Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

Which of the following best describes the risk contained in an initial public offering for a new stock?

A.

Residual risk.

B.

Net risk.

C.

Inherent risk.

D.

Underlying risk.

Full Access
Question # 5

According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

A.

CAE reviews and approves the annual audit plan,

B.

CAE meets privately with the CEO at least annually.

C.

CAE meets privately with the board at least annually,

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Full Access
Question # 6

Which of the following scenarios would most significantly restrict the areas where internal audit could perform assurance services?

A.

Regulators mandate specific audit engagements to be included in the audit plan.

B.

The internal audit activity reports functionally to the chief financial officer

C.

The internal audit activity reports administratively to the CEO and functionally to the audit committee.

D.

The internal audit activity reports administratively to the chief financial officer.

Full Access
Question # 7

Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

A.

Net.

B.

Controllable.

C.

inherent,

D.

Residual.

Full Access
Question # 8

Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?

A.

Regulatory approval from an accrediting agency.

B.

Self-assessments against a competency framework.

C.

Approval and signoff from the board of directors.

D.

A review by external auditors on an annual basis

Full Access
Question # 9

The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member’s suggestion is adopted?

A.

Due professional care.

B.

Internal audit objectivity.

C.

Risk management assurance.

D.

Professional development.

Full Access
Question # 10

When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?

1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.

2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management

reporting and the negative consequences of intentional misreporting.

3. Setting up a hotline for employees to report fraudulent behavior anonymously,

4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.

A.

1 and 2 only.

B.

2 and 3 only.

C.

2 and 4 only.

D.

3 and 4 only

Full Access
Question # 11

Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

A.

Immediately notify management of the area under review and the other internal auditors involved in the engagement.

B.

Discuss the situation with the engagement supervisor to determine whether fraud investigation experts are required to investigate the matter properly.

C.

Fully document in the workpapers the evidence that has been discovered and recommend appropriate controls to address the fraud.

D.

Provide the evidence that was discovered to local law enforcement for possible prosecution of the suspected fraud.

Full Access
Question # 12

Which of the following would be considered a monitoring activity in organization wide risk management?

A.

Validate the results of management's self-assessment.

B.

Perform reviews of personnel.

C.

Maintain rigorous and comprehensive documentation.

D.

Obtain authorizations and signatures.

Full Access
Question # 13

Which of the following best demonstrates that the internal audit activity is using due professional care?

A.

The internal audit activity reports directly to the board on the engagements it performs.

B.

Internal auditors undertake the necessary training to complete their audit work.

C.

The completion of engagements is based on the assumption that fraudulent activities may exist.

D.

Internal auditors consider the use of technology-based audit and other data analysts techniques

Full Access
Question # 14

Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

A.

Workshops.

B.

Surveys.

C.

Interviews.

D.

Observation.

Full Access
Question # 15

Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?

A description of their job responsibilities,

A.

A non-disclosure agreement.

B.

An annual declaration of commitment to

C.

The IIA s Code of Ethics.

D.

The internal audit charter.

Full Access
Question # 16

Which of the following is an example of a detective control?

A.

Automatic shut-off valve.

B.

Auto-correct software functionality.

C.

Confirmation with suppliers and vendors.

D.

Safety instructions.

Full Access
Question # 17

The internal audit activity completed its analysis of sample transactions to determine occurrences of double billings According to If A guidance, which of the following best demonstrates that internal auditors exercised due professional care during the review?

A.

Internal auditors found no instances of double billing and concluded there were no significant risks in this area.

B.

Internal auditors documented the scope and methodology of the data testing.

C.

Internal auditors discussed with management how data is safeguarded.

D.

Internal auditors received formal performance feedback from the engagement supervisor.

Full Access
Question # 18

The chief audit executive (CAE) of a new internal audit activity is creating an internal audit charter According to IIA guidance, which of the following terms is most likely to

be included in the charter?

A.

Senior management will be present whenever the CAE interacts with the board, to ensure effective communication among all three parties.

B.

Internal auditors will advise on the design of control policies and procedures in any area where the organization does not possess the requisite expertise,

C.

Internal auditors will demonstrate competence, concern, and the dedication expected of a professional,

D.

Internal auditors will receive performance-based compensation, including bonuses for reporting more than a stipulated number of observations.

Full Access
Question # 19

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

A.

ISO 26000.

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework

Full Access
Question # 20

Which of the following statements best describes the difference between risk appetite and risk tolerance?

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Full Access
Question # 21

According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

A.

The organizational culture rewards critical and objective thinking.

B.

The quality of work performed by the internal audit activity is periodically reviewed,

C.

The organization establishes effective governing body oversight,

D.

Audit assignments are rotated among internal audit staff

Full Access
Question # 22

Which of the following types of policies best helps promote objectivity in the interna! audit activity's work?

A.

Policies that are distributed to all members of the internal audit activity and require a signed acknowledgment,

B.

Policies that match internal auditors' performance with feedback from management of the area under review.

C.

Policies that keep internal auditors in areas where they have vast audit expertise.

D.

Policies that provide examples of inappropriate business relationships.

Full Access
Question # 23

During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

A.

Internal audit management.

B.

Conflict negotiation.

C.

Critical thinking.

D.

Persuasion and collaboration.

Full Access
Question # 24

According to IIA guidance, which of the following statements regarding the internal audit charter is true?

A.

The nature of consulting services typically is not included in the charter.

B.

The chief audit executive must formally review the charter at least once a year

C.

The nature of assurances provided to parties outside of the organization typically is not included in the charter.

D.

The charter typically defines the internal audit activity's position within the organization.

Full Access
Question # 25

An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?

A.

Report the impairment to senior management

B.

Discuss the impairment with the audit manager

C.

Ascertain the best approach to disclose the impairment.

D.

Decide on the extent of impact of the impairment

Full Access
Question # 26

A series of incidents over the past year reveals several members of senior management possess a limited understanding of the concept and impact of fraud. Which of the following would be the most effective way to approach this issue?

A.

The board should ask the internal audit activity to perform additional assurance engagements.

B.

A comprehensive fraud risk assessment and management program should be carried out.

C.

The organization should conduct training sessions on fraud, which should be attended by senior management and staff.

D.

Anti-fraud and whistleblowing policies should be implemented and their importance should be clearly stated.

Full Access
Question # 27

Which of the following statements is true with regard to services provided by the internal audit activity?

A.

For consulting engagements, internal auditors do not need to be alert to control issues.

B.

Assurance and consulting services have similar objectives.

C.

Internal auditors may not perform assurance and consulting roles at the same time.

D.

Both assurance and consulting engagements require a final engagement report

Full Access
Question # 28

Which of the following is a true statement regarding whistleblowing?

A.

Whistleblowing is one of several possible ethical structures an organization can undertake to encourage ethical behavior.

B.

Whistleblowing programs help employees deal with ethical questions and instill ethical values into everyday behavior

C.

Whistleblowers are current or former employees who are disgruntled and looking to retaliate.

D.

Whistleblowers should inform the organization about actual criminal circumstances, not assumed allegations

Full Access
Question # 29

Which of the following is most likely to be considered a control weakness?

A.

Vendor invoice payment requests are accompanied by a purchase order and receiving report.

B.

Purchase orders are typed by the purchasing department using prenumbered forms.

C.

Buyers promptly update the official vendor listing as new supplier sources become known.

D.

Department managers initiate purchase requests that must be approved by the plant superintendent.

Full Access
Question # 30

An internal auditor is performing testing to gather evidence regarding an organization’s inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. The auditor's concern best describes which of the following risks?

A.

incorrect rejection risk

B.

Incorrect acceptance risk.

C.

Tolerable misstatement risk.

D.

Anticipated misstatement risk

Full Access
Question # 31

Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

A.

Knowledge/skills gap,

B.

Monitoring gap.

C.

Accountability/reward failure,

D.

Communication failure.

Full Access
Question # 32

An internal audit activity maintains a quality assurance and improvement program that includes annual self-assessments. The internal audit activity includes in each engagement report a clause that the engagement is conducted in conformance with the International! Standards for the Professional Practice of Internal Auditing (Standards). Which of the following justifies inclusion of this clause in the reports?

A.

Internal audit activity policies and engagement records provide relevant, sufficient, and competent evidence that the statement is correct.

B.

The audit committee has reviewed the annual self-assessment results and approved the use of the clause.

C.

The self-assessment results were validated by a qualified external review team three years prior.

D.

The internal audit charter, approved by the audit committee, requires conformance with the Standards

Full Access
Question # 33

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Full Access
Question # 34

Which of the following should a general internal auditor be able to characterize as an IT-related risk?

A.

Computer servers are in a room that is accessible to all employees,

B.

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.

Hours billed by IT developers exceed 24 hours daily.

D.

Audit logs are lacking in a system that processes personal data.

Full Access
Question # 35

In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

A.

The effectiveness of process-level and transaction-level controls.

B.

Conflicts of interest within the organizational structure of the senior management.

C.

The alignment of management decisions with the level of risk the organization is willing to accept.

D.

The actions of upper management in response to the internal audit activity's reporting

Full Access
Question # 36

Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

A.

Determining whether management measures and monitors the costs and benefits of controls.

B.

Providing training on controls and ongoing self-monitoring processes.

C.

Developing flowcharts to obtain information about control design adequacy.

D.

Identifying objectives and the risks involved in achieving them.

Full Access
Question # 37

Which of the following is an appropriate roe fa the internal audit activity?

A.

Ensuring the organization's key risks are managed through appropriate controls.

B.

Assisting the organization in maintaining effective controls.

C.

implementing new controls to promote continuous improvement

D.

Validating control assessments performed by the external auditor.

Full Access
Question # 38

At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?

A.

When the internal auditor conducts observations and fieldwork.

B.

When management completes the risk assessment.

C.

When the internal auditor evaluation shows its soundness.

D.

When the organization's goals and objectives are met.

Full Access
Question # 39

An internal auditor is finalizing an audit report on the effectiveness of the organization's overall system of internal control. Several audit tests were performed, and the only issue identified was that the CEO frequently asks employees to make exceptions or bypass the organization's standard written policies and procedures. Which of the following conclusions is most appropriate for the auditor to report?

A.

The auditor should indicate that the system of internal control is not effective.

B.

The auditor should indicate that the system of internal control is generally effective, except for the minor issue identified.

C.

The auditor should indicate that the system of internal control is effective.

D.

The auditor cannot express a conclusive opinion in the audit report.

Full Access
Question # 40

Which of the following demonstrates that the internal audit activity exercises due professional care?

A.

Supervisors provide feedback to internal auditors after workpapers are reviewed

B.

A self-assessment is conducted through the quality assurance and improvement program every five years

C.

Internal auditors are required to give absolute assurance of regulatory compliance

D.

The chief audit executive reports functionally to the board

Full Access
Question # 41

Which of the following statements is true regarding intangible assets?

A.

The amortization period of an intangible asset cannot exceed 20 years.

B.

The cost intangible assets with indefinite lives should be amortized.

C.

Intangible assets are categorized as having either a limited life or an indefinite life.

D.

Companies should record intangible assets at fair market value

Full Access
Question # 42

Which type(s) of assessments in an internal audit activity’s quality assurance and improvement program requires ongoing monitoring to evaluate internal audit activity's efficiency and effectiveness?

A.

Neither internal nor external assessment

B.

internal assessment

C.

Both internal and external assessment

D.

External assessment

Full Access
Question # 43

An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed. Which of the described findings requires more consideration from a fraud risk perspective?

A.

The job responsibilities of the warehouse employee compromise segregation of duties

B.

Spare parts are written off before their actual usage and installation

C.

Warehouse management is conducted on paper and requires further investigation

D.

The inventory counts take place on specific days of the week for no apparent reason

Full Access
Question # 44

According to IIA guidance, which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?

A.

Internal assessments rely solely on the review of completed audit engagements for demonstrated performance

B.

The chief audit executive is responsible for assessing the suitability and competence of an external assessor.

C.

QAIP results must first be discussed with the board and approval obtained for distribution to senior management

D.

At the board's discretion, the frequency of external assessments can exceed the five-year guideline

Full Access
Question # 45

According to MA guidance, which of the following is true with regard to the internal audit charter?

1. It specifies the minimum resources needed for assurance engagements.

2. It requires final approval from senior management.

3. It defines the internal audit activity's authority and responsibilities.

4. It describes the expectations for communicating the results of a quality assurance and Improvement program.

A.

1 and 4 only.

B.

3 and 4 only.

C.

1.2. and 4.

D.

2. 3. and 4.

Full Access
Question # 46

Which of the following actions best demonstrates an internal auditor exercising due professional care?

A.

Testing an entire population, even when a sample would suffice

B.

Using technology and data analysis techniques for efficiency

C.

Enhancing knowledge, skills, and other competencies through professional development

D.

Establishing audit objectives, performing audit tests, and implementing missing controls

Full Access
Question # 47

Which of the following is true regarding the stakeholder theory of corporate social responsibility?

A.

An organization has a fiduciary duty to put shareholders' needs first

B.

Customers' needs are the primary responsibility of the organization

C.

Competitors are considered stakeholders of the organization

D.

Employees are the organization's best assets and primary responsibility

Full Access
Question # 48

Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

A.

A requirement that internal auditors undergo objectivity training periodically

B.

Periodic communications reminding internal auditors of Standards requirements

C.

A review of the final audit report by the audit committee

D.

Ongoing monitoring and periodic internal quality assessments

Full Access
Question # 49

An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?

A.

Risks and relevant mitigating controls.

B.

Business processes and relevant fraud risks.

C.

Fraud scenarios and relevant risks.

D.

Opportunity, rationalization, and pressure to commit fraud.

Full Access
Question # 50

Which of the following options describes the reason that conformance with The IIA's Code of Ethics is mandatory for internal auditors?

A.

Ethical compliance provides the basis for stakeholder confidence in the competence of the internal audit activity and of professional internal auditors.

B.

Ethical compliance is necessary for internal auditors and the internal audit activity to accept responsibility for providing g absolute assurance about the organization's risk management.

C.

Ethical compliance provides the basis for stakeholder trust and confidence in the validity of the profession of internal auditing and the internal audit activity's findings.

D.

The internal audit activity's ethical compliance sets the tone for the ethical compliance by the organization's board, management, and employees.

Full Access
Question # 51

Which of the following best describes a purpose for the internal audit charter?

A.

The internal audit charter authorizes the internal audit activity's reporting structure and clearly defines the roles of each internal auditor.

B.

The internal audit charter defines the roles and responsibilities of the chief audit executive, board of directors, and senior management.

C.

The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of audit engagements.

D.

The internal audit charter defines the criteria by which the internal audit activity's performance will be evaluated

Full Access
Question # 52

Which of the following statements is true regarding control activities?

A.

Control activities are carried out by first-line and second-line functions to mitigate risks.

B.

Control activities are implemented by internal auditors to mitigate risks to an acceptable level.

C.

Control activities provide the foundation for the organization to establish its risk appetite.

D.

Control activities are a precondition to setting risk tolerance levels.

Full Access
Question # 53

Management of an area under review is aggressive, upset, and questioning the knowledge and experience of the organization's internal auditors, as the audit results highlight critical findings. The relationship between the internal audit activity and management has continued to degenerate. as previous audit reports also showed a large number of issues. What would be the best strategy for working through the current audit results while also attempting to repair the relationship with management?

A.

Take an accommodating approach and change the overall rating of the audit report.

B.

Take a compromising approach by modifying the tone of the report, while maintaining the critical findings.

C.

Take an assertive approach and be persistent in attempting to convince the director.

D.

Take an assisting approach and offer to assist with the implementation of action plans.

Full Access
Question # 54

Which of the following scenarios best illustrates the Fraud Triangle component known as "perceived opportunity"?

A.

Substantial bonuses are awarded if financial targets are met.

B.

Duties are not properly segregated.

C.

Employees may perceive favoritism and feel overlooked and resentful.

D.

Bonuses may not be paid this year.

Full Access
Question # 55

Which of the following would most likely be classified as a consulting engagement?

A.

Examining the internal control effectiveness of the marketing department

B.

Assessing the adequacy of the IT system's business process design

C.

Facilitating a self assessment of the organizations business risk and control identification

D.

Reviewing the application controls in the human resources system

Full Access
Question # 56

A chief audit executive (CAE) was asked by senior management to establish and manage a risk management function. A new chief risk officer was hired a year later to assume these responsibilities. As this function was included in the current annual audit plan, the CAE engaged an external resource for a risk management engagement. Which of the following potential threats to objectivity was the CAE likely addressing?

A.

Self-review threat.

B.

Advocacy threat.

C.

Familiarity threat.

D.

Personal relationship threat.

Full Access
Question # 57

The internal audit activity was asked to conduct an investigation for potential fraud in the treasury department and subsequently contracted with a forensic accountant to join the team for the engagement. Which of the following parties has the primary responsibility for resolving any fraud incidents found as a result of this investigation?

A.

Chief audit executive.

B.

Senior management.

C.

The forensic accountant.

D.

The legal department.

Full Access
Question # 58

In which of the following situations would the organizational independence of an internal audit activity be impaired?

A.

The chief audit executive reports administratively to the CEO.

B.

Scope limitations are imposed on internal audits.

C.

The internal audit activity provides assurance services for an activity for which the engagement supervisor had responsibility within the previous year.

D.

The compensation committee of the board approves the remuneration of the chief audit executive.

Full Access
Question # 59

As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

A.

The organization's board of directors.

B.

The chief audit executive.

C.

The business unit manager and the engagement supervisor.

D.

The compliance manager and the business unit manager.

Full Access
Question # 60

The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked. What type of activity is this?

A.

Financial assurance engagement.

B.

Operational consulting engagement.

C.

Compliance assurance engagement.

D.

Risk management consulting engagement.

Full Access
Question # 61

While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

A.

Include the engineering department on the audit plan, use the available internal audit resources to conduct the review, and exclude procedures that cannot be adequately assessed.

B.

Advise management to accept the assessed risk until the internal auditors are able to review the area adequately.

C.

Recruit internal auditors with the required competencies and wait until they are employed before including this audit on the internal audit plan.

D.

Proceed with a review of the engineering department but supplement the internal audit team with nonauditors from an external engineering company who have the required skills to assist

Full Access
Question # 62

In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

A.

Fraud prevention.

B.

Fraud detection.

C.

Corporate culture.

D.

Forensic analysis techniques.

Full Access
Question # 63

Which of the following is a key determinant used by external auditors to decide whether they can rely on work performed by the internal audit activity?

A.

The auditors' independence.

B.

The auditors' objectivity.

C.

The auditors' integrity.

D.

The auditors' confidentiality.

Full Access
Question # 64

Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

A.

Delivering fraud awareness training to employees in the department.

B.

Segregating duties between employees in the department.

C.

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

Full Access
Question # 65

The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?

A.

Ask internal auditors to gather all relevant information evidence

B.

Identify and interview witnesses first potential suspects later.

C.

Conduct a fraud risk assessment to the most vulnerable areas.

D.

Determine me competencies needed and assess whatever team members have a conflict of interest.

Full Access
Question # 66

It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?

A.

The cost-benefit relationship of planned audits.

B.

Proficiency needed to carry out engagements.

C.

Achievement of the objectives of internal control.

D.

Quantity of the audits performed.

Full Access
Question # 67

According to MA guidance, which of the following statements is true regarding an effective governance process?

A.

It stipulates that risk needs to be considered when making strategic decisions.

B.

It encourages strict segregation of the risk management and internal control processes.

C.

It relies on effective risk management when establishing the organization's risk appetite.

D.

It relies on the board to devise ways to communicate the effectiveness of internal controls.

Full Access
Question # 68

An organization allows the same individuals to physical access inventory and purchase new assets when supplies are depleted. Which of the following would best help the organization manage the risk of fraud?

A.

Accounting personnel should regularly perform reconciliation between invoices and purchase orders

B.

Accounting personnel should conduct a periodic inventory count and reconcile inventory movements

C.

internal auditors should review Vie frequency and volume of purchased assets to detect trends in the inventory levels

D.

Management should established a policy requiring new inventory asset purchases to be made on serialized order forms with copies retained

Full Access
Question # 69

Which of the following is an example of the chief audit executive (CAE) demonstrating due professional care?

A.

The CAE relies on CAEs in other organizations to understand how due professional care should be executed in her internal audit activity

B.

The CAE meets with the board of directors on a quarterly basis to provide a status update.

C.

The CAE assesses the audit staff's knowledge and skills annually to determine whether additional resources are needed to fulfill the internal audit plan.

D.

The CAE provides absolute assurance to line management during each eternal audit engagement

Full Access
Question # 70

Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report

- Qualifications and independence of me external assessment team

- Conclusions of assessors

- Corrective action plans

How should the CAE improve the aforementioned approach to reporting the resets of QAIP?

A.

Senior management should be excluded from the reporting as the QAiP results must be communicated to re board only

B.

The report can be streamlined by removing unnecessary information such as the qualifications and me independence of external assessors

C.

The results must be snared with the external a auditors as well, so they can determine the extent to which they can rely on me work of the internal audit activity

D.

The report should indicate that the external assessment must be performed at least once every five years

Full Access
Question # 71

Which of the following statements is true regarding reporting results of the quality assurance and improvement program to senior management and the board?

A.

Internal assessments must be reported to the board at least every five years

B.

If supported by assessment results, reporting provides assurance that internal auditors demonstrate conformance with the Code of Ethics

C.

Following the reporting the board must give the internal audit activity five years to correct any deviations

D.

A report, including the results of both internal and external assessments must be provided to the board annually

Full Access
Question # 72

During a monthly internal audit staff meeting, the chief audit executive (CAE) decided to reinforce the importance of internal audit staff being objective in their work. Which of the following examples would be most appropriate for the CAE to include as part of the meeting presentation?

A.

Statistical sampling techniques should always be used to pull unbiased sampling for testing.

B.

Fieldwork completed by internal auditors should be appropriately reviewed.

C.

Internal auditors should avoid using the lunch room simultaneously with audit clients.

D.

During the audit review period, there should be no nonaudit dialogues with the audit client.

Full Access
Question # 73

According to IIA guidance, which of the following best demonstrates due professional care?

A.

Staffing audit engagements with internal auditors who possess professional designations.

B.

Relying on prior audit work to save planning time and costs.

C.

Performing assurance procedures to guarantee all significant risks are identified.

D.

Assessing the cost of assurance in relation to the potential benefits.

Full Access
Question # 74

The organization s procurement manager asks the internal auditor to deliver training to the procurement team on the organization’s third-party risk management process. Which of the following is the most appropriate response?

A.

The internal auditor should reject the request it she previously worked in the procurement area to maintain objectivity

B.

The internal auditor should reject the request if the internal audit team does not have the requisite expertise.

C.

The internal auditor should accept the request and in fact she may assume some management responsibilities temporarily if the result is a relevant training benefit

D.

The internal auditor may accept the request only if she defines the scope to ensure conformance with the Code of Ethics

Full Access
Question # 75

A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

A.

The organization's training policy.

B.

A list of auditors who requested to attend the next audit conference.

C.

Self-assessments against an internally developed audit benchmark

D.

In house training manual

Full Access
Question # 76

With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?

A.

Obtaining assurance on external financial, regulatory, and internal audits.

B.

Complying with laws, regulations, and codes.

C.

Assigning authority and responsibilities organization wide.

D.

Monitoring and measuring performance.

Full Access
Question # 77

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

A.

Recommend a control change and obtain management support.

B.

Evaluate the potential Impact on related controls.

C.

Address the risk with senior management and the board.

D.

Develop and communicate the scope and evaluation criteria to be used by management.

Full Access
Question # 78

Which of the following is the internal audit activity expected to do with respect to the organization's governance processes?

A.

Formally audit all governance activities.

B.

Provide strategic guidance on the organizational processes to senior management.

C.

Achieve agreement with the board regarding the range of activities, depth of review, and time period to include in the assessment.

D.

Audit against the governance structures and practices widely used in the industry.

Full Access
Question # 79

An internal auditor is assessing the effectiveness of the organization's risk management practices She checks to see whether risk management is an intégrai part of decision making and whether risk management is transparent, responsive to change and addresses uncertainty. According to HA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

A.

Maturity model approach

B.

Process element approach

C.

Key principles approach

D.

Key performance indicators approach.

Full Access
Question # 80

Which of the following describes a responsibility of operating management in an organization's corporate social responsibility (CSR) efforts?

A.

Responsible for implementing CSR principles and overseeing of CSR performance.

B.

Responsible for performing periodic internal self-verifications of reported CSR results.

C.

Responsible for performing analysis and comparison of CSR reports and performance.

D.

Responsible for ongoing CSR reporting and accomplishing of performance targets.

Full Access
Question # 81

An internal auditor creates a professional development plan to obtain more experience in the organization's environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

A.

A plan to study for and obtain a certification in nonprofit management.

B.

A deadline within the individual development plan to meet the overall engagement objectives.

C.

A plan to perform a variety of engagements to develop general skills that could be used to assess environmental, social, and governance initiatives.

D.

A request to attend the organization's committee meeting that is focused on strategic community awareness.

Full Access
Question # 82

Which of the following requests, if accepted by the internal audit activity, would impair its independence?

A.

A request to develop workshops on corporate governance for management.

B.

A request to act as liaison with external auditors.

C.

A request to determine appropriate risk management responses for management.

D.

A request to provide counseling services on ethical matters.

Full Access
Question # 83

When the chief audit executive Is responsible for risk management in an organization, which of the following parties is responsible for overseeing the internal audit activity's assurance over risk management?

A.

The chief audit executive.

B.

A member of the compliance function.

C.

A party outside of the internal audit activity.

D.

A member of the risk management function.

Full Access
Question # 84

Nearing the completion of fieldwork, an internal auditor shared the draft report findings with management prior to the closing meeting. During the closing meeting, management expressed dissatisfaction in that they were not familiar with some of the findings. Management also noted that some aspects of the report seemed confusing. Which of the following competencies appears to have been lacking in this scenario?

A.

Communication.

B.

Business acumen.

C.

Persuasion.

D.

Critical thinking.

Full Access
Question # 85

According to IIA guidance, the internal audit activity must be free from interference in which of the following areas in order to maintain organizational independence?

A.

Monitoring resources.

B.

Compensating the chief audit executive.

C.

Determining scope.

D.

Allocating internal costs.

Full Access
Question # 86

Which of the following is ultimately responsible for the continuing professional development of internal audit activity staff?

A.

Individual internal auditors.

B.

Chief audit executive.

C.

Board of directors.

D.

CEO.

Full Access
Question # 87

According to The IIA’s Code of Ethics, which of the following best describes the principle of integrity?

A.

Auditors shall observe the law and make disclosures expected by the law and the profession

B.

Auditors shall disclose all material facts known to them that if not disclosed may distort the reporting of activities under review

C.

Auditors shall engage only in those services for which they have the necessary knowledge skills and experience

D.

Auditors shall be prudent in the use and protection of information acquired in the course of their duties

Full Access
Question # 88

According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

A.

Coaching management in responding to risks.

B.

Implementing risk responses on management's behalf.

C.

Imposing risk management processes.

D.

Setting the risk appetite.

Full Access
Question # 89

An internal auditor believes that a weakness exists in the control environment relating to the delegation of authority and responsibility within the management structure. Which of the following actions should the internal auditor first consider in this matter?

A.

Recommend a control change and obtain management support

B.

Evaluate the potential impact on related controls

C.

Address the risk with senior management and the board

D.

Develop and communicate the scope and evaluation criteria to be used by management

Full Access
Question # 90

Internal audit is performing an engagement to determine whether there were indications of questionable bidding on a city s infrastructure project. As part of the engagement the internal audit activity became aware that certain firms tend to receive the contracts for large city projects. How should the internal audit activity proceed with the engagement and identify questionable bidding practices?

A.

Obtain the city s vendor listing to determine whether there was an adequate number of firms available to solicit bids for protects

B.

Obtain at of the city s financial records to identify any firms that received payments for contracted goods and services.

C.

Obtain the city's contracting files to determine whether the city demonstrated efforts to solicit bids from various interested firms.

D.

Obtain the city’s official public meeting minutes to determine whether there were concerns about the contracting practices

Full Access
Question # 91

Which of the following should play a leading role in overseeing ihe ethical atmosphere of an organization?

A.

Internal audit activity.

B.

Operating management.

C.

Senior management.

D.

Board of directors.

Full Access
Question # 92

Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization’s risk management process against?

A.

Key principles approach

B.

Process elements approach

C.

Holistic approach

D.

Maturity model approach

Full Access
Question # 93

Which of the following statements is true regarding the importance of risk management?

A.

Risk management ensures the ability to eliminate potential hazards to the organization.

B.

Risk management includes consideration of potential opportunities for the organization.

C.

Risk management aids with the establishment of appropriate key performance indicators.

D.

Risk management increases employees' commitment and belief in strategic goals.

Full Access
Question # 94

An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

A.

Encourage the auditor to continue this practice, as it demonstrates objectivity.

B.

Encourage the auditor to improve communication skills.

C.

Encourage the auditor to conduct post-engagement surveys to obtain the audit client's position on the issues raised.

D.

Encourage the auditor to sign the draft reports before submitting them.

Full Access
Question # 95

Which of the following must be considered by the chief audit executive before writing the internal audit charter?

A.

Internal auditors' level of competencies and skills.

B.

The manner in which the internal audit activity is viewed by the board.

C.

Evaluation of staff certifications and continued development.

D.

Effectiveness of the quality assurance and improvement program.

Full Access
Question # 96

Once an organization's risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

A.

Risk responses must be selected.

B.

Risks must be assessed.

C.

The risk universe must be established.

D.

Risk responses must be aligned.

Full Access
Question # 97

A new chief audit executive realized that the internal audit charter has not been updated in five years and only includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, and the Standards. What mandatory component is missing?

A.

Statement of Independence.

B.

Operating Procedures of Internal Auditing.

C.

Definition of Internal Auditing.

D.

Attestation of Quality Assurance.

Full Access
Question # 98

According to the Standards, in today's technology and business environments, how much computer and information systems-related knowledge and skills must an internal auditor have to be effective in fulfilling his job responsibilities?

A.

Auditors must have an IT specialty in at least one of their organization's key information technology systems.

B.

Auditors must be proficient in data analysis and computer assisted audit techniques for their organization.

C.

Auditors must understand their organization's integrated test facilities and generalized audit software.

D.

Auditors must understand their organization's IT governance, risk, and control processes.

Full Access
Question # 99

According to HA guidance, which of the following would best support the internal auditor's conclusion that the organization's risk management processes are effective?

A.

The organization has identified all applicable operational and financial risks.

B.

The organization has documented its strategic and business objectives.

C.

The organization has selected risk responses aligned with its risk appetite.

D.

The organization has documented risk information pertinent to its business.

Full Access
Question # 100

Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?

A.

The chief audit executive (CAE) shall report directly to the board and administratively to the CEO.

B.

The CAE shall provide senior management and the board with performance updates quarterly.

C.

The internal audit team shall have full access to the organization's records, physical property, and personnel required to conduct audit engagements.

D.

The internal audit activity shall maintain a quality assurance and improvement program in conformance with the Standards.

Full Access
Question # 101

Which of the following is an example of an application control?

A.

Employees in the data center must always wear identification badges

B.

Operating system updates must be installed within 48 hours.

C.

A two stage authentication process must be used to access customer information

D.

System backup and recovery testing must be done monthly

Full Access
Question # 102

Which of the following should be considered in developing a risk and control model for use in an engagement?

A.

The risk and control model should be globally accepted by the profession.

B.

The risk and control model should be strictly adhered to in performing the engagement.

C.

The risk and control model should be tailored to the organization that will be the subject of the engagement.

D.

The risk and control model should be developed individually by the auditor for use on individual audit projects within the planned engagement.

Full Access
Question # 103

Which of the following is (he most effective way any organization can ensure proper governance over its internal controls?

A.

By adopting the best practices of similar organizations in the industry.

B.

By adjusting their internal control framework as business practices evolve.

C.

By introducing the universally accepted COSO internal control framework.

D.

By encouraging the internal audit activity to provide training on internal controls.

Full Access
Question # 104

Due to unfavorable economic conditions management decided to postpone new investments for the next year. Which of the following best describes the risk management strategy used to address this situation?

A.

Risk mitigation

B.

Risk avoidance

C.

Risk reduction

D.

Risk transfer

Full Access
Question # 105

The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?

A.

A consulting engagement independent of the financial risk committee's review.

B.

A risk assessment.

C.

An assurance engagement.

D.

A joint consulting engagement with input from the financial risk committee.

Full Access
Question # 106

Which of the following internal control components has COSO identified as the most important?

A.

Information and communication

B.

Risk assessment

C.

Control activities

D.

Control environment

Full Access
Question # 107

An engagement supervisor noticed that a newly hired internal auditor struggles with large data samples because he appears reluctant to apply available spreadsheet statistical functions and tends to perform testing of transactions manually In which of the following areas does the internal auditor most likely need training?

A.

Critical thinking.

B.

International Professional Practices Framework

C.

Professional ethics

D.

Business acumen

Full Access
Question # 108

Due to the increased operational responsibility of the CEO the chief audit executive (CAE) of an organization currently reports to the chief financial officer (CFO) What is the likely impact of such a situation?

A.

There may be limitation in the scope of engagements that can be undertaken

B.

The CFO could provide expert advice when auditing areas under his purview

C.

The internal audit activity is adequately positioned when the CAE reports to a member of executive management

D.

The expertise of finance staff can be called upon during an audit of finance-related areas

Full Access
Question # 109

Which of the following best demonstrates the authority of the internal audit activity?

A.

Suggesting alternatives to decision makers.

B.

Improving the integrity of information.

C.

Determining the scope of internal audit services

D.

Achieving engagement objectives.

Full Access
Question # 110

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

A.

1. 2. and 3.

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3, and 4.

Full Access
Question # 111

During an assurance engagement internal auditors interview operational management to gather and evaluate information. Which approach is most important for internal auditors to be able to listen effectively to interviewees in the given situation?

A.

Make an audio recording of the interview

B.

Interrupt with questions during unclear statements

C.

Express interest by asking follow-up questions

D.

Avoid periods of silence

Full Access
Question # 112

During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

A.

Directive

B.

Preventive

C.

Detective

D.

Automatic

Full Access
Question # 113

Which of the following scenarios best illustrates due professional care?

A.

An internal auditor who previously worked in the payroll department within the last year was intentionally excluded by the chief audit executive from the audit team assigned to a payroll audit

B.

While performing a payroll audit an auditor became skeptical about significant payments made to a manager. The auditor sought to determine whether these payments were reasonable through discussion with a manager in a different department in the organization

C.

The head of the payroll department being audited is a business partner of the engagement supervisor During the audit the engagement supervisor sought to maintain his objectivity by not participating in fieldwork

D.

An auditor assigned to a payroll audit was unable to reperform some complex payroll computations for a small number of employees The sum of these payments was below the materiality thresholds provided so the auditor did not perform further tests

Full Access
Question # 114

An internal auditor performed a risk assessment and concluded that the controls over access privileges to a bank account were appropriate. Later, the auditor learned that a contractor was using a shared password provided by an authorized user of the account. Which of the following statements best describes the auditor's application of due professional care?

A.

Due professional care was exercised, despite the auditor’s failure to identify the significant risk.

B.

Due professional care was not exercised because the auditor failed to identify all the significant risks during the risk assessment.

C.

Due professional care was not exercised because the residual risk from the possibility of authorized users sharing their passwords was not considered.

D.

Due professional care was not exercised because the auditor failed to conduct interviews to obtain testimonial evidence of possible password sharing

Full Access
Question # 115

Which of the following statements would typically be included in the responsibility section of the internal audit charter?

A.

The internal audit activity will have free and unrestricted access to the chief executive officer, audit committee, and chairman of the board of directors.

B.

The internal audit activity shall develop a flexible audit plan, based on a risk assessment conducted at least annually and taking into consideration the risks or control concerns identified by management, and shall submit the plan to the board for approval.

C.

The chief audit executive shall obtain the necessary assistance of personnel in areas where audits are performed, as well as specialized services within or outside of the organization.

D.

The internal audit activity will not implement controls, develop procedures, install systems, prepare records, or engage in activities that may impair internal auditors’ judgments.

Full Access
Question # 116

According to IIA guidance, which of the following statements is true regarding ISO 31000?

A.

The key principles approach checks whether each element of the risk management process is in place.

B.

The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.

C.

The end point for improving an organization s approach to risk management should be a gap analysis that evaluates any changes.

D.

A combination of the three primary approaches to the framework generally yields the most information despite the complexity

Full Access
Question # 117

Recently an organization’s internal audit activity discovered ghost employees who receive payments Senior management decides to strengthen the internal control measures to address this Which of the following is considered an effective control to mitigate payments to ghost employees?

A.

Staff transfers are reviewed by the recruiting manager and approved by the head of human resources

B.

New staff requisition forms are authorized by operational management and acknowledged by the head of human resources

C.

Staff salary payments and accounting records are approved by the head of accounting and acknowledged by the head of human resources

D.

The staff salary payment list is reviewed by the head of payroll and endorsed by the head of human resources

Full Access
Question # 118

An internal auditor has suspicions that some fictitious vendors have been created in the organization's computer system. Which of the following would be the best technique to detect this fraud?

A.

Review for duplicate invoice numbers, duplicate dates, and duplicate amounts

B.

Run checks to find matches between vendor and employee addresses

C.

Check for recurring requests for refunds where invoices are paid twice

D.

Review for unexplained increases in inventory

Full Access
Question # 119

Which of the following is true for consulting engagements'?

A.

The internal audit activity must ensure management actions have been effectively implemented or risk accepted

B.

A work program for the engagement is not required but may be developed

C.

The nature of consulting services does not have to be in the internal audit charter

D.

Risks identified from the engagement must be considered when evaluating the organization's risk management processes

Full Access
Question # 120

What should be the first step for a newly hired chief audit executive to build and maintain the proficiency of the internal audit activity'?

A.

Incorporate the basic criteria of internal audit competency into job descriptions

B.

Complete a periodic skills assessment of the internal audit activity

C.

Develop a competency or skill assessment tool.

D.

Perform benchmarking with competitors to learn what other firms are doing related to this topic

Full Access
Question # 121

According to IIA guidance, which of the following best describes expense reimbursement fraud?

A.

Theft of cash after it is recorded in the books

B.

Theft of cash before it is recorded in the books

C.

Theft of assets through fictitious or inflated invoices

D.

Theft of assets through false mileage travel logs and meal charges

Full Access
Question # 122

Which of the following situations undermines the independence of the internal audit activity?

A.

The internal audit activity is responsible for the company's risk management function and its head manager reports to the chief audit executive

B.

A senior member of the internal audit activity once worked in the corporate finance department

C.

The organization's CEO reviews the internal audit activity's annual budget per the organization’s policies and procedures

D.

The internal audit activity often uses management's risk profile to build its own risk profile for annual planning

Full Access
Question # 123

Which of the following statements is true regarding control activities'?

A.

Control activities are defined by management through risk mitigation strategies

B.

Control activities should be defined for all business processes

C.

If two organizations have identical objectives and structures their control activities would be the same

D.

Organizations that are less regulated generally have more complex control activities than highly regulated organizations

Full Access
Question # 124

Which of the following would provide the best support for internal auditors to meet their continuing professional development requirements?

A.

Access to online internal audit and business skills courses.

B.

Records of self-assessment reports completed by the internal audit staff.

C.

Cosourcing arrangements with external providers on specific engagements.

D.

Performance reviews comparing internal auditors' achievements against specified goals.

Full Access
Question # 125

Which of the following actions taken during an audit engagement is the best demonstration of an internal auditor's due professional care?

A.

Ensure that all financial information related to the engagement is included in the audit plan and examined for irregularities.

B.

Document all audit tests completely.

C.

Consider the possibility of noncompliance or irregularities at all times during an engagement.

D.

Notify the audit committee of any noncompliance or irregularity discovered during an engagement

Full Access
Question # 126

A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?

A.

The requirement to provide an annual cost analysis that justifies having an internal audit activity

B.

The specific engagements that the internal audit activity will perform for the organization

C.

The board s oversight role and responsibilities pertaining to the internal audit activity

D.

The relevant regulations that will guide the internal audit activity's regulatory compliance assessments

Full Access
Question # 127

Which of the following is a primary responsibility of senior management with respect to ethical violations?

A.

Senior management provides oversight for the organization's ethical climate.

B.

Senior management promotes an ethical culture in the organization.

C.

Senior management assesses the effectiveness of the organization’s ethical programs.

D.

Senior management reviews major ethical policies in the organization for compliance

Full Access
Question # 128

A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.

Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

A.

An evaluation of the current performance and compensation program.

B.

The performance of background investigations on all existing employees.

C.

The availability of fraud training to all employees.

D.

The availability of an employee whistleblower hotline

Full Access
Question # 129

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Full Access
Question # 130

Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?

A.

Delivering assurance on the risk management system

B.

Facilitating risk assessment workshops

C.

Evaluating principal risk reporting

D.

Deciding on the appropriate risk response

Full Access
Question # 131

Outsourcing a business activity is considered which of the following risk management techniques?

A.

Sharing a risk.

B.

Avoiding a risk.

C.

Reducing a risk.

D.

Mitigating a risk

Full Access
Question # 132

Which of the following statements is most likely to be true regarding a consulting engagement involving an organization's new payroll system?

A.

The internal auditor and engagement client established an understanding that the scope would include the new payroll system project.

B.

The payroll system engagement was scheduled as a result of internal audit's risk-based annual planning process.

C.

The internal auditor concluded that the engagement objectives would include assessing the effectiveness of the payroll process controls.

D.

The internal auditor acknowledged the engagement client’s satisfactory performance in the final engagement results that were communicated to senior management and the board.

Full Access
Question # 133

Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review. Which of the following would be the most appropriate next step for the reviewer to take?

A.

Remove the areas of disagreement from the scope of the engagement and seek informal compromises with the CAE.

B.

Issue the report to senior management, noting the deficiencies for immediate resolution.

C.

Issue the report, noting the deficiencies with comments that address the areas of disagreement.

D.

Request arbitration from the audit committee to resolve discrepancies prior to issuing the final report

Full Access
Question # 134

Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

A.

Delegate final approval of the risk-based internal audit plan to the chief audit executive (CAE).

B.

Approve the annual budget and resource plan for the internal audit activity.

C.

Assist the CAE with hiring objective and competent internal audit staff.

D.

Encourage the CAE to communicate and coordinate with the external auditor.

Full Access
Question # 135

According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?

A.

Determining whether any opportunity exists for senior executives to misappropriate property or funds

B.

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

C.

Verifying whether the board of directors has implemented effective internal controls

D.

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

Full Access
Question # 136

The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

A.

The internal audit activity should add value by implementing the recommendations on management's behalf.

B.

The chief audit executive (CAE) must discuss this matter with senior management and the board

C.

The CAE should determine which recommendations to implement based on the severity of the associated risks.

D.

The internal audit activity, led by the CAE. should assume responsibility for risk management function.

Full Access
Question # 137

According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?

A.

The CAE must do this at least annually

B.

The CAE must do this at least once every five years

C.

The CAE must do this upon completion of each external quality assessment

D.

The CAE should do this periodically in conjunction with a review of the internal audit charter

Full Access
Question # 138

According to IIA guidance, which of the following statements is true regarding the internal audit activity’s responsibilities in providing consulting services?

A.

The chief audit executive is responsible for deciding the priority of consulting services in the internal audit plan

B.

The scope of consulting services is determined primarily by the internal auditor with input from management of the area under review

C.

The board defines the internal audit activity’s responsibilities over consulting activities

D.

Adding value to an organization requires the internal audit activity to initiate a consulting engagement

Full Access
Question # 139

Management is installing security cameras to identify unauthorized physical access to the organization's warehouse. This is an example of which of the following types of controls?

A.

Detective controls.

B.

Key controls.

C.

Primary controls.

D.

Preventive controls

Full Access
Question # 140

Guidelines need to be set for various levels of suspected fraud within an organization and when it would be reported to the audit committee. Which of the following would be

reported at the next meeting?

A.

Minor theft of less than $10,000, not involving senior management.

B.

Theft using collusion for more than $10,000. but not involving senior management.

C.

Denial of access to requested employees during an audit.

D.

Discussion of replacement of the chief audit executive.

Full Access
Question # 141

Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?

A.

The nature and scope of a consulting engagement are determined by the internal audit activity based on its risk assessment

B.

The nature and scope of an assurance engagement are subject to agreement with management of the area under review

C.

Both assurance services and consulting services can be focused on controls or performance or both

D.

The assurance engagement process ends with reporting

Full Access
Question # 142

After the final audit report was issued, the engagement supervisor received an expensive gift from management recognizing her assistance in improving the business, if the gift is accepted, which of the following would be true?

A.

The engagement supervisor violated The IIA's Code of Ethics principle of integrity.

B.

The engagement supervisor violated The IIA's Code of Ethics principle of objectivity.

C.

The engagement supervisor violated The IIA’s Code of Ethics principle of confidentiality.

D.

The engagement supervisor did not violate any principles of The IIA’s Code of Ethics.

Full Access
Question # 143

Which of the following is a legitimate requirement for an internal audit activity’s quality assurance and improvement program (QAIP)?

A.

Quality assessments should be performed by individuals with sufficient knowledge of the internal audit practices

B.

External quality assessments should be conducted every seven years

C.

All quality assessments should be either conducted or validated by an independent assessment team

D.

The results of the QAIP should be communicated to shareholders annually

Full Access
Question # 144

In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

A.

An assessment of compliance of individual data protection procedures with data protection regulations

B.

An assessment of profit and loss generated by financial assets and instruments in the past quarter

C.

An assessment of the effectiveness of back-up procedures and execution of business recovery plans

D.

An assessment of performance management practices and establishment of key performance indicators

Full Access
Question # 145

When dealing with various stakeholders which of the following is true regarding an internal auditor's responsibility to remain objective and independent?

A.

When deciding between conflicting reports of a control's performance from a control operator and the operator's manager the internal auditor should generally believe the manager

B.

Some audit issues may remain unremediated and unreported if management will accept recommendations that the internal auditor deems more important

C.

The internal auditor may initially disagree with management s acceptance of a risk, but reevaluate and agree with management’s judgment after further discussion

D.

When working on business unit audits it is sometimes sufficient for the internal auditor to report deficiencies only to the unit manager when remediation is not complex

Full Access
Question # 146

The management team of an agricultural organization has prioritized corporate social responsibility (CSR) initiatives. Which of the following would be considered a CSR activity?

A.

Offering a one-off donation to an environmental charity for its expansion efforts

B.

Organizing organization volunteers to provide periodic plantation skill sharing to farmers

C.

Providing special year-end monetary bonuses to the organization's employees at all levels

D.

Arranging a free-of-charge picnic for all of the organization's employees and their family members

Full Access
Question # 147

Which of the following best demonstrates conformance with IIA standards related to continuing professional development?

A.

Retaining evidence of training in the form of continuing education credits

B.

Seeking guidance regarding internal audit best practices from The IIA

C.

Retaining supervisory reviews conducted on the basis of the development plan

D.

Giving consideration to certain areas of specialization as part of development planning

Full Access
Question # 148

Which of the following statements is true regarding management's use of judgement to design, implement, and conduct internal control?

A.

The use of judgment enhances management's ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

B.

Introducing judgment generally diminishes management's ability to make good decisions about internal control.

C.

It is inappropriate for management to exercise judgement in areas such as specifying and using suitable accounting principles.

D.

It is inappropriate for management to exercise judgement in assessing whether components are present, functioning, and operating together

Full Access
Question # 149

Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

A.

Significant changes in the organization's accounting policies or procedures would warrant timely analysis and feedback.

B.

More frequent external assessments can serve as an equivalent substitute for internal assessments.

C.

The parent organization's internal audit activity agreed to perform biennial reciprocal external assessments to provide greater assurance at a reduced cost.

D.

A change in senior management or internal audit leadership may change expectations and commitment to conformance.

Full Access
Question # 150

An automobile manufacturer will become one of the first in the industry to adopt a new inventory management software. Despite the system being new to the market, senior management believes that the benefits are great enough to offset the potential risks. Which of the following aspects of risk management does senior management’s decision best illustrate?

A.

Residual risk.

B.

Inherent risk.

C.

Risk tolerance.

D.

Risk appetite.

Full Access
Question # 151

Which of the following preventative controls would be most effective for organizations facing business disruptions and respective financial losses?

A.

Develop a business continuity plan for contingent situations,

B.

Insure the organization against financial losses.

C.

Rely on third-party cloud solution providers for the organization's systems.

D.

Hedge company assets via purchasing derivatives.

Full Access
Question # 152

According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

A.

The CAE seeks senior management approval of the internal audit charter

B.

The CAE obtains senior management's approval to hire staff

C.

The CAE reports significant issues to the organization's CEO

D.

The CAE provides the board with an annual budget for approval

Full Access
Question # 153

Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

A.

Reviewing journal entries for accuracy and completeness.

B.

Comparing the policies and procedures to regulatory collections guidance.

C.

Advising management on streamlining the recording of accounts receivable.

D.

Performing a walk-through of the debt collections process to determine whether proper segregation of duties exists

Full Access
Question # 154

Which of the following statements is true regarding corporate social responsibility (CSR)?

A.

Many of the areas explored by CSR are normally included in an audit universe or annual audit plan

B.

Despite significant corporate resources spent on CSR reporting investors generally do not rely on CSR information

C.

Unlike many other areas of reporting responsibilities impacting stakeholders, CSR is largely voluntary

D.

Typically operating management does not have a major role to play based on the public nature of reporting

Full Access
Question # 155

According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

A.

Report external assessments upon completion of such assessments

B.

Report external assessments at least annually

C.

Report ongoing monitoring quarterly

D.

Report post-engagement reviews at least once every five years

Full Access
Question # 156

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Full Access
Question # 157

According to IIA guidance, which of the following best demonstrates how the chief audit executive may ensure that due professional care is applied?

A.

Establish policies and procedures concerning the engagement process

B.

Develop a strategy for recruiting assigning, and training staff

C.

Outsource complex engagements to an external service provider

D.

Base the auditor evaluation process on the number of observations

Full Access
Question # 158

During a complex financial compliance engagement, a senior internal auditor determines that current audit procedures are not sufficient for adequate testing She consults with a colleague and learns that a spreadsheet application contains a helpful tool She proceeds to use the tool to properly complete the evaluation Which of the following best describes the core competency displayed by the senior auditor?

A.

Business acumen

B.

Persuasion and collaboration

C.

Critical thinking

D.

Communication

Full Access
Question # 159

Which of the following statements is true regarding the independent peer review process undertaken to fulfill the requirement for an external quality assessment?

A.

Two individuals in the same internal audit activity may perform an independent peer review as long as they do not report to the same audit manager

B.

Individuals from a separate but related organization such as an affiliate may perform peer reviews

C.

Individuals working in separate internal audit activities may be considered independent as long as do not report to the same chief audit executive

D.

Peer reviews are generally less cost-effective than hiring an external quality assessor

Full Access
Question # 160

The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

A.

The internal audit charter does not identify which audit services are outsourced

B.

The internal audit charter has not been reviewed by the legal department

C.

The internal audit charter has not been approved by the board within the past year

D.

The internal audit charter does not describe the authority of the internal audit activity

Full Access
Question # 161

In which of the following scenarios is the internal auditor in conformance with The IIA's Code of Ethics and the Standards?

A.

The auditor testifies in front of a jury about an organization's fraudulent financial practices after receiving a subpoena

B.

Management has agreed to remedy a significant control deficiency, so the auditor excludes the deficiency from the engagement report

C.

The chief audit executive declines an assurance engagement in IT because the internal audit activity is not proficient in IT

D.

The auditor communicates an audit opinion on fraud risk during an audit engagement’s preliminary fraud risk assessment

Full Access
Question # 162

Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

A.

A corrective control

B.

A detective control

C.

A preventive control

D.

A directive control

Full Access
Question # 163

Which of the following is most likely to impair the organizational independence of the internal audit activity?

A.

The chief audit executive (CAE) reports administratively to the chief financial officer.

B.

The CAE oversees the effectiveness of the organization’s risk management function.

C.

The CAE reports functionally to the CEO.

D.

The CAE managed the finance department for the past five years.

Full Access
Question # 164

Which of the following disclosures must the chief audit executive (CAE) include when communicating the results of the quality assurance and improvement program to senior management and the board?

A.

Authority and responsibility of the internal audit activity

B.

Hours and sources of continuing professional education

C.

Scope and frequency of both the internal and external assessments

D.

independence and objectivity impairments of the CAE

Full Access
Question # 165

An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

A.

Cosourcing

B.

Inbound rotation

C.

Guest auditor

D.

Outbound rotation

Full Access
Question # 166

Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?

A.

Transaction testing, mapping and flowcharting is applicable while testing such controls

B.

Breakdowns in the these types of controls have historically led to fraudulent financial reporting

C.

Such controls can be defined as inherently ob)ective and tangible elements of control

D.

From an audit perspective it is significantly easier to assess ethical values than segregation of duties

Full Access
Question # 167

Which of the following actions is the internal audit activity best positioned within the organization to perform?

A.

Determine organizational risk tolerances

B.

Monitor the organization's risk mitigations

C.

Determine the likelihood and impact of risks

D.

Advise the board on risk management issues

Full Access
Question # 168

Which of the following statements is true regarding organizational culture and an audit of the control environment?

A.

For multinational organizations it is important to ensure that the organizational culture is consistent at all locations

B.

Because the chief audit executive (CAE) is part of the organizational culture, external auditors should be engaged to evaluate the control environment

C.

If there are unresolved scope restrictions, the CAE should consider whether to pursue the audit and note the scope restrictions in the audit report

D.

Because it will create a conflict of interest relating to the control environment, senior management should not be consulted during the audit

Full Access
Question # 169

Which of the following activities would an internal auditor perform as a consulting engagement for an organization?

A.

Advising new internal auditors working for the organization on how to develop strategies on planning audits for the upcoming fiscal year

B.

Assessing whether the organization's corporate social responsibility program is meeting its yearly goals to reduce carbon emissions.

C.

Briefing the organization's department managers on how to implement risk management processes into their daily operations.

D.

Communicating with senior management to better understand how new purchasing controls will minimize payment processing time.

Full Access
Question # 170

An organization’s senior management team is awarding substantial bonuses if employees meet financial targets. Which of the following motivators to potentially commit fraud would become most likely in this scenario?

A.

Opportunity

B.

Pressure

C.

Rationalization

D.

Justification

Full Access
Question # 171

Which of the following would be a red flag for potential issues in the control environment?

A.

Segregation of duties during preparation of the financial statements

B.

Compensation structures that are based on commissions

C.

A low rate of turnover in key financial positions

D.

The presence of a whistleblower policy and fraud hotlinea

Full Access
Question # 172

Which of the following is an example of an impairment to an internal auditor's independence?

A.

An internal auditor delays reporting material financial statement audit findings until after his parents sell all of their stock in the company

B.

Following the restructuring of the organization, the internal audit activity now reports functionally to the chief financial officer

C.

A new member of the internal audit activity, who was the accounts payable supervisor for two years, is asked to consult on the implementation of a new accounts payable system

D.

Believing there must be errors in a given balance sheet account the internal auditor decides to expand his testing

Full Access
Question # 173

Which of the following statements is true regarding the quality assurance and improvement program (QAIP)?

A.

Reporting on the QAIP to the board should occur at least once every five years

B.

The responsibility for the selection of an external assessor rests with the board

C.

The qualifications of the assessors must be communicated to the board

D.

The reporting of outcomes of the QAIP can be delegated to senior audit staff

Full Access
Question # 174

Which of the following can be used to minimize employees’ resentment of controls?

A.

Making sure employees are exempt from participating in control creation

B.

Implementing controls without lengthy explanations of their purpose

C.

Developing general constricting controls rather than detailed ones

D.

Not using controls to achieve goals

Full Access
Question # 175

An internal auditor is providing consulting services on an area he was responsible for three years ago. Part of the consulting scope covers a review of a performance measuring system that the auditor helped to develop. What is the best course of action for the auditor to take concerning the consulting service?

A.

Accept the consulting services only after receiving approval to do so from the board.

B.

Accept the consulting services. The objectivity won't be impaired if it has been more than a year since he last worked in the area under review.

C.

Refrain from providing the consulting service because he was responsible for that area and his objectivity will be impaired,

D.

Disclose the potential impairment to the customer before accepting the consulting engagement

Full Access
Question # 176

According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

A.

Monitor and review

B.

Performance measurement.

C.

Setting the context.

D.

Communication.

Full Access
Question # 177

Why is it imperative for the chief audit executive to track and develop the educational qualifications of internal audit staff?

A.

To accurately conduct performance appraisals

B.

To ensure that staff complete required continuing professional education credits annually.

C.

To ensure that the resources needed to complete the audit plan are available.

D.

To satisfy the audit committee requirements.

Full Access
Question # 178

According to MA guidance, which of the following statements is true regarding internal auditors' use of technology-based techniques?

A.

Auditors must consider using technology if it advances the engagement, even when implementation costs exceed the benefits.

B.

Auditors must considering using technology to reduce the organization's risk by detecting all instances of fraud.

C.

Auditors must consider using technology only when the Implementation cost does not exceed benefits.

D.

Auditors must consider using technology in a variety of engagements to ensure that their work is substantiated and infallible.

Full Access
Question # 179

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization's risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Full Access
Question # 180

According to NA guidance which of the following should be documented in the internal audit chatter?

A.

The risk assessment process applied by the internal audit activity

B.

The organization's internal control framework used by the internal audit activity

C.

The nature of consulting services provided by the internal audit activity

D.

The performance evaluation process used by the internal audit activity

Full Access
Question # 181

Which of the following indicates an appropriate disclosure of a potential nonconformance with the Standards?

A.

An external assessment of the internal audit activity was last performed six years ago.

B.

The internal audit activity has been in existence for four years but has not performed an external assessment.

C.

An internal assessment is not performed every year.

D.

The internal audit activity has been in existence for two years and has documented only an internal assessment.

Full Access
Question # 182

The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization's automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

A.

A general web-based training on auditing manufacturing processes.

B.

Self-study courses on the industry's production practices

C.

Industry publications that discuss production methods

D.

A virtual meeting with management that explains the production of automobiles

Full Access
Question # 183

Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?

A.

The internal audit activity should not be responsible for developing the organization's risk management framework, even with appropriate safeguards.

B.

The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios

C.

The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.

D.

The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Full Access
Question # 184

Which of the following organizations is adopting an acceptance technique in terms of its risk response?

A.

An organization that takes no action in managing the possible exposure to an earthquake.

B.

An organization that opts out of investing in a new region due to volatility in foreign exchange rates.

C.

An organization that takes out insurance policies to protect its property and equipment.

D.

An organization that deploys policies and procedures to guide business activities and practices

Full Access
Question # 185

An internal audit of an organization's disbursement department revealed that multiple payments were made to legitimate vendors bearing fraudulent banking information belonging lo employees in the department. These vendors were initially set up with accurate banking information but were subsequently modified by disbursement officers with access to the vendor management system. Which of the following controls would have likely prevented the fraudulent modification of vendors' banking information?

A.

Management periodically reviews and verifies the information in the vendor master Tile.

B.

Management's approval is required for update to vendors' banking information.

C.

Management randomly audits a sample of payments to verify the accuracy of vendors' banking information.

D.

Management's approval is required before payments can be processed.

Full Access
Question # 186

Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?

A.

As the head of the organization, the CEO selects and appoints the external quality assessment team to perform the OAIP reviews.

B.

The chief audit executive determines the scope and frequency of both internal and external quality assessments based on the availability and capacity of resources in accordance with the annual internal audit plan.

C.

Minutes of meetings held with senior management and the board to discuss the scope and frequency of internal and external assessments support the OAIP reporting requirement.

D.

The internal audit activity needs to assess whether each engagement on the annual internal audit plan is conducted in conformance with the Standards.

Full Access
Question # 187

The results of an assessment of the adequacy of controls would be considered incomplete or misleading unless the internal auditor considers which of the following?

A.

Number of mitigating controls.

B.

Effectiveness of the control environment

C.

Use of computer-assisted auditing techniques.

D.

IT security controls

Full Access
Question # 188

Which of the following represents a deficiency in the control environment?

A.

The sales department has failed to achieve targets for the last nine months.

B.

Employees report suspicious activity by calling the organization's ethics hotline.

C.

Hiring procedures do not include background checks for prospective job candidates.

D.

Management reports three potential ethics issues to the board of directors.

Full Access
Question # 189

Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?

A.

Determine the organization’s overall risk appetite.

B.

Establish a governance committee.

C.

Delegate authority to members of senior management.

D.

Identify key stakeholders and their expectations

Full Access
Question # 190

An organization's board recommends revising the internal audit charter by adding requirements regarding the hiring and compensation of the chief audit executive as well as information on approving the internal audit budget. Which of the following is the board most likely defining in the charter?

A.

Functional and administrative responsibilities of internal audit activity.

B.

Authority and objectivity of internal audit activity.

C.

Independence and objectivity of internal audit activity.

D.

Assurance and improvement of internal audit activity.

Full Access
Question # 191

Which of the following scenarios is a characterize of an organization with a highly effective ethical culture?

A.

An organization implements and communicates to staff a formal and comprehensive code of conduct, which is clear and understandable.

B.

An organization waives reference and background checks when hiring for certain sensitive positions in order to not violate potential employees' rights to privacy.

C.

An organization punishes senior management more harshly for ethics violations than it would for lower-level staff to send a message throughout the organization.

D.

An organization conducts surveys of employees, suppliers, and customers once every five years to determine the slate of the ethical climate in the organization.

Full Access
Question # 192

Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?

A.

Require all internal auditors to create a training plan based on a competency self-assessment.

B.

Require internal auditors to complete all of their training through webinars, to increase efficiency and avoid traveling

C.

Require all internal auditors to become a member of The Institute of Internal Auditors.

D.

Require internal auditors to create a training plan based on their areas of interest

Full Access
Question # 193

Which type of engagement requires that the client agrees with the techniques used by the internal audit activity?

A.

A performance audit.

B.

A sensitive fraud investigation.

C.

A compliance audit

D.

A consulting service.

Full Access
Question # 194

The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.

Which common characteristics of fraud will the practice and policy most likely reduce?

A.

Pressure or incentive.

B.

Opportunity.

C.

Rationalization.

D.

Commitment.

Full Access
Question # 195

Which of the following situations presents the lowest risk of impairing an internal audit activity's independence?

A.

Senior management has the authority to terminate the chief audit executive

B.

Senior management has control over the internal audit activity's budget

C.

Senior management provides feedback on the scope of the internal audit plan.

D.

Senior management limits the internal audit activity's access to the board

Full Access
Question # 196

When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Full Access
Question # 197

As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

A.

Reject the court order, citing a potential breach of customers' confidentiality agreement

B.

Consult with legal counsel to determine what information to provide.

C.

Respond promptly and provide all that was requested by the court order.

D.

Seek permission from customers prior to sharing their information.

Full Access
Question # 198

The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?

A.

Parties are confident of the solution and are ready to defend it.

B.

There is a high level of trust among the parties.

C.

Resolution is time sensitive and a quick decision is necessary.

D.

The issue is more important to one patty than the others.

Full Access
Question # 199

During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

A.

Business acumen.

B.

Critical thinking.

C.

Communication.

D.

Audit report writing.

Full Access
Question # 200

During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management's request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

A.

Assurance services

B.

Blended services

C.

Consulting services

D.

Prohibited services

Full Access
Question # 201

Which of the following is a way to demonstrate an individual internal auditor's competency through continuing professional development?

A.

Create different training budgets for each of the internal auditors

B.

Define average training hours per auditor as a team performance measure

C.

Analyze internal audit client survey feedback following audits

D.

Review training records for all internal auditors

Full Access
Question # 202

Which of the following scenarios violates The IIA's standard regarding internal audit independence?

A.

The chief audit executive (CAE) reports on the internal audit activity's day-to-day tasks and responsibilities to the CEO.

B.

An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.

C.

The CAE regularly meets with the organization's chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.

D.

The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer audits in the annual audit plan compared to the previous financial year.

Full Access
Question # 203

Which principle of the HA Code of Ethics focuses on continuing education and professional development?

A.

Due professional care

B.

Professionalism

C.

Proficiency

D.

Competency

Full Access
Question # 204

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Full Access
Question # 205

An organization employs ongoing monitoring and is considering implementing periodic evaluations to assess the continuing effectiveness of its risk management process. Which of the following statements Is true with regard to such periodic evaluations?

A.

Periodic evaluations are considered to be less objective than ongoing monitoring.

B.

Periodic evaluations can be more effective than ongoing monitoring.

C.

Periodic evaluation frequency may depend on the results of ongoing monitoring.

D.

Periodic evaluations frequently identify problems more quickly than ongoing monitoring.

Full Access
Question # 206

Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

A.

The risk of collusion between parties.

B.

The risk of falsified reconciliations.

C.

The risk of low-liquidity inventory.

D.

The risk of damages to the inventory.

Full Access
Question # 207

Which of the following best demonstrates the board of directors' governance over internal control?

A.

The board bears direct responsibility for developing and implementing the internal control system.

B.

The majority of board members are experienced and qualified members of the organization's executive management team.

C.

The board may be assisted by an audit committee, chaired by the chief audit executive.

D.

The board is responsible for succession planning for the CEO and other key members of the executive management team.

Full Access