Which of the following describes the internal audit activity's most appropriate role in an organization's risk management process?
Which of the following is true regarding the use of a formal risk management framework?
1. It facilitates a methodical approach to risk mitigation.
2. It defines and standardizes the terminology used in risk communication.
3. It establishes the risk tolerance levels to be accommodated in the strategy.
4. It facilitates the alignment of risk mitigation strategies with management priorities.
According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?
An investment advisory firm purchased professional liability insurance to offer protection from lawsuits brought by customers claiming they received poor or erroneous advice. Which of the following best describes this risk management technique?
Which of the following is a detective control strategy against fraud?
Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?
Which of the following techniques should an internal auditor use in order to conduct an effective interview?
Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?
Which of the following would be considered advanced expertise which most internal auditors are not expected to possess'?
According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?
According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?
Which of the following characteristics is typical of the internal audit activity?
When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?
With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity'?
The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?
Which of the following is a typical characteristic of an organization's risk management framework*?
The largest risks facing an organization should be mitigated by which type of controls?
A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE’s most likely concern regarding this candidate*?
According to IIA guidance, which of the following is a required aspect of an internal audit charter?
Which of the following best demonstrates conformance with the Standards regarding the internal audit activity's purpose authority, and responsibility?
In the COSO internal control framework, which of the following components serves as the foundation for the other components?
Which of the following should a general internal auditor be able to characterize as an IT-related risk?
A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annual snowfall for the coming winter. Which of the following best describes this type of risk?
An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?
An internal auditor assigned to a supplier management process engagement reviews the risk assessment with the process owner The auditor inquires about the risk response for potentially engaging unqualified third-party service providers The process owner responds that due diligence checks are undertaken to make sure that third parties possess requisite competencies before they are engaged Which of the following risk management techniques is the process owner using?
Which of the following statements best describes the difference between risk appetite and risk tolerance?
Which of the following actions should the internal audit activity take during an audit engagement when examining the effectiveness of risk management processes?
An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping* She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?
An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?
Which of the following best demonstrates internal auditors performing their work with proficiency?
A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?
During a review of employee benefits, a staff internal auditor observed an ambiguity in the incentive compensation policy. If reported, it could negatively impact the internal auditor's compensation. Which of the following would encourage the internal auditor to be objective in his work?
An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.
According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?
Which of the following resources would be most effective for an organization that would like to improve how it informs stakeholders of its social responsibility performance?
Which of the following processes does the board manage to ensure adequate governance?
According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?
Which of the following organizations has reached the most mature level of corporate social responsibility?
Which of the following statements is true regarding an organization's code of ethics?
An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles ot the MA Code of Ethics did she display?
According to MA guidance, which of the following is true with regard to the internal audit charter?
1. It specifies the minimum resources needed for assurance engagements.
2. It requires final approval from senior management.
3. It defines the internal audit activity's authority and responsibilities.
4. It describes the expectations for communicating the results of a quality assurance and Improvement program.
Internal controls belong to which risk response category?
According to MA guidance, which of the following statements is true regarding an effective governance process?
The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?
Who is held responsible for oversight of the organization's risk management framework?
Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?
Of all the common characteristics of frauds, which of the following can the organization influence the most?
In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?
Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization's risk management process?
A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?
During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company's expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?
A newly appointed chief audit executive (CAE) is tasked with creating a new internal audit activity within the organization. Which of the following would the CAE need to include in the new internal audit charter?
According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?
Which of the following are considered root causes of fraud?
In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?
An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system's design strengths and weaknesses. Which of the following is true regarding impairment to the auditor's objectivity?
When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?
A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?
An organization opened its warehouse to sell written-off surplus and outdated office furniture to the general public. Prices were negotiable, and customers could pay by cash, check, or credit card. Receipts were available upon request, and were issued by the inventory manager upon collection of payment. At the end of the day, the manager forwarded all of the funds he had collected to the finance department for deposit. Which of the following types of fraud is most likely to occur under these circumstances?
Which of the following is part of a fraud detection program?
A technology company recently hired an entry-level internal auditor. To achieve conformance with the Standards, which of the following must the newly hired internal auditor possess?
Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?
According to IIA guidance, which of the following actions by a new chief audit executive would be most appropriate to gain an understanding of the current level of knowledge, skills, and competencies required by an internal audit activity to fulfill its responsibilities?
Which of the following is a responsibility of the internal audit activity as it relates to risk and risk management?
Which of the following would be considered an indicator that an organization's ethics program is not yet well developed?
Which of the following would be considered a primary control to reduce the risk associated with setting up duplicate vendors?