EMT Practice Test

1. Question Content...


Question List

Question1: According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:

Question2: An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if:

Question3: Which of the following statements, if true, could justify an auditor's decision not to report governance-related control deficiencies to the audit committee?

Question4: An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization.
Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?

Question5: A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allow is:

Question6: Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor.
Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?

Question7: Why are preventative controls generally preferred to detective controls?

Question8: Auditors 1, 2, and 3 work out of various offices. Each must be assigned to one, and only one, of three audit locations (A, B, or C). The cost of sending each auditor to each location is listed below:
Audit Locations
Auditor 1
A
B
C
Auditor 2
$200
$300
$400
Auditor 3
$400
$300
$600
Auditor 4
$200
$200
$500
The minimum cost with which this assignment can be accomplished is:

Question9: Which of the following statements describes a control weakness?

Question10: During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:

Question11: If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?

Question12: This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline. Which of the following would be the best course of action for the CAE to take?

Question13: To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first:

Question14: An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Question15: A chief audit executive (CAE) is reviewing the internal audit activity's performance and is concerned that the average number of revisions to findings is steadily rising, making it increasingly difficult to trace the finding to the supporting evidence and workpapers. According to MA guidance, which of the following elements of the internal audit activity's quality assurance and improvement program would provide the CAE with the most helpful insight into the cause of this problem?

Question16: An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time,and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?

Question17: An internal auditor obtains spreadsheets created by the finance department of an organization. The internal auditor contacts a third party about the source data that was utilized to create the spreadsheets before going on to perform a ratio analysis and a comparison of budget versus actual data. What is the most likely reason that the internal auditor involved a third party before performing further analysis?

Question18: An internal auditor is conducting an engagement in the accounts payable department,which includes expressing an opinion at the micro level. According to IIA guidance,which of the following statements is true regarding micro-level opinions?
1.They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2.They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3.They are discrete and not normally shared with senior management or the board.
4.They can rely on evidence taken from the work of other assurance activities across the organization.

Question19: An organization has developed a model to determine the most profitable rate of production. The organization varies the cost of labor in the model to determine how much the changes affect the optimal production level.
Which type of analysis does this scenario demonstrate?

Question20: According to IIA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Question21: Which of the following best describes how the increased use of computerization may impact an auditor's assessment of the risk of fraud?

Question22: An internal auditor is testing whether payments to outside contractors have been charged to the proper account. Which of the following sampling methods would be most useful in completing this task?

Question23: To enhance the independence of both the internal and external audit functions, audit committees should be composed of:

Question24: Line management of a manufacturing operation requests an operational audit. They are seeking recommendations for policies and procedures to enhance control over the operation. What should the internal audit activity do?

Question25: New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management's data and information provide:

Question26: According to IIA guidance, which of the following external groups is most likely to represent a liability risk, based on activities associated with the organization's corporate social responsibility program?

Question27: During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:

Question28: Which of the following elements should an auditor recommend for inclusion in an organization's code of ethics?
I.Ethics should vary with local customs in the organization's foreign operations.
II.
Whistle-blowing should be discouraged because it can cause distrust among employees and false accusations which waste organizational resources on investigations.
III.
Ethical behavior should not be incorporated into performance evaluations because it is too subjective and controversial.

Question29: Which of the following is accomplished by the internal audit charter?

Question30: When an internal auditor applies due professional care to perform an assurance engagement, which of the following must she consider?
1. Findings of the last audit engagement performed.
2. Probability of significant errors, irregularities, or noncompliance.
3. Extent of work needed to achieve engagement objectives.
4. Cost of the engagement versus the potential benefits.

Question31: The primary reason that a chief audit executive (CAE) reviews external audit management letters and management response is to:

Question32: The first stage in the development of a crisis management program is to:

Question33: Which of the following would be the best example of a monitoring control for a chain of restaurants?

Question34: During an interview with a data-entry clerk in the human resources department, an internal auditor recognizes a potentially significant weakness with a database system used to track employee performance ratings. Which of the following actions should the auditor take after discovering the weakness?

Question35: Which of the following is a component of the internal audit value proposition endorsed by IIA guidance?

Question36: According to IIA guidance, which of the following statements about working papers is false?

Question37: A small not-for-profit organization with limited resources is unable to adequately maintain appropriate segregation of duties. Considering the organization's resource constraints, which type of controls would best mitigate segregation of duty risks?

Question38: According to the COSO framework, which of the following is not a principle of internal control?

Question39: A company has entered into a $20,000,000 fixed-price contract with a general contractor for the construction of a new retail outlet. For this contract, which of the following would represent the greatest risk?

Question40: In order to be organizationally independent, the chief audit executive should report administratively to the [List A] and functionally to the [List B].
[List A]
[List B]

Question41: A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?

Question42: Which of the following is the most appropriate outcome measure for assessing safety operations?

Question43: In a manufacturing company, which department would be the internal audit activity's most reliable source of information on the controls over minimizing defective goods?

Question44: A manufacturer uses a materials requirements planning (MRP) system to track inventory, orders, and raw materials requirements. What condition should an auditor search for in the MRP database if a preliminary assessment indicated that inventory is understated?
I.Item cost set at zero.
II.
Negative quantities on hand.
III.
Order quantity exceeding requirements.
IV.

Question45: Overall audit efficiency is enhanced between the internal and external audit functions when:

Question46: An internal audit charter should do which of the following?

Question47: According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Question48: Which of the following factors should be considered when determining the appropriate combination of manual techniques and computer-assisted audit techniques (CAATs) to be used during an audit?
1. Acceptance of CAATs findings by entity management.
2. Computer knowledge and expertise of the auditor.
3. Time constraints.
4. Level of audit risk.

Question49: Which of the following is an example of a risk management avoidance response?

Question50: Which of the following would be the least desirable criteria against which to judge current operations of a company's treasury function?

Question51: An internal auditor must determine which components of an organization's telecommunications may introduce the greatest risk. Which of the following tasks should the internal auditor complete first?

Question52: In developing an appropriate work program for an audit engagement, the most important factor for an audit supervisor to consider is the:

Question53: The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?

Question54: After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?

Question55: Which of the following is the best method for testing the accuracy of a computer program's calculation of shipping charges?

Question56: In addition to data protection, which of the following is a control that is typically used by companies to safeguard the privacy rights of their customers?
I.End-user computing.
II.
Encryption of data.
III.
Spyware.
IV.
Intrusion detection.

Question57: Which of the following is the most appropriate outcome measure for assessing safety operations?

Question58: Two individuals are being considered for an audit team that is to perform a highly technical review.
Which of the following situations would preclude selection of the individual for the audit due to an objectivity concern?
I. Person A is a member of the internal audit staff and has the required technical skills. Person A participated in a controls review of the system to be audited when it was being developed.
II.Person B is a technical specialist who understands the audit area but is not a member of the internal audit staff. Although person B has personal credibility in the information systems department to be audited,person B works for another department in the organization.

Question59: Which of the following represents the most effective governance structure?
I.
Operating
Executive
Internal
Management
Management
Auditing
Responsibility for risk
Oversight role
Advisory role
II.
Oversight role
Responsibility for risk
Advisory role
III.
Responsibility for risk
Advisory role
Oversight role
IV.
Oversight role
Advisory role
Responsibility for risk

Question60: The primary reason that a bank would maintain a separate compliance function is to:

Question61: Which of the following might alert an internal auditor to the possibility of fraud in a division?
1.The division is not scheduled for an external audit this year.
2.Sales have increased by 10 percent.
3.A
significant portion of management's compensation is directly tied to reported net income of the division.

Question62: When internal auditors perform consulting services that add value and improve an organization's operations, these services:

Question63: A daily log of treasury dealers who exceeded their authorized limits serves as a:

Question64: Some of an organization's payroll transactions were batch posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be:

Question65: What type of risk management strategy is being employed when an organization installs two firewalls to provide protection from unauthorized access to the network?

Question66: According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?

Question67: Which of the following statements accurately describes the responsibility of the internal audit activity regarding IT governance?
1. The internal audit activity does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The internal audit activity must assess whether the IT governance of the organization supports the organization's strategies and objectives.
3. The internal audit activity may assess whether the IT governance of the organization supports the organization's strategies and objectives.
4. The internal audit activity may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organization's strategies and objectives.

Question68: An internal audit charter should do which of the following?

Question69: Which of the following is not one of the 10 core competencies identified in the IIA Competency Framework?

Question70: After several years in the engineering department, an engineer was transferred to the internal audit department. One month later, the new auditor was assigned to an assurance engagement for the engineering department. When the auditor's former engineering supervisor suggested a change in the sample selection method, the auditor consulted with the audit supervisor. They determined that the suggested method would not be as representative and that the original selection method should be used. In this situation, the auditor:

Question71: Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I. Write detailed audit procedures.
II. Identify client objectives, goals, and standards.
III. Identify risks and controls intended to prevent associated losses.
IV. Determine relevant engagement objectives.

Question72: The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risk, and assigned an audit priority to each. Which of the following statements is true and consistent with the International Professional Practices Framework?
I.Items should be ranked in the order of quantifiable dollar exposure to the organization.
II.
The audit priorities should be in order of major control deficiencies.
III.
The risk assessment, though quantified, is the result of professional judgments about both exposures and probability of occurrences.

Question73: According to IIA guidance, which of the following statements is correct concerning the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity (IAA)?

Question74: Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?

Question75: When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first?

Question76: During a review of a division's operations, an internal auditor notes that sales and customer base are unchanged, while inventory and gross margin have increased significantly. Which of the following audit procedures would be most relevant in substantiating management's assertion that the gross margin increase is due to increased efficiency in manufacturing operations?

Question77: An organization's chief audit executive (CAE) has been asked to conduct an assurance engagement for an information technology system that was subject to a consulting engagement in the prior year. How should the CAE respond?

Question78: In order to effectively handle conflict between audit team members, an audit team leader should:

Question79: An employee is more likely to commit fraud if which of the following red flags are present?
1. The employee believes that he is being underpaid and deserves a higher salary.
2. The employee is close to retirement and has expressed a desire to take an expensive trip around the world.
3. The employee has personal financial problems and seems very unhappy.
4. The employee is spending much more time at the office than usual and has been asking about opportunities for professional advancement.

Question80: Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?

Question81: An internal auditor obtains spreadsheets created by the finance department of an organization. The internal auditor contacts a third party about the source data that was utilized to create the spreadsheets before going on to perform a ratio analysis and a comparison of budget versus actual data. What is the most likely reason that the internal auditor involved a third party before performing further analysis?

Question82: An internal auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:
"A statistical sample of 40 employee personnel files was selected to verify that they contain all

documents required by company policy 501 (copy attached). No exceptions were noted." The auditor did not place any audit verification symbols on this workpaper.

Which of the following changes would most improve the auditor's workpaper?

Question83: A member of the IT department transfers to the internal audit department. A few months after transferring, the new auditor volunteers to assist in an assurance engagement for the IT department. According to the Standards, how should the chief audit executive respond?

Question84: When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first?

Question85: Which of the following activities would be most likely to impair the objectivity of an internal auditor?

Question86: An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

Question87: Sometimes, internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?
1. Reappraising risks levels.
2. Providing accurate information to management.
3. Marketing the internal audit activity.
4. Planning safeguards for assets in high-risk areas.

Question88: Which of the following is not an appropriate type of coordination between the internal audit activity and regulatory auditors?

Question89: Which type of objectives can best be described as broad goals that promote the effective andefficient use of resources?

Question90: During an account receivables audit, an internal auditor found a significant number of input errors resulting in a
$500, 000 balance understatement.
Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?

Question91: Which of the following should be the primary objective of an audit of an entity's business continuity plan?

Question92: Which of the following would be the least desirable criteria against which to judge current operations of a company's treasury function?

Question93: Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Question94: Which of the following does not need to be defined in the internal audit charter?

Question95: Which of the following lists these audit steps in the correct chronological order?
I.Create the engagement work program.
II.Conduct the exit conference.
III.Perform fieldwork.
IV.Schedule the audit engagement.
Issue a summary report of audit findings.

Question96: The manager for an organization's accounts payable department resigned her post in that capacity. Three months later, she was recruited to the internal audit activity and has been working with the audit team for the last eight months. Which of the following assignments would the newly hired internal auditor be able to execute without any impairments to independence or objectivity?

Question97: An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report.
When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit?

Question98: Regarding an organization's decision to retain an external audit firm, the chief audit executive (CAE) should:

Question99: The chief audit executive should periodically report the internal audit activity's purpose,authority,responsibility,and performance,as well as significant risk exposures and control issues,to which of the following?
I. Board of directors.
II.Senior management.
III.Shareholders.
IV.External auditors.

Question100: Which of the following is the best example of a strategic objective?

Question101: When developing the annual audit plan and reviewing risk assessment priorities, a chief audit executive should always identify the:

Question102: Which of the following corporate travel policies is least likely to be cost-effective?

Question103: An organization has developed a model to determine the most profitable rate of production. The organization varies the cost of labor in the model to determine how much the changes affect the optimal production level. Which type of analysis does this scenario demonstrate?

Question104: Noncompliance with which of the following would cause a control deficiency related to privacy protection practices?
I.An organization's internal privacy policies. II.Financial accounting standards.
III.Privacy laws and regulations.
IV.The Standards.

Question105: Two individuals are being considered for an audit team that is to perform a highly technical review. Which of the following situations would preclude selection of the individual for the audit due to an objectivity concern?
I.Person A is a member of the internal audit staff and has the required technical skills. Person A participated in a controls review of the system to be audited when it was being developed.
II.
Person B is a technical specialist who understands the audit area but is not a member of the internal audit staff. Although person B has personal credibility in the information systems department to be audited, person B works for another department in the organization.

Question106: The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?

Question107: An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization's mission. Which of the following pieces of evidence would be sufficient for completing this task?

Question108: According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?

Question109: After completing a net present value (NPV) calculation on a proposed project, an analyst explores the change in NPV with changes in the interest rate. This additional analysis is referred to as:

Question110: Company A has a formal comprehensive corporate code of ethics while company B does not. Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
Company A exhibits a higher standard of ethical behavior than does company B.
Company A has established objective criteria by which an employee's actions can be evaluated.
The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.

Question111: A chief audit executive (CAE) reports functionally to the CEO and administratively to the chief financial officer, both of whom serve on the company's board of directors. According to IIA guidance, which of the following would offer the greatest protection for the independence of the internal audit activity?

Question112: An internal auditor audited a department store's cash function. Which of the following actions would indicate a lack of due professional care by the auditor?

Question113: Which of the following is characteristic of embezzlement?

Question114: Which of the following should be the first step that an internal auditor takes to establish data integrity when building an audit working copy of a large database?