EMT Practice Test

1. Question Content...


Question List

Question1: According to HA guidance, which of the following is true regarding independence and objectivity for small internal audit activities?

Question2: Which of the following is an example of a risk reduction strategy?

Question3: A new company's risk management function is developing its cybersecurity risk management program Which of the following actions should be the first priority when developing the program?

Question4: During fieldwork, an internal auditor located a significant internal control issue. Without identifying the origins of the issue, the auditor concluded the engagement and included the issue in the final audit report. To enhance audit quality, which of the following skills should the internal auditor improve?

Question5: Which of the following should play a leading role in overseeing ihe ethical atmosphere of an organization?

Question6: According to IIA guidance, which of the following training methods is considered most effective in assisting new entry-level internal auditors in achieving competence with internal audit practices in the workplace?

Question7: Which of the following is the most appropriate way to ensure that a newly formed internal audit activity remains free from undue influence by management?

Question8: Which of the following actions should the organization's governing body perform to provide the most effective governance over the organization's culture?

Question9: A chief audit executive (CAE) has been asked by the board to evaluate the effectiveness of ethical programs created by management. Which of the following would be the most appropriate action for the CAE to take?

Question10: According to MA guidance, which of the following best describes how often the chief audit executive should review the quality assurance and improvement program of the internal audit activity?

Question11: Which of the following options describes the reason that conformance with The IIA's Code of Ethics is mandatory for internal auditors?

Question12: Which of the following tools would be most useful to an internal auditor performing an assessment of the effectiveness of the organization's risk responses?

Question13: An accounts payable clerk has recently transferred Into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible Which of the following is the best action for the new internal auditor to take?

Question14: During the audit of taxation processes in the organization internal auditors have verified that all employees of the finance department received training on taxation guidelines. The training is mandatory and is automatically assigned via email invitation to all new employees in the department. Which type of controls have the auditors tested?

Question15: Which of the following statements is true regarding management's use of judgement to design, implement, and conduct internal control?

Question16: Which of the following statements is true regarding organizational independence of the internal audit activity (IAA)?

Question17: Which of the following statements is true regarding how the scope of a consulting engagement should be established?

Question18: The auditor's aunt has been working in management of the area under review for a considerable amount of time.
Which of the following would best assist the internal auditor in this situation?

Question19: Which of the following would an internal auditor expect to find within an organization's internal control framework?

Question20: A chief audit executive (CAE) is considering hiring a candidate who most recently worked for a large public accounting firm What would be the CAE's most likely concern regarding this candidate*?

Question21: While auditing an organization's credit approval process, an internal auditor learns that the organization has made a large loan to another auditor's relative. Which course of action should the auditor take?

Question22: According to IIA guidance, which of the following actions best demonstrates due professional care by an internal auditor when she discovers a number of fraud-related red flags during an audit engagement?

Question23: Which of the following is true with regard to an organization's risk management practices?

Question24: According to IIA guidance, which of the following statements is true regarding consulting engagements performed by the internal audit activity?

Question25: According to IIA guidance, a new internal auditor is expected to possess which of the following competencies?

Question26: The board of a newly established organization was discussing the contents of the draft internal audit charter One board member suggested adding to the charter an obligation for the internal audit activity to develop controls in business procedures. The board member explained that the new organization needs professional- level developers, internal auditors have the necessary skills and competencies, and the internal audit activity is well positioned to assume this responsibility. Which of the following would be a potential concern if the board member's suggestion is adopted?

Question27: In which of the following ways can a whistleblower hotline serve as a prevent

Question28: According to IIA guidance, which of the following statements regarding ethics is true?

Question29: According to NA guidance, which of the following practices by the chief audit executive (CAE) best enhances the organizational independence of the internal audit activity?

Question30: Which of the following situations presents the lowest risk of impairing an internal audit activity's independence?

Question31: Which of the following best demonstrates internal auditors performing their work with proficiency?

Question32: Which of the following best describes a responsibility of the board of directors with regard to risk management throughout the organization?

Question33: Which of the following is the best example of a computer forensic audit activity?

Question34: Management assessed the organization's risk of expanding operations into a new, but volatile, region and began looking for a compatible local partner to manage sales and distribution. Which of the following best describes this risk management technique?

Question35: According to IIA guidance, which of the following is the most accurate statement regarding the internal audit charter?

Question36: Which of the following should an internal auditor take into consideration when making a judgement regarding whether management selected appropriate risk responses?

Question37: Which of the following describes an ongoing monitoring activity that could be performed as part of an internal assessment for a quality assurance and improvement program (QAIP)?

Question38: Which of the following scenarios best illustrates the Fraud Triangle component known as "perceived opportunity"?

Question39: Which of the following should be considered in developing a risk and control model for use in an engagement?

Question40: Which of the following is (he most effective way any organization can ensure proper governance over its internal controls?

Question41: During an audit engagement of a large retail store, internal auditors noted significant discrepancies between available inventory and sales and suspect an abuse of cash register refunds and voids. Which of the following would be the most effective preventative control to reduce these losses?

Question42: Which of the following situations undermines the independence of the internal audit activity?

Question43: IT management requires all employees in the IT department to attend annual training on the department's mission values and key performance measures This activity is designed to prevent which of the following conditions?

Question44: Which of the following is the best way for internal auditors to demonstrate their proficiency to effectively carry out their professional responsibilities?

Question45: Which of the following best describes the internal audit activity's responsibility within a risk and control framework?

Question46: Which of the following statements is true regarding an organization's code of ethics?

Question47: Which of the following best demonstrates organizational independence of the internal audit activity?

Question48: Which of the following is a way to demonstrate an individual internal auditor's competency through continuing professional development?

Question49: Which of the following drivers of fraud is directly controllable by an organization?

Question50: During an assurance engagement, an internal auditor uses benchmarking research to support preparation of a report to stakeholders that contains significant findings about control deficiencies. Which of the following skills did the auditor demonstrate?

Question51: Which of the following is an example of corruption?

Question52: Which of the following would best assist the internal audit activity in assessing whether an organization's responses to risk are aligned with its risk appetite?

Question53: Which of the following concepts is emphasized in the Mission of Internal Audit?

Question54: Which of the following statements is true regarding the disclosure of results of the quality assurance and improvement program?

Question55: An internal auditor extended the scope of testing for a disbursements engagement following a fraud risk assessment Despite the investment of additional audit resources no significant issues were found Unfortunately a major payment fraud was discovered several months later According to IIA guidance which of the following statements is true regarding the internal auditor's application of due professional care?

Question56: According to IIA guidance, which of the following is an appropriate role for the internal audit activity?

Question57: Which of the following best describes a consulting engagement rather than an assurance engagement?

Question58: An internal auditor has documented several instances in which management asked employees to ad against the policies and procedures. Which of the following is the most appropriate next step?

Question59: Which of the following activities best ensures that internal auditors grow professionally in alignment with current industry trends to meet the expectations of primary stakeholders?

Question60: Which of the following activities best demonstrates an internal auditor's commitment to developing professional competencies?

Question61: A new internal auditor was recently recruited to the internal audit activity from the organization's finance department. What is likely to be the chief audit executive's greatest concern regarding assigning the new auditor to upcoming audits in the finance department?

Question62: Following a quality assurance review of a small internal audit activity, the external reviewer and the chief audit executive (CAE) cannot agree on the importance of several deficiencies noted during the review. Which of the following would be the most appropriate next step for the reviewer to take?

Question63: An internal auditor wants to compare her organization's governance processes to those of a well-known governance model. Which of the following approaches would the auditor take for this purpose?

Question64: Which of the following statements is true regarding corporate social responsibility (CSR)?

Question65: Which of the following is a role internal auditors should undertake related to risk management?

Question66: Which of the following would the chief audit executive be required to disclose in the communication of quality assessment results to senior management and the board?

Question67: According to the Standards, which of the following demonstrates the proficiency of an internal auditor?

Question68: An organization opened its warehouse to sell written-off surplus and outdated office furniture to the general public. Prices were negotiable, and customers could pay by cash, check, or credit card. Receipts were available upon request, and were issued by the inventory manager upon collection of payment. At the end of the day, the manager forwarded all of the funds he had collected to the finance department for deposit. Which of the following types of fraud is most likely to occur under these circumstances?

Question69: The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigate. Which of the following would most likely be the next step?

Question70: What is the primary reason a chief audit executive should dedicate time and resources to support continuing professional development of internal audit staff?

Question71: Which of the following statements is the most appropriate example of the internal audit activity exercising due professional care during an audit of the payroll department?

Question72: Which of the following types of fraud tests would be most effective if an internal auditor was looking for possible fictitious vendors?

Question73: Which of the following practices, applied by the chief audit executive {CAE), most likely indicates an effective continuing professional educational program for the internal audit activity?

Question74: While conducting an engagement in the procurement department, the internal auditor noticed that the department head's travel reports showed minor travel expenses, and there were no charges for hotels, meals, or transportation. However, the auditor knew that the department head frequently traveled worldwide to meet with suppliers and visit their production sites. Which of the following would be the most appropriate next step for the auditor?

Question75: Evidence discovered during the course of an engagement suggests that multiple incidents of fraud have occurred. There do not appear to be sufficient controls in place to prevent reoccurrence. Which of the following is the internal auditor's most appropriate next step?

Question76: Prior to commencing a financial compliance engagement, the engagement supervisor reads the business plan for the finance department and meets informally with the director to learn more about any key issues. Which of the following competencies is the engagement supervisor demonstrating?

Question77: The internal audit activity is undergoing a self-assessment as part of its quality assurance and improvement program Which of the following observations must be addressed in order for the internal audit activity to achieve conformance with the Standards?

Question78: Which of the following survey questions would be most effective to identify ethics violations within the organization?

Question79: Which of the following is a true statement regarding whistleblowing?

Question80: Which of the following is most accurate concerning corporate social responsibility?

Question81: During a payroll audit, the internal auditor discovered that several individuals who have the same position classification as he are earning a significantly higher salary. The auditor noted the names and amounts of each, and he planned to prepare a request to the chief audit executive for a salary increase based on this information. Which of the following IIA Code of Ethics principles was violated in this scenario?

Question82: Which of the following internal controls best mitigates the risk of corruption schemes between employees and vendors?

Question83: In an internal audit charter, which of the following statements regarding the chief audit executive (CAE) would be most directly related to describing the responsibilities of the internal audit activity*?

Question84: For a high-risk observation, which is the best approach to follow when management takes an aggressive, uncompromising position in opposition to the internal audit activity?

Question85: Who is responsible for setting the risk appetite?

Question86: Considering the concepts of organization wide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Question87: An existing Internal audit charter is currently under review for revision. Who is responsible for assuring that all required components are included?

Question88: An internal auditor in a newly established internal audit activity identifies many control weaknesses and raises a number of high-priority recommendations in her first few audit engagements. The internal auditor is concerned that there seems to be a poor understanding by management of risk and control. Which of the following is the most likely reason for this?

Question89: An internal auditor is assessing how the organization processes financial transactions and whether written policies and procedures are followed. The auditor requested to meet with certain employees to understand their related roles and responsibilities. However the employees refuse to meet with the auditor claiming they are too busy. Which of the following responses would best demonstrate the auditor's conflict-resolution skills?

Question90: An organization is conducting a fraud risk assessment as part ol its risk management program. Which of the following steps is the organization most likely to perform first?

Question91: Which of the following actions would an internal auditor perform primarily during a consulting engagement of a debt collections process?

Question92: According to IIA guidance, which policy, established by the chief audit executive, would most likely ensure internal audits are conducted with due professional care?

Question93: In which of the following ways could stakeholders be engaged in corporate social responsibility efforts?

Question94: An internal auditor was assigned to work in the procurement department for six months to gam m-depth knowledge about the procurement process. Which of the following personnel development practices was applied in this situation?

Question95: Regarding the chief audit executive (CAE). which ot the following is considered an impairment to the independence of the internal audit activity?

Question96: Which of the following frauds is most likely to occur in the accounts payable function?

Question97: Management authorizes internal audit only to view production reports that are built into the system.
How can the chief audit executive create buy-in with management and attain the access required for the engagement?

Question98: The chief audit executive (CAE) planned an in-person group training to help internal auditors perform onsite inspections of an automobile manufacturing facility. The training would have allowed the auditors to better understand the production of the organization's automobiles. However, a global health crisis has impacted the training by prohibiting in-person contact at the facility. Which of the following could the CAE use to provide auditors with a better understanding of the organization s production process?

Question99: Which of the following is an appropriate role for the internal audit activity?

Question100: A chief audit executive (CAE) has no direct access to the board. According to IIA guidance, which of the following is the most appropriate way for the CAE to react?

Question101: Which of the following is an indicator that the internal audit activity does not fully conform with the Standards?

Question102: Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?

Question103: Which of the following demonstrates that the internal audit activity exercises due professional care?

Question104: According to IIA guidance, which of the following would be included in an internal audit charter to help establish the authority of the internal audit activity?

Question105: What would be the proper sequence of steps for an internal auditor to take in order to draw a conclusion on internal control effectiveness and adequacy after ascertaining the key controls?

Question106: Which of the following is true about a system of internal control?

Question107: Which of the following is a typical characteristic of an organization's risk management framework?

Question108: Which of the following would best describe a control implemented to detect cash register disbursement fraud in a large retail store?

Question109: Which of the following is a preventive control the organization could implement to mitigate fraudulent activity in the accounts payable department?

Question110: An electrician visits a client to assess the scope of work. After the visit, the sales office compiles and sends the client a proposal based on the electrician's estimation and approved price list. The internal auditor notices that in the last six months, the number of cancelled proposals has increased substantially. Which of the following is a fraud risk scenario that the auditor should consider in this situation?

Question111: According to IIA guidance, which of the following should be formally documented in the internal audit charter?

Question112: An organization's operations management is aware of existing internal control deficiencies but they lack the competency to execute internal control measures. Which of the following actions if taken by the internal audit activity is appropriate to assist operating management in achieving continuous improvement on internal controls?

Question113: Which of the following types of policies best helps promote objectivity in the interna! audit activity's work?

Question114: The chief audit executive (CAE) has assigned an internal auditor to an upcoming engagement. Which of the following requirements would most likely indicate that the internal auditor was assigned to an assurance engagement?

Question115: Which of the following conditions classifies an engagement as a consulting service provided by the internal audit activity?

Question116: A newly hired internal auditor is performing an engagement that requires significant IT expertise that he does not possess. If the auditor does not alert the chief audit executive about his lack of expertise and decides to perform the engagement anyhow, which principle of the IIA's Code of Ethics would he violate?

Question117: Which of the following would be considered advanced expertise which most internal auditors are not expected to possess'?

Question118: An internal auditor is reviewing employee travel expenses from the previous six months for fraud. Which of the following tests would best detect instances where personal travel has been claimed?

Question119: During an assurance engagement the internal audit team discovers that employees performing a control do not understand the principles behind it. Before the engagement concludes, at management's request the audit team facilitates several formal training sessions to help explain those principles to the employees. Which of the following best describes the engagement provided by the internal audit activity in this scenario?

Question120: Which of the following would be an important aspect of an internal auditor's role in fraud management?

Question121: Which of the following scenarios would cause a chief audit executive (CAE) to immediately discontinue using any statements that would indicate conformance with the Standards in an audit report?

Question122: In which of the following scenarios would the chief audit executive (CAE) be required to decline the assignment?

Question123: Which of the following would be Included in ongoing monitoring of the performance of the internal audit activity?

Question124: During the planning stage of an assurance engagement, a payroll clerk informed the internal auditor that he is often asked to add new employees to the payroll without any formal new-hire documentation from human resources. The auditor is concerned that this increases the risk for fraud. To complete engagement planning, which of the following is the most appropriate next step for the auditor to take?

Question125: In which of the following scenarios is the internal auditor in conformance with The IIA's Code of Ethics and the Standards?

Question126: The chief audit executive (CAE) is drafting the annual internal audit plan and seeks input from senior management and the external auditor prior to submitting it for approval to the board. According to MA guidance, which of the following statements is true regarding this scenario?

Question127: Which of the following describes a primary responsibility for the internal audit activity in helping management maintain effective controls?

Question128: According to MA guidance, which of the following is true with regard to the internal audit charter?
1. It specifies the minimum resources needed for assurance engagements.
2. It requires final approval from senior management.
3. It defines the internal audit activity's authority and responsibilities.
4. It describes the expectations for communicating the results of a quality assurance and Improvement program.

Question129: Which of the following engagements would be considered an appropriate consulting service?

Question130: Which of the following statements best represents the duo professional care that is required of internal auditor's?

Question131: Which of the following best describes the differences between internal auditors and external auditors?

Question132: Upon completion of an external assessment as part of the quality assurance and improvement program (QAIP), the chief audit executive (CAE) reported the results to senior management and the board The CAE included the following elements in the report
- Qualifications and independence of me external assessment team
- Conclusions of assessors
- Corrective action plans
How should the CAE improve the aforementioned approach to reporting the resets of QAIP?

Question133: Which of the following statements describes the activities performed by the internal audit activity to fulfill the Mission of Internal Audit?

Question134: A significant number of employees expressed concerns of a hostile work environment within a large manufacturing plant, which is in contrast to the organization's stated culture of tolerance and open communication. Which of the following approaches would be most effective for an internal auditor to assess whether the organization supports a culture of tolerance and open communication?

Question135: Which of the following is a true statement regarding controls such as ethical values, tone at the top and operational style?

Question136: An organization's board of directors has decided that the internal audit activity must have greater access to different pans of the organization in order to perform their assurance work effectively Which of !he following areas is the board seeking to improve by making this change?

Question137: The internal audit activity is asked to provide consulting services regarding the risks related to implementing a proposed new Inventory management system. Which of the following would be a key consideration of the internal audit activity in accepting this engagement?

Question138: Which of the following is a primary benefit of implementing a governance risk management and compliance framework within an organization?

Question139: An organization is in the process of hiring a new chief audit executive (CAE). Which of the following can the potential candidates expect to be a part of the recruiting process or in place when the CAE is hired?

Question140: Which data analytics competency is critical for new internal auditors to possess in order to plan and perform internal audit engagements in conformance with the Standards?

Question141: Which of the following best describes the internal audit activity's contribution to the implementation of the risk management framework?

Question142: Which of the following is an indicator that the organization s risk management process is effective?

Question143: Which of the following best demonstrates organizational independence of the internal audit activity?

Question144: Which of the following engagement areas would allow the internal audit activity to assess organizational governance?

Question145: In which of the following scenarios would it be appropriate for the chief audit executive (CAE) to report that the internal audit activity conforms with the Standards?

Question146: An organization has limited resources to spend on corporate social responsibility initiatives. Which is the most suitable approach to determine how these resources should be used?

Question147: When a plant manager from within the organization is hired as a rotational internal auditor within the internal audit activity which area should he most likely be trained for immediately?

Question148: Which of the following is the best way for an internal auditor to demonstrate due professional care?

Question149: A subsidiary of the organization was preparing for an initial public offering (IPO). Af the request of the audit committee, the chief audit executive (CAE) and all senior audit staff were actively involved in the process by helping collect and validate financial data, conducting assessments, and participating in meetings with IPO advisors. Six months later, it became obvious that the IPO had to be canceled. Newly appointed audit committee members requested an assurance engagement that v/ould assess the IPO preparation process.
Which of the following would be the best course of action for the chief audit executive (CAE) to take?

Question150: According to NA guidance, which of the following conditions would enhance the independence of the internal audit activity?

Question151: In which of the following audits would the internal auditors most likely contribute to the assessment of organizational governance?

Question152: As a result of a high-profile processing error, respective business unit managers are implementing new controls. The internal audit team was asked for their advice regarding the controls. The objective of this consulting engagement would be determined by which of the following?

Question153: Which of the following best demonstrates that the internal audit activity is using due professional care?

Question154: Which of the following would best serve to deter unethical behavior and encourage internal auditors to be objective in their work?

Question155: Which of the following is true for consulting engagements'?

Question156: Which of the following would provide the best support for internal auditors to meet their continuing professional development requirements?

Question157: Which of the following is true regarding risk analysis?

Question158: Which of the following would be most helpful to measure whether an internal audit activity successfully provides risk-based assurance?

Question159: According to IIA guidance, which of the following is the strongest indicator of deficiencies in the risk management process?

Question160: A chief audit executive has reported to the board that the internal audit activity is lacking financial accounting knowledge for specific audit projects. Upon approval from the board which of the following hiring approaches is best in this situation?

Question161: Which of the following can be used to minimize employees' resentment of controls?

Question162: In the COSO internal control framework, which of the following components serves as the foundation for the other components?

Question163: Which of the following is a consulting service the internal audit activity can perform with respect to the organization's risk management?

Question164: Which of the following is considered to be a threat to the internal auditor's objectivity?

Question165: The manager of the payroll department requested a review of the payroll process, but only wants the engagement to include processes related to approval of time worked. What type of activity is this?

Question166: Which of the following best demonstrates that an internal auditor is applying due professional care when planning an assurance engagement?

Question167: According to IIA guidance, which of the following statements is true regarding internal auditors' knowledge, skills and other competencies?

Question168: Which of the following is true regarding the stakeholder theory of corporate social responsibility?

Question169: According to The IIA's Competency Framework, which competency is considered the mandatory minimum for internal auditors to possess when performing internal audit engagements?

Question170: According to NA guidance, which of the following is true regarding typical fraud schemes?
1. A diversion occurs when an employee has an undisclosed personal economic interest in a transaction that adversely affects the organization.
2. Tax evasion is intentional reporting of false or misleading information on a tax return by an organization to reduce taxes owed.
3. Skimming involves stealing cash or assets from the organization and is normally concealed by adjusting the organization's records.
4, Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services.

Question171: For a new board chair who has not previously served on the organization's board, which of the following steps should first be undertaken to ensure effective leadership to the board?

Question172: In its five years of existence, an internal audit activity conducted a single internal assessment of its quality assurance and improvement program (QAIP). The results of that assessment showed that the internal audit activity did not conform with the Standards. Prior to this, an external assessment of the internal audit activity's QAIP was conducted, which reported that the internal audit activity was in conformance with the Standards.
Considering the two assessments, what would be the internal audit activity's current state of conformance with the Standards?

Question173: When issuing his department's performance report, a sales director in an insurance company knowingly fails to correct the reserves for unearned income that resulted from cancellations of policy subscriptions. This could be considered which of the following types of fraud?

Question174: Which of the following situations would best indicate to the chief audit executive that one of the audit team members is struggling with application of due professional care?

Question175: Which of the following skills is most important for an internal auditor who facilitates control self-assessment workshops to possess?

Question176: According to IIA guidance, which of the following corporate social responsibility (CSR) evaluation activities may be performed by the internal audit activity?
1. Consult on CSR program design and implementation.
2. Serve as an advisor on CSR governance and risk management.
3. Review third parties for contractual compliance with CSR terms.
4. Identify and mitigate risks to help meet the CSR program objectives.

Question177: Which of the following best describes the Standards requirement for collective proficiency of the internal audit activity?

Question178: Which of the following skills is critical for assessing corporate social responsibility through a self-assessment?

Question179: A senior Internal auditor was hired Into a large Internal audit activity It was agreed upon hiring that the auditor would pursue professional development that would support her ability to take on the role of the head of Internal audit, Which of the following skills best supports this development goal?

Question180: Tre chiet audit executive (CAE) of large organization is preparing job descriptions to hire five new general internal audit staff, two new IT auditors and a senior auditer how is the CAE likely to describe IT requirements for me general internal audit statt positions?

Question181: In a small company with a small budget, the board and senior management asked the chief audit executive (CAE) to develop specific controls prompted by a new regulatory requirement affecting a specific process.
The CAE was also directed to report functionally to senior management. An audit engagement on this process was already set in the internal audit plan. Which of the following represents an impairment to the internal audit activity's independence?

Question182: An organization established 20 years ago has had its internal audit activity in place for the last three years.
Which of the following would allow the internal audit activity to accurately state that it is in conformance with the Standards'?

Question183: A newly hired chief audit executive is reviewing available documentation to provide evidence of conformance with the standard for continuing professional development. Which of the following documents is the most reliable source for this purpose?

Question184: Which of the following is part of a fraud detection program?

Question185: Which of the following best demonstrates conformance with the Standards regarding the internal audit activity's purpose authority, and responsibility?

Question186: According to MA guidance, which of the following statements is true regarding internal auditors' use of technology-based techniques?

Question187: Which of the following documents are internal auditors most likely to be asked to sign as a demonstration of due professional care?
A description of their job responsibilities,

Question188: The accounting department asked the chief audit executive (CAE) to perform a review of suspicious transactions The CAE was an accounting manager for the organization six months ago How should she respond to the request?

Question189: According to IIA guidance, which of the following is accurate regarding the chief audit executive's (CAE's) requirement to report the results of quality assessments?
1. The CAE must report the results of external assessments at least annually.
2. The CAE must report the results of ongoing monitoring at least annually.
3. The CAE must report the results of quality assessments to senior management.
4. The CAE must report the results of quality assessments to the board.

Question190: Which of the following actions best demonstrates an internal auditor exercising due professional care?

Question191: An internal auditor observed that sales staff are able to modify or cancel an order in the system prior to shipping* She wonders whether they can also modify orders after shipping. Which of the following types of controls should she examine?

Question192: According to IIA guidance, which of the following statements is true regarding mentoring programs designed to assist internal auditors with their professional development?

Question193: Which of the following scenarios violates The IIA's standard regarding internal audit independence?

Question194: A chief audit executive (CAE) recruited a few new internal auditors to reduce the resource gaps identified in this year's internal audit plan. One of the new recruits has several years of experience with the organization.
Ten months ago. she served as a senior supervisor in the finance department. However, for the past 10 months, she has been helping the organization with implementing a new IT system. What approach should the CAE take for the upcoming financial statement controls audit?

Question195: Which of the following is the primary engagement responsibility of an entry-level internal auditor?

Question196: Which of the following statements is true regarding internal controls?

Question197: Which of the following requests, if accepted by the internal audit activity, would impair its independence?

Question198: An internal audit activity is performing a governance engagement. Which of the following would provide the best evidence for an internal auditor when evaluating the organization's culture?

Question199: An internal auditor was offered expensive tickets to a sporting event by the manager of an area that she was currently auditing. The auditor politely declined. Which of the following fundamental principles of the MA Code of Ethics did she display?

Question200: Which of the following is the best reason why the engagement supervisor should take care in explaining to local management the criteria that will be used to measure the effectiveness of the control environment?

Question201: According to IIA guidance, the nature and scope of assurance and consulting services to be offered must be clearly delineated in which of the following internal audit documents?

Question202: Six months after an employee was transferred to the internal audit activity his former operating manager requested that he return to assist a project team with the evaluation of a new pricing module for the organization's online ordering system According to IIA guidance which of the following statements is true?

Question203: Which of the following is a control that is used mainly to check the integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a web- enabled application?

Question204: Which of the following would best preserve the organizational independence of the internal audit activity?

Question205: At what point in time can an organization conclude that the established organizational governance framework was correctly implemented?

Question206: The internal audit activity is responsible for conducting fraud investigations. A potential fraud instance was identified during an audit engagement. The chief audit executive appoints a lead investigator. Which of the following would most likely be the next step?

Question207: With regard to the internal audit activity's quality assurance and improvement program, which of the following topics would the chief audit executive include on the quarterly board meeting agenda?

Question208: Which of the following actions by an organization's board would potentially impair the internal audit activity's independence?

Question209: The chief audit executive (CAE) annually develops a budget and resource plan and submits it to the board for approval. This action best fulfills which of the following responsibilities of the CAE?

Question210: The internal audit activity audited an organization's risk management function multiple times, and the recommendations that were made remain unaddressed by the head of risk management. Which of the following would be the next step for the internal audit activity?

Question211: While preparing the audit plan for an automobile manufacturing company, the chief audit executive (CAE) noted that the company's engineering department received a high risk ranking. However, the internal audit activity is understaffed, and current staff do not possess the necessary skills to adequately assess the effectiveness of the engineering department. What is the most appropriate course of action for the CAE to take?

Question212: According to IIA guidance, which of the following actions is a chief audit executive required to take with regard to reporting the results of the quality assurance and improvement program?

Question213: According to IIA guidance, which of the following actions best demonstrates that due professional care has been considered by the internal audit activity when conducting a review of an organization's assets?

Question214: When beginning an engagement to assess the effectiveness of the organization's newly revamped risk management processes, which of the following should internal auditors review first?

Question215: Management is installing security cameras to identify unauthorized physical access to the organization's warehouse. This is an example of which of the following types of controls?

Question216: Management would like to self-assess the overall effectiveness of the controls in place for its 200-person manufacturing department. Which of the following client-facilitated approaches is likely to be the most efficient way to accomplish this objective?

Question217: Which of the following statements would typically be included in the responsibility section of the internal audit charter?

Question218: Operational management in the IT department has developed key performance indicator reports, which are reviewed in detail during monthly staff meetings. This activity is designed to prevent which of the following conditions?

Question219: Which of the following describes the internal audit activity's most appropriate role in an organization's risk management process?

Question220: A newly appointed chief audit executive (CAE) started analyzing the organization's policies in an attempt to customize them to address internal audit specifics. Which of the following organizationwide practices is most likely to be acceptable to the CAE?

Question221: What should the chief audit executive do when the internal audit activity is found to be in nonconformance with the Code of Ethics or the Standards?

Question222: Which of the following preventive controls would be most effective for organizations facing business disruptions and respective financial losses?

Question223: With regard to organizational governance assurance, which of the following is an appropriate role for the internal audit activity'?

Question224: Which of the following activities is most likely to require a fraud specialist to supplement the knowledge and skills of the internal audit activity?

Question225: To achieve conformance with the Standards, the chief audit executive must include which of the following activities in the quality assurance and improvement program (QAIP)?

Question226: Which of the following statements is true regarding organizational culture and an audit of the control environment?

Question227: Which of the following best demonstrates conformance with IIA standards related to continuing professional development?

Question228: A chief audit executive (CAE) was asked by senior management to establish and manage a risk management function. A new chief risk officer was hired a year later to assume these responsibilities. As this function was included in the current annual audit plan, the CAE engaged an external resource for a risk management engagement. Which of the following potential threats to objectivity was the CAE likely addressing?

Question229: An internal audit activity includes in its audit reports the assertion that its work is performed in conformance with the International Standards for the Professional Practice of Internal Auditing ( Standards). A recent external quality assessment concluded that the internal audit activity had substantial deficiencies that impact its overall operations.
According to IIA guidance, which of the following is the most appropriate action for issuing future audit reports?

Question230: Which of the following situations is most likely to threaten the independence of the internal audit activity?

Question231: Which of the following is a limitation of detective internal controls in fraud management?

Question232: The chief audit executive (CAE) decided to conduct a self-assessment with independent validation. Which of the following is the most likely reason the CAE selected this course of action?

Question233: Which of the following represents an example of an ethical issue that the organization should address'?

Question234: During an assurance engagement, an internal auditor identified that a developer of the organization's enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

Question235: Which of the following is a greater consideration for internal auditors when they are performing a consulting engagement than when they are performing an assurance engagement'?

Question236: Which of the following activities would breach the principles of The IIA's Code of Ethics?

Question237: A chief audit executive assigned an internal auditor to perform an assurance engagement. The auditor concluded with a major audit finding based on hearsay evidence Which of the following competencies did the auditor appear to be lacking?

Question238: Which of the following statements is true regarding the importance of risk management?

Question239: An internal auditor is performing testing to gather evidence regarding an organization's inventory account balance and is mindful of the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. The auditor's concern best describes which of the following risks?

Question240: The internal auditor of a small manufacturer noted that the accounting department has insufficient staff to achieve proper segregation of duties. What type of controls would the auditor likely recommend to management to specifically address this problem?

Question241: The internal audit activity plans to audit a supplier quality management process within the supply chain function. In what way is this assurance engagement similar to a typical consulting engagement?

Question242: Due to extreme liquid fuel price fluctuations, management decided to designate a specific price below which liquid fuel shall not be sold to customers, but instead shall be pumped into storage tanks. Which of the following risk responses has management selected?

Question243: The same internal auditor has audited the regional purchasing department annually for the last three years.
The audits have shown several significant control deficiencies that have not been corrected by management.
New management is in charge of this regional purchasing department, and it is time to audit the department again. What concerns should be considered prior to assigning the audit to the same auditor?

Question244: Which of the following must be in existence as a precondition to developing an effective system of internal controls?

Question245: An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment. According to the Standards, which of the following would the auditor include in the risk register?

Question246: An organization is considering purchasing a new banking software system and has asked the internal audit activity to evaluate the system. An internal auditor assigned to perform the engagement worked at the software company two years ago and is familiar with the system's design strengths and weaknesses. Which of the following is true regarding impairment to the auditor's objectivity?

Question247: The internal audit activity is asked to review the effectiveness of controls around the disposal of chemical waste. However, the internal auditors on staff lack the necessary skills to conduct this review. Which of the following would be the most appropriate approach?

Question248: Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework. According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

Question249: Which of the following principles of The IIA's Code of Ethics implies that internal auditors should refrain from performing assurance services when there is an impairment to audit independence that has not been declared?

Question250: At a conference, an interna! auditor presented a new computer-assisted audit technique developed by his organization. The presentation included sample data derived from performing audit engagements for the organization. Travel costs were paid by the conference organizers, and the trip was approved by the chief audit executive (CAE).
However, neither management nor the CAE was aware that the internal auditor would be making a presentation based on work completed for the organization. According to IIA guidance, which of the following statements is most relevant regarding the actions of the auditor?

Question251: A third-party provider's questionable labor practices have exposed the organization to reputational risks and regulatory risks. Which of the organization's risk management practices was most likely ineffective?

Question252: There is a growing perception that employees generally evade their responsibilities. What impact will an internal auditor most likely see during an engagement?

Question253: Which of the following items related to the quality assurance and improvement program should the chief audit executive report to the board?

Question254: An accounts payable clerk has recently transferred into the internal audit activity and has been assigned to an engagement related to accounts payable processes for which he was previously responsible. Which of the following is the best action for the new internal auditor to take?

Question255: An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?

Question256: A large commercial bank was fined by regulators for fraudulent practices when employees, over a period of time, opened thousands of new accounts for existing clients without the clients' consent. It was later found that employees were given unrealistic new account targets and were aggressively monitored by management on a daily basis.
Which of the following controls would have most likely reduced the likelihood of the fraudulent practice from occurring?

Question257: Internal audit is performing an engagement to determine whether there were indications of questionable bidding on a city s infrastructure project. As part of the engagement the internal audit activity became aware that certain firms tend to receive the contracts for large city projects. How should the internal audit activity proceed with the engagement and identify questionable bidding practices?

Question258: Which of the following strategies for professional development best demonstrates an internal auditor's competency'?

Question259: The chief audit executive (CAE) has hired a new internal auditor who was immediately assigned to a procurement function audit. Because the new auditor's name is similar to that of the procurement manager, some staff members think the two are related, although they are not. Which of the following actions is most appropriate for the CAE to take?

Question260: An internal auditor performed a risk assessment and concluded that the controls over access privileges to a bank account were appropriate. Later, the auditor learned that a contractor was using a shared password provided by an authorized user of the account. Which of the following statements best describes the auditor's application of due professional care?

Question261: Which of the following statements is true regarding electronic funds transfer (EFT)?

Question262: According to HA guidance, which of the following would best support the internal auditor's conclusion that the organization's risk management processes are effective?

Question263: The results of an assessment of the adequacy of controls would be considered incomplete or misleading unless the internal auditor considers which of the following?

Question264: Due to unfavorable economic conditions management decided to postpone new investments for the next year.
Which of the following best describes the risk management strategy used to address this situation?

Question265: An internal auditor was completely honest with operational management when delivering unfavorable audit results. Which of the following best describes the IIA Code of Ethics principle that the auditor demonstrated?

Question266: According to NA guidance, which of the following describes the primary reason to implement environmental and social safeguards within an organization?

Question267: Which of the following documents would promote objectivity within an organization's internal audit activity?

Question268: What is the best course of action when the internal audit activity does not have the knowledge necessary to perform a planned audit of the organization's new IT data backup process?

Question269: According to ISO 31000, which of the following statements is correct?

Question270: After being assigned to an audit of the accounts payable process, an internal auditor privately notifies the chief audit executive that she is a finalist for an open manager position within the accounts payable department. Which of the following is the IIA Code of Ethics principle that the auditor upheld?

Question271: Which combination of strategies would provide the best evaluation of the effectiveness of the organization's risk assessment activity?
1. Interview staff at various levels to discuss the organization's objectives, significant risks, and risk appetite.
2. Review board meeting minutes to determine whether the significant risks identified are communicated timely to the board.
3. Evaluate the adequacy and timeliness of management remediation actions by reviewing the control design, testing the controls, and reviewing monitoring procedures.
4. Review the professional development plans of internal audit staff to ensure all are competent to assess the organization's risk assessment activity.

Question272: The principle that "no action should be taken that may harm in some way the least fortunate people" is an expression of which of the following more general ethical principles?

Question273: The collaborating style for conflict resolution, where the parties promote assertiveness and work together to develop a mutually beneficial solution, is best used in which of the following situations?

Question274: Which of the following represents a deficiency in the control environment?

Question275: Upon joining the internal audit activity, each new auditor receives a copy of the audit handbook. Which of the following handbook policies has the greatest risk of compromising audit objectivity?

Question276: Which of the following actions is a chief audit executive most likely to take in order to identify gaps in the internal audit activity's knowledge, skills, and competencies?

Question277: Which of the following would be the most effective fraud prevention control?

Question278: In an environment where employees are frequently penalized for mistakes and the organizational culture is one of fear and blame which of the following is an internal auditor most likely to find?

Question279: Which of the following is an example of risk monitoring to ensure a system is performing as intended?

Question280: A newly hired internal auditor is most likely to need further education in the area of business acumen in which of the following situations?

Question281: Which of the following is the most appropriate reason for a chief audit executive to conduct an external assessment more frequently than five years?

Question282: Which of the following indicates that internal audit independence may be compromised?

Question283: According to IIA guidance which of the following statements is true regarding the internal audit charier?

Question284: Which of the following fraud schemes is often an off-book fraud*?

Question285: When performing an audit of the risk management process an auditor makes the observations listed below.
Which poses the greatest risk to the organization?

Question286: What is the main difference between a consulting engagement versus an assurance engagement?

Question287: To meet the resource requirements of this year's internal audit plan, the chief audit executive (CAE) has recruited additional staff auditors, including an employee who resigned as a senior supervisor from the accounts payable department two months ago. There is a scheduled accounts payable review that the CAE wants to start within the next five months. Which approach should the CAE take, knowing the expertise of his new recruit in the area intended to be audited?

Question288: According to IIA guidance, which of the following activities would typically be examined when using the maturity model approach for assessing an organization's risk management program?

Question289: Which of the following should a general internal auditor be able to characterize as an IT-related risk?

Question290: An organization's fraud policies and procedures dictate that the internal audit activity does not have primary responsibility for conducting fraud investigations and should, in fact, refrain from involvement in investigations. Which of the following activities would be considered acceptable for internal auditors to perform of this organization?

Question291: According to the IIA Code of Ethics, which of the following best describes the conduct of an internal auditor who demonstrates the principle of competency?

Question292: A chief audit executive ensures that the internal audit activity provides annual training to management on internal controls. Where is the nature of these services defined?

Question293: During a monthly internal audit staff meeting, the chief audit executive (CAE) decided to reinforce the importance of internal audit staff being objective in their work. Which of the following examples would be most appropriate for the CAE to include as part of the meeting presentation?

Question294: According to NA guidance which of the following should be documented in the internal audit chatter?

Question295: Which of the following is a detective control strategy against fraud?

Question296: The management at a national consumer goods organization implements a fair work and pay practice as well as a policy to treat employees equitably and consistently.
Which common characteristics of fraud will the practice and policy most likely reduce?

Question297: An audit engagement required that an internal auditor, using available tools, test a transaction population for a period The auditor decided to test a sample of transactions rather than the full population.
Results of the audit were reported as satisfactory to management. Subsequent to the audit report, fraud was discovered in the area audited and was found to include transactions that were in the relevant transaction population not tested by the auditor. The auditor later disclosed that he decided to test a sample because it was representative of the population and facilitated quicker testing. Which of the following skills below, if improved, would most likely have prevented this situation?

Question298: Once an organization's risks are identified, what would be the next step to ensure resources are properly allocated to manage those risks?

Question299: Which of the following circumstances would most likely be considered a potential red flag for fraud by the internal audit activity?

Question300: In an assurance engagement focused on the adequacy of organizationwide risk management practices, which of the following best describes a primary area of interest for the engagement?

Question301: Senior management purchased surveillance cameras and installed them over a door that provides entry to an area where according to a recent internal audit report, hazardous materials exist and there is a high risk of explosion Which type of control was implemented in this situation?

Question302: A senior executive at a government-owned organization received an invitation to attend a public exhibition where he can learn about new trucks relevant to the organization's business. As a special perk, the executive is offered an opportunity to drive a luxury vehicle manufactured by one of the exhibiting companies. Prior to the event, the executive asked for the chief audit executive s (CAE's) advice. What should the CAE recommend as the most appropriate course of action for the executive?

Question303: Which of the following statements best describes internal auditors' role in fraud detection?

Question304: At the beginning of an IT development project key risks were identified and assessed and risk owners were appointed Six months later the IT development team reported that the project Is significantly over budget, it will not be completed on time and key personnel had left the organization. Which of the following risk management practices should be improved for future projects?

Question305: Which of the following are considered root causes of fraud?

Question306: An engagement supervisor obtains facilities maintenance reports from a contractor during an audit of third-party services. Which of the following is the source of authority for the engagement supervisor to make such contact outside the organization?

Question307: An electric company hires several independent contractors to trim trees that are in close proximity to electricity lines. Which of the following would be the most effective control to mitigate the risk of contractors submitting fraudulent invoices regarding work completed?

Question308: The head of human resources notified the internal audit activity that a key account manager was fired because he did not register a large number of contracts with clients As a result the organization was unaware of its duties and would suffer some financial loss Which of the following should be expected from a competent internal auditor who is analyzing this situation?

Question309: The management team of an agricultural organization has prioritized corporate social responsibility (CSR) initiatives. Which of the following would be considered a CSR activity?

Question310: Which of the following scenarios best illustrates due professional care?

Question311: At a construction company, supervisors are entitled to bonus payments if there are no safety rule violations on their teams. There are several channels available for workers to report accidents and violations, and all reported violations are investigated. Bonus payment calculations are approved by managers and the head of safety. Which of the controls best addresses the risk that supervisors will conceal accidents on their teams in order to receive the bonus?

Question312: A business unit manager was impressed by the competence of the internal auditor who was conducting an assurance engagement in his area and the manager made the auditor an attractive job offer to begin after the audit was completed The auditor later told her auditor in charge that she was considering the offer. Which of the following IIA Code of Ethics principles was most likely violated?

Question313: The internal auditor obtained large volumes of transaction history data for accounts on which he suspected that some fraudulent transactions occurred. Which of the following actions best demonstrates due professional care by the internal auditor?

Question314: Which of the following is most likely to impair the internal audit activity's independence?

Question315: Which of the following risk management techniques best describes the strategy of obtaining insurance to protect against losses due to bad weather conditions?

Question316: The chief audit executive (CAE) of a large organization has been asked by the board to assume responsibility for risk management and compliance operations, both of which are distinct departments within the organization and are subject to periodic audits by the internal audit activity In regards to future audits of these functions which of the following approaches would be most appropriate?

Question317: Which of the following situations would cause the greatest concern regarding impairment of internal audit objectivity?

Question318: An internal audit team was assigned to review the organization's information security protocol After fieldwork was completed an internal auditor identified an error in the review of security access The error could affect the overall results of the engagement Which of the following is the most appropriate course of action for the internal auditor?

Question319: What is the primary purpose of The IIA's Code of Ethics?

Question320: Which of the following fundamental principles of The IIA's Code of Ethics is best described as performing work honestly diligently and responsibly?

Question321: An Internal auditor accepted a role as an engagement supervisor on a highly specialized and technical engagement for which she did not have the expertise. Which of the following fundamental principles of The IIA's Code of Ethics did she violate?

Question322: How should the internal audit activity promote continuous improvement of organizational controls?

Question323: Which statement accurately describes the authority of the internal audit activity as outlined in the audit charter?

Question324: According to IIA guidance, which of the following is necessary for internal auditors to comply with the requirements for proficiency?
1. Sufficient consideration of current activities, trends, and emerging issues to effectively carry out their professional responsibilities.
2. Ability to provide relevant advice and recommendations to management and the board.
3. Understanding of key IT risks and controls and the ability to identify fraud using technology-based audit techniques.
4. Knowledge, skills, and other competencies necessary to perform individual responsibilities during the engagement.

Question325: According to IIA guidance, which of the following is most critical to ensuring that an organization's risk management program remains effective over time?

Question326: A manufacturing organization's chief audit executive (CAE) was approached by the head of security from one of the manufacturer's third party suppliers The head of security requested internal audit records from a recent audit engagement involving the third-party supplier The head of security believed those records contained information that would enable to identify employees of the third-party supplier who may be involved m fraudulent activities What is the most appropriate course of action for the CAE?

Question327: An internal auditor is trying to evaluate what could go wrong after determining that a risk management technique is operating effectively. What type of risk is the auditor assessing?

Question328: Which of the following corporate social responsibility strategies is associated with responding to outside pressure by assuming additional responsibility?

Question329: Which of the following statements is true regarding control activities?

Question330: What is due professional care in internal audit? 4: Standard 1220 - Due Professional Care - The Institute of Internal Auditors or The IIA Which of the following scenarios most likely indicates that the organization is not managing risks effectively?

Question331: An internal auditor is reviewing the results of an employee survey at a mining company. Which of the following would alert the auditor to a potential ethics issue?

Question332: Which of the following is an example of impairment to internal auditor independence or objectivity'?

Question333: Regarding assurance and consulting services provided by the internal audit activity which of the following statements is correct?

Question334: Management has implemented a segregation-of-duties policy for handling inventory. Which of the following fraud risks would be more concerning to an internal auditor following the implementation of this new policy?

Question335: In which scenario might it be considered problematic for the chief audit executive (CAE) to provide assurance services over the payroll function?

Question336: An internal auditor has completed an assurance engagement Which of the following is most likely true regarding the engagement?

Question337: During a quality assessment of the internal audit activity an auditor is assessing whether the independence of the internal audit activity is at risk of being compromised. According to IIA guidance, which of the following would provide the best source of evidence for such an assessment?

Question338: An organization is testing a new IT system for digital data storage and security. The internal audit activity has been asked to evaluate the system in a consulting engagement. Although several internal auditors on staff are qualified to perform basic assessments of IT systems, none are familiar with the new system. Which of the following is a legitimate response to the prospective client?
1. Decline the engagement.
2. Proceed with the engagement, performing only those parts of the engagement that the internal auditors are qualified to perform.
3. Accept the engagement and develop the additional competencies in-house prior to the engagement's starting date.
4. Make arrangements to obtain assistance from a competent IT auditing expert.

Question339: Management of an area under review is aggressive, upset, and questioning the knowledge and experience of the organization's internal auditors, as the audit results highlight critical findings. The relationship between the internal audit activity and management has continued to degenerate. as previous audit reports also showed a large number of issues. What would be the best strategy for working through the current audit results while also attempting to repair the relationship with management?

Question340: The internal audit activity conducted an organization wide risk assessment. One of the most significant risks identified is associated with the oil price market. The chief audit executive (CAE) is considering including in the annual audit plan an assessment of the effectiveness of oil price risk management. The manager responsible commented that the assessment was not needed, as market risks were regularly addressed by the financial risk committee. If the CAE decides to include this activity in the annual audit plan anyway, how should it be recorded?

Question341: An organization employs ongoing monitoring and is considering implementing periodic evaluations to assess the continuing effectiveness of its risk management process. Which of the following statements Is true with regard to such periodic evaluations?

Question342: Which of the following approaches will internal audit utilize when developing a set of performance standards to measure an organization's risk management process against?

Question343: Which of the following is the best example of a risk appetite statement concerning an investment portfolio?

Question344: A chief audit executive (CAE) is concerned that the internal audit activity is not receiving adequate training and continuing education. Which of the following approaches should the CAE take?

Question345: According to IIA guidance, which of the following statements is true with regard to the chief audit executive's (CAE's) responsibility for conducting a self-assessment of the internal audit activity?
1 The CAE should select an independent reviewer or review team to perform sufficient tests of the self-assessment to validate the results
2 The CAE should validate results by engaging experienced audit professionals from a separate internal audit activity outside of the organization to reperform all of the tests conducted for the assessment
3. The CAE should select independent, nonaudit professionals who are knowledgeable about the organization and the industry in which it operates to assist with performing the self-assessment
4. The CAE may consider performing a self-assessment with independent external validation in Iieu of performing a full external assessment

Question346: Which of the following would be considered a violation of The HAfs mandatory guidance on independence?

Question347: According to IIA guidance, which of the following best demonstrates due professional care?

Question348: During an audit of company expenses, the internal auditor performed a test using data analytics and identified a violation of the company's expenses policy. The auditor who discovered the issue considered it a potential fraudulent transaction and informed the chief financial officer (CFO). The CFO dismissed the concern because he did not understand the data analytics test that was performed and the transaction was of a low value. Given this situation, which skills or competencies should this internal auditor seek to improve?

Question349: The board of directors of a global organization has found an increased number of reported cases of unethical practices since last year. To assist the board in gaining a better understanding of the degree of ethics awareness within the organization, which of the following actions should be undertaken?