Summer Goodies - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av5rz84q

Exact2Pass Menu

Question # 4

Which of the following describes the internal audit activity's most appropriate role in an organization's risk management process?

A.

Reporting to the board on management's assessment of current risks

B.

Establishing a risk management policy and framework for the organization

C.

Assigning responsibility for identifying and managing significant risks

D.

Developing key controls to mitigate risks across the organization

Full Access
Question # 5

Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

A.

1. 2. and 3.

B.

1.2. and 4.

C.

1.3. and 4.

D.

2. 3, and 4.

Full Access
Question # 6

According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?

A.

Determining whether any opportunity exists for senior executives to misappropriate property or funds

B.

Planning and executing fieldwork In a complete and timely manner to identify all significant risks

C.

Verifying whether the board of directors has implemented effective internal controls

D.

Having senior management determine whether the degree of work planned is sufficient to meet engagement objectives

Full Access
Question # 7

An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?

A.

Mitigation.

B.

Acceptance

C.

Transfer.

D.

Avoidance

Full Access
Question # 8

Which of the following is a detective control strategy against fraud?

A.

Requiring employees to attend ethics training.

B.

Performing background checks on employees.

C.

Implementing a control self-assessment.

D.

Performing a surprise audit

Full Access
Question # 9

Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

A.

Checking for invoice amounts that do not match that of the purchase order.

B.

Searching for identical invoice numbers and payment amounts.

C.

Running checks to uncover post office box addresses matching employee addresses.

D.

Comparing prices across vendors to see whether one vendor is unreasonably high.

Full Access
Question # 10

Which of the following techniques should an internal auditor use in order to conduct an effective interview?

A.

Use technical language to establish credibility with the employee being interviewed

B.

Avoid straightforward questions to make the person being interviewed think before answering

C.

Prepare the next question while the interviewee is responding to demonstrate preparedness

D.

Appear confident but not arrogant during the interview to show professionalism

Full Access
Question # 11

Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

A.

The cost and frequency of both internal and external assessments.

B.

Any assumptions made by the assessment team

C.

A potential conflict of interest of the assessment team.

D.

The assessment team’s execution plan of relevant procedures.

Full Access
Question # 12

Which of the following would be considered advanced expertise which most internal auditors are not expected to possess'?

A.

The ability to evaluate fraud risk

B.

The ability to detect and investigate fraud

C.

The ability to assess risk management strategies

D.

The ability to create test databases

Full Access
Question # 13

According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

A.

Report external assessments upon completion of such assessments

B.

Report external assessments at least annually

C.

Report ongoing monitoring quarterly

D.

Report post-engagement reviews at least once every five years

Full Access
Question # 14

According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?

A.

The mentor must have a higher position in the organization than the mentee

B.

An auditor s supervisor is best positioned to serve as the auditor's mentor

C.

Meetings between a mentor and a mentee should be formal and well documented

D.

Auditors at the same level may be assigned different mentors and some auditors may have no mentor

Full Access
Question # 15

Which of the following characteristics is typical of the internal audit activity?

A.

Serves third parties that need reliable financial information from audit engagements

B.

Responds to the needs and desires of senior management and the board, but remains independent of areas under review

C.

Ensures the organization complies with laws and regulations in the area under review

D.

Is completely independent of senior management, the board and the area under review

Full Access
Question # 16

When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?

A.

Industry knowledge

B.

Project management

C.

Leadership skills

D.

Risk assessments

Full Access
Question # 17

With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity'?

A.

Assess compliance with the organization's code of conduct

B.

Oversee the governance and risk management processes

C.

Initiate new organizational control processes

D.

Provide advice on organizational governance activities

Full Access
Question # 18

The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

A.

Audits of risk management and compliance functions should be overseen by a competent external assurance provider

B.

Audits of risk management and compliance functions should be overseen by a senior audit manager within the internal audit activity other than the CAE

C.

Audits of risk management and compliance functions should be conducted by internal auditors under the supervision of management from both functions

D.

Audits of risk management and compliance functions should be earned out by a team of the most experienced auditors overseen by the CAE

Full Access
Question # 19

Which of the following is a typical characteristic of an organization's risk management framework*?

A.

Risk tolerance may or may not align with risk appetite depending on whether the assessment is quantitative or qualitative

B.

Risk is assessed on both an inherent and a residual basis

C.

The framework addresses four organizational objective categories strategic, historical, operational, and investment

D.

External risks and internal opportunities are omitted from the risk assessment scope

Full Access
Question # 20

The largest risks facing an organization should be mitigated by which type of controls?

A.

Entity-level

B.

Activity-level

C.

Transaction-level

D.

Process-level

Full Access
Question # 21

A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?

A.

Low-level audit expertise

B.

Narrow industry experience

C.

MPotential conflict of interest

D.

Weak interpersonal skills

Full Access
Question # 22

According to IIA guidance, which of the following is a required aspect of an internal audit charter?

A.

Management approval

B.

Independent review

C.

Reporting relationships

D.

Quarterly assessment

Full Access
Question # 23

Which of the following best demonstrates conformance with the Standards regarding the internal audit activity's purpose authority, and responsibility?

A.

Discussion and formal presentation of the internal audit charter to the board of directors

B.

Certification by external auditors on the purpose, authority and responsibility of the internal audit activity

C.

Approval of senior management that the internal audit activity is functioning as originally designed

D.

Self-assessment of the internal audit activity completed by the chief audit executive

Full Access
Question # 24

In the COSO internal control framework, which of the following components serves as the foundation for the other components?

A.

Control activities.

B.

Control environment.

C.

Risk assessment.

D.

Monitoring

Full Access
Question # 25

Which of the following should a general internal auditor be able to characterize as an IT-related risk?

A.

Computer servers are in a room that is accessible to all employees,

B.

An IT architect avoids taking vacations and sharing his workload with coworkers,

C.

Hours billed by IT developers exceed 24 hours daily.

D.

Audit logs are lacking in a system that processes personal data.

Full Access
Question # 26

A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?

A.

Residual.

B.

Net.

C.

Inherent.

D.

Accepted.

Full Access
Question # 27

An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

A.

The policies and procedures of the internal audit activity.

B.

The provisions of the internal audit charter.

C.

The authority of the CEO.

D.

The IIA's Code of Ethics.

Full Access
Question # 28

An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?

A.

Risk avoidance

B.

Risk reduction

C.

Risk sharing

D.

Risk acceptance

Full Access
Question # 29

Which of the following statements best describes the difference between risk appetite and risk tolerance?

A.

Risk appetite applies to specific objectives, while risk tolerance refers to an organization's general attitude toward risk,

B.

Risk appetite refers to the degree of risk acceptance for a particular objective, while risk tolerance is one approach to risk management.

C.

Risk appetite refers to an organization's general level of acceptance, while risk tolerance is a more specific and subordinate concept.

D.

There is no significant difference between the two terms.

Full Access
Question # 30

Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?

A.

Evaluate how the organization manages fraud risk.

B.

Establish procedures for improving risk management processes.

C.

Ensure risk responses are aligned with industry standards.

D.

Verify that organizational objectives are aligned with each department’s objectives.

Full Access
Question # 31

An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping* She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

A.

Batch controls.

B.

Application controls.

C.

General IT controls.

D.

Logical access controls

Full Access
Question # 32

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?

A.

Management’s acceptance of inadequate controls for cybersecurity risk.

B.

Discussions with senior management relating to a new revenue stream.

C.

Mitigating controls implemented by the engagement supervisor

D.

Project manager planned hours versus time spent for all prior year projects

Full Access
Question # 33

Which of the following best demonstrates internal auditors performing their work with proficiency?

A.

Internal auditors meet with operational management at each phase of the audit process.

B.

Internal auditors adhere to The IIA’s Code of Ethics.

C.

Internal auditors work collaboratively with their engagement team.

D.

Internal auditors complete a program of continuing professional development.

Full Access
Question # 34

A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?

A.

Ensure all subsequent audit reports include a disclaimer as to the lack of access to the board,

B.

Focus on operational audit work and disregard lack of direct access to the members of the board.

C.

Initiate changes to the internal audit charter to report to senior management for the time being,

D.

Engage in written communications with the board and present relevant issues in writing

Full Access
Question # 35

During a review of employee benefits, a staff internal auditor observed an ambiguity in the incentive compensation policy. If reported, it could negatively impact the internal auditor's compensation. Which of the following would encourage the internal auditor to be objective in his work?

A.

Periodic reinforcement of the internal audit activity's code of ethics disclosure practices.

B.

External assessments of the internal audit activity every five years.

C.

Audit committee review of every engagement report at the conclusion of the audit.

D.

Internal audit charter approved by the board.

Full Access
Question # 36

An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.

According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

A.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until the chief audit executive confirms that the internal audit activity

has addressed all areas of nonconformance and the audit committee has been notified.

B.

Refrain from indicating that the internal audit activity operates in conformance with the Standards until another external assessment confirms that the significant areas of nonconformance have been addressed.

C.

Indicate that the internal audit activity operates in partial conformance with the Standards t as the internal audit activity has a quality assurance and improvement program in place to address deficiencies and has met the requirement for conducting an external assessment.

D.

Update and reissue previous audit reports, removing the assertion that the internal audit activity operates in conformance with the Standards, and distribute them to ail parties who received the original reports.

Full Access
Question # 37

Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?

A.

ISO 26000.

B.

Global Reporting Initiative.

C.

Open Compliance and Ethics Group.

D.

COSO’s enterprise risk management framework

Full Access
Question # 38

Which of the following processes does the board manage to ensure adequate governance?

A.

Establish and measure performance objectives for the internal audit activity.

B.

Select board members with necessary knowledge and skills.

C.

Develop, approve, and execute the strategic plan of the organization.

D.

Develop strategies to mitigate the risks to achieving the organization’s objectives

Full Access
Question # 39

According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

A.

CAE reviews and approves the annual audit plan,

B.

CAE meets privately with the CEO at least annually.

C.

CAE meets privately with the board at least annually,

D.

CAE reports to the board regarding audit staff performance evaluation and compensation.

Full Access
Question # 40

Which of the following organizations has reached the most mature level of corporate social responsibility?

A.

An organization that is able to provide goods and services society needs and thus maximizes profit to its owners.

B.

An organization that ensures compliance to legal frameworks of the countries in which it operates and sells its products.

C.

An organization that is willing to make contributions not mandated by law or economics and expects no payback.

D.

An organization that requires its decision makers to act with equity, fairness, and respect for the rights of individuals.

Full Access
Question # 41

Which of the following statements is true regarding an organization's code of ethics?

A.

It should be written with primary consideration given to using a rule-based approach.

B.

It should be of two variations: one applicable internally and one applicable for third parties.

C.

Its operational effectiveness cannot be tested using traditional audit and rating systems such as maturity models.

D.

It should require an annual attestation of compliance with the code of conduct by all employees.

Full Access
Question # 42

An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles ot the MA Code of Ethics did she display?

A.

Confidentiality.

B.

Independence.

C.

Competency.

D.

Objectivity

Full Access
Question # 43

According to MA guidance, which of the following is true with regard to the internal audit charter?

1. It specifies the minimum resources needed for assurance engagements.

2. It requires final approval from senior management.

3. It defines the internal audit activity's authority and responsibilities.

4. It describes the expectations for communicating the results of a quality assurance and Improvement program.

A.

1 and 4 only.

B.

3 and 4 only.

C.

1.2. and 4.

D.

2. 3. and 4.

Full Access
Question # 44

Internal controls belong to which risk response category?

A.

Reduction.

B.

Avoidance.

C.

Sharing.

D.

Acceptance.

Full Access
Question # 45

According to MA guidance, which of the following statements is true regarding an effective governance process?

A.

It stipulates that risk needs to be considered when making strategic decisions.

B.

It encourages strict segregation of the risk management and internal control processes.

C.

It relies on effective risk management when establishing the organization's risk appetite.

D.

It relies on the board to devise ways to communicate the effectiveness of internal controls.

Full Access
Question # 46

The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

A.

The CAE's actions are likely to impair the Independence of the internal audit activity.

B.

The CAE acted appropriately, and the independence of the internal audit activity was not impaired.

C.

The CAE should have developed the audit plan without outside influence to maintain objectivity.

D.

The CAE acted appropriately, as he has authority to determine who reviews and approves the audit plan.

Full Access
Question # 47

Who is held responsible for oversight of the organization's risk management framework?

A.

Operational management.

B.

Board of directors.

C.

Internal auditors.

D.

Head of risk management.

Full Access
Question # 48

Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

A.

Delivering fraud awareness training to employees in the department.

B.

Segregating duties between employees in the department.

C.

Requesting the internal audit activity perform an independent evaluation of fraud risk in the department.

D.

Requiring accounts payable employees to sign a code of conduct awareness confirmation.

Full Access
Question # 49

Of all the common characteristics of frauds, which of the following can the organization influence the most?

A.

Pressure or incentive.

B.

Rationalization

C.

Opportunity

D.

Commitment.

Full Access
Question # 50

In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

A.

Fraud prevention.

B.

Fraud detection.

C.

Corporate culture.

D.

Forensic analysis techniques.

Full Access
Question # 51

Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization's risk management process?

A.

Internal audit designs and implements the organization's controls to help manage risk.

B.

Internal audit sets the organization's risk tolerance and promotes awareness throughout the organization.

C.

Internal audit assesses whether the organization's risk management processes are effective.

D.

Internal audit is responsible for safeguarding the organization's assets and preventing loss from occurring.

Full Access
Question # 52

A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

A.

The annual audit plan.

B.

The audit report.

C.

The annual risk assessment.

D.

The audit charter.

Full Access
Question # 53

During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company's expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

A.

Skills in evaluating the risk of fraud.

B.

Knowledge of key IT risks and controls

C.

Soft skills such as communication and negotiation.

D.

Knowledge and understanding of the company's expenses policy

Full Access
Question # 54

A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?

A.

The requirement to provide an annual cost analysis that justifies having an internal audit activity

B.

The specific engagements that the internal audit activity will perform for the organization

C.

The board s oversight role and responsibilities pertaining to the internal audit activity

D.

The relevant regulations that will guide the internal audit activity's regulatory compliance assessments

Full Access
Question # 55

According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?

A.

The risk assessment process including interviews with senior management.

B.

The organization’s mission and value statements, code of conduct, and whistleblowing policy

C.

Board meeting minutes the board policy manual, and past audit reports

D.

Staff compensation objective setting and the performance evaluation policy and process

Full Access
Question # 56

Which of the following are considered root causes of fraud?

A.

Rationalization and corruption

B.

Corruption and opportunity

C.

Opportunity and perceived need

D.

Perceived need and weak internal controls

Full Access
Question # 57

In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?

A.

The CAE shall report functionally to the board and administratively to the chief financial officer

B.

The CAE and the Internal audit activity shall have full access to any and all records and personnel of the organization that are relevant to audit engagements

C.

The CAE and the internal audit activity shall be independent and objective in performing their work.

D.

The CAE shall report periodically on the performance of the internal audit activity relative to its plan

Full Access
Question # 58

An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system's design strengths and weaknesses. Which of the following is true regarding impairment to the auditor's objectivity?

A.

This situation does not necessitate any action related to the auditor's objectivity.

B.

The auditor should decline to perform the audit because personal conflicts of interest are likely.

C.

The auditor must disclose to the chief audit executive that this situation may impair her objectivity.

D.

The auditor can provide only consulting services, not assurance.

Full Access
Question # 59

When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?

A.

Key risk disclosures in the annual report.

B.

Existing risk assessment and identification processes.

C.

Organizational strategy and business plans.

D.

Risk mitigation plans and risk responses.

Full Access
Question # 60

A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?

A.

The organization ensured that the third-party vendor provided the best pricing for the requested services.

B.

The organization conducted quality control reviews of provided services to ensure industry standards were met.

C.

The organization performed a due diligence review of all vendors during the bid review process.

D.

The organization planned to issue a resolution concerning the third-party provider's labor practices.

Full Access
Question # 61

An organization opened its warehouse to sell written-off surplus and outdated office furniture to the general public. Prices were negotiable, and customers could pay by cash, check, or credit card. Receipts were available upon request, and were issued by the inventory manager upon collection of payment. At the end of the day, the manager forwarded all of the funds he had collected to the finance department for deposit. Which of the following types of fraud is most likely to occur under these circumstances?

A.

Asset misappropriation.

B.

Bribery.

C.

Falsifying records.

D.

Skimming

Full Access
Question # 62

Which of the following is part of a fraud detection program?

A.

Whistleblower hotline.

B.

Authority limits.

C.

Background investigations

D.

Evaluation of compensation programs.

Full Access
Question # 63

A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?

A.

An understanding of fraud and fraud risk.

B.

IT audit expertise.

C.

Industry-specific knowledge

D.

At least one audit-related certification

Full Access
Question # 64

Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?

A.

An external quality assessment of the internal audit activity is performed only once every five years.

B.

The internal auditor provided negative assurance, because he found no evidence of misconduct.

C.

The annual internal audit plan includes some consulting engagements that are based on opportunities rather than risks to the organization.

D.

A new internal auditor moved into the internal audit activity from the payroll department and was immediately assigned to the payroll audit.

Full Access
Question # 65

According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?

A.

Identify gaps in the activity’s proficiency, based on criteria defined by a widely accepted competency framework.

B.

Have a quality assessment review performed by an expert external entity.

C.

Identify a mature internal audit activity to serve as a benchmark for measuring the internal audit activity’s competence.

D.

Assess whether members of the internal audit activity understand and apply the 11As mandatory guidance.

Full Access
Question # 66

Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?

A.

Evaluating and suggesting improvements to the risk management process.

B.

Establishing the organization's risk appetite.

C.

Determining whether the risk attitude is aligned with shareholder interests.

D.

Ensuring an adequate risk management system is in place.

Full Access
Question # 67

Which of the following would be considered an indicator that an organization's ethics program is not yet well developed?

A.

Disciplinary actions for ethics compliance violations are reviewed by the internal audit activity for consistency.

B.

Communication of ethics compliance expectations is the responsibility of employees' direct managers.

C.

The organization's code of ethics and related compliance policy are reviewed annually for potential updates.

D.

The board of directors reviews ethics oversight metrics for violations and compliance.

Full Access
Question # 68

Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?

A.

Receipt of a signed and approved vendor setup form.

B.

Segregation of duties between setting up vendors and making vendor payments.

C.

System validation and edit checks on vendor identification number

D.

A vendor setup policy and procedure.

Full Access