EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following scenarios best illustrates the Fraud Triangle component known as
"perceived opportunity"?

Question2: According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?
1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.
2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.
3. The application of technology-based audit and other data analysis techniques, where appropriate.
4. The relative complexity and extent of work needed to achieve the engagement's objectives.

Question3: A company's chief audit executive determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area.
Which of the following actions would be the least acceptable?

Question4: An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

Question5: Of all the common characteristics of frauds, which of the following can the organization influence the most?

Question6: Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?

Question7: An internal auditor is assessing fraud risks and creating a fraud risk matrix for a particular branch location. Which of the following is most likely to be included in the matrix?

Question8: An internal auditor is planning an audit of an organization where temporary employees are suspected of receiving pay for hours they have not worked. Which of the following tasks should not be performed at this stage in the audit?

Question9: An internal auditor is compiling statistics of vendors. She notices a few vendors with no tax and phone numbers. What should the auditor do with her finding?

Question10: What is expected of internal auditors in regards to due professional care?

Question11: Which of the following scenarios would represent the greatest threat to the authority of the internal audit activity (IAA)?

Question12: According to IIA guidance, which of the following best describes acceptable methods for internal auditors to obtain qualified continuing professional education hours?

Question13: Which of the following most accurately describes corporate social responsibility at an organization?

Question14: Which of the following actions by a chief audit executive is most likely to prevent exaggerated sales reports by division management?
I. Hire a new internal auditor who has fraud investigation credentials.
II. Assist the controller in developing and monitoring a series of business process indicators which are historically correlated with, but independent of, sales.
III. Announce a series of internal audit engagements focusing on compliance with corporate sales- reporting policies.
IV. Ask the president and the board to issue a statement of corporate policy stressing the importance of accurate management reporting and the negative consequences of intentional misreporting.

Question15: Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization's risk management process?

Question16: Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
1. Company A exhibits a higher standard of ethical behavior than does company B.
2. Company A has established objective criteria by which an employee's actions can be evaluated.
3. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.

Question17: Which of the following is a second line of defense in effective risk management and control?

Question18: Which of the following best describes the procedures used by the representatives of an organization's stakeholders to provide oversight of the processes administered by management?

Question19: A chief audit executive (CAE) learns that the brother-in-law of a senior auditor who audits the procurement process was hired as the head of the procurement department six months prior.
Which of the following is the most appropriate action for the CAE to take?

Question20: An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?

Question21: The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Question22: The top three sales representatives for a company consistently include non-allowable charges on their expense reports. Line management is reluctant to deny reimbursement of the charges for fear of losing the sales representatives. This situation has the greatest negative impact on which of the following internal control components?

Question23: Which of the following situations allows for the most objectivity on the part of an internal auditor?

Question24: Which of the following fundamental principles of The IIA's Code of Ethics is best described as performing work honestly diligently and responsibly?

Question25: Which of the following Code of Ethics principles specifically requires internal auditors to disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review?

Question26: Which of the following is accomplished by the internal audit charter?

Question27: Which type of documentary evidence gathered by an organization's internal auditors has the highest level of reliability?

Question28: An internal auditor used a questionnaire during an interview to gather information about the nature of credit sales processing. The questionnaire did not cover some pertinent information offered by the person being interviewed, and the auditor did not document the potential problems for further investigation. The primary deficiency with the above process is that:

Question29: It is important for the chief audit executive to consider the level of competence of the internal audit staff because their competence influences which of the following?

Question30: Which of the following statements is true regarding control activities?

Question31: The first stage in the development of a crisis management program is to:

Question32: Which of the following tools would provide the most useful depiction of a process flow that spans multiple departments in an organization?

Question33: Which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?

Question34: During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company's expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Question35: In an audit engagement, a group of internal auditors used an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps in the computer software, and then developed test data. Over the course of 24 months, they submitted test transactions on a regular basis but did not find any differences between payroll processing and integrated test facility results. Based on the data, what can the auditors conclude?

Question36: An internal auditor is performing analytical reviews as part of an audit of a supermarket's merchandising department. Because the economy has declined since midyear, the auditor can expect to encounter which of the following?

Question37: Which of the following statements correctly describes how workpaper standards can improve the efficiency of internal audit operations?

Question38: An internal auditor wants to sample data to test an audit theory in a cost-effective way. Which of the following sampling strategies should she use?

Question39: Which of the following statements is true regarding the role of the internal audit activity in the organization's risk management process?

Question40: Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?

Question41: Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?

Question42: Which of the following best describes a consulting engagement rather an assurance engagement?

Question43: Which of the following is the internal audit activity expected to do with respect to the organization's governance processes?

Question44: Which of the following is true regarding a quality assurance and improvement program?

Question45: An organization's accounts payable function improved its internal controls significantly after it received an unsatisfactory audit report.
When planning a follow-up audit of the function, what level of detection risk should be expected if the audit and sampling procedures used are unchanged from the prior audit?

Question46: Which of the following is not considered one of the most common red flags for perpetrators of fraud?

Question47: According to IIA guidance, which of the following is least compliant with the requirements regarding an internal auditor's need for objectivity?

Question48: Which of the following audit findings would have the least impact (either positive or negative) on a department's control environment?

Question49: Which of the following is true regarding internal audit role's in The IIA's Three Lines Model?

Question50: Which of the following is likely to define the purpose, authority, and responsibility of the internal audit activity?
1. The internal audit activity vision statement.
2. The internal audit charter.
3. The internal audit policy statement.
4. The internal audit universe.

Question51: The primary role of the internal audit activity in regard to an organization's ethical climate is to:

Question52: An internal audit activity uncovered a potential fraud during a recent engagement and will perform an investigative fraud audit. How would the internal audit activity demonstrate that the team has the necessary experience to perform this engagement?

Question53: An internal auditor is designing a sampling plan to test the accuracy of daily production reports over the past three years. All of the reports contain the same information except that Friday reports also contain weekly totals and are prepared by managers rather than by supervisors.
Production normally peaks near the end of a month. If the auditor wants to select two reports per month using an interval sampling plan, which of the following techniques reduces the likelihood of bias in the sample?

Question54: An internal auditor is using mean-per-unit sampling to estimate the value of health benefit claims for a period. The auditor's desired precision is $20, 000. If the achieved precision is $10, 000, which of the following conditions is implied?

Question55: During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

Question56: An internal auditor is finalizing an audit report on the effectiveness of the organization's overall system of internal control. Several audit tests were performed, and the only issue identified was that the CEO frequently asks employees to make exceptions or bypass the organization's standard written policies and procedures. Which of the following conclusions is most appropriate for the auditor to report?

Question57: An internal auditor is assessing the risk of employees falsifying reimbursement requests for business- related meals or travel. Which of the following procedures would the internal auditor most likely perform first?

Question58: A credit card company detects potential errors in credit card numbers by checking whether all entered numbers contain the correct amount of digits. This is an example of which of the following IT controls?

Question59: In which of the following functions would fraud be most likely to occur?

Question60: Which of the following statements demonstrates that internal auditors are in conformance with the standard of due professional care?

Question61: Which of the following factors related to an organization's performance management system would not contribute to the organization's success?

Question62: During an assurance engagement, an internal auditor identified that a developer of the organization's enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

Question63: Continuing Professional Education (CPE) hours for Certified Internal Auditors may be achieved by:

Question64: Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?

Question65: Which of the following is an example of a transaction-level control?

Question66: According to IIA guidance, the chief audit executive, board, and senior management must mutually agree on which of the following?

Question67: An internal auditor notes that inventory counts are conducted on Mondays only and that all documentation is on paper as there are no computers in the underground warehouses. Also, she notices that the person responsible for receiving the goods is the same one who distributes materials and spare parts. Finally, she sees that spare parts are written off and taken by the heads of mining units to different underground locations to wait for their turn to be installed.
Which of the described findings requires more consideration from a fraud risk perspective?

Question68: Which of the following is not an appropriate role of the internal audit activity in governance activities?

Question69: The organization's chief audit executive (CAE) is planning an immediate assurance engagement following several product recalls. However, the internal audit staff does not have the required knowledge and experience to adequately assess all the relevant processes and procedures.
According to IIA guidance, which of the following actions should the CAE take under these circumstances?

Question70: Which of the following describes a control weakness?

Question71: The internal audit activity and the engagement client meet for a full day. The client offers to provide lunch for all attendees. Which of the following would help the internal audit activity to determine whether to accept the offer?

Question72: Which of the following survey questions would be most effective to identify ethics violations within the organization?

Question73: Which risk management activity would cause the internal auditor to assume a management responsibility?

Question74: An internal auditor is assessing the effectiveness of the organization's risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty.
According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?

Question75: Which of the following indicates that internal audit independence may be compromised?

Question76: Reportable audit findings must be:
I. Documented by facts.
II. Supported by relevant evidence.
III. Agreed to by management of the audited area.
IV. Convincing enough to compel corrective action.

Question77: An internal auditor notes that employees are able to download files from the internet. According to IIA guidance, which of the following strategies would best protect the organization from the risk of copyright infringement and licensing violations resulting from this practice?

Question78: To identify those components of a telecommunications system that present the greatest risk, an internal auditor should first:

Question79: During the annual fraud risk assessment, an organization identified that an employee in the accounts payable department has the ability to both enter a new vendor into the system and process payments to the vendor. Which of the following is a preventative control that an auditor would propose to reduce the risk in this scenario?

Question80: According to the Standards, which of the following is not a responsibility of the audit committee?

Question81: While performing an internal audit engagement, an auditor reviews a flowchart of the organization's purchasing function. Which of the following internal control weaknesses would the auditor be able to identify in the chart?

Question82: A fast-food company is developing a computer simu-lation involving arrival time at a drive- through restaurant. The distribution for arrival times is:
Time
Single-Digit Random
Between Arrivals
Probability
Number Assigned
2 minutes
0.1
3 minutes
0.2
1, 2
4 minutes
0.3
3, 4, 5
5 minutes
0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6.
What is the mean time between arrivals in this run of the simu-lation model?

Question83: One of an organization's quality objectives is to reduce the amount of rework needed in the production cycle.
Which of the following controls would be the least effective in achieving this objective?

Question84: Which of the following scenarios violates The IIA's standard regarding internal audit independence?

Question85: A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive, but performs no further follow-up.
Which of the following statements is true about the auditor's actions?

Question86: Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

Question87: Which of the following must be included in an internal audit charter?

Question88: Which of the following best describes the most important criteria when assigning responsibility for specific tasks required in an audit engagement?

Question89: Which of the following statements pertaining to the relationship between independence and objectivity is accurate?

Question90: During an audit of the purchasing department, an internal auditor identifies significant issues that could affect the organization's financial reporting. Management disagrees with the audit results.
Which of the following responses best demonstrates the internal auditor has the necessary competencies related to professional judgement and conflict management?

Question91: Which of the following should be the primary objective of an audit of an entity's business continuity plan?

Question92: An auditor plans to analyze customer satisfaction, including.
(1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months.
Which of the following statements regarding this audit approach is correct?

Question93: According to IIA guidance, which of the following statements regarding ethics is true?

Question94: Which of the following risk factors is most subjective?

Question95: An internal auditor is reviewing tender documents for a maintenance contract. She notices that the bidder who won a recent tender has been winning tenders for the past decade despite many other qualified and well-established maintenance companies participating in the tender bids. The price offers from this bidder are consistently slightly lower than other bidders' prices, and this bidder always submits their bid just before the deadline. How should the auditor respond to these findings?

Question96: The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked. What type of activity is this?

Question97: Which of the following best describes a proactive role for the internal audit activity with regard to the organization's ethics program?

Question98: Which of the following does not need to be defined in the internal audit charter?

Question99: A risk assessment showed that the cost of addressing a particular risk in the organization's human resources department is greater than the perceived benefit. Which risk response approach should the organization take in this scenario?

Question100: A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities.
The CAE can rely on the specialists' work only if it is:

Question101: Which of the following statements is correct with regard to risk management?

Question102: According to IIA guidance, which of the following statements is true with regard to the chief audit executive's (CAE's) responsibility for conducting a self-assessment of the internal audit activity?
1. The CAE should select an independent reviewer or review team to perform sufficient tests of the self-assessment to validate the results.
2. The CAE should validate results by engaging experienced audit professionals from a separate internal audit activity outside of the organization to reperform all of the tests conducted for the assessment.
3. The CAE should select independent, nonaudit professionals who are knowledgeable about the organization and the industry in which it operates to assist with performing the self-assessment.
4. The CAE may consider performing a self-assessment with independent external validation in lieu of performing a full external assessment.

Question103: According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation.
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.

Question104: Which of the following decisions made during the testing phase of a compliance audit requires the most judgment by an internal auditor?

Question105: According to IIA guidance, which of the following must the internal auditor consider to meet the requirements for due professional care?

Question106: A company produces a product that consists of materials X, Y, and Z. The product is mixed so that:
The quantity of material X used is one-third more than that of material Y.
The quantity of material Y used is one-fourth less than that of material Z.
If the company used 24, 000 units of material Z during a period, what is a reasonable estimate of the amount of material X used?

Question107: An internal auditor is checking the accuracy of a computer-printed inventory listing to determine whether the total dollar value of inventory is significantly overstated. Because there is no time or resources to check all items in the warehouse, a sample of inventory items must be used. If the sample size is fixed, which of the following would be the most accurate sampling approach?

Question108: Allegations have been made that an organization's share price has been manipulated.
Which of the following would provide an internal auditor with the most objective evidence in this case?

Question109: During the planning phase of an audit, an internal auditor preliminarily concluded that the controls for a process were adequately designed to manage the associated risk. Under what conditions might this preliminary assessment subsequently prove to be unreliable?

Question110: How should management obtain assurance that employees are complying with the organization's security policy?

Question111: Which of the following is the most effective approach for the chief audit executive to determine whether internal auditors demonstrate integrity?

Question112: Which of the following items of evidence is most valid to support a finding that a public utility's repair crews are sometimes required to work under unsafe conditions?

Question113: In an assurance engagement of treasury operations, an internal auditor is required to consider all of the following issues except:

Question114: The chief commodity trader for a large energy company learns from a friend that a competitor will likely fail its upcoming regulatory audit and will be forced to temporarily decrease production. If the information is true, the trader has short-term opportunities to make trades that will financially benefit the trader's company and will lead to a substantial increase in the trader's performance bonus. However, if the information is not true, making the trades will significantly increase the company's risk of being caught in a long position. From an ethical perspective, which of the following would be the most appropriate course of action for the trader to take?

Question115: Which of the following accurately describes the concept of inherent risk?

Question116: Which of the following must be considered by the chief audit executive before writing the internal audit charter?

Question117: An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

Question118: Which of the following is a valid statement about the use of visual observations during an audit engagement?
1. Visual observations can be used to detect ineffective controls, idle resources, and safety hazards.
2. Visual observations can be used during both preliminary survey and fieldwork stages of the audit engagement.
3. Visual observations can provide unsubstantiated facts to management if the internal auditor believes the information is useful.
4. Visual observations can assist an auditor in determining if a material observation should be communicated through informal means to the organization's senior management.

Question119: Which of the following statements best describes the competency requirement for an auditor regarding fraud risks encountered in an engagement execution?

Question120: A chief audit executive (CAE) recruited a few new internal auditors to reduce the resource gaps identified in this year's internal audit plan. One of the new recruits has several years of experience with the organization. Ten months ago, she served as a senior supervisor in the finance department. However, for the past 10 months, she has been helping the organization with implementing a new IT system. What approach should the CAE take for the upcoming financial statement controls audit?

Question121: The external auditor has recommended that the organization implement a risk management program. The organization's employees have no experience or formal risk management training.
Which of the following statements best justifies the decision to use the COSO enterprise risk management framework rather than the ISO 31000 approach?

Question122: During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee's name that are unrelated to the basic business of the organization.
The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization.
Division management views the employee's actions as extra incentive to retain the employee.
A decision to include the employee's action in the engagement final communication would be:
1. A violation of the IIA Code of Ethics.
2. A violation of the reporting requirements in the Standards.
3. Justified and necessary, according to the IIA Code of Ethics and Standards.

Question123: During an account receivables audit, an internal auditor found a significant number of input errors resulting in a $500, 000 balance understatement.
Which of the following is the most important question the internal auditor should ask to develop an appropriate recommendation for this finding?

Question124: The chief audit executive (CAE) has decided to outsource an audit of the organization's cloud governance in the annual audit plan. Why would the CAE outsource this audit?

Question125: During a review of the procurement function, an internal auditor identified an existing control for adding new vendors into the vendor contract system. Which of the following would best help the auditor determine the adequacy of the control's design?

Question126: When internal auditors are preparing workpapers for the testing stage of an engagement, which of the following guidelines should be observed?
1. Include copies of all client files that were reviewed for the audit.
2. Avoid the use of professional, industry-appropriate jargon and technical terms.
3. Indicate the original sources of all data and information used in the workpapers.
4. Leave blank space for cross-references to be completed during the post-audit process.

Question127: Which of the following is a limitation when using the bottom-up approach to assess an organization's risk management process?

Question128: During the course of an audit, an internal auditor discovers that a valuable employee in the research department has been patenting new developments in the employee's name that are unrelated to the basic business of the organization.
The organization does not have a policy addressing this specific issue, but does have a general policy that all important new discoveries by employees are the property of the organization.
Division management views the employee's actions as extra incentive to retain the employee.
A decision to include the employee's action in the engagement final communication would be:
1. A violation of the IIA Code of Ethics.
2. A violation of the reporting requirements in the Standards.
3. Justified and necessary, according to the IIA Code of Ethics and Standards.

Question129: Internal auditors exercise judgment about the type and amount of information to be collected.
The primary purpose of this judgment is to:

Question130: Which of the following lists the audit activities in the order in which they would generally be completed during a preliminary survey?
I. Write detailed audit procedures.
II. Identify client objectives, goals, and standards.
III. Identify risks and controls intended to prevent associated losses.
IV. Determine relevant engagement objectives.

Question131: Which of the following factors affects the control risk of a company?

Question132: A daily report which lists unsuccessful attempts to log on to a computer system is A.

Question133: Line management of a manufacturing operation requests an operational audit. They are seeking recommendations for policies and procedures to enhance control over the operation. What should the internal audit activity do?

Question134: The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The audit committee requests an assessment of regulatory compliance. According to IIA guidance, which of the following is the CAE's best course of action?

Question135: Which of the following components influences the risk consciousness of an organization's people and is the basis for all other components of enterprise risk management?

Question136: Which of the following offers the best evidence that the internal audit activity has achieved organizational independence?

Question137: In preparing for an audit of the footwear division of a major retail organization, an internal auditor gathered the following information about the organization's stores:
In addition to labor costs, the other costs associated with each store are leasing and maintenance expenses. Which of the following is a valid conclusion?

Question138: Which of the following would not be a red flag for fraud?

Question139: An engagement manager is reviewing the results of sampling work performed by staff internal auditors. Which interim report statement should immediately give the engagement manager cause for concern about the nature and quality of the sampling procedure?

Question140: When reviewing management reports to the board of directors, the internal audit activity should:

Question141: A chief audit executive (CAE) of an international charity reports functionally to the audit committee of the board of directors and administratively to the charity's chief financial officer (CFO).
Which of the following would impair the internal audit function's independence?

Question142: To develop greater internal auditing expertise, the chief audit executive (CAE) has been assigning the same relatively inexperienced team of internal auditors to a series of engagements spanning several months. Is this practice consistent with the Standards?

Question143: During an audit engagement in an insurance company, an internal auditor discovered that senior management had purposely misclassified $200, 000 in assets on financial statements submitted to regulatory authorities in order to avoid significant statutory penalties. To remain in compliance with the IIA Code of Ethics, what would be the most appropriate action for the auditor to take?

Question144: Which of the following actions by an internal auditor would be the most relevant to determine the effectiveness of controls?

Question145: According to the International Professional Practices Framework, internal auditors should possess which of the following competencies?
I. Proficiency in applying internal auditing standards, procedures, and techniques.
II. Proficiency in accounting principles and techniques.
III. An understanding of management principles.
IV. An understanding of the fundamentals of economics, commercial law, taxation, finance, and quantitative methods.

Question146: Which of the following describes the primary objective when implementing a risk management framework?

Question147: Which of the following is an appropriate consideration by the auditor when preparing an engagement program for a human resource audit?

Question148: An organization's external auditor has prepared a list of risks and issues and has recommended to senior management that the internal audit activity focus on these items. Senior management has forwarded the list to the chief audit executive (CAE). The CAE should:

Question149: Which of the following is the strongest red flag for bribery that is usually associated with the rationalization element of the fraud triangle?

Question150: From a fraud risk management perspective, which of the following best explains the need to review a vendor master file for duplicates or similar names?

Question151: The chairperson of an organization's audit committee has obtained a risk management report that identifies significant industry concerns that impact the organization. The chairperson has asked the chief audit executive (CAE) to review these concerns and advise if they are relevant to the organization. How should the CAE respond?

Question152: Non-statistical sampling does not require which of the following?

Question153: The primary reason that a bank would maintain a separate compliance function is to:

Question154: The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization's automobiles.
However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization's production process?

Question155: According to The IIA's Code of Ethics, which of the following best describes the principle of integrity?

Question156: Which of the following statements describes impairment to the internal auditor's objectivity?

Question157: There is a growing perception that employees generally evade their responsibilities. What impact will an internal auditor most likely see during an engagement?

Question158: An internal auditor is gathering evidence for an organization's internal audit engagement and requests a sample of vendor invoices from the organization. Which of the following is true regarding the reliability of this evidence?

Question159: According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization's risk management, control, and governance processes is to determine if it:

Question160: According to the IIA Code of Ethics, which of the following best describes the conduct of an internal auditor who demonstrates the principle of competency?

Question161: An accounts receivable clerk receives cash payments, posts the payments to customer accounts, and prepares the daily cash deposit.
The clerk has been stealing some cash and manipulating the customer payments to hide the theft.
This fraud could be detected with which of the following controls?

Question162: Internal auditors who are concerned with potential risks due to the mishandling of records or transactions should take into consideration:

Question163: Internal auditors must exercise due professional care by considering which of the following?
1. Cost of assurance in relation to potential benefits.
2. Adequacy and effectiveness of governance, risk management, and control processes.
3. Management's competency level in the area being evaluated.
4. Probability of significant errors, fraud, or noncompliance.

Question164: This chief audit executive (CAE) engaged an internal auditor to consult on an organization's complex information technology system. Shortly after beginning the engagement, the auditor unexpectedly resigned. Unfortunately, this auditor was the only available auditor with the necessary expertise. The CAE will not be able to hire someone with similar expertise in time to meet a regulatory deadline.
Which of the following would be the best course of action for the CAE to take?

Question165: What is the primary purpose of a risk management program?

Question166: According to The IIA's Code of Ethics, an internal auditor who has a romantic relationship with an audit client violates which of the following rules of conduct?

Question167: In publicly held companies, management often requires the internal audit activity's involvement with quarterly financial statements that are made public and used internally. Which of the following is generally not a reason for such involvement?

Question168: Which of the following should be considered in developing a risk and control model for use in an engagement?

Question169: Which of the following sources of evidence would be least persuasive regarding potential waste and inefficiency on the part of a contractor?

Question170: Why are preventative controls generally preferred to detective controls?

Question171: Who is held responsible for oversight of the organization's risk management framework?

Question172: The internal audit staff lacks the expertise to perform a specific activity when auditing an organization. Which of the following individuals is not an appropriate choice to perform this task?

Question173: A new chief audit executive (CAE) of a large internal audit activity (IAA) is dissatisfied with the current amount and quality of training being provided to the staff and wishes to implement improvements. According to IIA guidance, which of the following actions would best help the CAE reach this objective?

Question174: A quantitative risk assessment model has all of the following advantages except:

Question175: A new chief audit executive realized that the internal audit charter has not been updated in five years and only includes the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, and the Standards. What mandatory component is missing?

Question176: Which of the following is not an appropriate type of coordination between the internal audit activity and regulatory auditors?

Question177: A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?

Question178: When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?

Question179: An internal auditor at a multinational organization is reviewing the effectiveness of the organization's risk management framework. In this scenario, which of the following statements is true?

Question180: An internal auditor creates a professional development plan to obtain more experience in the organization's environmental, social, and corporate governance initiatives. Which of the following would the auditor include in the plan to support these objectives?

Question181: The chief audit executive is asked to review a new anti-money laundering policy and provide feedback. Which is the most appropriate response?

Question182: Which of the following statements is correct regarding disclosure of conformance or nonconformance with the Standards?

Question183: A manufacturing organization discovers that the waste water released has failed to meet permitted limits.
Which control function will be least effective in correcting the issue?

Question184: A former line supervisor from the Financial Services Department has completed six months of a two-year development opportunity with the internal audit activity (IAA). She is assigned to a team that will audit the organization's payroll function, which is managed by the Human Resources Department. Which of the following statements is most relevant regarding her independence and objectivity with respect to the payroll audit?

Question185: Which of the following internal control weaknesses would an internal auditor most likely detect while reviewing a flowchart that depicts the purchasing function of an organization?

Question186: Which of the following is true regarding the auditing of soft controls?

Question187: Which of the following best describes the underlying premise of the COSO enterprise risk management framework?

Question188: Within the internal audit process, which of the following is not a significant advantage of employing a control model?

Question189: A high-volume retailer of consumer goods has used point-of-sale data to record sales and update inventory records for several years. When price changes are scheduled, corporate headquarters downloads a price change file to a computer server system at each store. Each store's assistant manager is responsible for checking the server for downloads and running the program that updates the store's price file at the authorized price update time. In comparison with having headquarters initiate the price update centrally, this approach to price updating will most likely:

Question190: An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?

Question191: Which of the following might alert an internal auditor to the possibility of fraud in a division?
1. The division is not scheduled for an external audit this year.
2. Sales have increased by 10 percent.
3. A significant portion of management's compensation is directly tied to reported net income of the division.

Question192: An internal auditor is reviewing the results of an employee survey at a mining company. Which of the following would alert the auditor to a potential ethics issue?

Question193: According to IIA guidance, which of the following statements regarding the internal audit charter is true?

Question194: After being terminated due to downsizing, an internal auditor finds a different job with an organization in the same industry. Which of the following actions would violate the IIA Code of Ethics?

Question195: Which of the following activities most significantly increases the risk that a bank will make poor-quality loans to its customers?

Question196: An internal audit team is performing an audit of workplace accident claims.
Which of the following actions by the audit team best demonstrates due professional care?

Question197: An auditor is using audit software to check inventory accuracy. Which of the following would be an indicator of poor input edit controls?

Question198: Which of the following statements regarding an internal auditor's responsibility for detecting fraud is not correct?

Question199: According to the Standards, the organizational status of the internal audit activity:

Question200: Which of the following best demonstrates organizational independence of the internal audit activity?

Question201: According to IIA guidance, which of the following statements is true?

Question202: Due to unfavorable economic conditions management decided to postpone new investments for the next year. Which of the following best describes the risk management strategy used to address this situation?

Question203: Which of the following best contributes to the effectiveness of the internal audit activity in an organization?

Question204: Which of the following is a detective control?

Question205: Which of the following factors would cause an internal auditor to judge an account balance error to be material?

Question206: According to the IIA Code of Ethics, the deliberate omission of relevant information from an audit report would violate which principle?

Question207: Which of the following are typical management control activities?

Question208: According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Question209: An internal auditor assessed that the risk of steel theft at a plant is high. In response, the plant's management introduced a number of controls, including fences around the facility, a metal detector at the entrance, and monthly steel inventory counts. If the controls operate as intended, which of the following outcomes would the internal auditor hope to see?

Question210: A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment. To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?

Question211: During a payroll audit of a large organization, an auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:

Question212: Which of the following statements is true with regard to the quality assurance and improvement program (QAIP)?

Question213: In order to ensure that the internal auditors have the objectivity required by the Standards, the chief audit executive should:

Question214: Which of the following examples best describes how an internal auditor should behave while listening to an engagement client talk about human resource process problems?

Question215: If an engagement client's operating standards are vague and thus subject to interpretation, the auditor should:

Question216: Which of the following actions indicates a lack of due professional care by an internal auditor performing an audit of a store's cash function?

Question217: In which of the following situations would fishbone diagrams be most useful?

Question218: A manufacturer uses improved linkage between order entry, production, and shipping to reduce raw materials and work-in-process inventory. Which type of fraud will these changes likely reduce?

Question219: A candidate has applied for an entry level internal audit position. The candidate holds a CISA (Certified Information Systems Auditor) designation, and has six months of audit experience, but limited knowledge of accounting principles and techniques. According to the IIA guidance, which of the following is the most relevant reason for the chief audit executive to consider this candidate?

Question220: An internal auditor pays to participate in the company's annual golf tournament, which is held outside of normal business hours.
The auditor wins the putting contest and is awarded an all-expense-paid weekend vacation.
According to the IIA Code of Ethics regarding objectivity, the auditor's best course of action would be to:

Question221: An internal audit charter should do which of the following?

Question222: Which of the following measurements could an auditor use in an audit of the efficiency of a motor vehicle inspection facility?

Question223: Which should the internal auditor first consider when assessing fraud risks during an engagement?

Question224: Which of the following tests would most likely help discover a fictitious invoice?

Question225: Which of the following situations undermines the independence of the internal audit activity?

Question226: An internal auditor, when planning the tests for an assurance engagement, noted certain aspects in the area under review where he believes that he can add significant value, though they have not been included within the approved scope of the engagement. What should he do?

Question227: Which of the following situations is most likely to prompt the internal audit activity to disclose its nonconformance with the Standards?

Question228: The results of an internal audit activity's (IAA) quality assurance and improvement program are favorable and an external assessment was completed within the last five years. Which of the following statements may the IAA use to describe its work?

Question229: A daily log of treasury dealers who exceeded their authorized limits serves as a:

Question230: If earnings on financial statements for internal use only have been manipulated in the past, an internal auditor is likely to focus on which of the following?

Question231: Which of the following is not a standard technique that the chief audit executive (CAE) would use to provide evidence of supervisory review of working papers?

Question232: An organization's board of directors has decided that the internal audit activity must have greater access to different parts of the organization in order to perform their assurance work effectively.
Which of the following areas is the board seeking to improve by making this change?

Question233: Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Question234: Which of the following can be used to minimize employees' resentment of controls?

Question235: Which of the following types of information would an internal auditor expect to find in the supporting documentation for a high-level accounts payable process flowchart?

Question236: Which of the following would be the best example of a monitoring control for a chain of restaurants?

Question237: Which of the following best describes the expectation for internal auditors to demonstrate due professional care when performing their work?

Question238: When comparing an organization's current performance to that of the prior year, an internal auditor found that:
Total labor costs had increased.
More overtime costs had been incurred.
The total number of workers had increased.
Net income was 10 percent lower.
Based solely on this information, which of the following is a valid conclusion?

Question239: Which of the following are core responsibilities to be included in the internal audit charter?
1. Review reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
2. Determine the adequacy and effectiveness of the organization's systems of internal accounting and operating controls.
3. Participate in the planning and performance of audits of potential acquisitions with the organization's outside accountants and other members of the corporate staff.
4. Report to those members of management who should be informed of results of audit examinations, the audit opinions formed, and the recommendations made.

Question240: Which of the following written documents typically offers the best evidence that internal auditors exercise due professional care in conformance with the Standards?

Question241: Management has asked the chief audit executive (CAE) to provide assurance on the organization's automated control system related to financial data. The current audit staff does not have the expertise needed to conduct this type of engagement. Which of the following would be the best response by the CAE?

Question242: Which of the following is an appropriate role for the internal audit activity?

Question243: Which of the following is not an advantage of face-to-face interviews over electronic surveys?

Question244: When dealing with various stakeholders which of the following is true regarding an internal auditor's responsibility to remain objective and independent?

Question245: In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be audited. What is the most likely result of that procedure?

Question246: Which of the following is a common type of payroll fraud?

Question247: A newly hired internal auditor is most likely to need further education in the area of business acumen in which of the following situations?

Question248: When performing an audit of the risk management process an auditor makes the observations listed below. Which poses the greatest risk to the organization?

Question249: Which of the following statements is correct regarding corporate compensation systems and related bonuses?
I. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control.
II. Compensation systems are not part of an organization's control system and should not be reported as such.
III. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses.

Question250: Which of the following statements describes a control failure that is not directly attributable to a customer billing application?
1. End users have raised a number of concerns regarding data integrity.
2. An untested program change is transferred from the test environment to production.
3. Purchase history does not reconcile with accounts receivable for some customers.
4. End user security is inadvertently granted to an unauthorized individual by management.

Question251: A senior executive at a government-owned organization received an invitation to attend a public exhibition where he can learn about new trucks relevant to the organization's business. As a special perk, the executive is offered an opportunity to drive a luxury vehicle manufactured by one of the exhibiting companies. Prior to the event, the executive asked for the chief audit executive s (CAE's) advice. What should the CAE recommend as the most appropriate course of action for the executive?

Question252: Which of the following statements is true regarding engagement planning?

Question253: If an internal auditor discloses confidential information in response to a lawsuit, the internal auditor has violated.

Question254: An internal audit team was assigned to review the organization's information security protocol.
After fieldwork was completed, an internal auditor identified an error in the review of security access. The error could affect the overall results of the engagement. Which of the following is the most appropriate course of action for the internal auditor?

Question255: An internal auditor has been engaged to assess fraud risks associated with a new financial software system.
Which competency would best help the auditor complete the task?

Question256: It is important for a chief audit executive to seek formal approval from the board regarding an internal audit charter so that:

Question257: An organization's sales professionals are potentially abusing the use of cellular phones, resulting in an alarming increase in telephone expenses. Which of the following controls is least likely to curb this abuse?

Question258: According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?

Question259: An organization receives the most value from an internal audit activity's enterprise-wide risk assessment when the auditor:

Question260: Which of the following organizations has reached the most mature level of corporate social responsibility?

Question261: Which of the following best describes an appropriate form of working paper standardization?

Question262: During an audit of financial contracts, an auditor learns that a relative has a substantial loan with the organization. The auditor should:

Question263: Which of the following would show appropriate disclosure of nonconformance with the Standards?

Question264: After several years in the engineering department, an engineer was transferred to the internal audit department. One month later, the new auditor was assigned to an assurance engagement for the engineering department. When the auditor's former engineering supervisor suggested a change in the sample selection method, the auditor consulted with the audit supervisor. They determined that the suggested method would not be as representative and that the original selection method should be used. In this situation, the auditor:

Question265: To determine if a new computer system is improving the use of a manufacturer's limited facilities in serving the largest number of customers, an auditor should compare.

Question266: Which of the following must be included when reporting results of a quality assurance and improvement program?

Question267: An internal auditor is preparing a draft observation based on her assessment of an accounts payable process. Which of the following is a process recommendation?

Question268: Which of the following statements is not true?

Question269: A code of business conduct provides?

Question270: A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:
Department
Risk Factor
A
B
C
Control structure
Nature of assets in department
Dollar value of assets
Complexity of transactions
Which of the following statements regarding risk in the departments is true?

Question271: According to the International Professional Practices Framework, risk is:
I. Defined as the negative effect of events that are expected to occur.
II. Measured in terms of consequences.
III. Measured in terms of likelihood.

Question272: An internal auditor makes a series of observations when performing an analytical review of division operations. The auditor notes the following things: the current ratio is increasing and the quick ratio is decreasing, sales and current liabilities have remained constant, and the number of day sales in inventory is increasing.
Which conclusion should the auditor draw from this data?

Question273: While conducting an audit, an internal auditor notices an unusual increase in sales among a small number of units within the organization. The units also experienced persistent negative cash flows despite reported earnings and earnings growth. Which type of fraud do the auditor's findings most likely indicate?

Question274: Which of the following actions is management likely to take to fulfill its corporate social responsibility objectives?

Question275: An internal auditor obtains spreadsheets created by the finance department of an organization.
The internal auditor contacts a third party about the source data that was utilized to create the spreadsheets before going on to perform a ratio analysis and a comparison of budget versus actual data. What is the most likely reason that the internal auditor involved a third party before performing further analysis?

Question276: While performing an accounts payable engagement, a senior auditor wants to conduct several tests of controls for travel expenses. Which of the following actions are most appropriate for the senior auditor to undertake?
1. Ensure all tests use a random sampling technique.
2. Consider a judgmental approach for the sample size.
3. Assess testing errors through root cause analysis.
4. Ensure that the entire data set is tested.

Question277: Which of the following is true regarding risk analysis?

Question278: Which of the following best describes the internal audit activity's responsibility within a risk and control framework?

Question279: Which type of control is designed to directly mitigate internal and external risks at the organization wide level, furthering the achievement of many overall organizational objectives?

Question280: An internal auditor would like to identify the involvement of various organizational units in handling employee travel reimbursement claims. Which of the following methods would be most effective and efficient in completing this task?

Question281: Which of the following is a role of the board of directors in the governance process?

Question282: Management of a publicly-held organization requires the internal audit activity to be involved with quarterly financial statements, which are made public and used internally. Which of the following explanations of management's decision is least plausible?

Question283: Which of the following risk management activities is most appropriate for an internal auditor to undertake?

Question284: What is audit risk?

Question285: Which of the following are appropriate ways to obtain continuous professional education?
1. Instructing at a local IIA training event.
2. Attending internal audit conferences and seminars.
3. Practicing specialized audit and consulting work.
4. Participating in research projects in internal auditing.

Question286: In order to provide the most useful information for an organization's risk management decisions, which of the following should be assessed?

Question287: When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first?

Question288: According to IIA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Question289: With regard to the internal audit activity's quality assurance and improvement program, which of the following topics would the chief audit executive include on the quarterly board meeting agenda?

Question290: Which of the following results from computer assisted audit techniques provides the most significant indication that additional audit work is needed?

Question291: Which of the following actions would be a violation of the IIA Code of Ethics?

Question292: A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts.
The purchase orders list the name of the vendor and the quantities of the materials ordered.
A possible error that this system could allow is:

Question293: Which of the following is not a role of the internal audit activity in facilitating risk identification and evaluation?

Question294: In the annual audit of the financial statements of a company with high inherent risk and a very strong control system, the external auditor may be able to allow detection risk to rise because.

Question295: The chief audit executive is revising policies relating to independence and objectivity of the internal audit activity. Which of the following would be a part of the revised policies document?

Question296: The best reason for separating the cash-receiving function from the related record-keeping function is to:

Question297: According to IIA guidance, which of the following is the most likely obstacle to undertaking a quality assurance and improvement program by the internal audit activity?

Question298: A chief audit executive (CAE) identifies that the internal audit activity lacks a necessary skill to perform a management request for a consulting engagement. According to IIA guidance, which of the following is the most appropriate action the CAE should take regarding the request?

Question299: What is the primary purpose of a fishbone diagram?

Question300: It would be appropriate for an internal audit activity to use consultants with expertise in health-care benefits when the internal audit activity is:
I. Conducting an audit of the organization's estimate of its liability for post retirement benefits, which include health care benefits.
II. Comparing the cost of the organization's health care program with that of other programs offered in the industry.
III. Training its staff to conduct an audit of health care costs in a major division of the organization.

Question301: Internal controls belong to which risk response category?

Question302: A production division received 45 responses to a customer-service survey distributed to 100 purchasing departments randomly selected from all customers who made purchases in the prior
12 months. Which of the following is the most likely reason that the division manager would be concerned about nonresponse bias in this situation?

Question303: Which of the following controls within a spreadsheet would address the risk of logic errors?
1. The spreadsheet contains formulas that foot and cross-foot data.
2. The spreadsheet is locked to protect cell formulas from being inadvertently changed.
3. Spreadsheets are included in nightly backup processes.
4. Check-in and check-out software is used to manage version control.

Question304: The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions. The CAE was an accounting manager for the organization six months ago. How should she respond to the request?

Question305: Which of the following statements best represents the due professional care that is required of internal auditors?

Question306: Which of the following options describes the reason that conformance with The IIA's Code of Ethics is mandatory for internal auditors?

Question307: Which of the following best describes the misdirection of payments on accounts receivable to an employee's bank account?

Question308: Which of the following represents the correct order of the risk management process?

Question309: With regard to governance, which of the following is a board-level responsibility rather than a management responsibility?

Question310: According to the Standards, a review team must express an opinion on which of the following when performing an external assessment of an internal audit activity?
1. Conformance with the Standards and IIA Code of Ethics.
2. Effectiveness of continuous improvement activities.
3. Feedback from internal audit customers and other stakeholder groups.
4. Efficiency and effectiveness of the internal audit activity's administration processes.

Question311: Which of the following actions by a chief audit executive would be most effective in preventing fraud?

Question312: In which of the following situations would the organizational independence of an internal audit activity be impaired?

Question313: An internal auditor must determine which components of an organization's telecommunications may introduce the greatest risk. Which of the following tasks should the internal auditor complete first?

Question314: Which of the following would be a red flag for potential issues in the control environment?

Question315: Which of the following best demonstrates the board of directors' governance over internal control?

Question316: A new director was hired to lead the internal audit activity at a small start-up company. Which of the following assignments would impair the director's independence?

Question317: Which of the following would have the least impact (either positive or negative) on an assessment of a department's control environment?

Question318: An organization has implemented a software system that requires a supervisor to approve transactions that would cause treasury dealers to exceed their authorized limit. This is an example of which of the following types of controls?

Question319: An internal auditor in a busy internal audit activity reviews her continuing professional development records toward the end of the year and is concerned to find she has undertaken limited training and formal professional development. Which of the following actions is the most appropriate for her to take?

Question320: An internal auditor is conducting an engagement in the accounts payable department, which includes expressing an opinion at the micro level. According to IIA guidance, which of the following statements is true regarding micro-level opinions?
1. They are most effective when using a combination of current and prior engagement findings to draw conclusions.
2. They typically are based on defined procedures such as those found in an accounts payable reconciliation process.
3. They are discrete and not normally shared with senior management or the board.
4. They can rely on evidence taken from the work of other assurance activities across the organization.

Question321: Which of the following is true about a system of internal control?

Question322: Which of the following would most likely be considered a red flag for fraud?

Question323: An internal auditor conducted a surprise inventory count at a warehouse of a small subsidiary. By the end of the count, it became apparent that a few items from several categories were missing.
The warehouse manager explained that he took those items for personal needs, and he said that he would provide information about other employees' wrongdoings to avoid being reported. The auditor agreed not to report the issue, which ultimately enabled her to uncover more significant losses. Which of the following statements is true regarding this situation?

Question324: Some of a company's payroll transactions were batch posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be.

Question325: Which of the following best describes the trait that an internal auditor exercises when considering the extent of work needed to achieve the engagement's objectives?

Question326: The primary objective of risk-based auditing is to assess the:

Question327: The primary reason that a chief audit executive (CAE) reviews external audit management letters and management response is to:

Question328: Which two of the following are preventive controls in a check disbursement process?
1. Daily reconciliation of the bank account used for check disbursements and prompt follow-up of un- reconciled items.
2. Segregation of the following duties: establishing new vendors, approving checks, and reconciling the bank account.
3. An activity report detailing who accesses the check disbursement system and the nature of any action taken in the system.
4. Evidence of strong access controls ensuring that authorized individuals have access only to the functions related to their responsibilities.

Question329: According to IIA guidance, which of the following is not a responsibility of the chief audit executive pertaining to documenting information to support internal audit engagement results and conclusions?

Question330: Which of the following statements is true regarding reporting results of the quality assurance and improvement program to senior management and the board?

Question331: A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA's Code of Ethics would he violate?

Question332: New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management's data and information provide:

Question333: Which of the following statements regarding segregation of duties is true?

Question334: Which of the following best describes how the increased use of computerization may impact an auditor's assessment of the risk of fraud?

Question335: According to the Standards, which of the following is not a consideration when exercising due professional care for an assurance engagement?

Question336: Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?

Question337: According to IIA guidance, which of the following is an area in which the internal auditor should be proficient?

Question338: During an audit of a major contract, an internal auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?

Question339: Which of the following statements describes a control weakness?

Question340: An internal auditor for a large computer company suspects that returned computer systems are being repackaged as new products and shipped to other customers before the defects have been repaired. Which of the following would be the most persuasive piece of evidence in support of the auditor's suspicions?

Question341: Which of the following combinations of conditions is most likely a red flag for fraud?

Question342: Once an organization's risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

Question343: The audit process used by the internal audit activity of a large wholesale clothing company does not include an engagement letter or project approval document.
The most serious consequence of this deficiency in the process is that the:

Question344: Which of the following would be the least desirable criteria against which to judge current operations of a company's treasury function?

Question345: The chief audit executive (CAE) annually develops a budget and resource plan and submits it to the board for approval. This action best fulfills which of the following responsibilities of the CAE?

Question346: A chief audit executive (CAE) conducts a quality assessment at the conclusion of an audit. Which of the following would mostly likely indicate to the CAE that the engagement team lacked some of the knowledge, skills, and competencies required to successfully perform the engagement?

Question347: Which of the following data collection strategies systematically tests the effects of various factors on an outcome?

Question348: An internal auditor failed to identify transactions between the parent organization and a subsidiary. What is the most likely reason for the failure?

Question349: An internal auditor found that his organization did not make a disclosure that is required by law.
However, the auditor decided not to raise an audit finding. Which of the following Code of Ethics principles was violated?

Question350: An organization has developed a model to determine the most profitable rate of production. The organization varies the cost of labor in the model to determine how much the changes affect the optimal production level. Which type of analysis does this scenario demonstrate?

Question351: An organization's board has approved an expansion plan into a new market. The board acknowledged that if the expansion is not successful, the organization would encounter large monetary losses consisting of legal fees, research and development costs, rent expenses, and labor fees. Which of the following has the board approved?

Question352: Which of the following engagements would be considered an appropriate consulting service?

Question353: An organization's chief audit executive (CAE) determines that the internal audit staff does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following would be the best course of action for the CAE to follow?

Question354: An internal auditor is reviewing the accounts receivable when she discovers account balances more than three years old. The auditor was previously supervising the area during this time, and she subsequently advises the chief audit executive (CAE) of a potential conflict.
Which of the following is the most appropriate course of action for the CAE to take?

Question355: A sales clerk received cash from a customer and pocketed the proceeds. He hid the act by not recording the cash receipt in the system. This is an example of which of the following types of fraud?

Question356: At the beginning of an IT development project key risks were identified and assessed and risk owners were appointed Six months later the IT development team reported that the project Is significantly over budget, it will not be completed on time and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

Question357: According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

Question358: Which of the following is the most significant disadvantage of using checklists to evaluate internal controls?

Question359: Which of the following are some of the requirements of the quality assurance and improvement program (QAIP)?

Question360: While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking.
However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Question361: Which of the following would be the most effective in helping to detect fraud?

Question362: Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?

Question363: Feedback on engagements from audit clients, annual benchmarking of the internal audit activity's (IAA's) performance against best practice, and analyses of project budgets and audit plan completion are all tools that can best be used by the IAA for which purpose?

Question364: An internal audit activity encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential engagement client. The nature of the scope limitation should be.

Question365: What is the main difference between a consulting engagement versus an assurance engagement?

Question366: Which of the following process weaknesses is most likely to cause an internal auditor the most concern about fraud risk?

Question367: An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if.

Question368: Which of the following internal auditor attributes are affected by a conflict of interest?

Question369: When a chief audit executive holds responsibility for risk management beyond internal auditing, which of the following scenarios would allow the organization's internal audit activity to provide services related to risk management?

Question370: Click the Exhibit.

Internal auditors are asked to keep track of how many hours per day they spend planning the audit, conducting the engagement, and writing the audit report. The data for two days has been collected as follows:
Day 1
Day 2
Planning the audit
2 hours
3 hours
Conducting the engagement
1 hour
1 hour
Writing the audit report
2 hours
4 hours
Which of the following graphs depicts the data accurately?

Question371: Who has the ultimate responsibility of implementing the organization's governance system?

Question372: The chief audit executive (CAE) of a small internal audit activity (IAA) performs all high-risk engagements on the annual audit plan to make use of his knowledge and experience and to maximize the efficient use of audit resources. Which of the following statements is most relevant regarding this practice?

Question373: An engagement supervisor noted that an internal auditor's personal relationship with a process owner resulted in the auditor providing a favorable and partial assessment during an audit within that process owner's area. According to IIA guidance, which of the following should be used to manage this impairment?

Question374: Which is the least effective form of risk management?

Question375: Which of the following would a chief audit executive most likely use to identify a need for improvement in a staff internal auditor's business acumen?

Question376: The chief audit executive (CAE) routinely provides activity reports to the board during quarterly board meetings. Senior management has asked to review the CAE's board presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE should:

Question377: If management has not established a risk management process, the internal audit activity could.

Question378: Management has requested that the internal audit activity perform a consulting engagement to review fraud prevention programs. Which of the following is a Standards requirement to accept and perform the consulting engagement?

Question379: An internal auditor in a small broadcasting organization was assigned to review the revenue collection process. The auditor discovered that some checks from three customers were never recorded in the organization's financial records. Which of the following documents would be the least useful for the auditor to verify the finding?

Question380: Which of the following would provide the best assessment of an organization's ethical climate?

Question381: According to IIA guidance, which of the following best describes how risks are measured?

Question382: Which of the following actions would best help the internal audit activity promote continuous improvement in control effectiveness within the organization?

Question383: In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity's QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards. Considering the two assessments, what would be the internal audit activity's current state of conformance with the Standards?

Question384: According to IIA guidance, which of the following are macro-level audit activities performed for an assurance engagement of the purchasing department?
1. Obtain and review all purchasing-related audit reports issued within the past year.
2. Meet with the quality assurance group to discuss its previous reports of any purchasing-related findings.
3. Review a memo written by the purchasing manager that outlines ongoing problems with the purchasing software.
4. Request a copy of the report from a purchasing audit conducted last year by an external service provider.

Question385: Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

Question386: Which of the following statements is true regarding an organization's code of ethics?

Question387: Which of the following would be an appropriate outcome of a quality assurance and improvement program in an internal audit activity?
1. Modification of resources.
2. Corrections to procedures.
3. Changes in processes.
4. Implementation of new technology.

Question388: Which of the following would provide the best guidance to a chief audit executive who is setting internal audit staff requirements?

Question389: Which of the following techniques would best assist an internal auditor in evaluating the efficiency of a wholesale grocery distributor`s process to fill and package orders for shipping?

Question390: A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management. Which of the following would be the most appropriate action for the CAE to take?

Question391: Which of the following scenarios exemplifies a potential internal control weakness?

Question392: An organization's chief audit executive (CAE) has been asked to monitor and report on any violations of the organization's code of conduct. The CAE should:

Question393: Using the internal audit department to coordinate regulatory examiners' efforts is beneficial to the organization because internal auditors can:

Question394: A chief audit executive (CAE) for a specialty retailer is asked by management to review the controls in place to manage their electronic funds transfer process.
The internal audit activity has no experience with similar engagements. What is the most appropriate course of action for the CAE to take?

Question395: When can an internal audit activity use the statement, "Conforms with the International Standards for the Professional Practice of Internal Auditing"?

Question396: According to IIA guidance, which of the following statements is true regarding the internal audit activity's quality assurance and improvement program (QAIP)?

Question397: A large trucking organization wants to reduce traffic accidents by improving its system of internal controls.
Which of the following controls is correctly classified?
1. Review of speeding violations to identify repetitive locations and drivers is an example of a preventive control.
2. Defensive driver training is an example of a directive control.
3. The installation of tracking devices in delivery vehicles is an example of a corrective control.
4. Providing a vehicle driver handbook is an example of a detective control.

Question398: Which of the following processes or tools can be used as ongoing internal assessments of the performance of the internal audit activity?
1. Analyses of audit plan completion and cost recoveries.
2. Selective peer reviews of work papers by staff involved in the respective audits.
3. Self-assessment of the internal audit activity with on-site validation by a qualified independent reviewer.
4. Feedback from audit customers and stakeholders.

Question399: A company has established its environmental audit activity as part of its legal department rather than part of its internal audit activity, which reports to the audit committee. The board has requested that the chief audit executive (CAE) provide an annual opinion on whether environmental risks are being properly addressed.
In these circumstances, the CAE should recommend to the audit committee that the internal audit activity:

Question400: A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

Question401: The chief audit executive needs to revise the internal audit activity's (IAA) charter. The revision must address the element of authority.
Which of the following statements meets this requirement?

Question402: Which of the following is not an appropriate control related to sales in a manufacturing company?

Question403: Which of the following is the best example of a strategic objective?

Question404: A chief audit executive (CAE) is planning to issue an annual report concluding on the overall effectiveness of the organization's internal control system. According to the Standards, which of the following is likely the most significant challenge facing the CAE when creating the report?

Question405: Which of the following statements best describes internal auditors' role in fraud detection?

Question406: According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

Question407: Noncompliance with which of the following would cause a control deficiency related to privacy protection practices?
I. An organization's internal privacy policies.
II. Financial accounting standards.
III. Privacy laws and regulations.
IV. The Standards.

Question408: Which of the following scenarios best demonstrates the concept of corporate social responsibility?

Question409: All of the following would normally be involved in preparing for and carrying out the internal audit activity's annual plan except:

Question410: Which of the following is most likely to function as a directive control?

Question411: Which of the following controls is not appropriate for sales in a manufacturing organization?

Question412: What is the primary purpose of The IIA's Code of Ethics?

Question413: At the start of an internal audit engagement, the chief audit executive (CAE) discovered that one of the internal auditors on the assignment is a business partner and distant family member of the staff member directly responsible for the area under review. Given that budgeted hours and staff are limited, what would be the most appropriate action by the CAE to manage the threat to objectivity?

Question414: Which of the following is an activity that an internal auditor must not perform?

Question415: The director of purchasing, a certified internal auditor (CIA), signs a contract to procure a large order from a supplier whose products provide the best price, quality, and performance. A few days after signing the contract, the supplier presents the CIA with $1, 000 as a gift. Which statement regarding acceptance of the money is correct?

Question416: Which of the following would be a violation of the objectivity of a certified internal auditor?
1. Accepting a motivational book from a major vendor.
2. Attending a professional sporting event as the guest of a corporate supplier.
3. Performing an internal audit engagement for a division 18 months after having controllership responsibility for that division.
4. Designing and implementing a corporate-wide utilities cost containment program.

Question417: At the beginning of fieldwork in an audit of investments, an internal auditor noted that the interest rate had declined significantly since the engagement work program was created. The auditor should:

Question418: Which of the following is the most effective strategy to manage the risk of foreign exchange losses due to sales to foreign customers?

Question419: A chief audit executive (CAE) was asked by senior management to establish and manage a risk management function. A new chief risk officer was hired a year later to assume these responsibilities. As this function was included in the current annual audit plan, the CAE engaged an external resource for a risk management engagement. Which of the following potential threats to objectivity was the CAE likely addressing?

Question420: Which of the following situations would most likely result in the auditor in charge (AIC) recommending that the staff auditor further investigate non-compliant items?

Question421: In a small organization, management is unable to achieve adequate segregation of duties for its cash-handling procedures Therefore hidden surveillance cameras were installed to monitor cash-handling activities Which of the following best describes this type of control?

Question422: In order for an internal auditor to assess the opportunity for fraud to occur in an organization, which of the following does the auditor first need to understand?

Question423: Suspecting fraud, the chief financial officer (CFO) asked the internal audit activity to investigate a significant increase in travel related expenditures. Work was performed by a qualified internal auditor. Following the completion of the engagement, the chief audit executive (CAE) reported to the CFO that no violations were found and no fraud had occurred.
According to the Standards, which of the following principles did the CAE violate?

Question424: When an external auditor unknowingly fails to modify an opinion on financial statements that are materially misstated, this is an example of:

Question425: According to IIA guidance, which of the following is accurate regarding the chief audit executive's (CAE's) requirement to report the results of quality assessments?
1. The CAE must report the results of external assessments at least annually.
2. The CAE must report the results of ongoing monitoring at least annually.
3. The CAE must report the results of quality assessments to senior management.
4. The CAE must report the results of quality assessments to the board.

Question426: An organization references a customer order with an approved customer file and credit limit before accepting an order. Which type of control does this process exemplify?

Question427: Which of the following actions should an internal auditor take to exercise due professional care?
1. Consider the probability of significant noncompliance in each audit engagement.
2. Weigh the cost of assurance against the benefits.
3. Perform assurance procedures with sufficient care to ensure that all risks are identified.

Question428: In which of the following circumstances would an internal auditor not need to search for other signs of fraud?

Question429: A product manager occasionally overrides established purchasing policies in order to expedite the introduction of new products in a competitive industry. The manager's overrides are:

Question430: While conducting an IT audit engagement, an internal auditor is offered a position in the IT department. If she accepts the position, which of the following situations would cause the greatest concern regarding objectivity?

Question431: Which type of objectives can best be described as broad goals that promote the effective and efficient use of resources?

Question432: When performing benchmarking during the planning phase of a performance audit, an internal auditor should:

Question433: Which of the following processes should be included in a benchmarking activity?
I. Identify key measures.
II. Collect data on performances and practices.
III. Identify opportunities for improvement.

Question434: Which of the following statements regarding organizational governance is not correct?

Question435: During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

Question436: According to IIA guidance, which of the following most appropriately justifies the CEO's decision that the internal audit activity shall be responsible for risk management and investigation at a multinational organization?

Question437: Which of the following best describes why a chief audit executive might obtain the services of a fraud specialist to assist in a major fraud investigation'?

Question438: Which of the following best illustrates the principle of due professional care?

Question439: Which of the following would be the most effective method for an internal auditor who is attempting to detect ongoing fictitious vendor fraud?

Question440: Which of the following qualifies as an acceptable consulting service provided by the internal audit activity?

Question441: What is the best course of action when the internal audit activity does not have the knowledge necessary to perform a planned audit of the organization's new IT data backup process?

Question442: Which segregation of duties would best reduce the risk of payroll fraud?

Question443: The results of an assessment of the adequacy of controls would be considered incomplete or misleading unless the internal auditor considers which of the following?

Question444: Which of the following statements is true regarding corporate social responsibility (CSR)?

Question445: An external quality assurance review which was authorized by the chief audit executive (CAE) indicated significant findings from the Standards. To whom should the final results of the quality assurance review be reported?

Question446: According to IIA guidance, which of the following best describes processes and tools typically used in ongoing internal assessments?

Question447: Which of the following describes the most appropriate match between a potential temporary guest auditor candidate and an upcoming audit assignment?

Question448: Which of the following criteria must be met when appointing an external assessor to conduct a quality assessment of an internal audit activity?

Question449: Nearing the completion of fieldwork, an internal auditor shared the draft report findings with management prior to the closing meeting. During the closing meeting, management expressed dissatisfaction in that they were not familiar with some of the findings. Management also noted that some aspects of the report seemed confusing. Which of the following competencies appears to have been lacking in this scenario?

Question450: Which of the following relates to the concept of due professional care?

Question451: As part of a fraud investigation by regulators, a court order was issued to a bank. The court order requested the chief audit executive (CAE) to provide access to a number of audit reports and workpapers, some of which included customers' confidential information such as transaction activity and other personal details. What is the appropriate response by the CAE?

Question452: According to IIA guidance, which of the following is true with regard to the internal audit charter?
1. It specifies the minimum resources needed for assurance engagements.
2. It requires final approval from senior management.
3. It defines the internal audit activity's authority and responsibilities.
4. It describes the expectations for communicating the results of a quality assurance and improvement program.

Question453: Which of the following is a benefit from reduced testing during a particular phase of an audit engagement?

Question454: Considering the concepts of organizationwide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Question455: When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?
1. Subsequent change orders increase requirements for low-bid items.
2. Material contract requirements are different on the actual contract than on the request for bids.
3. A high percentage of employees are charged to indirect accounts.
4. Losing bidders are hired as subcontractors.

Question456: Which of the following conditions is the most likely indicator of fraud?

Question457: According to IIA guidance, which of the following statements is true regarding the reporting of results from a quality assurance and improvement program review of the internal audit activity?

Question458: The chief audit executive's responsibility regarding control processes includes:

Question459: Which of the following roles, if undertaken by an internal auditor, would have the greatest potential for conflict with the Standards regarding objectivity?

Question460: According to IIA guidance, which of the following must internal auditors consider to conform with the requirements for due professional care during a consulting engagement?
1. The cost of the engagement, as it pertains to audit time and expenses in relation to the potential benefits.
2. The needs and expectation of clients, including the nature, timing, and communication of engagement results.
3. The application of technology-based audit and other data analysis techniques, where appropriate.
4. The relative complexity and extent of work needed to achieve the engagement's objectives.

Question461: According to IIA guidance, which of the following actions by the chief audit executive (CAE) best demonstrates the organizational independence of the internal audit activity?

Question462: During an internal audit, an organization's processing department is found to have incidences of both duplicate invoices and notices from customers that purchased goods were not received. The department under review insists that some of these reports are false and that others were isolated oversights due to understaffing.
Which of the following tests would best help the internal auditor detect fraudulent activity?

Question463: Which of the following statements best explains why internal auditors map processes?
1. To obtain audit evidence to support auditor's observations.
2. To determine scope and objectives of the audit.
3. To facilitate the identification of ownership and responsibility for key risks.
4. To identify potential efficiency improvements.

Question464: Which of the following control methods is effective in reducing the risk of purchasing-scheme fraud?
1. Periodically reviewing the vendor list for unusual vendors and addresses.
2. Segregating duties for amount purchasing, receiving, shipping, and accounting.
3. Validating sequential integrity of purchase orders.
4. Verifying the validity of invoices with post office box addresses.

Question465: During engagement planning, the engagement supervisor recommended that the amount of time originally budgeted for the engagement should be expanded due to the engagement's complexity and materiality. This scenario is an example of which of the following?

Question466: Which of the following internal control components has COSO identified as the most important?

Question467: At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?

Question468: The largest risks facing an organization should be mitigated by which type of controls?