EMT Practice Test

1. Question Content...


Question List

Question1: A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?

Question2: Reviewing prior audit reports and supporting workpapers before an engagement starts enables an internal auditor to do which of the following?
1. To understand better the activity and processes that will be audited.
2. To identify the audit procedures that will be used during the engagement.
3. To ensure that matters of greatest vulnerability will be addressed.
4. To use the information obtained as evidence in the current engagement.

Question3: An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?

Question4: According to IIA guidance on IT. which of the following plans would pair the identification of critical business processes with recovery time objectives?

Question5: Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?

Question6: Which of the following control activities is the most effective to ensure users' levels of access are appropriate for their current roles?

Question7: Which of the following is true regarding an organization's relationship with external stakeholders?

Question8: The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?

Question9: According to IIA guidance,which of the following is true about the supervising internal auditor's review notes?
* They are discussed with management prior to finalizing the audit.
* They may be discarded after working papers are amended as appropriate.
* They are created by the auditor to support her fieldwork in case of questions.
* They are not required to support observations issued in the audit report.

Question10: Which of the following statements regarding organizational governance is not correct?

Question11: Unsecured loans are loans:

Question12: An organization requires an average of 58 days to convert raw materials into finished products to sell. An average of 42 additional days is required to collect receivables. If the organization takes an average of 10 days to pay for the raw materials, how long is its total cash conversion cycle?

Question13: Which of the following descriptions of the internal control system are indicators that risks are managed effectively?
1. Existing controls promote compliance with applicable laws and regulations.
2. The control environment is designed to address all identified risks to the organization.
3. Key controls for significant risks to the organization remain consistent over time.
4. Monitoring systems are in place to alert management to unexpected events.

Question14: Which of the following is a characteristic of an emerging industry?

Question15: Which of the following statements is true regarding a bring-your-own-device (BYOD) environment?

Question16: Which segregation of duties would best reduce the risk of payroll fraud?

Question17: Which of the following statements accurately describes an internal auditor's responsibility with regard to due professional care?

Question18: Which of the following is a detective control for managing the risk of fraud?

Question19: Which of the following statements is true regarding outsourced business processes?

Question20: Which of the following financial instruments should be recorded at fair market value on the financial statements?

Question21: If legal or regulatory standards prohibit conformance with certain parts of The IIA's Standards, the auditor should do which of the following?

Question22: Click the Exhibit.

Internal auditors are asked to keep track of how many hours per day they spend planning the audit, conducting the engagement, and writing the audit report. The data for two days has been collected as follows:
Day 1
Day 2
Planning the audit
2 hours
3 hours
Conducting the engagement
1 hour
1 hour
Writing the audit report
2 hours
4 hours
Which of the following graphs depicts the data accurately?

Question23: When initiating international ventures, an organization should consider cultural dimensions in order to prevent misunderstandings. Which of the following does not represent a recognized cultural dimension in a work environment?

Question24: Which of the following most accurately describes the purpose of application authentication controls?

Question25: Which of the following authentication controls combines what a user knows with the unique characteristics of the user respectively?

Question26: An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?

Question27: A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report's validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.

Question28: Which audit approach should be employed to test the accuracy of information housed in a database on an un-networked computer?

Question29: Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.

Question30: A large hospital has an existing contract with a vendor in another country to provide software support and maintenance of the hospital's patient records information system. From the hospital management's perspective, which of the following controls would be most effective to address privacy risks related to this outsourcing arrangement^

Question31: According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.

Question32: According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

Question33: In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

Question34: When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?
1. Subsequent change orders increase requirements for low-bid items.
2. Material contract requirements are different on the actual contract than on the request for bids.
3. A high percentage of employees are charged to indirect accounts.
4. Losing bidders are hired as subcontractors.

Question35: A manager has difficulty motivating staff to improve productivity, despite establishing a lucrative individual reward system. Which of the following is most likely the cause of the difficulty?

Question36: Which of the following statements is true regarding the use of public key encryption to secure data while it is being transmitted across a network?

Question37: When writing a business memorandum, the writer should choose a writing style that achieves all of the following except:

Question38: An auditor in charge was reviewing the workpapers submitted by a newly hired internal auditor. She noted that the new auditor's analytical work did not include any rating or quantification of the risk assessment results, and she returned the workpapers for correction. Which section of the workpapers will the new auditor need to modify?

Question39: Which of the following statements is true regarding reversing entries in an accounting cycled

Question40: An internal auditor in a small broadcasting organization was assigned to review the revenue collection process.
The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

Question41: According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?

Question42: According to IIA guidance, which of the following should be formally documented in the internal audit charter?

Question43: According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?

Question44: Which of the following statements regarding database management systems is not correct?

Question45: Which of the following is always true regarding the use of encryption algorithms based on public key infrastructure (PKI)?

Question46: Which of the following is an example of a nonfinancial internal failure quality cost?

Question47: What is the additional advantage of facilitated workshops, in comparison with structured interviews, used when testing the effectiveness of entity-level controls?

Question48: Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

Question49: According to The IIA's Code of Ethics, which of the following statements is true?

Question50: Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?
1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.

Question51: A manufacturing line supervisor joins the internal audit activity for a two-year rotational job assignment and is assigned to an accounts receivable audit. With regard to this assignment, which of the following should be the primary concern of the audit manager?

Question52: Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?

Question53: Which of the following is not a barrier to effective communication?

Question54: According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization's social responsibility program is effective?

Question55: Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.

Question56: According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Question57: The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?
1. Financial measures
2. Internal business process measures.
3. Client satisfaction measures
4. Innovation and learning measures

Question58: Which of the following is a primary driver behind the creation and prioritization of new strategic initiatives established by an organization?

Question59: Which of the following application controls checks the integrity of data entered into a business application?

Question60: Which of the following is an example of a physical control?

Question61: Which stage of group development is characterized by a decrease in conflict and hostility among group members and an increase in cohesiveness?

Question62: An internal auditor completed an audit of a bank's loan department and found all significant risks to be managed adequately through effective internal controls. Which of the following would be an appropriate conclusion to report to management?

Question63: International marketing activities often begin with:

Question64: Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1. The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The IAA must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3. The IAA may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4. The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

Question65: Which of the following is an appropriate role for the internal audit activity with regard to the organization's risk management program?

Question66: When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Question67: Which of the following roles would be least appropriate for the internal audit activity to undertake with regard to an organization's corporate social responsibility (CSR) program?

Question68: Which of the following best demonstrates an organization's ability to recover from a disaster?

Question69: An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?

Question70: To fill a critical vacancy, an internal auditor is assigned temporarily to a nonaudit role in the purchasing department, where she worked previously before joining the internal audit activity. According to IIA guidance, which of the following statements is true regarding these circumstances?

Question71: A chief audit executive (CAE) was asked to participate in the selection of an external auditor. Which of the following would not be a typical responsibility for the CAE?

Question72: Organizational activities that complement each other and create a competitive advantage are called a:

Question73: According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?

Question74: When management uses the absorption costing approach, fixed manufacturing overhead costs are classified as which of the following types of costs?

Question75: Which of the following actions is most likely to gain support for process change?

Question76: During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit.
Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?

Question77: Maintenance cost at a hospital was observed to increase as activity level increased. The following data was gathered:
Activity Level -
Maintenance Cost
Month
Patient Days
Incurred
January
5,600
$7,900
February
7,100
$8,500
March
5,000
$7,400
April
6,500
$8,200
May
7,300
$9,100
June
8,000
$9,800
If the cost of maintenance is expressed in an equation, what is the independent variable for this data?

Question78: In which of the following scenarios would transfer pricing be used?

Question79: In the area of business acumen, which of the following competencies would be the sole responsibility of an internal audit staff member?

Question80: Which of the following is the best reason for considering the acquisition of a nondomestic organization?

Question81: When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:

Question82: Which of the following is a limiting factor for capacity expansion?

Question83: An internal audit charter should do which of the following?

Question84: Which type of bond sells at a discount from face value, then increases in value annually until it reaches maturity and provides the owner with the total payoff?

Question85: Which of the following is not included in the process of user authentication?

Question86: When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.

Question87: When attempting to devise creative solutions to problems, team members initially should do which of the following?

Question88: The main reason to establish internal controls in an organization is to:

Question89: Which of the following types of fraud includes embezzlement?

Question90: When auditing an application change control process, which of the following procedures should be included in the scope of the audit?
1. Ensure system change requests are formally initiated, documented, and approved.
2. Ensure processes are in place to prevent emergency changes from taking place.
3. Ensure changes are adequately tested before being placed into the production environment.
4. Evaluate whether the procedures for program change management are adequate.

Question91: Which of the following is an example of a phishing attack?

Question92: During a review of a web-based application used by customers to check the status of their bank accounts, it would be most important for the internal auditor to ensure that:

Question93: A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

Question94: When granting third parties temporary access to an entity's computer systems, which of the following is the most effective control?

Question95: Which of the following is the most common method of fraud detection?

Question96: According to IIA guidance, organizations have the most influence on which element of fraud?

Question97: Which of the following statements are true regarding the use of heat maps as risk assessment tools?
1. They focus primarily on known risks, limiting the ability to identify new risks.
2. They rely heavily on objective assessments and related risk tolerances.
3. They are too complex to provide an easily understandable view of key risks.
4. They are helpful but limited in value in a rapidly changing environment.

Question98: A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?

Question99: Which of the following professional development approaches would offer internal auditors the most opportunities to broaden their engagement experiences?

Question100: According to IIA guidance, which of the following is the correct order to conduct a business impact analysis (BIA) for the potential loss of an organization's network services''
1. identify resources and partners to provide required recovery services
2. Identify the business processes supporting the network functionality
3. Obtain approval of the BIA from the operating managers relative to their areas of responsibility
4. Identify the business impact if the network services cannot be performed

Question101: Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?

Question102: After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?

Question103: Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?

Question104: Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?

Question105: Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?
1. Intervening during an audit involving ethical wrongdoing.
2. Discussing periodic reports of ethical breaches.
3. Authorizing an investigation of an unsafe product.
4. Negotiating a settlement of an employee claim for personal damages.

Question106: According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?

Question107: An internal auditor is trying to assess control risk and the effectiveness of an organization's internal controls.
Which of the following audit procedures would not provide assurance to the auditor on this matter?

Question108: Which of the following scenarios best illustrates the principle of due professional care?

Question109: Which of the following is a type of network in which an organization permits specific users (such as existing customers) to have access to its internal network through the Internet by building a virtual private network?

Question110: An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?

Question111: In terms of international business strategy, which of the following is true regarding a multi-domestic strategy?

Question112: Which of the following should an organization consider when developing strategic objectives for its business processes?
1. Contribution to the success of the organization.
2. Reliability of operational information.
3. Behaviors and actions expected of employees.
4. How inputs combine with outputs to generate activities.

Question113: According to IIA guidance, which of the following scenarios demonstrates an internal auditor exercising due professional care?
When auditing investments, the auditor identified instruments with which he was unfamiliar.
He decided not to select that type of investment in his sample, as he did not have the knowledge needed to A. perform a proper assessment.

Question114: Which of the following conflict resolution methods should be applied when the intention of the parties is to solve the problem by clarifying differences and attaining everyone's objectives?

Question115: Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?
1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.

Question116: Which of the following types of social responsibilities is voluntary and guided purely by the organization's desire to make social contributions?

Question117: An internal auditor needs to recommend a policy element to be included in an organization's code of ethics.
Which of the following recommendations would be most effective?

Question118: Which of the following statements describes an engagement planning best practice?

Question119: Which of the following statements about slack time and milestones are true?
1. Slack time represents the amount of time a task may be delayed without delaying the entire project.
2. A milestone is a moment in time that marks the completion of the project's major deliverables.
3. Slack time allows the project manager to move resources from one task to another to ensure that the project is finished on time.
4. A milestone requires resource allocation and needs time to be completed.

Question120: Which of the following describes the free trade zone in an e-commerce environment?

Question121: A supervisor receives a complaint from an employee who is frustrated about having to learn a new software program. The supervisor responds that the new software will enable the employee to work more efficiently and with greater accuracy. This response is an example of:

Question122: An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?

Question123: According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

Question124: The decision to implement enhanced failure detection and back-up systems to improve data integrity is an example of which risk response?

Question125: In order to provide useful information for an organization's risk management decisions, which of the following factors is least important to assess?

Question126: Which of the following is an example of collusion?

Question127: Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?

Question128: Which of the following statements best describes the frameworks set forth by the International Standards Organization?

Question129: The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

Question130: While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?

Question131: According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?

Question132: During the last year, an organization had an opening inventory of $300,000, purchases of $980,000, sales of
$1,850,000, and a gross margin of 40 percent. What is the closing inventory if the periodic inventory system is used?

Question133: According to IIA guidance, which of the following statements describes one of the similarities between assurance and consulting services?

Question134: Which of the following is useful for forecasting the required level of inventory?
1. Statistical modeling.
2. Information about seasonal variations in demand.
3. Knowledge of the behavior of different business cycles.
4. Pricing models linked to seasonal demand.

Question135: Which of the following is the most likely reason an organization may decide to undertake a stock split?

Question136: Which of the following statements is true regarding cost-volume-profit analysis?

Question137: Which of the following would not impair the objectivity of internal auditor?

Question138: Which of the following are the most common characteristics of big data?

Question139: A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to MA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?

Question140: An internal audit activity is using the auditing-by-element approach to audit the organization's controls around corporate social responsibility. Which of the following would be an element for the internal audit activity to consider?

Question141: Which of the following is considered a violation of The IIA's Code of Ethics?

Question142: An organization accomplishes its goal to obtain a 40 percent share of the domestic market, but is unable to get the desired return on investment and output per hour of labor. Based on this information the organization is most likely focused on which of the following?

Question143: According to Porter, which of the following is associated with fragmented industries?

Question144: Under a value-added taxing system:

Question145: Which of the following is an example of an application system control?

Question146: An internal auditor who is carrying out an engagement to review controls related to corporate tax reporting must possess which of the following competencies?
1. Proficiency in analyzing key IT risks and controls.
2. The ability to recognize significant deviations from good business practices.
3. Knowledge of key indicators of fraud in tax reporting.
4. The ability to recognize the existence of problems related to tax accounting.

Question147: A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?

Question148: Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?

Question149: An internal auditor has been asked to conduct an investigation involving allegations of independent contractor fraud. Which of the following controls would be least effective in detecting any potential fraudulent activity?

Question150: According to the Standards, which of the following is based on the assertion that the quality of an organization's risk management process should improve with time?

Question151: Which of the following is based on the concept that there is not one best leadership style and that successful leadership depends on a match between the leader, the situation, and the subordinate?

Question152: When an organization is choosing a new external auditor, which of the following is the most appropriate role for the chief audit executive to undertake?

Question153: Which of the following statements is most accurate with respect to various forms, elements, and characteristics of business contracts?

Question154: Which of the following is a key component of an organization's cybersecunty governance?

Question155: Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Question156: Which of the following statements pertaining to a market skimming pricing strategy is not true?

Question157: New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?

Question158: A multinational organization has multiple divisions that sell their products internally to other divisions. When selling internally, which of the following transfer prices would lead to the best decisions for the organization?

Question159: Which of the following performance measures would be appropriate for evaluating an investment center, which has responsibility for its revenues, costs, and investment base, but would not be appropriate for evaluating cost, revenue, or profit centers?

Question160: Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

Question161: An organization is considering mirroring the customer data for one regional center at another center. A disadvantage of such an arrangement would be:

Question162: A multinational organization involved in online business has planned to set up a help desk service. Which of the following best describes the role performed by the help desk?

Question163: While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?
1. Ensure all tests use a random sampling technique.
2. Consider a judgmental approach for the sample size.
3. Assess testing errors through root cause analysis.
4. Ensure that the entire data set is tested.

Question164: Which of the following are appropriate functions for an IT steering committee?
1. Assess the technical adequacy of standards for systems design and programming.
2. Continually monitor of the adequacy and accuracy of software and hardware in use.
3. Assess the effects of new technology on the organization`s IT operations.
4. Provide broad oversight of implementation, training, and operation of new systems.

Question165: Which of the following statements is correct regarding risk analysis?

Question166: Which of the following statements about market signaling is correct?
1. The organization releases information about a new product generation.
2. The organization limits a challenger's access to the best source of raw materials or labor.
3. The organization announces that it is fighting a new process technology.
4. The organization makes exclusive arrangements with the channels.

Question167: Which of the following is an example of a directive control?

Question168: According to Porter's model of competitive strategy, which of the following is a generic strategy?
1. Differentiation.
2. Competitive advantage.
3. Focused differentiation.
4. Cost focus.

Question169: Which of the following engagement observations would provide the least motivation for management to amend or replace an existing cost accounting system?

Question170: Which of the following risks is best addressed by encryption?

Question171: Which of the following costs would be incurred in an inventory stockout?

Question172: With regard To IT governance, which of the following is the most effective and appropriate role for the internal audit activity?

Question173: According to The MA Code of Ethics, which of the following is one of the rules of conduct for objectivity?

Question174: An organization has instituted a bring-your-own-device (BYOD) work environment Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Question175: The first step in determining product price is:

Question176: Which of the following is the most important concept to be included in a consulting engagement agreement?

Question177: Which of the following best describes an objective for an audit of an environmental management system?

Question178: An internal control questionnaire would be most appropriate in which of the following situations?

Question179: Which of the following is an example of a risk management avoidance response?

Question180: An organization accumulated the following data for the prior fiscal year:
Value of
Percentage of
Quarter
Output Produced
Cost X
1
$4,750,000
2.9
2
$4,700,000
3.0
3
$4,350,000
3.2
4
$4,000,000
3.5
Based on this data, which of the following describes the value of Cost X in relation to the value of Output Produced?

Question181: According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?
1. The complexity of the work required.
2. The needs and expectations of the client.
3. The potential value of the engagement compared to the effort.
4. Information regarding assumptions and procedures to be employed.

Question182: According to the HA Code of Ethics, which of the following statements best describes the principle of competency?

Question183: Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?

Question184: For a multinational organization, which of the following is a disadvantage of an ethnocentric staffing policy?
1. It significantly raises compensation and staffing costs.
2. It produces resentment among the organization's employees in host countries.
3. It limits career mobility for parent-country nationals.
4. It can lead to cultural myopia.

Question185: According to IIA guidance, which of the following is true regarding audit supervision?
1. Supervision should be performed throughout the planning, examination, evaluation, communication, and follow-up stages of the audit engagement.
2. Supervision should extend to training, time reporting, and expense control, as well as administrative matters.
3. Supervision should include review of engagement workpapers, with documented evidence of the review.

Question186: Which of the following statements is correct regarding corporate compensation systems and related bonuses?
1. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.
2. Compensation systems are not part of an organization's control system and should not be reported as such.
3. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.

Question187: According to IIA guidance, which of the following should be included in the internal audit charter?

Question188: Which of the following is an example of an application control?

Question189: According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?

Question190: According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity's (IAA's) objectives?

Question191: An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)

Question192: A software that translates hypertext markup language (HTML) documents and allows a user to view a remote web page is called:

Question193: What is the purpose of a secondary control?

Question194: The following transactions and events occurred during the year:

- $300,000 of raw materials were purchased, of which $20,000 were returned because of defects
- $600,000 of direct labor costs were incurred.
- S750.000 of manufacturing overhead costs were incurred.
What is the organization's cost of goods sold for the year?

Question195: An organization has recorded the following profit and expenses:
Profit before interest and tax
$200,000
Sales
$2,300,000
Purchases of materials
$700,000
Interest expenses
$30,000
If the value-added tax (VAT) rate is 20 percent and the corporate tax rate is 30 percent, which of the following is the amount of VAT that the organization has to pay?

Question196: According to MA guidance, which of the following best describes an adequate management (audit) trail application control for the general ledger?

Question197: During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?

Question198: An internal auditor uses a predefined macro provided in a popular spreadsheet application to verify the present value of the organization's investments. Which of the following is the most appropriate course of action regarding the auditor's use of this functionality?

Question199: Which of the following best describes a market signal?

Question200: The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

Question201: Which of the following describes a typical desktop workstation used by most employees in their daily work?

Question202: According to IIA guidance, which of the following statements is true when an internal auditor performs consulting services that improve an organization's operations?

Question203: Which of the following techniques would be least effective in resolving the conflict created by an internal audit client's perception of the audit report as a personal attack on his management performance?

Question204: What kind of strategy would be most effective for an organization to adopt in order to implement a unique advertising campaign for selling identical product lines across all of its markets?

Question205: Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.

Question206: According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?

Question207: Which of the following is a typical example of structured data?

Question208: The activity that involves a trial run of a product in a typical segment of the market before proceeding to a national launch is referred to as:

Question209: The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?

Question210: Which of the following IT strategies is most effective for responding to competitive pressures created by the marketplace?

Question211: According to IIA guidance, which of the following steps are most important for an internal auditor to perform when evaluating an organization's social and environmental impact on the local community?
* Determine whether previous incidents have been reported, managed, and resolved.
* Determine whether a business contingency plan exists.
* Determine the extent of transparency in reporting.
* Determine whether a cost/benefit analysis was performed for all related projects.