit executive.

B.

Senior management.

C.

The forensic accountant.

D.

The legal department.

Question 94

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Options:

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Question 95

Which of the following is true regarding risk analysis?

Options:

A.

Impact and likelihood should be assessed together.

B.

Impact and likelihood should be given equal consideration by the internal auditor.

C.

Impact and likelihood should be measured using quantitative methods.

D.

Impact and likelihood should be used to determine risk response.

Question 96

Which of the following statements is true regarding control activities?

Options:

A.

Control activities are carried out by first-line and second-line functions to mitigate risks.

B.

Control activities are implemented by internal auditors to mitigate risks to an acceptable level.

C.

Control activities provide the foundation for the organization to establish its risk appetite.

D.

Control activities are a precondition to setting risk tolerance levels.

Question 97

In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

Options:

A.

Fraud prevention.

B.

Fraud detection.

C.

Corporate culture.

D.

Forensic analysis techniques.

Question 98

According to IIA guidance which of the following statements regarding ethics is true?

Options:

A.

Business ethics may vary within an organization with both domestic and foreign operations

B.

Business ethics are universal n nature and organizations across the world are expected to comply with smear standards

C.

A business ethics policy for an organization s established solely to direct me behavior and expectations of employees

D.

Business ethics of an organization must remain independent torn those of supplier’s customers and business partners

Question 99

Which of the following concepts is emphasized in the Mission of Internal Audit?

Options:

A.

Support of good governance and controls.

B.

Enhancement of organizational value.

C.

Protection of tangible and intangible assets.

D.

Provision of professional advisory and assurance services.

Question 100

Which of the following best describes a purpose for the internal audit charter?

Options:

A.

The internal audit charter authorizes the internal audit activity's reporting structure and clearly defines the roles of each internal auditor.

B.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.

The internal audit charter defines the criteria by which the internal audit activity's performance will be evaluated

Question 101

Which of the following statements is true regarding intangible assets?

Options:

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Question 102

Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

Options:

A.

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.

The CAE assesses the audit staff's knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.

The CAE provides absolute assurance to line management during each eternal audit engagement

Question 103

Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

Options:

A.

Develop training and system rollout plans in response to the results of the change readiness assessment of a new sales distribution model

B.

Lead a risk self assessment session for laboratory managers to help identify inherent risks and provide recommendations on how to evaluate the risks

C.

Audit a third party cloud service provider to review the effectiveness of governance and management controls in providing secure services to its customers

D.

Conduct a post-implementation assessment of the enterprise resource planning system to determine whether project objectives were met and to identify opportunities to maximize potential benefits

Question 104

Which of the following demonstrates that the internal audit activity exercises due professional care?

Options:

A.

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.

A self-assessment is conducted through the quality assurance and improvement program every five years

C.

Internal auditors are required to give absolute assurance of regulatory compliance

D.

The chief audit executive reports functionally to the board

Question 105

Which of the following best demonstrates organizational independence of the internal audit activity?

Options:

A.

The chief audit executive reports directly to the board

B.

Internal auditors may not disclose personal data of the audit client

C.

Internal auditors may not accept gifts from management of the area under review

D.

Internal auditors must observe the law and make required disclosures

Question 106

Which of the following scenarios demonstrates nonconformance with the Standards?

Options:

A.

An internal auditor failed to expand the engagement and include managements preferences when determining the scope of an upcoming assurance engagement.

B.

An internal audit activity lacks the skills need to perform a high-risk security engagement included on the annual audit plan.

C.

A chief audit executive fated to perform a risk assessment prior to preparing the audit plan

D.

An internal audit activity has existed for two years and has not undergone external quality assessment

Question 107

Which of the following is an appropriate roe fa the internal audit activity?

Options:

A.

Ensuring the organization's key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Question 108

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

Options:

A.

The organization's board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Question 109

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Options:

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Question 110

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Options:

A.

Decline, if it is consulting engagement because she recently worked in the organization s accounting department

B.

Accept, 11 is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department mat me engagement can take place m the future once she has been removed from accounting for a longer period of time.

D.

Accept, it is a consulting engagement with agreed-upon scope and services to be provided by me internal audit activity.

Question 111

The internal audit activity was denied access to expenditure and budget reports because they were considered to be confidential. This situation would result in which of the following limitations of the internal audit activity?

Options:

A.

Independence

B.

Integrity

C.

objectivity

D.

Authority

Question 112

Which of the following is the internal audit activity expected to do with respect to the organization's governance processes?

Options:

A.

Formally audit all governance activities.

B.

Provide strategic guidance on the organizational processes to senior management.

C.

Achieve agreement with the board regarding the range of activities, depth of review, and time period to include in the assessment.

D.

Audit against the governance structures and practices widely used in the industry.

Question 113

Which of the following should be part of the internal audit activity's duties?

Options:

A.

Actively reporting to the governing body.

B.

Providing risk management frameworks.

C.

Assisting management in developing processes and controls to manage risks and issues.

D.

Identifying and mitigating significant risks to the organization.

Question 114

Which of the following situations is most likely to threaten the independence of the internal audit activity?

Options:

A.

The chief audit executive reports functionally to the board and administratively to the CEO.

B.

The annual budget for the internal audit activity is approved by the chief financial officer.

C.

The internal audit activity is completely outsourced to an external service provider.

D.

The internal audit manager provides consulting services to the procurement department, where she worked during the prior year.

Question 115

Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor's business acumen?

Options:

A.

A quality assessment review.

B.

An internal audit client survey.

C.

A control self-assessment.

D.

A peer review of the internal audit activity.

Question 116

According to IIA guidance, which of the following statements is true regarding consulting engagements performed by the internal audit activity?

Options:

A.

Consulting engagements typically involve four or five parties: the internal audit activity, engagement client, senior management, board, and sometimes the external auditor.

B.

The scope of a consulting engagement is determined by either the engagement supervisor or chief audit executive, and it is finalized prior to beginning fieldwork.

C.

According to the Standards, internal auditors are permitted to carry out certain management functions during a consulting engagement.

D.

A preliminary risk assessment may not be needed for consulting engagements, because the expectations and objectives of the engagement are determined by the engagement client.

Question 117

In a retail organization, sales teams compete with each other to achieve and exceed sales targets. Each quarter, the members of the top sales team receive a bonus. In this environment, management should closely monitor for the emergence of which of the following potential risks?

Options:

A.

Risks related to employee turnover.

B.

Risks related to data manipulation.

C.

Risks related to employee competency.

D.

Risks related to not achieving sales targets.

Question 118

An internal audit of warehouse inventory revealed no material deficiencies. However, management later discovered fraud, which occurred during the period that was audited, and determined that a major control deficiency allowed the fraud to occur. Given management's discovery, which of the following statements is valid?

Options:

A.

The internal auditors violated the standard for due professional care because they did not detect the fraud, even though it occurred during the period that was reviewed.

B.

The internal auditors should have had sufficient knowledge of fraud to identify red flags indicating possible fraud.

C.

The internal auditors could not have detected the fraud due to collusion among employees in the inventory unit.

D.

The internal auditors are not responsible for considering fraud risk, which is a management responsibility.

Question 119

Which of the following statements demonstrates that internal auditors are in conformance with the standard of due professional care?

Options:

A.

Internal auditors have shown they have the freedom to carry out their responsibilities.

B.

Internal auditors have demonstrated the skills needed to carry out the audit engagement.

C.

Internal auditors have strictly followed a formal audit process in conducting their work.

D.

Internal auditors have demonstrated an unbiased mental attitude.

Question 120

Which of the following practices is generally most effective to protect internal audit objectivity?

Options:

A.

Ensuring regular documentation of auditor skills and experience in the workpapers.

B.

Basing performance evaluations heavily on customer satisfaction surveys.

C.

Prohibiting auditors from accepting gifts from audit clients or potential clients.

D.

Ensuring that auditors have a balance of both operational and internal audit responsibilities.

Question 121

Which should the internal auditor first consider when assessing fraud risks during an engagement?

Options:

A.

Compare the organizations fraud strategies with the industry's strategies.

B.

Review any related prior fraud investigations.

C.

Investigate any related fraud allegations.

D.

Communicate any suspicious fraud activities to management.

Question 122

According to the IIA Code of Ethics, which of the following best describes the conduct of an internal auditor who demonstrates the principle of competency?

Options:

A.

The auditor is prudent in the use and protection of information acquired in the course of his work.

B.

The auditor does not accept anything that may impair or be presumed to impair his professional judgment.

C.

The auditor does not perform services in a particular area when he lacks skills in that area.

D.

The auditor performs work with honesty, diligence, and responsibility.

Question 123

An internal auditor is assessing the effectiveness of the organization's risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty. According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Options:

A.

Maturity model approach.

B.

Process element approach.

C.

Key principles approach.

D.

Key performance indicators approach.

Question 124

Which of the following controls would be most useful to prevent an employee from using the organization's funds for inappropriate expenditures and falsifying financial records to conceal the fraud?

Options:

A.

Segregating duties in the payroll processes.

B.

Confirming receipt of goods or services.

C.

Performing background checks on newly hired employees.

D.

Requiring management approval for expenses.

Question 125

Which of the following describes a responsibility of operating management in an organization's corporate social responsibility (CSR) efforts?

Options:

A.

Responsible for implementing CSR principles and overseeing of CSR performance.

B.

Responsible for performing periodic internal self-verifications of reported CSR results.

C.

Responsible for performing analysis and comparison of CSR reports and performance.

D.

Responsible for ongoing CSR reporting and accomplishing of performance targets.

Question 126

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program. Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Options:

A.

The internal audit charter does not identify which audit services are outsourced.

B.

The internal audit charter has not been reviewed by the legal department.

C.

The internal audit charter has not been approved by the board within the past year.

D.

The internal audit charter does not describe the authority of the internal audit activity.

Question 127

During a payroll audit, a staff internal auditor suspects that signatures on some of the documents being sampled for examination are not authentic. Which of the following actions should the auditor take before proceeding with the examination?

Options:

A.

Suggest to the payroll manager that the suspicious documents should be sent to the organization's security department for forensic review.

B.

Keep the suspicious documents in the workpaper file until the end of the engagement, and then discuss the suspicions with the payroll manager.

C.

Discuss the suspicious documents with payroll staff to seek their views on the authenticity of the signatures.

D.

Review the suspicious documents with the chief audit executive and seek advice concerning further examination.

Question 128

According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

Options:

A.

The chief audit executive (CAE) may consider including a disclaimer on independence in audit reports.

B.

The CAE may consider greater involvement of those with suitable knowledge of audit practice.

C.

Conformance with this Standard is not dependent upon the size of the internal audit activity.

D.

Due to the small size of the internal audit activity, having an external assessment once every seven years is acceptable.

Question 129

Which of the following is (he most effective way any organization can ensure proper governance over its internal controls?

Options:

A.

By adopting the best practices of similar organizations in the industry.

B.

By adjusting their internal control framework as business practices evolve.

C.

By introducing the universally accepted COSO internal control framework.

D.

By encouraging the internal audit activity to provide training on internal controls.

Question 130

A financial services organization's board is assessing increased regulations and its effect on current industry lending practices. Which of the following committees would help the board identify and assess the effects of the increased regulations?

Options:

A.

Quality committee.

B.

Audit committee.

C.

Risk committee.

D.

Governance committee.

Question 131

An audit engagement required that an internal auditor, using available tools, test a transaction population for a period The auditor decided to test a sample of transactions rather than the full population.

Results of the audit were reported as satisfactory to management. Subsequent to the audit report, fraud was discovered in the area audited and was found to include transactions that were in the relevant transaction population not tested by the auditor. The auditor later disclosed that he decided to test a sample because it was representative of the population and facilitated quicker testing. Which of the following skills below, if improved, would most likely have prevented this situation?

Options:

A.

Objectivity

B.

Critical thinking.

C.

Empathy.

D.

Communication

Question 132

Which of the following is true about corporate social responsibility (CSR)?

Options:

A.

Social and environmental considerations are required parts of an organization's decision making

B.

The Global Reporting Initiative provides standards on required disclosures of CSR.

C.

CSR activities are overseen and managed by operational management.

D.

Internal auditors can provide assurance on reported sustainability results.

Question 133

Which of the following is an indicator of ineffective third-party risk management?

Options:

A.

Sourcing of third parties does not follow public procurement law.

B.

Violations of service conditions trigger either fines or termination.

C.

Due diligence of third parties is conducted only after contract signing.

D.

The right-to-audit clause is limited by personal data protection regulations.

Question 134

Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?

Options:

A.

Risk reduction.

B.

Risk transfer.

C.

Risk acceptance.

D.

Risk avoidance.

Question 135

The chief audit executive (CAE) has decided to outsource an audit of the organization's cloud governance in the annual audit plan. Why would the CAE outsource this audit?

Options:

A.

Lack of internal audit staff proficiency.

B.

Lack of audit planning.

C.

Lack of internal assessments.

D.

Lack of due professional care.

Question 136

Which of the following is the primary benefit of establishing a formal training program for the internal audit activity?

Options:

A.

It is useful to reinforce the independence of the internal audit activity.

B.

It is useful to guide internal auditors as they perform specific engagements.

C.

It is useful to maintain the skills and competencies of internal audit staff.

D.

It is useful to measure the effectiveness and maturity of the internal audit activity.

Question 137

Which of the following statements best represents the due professional care that is required of internal auditors?

Options:

A.

Internal auditors should perform assurance procedures to ensure that all significant risks are identified.

B.

Internal auditors should not perform consulting engagements for operations for which they had previous responsibilities.

C.

Internal auditors should consider the cost of assurance in relation to the potential benefits.

D.

Internal auditors should devise internal audit programs to confirm that the results are accurate.

Question 138

Which of the following survey questions would be most effective to identify ethics violations within the organization?

Options:

A.

Are the performance targets in your department realistic and attainable?

B.

Do your coworkers have the knowledge, skills, and training needed to perform their job duties?

C.

Does your supervisor comply with laws and regulations affecting the organization?

D.

Do you have sufficient resources, tools, and time to accomplish your work objectives?

Question 139

The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions. The CAE was an accounting manager for the organization six months ago.

How should she respond to the request?

Options:

A.

Decline, if it is a consulting engagement, because she recently worked in the organization's accounting department.

B.

Accept, if it is an assurance engagement, as she has been out of the department long enough to not impair objectivity.

C.

Inform the accounting department that the engagement can take place in the future, once she has been removed from accounting for a longer period of time.

D.

Accept, if it is a consulting engagement with agreed-upon scope and services to be provided by the internal audit activity.

Question 140

According to The IIA’s Code of Ethics, which of the following best describes the principle of integrity?

Options:

A.

Auditors shall observe the law and make disclosures expected by the law and the profession

B.

Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

C.

Auditors shall engage only in those services for which they have the necessary knowledge skills and experience

D.

Auditors shall be prudent in the use and protection of information acquired in the course of their duties

Question 141

Which of the following is an indicator that the organization's risk management process is effective?

Options:

A.

The organization's risk appetite, mission, and objectives are clearly outlined.

B.

The organization's risk management practices are assessed as mature.

C.

The organization has adopted risk management frameworks and global models.

D.

The organization's significant risks are identified and adequately assessed.

Question 142

Which of the followIng would permit an internal audit activity to use the statement "conducted m conformance with the International Standards for the Professional Practice of Internal Auditing m audit reports?

Options:

A.

The result of a quality assurance and improvement program confirm there are no material issues.

B.

Engagement workpapers are retained by the internet audit activity according to the retention and deletion policy.

C.

The internal audit activity receives positive feedback from the managers of the areas that were under review.

D.

internal auditors demonstrate proficiency by maintaining professional internal audit certifications

Question 143

Which of the following tests would most likely help discover a fictitious invoice?

Options:

A.

Compare vendor addresses to employee addresses.

B.

Match cancelled checks to invoices.

C.

Search for duplicate payment amounts.

D.

Check employee bank records against invoice amounts.

Question 144

What is the primary purpose of The IIA's Code of Ethics?

Options:

A.

Communicate specific activities appropriate to the performance of internal auditing

B.

Promote ethical culture within corporations and other business organizations

C.

Establish mandatory standards of competence for the practice of internal auditing

D.

Establish principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing

Question 145

Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Options:

A.

The monthly payroll reports are not vetted to ensure terminated employees have been removed from the payroll system.

B.

The volume of nonroutine journal entries has steadily increased over time.

C.

The database of approved suppliers has not been reviewed in the last year.

D.

The recent employee survey indicates that some employees remain unaware of the organization’s whistleblower hotline.

Question 146

An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

Options:

A.

Verifying whether claims have been properly authorized for payment

B.

Verifying whether claims are properly supported by invoices or other documents.

C.

Confirming that all claims are within the limits of the organization's travel policy.

D.

Reconciling claims against business the requests that were approved by supervisors

Question 147

Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?

Options:

A.

Ongoing monitoring results

B.

Periodic management assessment results

C.

Annual risk assessment results

D.

Internal auditors' training evaluation results

Question 148

The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?

Options:

A.

A consulting engagement independent of the financial risk committee's review.

B.

A risk assessment.

C.

An assurance engagement.

D.

A joint consulting engagement with input from the financial risk committee.

Question 149

According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?

Options:

A.

Determining whether any opportunity exists for senior executives to misappropriate property or funds

B.

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

C.

Verifying whether the board of directors has implemented effective internal controls

D.

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

Question 150

Which of the following statements is true regarding consulting and assurance engagements performed by the internal audit activity'?

Options:

A.

For both assurance and consulting engagements, the auditor must independently and objectively select the criteria for evaluation

B.

For a consulting engagement, internal auditors and management jointly agree on the adequate criteria needed to evaluate governance, risk management, and controls. This is not true of assurance engagements

C.

Engagement planning and fieldwork are similar for both types of engagements (there are no major differences) although the reporting process is different depending on which service is provided

D.

For a consulting engagement objectives must address governance risk management and control processes to the extent agreed upon with the client. This is not true of assurance engagements

Question 151

Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?

Options:

A.

If the results of both internal and external assessments support conformance with the Standards, the internal audit activity must communicate this to the board and senior management in writing.

B.

If it has been in existence fewer than five years and has no documented external assessment, the internal audit activity may not indicate that it is operating in conformance with the Standards.

C.

If nonconformance affects its ability to fulfill its professional responsibilities or stakeholder expectations, the internal audit activity should disclose nonconformance as well as its impact.

D.

If an external assessment reflects an overall conclusion of nonconformance, the internal audit activity may continue to communicate that it conforms with theStandards if it discloses a remediation plan, including timeline with subsequent validation.

Question 152

An accounts payable clerk who has access to the vendor master file replaced the payment details of a legitimate vendor with those of a friend before processing the payment through the organization's cashier. Immediately afterward, he restored the original vendor information. Which of the following controls could have prevented this fraud?

Options:

A.

Approval of master file change requests by the accounts payable supervisor

B.

Comparison of the check register to original invoices.

C.

Segregation of duties between accounts payable and the cashier.

D.

Frequent issuance of account statements sent to the vendors.

Question 153

An internal audit team analyzed the organization's value-at-risk model during an assurance engagement and suggested several useful improvements. Management was impressed by the internal audit team’s work and requested additional actions. Which of the following requested actions would impact internal audit independence most severely if fulfilled?

Options:

A.

Assess the effectiveness of the model at least semi-annually.

B.

Modify model inputs and suggest courses of action based on outcomes.

C.

Employ acquired experience to test other models used by the company.

D.

Validate whether model outputs serve the purpose stated by the model.

Question 154

The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

Options:

A.

The internal audit activity should add value by implementing the recommendations on management's behalf.

B.

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

Question 155

Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?

Options:

A.

Volunteer for audit engagements in areas or industries in which the auditor is unfamiliar

B.

Sign an annual attestation indicating that the auditor has all required competencies to perform her job effectively.

C.

Obtain appropriate professional certifications or other designations.

D.

Disclose potential impairments to independence or objectivity prior to performing an audit engagement.

Question 156

Due to the increased operational responsibility of the CEO the chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO) What is the likely impact of such a situation?

Options:

A.

There may be limitation in the scope of engagements that can be undertaken

B.

The CFO could provide expert advice when auditing areas under his purview

C.

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.

The expertise of finance staff can be called upon during an audit of finance-related areas

Question 157

A whistleblower reveals to the chief audit executive (CAE) detailed allegations of potential fraud at the senior management level. Although the CAE has some experience in the area, she chooses to retain an external fraud expert to conduct the investigation. When asked by the director of finance to defend the expenditure, which of the following statements represents the CAE's best response?

Options:

A.

The CAE refers to the Standards and explains that to protect her independence, she needs to remain isolated from the investigation.

B.

The CAE refers to the Standards and explains that the internal audit activity must obtain competent assistance if needed.

C.

The CAE refers to the Standards and explains that to protect her objectivity, she needs to remain isolated from the investigation.

D.

The CAE describes the specifics of the allegation to underscore the importance of the situation and the need for expert investigation

Question 158

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?

Options:

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Question 159

Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review. Which of the following would be the most appropriate next step for the reviewer to take?

Options:

A.

Remove the areas of disagreement from the scope of the engagement and seek informal compromises with the CAE.

B.

Issue the report to senior management, noting the deficiencies for immediate resolution.

C.

Issue the report, noting the deficiencies with comments that address the areas of disagreement.

D.

Request arbitration from the audit committee to resolve discrepancies prior to issuing the final report

Question 160

According to The IIA’s Code of Ethics, which of the following scenarios offers the best example of violating the principle of integrity?

Options:

A.

An internal audit manager collaborates with senior management to provide misleading information to government authorities.

B.

An internal audit manager provides sample audit reports and workpapers to a friend without obtaining prior approval

C.

An internal audit manager carries out a technical audit request without seeking expert opinion, despite a lack of the requisite skills.

D.

An internal audit manager assigned to audit a sales process failed to reveal that the process owner is a relative

Question 161

The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

Options:

A.

The internal auditor carefully scrutinized the data by manually reviewing each transaction to ensure that all irregularities were identified.

B.

The internal auditor employed the use of data analytics tools to sort, analyze, and detect anomalies in the data

C.

The internal auditor started the data analysis process by selecting a random sample of transactions on which to perform further tests.

D.

The internal auditor requested that the branch supervisor assist in identifying fraudulent transactions, as he was most familiar with the accounts being audited.

Question 162

According to IIA guidance, which of the following statements is true regarding risk management in an organization?

Options:

A.

The risk management function has the sole responsibility for identifying and managing risks in all departments

B.

Risk management is a core responsibility of the internal audit activity

C.

The internal audit activity should consider the organization’s maturity, structure, and the competitive environment to establish the organization’s risk appetite

D.

The internal audit activity may use a risk management or control framework to assist in risk identification

Question 163

Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?

Options:

A.

Assessing the risk of noncompliance with laws and regulations

B.

Following the policies as prescribed by the internal audit manual.

C.

Advising management of the area under review on how to mitigate internal control risks.

D.

Conducting the engagement on the presupposition that fraud exists.

Question 164

Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Options:

A.

Accommodation.

B.

Reaction.

C.

Defense.

D.

Proaction.

Question 165

To assure that the technical proficiency of internal auditors is appropriate for the audit engagements to be performed, a chief audit executive should:

Options:

A.

Consider the scope of work and level of responsibility when establishing criteria for education and experience in filling internal audit positions.

B.

Ensure that each newly hired auditor is qualified in all of the disciplines needed to accomplish the department’s audit mission.

C.

Oversee a training program that matches the actual training provided with the interests of individual auditors.

D.

Require all of the audit staff to pursue a minimum number of continuing professional education hours each year

Question 166

Which of the following best demonstrates the authority of the internal audit activity?

Options:

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services

D.

Achieving engagement objectives.

Question 167

Which of the following situations undermines the independence of the internal audit activity?

Options:

A.

The internal audit activity is responsible for the company's risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization's CEO reviews the internal audit activity's annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning

Question 168

Which of the following best describes organizational governance processes?

Options:

A.

Processes employed by internal and external assurance providers to authorize, direct, and provide oversight to management to better enable the meeting of organizational objectives

B.

Processes employed by the board of directors to authorize and provide guidance and oversight to management to promote the achievement of organizational objectives.

C.

Processes employed by the board of directors and senior management to mitigate risks to acceptable levels.

D.

Processes employed by risk owners to mitigate risks to acceptable levels within the organization's risk appetite

Question 169

A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization's stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

Options:

A.

Assess plant employees' social media activity for specific messages related to tolerance and open communication

B.

Compare plant employees’ compensation and benefits with those at similar sized organizations that have a stated culture of tolerance and open communication.

C.

Evaluate organization policies and procedures for references related to encouraging tolerance and open communication.

D.

Conduct a meeting with all plant employees and management to discuss tolerance and open communication

Question 170

A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.

Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

Options:

A.

An evaluation of the current performance and compensation program.

B.

The performance of background investigations on all existing employees.

C.

The availability of fraud training to all employees.

D.

The availability of an employee whistleblower hotline

Question 171

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?

Options:

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Question 172

According to IIA guidance, which of the following best describes expense reimbursement fraud?

Options:

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Question 173

The internal audit activity is performing an assessment of an organization's ethics program, and the engagement scope specifies a focus on the training program's design. According to IIA guidance, which of the following questions would be the most relevant?

1. Does the training include situations that require an ethical decision?

2. What percentage of employees have taken the training?

3. What are the results of the employee assessment of the organization's ethical climate?

4. Does the instructor provide feedback on the thought process to reach an ethical resolution?

Options:

A.

1 and 2.

B.

1 and 4.

C.

2 and 3.

D.

3 and 4.

Question 174

Recently an organization’s internal audit activity discovered ghost employees who receive payments Senior management decides to strengthen the internal control measures to address this Which of the following is considered an effective control to mitigate payments to ghost employees?

Options:

A.

Staff transfers are reviewed by the recruiting manager and approved by the head of human resources

B.

New staff requisition forms are authorized by operational management and acknowledged by the head of human resources

C.

Staff salary payments and accounting records are approved by the head of accounting and acknowledged by the head of human resources

D.

The staff salary payment list is reviewed by the head of payroll and endorsed by the head of human resources

Question 175

Six months after an employee was transferred to the internal audit activity his former operating manager requested that he return to assist a project team with the evaluation of a new pricing module for the organization’s online ordering system According to IIA guidance which of the following statements is true?

Options:

A.

The auditor cannot be assigned to this project, as it has been fewer than 12 months since he was transferred from that department.

B.

Another internal auditor should be appointed to the engagement to preserve the independence of the internal audit activity

C.

The auditor cannot participate in the assignment, as providing an opinion would impair his objectivity

D.

The auditor may participate on the project, as the nature of the assignment is consulting

Question 176

In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

Options:

A.

The CAE would need to procure external services to deliver the internal audit assurance program.

B.

There is no expertise within the internal audit team for detecting and investigating fraud.

C.

There is no expertise within the internal audit team for auditing an IT engagement.

D.

There is no available expertise on the internal audit team to perform a consulting engagement

Question 177

Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

Options:

A.

Checking for invoice amounts that do not match that of the purchase order.

B.

Searching for identical invoice numbers and payment amounts.

C.

Running checks to uncover post office box addresses matching employee addresses.

D.

Comparing prices across vendors to see whether one vendor is unreasonably high.

Question 178

According to IIA guidance, which of the following is most critical to ensuring that an organization's risk management program remains effective over time?

Options:

A.

Ensuring a fully executed assurance role for the internal audit activity.

B.

Conducting risk evaluations that include ranking the relative importance of each risk.

C.

Establishing a risk management function and appointing a chief risk officer.

D.

Conducting a combination of ongoing risk reviews and individual evaluations.

Question 179

Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?

Options:

A.

The relative complexity of the engagement

B.

The cost of the engagement relative to its benefits

C.

The extent of work needed to achieve the engagement's objective

D.

The needs and expectations of the engagement client

Question 180

With regard to IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Options:

A.

Independently evaluate the skills and experience of potential chief information officer candidates to assess the best fit based on the organization's risk appetite.

B.

Evaluate the organization’s governance standards and assess IT-related activities to identify gaps and develop policies, ensuring alignment with the organization’s risk appetite.

C.

Assist management in interpreting complex IT-related privacy and security risk exposures and evaluating potential mitigation strategies.

D.

Assess whether governance activities are aligned with the organization's risk appetite and take into consideration emerging risks

Question 181

Which of the following should catch the internal auditor's attention as a potential red flag for fraud?

Options:

A.

The accounting unit keeps detailed records and preserves supporting documentation in excess of company requirements

B.

One of the subsidiaries has more bank accounts than any other comparable subsidiary

C.

The same external audit firm has been with the company for three years without rotation

D.

The arithmetic median tenure of employees working at production facilities is 15 years

Question 182

Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?

Options:

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Question 183

An engagement supervisor noticed that a newly hired internal auditor struggles with large data samples because he appears reluctant to apply available spreadsheet statistical functions and tends to perform testing of transactions manually In which of the following areas does the internal auditor most likely need training?

Options:

A.

Critical thinking.

B.

International Professional Practices Framework

C.

Professional ethics

D.

Business acumen

Question 184

An IT contractor applied for an internal audit position at a bank. The contractor worked for the bank's IT security manager two years ago. If the audit manager interviewed the contractor and wants to extend a job offer, which of the following actions should the chief audit executive pursue?

Options:

A.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

B.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest

C.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

D.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

Question 185

According to The IIA’s Code of Ethics, which of the following statements is true?

Options:

A.

When an internal auditor releases required information to a regulator, resulting in a significant loss through fines and penalties for the organization, he fails to add value.

B.

When an internal auditor limits the scope of the audit engagement after learning that management is hiding relevant information, he demonstrates integrity.

C.

When an internal auditor disagrees with the treatment received by workers in the organization’s foreign subsidiary and alters the audit program to highlight the issue, the fails to demonstrate objectivity.

D.

When an internal auditor continues with an audit engagement, despite the audit client’s claims that the work performed is unnecessary and redundant, he fails to demonstrate competency.

Question 186

When would on-the-job training be more effective?

Options:

A.

When participants already have a certain degree of experience and knowledge.

B.

When it makes up the largest part of the training budget.

C.

When it includes ongoing feedback and coaching from experienced team members.

D.

When it is standardized for the whole entire staff.

Question 187

Which of the following parties would be responsible for ongoing monitoring of the organization's corporate social responsibility activities to reduce its carbon footprint?

Options:

A.

Chief audit executive

B.

Facility operation manager

C.

Public relations manager

D.

Regulatory agency

Question 188

In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

Options:

A.

An assessment of compliance of individual data protection procedures with data protection regulations

B.

An assessment of profit and loss generated by financial assets and instruments in the past quarter

C.

An assessment of the effectiveness of back-up procedures and execution of business recovery plans

D.

An assessment of performance management practices and establishment of key performance indicators

Question 189

In which of the following scenarios is the internal auditor in conformance with The IIA's Code of Ethics and the Standards?

Options:

A.

The auditor testifies in front of a jury about an organization's fraudulent financial practices after receiving a subpoena

B.

Management has agreed to remedy a significant control deficiency, so the auditor excludes the deficiency from the engagement report

C.

The chief audit executive declines an assurance engagement in IT because the internal audit activity is not proficient in IT

D.

The auditor communicates an audit opinion on fraud risk during an audit engagement’s preliminary fraud risk assessment

Question 190

Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?

Options:

A.

Promoting continuous evaluation

B.

Promoting continuous monitoring

C.

Promoting continuous improvement

D.

Promoting continuous reporting

Question 191

Which of the following can be used to minimize employees’ resentment of controls?

Options:

A.

Making sure employees are exempt from participating in control creation

B.

Implementing controls without lengthy explanations of their purpose

C.

Developing general constricting controls rather than detailed ones

D.

Not using controls to achieve goals

Question 192

According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?

Options:

A.

The mentor must have a higher position in the organization than the mentee

B.

An auditor s supervisor is best positioned to serve as the auditor's mentor

C.

Meetings between a mentor and a mentee should be formal and well documented

D.

Auditors at the same level may be assigned different mentors and some auditors may have no mentor

Question 193

Which of the following best describes the board’s role in establishing effective organizational governance?

Options:

A.

The board is involved in approving operational policy

B.

The board monitors key processes and procedures

C.

The board has oversight responsibility for organizational resources

D.

The board approves management's detailed plans and objectives

Question 194

Which of the following statements is true regarding corporate social responsibility (CSR)?

Options:

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting investors generally do not rely on CSR information

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary

D.

Typically operating management does not have a major role to play based on the public nature of reporting

Question 195

According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?

Options:

A.

Establish policies and procedures concerning the engagement process

B.

Develop a strategy for recruiting assigning, and training staff

C.

Outsource complex engagements to an external service provider

D.

Base the auditor evaluation process on the number of observations

Question 196

A business unit manager was impressed by the competence of the internal auditor who was conducting an assurance engagement in his area and the manager made the auditor an attractive job offer to begin after the audit was completed The auditor later told her auditor in charge that she was considering the offer. Which of the following IIA Code of Ethics principles was most likely violated?

Options:

A.

Integrity

B.

Confidentiality

C.

Objectivity

D.

No violation was committed

Question 197

Which of the following statements is true regarding organizational culture and an audit of the control environment?

Options:

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Question 198

The internal audit activity is responsible for which of the following actions related to an organization’s internal controls?

Options:

A.

Mitigating risks affecting achievement of organizational objectives.

B.

Enabling opportunities affecting achievement of organizational objectives.

C.

Analyzing and advising regarding costs versus benefits of control activities,

D.

Attesting to fairness of financial statements.

Question 199

Which of the following is an example of a risk reduction strategy?

Options:

A.

Outsourcing the payroll function.

B.

Absorbing the cost of losses.

C.

Insuring fixed assets.

D.

Installing cameras around the plant

Question 200

According to IIA guidance, which of the following threats to objectivity is described as familiarity'?

Options:

A.

An internal auditor is a close friend or relative of the manager or an employee of the audit client

B.

An internal auditor has a long-term business relationship with the audit client.

C.

An internal auditor has an economic stake in the performance of the organization

D.

An internal auditor is exposed to or perceived to be exposed to pressures from external parties

Question 201

According to NA guidance, which of the following actions by the chief audit executive would best ensure that internal auditors demonstrate due professional care?

Options:

A.

Developing policies and procedures for the internal audit activity.

B.

Ensuring the internal audit activity is not found fallible during audit engagements.

C.

Undertaking all engagements that management requests of the internal audit activity.

D.

Ensuring the internal audit activity reports functionally to the board of directors.

Question 202

An internal audit activity uses a rotational program to recruit high-performing staff members from other parts of the organization One of these individuals is nearing the end of her four-year internal audit rotation The chief audit executive assigned her to an assurance engagement in the business area she will be going into when she leaves the internal audit activity Which of the following statements is

true regarding this scenario?

Options:

A.

Accepting the assignment is a violation of internal audit independence

B.

Accepting the assignment will improve competencies and develop relationships that will be needed in her next assignment

C.

Accepting the assignment creates the appearance of an impairment to her professional judgment and detectivity

D.

Accepting the assignment on the assurance engagement would be a breach of due professional care

Question 203

An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks. Which of the following aspects of risk management does senior management’s decision best illustrate?

Options:

A.

Residual risk.

B.

Inherent risk.

C.

Risk tolerance.

D.

Risk appetite.

Question 204

After the final audit report was issued, the engagement supervisor received an expensive gift from management recognizing her assistance in improving the business, if the gift is accepted, which of the following would be true?

Options:

A.

The engagement supervisor violated The IIA's Code of Ethics principle of integrity.

B.

The engagement supervisor violated The IIA's Code of Ethics principle of objectivity.

C.

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

Question 205

Which of the following should be implemented to promote independence of the internal audit activity?

Options:

A.

Internal auditors do not review an area where they previously worked

B.

The internal audit charter is reviewed and updated annually

C.

The chief audit executive reports functionally to the board

D.

Management does not influence the consulting services provided by the internal audit activity

Question 206

An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

Options:

A.

If it is an assurance engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

B.

If it is a consulting engagement decline the assignment and ask to be reassigned, because in a consulting engagement the auditor must not assess operations for areas in which they were previously responsible

C.

If it is a consulting engagement accept the assignment because direct knowledge of the existing accounts payable processes will provide depth and add more value

D.

If it is an assurance engagement accept the assignment becausethe chief audit executive had knowledge of the internal auditor's previous role when this engagement was assigned

Question 207

The management team of an agricultural organization has prioritized corporate social responsibility (CSR) initiatives. Which of the following would be considered a CSR activity?

Options:

A.

Offering a one-off donation to an environmental charity for its expansion efforts

B.

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

C.

Providing special year-end monetary bonuses to the organization's employees at all levels

D.

Arranging a free-of-charge picnic for all of the organization's employees and their family members

Question 208

According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

Options:

A.

Report external assessments upon completion of such assessments

B.

Report external assessments at least annually

C.

Report ongoing monitoring quarterly

D.

Report post-engagement reviews at least once every five years

Question 209

Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

Options:

A.

Significant changes in the organization's accounting policies or procedures would warrant timely analysis and feedback.

B.

More frequent external assessments can serve as an equivalent substitute for internal assessments.

C.

The parent organization's internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

D.

A change in senior management or internal audit leadership may change expectations and commitment to conformance.

Question 210

Which of the following represents an example of an ethical issue that the organization should address'?

Options:

A.

An employee discovered that there is no personal protective equipment at a temporary construction site

B.

An employee saw that a group of other employees were smoking in close proximity to petrol distribution tanks

C.

A supervisor insists that an employee complete time sheets regularly

D.

An employee received concert tickets from a vendor and asked whether she could keep them

Question 211

Which of the following is a legitimate requirement for an internal audit activity’s quality assurance and improvement program (QAIP)?

Options:

A.

Quality assessments should be performed by individuals with sufficient knowledge of the internal audit practices

B.

External quality assessments should be conducted every seven years

C.

All quality assessments should be either conducted or validated by an independent assessment team

D.

The results of the QAIP should be communicated to shareholders annually

Question 212

Senior management relies on the professional judgment of an internal auditor and uses outcomes of her audit work to make business decisions Which of the following personal qualities displayed by the internal auditor is most likely the foundation for this relationship?

Options:

A.

Integrity

B.

Negotiation skills.

C.

Business acumen

D.

Flexibility

Question 213

According to ISO 31000, which of the following statements is correct?

Options:

A.

The board is responsible for setting the organizational attitude through tone at the top,

B.

The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities,

C.

The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.

D.

The framework is designed to be effective for organizations no matter how small.

Question 214

According to IIA guidance, which of the following is required of an internal audit activity?

Options:

A.

The internal audit activity should refrain from conducting an assurance engagement for which it lacks the necessary competencies or skills

B.

The chief audit executive must decline a consulting engagement or obtain competent advice and assistance if internal auditors lack the necessary competencies or skills

C.

The audit committee should ensure that the internal audit activity continuously improves its knowledge and skills in order to fulfill its responsibilities

D.

In today's business climate which is dominated by technology and big data, it is imperative that each staff internal auditor has detailed knowledge about IT risks and technology-based audit techniques

Question 215

Which of the following is a typical characteristic of an organization's risk management framework?

Options:

A.

Risk tolerance may or may not align with risk appetite depending on whether the assessment is quantitative or qualitative

B.

Risk is assessed on both an inherent and a residual basis

C.

The framework addresses four organizational objective categories strategic, historical, operational, and investment

D.

External risks and internal opportunities are omitted from the risk assessment scope

Question 216

Which of the following is an example of a risk avoidance strategy?

Options:

A.

Outsourcing the payroll function

B.

Installing cameras in the mailroom

C.

Exiting a product line

D.

Insuring all fixed assets

Question 217

With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity'?

Options:

A.

Assess compliance with the organization's code of conduct

B.

Oversee the governance and risk management processes

C.

Initiate new organizational control processes

D.

Provide advice on organizational governance activities

Question 218

Which of the following fraud schemes is often an off-book fraud*?

Options:

A.

Payroll fraud

B.

Disbursement fraud

C.

Corruption

D.

Information misrepresentation

Question 219

According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

Options:

A.

The CAE seeks senior management approval of the internal audit charter

B.

The CAE obtains senior management's approval to hire staff

C.

The CAE reports significant issues to the organization's CEO

D.

The CAE provides the board with an annual budget for approval

Question 220

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

Options:

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation