Question1: When dealing with various stakeholders which of the following is true regarding an internal auditor's responsibility to remain objective
and independent?
Question2: Which of the following is characteristic of embezzlement?
Question3: In order to exercise due professional care as defined in the International Professional Practices Framework,an internal auditorshould:
I.Consider the probability of significant noncompliance in each audit engagement.
II.Perform assurance procedures with sufficient care to ensure that all risks are identified.
III.Weigh the cost of assurance against the benefits.
Question4: In preparing for an audit of the footwear division of a major retail organization, an internal auditor gathered the following information about the organization's stores:

In addition to labor costs, the other costs associated with each store are leasing and maintenance expenses. Which of the following is a valid conclusion?
Question5: An auditor identifies three errors in the sample of 25 entries selected for review (a 12 percent error rate). Based on this result,the auditor assumes that approximately 59 of the total populationof 492 entries are incorrect. To reach this assumption,the auditor has used a technique known as which of the following?
Question6: Auditors 1, 2, and 3 work out of various offices. Each must be assigned to one, and only one, of three audit locations (A, B, or C). The cost of sending each auditor to each location is listed below:
Audit Locations
Auditor 1 A B
Auditor 2 $200 $300 $400
Auditor 3 $400 $300 $600
Auditor 4 $200 $200 $500
The minimum cost with which this assignment can be accomplished is:
Question7: A furniture manufacturer has installed a new fire sprinkler system at its central warehouse and canceled the existing fire insurance policy on that property. What change of risk response strategy does this course of action most likely reflect?
Question8: According to the Standards, which of the following best describes why initial audit test results should be reported to the auditor-in-charge prior to advising management?
Question9: An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?
Question10: The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional-level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member's suggestion is adopted?
Question11: Auditors 1,2,and 3 work out of various offices. Each must be assigned to one,and only one,of three audit locations (A,B,or C). The cost of sending each auditor to each location is listed below: Audit Locations
Auditor 1 A B
Auditor 2 $200 $300 $400
Auditor 3 $400 $300 $600
Auditor 4 $200 $200 $500
The minimum cost with which this assignment can be accomplished is:
Question12: Which of the following steps would not be included in a program of selecting and developing human resources for an internal audit department?
Question13: Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?
Question14: Which of the following situations undermines the independence of the internal audit activity?
Question15: Which of the following is an example of a preventive control activity for risk related to pollution caused by waste disposal?
Question16: Which of the following is a true statement regarding whistleblowing?
Question17: If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?
Question18: A new internal audit activity is creating its first charter. According to IIA guidance, which of the following objectives would be appropriate for inclusion in the charter?
Question19: The primary reason that a bank would maintain a separate compliance function is to:
Question20: At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?
Question21: In a manufacturing organization, all sales prices are determined centrally and are electronically sent to the distribution centers to update their sales price tables. Any pricing deviations must be approved by central headquarters. To determine how this process is functioning, an internal auditor should:
Question22: Which of the following statements relating to risk management is true?
Question23: Which of the following is most likely to function as a directive control?
Question24: Allegations have been made that an organization's share price has been manipulated.
Which of the following would provide an internal auditor with the most objective evidence in this case?
Question25: An internal auditor is researching the laws and regulations related to a city's grant program. Which of the following procedures is least relevant to this task?
Question26: Which of the following actions would have the greatest impact on the effectiveness of the internal audit activity?
Question27: Which of the following represents an example of an ethical issue that the organization should address'?
Question28: If appropriate safeguards exist, which of the following is considered a legitimate internal audit role within risk management at an organization?
Question29: During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management's request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?
Question30: An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report.
When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit?
Question31: An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?
Question32: Which of the following actions would compromise an internal auditor's objectivity?
Question33: According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?
Question34: An organization references a customer order with an approved customer file and credit limit before accepting an order. Which type of control does this process exemplify?
Question35: An organization that outsources much of its internal audit work to an external service provider is planning for an external quality assessment. Which of the following options would accomplish this task and be in conformance with the Standards?
Question36: Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?
Question37: After several years in the engineering department, an engineer was transferred to the internal audit department. One month later, the new auditor was assigned to an assurance engagement for the engineering department. When the auditor's former engineering supervisor suggested a change in the sample selection method, the auditor consulted with the audit supervisor. They determined that the suggested method would not be as representative and that the original selection method should be used. In this situation, the auditor:
Question38: The percentage of orders that are rush orders and the percentage of returns to total orders are examples of which of the following types of control activities?
Question39: Which of the following is correct regarding the implementation of a quality assurance and improvement program for the internal audit function?
Question40: What role, if any, should the internal audit activity have in the process of following up on observations and recommendations made by the external auditors?
Question41: Which of the following internal control components has COSO identified as the most important?
Question42: An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?
Question43: A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:
Question44: Which type of control is designed to directly mitigate internal and external risks at the organization wide level, furthering the achievement of many overall organizational objectives?
Question45: Which of the following describes an ongoing monitoring activity that could be performed as part of an internal assessment for a quality assurance and improvement program (QAIP)?
Question46: A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?
Question47: According to IIA guidance,which of the following must the internal auditor consider to meet the requirements for due professional care?
Question48: Which of the following is an example of impairment to internal auditor independence or objectivity'?
Question49: According to IIA guidance, which of the following roles would be appropriate for an internal auditor regarding fraud risk?
1. Identification.
2. Mitigation.
3. Remediation.
4. Reduction.
Question50: During an interview with a data-entry clerk in the human resources department, an internal auditor recognizes a potentially significant weakness with a database system used to track employee performance ratings. Which of the following actions should the auditor take after discovering the weakness?
Question51: A medical insurance provider uses an electronic claims-submission process and suspects that a number of physicians have submitted claims for treatments that were not performed. Which of the following control procedures would be most effective to detect this type of fraud?
Question52: When an external auditor unknowingly fails to modify an opinion on financial statements that are materially misstated, this is an example of:
Question53: Why is the concept of residual risk important?
Question54: Which of the following actions does not violate the IIA Code of Ethics or Standards?
Question55: The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?
Question56: According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?
Question57: In developing an appropriate work program for an audit engagement, the most important factor for an audit supervisor to consider is the:
Question58: An electrician visits a client to assess the scope of work. After the visit, the sales office compiles and sends the client a proposal based on the electrician's estimation and approved price list. The internal auditor notices that in the last six months, the number of cancelled proposals has increased substantially. Which of the following is a fraud risk scenario that the auditor should consider in this situation?
Question59: A whistle blower notified internal audit of a conflict of interest between an organization's employee and a major supplier. Which of the following steps should be undertaken first?
Question60: ----
Which of the following is the responsibility of an internal auditor?
Assist operating management in implementing audit recommendations. Provide management with value-added analysis to improve operations. Become an advocate for changes to the internal audit activity charter. Disclose non-financial risks that may be identified during the course of an engagement.
Question61: According to IIA guidance, which of the following is required of an internal audit activity?
Question62: An organization's sales professionals are potentially abusing the use of cellular phones, resulting in an alarming increase in telephone expenses. Which of the following controls is least likely to curb this abuse?
Question63: An organization has developed a model to determine the most profitable rate of production. The organization varies the cost of labor in the model to determine how much the changes affect the optimal production level. Which type of analysis does this scenario demonstrate?
Question64: Which of the following would be a violation of the objectivity of a certified internal auditor?
1.Accepting a motivational book from a major vendor.
2.Attending a professional sporting event as the guest of a corporate supplier.
3.Performing an internal audit engagement for a division 18 months after having
controllership responsibility for that division.
4.Designing and implementing a corporate-wide utilities cost containment program.
Question65: Which of the following best describes how the increased use of computerization may impact an auditor's assessment of the risk of fraud?
Question66: Which of the following results from computer assisted audit techniques provides the most significant indication that additional audit work is needed?
Question67: An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts. Which of the following irregularities is the most likely cause of the auditor's suspicion?
Question68: A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed. In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:
Question69: Which of the following enhances the independence of the internal audit activity?
Question70: According to The IIA's Code of Ethics, an internal auditor who has a romantic relationship with an audit client violates which of the following rules of conduct?
Question71: During a payroll audit of a large organization, an auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director.
The auditor should:
Question72: An internal auditor is designing a sampling plan to test the accuracy of daily production reports over the past three years. All of the reports contain the same information except
that Friday reports also contain weekly totals and are prepared by managers rather than by supervisors. Production normally peaks near the end of a month. If the auditor wants to select two reports per month using an interval sampling plan,which of the following techniques reduces the likelihood of bias in the sample?
Question73: An internal auditor wants to use ratio analysis to examine efficiencies in an organization's accounting department. Which of the following statements identifies a weakness of ratio analysis that should be considered by the auditor?
Question74: Human resources and payroll are separate departments.
Which of the following combinations would provide the best segregation of duties?
Question75: Which of the following statements is true regarding electronic funds transfer (EFT)?
Question76: According to IIA guidance, the results of a formal quality assessment should be reported to which of the following groups?
Question77: A chief audit executive (CAE) is selecting an internal audit team to perform an audit engagement that requires a high level of knowledge in the areas of finance, investment portfolio management, and taxation. If neither the CAE nor the existing internal audit staff possess the required knowledge, which of the following actions should the CAE take?
Question78: An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?
Question79: Which of the following policies exemplifies a control weakness in the approval and oversight of credit sales?
Question80: Which of the following actions should the audit committee take to promote organizational independence for the internal audit activity?
Question81: When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:
Question82: A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?
Question83: An internal auditor is evaluating techniques management uses to mitigate risks within a particular product division. Which of the following is an example of risk reduction?
Question84: Which the following activities should be performed by the internal audit activity to facilitate an effective relationship with the audit committee?
Periodically report about the accounting standards followed by the organization.
Provide assurance to the audit committee that its charter, activities, and processes are appropriate.
Ensure that the role and activities of the internal audit activity are clearly understood and responsive to the needs of the audit committee.
Maintain open and effective communications with the audit committee.
Question85: When reviewing management reports to the board of directors, the internal audit activity should:
Question86: In order to exercise due professional care as defined in the International Professional Practices Framework, an internal auditor shoulD.
I.Consider the probability of significant noncompliance in each audit engagement.
II.
Perform assurance procedures with sufficient care to ensure that all risks are identified.
III.
Weigh the cost of assurance against the benefits.
Question87: An internal audit activity encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential engagement client. The nature of the scope limitation should be.
Question88: Which of the following is a requirement for an assurance engagement that may not be for a consulting engagement?
Question89: In an audit engagement, a group of internal auditors used an integrated test facility to test payroll processing.
The auditors identified the key controls and processing steps in the computer software, and then developed test data. Over the course of 24 months, they submitted test transactions on a regular basis but did not find any differences between payroll processing and integrated test facility results. Based on the data, what can the auditors conclude?
Question90: According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:
Question91: During an internal audit,the internal auditor compares the employee turnover rate in the area being audited with the employee turnover rate in the organization as a whole.
This is an example of which of the following analytical auditing procedures?
Question92: An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?
Question93: An assurance mapping exercise helps an organization do which of the following?
Provide assurance to stakeholders that risks are managed and reported, and regulatory and legal obligations are met.
Fulfill best practices in the industry.
Identify and address any gaps in the risk management process.
Identify fraud.
Question94: In a manufacturing organization, all sales prices are determined centrally and are electronically sent to the distribution centers to update their sales price tables. Any pricing deviations must be approved by central headquarters.
To determine how this process is functioning, an internal auditor should:
Question95: Which of the following specifications in an internal audit charter is the most important factor in the internal audit activity's independence?
Question96: An internal auditor makes a series of observations when performing an analytical review of division operations. The auditor notes the following things: the current ratio is increasing and the quick ratio is decreasing, sales and current liabilities have remained constant, and the number of day sales in inventory is increasing. Which conclusion should the auditor draw from this data?
Question97: In which of the following situations would fishbone diagrams be most useful?
Question98: A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function,which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?
Question99: When performing benchmarking during the planning phase of a performance audit, an internal auditor should:
Question100: Given the highly technical and legal nature of privacy issues, which of the following statements best describes the internal audit activity's responsibility with regard to assessing an organization's privacy framework?
Question101: Which of the following best describes the differences between internal auditors and external auditors?
Question102: An audit to test the system of controls over the purchase, distribution, and use of radioactive material is being conducted at a company's plants. The process is well documented, and employees in the safety department are very familiar with the department's procedures. Since the purchasing and facilities departments are involved in the process, the auditor is considering reviewing their radioactive material-handling procedures as well.
The auditor should:
Question103: Which of the following would be the best source of information for a chief audit executive to use in planning future audit staff requirements?
Question104: A production division received 45 responses to a customer-service survey distributed to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. Which of the following is the most likely reason that the division manager would be concerned about nonresponse bias in this situation?
Question105: Which of the following elements should an auditor recommend for inclusion in an organization's code of ethics?
I. Ethics should vary with local customs in the organization's foreign operations.
II. Whistle-blowing should be discouraged because it can cause distrust among employees and false accusations which waste organizational resources on investigations.
III. Ethical behavior should not be incorporated into performance evaluations because it is too subjective and controversial.
Question106: An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.
According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?
Question107: According to IIA guidance, which of the following best describes the chief audit executive s responsibility for confirming to the board the organizational independence of the internal audit activity'?
Question108: Which of the following elements should an auditor recommend for inclusion in an organization's code of ethics?
I.Ethics should vary with local customs in the organization's foreign operations.
II.
Whistle-blowing should be discouraged because it can cause distrust among employees and false accusations which waste organizational resources on investigations.
III.
Ethical behavior should not be incorporated into performance evaluations because it is too subjective and controversial.
Question109: Risk within an internal audit engagement is defined as the:
Question110: In order to save time, an audit manager no longer required that a standard internal control questionnaire be completed for each audit engagement. Does this represent a violation of the Standards?
Question111: A manufacturing organization's multi-step sales and shipping process starts when the organization's headquarters receives the sales order. Headquarters then shares that data with the individual manufacturing facility that compiles the shipment. Finally, the individual manufacturing facility sends the shipments to the customer. Which method should the internal auditor use to document this process in a flowchart?
Question112: Two individuals are being considered for an audit team that is to perform a highly technical review.
Which of the following situations would preclude selection of the individual for the audit due to an objectivity concern?
I. Person A is a member of the internal audit staff and has the required technical skills. Person A participated in a controls review of the system to be audited when it was being developed.
II. Person B is a technical specialist who understands the audit area but is not a member of the internal audit staff. Although person B has personal credibility in the information systems department to be audited, person B works for another department in the organization.
Question113: According to the International Professional Practices Framework, risk is:
I. Defined as the negative effect of events that are expected to occur.
II. Measured in terms of consequences.
III. Measured in terms of likelihood.
Question114: New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management's data and information provide:
Question115: Which of the following is a role internal auditors should undertake related to risk management?
Question116: Which of the following is the best method for testing the accuracy of a computer program's calculation of shipping charges?
Question117: Which of the following does not need to be defined in the internal audit charter?
Question118: Which of the following is a preventive control?
Question119: Management has requested that an internal auditor serve as member of a task force that will review current receivables practices and make recommendations to improve processes.
Which of the following is the most appropriate response by the internal auditor?
Question120: Which of the following processes or tools can be used as ongoing internal assessments of the performance of the internal audit activity?
1. Analyses of audit plan completion and cost recoveries.
2. Selective peer reviews of work papers by staff involved in the respective audits.
3. Self-assessment of the internal audit activity with on-site validation by a qualified independent reviewer.
4. Feedback from audit customers and stakeholders.
Question121: According to COSO, which of the following describes a principle related to the control environment?
Question122: Which of the following best demonstrates organizational independence of the internal audit activity?
Question123: Management should be included in the development of the audit plan in order to:
Question124: For a bank handling large amounts of cash, which of the following types of control would be the most effective to use?
Question125: To ensure that due professional care has been taken during an audit engagement, an internal auditor should always:
Question126: An internal auditor is planning an audit of an organization where temporary employees are suspected of receiving pay for hours they have not worked. Which of the following tasks should not be performed at this stage in the audit?
Question127: An auditor plans to analyze customer satisfaction, including. (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months.
Which of the following statements regarding this audit approach is correct?
Question128: An internal auditor obtains spreadsheets created by the finance department of an organization. The internal auditor contacts a third party about the source data that was utilized to create the spreadsheets before going on to perform a ratio analysis and a comparison of budget versus actual data. What is the most likely reason that the internal auditor involved a third party before performing further analysis?
Question129: Which of the following statements relating to risk management is true?
Question130: According to the Standards,which of the following best describes why initial audit test results should be reported to the auditor-in-charge prior to advising management?
Question131: Which of the following statements is true regarding assurance services provided to clients outside of the organization?
Question132: Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?
Question133: According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?
1. The complexity of the work required.
2. The needs and expectations of the client.
3. The potential value of the engagement compared to the effort.
4. Information regarding assumptions and procedures to be employed.
Question134: Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization's risk management process against?
Question135: Feedback on engagements from audit clients, annual benchmarking of the internal audit activity's (IAA's) performance against best practice, and analyses of project budgets and audit plan completion are all tools that can best be used by the IAA for which purpose?
Question136: In which of the following scenarios would a customer service hotline receive a high volume of complaints regarding payments not being applied to customers' accounts?
Question137: Which of the following controls is not appropriate for sales in a manufacturing organization?
Question138: According to NA guidance, which of the following provides the best evidence of conformance with the Standards with respect to the proficiency required of the internal audit activity?
Question139: An internal quality assessment of the internal audit activity should provide the chief audit executive with:
Question140: Which of the following would be considered a preventive control?
Question141: How should management obtain assurance that employees are complying with the organization's security policy?
Question142: At the beginning of fieldwork in an audit of investments, an internal auditor noted that the interest rate had declined significantly since the engagement work program was created. The auditor should:
Question143: Which of the following risk management activities is most appropriate for an internal auditor to undertake?
Question144: In selecting a team to perform an internal audit of a purchasing operation, which of the following characteristics would not preclude an auditor from being selected?
1. The auditor's spouse is employed by the clerical section of the purchasing records unit.
2. The auditor had been a purchasing agent five years earlier.
3. The auditor's family owns a business that regularly sells goods to the organization.
4. The auditor has received a desk calendar as a promotional gift from a vendor.
Question145: Which of the following audit findings would have the least impact (either positive or negative) on a department's control environment?
Question146: To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first:
Question147: At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).
However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?
Question148: Which of the following would be outside the scope of acquiring and developing human resources for an internal audit department?
Question149: An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
They are most effective when using a combination of current and prior engagement findings to draw conclusions.
They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
They are discrete and not normally shared with senior management or the board.
They can rely on evidence taken from the work of other assurance activities across the organization.
Question150: During a review of employee benefits, a staff internal auditor observed an ambiguity in the incentive compensation policy. If reported, it could negatively impact the internal auditor's compensation. Which of the following would encourage the internal auditor to be objective in his work?
Question151: Which of the following is a preventive control?
Question152: An internal auditor used a questionnaire during an interview to gather information about the nature of credit sales processing. The questionnaire did not cover some pertinent information offered by the person being interviewed, and the auditor did not document the potential problems for further investigation. The primary deficiency with the above process is that:
Question153: Reportable audit findings must be:
I. Documented by facts.
II. Supported by relevant evidence.
III. Agreed to by management of the audited area.
IV. Convincing enough to compel corrective action.
Question154: A snow removal company is conducting a scenario planning exercise where participating employees consider the potential impacts of a significant reduction in annua snowfall for the coming winter. Which of the following best describes this type of risk?
Question155: Which of the following is a legitimate role for the internal audit activity in the organization's risk management process'?
Question156: The chief audit executive (CAE) wants to ensure that there are sufficient resources
available to fulfill the responsibilities of the internal audit activity in the coming year. Which statement describes the most logical sequence of events for the CAE to undertake in order to achieve this objective?
Question157: Which of the following is an example of a risk avoidance strategy?
Question158: An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?
Question159: An internal auditor is testing whether payments to outside contractors have been charged to the proper account. Which of the following sampling methods would be most useful in completing this task?
Question160: Due to urgent requests from management, a busy internal audit activity finds that it can no longer meet all of its commitments contained in the annual audit plan. The best course of action for the chief audit executive to take would be to:
Question161: An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items. Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:
Question162: Which of the following is a role of the board of directors in the governance process?
Question163: According to the IIA Code of Ethics, the deliberate omission of relevant information from an audit report would violate which principle?
Question164: The first stage in the development of a crisis management program is to:
Question165: Internal control processes in an organization require that all investments exceeding $20, 000 receive authorization from both the president and treasurer. After conducting a sample of these transactions, an auditor determined that 10 of the 500 investments in the sample had not included both required authorizations. The sample has a five percent acceptable error rate. Based on this sample, which of the following actions should the auditor take?
Question166: An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.
Question167: Which type of control is designed to directly mitigate internal and external risks at the organization wide level, furthering the achievement of many overall organizational objectives?
Question168: Which of the following characteristics could indicate high risk?
Question169: Which of the following is a component of the internal audit value proposition endorsed by IIA guidance?
Question170: According to the International Professional Practices Framework,risk is:
I.Defined as the negative effect of events that are expected to occur.
II.Measured in terms of consequences.
III.Measured in terms of likelihood.
Question171: During an audit of financial contracts, an internal auditor learns that a relative has a substantial loan with the organization. The auditor should:
Question172: An internal auditor was completely honest with operational management when delivering unfavorable audit results Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?
Question173: Which of the following characteristics could indicate high risk?
Question174: An internal auditor used a questionnaire during an interview to gather information about the nature of credit sales processing. The questionnaire did not cover some pertinent information offered by the person being interviewed, and the auditor did not document the potential problems for further investigation. The primary deficiency with the above process is that:
Question175: Which of the following is characteristic of embezzlement?
Question176: A chief audit executive used risk assessment to prepare the audit work schedule. Which of the following would be the least appropriate reason to modify the schedule?
Question177: Which of the following actions by the internal audit activity provides strong evidence that it is organizationally independent?
Question178: Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?
Question179: An accounts payable clerk who has access to the vendor master file replaced the payment details of a legitimate vendor with those of a friend before processing the payment through the organization's cashier. Immediately afterward, he restored the original vendor information. Which of the following controls could have prevented this fraud?
Question180: During an internal audit,an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.
Which of the following tests would best help the internal auditor detect fraudulent activity?
Question181: Which requirement should the chief audit executive consider when communicating results of the quality assurance and improvement program to the board of a large
organization?
Question182: Which of the following fraud prevention measures is most likely to trigger undesired adverse behavior if improperly designed?
Question183: Which of the following can be used to minimize employees' resentment of controls?
Question184: Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.
Question185: An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts.
Which of the following irregularities is the most likely cause of the auditor's suspicion?
Question186: Which of the following would not be considered part of preliminary survey of an engagement area?
Question187: Which of the following activities should the chief audit executive perform to ensure compliance with an organization's code of conduct?
Question188: According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?
Question189: Which of the following is a weakness of observation as audit evidence?
Question190: Continuing Professional Education (CPE) hours for Certified Internal Auditors may be achieved by:
Question191: According to the COSO enterprise risk management (ERM) framework,which of the following is not part of the new paradigm in ERM?
Question192: According to IIA guidance, which of the following best describes how risks are measured?
Question193: Which of the following must be in existence as a precondition to developing an effective system of internal controls?
Question194: An internal auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:
"A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted." The auditor did not place any audit verification symbols on this workpaper.
Which of the following changes would most improve the auditor's workpaper?
Question195: Which of the following elements should an auditor recommend for inclusion in an organization's code of ethics?
I. Ethics should vary with local customs in the organization's foreign operations.
II. Whistle-blowing should be discouraged because it can cause distrust among employees and false accusations which waste organizational resources on investigations.
III. Ethical behavior should not be incorporated into performance evaluations because it is too subjective and controversial.
Question196: According to the International Professional Practices Framework,a review team must express an opinion on which of the following when performing an external assessment of an internal audit activity?
I.Conformance with the Standards and IIA Code of Ethics.
II.Effectiveness of continuous improvement activities.
III.Feedback from internal audit customers and other stakeholder groups.
IV.Efficiency and effectiveness of the internal audit activity's administration processes.
Question197: The primary reason that a bank would maintain a separate compliance function is to:
Question198: Faced with a complex, highly technical construction audit engagement, the chief audit executive (CAE) considered complementing the current internal audit resources by engaging the services of a civil engineer.
Which of the following should the CAE consider in determining whether the engineer possesses the necessary skills to perform the engagement?
Professional certification, license, or other recognition of the engineer's competence in the relevant discipline.
Experience of the engineer in the type of work being considered.
Compensation or other incentives that the engineer may receive.
The extent of other ongoing services that the engineer may be performing for the organization.
Question199: Which of the following combinations of conditions is most likely a red flag for fraud?
Question200: In order to provide the most useful information for an organization's risk management decisions, which of the following should be assessed?
Question201: According to IIA guidance, which of the following activities is appropriate for an internal auditor to perform with regard to the organization's corporate social responsibility (CSR) program?
1. Determine whether the organization has adequate controls to achieve its CSR objectives.
2. Facilitate a management self-assessment of CSR controls and results.
3. Consult on the project design and implementation for the CSR program.
4. Exclude CSR-related external risks that are beyond the control of the organization.
Question202: An organization has a policy requiring two signatures on all checks written for amounts in excess of $10, 000. When evaluating controls over disbursements, an auditor would conclude that a greater risk exists if.
Question203: An organization receives the most value from an internal audit activity's enterprise-wide risk assessment when the auditor:
Question204: In selecting a team to perform an internal audit of a purchasing operation,which of the
following characteristics would not preclude an auditor from being selected?
1.The auditor's spouse is employed by the clerical section of the purchasing records unit.
2.The auditor had been a purchasing agent five years earlier.
3.The auditor's family owns a business that regularly sells goods to the organization.
4.The auditor has received a desk calendar as a promotional gift from a vendor.
Question205: An internal auditor for a large bank is reviewing the collectibility of a loan that is secured by real property. The best evidence of the loan's collectibility would be:
Question206: During the closing meeting of a procurement audit, the business manager disagrees with the observation presented by the engagement supervisor and accuses the team of not understanding the procurement objectives The engagement supervisor blames the manager for impeding the audit What skillset should the chief audit executive utilize to manage this situation?
Question207: Which of the following scenarios demonstrates an impairment to internal audit independence?
Question208: Which of the following best ensures the independence of the internal audit activity?
1. The CEO and audit committee review and endorse any changes to the approved audit plan on an annual basis.
2. The audit committee reviews the performance of the chief audit executive (CAE) periodically.
3. The internal audit charter requires the CAE to report functionally to the audit committee.
Question209: A fraud investigation was completed by management, and a proven fraud was communicated to relevant authorities. According to IIA guidance, which of the following roles would be most appropriate for the internal audit activity to undertake after the investigation?
Question210: Which of the following is true about a system of internal control?
Question211: According to MA guidance, which of the following statements is true regarding internal auditors' use of technology-based techniques?
Question212: Under which of the following circumstances should the final audit report include a disclosure of nonconformance with the Standards?
Question213: Which of the following definitions best describes enterprise risk management?
Question214: Which of the following best describes the misdirection of payments on accounts receivable to an employee's bank account?
Question215: Which of the following is a role of the board of directors in the governance process?
Question216: It is important for a chief audit executive to seek formal approval from the board regarding an internal audit charter so that:
Question217: Which of the following represents the correct order of the risk management process?
Question218: All of the following would normally be involved in preparing for and carrying out the internal audit activity's annual plan except:
Question219: What is the primary purpose of a fishbone diagram?
Question220: Which of the following documents would promote objectivity within an organization's internal audit activity?
Question221: Due to urgent requests from management, a busy internal audit activity finds that it can no longer meet all of its commitments contained in the annual audit plan.
The best course of action for the chief audit executive to take would be to:
Question222: Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?
Question223: In publicly held companies, management often requires the internal audit activity's involvement with quarterly financial statements that are made public and used internally. Which of the following is generally not a reason for such involvement?
Question224: A senior executive at a government-owned organization received an invitation to attend a public exhibition where he can learn about new trucks relevant to the organization's business. As a special perk, the executive is offered an opportunity to drive a luxury vehicle manufactured by one of the exhibiting companies. Prior to the event, the executive asked for the chief audit executive s (CAE's) advice. What should the CAE recommend as the most appropriate course of action for the executive?
Question225: Which of the following controls within a spreadsheet would address the risk of logic errors?
1.The spreadsheet contains formulas that foot and cross-foot data.
2.The spreadsheet is locked to protect cell formulas from being inadvertently changed.
3.Spreadsheets are included in nightly backup processes.
4.Check-in and check-out software is used to manage version control.
Question226: Which of the following would most likely function as a detective control?
Question227: Which of the following statements is not true?
Question228: Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?
Question229: Which of the following statements is correct with regard to risk management?
Question230: Two individuals are being considered for an audit team that is to perform a highly technical review.
Which of the following situations would preclude selection of the individual for the audit due to an objectivity concern?
I. Person A is a member of the internal audit staff and has the required technical skills. Person A participated in a controls review of the system to be audited when it was being developed.
II.Person B is a technical specialist who understands the audit area but is not a member of the internal audit staff. Although person B has personal credibility in the information systems department to be audited,person B works for another department in the organization.
Question231: Non-statistical sampling does not require which of the following?
Question232: Which of the following would most likely be considered a red flag for fraud?
Question233: According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?
Question234: Which of the following actions best demonstrates that an internal auditor is exercising due professional care?
Question235: According to IIA guidance, which of the following are considerations of due professional care when an internal auditor conducts a formal consulting engagement?
1. The complexity of the work required.
2. The needs and expectations of the client.
3. The potential value of the engagement compared to the effort.
4. Information regarding assumptions and procedures to be employed.
Question236: An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear,the auditor can expect to encounter which of the following?
Question237: Which of the following best demonstrates conformance with the Standards regarding the internal audit activity's purpose authority, and responsibility?
Question238: According to IIA guidance, which of the following statements regarding the internal audit charter is true?
Question239: A business unit manager was impressed by the competence of the internal auditor who was conducting an assurance engagement in his area and the manager made the auditor an attractive job offer to begin after the audit was completed The auditor later told her auditor in charge that she was considering the offer. Which of the following IIA Code of Ethics principles was most likely violated?
Question240: The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings.
Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should:
Question241: Which of the following is most likely to be an element of an effective compliance program?
Question242: Which of the following is a weakness of observation as audit evidence?
Question243: Which source of audit evidence would provide the least value in flowcharting an organization's purchasing process?
Question244: Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?
Question245: A newly hired internal auditor is most likely to need further education in the area of business acumen in which of the following situations?
Question246: The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?
Question247: A fast-food company is developing a computer simu-lation involving arrival time at a drive-through restaurant.
The distribution for arrival times is:
Time
Single-Digit Random
Between Arrivals
Probability
Number Assigned
2 minutes
0.1
0
3 minutes
0.2
1, 2
4 minutes
0.3
3, 4, 5
5 minutes
0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6.
What is the mean time between arrivals in this run of the simu-lation model?
Question248: Which of the following would provide the best evidence of errors in the quantities of items received from suppliers?
Question249: When internal auditors perform consulting services that add value and improve an organization's operations, these services:
Question250: According to IIA guidance, which of the following is the most likely obstacle to undertaking a quality assurance and improvement program by the internal audit activity?
Question251: In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?
Question252: Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I. Write detailed audit procedures.
II. Identify client objectives, goals, and standards.
III. Identify risks and controls intended to prevent associated losses.
IV. Determine relevant engagement objectives.
Question253: Which of the following statements is true regarding assurance services provided to clients outside of the organization?
Question254: A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed.
In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:
Question255: Which source of audit evidence would provide the least value in flowcharting an organization's purchasing process?
Question256: According to IIA guidance, which of the following statements is false regarding continuing professional education for the internal audit activity (IAA)?
Question257: An internal auditor is using mean-per-unit sampling to estimate the value of health benefit
claims for a period. The auditor's desired precision is $20,000. If the achieved precision is $10,000, which of the following conditions is implied?
Question258: Internal auditors exercise judgment about the type and amount of information to be collected.
The primary purpose of this judgment is to:
Question259: A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.
Which of the following statements is true about the auditor's actions?
Question260: Which of the following statements is true about visual observation during an audit engagement?
1. Visual observations should not be documented as the facts have not been substantiated.
2. Complex conditions observed should be verified prior to communicating observations to management.
3. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.
4. Visual observation can be used during both preliminary survey and fieldwork stages of the audit engagement.
Question261: According to IIA guidance,which of the following statements regarding the internal audit charter is true?
Question262: Which of the following are components of the COSO enterprise risk management framework?
Objective setting.
External environment.
Data collection.
Control activities.
Question263: Which of the following internal auditor attributes are affected by a conflict of interest?
Question264: During a procurement process audit the internal audit activity undertakes a fraud risk assessment and considers a range of possible fraud scenarios within the process. Which of the following scenarios constitutes a pressure to commit fraud?
Question265: Which two of the following are preventive controls in a check disbursement process?
1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un- reconciled items.
2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.
3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.
4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.
Question266: Some of a company's payroll transactions were batch posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be.
Question267: When an internal auditor applies due professional care to perform an assurance
engagement,which of the following must she consider?
1.Findings of the last audit engagement performed.
2.Probability of significant errors,irregularities,or noncompliance.
3.Extent of work needed to achieve engagement objectives.
4.Cost of the engagement versus the potential benefits.
Question268: At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?
Question269: According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?
1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.
Question270: If management has not established a risk management process, the internal audit activity could.
Question271: Which of the following internal controls is likely to prevent pollution from waste disposal before it occurs, rather than detect it after it occurs?
Question272: An internal audit activity is taking steps to promote professional development among the staff, and is in the process of implementing a mentorship program. According to HA guidance, which of the following is important for a successful mentorship program?
Question273: A product manager occasionally overrides established purchasing policies in order to expedite the introduction of new products in a competitive industry. The manager's overrides are:
Question274: According to the International Professional Practices Framework, which of the following is the appropriate division of responsibilities for the coordination of internal and external audit efforts?
I. Oversight of Work Coordination of Activities Chief audit executive Senior management
II. Board Chief audit executive
III.
Chief financial officer
Chief audit executive
IV.
Board
Chief financial officer
Question275: Which of the following is the responsibility of an internal auditor?
1. Assist operating management in implementing audit recommendations.
2. Provide management with value-added analysis to improve operations.
3. Become an advocate for changes to the internal audit activity charter.
4. Disclose non-financial risks that may be identified during the course of an engagement.
Question276: Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?
Question277: Which type of documentary evidence gathered by an organization's internal auditors has the highest level of reliability?
Question278: According to IIA guidance, which of the following would the internal audit activity examine in order to evaluate the organization's governance process for strategic and operational decisions'?
Question279: An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if.
Question280: Which of the following is not one of the 10 core competencies identified in the IIA Competency Framework?
Question281: Which of the following is the primary concern of an internal auditor in a comprehensive audit of an organization?
Question282: After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?
Question283: According to IIA guidance, which of the following statements is true regarding periodic internal assessments of the internal audit activity?
Question284: Internal auditors can benefit from a strong relationship with the external auditors because external auditors can:
Question285: To enhance the independence of both the internal and external audit functions, audit committees should be composed of:
Question286: Which of the following statements regarding an internal auditor's responsibility for detecting fraud is not correct?
Question287: While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?
Question288: Which of the following is not true with regard to the internal audit charter?
Question289: The audit committee has asked the chief audit executive (CAE) to assist in the selection of a new external audit firm.
Which of the following is an appropriate action by the CAE?
Question290: Which of the following is a role of the board of directors in the governance process?
Question291: Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?
Question292: According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?
1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.
Question293: An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?
Question294: An internal auditor has taken an attributes sample of a bank's existing loan portfolio. Out of a sample of 60 loans, the auditor found:
-Four that were not properly collateralized.
-Five that were not in compliance with bank policies (other than lack of collateralization). -Four that were part of a related-party group,but were set up as separate loan entities. -Of the 60 loans selected in the sample,these errors were noted on a total of 10 loans. -Several loans had multiple problems.
Which of the following conclusions can the auditor reach from these observations?
There is sufficient evidence that fraudulent activity is taking place by one or more of the bank's lending officers.
The financial statements will be misstated as a result of these actions.
There are significant noncompliance audit findings that should be reported.
Question295: Which of the following would be the best choice for a continuing professional development requirement for a newly created internal audit activity?
Question296: Which of the following factors is not likely to affect the level of inherent risk associated with an application system?
Question297: Which of the following is a primary responsibility of senior management with respect to ethical violations?
Question298: Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?
Question299: It would be appropriate for an internal audit activity to use consultants with expertise in health-care benefits when the internal audit activity is:
I. Conducting an audit of the organization's estimate of its liability for post retirement benefits,which include health care benefits.
II.Comparing the cost of the organization's health care program with that of other programs offered in the industry.
III.Training its staff to conduct an audit of health care costs in a major division of the organization.
Question300: According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?
Question301: Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?
Question302: Which of the following is the best example of a strategic objective?
Question303: Which of the following statements is true with regard to the quality assurance and improvement program (GAIP)?
Question304: According to the International Professional Practices Framework, which of the following are allowable activities for an internal auditor?
1. Advocating the establishment of a risk management function.
2. Identifying and evaluating significant risk exposures during audit engagements.
3. Developing a risk response for the organization if there is no chief risk officer.
4. Benchmarking risk management activities with other organizations.
5. Documenting risk mitigation strategies and techniques.
Question305: Which of the following would be the least desirable criteria against which to judge current operations of a company's treasury function?
Question306: According to IIA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?
Question307: Auditors 1, 2, and 3 work out of various offices. Each must be assigned to one, and only one, of three audit locations (A, B, or C). The cost of sending each auditor to each location is listed below:
Audit Locations
Auditor 1 A B
Auditor 2 $200 $300 $400
Auditor 3 $400 $300 $600
Auditor 4 $200 $200
$500
The minimum cost with which this assignment can be accomplished is:
Question308: During an interview with a data-entry clerk in the human resources department, an internal auditor recognizes a potentially significant weakness with a database system used to track employee performance ratings. Which of the following actions should the auditor take after discovering the weakness?
Question309: According to The MA Global Internal Audit Competency Framework, which of the following areas of training would best assist the internal audit activity in improving its use of tools and techniques?
Question310: A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
Defensive driver training is an example of a directive control.
The installation of tracking devices in delivery vehicles is an example of a corrective control.
Providing a vehicle driver handbook is an example of a detective control.
Question311: An internal auditor for a large retail chain suspects that a store manager has been stealing money from cash sales by listing the sales as accounts receivable and then writing off the accounts as bad debts. Which of the following irregularities is the most likely cause of the auditor's suspicion?
Question312: According to IIA guidance, which of the following individuals would best be considered independent for the purpose of participating in an external assessment of the quality assurance and improvement program for an internal audit activity (IAA)?
Question313: Which of the following statements is true with regard to conducting an effective quality assurance and improvement program?
Question314: Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?
Question315: In order to effectively handle conflict between audit team members, an audit team leader should:
Question316: How should management obtain assurance that employees are complying with the organization's security policy?
Question317: A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an auditor look for as an indicator of employee theft of food from a specific store?
Question318: A government agency maintains a system of internal control, according to the COSO model, and has made a change to its employee performance reviews and rewards program. This change relates to which of the following components of COSO's internal control framework?
Question319: An internal auditor is testing whether payments to outside contractors have been charged to the proper account. Which of the following sampling methods would be most useful in completing this task?
Question320: A small not-for-profit organization with limited resources is unable to adequately maintain appropriate segregation of duties. Considering the organization's resource constraints, which type of controls would best mitigate segregation of duty risks?
Question321: Which of the following audit procedures would provide the most relevant information to identify discrepancies between budgeted versus actual raw material consumption in a production facility?
Question322: Which of the following elements should an auditor recommend for inclusion in an organization's code of ethics?
I.Ethics should vary with local customs in the organization's foreign operations.
II.Whistle-blowing should be discouraged because it can cause distrust among employees and false accusations which waste organizational resources on investigations.
III.Ethical behavior should not be incorporated into performance evaluations because it is too subjective and controversial.
Question323: A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?
Question324: A retail sales company has discontinued a product that normally sold for $100. During the first month of a sale of the product, a 20 percent discount was given. Later that sale price was reduced by an additional 40 percent.
What was the overall discount from the original selling price?
Question325: According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?
1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.
2. Ability to provide relevant advice and recommendations to management and the board.
3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.
4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.
Question326: A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up. Which of the following statements is true about the auditor's actions?
Question327: Who has the ultimate responsibility of implementing the organization's governance system?
Question328: An internal audit charter should do which of the following?
Question329: A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?
Question330: Which of the following statements best explains why internal auditors map processes?
To obtain audit evidence to support auditor's observations.
To determine scope and objectives of the audit.
To facilitate the identification of ownership and responsibility for key risks.
To identify potential efficiency improvements.
Question331: An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December 31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
Question332: When using a risk assessment model to develop audit plans, it is essential that the chief audit executive take into account the:
Question333: According to The IIA's Code of Ethics, which of the following statements is true?
Question334: An internal auditor has completed an assurance engagement. Which of the following is most likely true regarding the engagement?
Question335: If an engagement client disputes that a specific action or process is within the scope of the internal audit activity, what would be the most appropriate way for the internal audit activity (IAA) to respond?
Question336: According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?
Question337: Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates
$1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?
Question338: An internal auditor believes that the internal audit activity's independence is impaired. Which of the following actions should the internal auditor take first?
Question339: Which of the following is a valid statement about the use of visual observations during an audit engagement?
1. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.
2. Visual observations can be used during both preliminary survey and fieldwork stages of the audit engagement.
3. Visual observations can provide unsubstantiated facts to management if the internal auditor believes the information is useful.
4. Visual observations can assist an auditor in determining if a material observation should be communicated through informal means to the organization's senior management.
Question340: According to IIA guidance, which of the following is ultimately responsible for seeing that the internal control system of an organization's social responsibility program is effective?
Question341: According to IIA guidance, which of the following statements is true regarding the reporting of results from an external quality assessment of the internal audit activity?
Question342: Which of the following best describes the board's role in establishing effective organizational governance?
Question343: Which of the following might alert an internal auditor to the possibility of fraud in a division?
1. The division is not scheduled for an external audit this year.
2. Sales have increased by 10 percent.
3. A significant portion of management's compensation is directly tied to reported net income of the division.
Question344: Which of the following represents the most effective governance structure?
I.
Operating
Executive
Internal
Management
Management
Auditing
Responsibility for risk
Oversight role
Advisory role
II.
Oversight role
Responsibility for risk
Advisory role
III.
Responsibility for risk
Advisory role
Oversight role
IV.
Oversight role
Advisory role
Responsibility for risk
Question345: An internal auditor has taken an attributes sample of a bank's existing loan portfolio. Out of a sample of 60 loans, the auditor found:
Four that were not properly collateralized.

Five that were not in compliance with bank policies (other than lack of collateralization).

Four that were part of a related-party group, but were set up as separate loan entities.

Of the 60 loans selected in the sample, these errors were noted on a total of 10 loans.

Several loans had multiple problems.

Which of the following conclusions can the auditor reach from these observations?
1. There is sufficient evidence that fraudulent activity is taking place by one or more of the bank's lending officers.
2. The financial statements will be misstated as a result of these actions.
3. There are significant noncompliance audit findings that should be reported.
Question346: During the planning phase of an audit of suspected overbilling on contracts for security services, an auditor should perform all of the following except:
Question347: To promote a positive image within an organization, a chief audit executive (CAE) adjusted the audit plan to focus on assurance engagements that highlighted potential costs to be saved. Negative observations were to be omitted from engagement final communications. Which action taken by the CAE would be considered a violation of the Standards?
I.The focus of the audit function was changed without modifying the audit charter or notifying the audit committee.
II.
Negative observations were omitted from the engagement final communications.
III.
Cost savings and recommendations were highlighted in the engagement final communications.
Question348: An employee accepts cash payments from customers and does not record the sale. This is an example of which of the following types of fraud?
Question349: Which of the following would not be considered part of preliminary survey of an engagement area?
Question350: An internal audit charter describes the mission and scope of the internal audit activity (IAA), responsibilities of the IAA, accountability of the chief audit executive, independence of the IAA, and standards followed by the IAA.
Which of the following also should be included in the charter?
Question351: Which of the following factors would cause an internal auditor to judge an account balance error to be material?
Question352: An internal audit manager of a furniture manufacturing organization is planning an audit of the procurement process for kiln-dried wood. The procurement department maintains six procurement officers to manage 24 different suppliers used by the organization.
Which of the following controls would best mitigate the risk of employees receiving kickbacks from suppliers?
Question353: An internal auditor pays to participate in the company's annual golf tournament, which is held outside of normal business hours.
The auditor wins the putting contest and is awarded an all-expense-paid weekend vacation.
According to the IIA Code of Ethics regarding objectivity, the auditor's best course of action would be to:
Question354: Which of the following audit activities is within the scope of assurance activities as stated in the International Professional Practices Framework?
Question355: An internal auditor is reviewing employee travel data to identify opportunities to cut costs while ensuring adequate participation at conferences to support the organization's mission. Which of the following pieces of evidence would be sufficient for completing this task?
Question356: Which of the following represents the most effective governance structure?
I.Operating
Executive
Internal
Management
Management
Auditing
Responsibility for risk
Oversight role
Advisory role
II.
Oversight role
Responsibility for risk
Advisory role
III.
Responsibility for risk
Advisory role
Oversight role
IV.
Oversight role
Advisory role
Responsibility for risk
Question357: In which of the following scenarios would the internal auditor's objectivity be best protected?
Question358: Sometimes,internal audit staff may partner with operating managers to rank risks. Which of the following outcomes may be the most beneficial aspects of this strategy?
1.Reappraising risks levels.
2.Providing accurate information to management.
3.Marketing the internal audit activity.
4.Planning safeguards for assets in high-risk areas.
Question359: While performing an accounts payable engagement,a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?
1.Ensure all tests use a random sampling technique. 2.Consider a judgmental approach for the sample size. 3.Assess testing errors through root cause analysis. 4.Ensure that the entire data set is tested.
Question360: Which of the following would be the most appropriate first step for the board to take when developing an effective system of governance?
Question361: Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit?
Question362: Reportable audit findings must be:
I.Documented by facts.
II.Supported by relevant evidence.
III.Agreed to by management of the audited area.
IV.Convincing enough to compel corrective action.
Question363: Which of the following describes the internal audit activity's most appropriate role in an organization's risk management process?
Question364: An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?
Question365: Which of the following risk factors is most subjective?
Question366: An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?
Question367: Which of the following statements about internal audit consulting engagements is true?
Question368: The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document. The most serious consequence of this deficiency in the process is that the:
Question369: When conducting an interview, an internal auditor is most likely to ask open-ended questions in order to:
Question370: Which of the following is not an advantage of face-to-face interviews over electronic surveys?
Question371: A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements.
According to IIA guidance, which of the following actions would best help the CAE reach this objective?
Question372: Which of the following steps would not be included in a program of selecting and developing human resources for an internal audit department?
Question373: The internal audit activity's role in the risk assessment and management processes of an organization is determined by the:
Question374: Which of the following concepts is emphasized in the Mission of Internal Audit?
Question375: During an assurance engagement an internal auditor discovered that risk limits risk limit were set for a new market expansion project Management of the area under review was eager to comply and submitted a potential risk limit value for the auditor's review and approval. Which of the following would be an appropriate course of action for the auditor to take?
Question376: Which of the following sources of evidence would be least persuasive regarding potential waste and inefficiency on the part of a contractor?
Question377: An internal auditor in a small broadcasting organization was assigned to review the revenue collection process.
The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?
Question378: Which of the following conditions is the most likely indicator of fraud?
Question379: Which of the following actions would compromise an internal auditor's objectivity?
Question380: Which of the following activities best reflects the scope and status of the internal audit activity as defined in the internal audit policy statement?
Question381: An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items.
Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:
Question382: An internal auditor is testing whether payments to outside contractors have been charged to the proper account. Which of the following sampling methods would be most useful in completing this task?
Question383: Senior management at a financial institution has received allegations of fraud at its derivatives trading desk and has asked the internal audit activity to investigate and issue a report concerning the allegations. The internal audit activity has not yet developed sufficient proficiency regarding derivatives trading to conduct a thorough fraud investigation in this area. Which of the following courses of action should the chief audit executive (CAE) take to comply with the Standards?
Question384: Which of the following best demonstrates the authority of the internal audit activity?
Question385: An internal auditor is assessing the risk of employees falsifying reimbursement requests for business-related meals or travel. Which of the following procedures would the internal auditor most likely perform first?
Question386: In developing an appropriate work program for an audit engagement, the most important factor for an audit supervisor to consider is the:
Question387: A daily log of treasury dealers who exceeded their authorized limits serves as a:
Question388: According to IIA guidance, which of the following statements is true with regard to the chief audit executive's (CAE's) responsibility for conducting a self-assessment of the internal audit activity?
1 The CAE should select an independent reviewer or review team to perform sufficient tests of the self-assessment to validate the results
2 The CAE should validate results by engaging experienced audit professionals from a separate internal audit activity outside of the organization to reperform all of the tests conducted for the assessment
3. The CAE should select independent, nonaudit professionals who are knowledgeable about the organization and the industry in which it operates to assist with performing the self-assessment
4. The CAE may consider performing a self-assessment with independent external validation in Iieu of performing a full external assessment
Question389: Once the cause of a problem has been identified, the next step is to:
Question390: When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first?
Question391: An audit of the quality control department is being planned. Which of the following would least likely be used in the preparation of a preliminary survey questionnaire?
Question392: A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Department Risk Factor A B C Control structure 9 5 7
Nature of assets in department 2 7 9
Dollar value of assets 6 6 8
Complexity of transactions 3 4 8
Which of the following statements regarding risk in the departments is true?
Question393: According to IIA guidance,which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?
Question394: Which of the following situations undermines the independence of the internal audit activity?
Question395: A tax consultancy agency retains sensitive personal information regarding its clients. Which of the following is a violation of acceptable privacy practices?
Question396: According to ISO 31000, which of the following statements is correct?
Question397: An engagement manager is reviewing the results of sampling work performed by staff internal auditors. Which interim report statement should immediately give the engagement manager cause for concern about the nature and quality of the sampling procedure?
Question398: The best reason for separating the cash-receiving function from the related record-keeping function is to:
Question399: Which of the following corporate travel policies is least likely to be cost-effective?
Question400: The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?
Question401: Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?
Question402: A company produces a product that consists of materials X, Y, and Z.
The product is mixed so that:
- The quantity of material X used is one-third more than that of material Y.
- The quantity of material Y used is one-fourth less than that of material Z.
If the company used 24,000 units of material Z during a period, what is a reasonable estimate of the amount of material X used?
Question403: Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?
Question404: Which of the following is an example of a preventive control activity for risk related to pollution caused by waste disposal?
Question405: Which of the following best describes the misdirection of payments on accounts receivable to an employee's bank account?
Question406: Forty-five percent of an organization's customer payments are submitted online. Eight percent of online payments are rejected. Executive management decides to outsource its online payment services to a contractor that will assume 75 percent of the total value of rejected payments. The organization estimates $1.25 million customer payments due during the contract period.
Which of the following represents the organization's residual risk for online customer payments due?
Question407: An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December 31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
Question408: Which of the following statements about risk assessment is true?
Question409: Which of the following definitions best describes enterprise risk management?
Question410: Which of the following is most likely to be an element of an effective compliance program?
Question411: An organization has a policy requiring two signatures on all checks written for amounts in excess of $10, 000.
When evaluating controls over disbursements, an auditor would conclude that a greater risk exists if.
Question412: How should management obtain assurance that employees are complying with
theorganization's security policy?
Question413: Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?
Question414: During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee's name that are unrelated to the basic business of the organization.
The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization.
Division management views the employee's actions as extra incentive to retain the employee.
A decision to include the employee's action in the engagement final communication would be:
1. A violation of the IIA Code of Ethics.
2. A violation of the reporting requirements in the Standards.
3. Justified and necessary, according to the IIA Code of Ethics and Standards.
Question415: According to the Standards, for how long should internal auditors who have previously performed or had management responsibility for an operation wait to become involved in future internal audit activity with that same operation?
Question416: Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?
Question417: An internal auditor is planning an audit of an organization where temporary employees are suspected of receiving pay for hours they have not worked. Which of the following tasks should not be performed at this stage in the audit?
Question418: Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity's knowledge, skills, and competencies?
Question419: Which of the following is true regarding the purpose of the COSO enterprise risk management framework?
It is a process that is ongoing and flows throughout the organization.
It contributes to the formulation of the organization's mission and vision.
It enables internal audit to provide reasonable assurance to an organization's management and the board.
It enables the management of risks within an organization's risk appetite.
Question420: According to IIA guidance, which of the following best describes how risks are measured?
Question421: According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?
Question422: An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time,and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?
Question423: In which of the following scenarios would a customer service hotline receive a high volume of complaints regarding payments not being applied to customers' accounts?
Question424: A charitable organization provides substantial grants for important medical research.
Assuming marginal controls are in place, which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?
Question425: A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA's Code of Ethics would he violate?
Question426: Which of the following represents the correct order of the risk management process?
Question427: A chief audit executive (CAE) has just joined an organization with an existing internal audit activity. Based on her review of the current organizational structure, the CAE determines that the internal audit activity lacks adequate independence. Which of the following actions is the CAE's best step to take next to move the internal audit activity toward organizational independence?
Question428: When taken by a chief audit executive, which of the following actions would be most likely to prevent division management from exaggerating sales reports?
1. Announcing a series of internal audit engagements focusing on compliance with corporate sales-reporting policies.
2. Asking the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting.
3. Setting up a hotline for employees to report fraudulent behavior anonymously,
4. Assisting the controller in developing and monitoring a series of business process indicators, which are historically correlated with, but independent of sales.
Question429: While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?
Question430: A chief audit executive (CAE) submits internal audit activity (IAA) plans and information about significant interim changes to senior management and the board for review. Which other piece of information should the CAE provide to senior management and the board?
Question431: Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor.
Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?
Question432: An internal audit team received the following feedback from operational management via a post-engagement survey "Management agrees with all audit findings However, the audit team did not consider our input on the best way to resolve the issues"
This feedback is an indication that the internal audit activity may need to improve which of the following interpersonal skills?
Question433: An internal auditor is testing, on a sample basis, whether invoices paid between January 1 and December
31 are supported by appropriately approved purchase orders. Over 25, 000 invoices were paid during the fiscal year, which runs from the first of April to the end of March. The auditor sets the acceptable risk of assessing control risk too low at 5% and the tolerable deviation rate at 5%. The internal auditor consults the previous audit and sets the expected population deviation rate at 1%. Sample size (77) is selected from a table and rounded up to 80. No sample deviations were found. The upper deviation limit was 3.7%.
Which of the following statements represents a valid conclusion regarding this information?
Question434: Which of the following best describes the procedures used by the representatives of an organization's stakeholders to provide oversight of the processes administered by management?
Question435: Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?