Question1: The internal auditor's opinion in terms of due professional care should be:
Question2: While performing a follow-up of a concern about equipment-inventory tracking, which course of action is not necessary for the auditor to take?
Question3: In order to effectively elicit sensitive information from an employee during an audit engagement, an auditor should:
Question4: An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?

A)

B)

C)

D)
Question5: A code of business conduct should include which of the following to increase its deterrent effect?
1. Appropriate descriptions of penalties for misconduct.
2. A notification that code of conduct violations may lead to criminal prosecution.
3. A description of violations that injure the interests of the employer.
4. A list of employees covered by the code of conduct.
Question6: A payroll clerk enters payroll transactions into the general ledger. The staff accountant reconciles the payroll ledgers. The payroll manager issues the manual payroll checks. The checks are maintained in a locked cabinet. The chief financial officer secures the keys to the cabinet. The payroll clerk distributes the manual checks.
The payroll manager reconciles the bank statements monthly. Which of the following audit steps best addresses the risk of fraud in the payroll process?
Question7: Which of the following, if observed, would not indicate the need to extend the search for other indicators of fraud in a purchasing department?
Question8: During an operational audit of a chain of pizza delivery stores, an auditor determined that cold pizzas were causing customer dissatisfaction. A review of oven calibration records for the last six months revealed that adjustments were made on over 40 percent of the ovens. Based on this, the auditor:
Question9: Under what circumstances would internal audit not become involved when intentional misconduct is suspected?
Question10: A large investment organization hired a chief risk officer (CRO) to be responsible for the organization's risk management processes. Which of the following people should prioritize risks to be used for the audit plan?
Question11: The internal audit activity of an investment company received a request to provide assurance on the risk management process. Preliminary discussion with senior management revealed that separate functions within the organization perform some form of risk management activities. Which of the following is the most effective tool for ensuring that risk management activities are coordinated among these functions?
Question12: Which sampling plan requires no additional sampling once the first error is found?
Question13: Given the scarcity of internal audit resources, a chief audit executive (CAE) decides not to schedule a follow-up of audit recommendations when developing engagement work schedules. Why does the CAE's decision violate the Standards?
Question14: According to IIA guidance, which of the following strategies would add the least value to the achievement of the internal audit activity's (IAA's) objectives?
Question15: Which of the following is the best problem-solving technique to use when analyzing performance and cost?
Question16: During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?
Question17: The internal audit activity of an organization obtained approval to add a senior auditor to its staff. The chief audit executive, audit manager, and audit supervisor each will interview the candidates. According to the Standards, which of the following best explains the involvement of management in the interview process?
Question18: In addition to the internal auditor, which of the following parties should be present at an exit or closing conference?
1. Audit committee members.
2. The external auditor.
3. The management responsible for the areas covered by the engagement.
4. The chief executive officer.
Question19: According to IIA guidance, which of the following are benefits to the internal audit activity when conducting an assurance mapping exercise?
Question20: If an auditor expects to find numerous discrepancies between recorded values and audited values of sample selections, which sampling technique would be most appropriate?
Question21: Which of the following actions by management would reduce an employee's opportunity to commit fraud?
Question22: During the planning phase of an audit of the treasury function, an internal auditor conducted a risk assessment of the function in order to:
Question23: Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?
Question24: According to the International Professional Practices Framework, the responsibility for establishing and maintaining a system to monitor the disposition of results communicated to management falls upon:
Question25: Which of the following tasks would be considered unusual for planning a control self-assessment workshop?
Question26: The chief audit executive (CAE) of a new organization is in the process of determining the manner in which audit reports will be distributed and to whom. According to the Standards, which of the following is the most appropriate course of action for the CAE to take to develop this distribution process?
Question27: An internal auditor is conducting tests to determine if an organization is in compliance with its payment approval policies. After reviewing a sample of vouchers selected, the internal auditor concluded that there were indicators of fraud. Which of the following would be the most appropriate method to expand the audit test to achieve the audit objective?
I. Validate the completeness of the accounts payable files.
II. Examine the sample of vouchers in greater detail.
III. Increase the number of vouchers in the sample.
IV. Broaden the scope of the examination to include credits received by accounts payable.
Question28: An internal auditor has been assigned to facilitate a risk and control self-assessment for the finance group.
Which of the following is the most appropriate role that she should assume when facilitating the workshop?
Question29: The internal audit activity performs the following sequence of risk management activities: identification, analysis, and evaluation. According to IIA guidance, which of the following assurance approaches does this describe?
Question30: A chief audit executive agrees to conduct an engagement that will focus on customers' perceptions of the quality of the organization's products and services. Which of the following issues should be addressed first?
Question31: Which role is not considered a change agent when an organization wants to implement structural changes?
Question32: An internal auditor and engagement client are deadlocked over the auditor's differing opinion with management on the adequacy of access controls for a major system. Which of the following strategies would be the most helpful in resolving this dispute?
Question33: The internal audit activity's primary responsibility in a review or examination of the organization by an external regulatory body is to:
Question34: An internal auditor is planning an assurance engagement. The auditor first reviews the department's business objectives. What is the next step?
Question35: According to IIA guidance, which of the following are acceptable strategies for an internal audit activity (IAA) to establish or build relationships?
Question36: An auditor plans to analyze customer satisfaction, including: (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct?
Question37: Which of the following is the most common method management can use to manage risk within its risk appetite?
Question38: During the quarterly review of the internal audit activity's performance, the chief audit executive (CAE) notes that actual engagement hours consistently exceed the budget. Which of the following strategies would most likely help the CAE address this problem?
* The budget should consider time spent on similar engagements.
* The budget should consider the proficiency of the assigned auditors.
* The budget estimate should provide for unexpected delays.
* The budget should be specific as to time for each work assignment.
Question39: If an auditor used nonstatistical sampling instead of statistical sampling to estimate the value of inventory, which of the following would be true?
Question40: What is the primary factor that determines the depth and breadth of audit follow-up?
Question41: Which of the following is correct with respect to roles within an enterprise-wide risk management process?
1. The board provides oversight to the risk management process.
2. Executive management owns the risk management framework.
3. Senior management is assigned ownership of risks.
4. Internal audit modifies the risk assessment determined by management.
Question42: During an engagement, an internal auditor discovered that an organization's policy on delegation of authority listed six individuals who were no longer employed with the organization. In addition, four individuals acting with disbursement authority were not identified in the policy as having such authority.
Which of the following is the most effective course of action to address the control weakness?
Question43: An auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished goods inventory. The analysis would be potentially useful in:
I. Identifying products for which management has not been attuned to changes in market demand.
II. Identifying potential problems in purchasing activities.
III. Identifying obsolete inventory.
Question44: While developing a risk based audit plan, which of the following sources of information would provide the least value to the chief audit executive?
Question45: An internal auditor notices that a division has recorded uncharacteristically high sales and gross margins for the past three months and now suspects the division is reporting fictitious sales. Which course of action should the auditor follow to determine whether fraud has occurred?
Question46: Which of the following statements about internal audit's follow-up process is true?
Question47: According to the International Professional Practices Framework, which of the following is not an objective of the exit conference?
Question48: During a consulting engagement, an internal auditor identifies new risks which will impact the scope and sufficiency of the engagement audit plan. According to the Standards, the internal auditor should:
Question49: Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures?
Question50: An internal auditor is conducting an assessment of the purchasing department. She has worked the full amount of hours budgeted for the engagement; however, the audit objectives are not yet complete.
According to IIA guidance, which of the following are appropriate options available to the chief audit executive?
1. Allow the auditor to decide whether to extend the audit engagement.
2. Determine whether the work already completed is sufficient to conclude the engagement.
3. Provide the auditor feedback on areas of improvement for future engagements.
4. Provide the auditor with instructions and directions to complete the audit.
Question51: During an assurance engagement, an internal auditor noted that the time staff spent accessing customer information in large Excel spreadsheets could be reduced significantly through the use of macros. The auditor would like to train staff on how to use the macros. Which of the following is the most appropriate course of action for the internal auditor to take?
Question52: A bank is developing an integrated customer information system. The type of audit involvement that would most likely help avoid implementation of a system that does not cover all types of accounts would be:
Question53: Which of the following would be a red flag that indicates the possibility of inventory fraud?
I. The controller has assumed responsibility for approving all payments to certain vendors.
II. The controller has continuously delayed installation of a new accounts payable system, despite a corporate directive to implement it.
III. Sales commissions are not consistent with the organization's increased levels of sales.
IV. Payments to certain vendors are supported by copies of receiving memos, rather than originals.
Question54: Which of the following tests must an internal auditor perform in order to ensure that inbound electronic data interchange (EDI) transactions are received and translated accurately?
I. Computerized tests to assess transaction reasonableness and validity.
II. Review of log books to ensure that transactions are logged upon receipt.
III. Edit checks to identify unusual transactions.
IV. Verification of limitations on the authority of users to initiate specific EDI transactions.
Question55: What is the most likely source of information for a detailed schedule of a company's insurance policies in force?
Question56: New credit policies have been implemented in an automated order-entry system to improve the collection of receivables. Sales management has compiled several examples that show decreased sales and delayed order entry, and contends that these examples are a direct result of the new credit-policy constraints. Sales management's data and information provide.
Question57: According to the Standards, which of the following describes the condition attribute when applied to the observations and recommendations contained in the audit report?
Question58: According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program?
Question59: The chief audit executive established an internal audit activity (IAA) performance standard requiring all audit reports to be issued within 48 hours of the exit meeting with the client. Which of the following describes an exit meeting strategy that would best help the IAA meet this performance standard?
Question60: Due to a recent system upgrade, an audit is planned to test the payroll process. Which of the following audit objectives would be most important to prevent fraud?
Question61: Company A has a formal comprehensive corporate code of ethics while company B does not.
Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred?
I. Company A exhibits a higher standard of ethical behavior than does company B.
II. Company A has established objective criteria by which an employee's actions can be evaluated.
III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company.
Question62: The most common motivation for management fraud is the existence of:
Question63: An organization has a large number of vendors supplying goods to its various branches across the region.
The code of conduct statements signed by the employees specify that the employees or their families will not sell goods to the organization. However, during the internal audit of a branch, the internal auditor suspected that some of the employees may be supplying goods to the organization contrary to the code of conduct. The chief audit executive has requested that a thorough review be completed to identify the potential employee vendors. Of the following tests, it would be least useful to compare [List A] with [List B].
[List A]
[List B]
Question64: Which of the following is a weakness that is inherent in the use of the test data method to test internal controls in a computer-based accounting system?
Question65: The final internal audit report should be distributed to which of the following individuals?
Question66: Which of the following will be an appropriate course of action when an auditor disagrees with a client about a well-documented audit finding?
Question67: What does the following scatter gram suggest?
Question68: According to IIA guidance, which of the following would not be a consideration for the internal audit activity (IAA) when determining the need to follow-up on recommendations?
Question69: An appliance repair company is considering relocating the center that houses its service vehicles. An internal auditor wants to determine the potential reduction in average miles driven by the service vehicles if the center is relocated. Which of the following statistical sampling methods would be most appropriate for this test?
Question70: Which of the following factors is least essential to a successful control self-assessment workshop?
Question71: In a review of an electronic data interchange application using a third-party service provider, the auditor should:
I. Ensure encryption keys meet International Organization for Standardization (ISO) standards.
II. Determine whether an independent review of the service provider's operation has been conducted.
III. Verify that only public-switched data networks are used by the service provider.
IV. Verify that the service provider's contracts include necessary clauses, such as the right to audit.
Question72: An organization has an opening for an entry-level internal audit position. When interviewing for the position, which of the following is the least important skill for an entry-level internal auditor?
Question73: The chief audit executive (CAE) determined that based on management's oral response, the action taken regarding an audit observation was sufficient when weighted against the relative importance of the audit recommendation. Which of the following is the most appropriate step for the internal auditor to take next?
Question74: The chief audit executive's responsibility regarding control processes includes:
Question75: An audit engagement objective at a manufacturer is to determine the quality of raw materials purchased.
Which of the following actions would best enable an internal auditor to satisfy this objective?
Question76: Senior management of an organization has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by:
Question77: If observed during fieldwork by an internal auditor, which of the following activities is least important to communicate formally to the chief audit executive?
Question78: An auditor for a major retail company suspects that inventory fraud is occurring at three stores which have high costs of goods sold. Which of the following audit activities would provide the most persuasive evidence that fraud is occurring?
Question79: During an audit of a branch bank, an internal auditor learned that a series of system failures had resulted in a four-day delay in processing customers' scheduled payroll direct deposits. The first failure was that of a disk drive, followed by software and other minor failures. Which of the following controls should the auditor recommend to avoid similar delays in processing?
Question80: In response to an audit finding, senior management informed the auditor that the issue would be investigated and resolved when time permitted. According to the International Professional Practices Framework, this action was not acceptable because:
Question81: The most effective procedure to verify compliance with a requirement that materials be purchased from the lowest-priced source is to compare:
Question82: Which of the following is not a reason for an internal auditor to prepare an audit plan before the detailed audit work begins?
Question83: Which of the following statements is true?
Question84: An auditor is using an internal control questionnaire as part of a preliminary survey. Which of the following is the best reason for the auditor to interview management regarding the questionnaire responses?
Question85: An auditor receives anonymous information that fraud is occurring in the operation being audited, but no details are given as to the type of fraud or the individuals involved. There are several areas in which fraud could occur. The auditor should:
Question86: An internal auditor compares real-time gasoline production data to corresponding final gasoline production reports and finds minor but consistent daily discrepancies. If the auditor is concerned about theft, which of the following next steps is most consistent with IIA guidance?
Question87: According to the Standards, which of the following would have the least direct interest in the draft report of a compliance review of the purchasing function?
Question88: Inadequate risk assessment would have the strongest negative impact in which of the following phases of an audit engagement?
Question89: If an organization's chief audit executive wants to implement continuous auditing, what is the appropriate order in which key steps should be undertaken?
I. Identify business applications that require access.
II. Implement steps to continuously assess risks and controls.
III. Define objectives of continuous auditing.
IV. Manage and report results.
Question90: The chief risk officer (CRO) of a large manufacturing organization decided to facilitate a workshop for process managers and staff to identify opportunities for improving productivity and reducing defects. Which of the following is the most likely reason the CRO chose the workshop approach?
Question91: A chief audit executive (CAE) has decided to add an engagement to the current audit plan which will exceed available audit resources. Which of the following is the best course of action for the CAE to take?
Question92: Which of the following would be the most effective method to prevent installation of new equipment that does not meet environmental permit requirements, or to prevent modification of current processes in such a way that they no longer meet permit requirements?
Question93: Which of the following is not a direct benefit of control self-assessment (CSA)?
Question94: An auditor is performing a review of a complex process to identify opportunities to increase efficiency.
What is the most practical way to document the process to identify areas of inefficiency?
Question95: The chief audit executive (CAE) decided that based on management's oral response, the action taken on an audit observation for a minor improvement in the client's process is sufficient and no further follow-up is necessary. Which of the following would be the best statement regarding the action of the CAE?
Question96: What is the most important risk in determining the validity of construction delay claims?
Question97: The chief audit executive of a large publicly held bank is using a risk based approach to update the annual audit plan. Which of the following sources of information will have the least impact on the plan?
Question98: The best method for assessing the relative importance of risk factors is to:
Question99: Which of the following would most likely include recommendations for process improvements?
* Due diligence engagement.
* Forensic investigation.
* Internal audit engagement.
* Consulting engagement.
Question100: Which of the following would be an appropriate role of the internal audit function?
Question101: According to IIA guidance, which of the following strategies would be the least effective in helping a chief audit executive build a stronger relationship with the board?
Question102: While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?
* Meet with the auditor-in-charge.
* Discuss with senior management.
* Monitor the result of the accepted risk.
* Report the matter to the board.
Question103: Which of the following would have the least significance in an audit of the efficiency of a driver's license testing facility?
Question104: The chief audit executive (CAE) is adding a new audit position to the team. According to the International Professional Practices Framework, which of the following candidates would the CAE be least likely to accept for the position?
Question105: An organization has acquired a new line of business. None of the organization's internal auditors have the required expertise to perform an internal audit of the new business line; therefore, the chief audit executive (CAE) has contracted the services of an external audit firm to perform the engagement. The CAE has assigned a member of the internal audit team to assist the external team with the engagement. According to the Standards, which of the following statements is true regarding supervision of the engagement?
Question106: During a systems development audit, software developers indicated that all programs were moved from the development environment to the production environment and then tested in the production environment. What should the auditor recommend?
I. Implement a test environment to ensure that testing is not performed in the production environment.
II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production environment.
III. Eliminate access by developers to the production environment.
Question107: Which of the following best describes the most important criteria when assigning responsibility for specific tasks required in an audit engagement?
Question108: An internal auditor provided the following statement about division A's performance during the month:
"Because supplies of raw material X were scarce, division A's profits declined by 15 percent." Which of the following can be validly concluded from the auditor's statement?
I. Division A's production level declined by 15 percent.
II. Division A could have sold more products than it produced.
III. Division A usually sells all of the products that it produces.
Question109: The chief audit executive of a medium-sized financial institution is evaluating the staffing model of the internal audit activity (IAA). According to IIA guidance, which of the following are the most appropriate strategies to maximize the value of the current IAA resources?
* The annual audit plan should include audits that are consistent with the skills of the IAA.
* Audits of high-risk areas of the organization should be conducted by internal audit staff.
* External resources may be hired to provide subject-matter expertise but should be supervised.
* Auditors should develop their skills by being assigned to complex audits for learning opportunities.
Question110: The internal audit activity (IAA) wants to measure its performance related to the quality of audit recommendations. Which of the following client survey questions would best help the IAA meet this objective?
Question111: Which of the following is typically not a reason for committing financial statement fraud?
Question112: During a review of performance measures in an organization's purchasing function, the preliminary survey indicates that most of the measures have been in use for some time. The internal auditor should:
Question113: Which of the following is used to identify and prioritize critical business applications to determine those that must be restored and the order of restoration in the event that a disaster impairs information systems processing?
Question114: Which of the following performance criteria would be most useful when measuring the performance of a customer service desk?
Question115: Which of the following is not a primary reason for outsourcing a portion of the internal audit activity?
Question116: According to the Standards, which of the following best describes what must be agreed upon to establish an understanding with clients prior to starting a consulting engagement?
Question117: The following is an excerpt from an audit engagement workpaper:
A Company

Accounts Receivable

Date

Objective. To determine if the computer system is correctly recording all accounts receivable transactions.
Procedures: Judgmental selection of a sample of all accounts receivable balances greater than $50,000 for positive confirmation of balances.
Conclusion: Based on the results of testing wherein all but three confirmations were returned, the accounts receivable balance is fairly presented in all material respects.
Which of the following is true regarding the workpaper?
Question118: Which of the following audit procedures is most suitable for verifying that all sales transactions have been recorded?
Question119: Which of the following conditions are necessary for successful change management?
1. Decisions and necessary actions are taken promptly.
2. The traditions of the organization are respected.
3. Changes result in improvement or reform.
4. Internal and external communications are controlled.
Question120: According to IIA guidance, which of the following individuals should receive the final audit report on a compliance engagement for the organization's cash disbursements process?
Question121: Ordinarily, which of the following would not be an objective of an internal audit quality assurance review?
Question122: A code of ethics within the internal auditing profession is necessary in order to:
Question123: Which of the following is a responsibility of the internal auditor once a fraud investigation has been concluded?
Question124: According to the International Professional Practices Framework, the internal audit activity's decision to defer follow-up of recommendations and management's corrective actions until the next scheduled engagement for the area is justified when:
Question125: Which of the following might alert an auditor to the possibility of fraud in a division?
I. The division is not scheduled for an external audit this year.
II. Sales have increased by 10 percent.
III. A significant portion of management's compensation is directly tied to reported net income of the division.
Question126: A retail company uses a computer program that matches electronic vendor invoices with the applicable purchase orders and receiving information, which are also maintained electronically.
If an invoice does not match the other items within predefined ranges, a report is generated and sent to the accounts payable department for further investigation. All of the applicable documents are electronically marked, cross-referenced, and retained in open files. Both an integrated test facility and a systems control audit review file (SCARF) have been included in the system.
An auditor wants to determine the extent to which items are not matched at year end and to investigate the potential causes of the unmatched items. Which of the following audit procedures would be most effective in determining the items to investigate?
Question127: The internal auditor is asked to conduct an investigation involving a suspected fraud. According to the Standards, which of the following statements regarding the investigation process is false?
Question128: A chief audit executive (CAE) received a detailed internal report of senior management's internal control assessment. Which of the following subsequent actions by the CAE would provide the greatest assurance over management's assertions?
Question129: An internal auditor recommended that an organization implement computerized controls in its sales system in order to prevent sales representatives from executing contracts in excess of their delegated authority levels. A follow-up review found that the sales system had not been modified, but a process had been implemented to obtain written approval by the vice president of sales for all contracts in excess of $1 million. The chief audit executive (CAE) would be justified in reporting this situation to the organization's board if:
I. In the opinion of the CAE, the level of residual risk assumed by senior management is too high.
II. Testing of compliance with the new process finds that all new contracts in excess of $1 million have been approved by the vice president of sales.
III. The cost of modifying the sales system to include a preventive control is less than $100,000.
Question130: An organization does not have a formal risk management function. According to the Standards, which of the following are conditions where the internal audit activity (IAA) may provide risk management consulting?
1. There is a clear strategy and timeline to migrate risk management responsibility back to management.
2. The IAA has the final approval on any risk management decisions.
3. The IAA does not give objective assurance on any part of the risk management framework for which it is responsible.
4. The nature of services provided to the organization is documented in the internal audit charter.
Question131: An audit client responded to recommendations from a recent consulting engagement. The client indicated that several recommended process improvements would not be implemented. Which of the following actions should the internal audit activity take in response?
Question132: After completing a net present value (NPV) calculation on a proposed project, an analyst explores the change in NPV with changes in the interest rate. This additional analysis is referred to as:
Question133: During which of the following systems development stages would it be most useful for an internal auditor to be involved?
Question134: Which of the following processes real-transaction data through auditor-developed test programs?
Question135: Which of the following would be the most important reason for the chief audit executive (CAE) to use inputs from management strategy to update the audit universe?
Question136: According to the International Professional Practices Framework, which of the following statements is true regarding the use of the statement, "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing," when communicating results of a seven-year-old internal audit activity?
Question137: Access control software on an organization's mainframe computer records detailed information concerning both successful and unsuccessful log-on attempts to applications. Which of the following audit tools would be best suited to review the access information that has been recorded?
Question138: When interviewing an individual suspected of fraud, what type of questions would be asked after the introductory questions?
Question139: After becoming aware of control weaknesses indicating that a fraud could have been committed, which of the following actions should an internal auditor take next?
Question140: What type of analysis is performed when an auditor tests for unusual variations in information by comparing the number of employees working at a factory site with the direct cost of production each month over a period of one year?
Question141: If management expects 100 percent compliance with a procedure, which of the following sampling approaches would be most appropriate?
Question142: When internal auditors provide consulting services, the scope of the engagement is primarily determined by:
Question143: According to the Standards, which of the following is an attribute when applied to the observations and recommendations contained in the audit report?
Question144: An audit of an organization's claims department determined that a large number of duplicate payments had been issued due to problems in the claims processing system. During the exit conference, the vice president of the claims department informed the auditors that attempts to recover the duplicate payments would be initiated immediately and that the claims processing system would be enhanced within six months to correct the problems. Based on this response, the chief audit executive should:
Question145: Controls are implemented to:
Question146: An auditor-in-charge is preparing her audit team for a consulting engagement at one of the organization's foreign subsidiaries. According to the Standards, which of the following would not be a necessary step prior to beginning the engagement?
Question147: Which of the following methods would an auditor most likely use to document a complex sales order process?
Question148: Which of the following best describes the four components of a balanced scorecard?
Question149: According to IIA guidance, which of the following statements is false regarding a review of the controls in place to prevent fraud?
Question150: An organization contracted a third party to construct a new facility that was estimated to cost $25 million.
Which of the following is the most pertinent reason for the organization to audit the contractor's records?
Question151: New environmental regulations require the board to certify that the organization's reported pollutant emissions data is accurate. The chief audit executive (CAE) is planning an audit to provide assurance over the organization's compliance with the environmental regulations. Which of the following groups or individuals is most important for the CAE to consult to determine the scope of the audit?
Question152: A company used simple regression analysis to analyze maintenance costs against machine hours (MH) for a 26-week period when the plant was in full operation. The regression yielded the following estimated cost function:
Maintenance Cost = $60 + $0.25/MH
The regression analysis also generated a coefficient of determination (R2), or goodness of fit, of 0.85.
Which of the following statements regarding this regression analysis is appropriate?
Question153: A manufacturing process could create hazardous waste at several production stages, from raw materials handling to finished goods storage. If the objective of a pollution prevention audit engagement is to identify opportunities for minimizing waste, in what order should the following opportunities be considered?
I. Recycling and reuse.
II. Elimination at the source.
III. Energy conservation.
IV. Recovery as a usable product Treatment.
Question154: When constructing a staffing schedule for the internal audit activity (IAA), which of the following criteria are most important for the chief audit executive to consider for the effective use of audit resources?
1. The competency and qualifications of the audit staff for specific assignments.
2. The effectiveness of IAA staff performance measures.
3. The number of training hours received by staff auditors compared to the budget.
4. The geographical dispersion of audit staff across the organization.
Question155: The chief executive officer has requested that the chief audit executive (CAE) coordinate the establishment of an enterprise risk management (ERM) program for the organization. Which of the following would be the most appropriate action for the CAE?
Question156: Which of the following events would most likely cause the chief audit executive to consider changing the current year's audit plan?
1. The government announced that new regulatory requirements will be introduced in the coming years which may significantly impact the organization's primary product.
2. A major competitor unexpectedly introduced a new model at a lower price point to compete with the organization's market leading product.
3. The organization announced a new joint venture with a long time corporate partner to introduce a new product with development costs and sales beginning next fiscal year.
4. An equal joint venture partner filed a lawsuit against the organization and requested that the court issue an immediate suspension of future product shipments.
Question157: The most effective method of reporting engagement results to management and stimulating action is to:
Question158: Which of the following is true regarding roles and responsibilities in risk management processes?
Question159: Which of the following factors would not be considered in determining appropriate follow-up procedures?
Question160: An internal audit activity implemented an integrated test facility to test payroll processing. The auditors identified the key controls and processing steps built into the computer program and developed test data to test them. The auditors submitted test transactions throughout the year and did not find any differences in their test results. The auditors can conclude that:
Question161: Which of the following is a justifiable reason for omitting advance client notice when planning an audit engagement?
Question162: According to IIA guidance, which of the following is least likely to be a key financial control in an organization's accounts payable process?
Question163: When establishing a quality assurance and improvement program, the chief audit executive should ensure the program is designed to accomplish which of the following objectives?
1. Add value.
2. Improve operations.
3. Provide assurance that the internal audit activity conforms with the Standards.
4. Provide assurance that the internal audit activity conforms with the IIA Code of Ethics.
Question164: An internal auditor is conducting a review of the procurement function and uncovers a potential conflict of interest between the chief operating officer and a significant supplier of IT software development services.
Which of the following actions is most appropriate for the internal auditor to take?
Question165: An internal auditor is conducting an assessment of the organization's fraud controls. Which of the following would not be considered a preventive control?
1. Daily report that identifies unsuccessful system log-in attempts.
2. Weekly management communication with tips on identifying possible fraud.
3. E-mail alert sent to management for checks issued over $100,000.00.
4. New hire training to explain fraud and employee misconduct.
Question166: The chief audit executive (CAE) of an organization has established an internal audit activity (IAA) quality assessment program. According to IIA guidance, which of the following would be part of this program?
Question167: The chief audit executive (CAE) notes that management has adopted the option of not taking action on an audit issue involving a sizeable risk which has been accepted in the past. Which would be an appropriate action by the CAE?
Question168: Which of the following actions has the least influence on the chief audit executive's development of an audit plan?
Question169: An audit of a company's accounts payable found that the individuals responsible for maintaining the vendor master file could also enter vendor invoices into the accounts payable system. During the exit conference, management agreed to correct this problem. When performing a follow-up engagement of accounts payable, the auditor should expect to find that management has:
Question170: The chief audit executive (CAE) manages a large internal audit activity (IAA) reporting functionally to the audit committee and administratively to the chief risk officer. During the CAE's recent unplanned medical leave, several internal audit reports were completed and waiting for CAE approval, however, no formal delegation of authority was in place to anticipate this situation. In order to preserve the independence of the IAA, which of the following would be the most appropriate individual to review and approve these reports during the CAE's absence?
Question171: According to IIA guidance, organizations have the most influence on which element of fraud?
Question172: According to IIA guidance, which of the following statements best justifies a chief audit executive's request for external consultants to complement internal audit activity (IAA) resources?
Question173: Which of the following would provide the best evidence of compliance with an airline's standard of having aircraft refueled and cleaned within a specified time of arrival at an airport?
Question174: The following are potential sources of evidence regarding the effectiveness of a division's total quality management program. The least persuasive evidence would be a comparison of:
Question175: Which of the following files, when compared with billing records, would provide the best source of information for determining if all goods shipped are billed to customers?
Question176: Which of the following is the primary reason the chief audit executive should consider the organization's strategic plans when developing the annual audit plan?
Question177: Which characteristic of risk assessment makes it a useful tool for audit planning?
Question178: Which of the following must an auditor establish in order to demonstrate that fraud has occurred?
Question179: Which of the following is not relevant when developing recommendations for inclusion in audit reports?
Question180: A report prepared by the internal audit activity contains several observations that disclose proprietary information regarding the organization's manufacturing process. According to the International Professional Practices Framework, which of the following is the appropriate treatment for this report?
Question181: An internal auditor is evaluating controls over the purchasing function. The function includes the material control department, the purchasing department, and the receiving department. Which of the following is true regarding the presentation of the process flow among the three departments?
Question182: An auditor evaluating excessive product rejection rates should investigate:
I. Communication between sales and production departments on sales returns.
II. Volume of product sales year-to-date in comparison to prior year-to-date.
III. Changes in credit ratings of customers versus sales to those customers.
IV. Detailed product scrap accounts and accumulations.
Question183: According to IIA guidance,when performing a compliance audit of data security standards for a large e- commerce retailer, which of the following would represent the least likely area of risk exposure?
Question184: According to IIA guidance, which of the following is true regarding the exit conference for an internal audit engagement?
Question185: Which of the following situations would justify the removal of a finding from the final audit report?
Question186: An internal auditor is reviewing purchases made through the organization's corporate credit card program.
Which of the following statements best describes a root cause of a deficiency?
Question187: An organization's internal audit plan includes a recurring assurance review of the human resources (HR) department. Which of the following statements is true regarding preliminary communication between the auditor in charge (AIC) and the HR department?
1. The AIC should notify HR management when the draft audit plan is being developed, as a courtesy.
2. The AIC should notify HR management before the planning stage begins.
3. The AIC should schedule formal status meetings with HR management at the start of the engagement.
4. The AIC should finalize the scope of the engagement before communicating with HR management.
Question188: According to IIA guidance, which of the following statements is true regarding the authority of the chief audit executive (CAE) to release previous audit reports to outside parties?
Question189: Which of the following statements is not true about the oversight and review of working papers by the chief audit executive (CAE)?
Question190: During an audit of an ethics program, which of the following procedures are most appropriate to evaluate the effectiveness of the program?
* Testing whether corrective actions taken on involved parties breaching the ethics program are adequate.
* Testing whether all employees are mandated through policy to comply with the ethics program.
* Testing whether all employees are required to confirm in writing their compliance with the ethics program.
* Testing through surveys employee's level of understanding and commitment to the ethics program.
Question191: An internal auditor notes that employees continue to violate segregation-of-duty controls in several areas of the finance department, despite previous audit recommendations. Which of the following recommendations is the most appropriate to address this concern?
Question192: Which of the following statements is true regarding the communication of audit engagement observations?
Question193: According to the International Professional Practices Framework, which of the following is correct regarding conducting and reporting follow-up activities by the internal audit activity (IAA)?
Question194: In which of the following situations would it be most appropriate to employ the services of a forensic specialist?
Question195: According to IIA guidance, which of the following are potential benefits of using an assurance map?
Question196: Which of the following does not represent a difficulty in using red flags as fraud indicators?
Question197: Which of the following conditions should a chief audit executive take into account when deciding if a follow- up audit engagement is necessary?
* The reported observations were significant and high risk.
* Internal audit resources and the time it will require for follow-up.
* Management may not have the resources to take action.
* Management has previously decided not to take any action.
Question198: An internal auditor for a financial institution has just completed an audit of loan processing. Of the 81 loans approved by the loan committee, the auditor found seven loans which exceeded the approved amount.
Which of the following actions would be inappropriate on the part of the auditor?
Question199: Which of the following would be a legitimate action for the internal auditor to take when monitoring audit engagement results?
1. Disregard a certain risk because management and the board accepted the risk in the past.
2. Abdicate the responsibility for a particular risk because it is not part of the audit plan.
3. Obtain agreement from senior management that unresolved audit issues will be reported to the board.
Request corrective action from management in writing.
Question200: According to IIA guidance, which of the following is true when the internal audit activity is asked to investigate potential ethics violations in a foreign subsidiary?
Question201: Why should internal auditors develop a strong relationship with the external auditors?
Question202: An organization has adopted an enterprise-wide risk management process and has appointed a chief risk officer (CRO) to manage the process. The board has requested that the audit committee have oversight over the risk management function. Which of the following statements is not true regarding this situation?
Question203: As a result of a recent discovery of false information on employment applications, an internal auditor has reviewed hiring procedures. Which of the following represents a weakness in the control system?
I. Applicants are not required to have their signed applications legally authenticated.
II. Applicants' educational information is not validated with the educational institution before employment is offered.
III. Information related to applicants' long-term work history is not validated before employment is offered.
Question204: Which of the following is not a primary purpose for conducting a walk-through during the initial stages of an assurance engagement?
Question205: Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
Question206: According to the Standards, which of the following objectives is not required to ensure the appropriate completion of an engagement?
Question207: Which of the following is a red flag associated with improper asset valuation?
Question208: During the audit of a large decentralized supply chain function, the chief audit executive (CAE) receives serious allegations of fraud concerning the vice president responsible for this function. The CAE engages a third party to provide forensic audit services and lead the investigation portion of the engagement. As part of this team, which of the following would be an appropriate role for the investigator?
1. Authenticate the original approval signatures on contracts.
2. Interview personnel to understand the supply chain processes.
3. Provide certified copies of relevant original documents for the audit file.
4. Identify variances in pixels on original electronic documents.
Question209: An internal auditor has been assigned to perform a quality audit on a manufacturing plant. Which course of action should the auditor perform first?
Question210: The internal auditor of a bank has developed a multiple regression model which has been used for a number of years to estimate the amount of interest income from commercial loans. During the current year, the auditor applies the model and discovers that the R2 value has decreased dramatically, but that the model otherwise seems to be working correctly. Which of the following conclusions is justified by the change?
Question211: Which of the following examples of audit evidence is the most persuasive?
Question212: Which of the following should be included in a privacy audit engagement?
1. Assess the appropriateness of the information gathered.
2. Review the methods used to collect information.
3. Consider whether the information collected is in compliance with applicable laws.
4. Determine how the information is stored.
Question213: A post-audit questionnaire sent to audit clients is an effective mechanism for:
Question214: According to the Standards, which of the following would least likely be considered a red flag when evaluating the risk for fraud?
Question215: Which of the following statements is true?
Question216: Which of the following statements is correct regarding the assessment of risk in the annual audit planning process?
1. Activities requested by management should be considered higher risk than those requested by the audit committee.
2. Activities with lower budgets can be as high risk as those with higher budgets.
3. The potential financial or adverse exposure should always be considered in the assessment of risk.
Question217: A performance audit engagement typically involves:
Question218: An audit of customer accounts receivable found that outstanding receivables as a percentage of revenue had increased significantly during the past two years. The increase was attributed to the extension of credit, at the urging of the marketing department, to a number of companies that were not credit worthy.
Which of the following would be least useful in monitoring the disposition of this finding?
Question219: Recommendations should be included in the audit report in order to:
Question220: Checklists used to assess audit risk have been criticized for all of the following reasons except:
Question221: Production managers for a manufacturing company are authorized to prepare emergency purchase orders for raw materials. These manually prepared orders do not go through the purchasing department and do not require a receiving report. The managers forward the invoice and purchase order to the accounting department for payment. Which of the following internal controls would efficiently prevent abuse of this system?
Question222: Which two of the following considerations must an internal auditor take into account while planning an audit of an accounting system/application that has been in use for the last five years?
* The level and manner of linkages between the business' mission, objectives, and structure and the accounting system/application.
* Presence or absence of computerized and manual controls that address risks.
* Identification of risks at the application level, e.g. availability and security of the system.
* Testing of the system/application for bugs and errors.
Question223: Which of the following tasks is typically performed in the analysis phase of a benchmarking consulting engagement?
Question224: Which of the following trends found on financial reports would most likely indicate a possible problem?
Question225: During an interview with a manager in a company's claims department, an auditor noted that the manager became nervous and changed the subject whenever the auditor raised questions about certain types of claims. The manager's answers were consistent with company policies and procedures. When documenting the interview, the auditor should:
Question226: Which of the following has the greatest effect on the efficiency of an audit?
Question227: Which of the following types of sampling techniques should an internal auditor use when testing the effectiveness of internal controls?
Question228: The efficiency of internal audit operations is best enhanced if workpaper standards:
Question229: After issuance of the engagement final communication for an audit of an organization's accounts payable function, which of the following should be sent satisfaction surveys?
I. Manager of disbursements.
II. Controller.
III. Chief operating officer.
IV. Audit committee members.
Question230: Audit supervision includes approval of the engagement report in order to ensure that:
Question231: A chief audit executive (CAE) of a major retailer has engaged an independent firm of information security specialists to perform specialized internal audit activities. The CAE can rely on the specialists' work only if it is:
Question232: Due to the expanded role of internal audit in the organization, the chief audit executive (CAE) of a construction company decides to employ the services of an outsourced audit service provider to augment the internal audit staff. What does the CAE need to consider in determining whether the outsourced audit service provider possesses the necessary knowledge, skills and other competencies to perform an audit engagement?
Question233: Which of the following factors would the auditor in charge be least likely to consider when assigning tasks to audit team members for an engagement?
Question234: An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?
Question235: According to IIA guidance, which of the following procedures would be least effective in managing the risk of payroll fraud?
Question236: Which of the following is an effective approach for internal auditors to take to improve collaboration with audit clients during an engagement?
1. Obtain control concerns from the client before the audit begins so the internal auditor can tailor the scope accordingly.
2. Discuss the engagement plan with the client so the client can understand the reasoning behind the approach.
3. Review test criteria and procedures where the client expresses concerns about the type of tests to be conducted.
4. Provide all observations at the end of the audit to ensure the client is in agreement with the facts before publishing the report.
Question237: Which of the following would be the least desirable criteria against which to judge current operations of an organization's treasury function?
Question238: Which of the following is an advantage of control self-assessment (CSA) over conventional auditing techniques?
Question239: While conducting a payroll audit, an internal auditor in a large government organization found inadequate segregation in the duties assigned to the assistant director of personnel. When the auditor explained the risk of fraud, the assistant director became upset, terminated the interview, and threatened to sue the organization for defamation of character if the audit engagement was not curtailed. The auditor discussed the situation with the chief audit executive (CAE). The CAE should then:
Question240: Which of the following situations might allow an employee to steal checks sent to an organization and subsequently cash them?
Question241: Which of the following behaviors could represent a significant ethical risk if exhibited by an organization's board?
1. Intervening during an audit involving ethical wrongdoing.
2. Discussing periodic reports of ethical breaches.
3. Authorizing an investigation of an unsafe product.
4. Negotiating a settlement of an employee claim for personal damages.
Question242: Which of the following components should be included in an audit finding?
1. The scope of the audit.
2. The standard(s) used by the auditor to make the evaluation.
3. The engagement's objectives.
4. The factual evidence that the internal auditor found in the course of the examination.
Question243: According to the International Professional Practices Framework, which of the following statements is correct regarding the communication of audit results?
I. Summary reports may be issued separately from or in conjunction with the final report.
II. Interim reports may be written or oral.
III. Detailed reports should always be issued to the audit committee.
IV. Interim reports should be used to communicate information which requires immediate attention.
Question244: Which of the following is a preventive control for fraud?
Question245: The most effective way for internal auditors to enhance the reliability of computerized financial and operating information is by:
Question246: An internal auditor has just undertaken an organization-wide risk assessment. In identifying potential audit engagements, the internal auditor should consider least:
Question247: An organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, and other similar information. The internal auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to:
Question248: A large retail organization, which sells most of its products online, experiences a computer hacking incident. The chief IT officer immediately investigates the incident and concludes that the attempt was not successful. The chief audit executive (CAE) learns of the attack in a casual conversation with an IT auditor.
Which of the following actions should the CAE take?
1. Meet with the chief IT officer to discuss the report and control improvements that will be implemented as a result of the security breach, if any.
2. Immediately inform the chair of the audit committee of the security breach, because thus far only the chief IT officer is aware of the incident.
3. Meet with the IT auditor to develop an appropriate audit program to review the organization's Internet- based sales process and key controls.
4. Include the incident in the next quarterly report to the audit committee.
Question249: An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between 6 and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. What is the most appropriate course of action for the chief audit executive to take?
Question250: Which of the following is a red flag associated with fictitious revenues?
Question251: Which of the following audit steps would be most effective to review proper recording of and accountability over physical assets?
I. Physically inspect all assets on the organization's property.
II. Select a sample department and physically inspect assets in the department.
III. Select a sample from the organization's records of physical assets and physically locate each asset.
IV. Identify assets at a sample of locations and trace to the organization's records.
Question252: A limitation of using ratio analysis in an audit engagement is that it:
Question253: In preparing to facilitate a control self-assessment session, an auditor would be least likely to ensure that:
Question254: Cross-referencing individual payroll time cards to personnel department records and reports would allow an internal auditor to determine whether:
Question255: A governmental auditor was assigned to determine reasons why the students in one region scored significantly higher on education evaluation tests than did the students in another region. Previous research showed that there is a direct correlation between public financial support and student results.
Which of the following is most likely to explain the difference in the regional results?
Question256: During an audit of the accounts receivable (AR) process, an internal auditor noted that reconciliations are still not performed regularly by the AR staff, a recommendation that was made following a previous audit.
Monitoring by the financial reporting function has failed to detect the shortcoming. Both the financial reporting function and AR report to the controller, who is responsible for implementing action plans. Which of the following supports the internal auditor's decision to combine both observations into one reported finding?
Question257: In a payroll audit, a staff auditor suspects that signatures on some of the documents being sampled for examination are not authentic. What action should the auditor take before proceeding with the examination?
Question258: Which of the following is not true regarding the management of internal audit resources?
Question259: According to IIA guidance, which of the following activities is most likely to enhance stakeholders' perception of the value the internal audit activity (IAA) adds to the organization?
1. The IAA uses computer-assisted audit techniques and IT applications.
2. The IAA uses a consistent risk-based approach in both its planning and engagement execution.
3. The IAA demonstrates the ability to build strong and constructive relationships with audit clients.
4. The IAA frequently is involved in various project teams and task forces in an advisory capacity.
Question260: Which of the following is not an outcome of control self-assessment?
Question261: Which of the following is the most appropriate step for the chief audit executive to take in order to avoid defamation of character of the principal suspect in a fraud investigation?
Question262: When developing the scope of an audit engagement, which of the following would the internal auditor typically not need to consider?
Question263: The chief audit executive (CAE) of a small internal audit activity (IAA) plans to test conformance with the Standards through a quality assurance review. According to the Standards, which of the following are acceptable practice for this review?
1. Use an external service provider.
2. Conduct a self-assessment with independent validation.
3. Arrange for a review by qualified employees outside of the IAA.
4. Arrange for reciprocal peer review with another CAE.
Question264: Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?
Question265: Which of the following techniques could be used to evaluate the effectiveness of changes to the operation of a computer help line?
Question266: An internal auditor noticed that employees with responsibilities for cash collection had recently issued an unusually large number of credit memos, indicating that the original charges had been made to the wrong customer accounts. From a control standpoint, the auditor would be concerned with the possibility that:
Question267: Which of the following situations would best support the decision of a chief audit executive (CAE) to defer follow-up activity at a branch office until the next audit engagement?
Question268: A code of business conduct provides:
Question269: Once an audit report is drafted, the auditor's supervisor should review it primarily to ensure that all:
Question270: Which of the following is the primary purpose of financial statement audit engagements?
Question271: During an audit of executive travel, an auditor noted that the president's travel expense reimbursements were approved by an executive secretary who reported to the president. The organization's reimbursement policy requires all travel expense reimbursements to be approved by the traveler's supervisor, but it does not address the president's reimbursements. Which of the following represents the auditor's best recommendation in this situation?
Question272: Which of the following is an advantage of an interim report?
I. An interim report provides timely feedback to the audit engagement client.
II. An interim report provides a mechanism for communicating information on red flags promptly while they are being investigated.
III. An interim report provides an opportunity for auditor follow-up of findings before the engagement is completed.
IV. An interim report increases the probability that corrective action will be initiated more quickly.
Question273: When forming an opinion on the adequacy of management's systems of internal control, which of the following findings would provide the most reliable assurance to the chief audit executive?
* During an audit of the hiring process in a law firm, it was discovered that potential employees' credentials were not always confirmed sufficiently. This process remained unchanged at the following audit.
* During an audit of the accounts payable department, auditors calculated that two percent of accounts were paid past due. This condition persisted at a follow up audit.
* During an audit of the vehicle fleet of a rental agency, it was determined that at any given time, eight percent of the vehicles were not operational. During the next audit, this figure had increased.
* During an audit of the cash handling process in a casino, internal audit discovered control deficiencies in the transfer process between the slot machines and the cash counting area. It was corrected immediately.
Question274: Which of the following data collection strategies systematically tests the effects of various factors on an outcome?
Question275: A draft internal audit report that cites deficient conditions generally should be reviewed with which of the following groups?
1. The client manager and her superior.
2. Anyone who may object to the report's validity.
3. Anyone required to take action.
4. The same individuals who receive the final report.
Question276: The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?
Question277: Management has asked the internal audit activity to perform an operational audit of a division that recently reported an increase in expenditures in addition to a decrease in profits. However, existing internal audit resources are currently engaged in a legal compliance audit. Which factor would be considered least important in deciding whether resources should be removed from the legal compliance audit to the operational audit?
Question278: An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval.
Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?
Question279: Which of the following is an advantage to using the questionnaire approach when conducting risk and control self assessments?
Question280: One method for dealing with the uncertainty of demand forecasts used in linear programming is to extend the model solution to include.
Question281: An internal control questionnaire would be most appropriate in which of the following situations?
Question282: According to the Standards, which of the following is least important in determining the adequacy of an annual audit plan?
Question283: Which of the following factors should a chief audit executive consider when determining the audit universe?
1. Components of the organization's strategic plan.
2. Inputs from senior management and the board.
3. Views of competitors and business associates.
4. Results of exit interviews with departing employees.
Question284: In evaluating the validity of different types of audit evidence, which of the following conclusions is not correct?
Question285: An internal auditor for a large telecommunications organization identified potential risk factors related to a planned billing system conversion. Which of the following risk factors would present the least potential exposure to the organization?
Question286: Which of the following is least likely to help ensure that risk is considered in a work program?
Question287: When establishing the internal audit activity's annual plan, which of the following would be the best source of potential audit engagement topics?
Question288: Which of the following would be the least important reason for a company to merge with another company?
Question289: An internal auditor determines that certain information from the engagement results is not appropriate for disclosure to all report recipients because it is privileged. In this situation, which of the following actions would be most appropriate?
Question290: A company's policy requires that all customers be treated in a fair and consistent manner. Which of the following audit procedures would provide the most persuasive evidence that the policy was followed?
Question291: A chief audit executive has noticed that staff auditors are presenting more oral reports to supplement written reports. The best reason for the increased use of oral reports is that they:
Question292: Which of the following is true of engagement recommendations?
I. Specific suggestions for implementation must be included.
II. The internal auditor's observations and conclusions may serve as the basis.
III. Actions to correct existing conditions or improve operations may be included.
IV. Approaches to correcting or enhancing performance may be suggested.
Question293: An internal auditor was assigned to conduct an inventory control and stock room area engagement. During the audit, the auditor observed that there were some items that have a shelf life expiration date requirement based on a certificate of conformance received with the product. The certificates of conformance are kept on file in the inventory area office and the expiration date is verified at the time the item is taken from stock. The auditor reviewed the items in the stock room and also on the production floor for the expiration dates to see if there was any expired product. All items with a shelf life requirement were found to be within the expiration date requirement. Which of the following recommendations would be appropriate?
Question294: Which of the following factors would increase the confidence level in a variables sampling plan?
I. A larger sample size.
II. A stratified sample.
III. A larger standard deviation.
Question295: An internal audit activity is participating in the due diligence work for an acquisition that a company is considering. One engagement objective is to determine if the acquisition's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?
Question296: A retail sales company has discontinued a product that normally sold for $100. During the first month of a sale of the product, a 20 percent discount was given. Later that sale price was reduced by an additional 40 percent. What was the overall discount from the original selling price?
Question297: Which of the following would not be an appropriate step for an internal auditor to perform during an assessment of compliance with an organization's privacy policy?
Question298: During an engagement the internal auditors reported that the organization was paying suppliers without receiving the merchandise. Management responded that it would immediately establish the use of receiving reports. As part of the follow-up activity, which of the following procedures would be the most appropriate in determining that management action was implemented?
Question299: Productivity statistics are provided quarterly to a company's board of directors. An auditor checked the ratios and other statistics in the four most recent reports. The auditor used scratch paper and copies of the board reports to verify the accuracy of computations and compared the data used in the computations with supporting documents. The auditor wrote a note describing this work for the workpapers and then discarded the scratch paper and report copies. The auditor's note stated.
"The ratios and other statistics in the quarterly board reports were checked for the last four quarters, and appropriate supporting documents were examined. All amounts appear to be appropriate." In this situation:
Question300: According to IIA guidance, which of the following are the most important objectives for helping to ensure the appropriate completion of an engagement?
1. Coordinate audit team members to ensure the efficient execution of all engagement procedures.
2. Confirm engagement workpapers properly support the observations, recommendations, and conclusions.
3. Provide structured learning opportunities for engagement auditors when possible.
4. Ensure engagement objectives are reviewed for satisfactory achievement and are documented properly.
Question301: When determining the nature, timing, and extent of follow up, the chief audit executive considers all of the following factors except:
Question302: At the conclusion of an audit of an organization's treasury department, a report was issued to the treasurer, chief financial officer, president, and board. Because of the sensitivity of some findings, a follow-up review was performed. The auditor should provide the report of follow-up findings to the:
I. Treasurer.
II. Chief financial officer.
III. President.
IV. Board.
Question303: Which of the following is the best approach for obtaining feedback from engagement clients regarding the quality of internal audit work?
Question304: An internal audit manager is supervising an engagement. A senior auditor deviates from the approved engagement plan but meets all deadlines in the approved time schedule. Which activity is not required for the audit manager to provide proper engagement supervision?
Question305: The chief audit executive (CAE) of a multinational entity with highly automated and complex operations has just completed the update of the risk-based audit plan. Interviews with management revealed the introduction of new technology and a significant increase in both the number and severity of technology- based risk exposures. According to the International Professional Practices Framework, which of the following would be the best course of action for the CAE to undertake next?
Question306: A fast-food company is developing a computer simulation involving arrival time at a drive-through restaurant. The distribution for arrival times is:
Time
Single-Digit Random
Between Arrivals
Probability
Number Assigned
1 minute
0.1
0
2 minutes
0.2
1, 2
3 minutes
0.3
3, 4, 5
4 minutes
0.4
6, 7, 8, 9
Six random numbers are selected to represent the arrival of six cars: 1, 6, 9, 0, 5, 6. The mean time between arrivals for these cars, in this run of the simulation model, is:
Question307: An employee in the sales department completes a purchase requisition and forwards it to the purchaser.
The purchaser places competitive bids and orders the requested items using approved purchase orders.
When the employee receives the ordered items, she forwards the packing slips to the accounts payable department. The invoice for the ordered items is sent directly to the sales department, and an administrative assistant in the sales department forwards the invoices to the accounts payable department for payment. Which of the following audit steps best addresses the risk of fraud in the cash receipts process?
Question308: Which of the following would provide the greatest assurance of the accuracy of a computer program's computation of freight charges for catalog sales?
Question309: A consumer electronics company is considering acquiring a small flash memory manufacturer. An internal auditor has been assigned to determine if the manufacturer's accounts payable contain all outstanding liabilities. Which audit procedure is not relevant for this objective?
Question310: Information gathered in a forensic investigation of business fraud is usually gathered with which of the following standards in mind?
Question311: A major insurance company provides a discount on automobile insurance if the vehicle meets certain safety criteria. Which of the following audit tests would provide an internal auditor with the best evidence that all qualifying insured automobiles are receiving the discount?
Question312: Which of the following evaluation criteria would be the most useful to help the chief audit executive determine whether an external service provider possesses the knowledge, skills, and other competencies needed to perform a review?
Question313: A manufacturer is under contract to produce and deliver a number of aircraft to a major airline. As part of the contract, the manufacturer is also providing training to the airline's pilots. At the time of the audit, the delivery of the aircraft had fallen substantially behind schedule while the training had already been completed. If half of the aircraft under contract have been delivered, which of the following should the internal auditor expect to be accounted for in the general ledger?
Question314: Which of the following represents appropriate evidence of supervisory review of engagement workpapers?
I. A supervisor's initials on each workpaper.
II. An engagement workpaper review checklist.
III. A memorandum specifying the nature, extent, and results of the supervisory review of workpapers.
IV. Performance appraisals that assess the quality of workpapers prepared by auditors.
Question315: Which of the following conditions is the strongest indicator of possible fraud?
Question316: During an audit of a major contract, an auditor finds that actual hours and dollars billed are consistently at or near budgeted amounts. This condition is a red flag for which of the following procurement fraud schemes?
Question317: Which of the following actions is related to the preliminary survey process?
Question318: An airline contracted with an external service provider to perform maintenance on all aircraft ground support equipment. Management then asked the internal audit activity (IAA) to evaluate the controls in place that would permit appropriate oversight of the service provider in maintaining required maintenance standards.
According to the International Professional Practices Framework, which of the following would be the most appropriate course of action for the IAA to undertake to establish the engagement objectives?
Question319: While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs be:
Question320: According to IIA guidance, which of the following are appropriate actions for the chief audit executive regarding management's response to audit recommendations?
Question321: A newly promoted chief audit executive (CAE) is faced with a backlog of assurance engagement reports to review for approval. In an attempt to attach a priority for this review, the CAE scans the opinion statement on each report. According to IIA guidance, which of the following opinions would receive the lowest review priority?
1. Graded positive opinion.
2. Negative assurance opinion.
3. Limited assurance opinion.
4. Third-party opinion.
Question322: Which of the following would not be characteristic of control self-assessment implemented by an audit department?
Question323: An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process. According to IIA guidance, which of the following roles should the CAE not undertake?
Question324: According to IIA guidance, which of the following is true about the supervising internal auditor's review notes?
* They are discussed with management prior to finalizing the audit.
* They may be discarded after working papers are amended as appropriate.
* They are created by the auditor to support her fieldwork in case of questions.
* They are not required to support observations issued in the audit report.
Question325: According to IIA guidance, which of the following actions might place the independence of the internal audit function in jeopardy?
Question326: Which of the following is the first step in the process where auditors and clients work together to evaluate the clients' system of internal control?
Question327: In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be audited. What is the most likely result of that procedure?
Question328: According to IIA guidance, which of the following accurately describes the responsibilities of the chief audit executive with respect to the final audit report?
1. Coordinate post-engagement conferences to discuss the final audit report with management.
2. Include management's responses in the final audit report.
3. Review and approve the final audit report.
4. Determine who will receive the final audit report.
Question329: Which of the following would not include recommendations for process improvements?
Question330: An internal auditor wants to determine whether employees are complying with the information security policy, which prohibits leaving sensitive information on employee desks overnight. The auditor checked a sample of 90 desks and found eight that contained sensitive information. How should this observation be reported, if the organization tolerates 4 percent noncompliance?
Question331: After finalizing an assurance engagement concerning safety operations in the oil mining process, the audit team concluded that no key controls were compromised. However, some opportunities for improvement were noted. Which of the following would be the most appropriate way for the chief audit executive (CAE) to report these results?
Question332: An audit identified a number of weaknesses in the configuration of a critical client/server system. Although some of the weaknesses were corrected prior to the issuance of the audit report, correction of the rest will require between six and 18 months for completion. Consequently, management has developed a detailed action plan, with anticipated completion dates, for addressing the weaknesses. Which of the following is the most appropriate course of action for the chief audit executive to take?
Question333: During a payroll audit of a large organization, an internal auditor noted that the assistant personnel director is responsible for many aspects of the computerized payroll system, including adding new employees in the system; entering direct-deposit information for employees; approving and entering all payroll changes; and providing training for system users. After discussions with the director of personnel, the auditor concluded that the director was not comfortable dealing with information technology issues and felt obliged to support all actions taken by the assistant director. The auditor should:
Question334: Which of the following would be most helpful to a governmental auditor searching for the existence of multiple welfare claims that were filed under different names but used the same address?
Question335: Confirmation would be most effective in addressing the existence assertion for:
Question336: Which of the following statements is false regarding roles and responsibilities pertaining to risk management and control?
Question337: Which of the following audit techniques provides for continuous monitoring and analysis of computer transactions for detailed auditing?
Question338: When creating the internal audit plan, the chief audit executive should prioritize engagements based primarily on which of the following?
Question339: An internal auditor has a recommendation to change operations which could potentially increase profits by
$50,000. The best way to sell this recommendation to management is to:
Question340: A manager of one of a retailer's several retail outlets is stealing cash from cash sales, recording the sales as accounts receivable, and subsequently writing off the fictitious accounts receivable as bad debts. Which of the following comparisons would be most effective in signaling the possibility of such a fraud?
Question341: If an auditor is sampling to test compliance with a particular company policy, which of the following factors should not affect the allowable level of sampling risk?
Question342: As part of a preliminary survey of the purchasing function, an internal auditor reads the department's policies and procedures manual and concludes that the manual describes the processing steps clearly and contains an appropriate internal control design. The next engagement objective is to evaluate the operating effectiveness of internal controls. Which procedure would fulfill this objective most effectively?
Question343: In response to an accounts receivable confirmation, a customer indicated that the invoice listed on the confirmation letter had been paid two months earlier.
This may indicate that:
Question344: Which of the following is the correct ratio to use in calculating the dollar value of the population if the auditor is using ratio estimation?
Number of Items
Audited Value
Carrying Amount
Sample
300
$500,000
$480,000
Population
3,000
$5,000,000
Question345: Which of the following situations justifies the release of an interim report to management and the board?
* The internal auditor is convinced that the audit observations require immediate attention.
* The internal auditor would like to communicate a change in engagement scope for the activity under review.
* The internal auditor notes that the engagement may extend over a longer time period.
* The audit supervisor believes that issuing interim reports eases supervisory review and controls over working papers.
Question346: The following audit observation was included in the final audit report:
"Our review concluded that bank reconciliation statements for March and April did not show evidence of supervisory review. We recommend strict compliance with the controller's manual, which requires the department head to place their initials on the reconciliation statements to document their review." Which of the following attributes are missing from the above audit observation?
1. Criteria.
2. Condition.
3. Cause.
4. Effect.
Question347: During an assurance engagement, an internal auditor discovered that a sales manager approved numerous sales contracts for values exceeding his authorization limit. The auditor reported the finding to the audit supervisor, noting that the sales manager had additional new contracts under negotiation.
According to IIA guidance, which of the following would be the most appropriate next step?
Question348: An audit of an organization's fulfillment department discovered that problems in the order processing system led to a significant number of orders being fulfilled multiple times. During the exit conference, the head of the department informed the auditors that the processing system would be enhanced within six months to correct the problems. Which course of action should the chief audit executive follow?
Question349: After the team member who specialized in fraud investigations left the internal audit team, the chief audit executive decided to outsource fraud investigations to a third party service provider on an as needed basis.
Which of the following is most likely to be a disadvantage of this outsourcing decision?
Question350: During a fraud interview, it was discovered that unquestioned authority enabled a vice president to steal funds from the organization. Which of the following best describes this condition?
Question351: According to IIA guidance, which of the following factors should the auditor in charge consider when determining the resource requirements for an audit engagement?
Question352: An internal auditor is discussing an audit problem with an engagement client. While listening to the client, the internal auditor should:
Question353: An internal auditor is conducting a financial audit. Which of the following audit procedures is most appropriate when existing internal controls are weak?
Question354: Which of the following describes an internal auditor's responsibilities to include audit procedures to detect fraud in audits of a multinational organization?
Question355: An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?
I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
IV. Do nothing because management has agreed to address the problem.
Question356: An auditor decides to vouch a sample of ledger entries back to their original documentation. In terms of whether all transactions had been recorded, this test would be:
Question357: For which of the following fraud engagement activities would it be most appropriate to involve a forensic auditor?
Question358: Insurance companies often receive electronic hospitalization claims directly from hospitals. Which of the following control procedures would be most effective in detecting fraud in such an environment?
Question359: An internal auditor found that the cost of some material installed on capital projects had been transferred to the inventory account because the capital budget had been exceeded. Which of the following would be an appropriate technique for the auditor to use to determine the extent of the problem?
Question360: An organization has recently incurred significant cost overruns on one of its construction projects.
Management suspects that these overruns were caused by the contractor improperly charging for costs related to contract change orders. Which of the following procedures are appropriate for testing this suspicion?
1. Determine if the contractor has received proper approval of change orders from management.
2. Determine if the contractor has billed for original contract work cancelled by the change orders.
3. Determine if the contractor has charged change orders with costs already billed to the original contract.
4. Determine if the contractor has been paid for change orders that have not yet been completed.
Question361: An organization decides to create an internal audit function and hires a new chief audit executive (CAE).
Which of the following should the CAE first consider when developing the internal audit process?
Question362: A bank uses a risk analysis matrix to quantify the relative risk of auditable entities. The analysis involves rating auditable entities on risk factors using a scale of 1 to 10, with 10 representing the greatest risk. A partial list of risk factors and the ratings given to three of the bank's departments is provided below:

Which of the following statements regarding risk in the department is true?
Question363: An organization has a health and safety division that conducts audits to meet regulatory requirements. The chief health and safety officer reports directly to the CEO. Which of the following describes an appropriate role for the chief audit executive (CAE) with regard to the organization's health and safety program?
Question364: An internal auditor has completed an audit of an organization's activities and is ready to issue a report.
However, the client disagrees with the internal auditor's conclusions. The auditor should:
Question365: In reviewing the appropriateness of the minimum quantity level of inventory established by a department, an auditor would be least likely to consider:
Question366: Management requested the chief audit executive (CAE) to include an audit of the organization's health and safety program in next year's annual audit plan. However, the internal audit department has no expertise in this area. Which of the following would be the most appropriate action by the CAE?
Question367: Which of the following best defines an engagement conclusion?
Question368: Which of the following best defines an audit opinion?
Question369: Which of the following factors could interfere with effective problem solving by an internal auditor?
I. Reacting to previous experiences with clients.
II. Focusing only on the most likely cause.
III. Correcting the symptoms of problems.
Question370: Many questionnaires are made up of a series of different questions that use the same response categories (for example: strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternate versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (for example: agree on the right and disagree on the left). The purpose of such questionnaire variations is to:
Question371: While preparing the annual audit plan, the newly assigned chief audit executive (CAE) learns that the organization has not yet implemented a risk framework. Which of the following would be the most appropriate action for the CAE to take regarding potential engagements?
Question372: Risk assessments can vary in format, but generally include:
1. A description of identified risks.
2. Tests of audit controls.
3. A system of rating risks.
4. Sample size identification.
Question373: Which of the following statements regarding the use of external contracted services by the chief audit executive (CAE) is false?
Question374: Which of the following are typical steps in the design of an organization's performance measurement system?
Question375: Which of the following is the most important concept to be included in a consulting engagement agreement?
Question376: It is close to the fiscal year end for a government agency, and the chief audit executive (CAE) has the following items to submit to either the board or the chief executive officer (CEO) for approval. According to IIA guidance, which of the following items should be submitted only to the CEO?
Question377: Which of the following statements is true pertaining to interviewing a fraud suspect?
1. Information gathered can be subjective as well as objective to be useful.
2. The primary objective is to obtain a voluntary written confession.
3. The interviewer is likely to begin the interview with open-ended questions.
4. Video recordings always should be used to provide the highest quality evidence.
Question378: Which of the following types of internal audit consulting engagements is an example of a facilitation service?
I. Conducting control self-assessment workshops.
II. Participating on standing committees.
III. Reviewing regulatory compliance.
IV. Benchmarking.
V. Estimating savings from outsourcing processes.
Question379: When planning an audit engagement, what should an internal auditor first consider when assessing the risk of fraud in the area to be audited?
Question380: Which of the following items should be addressed in an organization's privacy statement?
I. Intended use of collected information.
II. Data storage and security.
III. Network/infrastructure authentication controls.
IV. Data retention policy of the organization.
Parties authorized to access information.
Question381: A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE would choose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic information systems auditor would possess:
Question382: An audit of management's quality program includes testing the accuracy of the cost-of-quality reports provided to management. Which of the following internal control objectives is the focus of this testing?
Question383: A chief audit executive is preparing interview questions for the upcoming recruitment of a senior internal auditor. According to IIA guidance, which of the following attributes shows a candidate's ability to probe further when reviewing incidents that have the appearance of misbehavior?
Question384: Because of an abundance of high priority requests from management, an internal audit activity no longer has the resources to meet all of its commitments contained in the annual audit plan. Which of the following would be the best course of action for the chief audit executive to follow?
Question385: Which of the following risks assumes an absence of compensating controls in the area being reviewed?
Question386: According to the International Professional Practices Framework, which of the following situations is an indicator of a healthy relationship between the audit committee and the internal audit function?
Question387: A bakery chain has a statistical model that can be used to predict daily sales at individual stores based on a direct relationship to the cost of ingredients used and an inverse relationship to rainy days. What conditions would an internal auditor look for as an indicator of employee theft of food from a specific store?
Question388: An internal auditor compared the number of human resources professionals per employee with industry standards. This comparison would assist the auditor in evaluating which of the following areas?
Question389: In a client satisfaction survey for an internal audit engagement, client management should be asked to assess which of the following factors?
I. Audit team's knowledge of the audited area.
II. Usefulness of the audit results.
III. Quality of management of the internal audit activity.
IV. Clarity of the scope and objectives of the audit engagement.
Question390: According to the Standards, which of the following should be the basis for scheduling follow-up of engagement recommendations?
Question391: Which of the following should be included in the scope of an audit of a third-party contractor?
1. Budgets and financial forecasts for the project.
2. Contractor's information and control systems.
3. Contractor's financial position.
4. Progress of the project and costs incurred.
Question392: The newly appointed chief audit executive (CAE) of a large multinational corporation, with seasoned internal audit departments located around the world, is reviewing responsibilities for engagement reports.
According to IIA guidance, which of the following statements is true?
Question393: An audit department has received anonymous information that an employee has allegedly been able to steal and cash checks sent to the organization by customers. What is the most efficient way for an auditor to determine how this type of fraud could occur and who might be the perpetrator?
Question394: Which of the following activities would be performed during a benchmarking consulting engagement?
I. Collect data relevant to the benchmarking process.
II. Review all business processes.
III. Define critical success factors.
IV. Identify performance gaps.
Question395: An auditor is scheduled to audit payroll controls for a company which has recently outsourced its processing to an information service bureau. What action should the auditor take, considering the outsourcing decision?
Question396: The scope of a business process review primarily involves:
Question397: Due to price risk from the foreign currency purchase of aviation fuel, an airliner has purchased forward contracts to hedge against fluctuations in the exchange rate. When recalculating the exchange losses from individual purchases of jet fuel, which of the following details does the internal auditor need to validate?
1. The hedge documentation designating the hedge.
2. The spot exchange rate on the transaction date.
3. The terms of the forward contract.
4. The amount of fuel purchased.
Question398: When assessing the risk associated with an activity, an internal auditor should:
Question399: When interviewing an individual in relation to a fraud investigation, which course of action should the internal auditor follow?
Question400: Because of a new marketing initiative, an organization has reduced requirements for extending credit to new customers. As a result, outstanding accounts receivable as a percentage of revenue has increased significantly during the past two years. Which of the following would be least useful in monitoring this finding?
Question401: Which of the following would not be a typical activity for the chief audit executive to perform following an audit engagement?
Question402: Which of the following is not likely to be included as an audit step when assessing vendor performance policies?
Question403: An internal auditor has been asked to participate in an advisory capacity to assist a committee in redesigning the organization's current financial reports to provide better information to management and the board. Which of the following actions on the part of the auditor would provide the greatest value to this project?
Question404: Which of the following data sources would provide the least valid data for an audit of a retail store's customer service?
Question405: The chief audit executive (CAE) of a large retail operation believes that senior management has accepted a level of risk that exceeds the organization's current risk tolerance with respect to a major expansion. The CAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of the following would be an appropriate course of action in preparation for this meeting?
* Understand management's basis for the decision.
* Advise the board of the concern and upcoming meeting.
* Ascertain which members of management have accepted the risk.
* Determine if management has the authority to accept the risk.
Question406: As part of an operational audit of the shipping department, an auditor selected a sample of 45 daily shipping logs from the department's files. On 44 of the days, the log contained a sufficient number of shipments to meet the department's daily quota. Based on this test, the auditor concluded that the shipping department was effective at meeting its quotas. Which of the following is true about the auditor's conclusion?
Question407: The internal audit activity can be involved with systems development continuously, immediately prior to implementation, after implementation, or not at all. An advantage of continuous internal audit involvement compared to the other types of involvement is that:
Question408: An auditor prepared a workpaper that consisted of a list of employee names and identification numbers as well as the following statement:
"A statistical sample of 40 employee personnel files was selected to verify that they contain all documents required by company policy 501 (copy attached). No exceptions were noted." The auditor did not place any audit verification symbols on this workpaper. Which of the following changes would most improve the auditor's workpaper?
Question409: A staff auditor, nearly finished with an audit engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor's actions would:
I. Be in violation of the IIA Code of Ethics for withholding meaningful information.
II. Be in violation of the Standards because the auditor did not properly follow up on a red flag that might indicate the existence of fraud.
III. Not be in violation of either the IIA Code of Ethics or Standards.
Question410: During an information security audit, an auditor discovers that the current disaster recovery plan was developed three years ago but never tested. There have been significant changes to information systems since the plan was developed. The auditor should:
Question411: Persuasive evidence indicates that a member of senior management has been involved in insider trading that would be considered fraudulent. However, the evidence was encountered during an operational audit and is not considered relevant to the audit. Which of the following is the most appropriate action for the chief audit executive to take?
Question412: Which of the following are key characteristics of enterprise risk management?
1. It considers risk in the formulation of strategy.
2. It applies risk management in some units of an entity.
3. It takes a portfolio view of risks throughout the enterprise.
4. It restricts the organization's ability to seize opportunities inherent in future events.
Question413: When conducting a performance appraisal of an internal auditor who has been a below-average performer, it is not appropriate to:
Question414: Given the scarcity of internal audit resources, a chief audit executive (CAE) decided not to schedule a follow-up of audit recommendations when developing engagement work schedules. Does the CAE's decision violate the Standards?
Question415: What decision-making approach should a facilitator initiate if a group addresses an unfamiliar situation during a control self-assessment session?
Question416: According to the International Professional Practices Framework, which of the following should be excluded from a final communication for a performance audit engagement?
Question417: Five brand managers in a consumer products company met to determine how well certain promotions had performed. The data that they needed to analyze consisted of approximately 50 gigabytes of daily point-of- sale (POS) data for each month. The brand managers tried to download the POS data from the mainframe and import it into microcomputer spreadsheets for analysis. Their efforts were unsuccessful, most likely because of:
Question418: While conducting an audit of a third party's Web-based payment processor, an internal auditor discovers that a programming error allows customers to create multiple accounts for a single mailing address.
Management agrees to correct the program and notify customers with multiple accounts that the accounts will be consolidated. Which of the following actions should the auditor take?
1. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.
2. Evaluate the adequacy and effectiveness of the corrective action proposed by management.
3. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.
4. Submit management's plan of action to the external auditors for additional review.
Question419: Questions used to interrogate individuals suspected of fraud should:
Question420: Which of the following best describes the primary concern of the audit manager upon review of engagement working papers of an auditor?
Question421: According to IIA guidance, which of the following should be considered when creating policies and procedures for the internal audit activity (IAA)?
Question422: A manufacturing organization is considering a merger with a similar firm, and requests that the chief audit executive (CAE) perform a due diligence audit. During the preliminary survey, the CAE notes that inventory management is a high risk area. In consultation with the external auditors and legal advisors, the CAE learns that they share those concerns. Which of the following is the CAE's best course of action?
Question423: In which of the following cases is it appropriate for an audit report to not contain management's response either within the report or as an attachment?
Question424: During the development of a purchasing system, an auditor reviewed the payment authorization program.
Which of the following actions should the auditor recommend for a situation in which the quantity invoiced is greater than the quantity received?
Question425: With which of the following would the internal audit activity discuss findings, conclusions and recommendations prior to issuance of internal audit report?
1. Business unit management.
2. Chief audit executive.
3. Audit committee.
4. Chief executive officer.
Question426: When approving the final engagement report, which of the following is most critical?
Question427: Monetary-unit sampling is most useful when the internal auditor:
Question428: Which of the following is a preventive control strategy against fraud?
Question429: Which of the following would be included in an internal audit department's quality assurance and improvement program?
1. Ongoing internal assessments of the performance of the internal audit department.
2. Periodic internal reviews through self-assessments.
3. Assessments conducted by a qualified external reviewer at least once every five years.
Question430: According to the Standards, which of the following is applicable to the internal audit activity's quality assurance and improvement program?
Question431: During an audit of a major metropolitan museum, an auditor was unable to locate selected items from the museum's collection. The director of the museum informed the auditor that the upcoming replacement of the museum's inventory tracking system would address the auditor's concerns. What follow-up activity should the auditor propose?
Question432: Which of the following would most likely contribute to discrepancies between receiving reports and the number of units in a shipment?
Question433: After completing a fraud investigation but before publishing a formal written report, the chief audit executive should submit a draft of the final report to the organization's:
Question434: After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use.
Question435: Which of the following topics must the internal audit staff discuss with management during the exit conference?
1. Issues identified during the audit.
2. Evaluation criteria used to select controls for testing.
3. Staff who were interviewed during the audit.
4. The reporting process for the draft and final report.
Question436: As part of an operational audit, an auditor compared records of current inventory with usage during the prior two-year period and determined that the spare parts inventory was excessive. What step should the auditor perform first?
Question437: Which of the following best illustrates the primary focus of a risk-based approach to control self- assessment?
Question438: While performing an audit of the human resources department, an internal auditor discovered unencrypted files containing the personal information of employees stored on a public shared drive. According to IIA guidance, which of the following actions by the auditor would be the most appropriate?
Question439: Which of the following is least likely to vary when conducting audit engagements in different regions of an international organization?
Question440: To furnish useful and timely information and promote improvements in operations, internal auditors should provide:
Question441: Which of the following potential performance measures should an auditor recommend excluding from a performance scorecard?
Question442: Which of the following statements is correct regarding the use of a program evaluation and review technique (PERT) model?
* It makes use of a probability model to arrive at a realistic estimate of time necessary for completion of the audit engagement.
* It requires that activities are performed in sequence such that each task is completed before the commencement of the next activity.
* It remains fixed once completed to act as a baseline for measuring the performance of the audit staff following completion of the engagement.
* It begins with the auditor-in-charge identifying the overall scope and then breaking down the audit engagement into identifiable activity units.
Question443: Which of the following documents should the chief audit executive review and approve?
1. Workpaper retention policy.
2. Audit committee meeting minutes.
3. Internal audit handbook.
4. Quarterly financial statements.
Question444: Which of the following would constitute a violation of the IIA Code of Ethics?
Question445: Which of the following is an effective way for an internal auditor to improve communications with the client during a contentious audit?
Question446: The use of standard operating procedure questionnaires in audit fieldwork can be beneficial because.
Question447: Which of the following statements describes an engagement planning best practice?
Question448: The scope of a consulting engagement performed by internal auditors should:
Question449: The chief audit executive (CAE) notes during review of the final report of an assurance engagement that management has decided to accept the risks of two significant exposures identified by the audit. Which of the following actions by the CAE would be least prudent in these circumstances?
Question450: According to the Standards, which of the following best describes the responsibility of the chief audit executive (CAE) for approving the final engagement report?
* The CAE is responsible for obtaining management approval before issuing the final report.
* The CAE has overall responsibility for the report but can delegate the review and approval of the report.
* The CAE is responsible for obtaining senior management's approval before releasing the final report.
* The CAE is responsible for approving to whom and how the final report will be disseminated.
Question451: A company owns a machine that will produce 100 light switches in four hours. Due to increased demand, a second machine capable of producing 100 light switches in three hours has been added.
Approximately how many hours will it take to produce 100 light switches using both machines working together?
Question452: Reviewing internal audit report drafts with clients is:
1. Required according to the Standards.
2. A form of courtesy.
3. Ethically mandated.
4. A form of validation.
Question453: When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
Question454: A recent survey indicated that residents of a small town take the train to a nearby city eight times per month, on average. The same survey showed that the number of train trips that a resident takes per month (y) is determined by the number of days per month that the resident works in the nearby city (x), according to the equation: y = 2 + 2x. A person who never works in the nearby city is expected to take the train:
Question455: The external auditor has identified a number of production process control deficiencies involving several departments. As a result, senior management has asked the internal audit activity to complete internal control training for all related staff. According to IIA guidance, which of the following would be the most appropriate course of action for the chief audit executive to follow?
Question456: Which of the following would be an appropriate improvement to controls over large quantities of consumable material that are charged to expense when placed in bins which are accessible to production workers?
Question457: Which of the following would provide the best audit evidence regarding the effectiveness of an applied research department?
Question458: The balanced scorecard approach differs from traditional performance measurement approaches because it adds which of the following measures?
I. Financial measures.
II. Internal business process measures.
III. Client satisfaction measures.
IV. Innovation and learning measures.
Question459: In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the:
Question460: An internal auditor would most likely use attributes sampling when testing which of the following?
Question461: According to the Standards, which of the following control strategies would be the most effective in helping to prevent fraud?
Question462: Which of the following would be the best audit procedure to use to determine if a division's unusually high sales and gross margin for November and December were the result of fraudulently recorded sales?
Question463: Which of the following is a detective control for managing the risk of fraud?
Question464: During a routine audit of a customer service hotline, an internal auditor noticed that an unusually high number of customer complaints pertained to payments not being applied to the customers' accounts.
Which of the following would most likely be the reason for the high volume of complaints?
Question465: If participants in a control self-assessment workshop begin breaking their agreed-upon ground rules, the facilitator should:
Question466: According to IIA guidance, which of the following statements are true regarding the internal audit plan?
1. The audit plan is based on an assessment of risks to the organization.
2. The audit plan is designed to determine the effectiveness of the organization's risk management process.
3. The audit plan is developed by senior management of the organization.
4. The audit plan is aligned with the organization's goals.
Question467: An internal auditor submitted a report containing recommendations for management to enhance internal controls related to investments. To follow up, which of the following is the most appropriate action for the internal auditor to take?
Question468: Which of the following actions are appropriate for the chief audit executive to perform when identifying audit resource requirements?
1. Consider employees from other operational areas as audit resources, to provide additional audit coverage in the organization.
2. Approach an external service provider to conduct internal audits on certain areas of the organization, due to a lack of skills in the organization.
3. Suggest to the audit committee that an audit of technology be deferred until staff can be trained, due to limited IT audit skills among the audit staff.
4. Communicate to senior management a summary report on the status and adequacy of audit resources.